summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix various clang analyzer warningsStef Walter2013-02-068-8/+29
| | | | | * Add annotations to our precondition functions so that they don't make the analyzer complain
* Our minimum version of libtasn1 is 2.14Stef Walter2013-02-051-1/+1
|
* Release version 0.15.1Stef Walter2013-02-052-1/+15
| | | | * This is an unstable release
* Add a placeholder external 'extract-trust' commandStef Walter2013-02-056-0/+75
|
* Implement support for java JKS keystore formatStef Walter2013-02-054-2/+339
| | | | | * All aliases must be lower case in order to work with the default keystore implementation.
* Use the CN, OU or O of certificates to generate a labelStef Walter2013-02-0514-101/+318
| | | | | * This is in cases where the certificate information does not already have a friendly name or alias.
* Add support for exporting OpenSSL's TRUSTED CERTIFICATE formatStef Walter2013-02-0518-0/+2378
|
* Add support for extracting to pem-bundle and pem-directory formatsStef Walter2013-02-059-0/+541
|
* Implement code for writing PEMStef Walter2013-02-055-4/+237
| | | | | | | * Based on the gcr code * Bring in base64 output code from BSD * Make sure to output base64 lines of 64 character length since this is what OpenSSL expects
* Implement basic extract supportStef Walter2013-02-0515-2/+1796
| | | | | | * The only formats supported are x509-file and x509-directory Allow tool to build without extract
* Support for sane writing to files extractedStef Walter2013-02-0510-0/+1504
| | | | | | * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way
* Add public iterator API to p11-kitStef Walter2013-02-0513-10/+2308
|
* Allow internal use of token and module info matchingStef Walter2013-02-052-20/+41
|
* Move the X.509 extension parsing code in common/Stef Walter2013-02-055-133/+335
| | | | * So it can be used by other code, in addition to the trust stuff
* Add p11_array_clear() functionStef Walter2013-02-053-7/+43
| | | | * Clears an array without freeing the array itself
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-0511-53/+804
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Refactor how parsing of ASN.1 data and certificate extensions workStef Walter2013-02-0514-667/+1193
|
* Fill in certificate authority and trust data correctlyStef Walter2013-02-058-168/+552
| | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
* Implement stapled certificate extensions internallyStef Walter2013-02-0517-387/+1450
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Better debugging and checks for attribute valuesStef Walter2013-02-054-86/+124
|
* Add tool for testing how fast the token loadsStef Walter2013-02-052-0/+65
|
* Some debug info about which files are being loadedStef Walter2013-02-051-2/+15
|
* Test a TRUSTED CERTIFICATE without any trust OIDsStef Walter2013-02-054-0/+40
|
* Add the builtin roots NSS specific objectStef Walter2013-02-054-5/+61
| | | | This tells NSS that this is a source of anchors.
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-058-40/+368
|
* Add support for parsing PEM filesStef Walter2013-02-0512-6/+910
|
* Add basic trust moduleStef Walter2013-02-0560-47/+6580
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Add basic checksum algorithmsStef Walter2013-02-056-2/+766
| | | | | | The SHA-1 and MD5 digests here are used for checksums in legacy protocols. We don't use them in cryptographic contexts at all. These particular algorithms would be poor choices for that.
* Remove the unused err() function and friendsStef Walter2013-02-052-187/+0
| | | | | We want to use p11_message in our commands anyway, since that allows us control with --verbose and --quiet.
* Tweak style of the manualStef Walter2013-02-054-7/+27
| | | | | | | * Unindent the main headings * Don't wrap options * Better spacing in table of contents * Don't have line numbers on code examples
* Add documentation about contributing to p11-kitStef Walter2013-02-056-83/+241
|
* Add a p11-kit tool manual pageStef Walter2013-02-055-35/+130
|
* Change the documentation configure arg to --enable-docStef Walter2013-02-052-19/+24
| | | | * We're building more than just the gtk-doc reference
* Add a /usr/share/p11-kit/modules directory for package module configsStef Walter2013-02-0510-12/+31
| | | | | | * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location
* Make the p11-kit tool have distinct commandsStef Walter2013-02-054-42/+459
| | | | | | * Change the -l argument into the list-modules command. * Add proper functions for printing usage * Support for external commands in the path or /usr/share/p11-kit
* Add p11_kit_be_loud() function for use in tests and toolsStef Walter2013-02-053-0/+17
| | | | This does the opposite of p11_kit_be_quiet().
* Add internal function for turning on messagesStef Walter2013-02-052-0/+10
| | | | To be used from tests
* Add more mock-module implementationStef Walter2013-02-049-1243/+3835
| | | | | * Move mock code into the common/ directory to be used by multiple components of p11-kit
* Further tweaks and cleanup for functions dealing with PKCS#11 attributesStef Walter2013-02-043-70/+910
| | | | | | | | * Check that the size is correct when looking for a boolean or a ulong. * Make sure that the length is not the invalid negative ulong. * Functions for dumping out attribute contents * Make it possible to use attributes in hash tables
* Add generic buffer codeStef Walter2013-02-046-56/+515
| | | | Represents a block of memory that can be added to, parsed and so on
* Use the stdbool.h C99 bool typeStef Walter2013-01-2320-234/+311
| | | | | | It was getting really wild knowing whether a function returning an int would return -1 on failure or 0 or whether the int return value was actually a number etc..
* Only initialize p11-kit libraries onceStef Walter2013-01-092-6/+14
| | | | * Make the gcc constructor call p11_library_init_once()
* Set strict debug preconditions during testingStef Walter2013-01-097-0/+10
|
* Add common functions for manipulating CK_ATTRIBUTE arraysStef Walter2013-01-098-154/+977
|
* Move the pkcs11.h header files into common directoryStef Walter2013-01-095-1374/+1577
| | | | | | | * Allows use of them across the whole project * Put a stub file in the p11-kit/ directory, so we can still refer to the headers using that path, which is what it will be at when in the installed includes directory.
* Build common code into noinst librariesStef Walter2013-01-095-43/+37
| | | | | | * This is cleaner than building the same source files all over the place over and over. * Works better with code coverage.
* Move debug and library code into the common/ subdirectoryStef Walter2013-01-0970-1651/+1746
| | | | | | | | | | | Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally.
* Fix leak when initializing the proxy modulePankaj Sharma2013-01-091-0/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=58704
* Documentation fixes for PIN functionsStef Walter2013-01-091-6/+6
|
* Fix file descriptor leak in p11_kit_pin_file_callback()Pankaj Sharma2013-01-091-0/+2
| | | | | | * Close the file descriptor used to read the the pin file https://bugs.freedesktop.org/show_bug.cgi?id=58706
generated by cgit v1.1 at 2024-10-07 15:29:02 +0000