summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix p11_kit_space_strlen() result when empty stringStef Walter2013-07-183-3/+63
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985416
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Don't call memdup with zero length or NULL pointerStef Walter2013-07-182-3/+8
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985433
* attrs: Check printf formatting in buffer_append_printf()Stef Walter2013-07-181-0/+5
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985497
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-1811-51/+348
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-187-31/+31
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* Support expanding $XDG_CONFIG_HOME in user config pathsStef Walter2013-07-1811-34/+91
| | | | | | | | | | If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation.
* Don't load configs from user directory when setuidStef Walter2013-07-1817-3/+423
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-1811-96/+73
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-1810-30/+43
| | | | Among others fix possible usage of large stack allocation.
* open files with O_CLOEXEC when possibleStef Walter2013-07-184-79/+46
| | | | | | | | | | | | | This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986
* buffer: Check for unlikely integer overflowStef Walter2013-07-181-0/+6
| | | | | | | | If we see an integer overflow here something has gone horribly wrong (or malicious code is present). So treat this as unrecoverable, and fail if we're going to overflow. https://bugzilla.redhat.com/show_bug.cgi?id=985019
* Make preconditions abort unconditionally when scanning with coverityStef Walter2013-07-182-0/+9
| | | | | | | | | | | | This reflects that preconditions are invalid/unreachable on a functioning system and with valid input. We do not try to recover from such conditions. In addition teach coverity about how our test suite fails See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html https://bugzilla.redhat.com/show_bug.cgi?id=985005
* iter: Document guarantees for filter matches argumetStef Walter2013-07-181-0/+4
| | | | | | | | The matches argument is always initialized to CK_TRUE when a filter is called, and it's up to filters to set it to CK_FALSE. Filters don't need to set to CK_TRUE. https://bugzilla.redhat.com/show_bug.cgi?id=985009
* Fixes for some recent win32 regressionsStef Walter2013-07-183-16/+37
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-173-3/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Build with -fno-common to catch definition problemsStef Walter2013-07-102-3/+3
| | | | | | Fix some global variables not declared as extern https://bugs.freedesktop.org/show_bug.cgi?id=66015
* Various documentation tweaks and fixes for warningsStef Walter2013-07-103-1/+13
|
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1017-648/+922
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-093-3/+22
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* trust: Fix bug with load validation failuresStef Walter2013-07-082-2/+53
|
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-084-0/+348
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-088-252/+483
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Mark CKA_X_DISTRUSTED as a boolean attributeStef Walter2013-07-081-0/+1
|
* trust: Support token directory paths in user's home directoryStef Walter2013-07-082-1/+2
|
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-085-28/+73
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-083-7/+41
|
* asn1: In p11_asn1_read() allocate an extra null terminatorStef Walter2013-07-081-2/+5
| | | | As a courtesy for callers.
* common: Fix typo, and don't escape '6' in URL encodingStef Walter2013-07-081-1/+1
|
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-046-56/+98
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0418-216/+561
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* trust: Add p11_oid_hash() and various oid stringsStef Walter2013-07-043-5/+34
|
* trust: Add p11_asn1_read() and p11_asn1_free() functionsStef Walter2013-07-046-58/+74
| | | | Some helpers for commonly used ASN.1 related stuff.
* trust: Initial support for writing out token objectsStef Walter2013-07-039-39/+443
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: If token path is a file, don't try loading subdirectoriesStef Walter2013-07-031-8/+15
|
* trust: Correctly handle persisting OIDs with zero lengthStef Walter2013-07-031-2/+3
|
* trust: Don't write out internal attributes when persistingStef Walter2013-07-034-15/+63
|
* trust: Add support for saving files with unique file namesStef Walter2013-07-038-114/+298
|
* path: Add p11_path_canon() functionStef Walter2013-07-034-9/+36
| | | | Cleans up a filename with readable characters.
* trust: Rename p11_index_batch() to p11_index_load()Stef Walter2013-07-036-22/+22
| | | | | | The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage.
* trust: Implement reloading of token dataStef Walter2013-07-0314-407/+746
| | | | | | | | | | | | | | | * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
* iter: Add iteration mode where session is not busyStef Walter2013-07-0310-57/+144
| | | | | | | | | | | In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests.
* path: Add p11_path_prefix() functionStef Walter2013-07-033-0/+33
| | | | | Checks if a wellformed path is identical to or a prefix of another path.
* trust: Implement validation for creating/modifying objectsStef Walter2013-06-262-43/+661
|
* Fix dependency between p11-kit command and libraryStef Walter2013-06-251-1/+1
|
* Fix running trust module tests under distcheckStef Walter2013-06-251-10/+12
|
* Reorganize various componentsStef Walter2013-06-2576-826/+638
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Merge branch 'stable'Stef Walter2013-06-176-14/+21
|\
| * trust: Move the extract-trust external placeholder command into trust/Stef Walter2013-06-175-6/+7
| |
| * trust: Print out usage when extract-trust run incorrectlyStef Walter2013-06-171-1/+6
| | | | | | | | Also sorta covers --help and -h usage
generated by cgit v1.1 at 2024-10-19 14:41:19 +0000