summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Avoid multiple stat() calls for same fileStef Walter2013-08-2816-69/+80
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* compat: Check return value of mmap() properlyStef Walter2013-08-281-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=68525
* Add --with-module-config parameter to the configure scriptPascal Ernster2013-08-161-1/+6
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=68122
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* test-compat calls test_getauxval which is in a UNIX defined blockMichael Cronenworth2013-07-301-0/+2
| | | | | | MinGW builds fail due to this. https://bugs.freedesktop.org/show_bug.cgi?id=67518
* do not assume dead code existence in autoconf checksAlon Bar-Lev2013-07-291-2/+2
| | | | | | | | | when compiler optimize source, it removes dead code so a linkage error in these cases are not visisble. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=67413
* Release version 0.19.3Stef Walter2013-07-242-1/+7
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix uninitialized variablesStef Walter2013-07-231-2/+2
|
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-237-6/+83
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-2311-56/+79
|
* Use simple serial automake test harnessStef Walter2013-07-2312-12/+113
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Use an automake aux directory for storing litterStef Walter2013-07-232-1/+3
|
* doc: Add identifiers to doc sections so gtk-doc doesn't autogen themStef Walter2013-07-183-10/+10
|
* Add appropriate const qualifiersStef Walter2013-07-182-2/+2
|
* Release version 0.19.2Stef Walter2013-07-182-2/+20
|
* Fix extract example in documentationStef Walter2013-07-181-1/+1
|
* Use $XDG_CONFIG_HOME/pkcs11 as default user config directoryStef Walter2013-07-181-1/+1
| | | | | | | | | By default this evaluates to ~/.config/pkcs11. This is a somewhat backwards incompatible change. However so far only advanced users have been exposed to the user p11-kit configuration. Distributors are able to revert this if necessary with a --with-user-config='~/.pkcs11' ./configure option.
* Use getpwuid_r() instead of the non-thread-sofe getpwuid()Stef Walter2013-07-181-2/+9
|
* Fix p11_kit_space_strlen() result when empty stringStef Walter2013-07-183-3/+63
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985416
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Don't call memdup with zero length or NULL pointerStef Walter2013-07-182-3/+8
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985433
* attrs: Check printf formatting in buffer_append_printf()Stef Walter2013-07-181-0/+5
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985497
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-1811-51/+348
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-187-31/+31
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* Support expanding $XDG_CONFIG_HOME in user config pathsStef Walter2013-07-1811-34/+91
| | | | | | | | | | If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation.
* Don't load configs from user directory when setuidStef Walter2013-07-1817-3/+423
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-1811-96/+73
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-1810-30/+43
| | | | Among others fix possible usage of large stack allocation.
* open files with O_CLOEXEC when possibleStef Walter2013-07-184-79/+46
| | | | | | | | | | | | | This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986
* buffer: Check for unlikely integer overflowStef Walter2013-07-181-0/+6
| | | | | | | | If we see an integer overflow here something has gone horribly wrong (or malicious code is present). So treat this as unrecoverable, and fail if we're going to overflow. https://bugzilla.redhat.com/show_bug.cgi?id=985019
* Make preconditions abort unconditionally when scanning with coverityStef Walter2013-07-182-0/+9
| | | | | | | | | | | | This reflects that preconditions are invalid/unreachable on a functioning system and with valid input. We do not try to recover from such conditions. In addition teach coverity about how our test suite fails See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html https://bugzilla.redhat.com/show_bug.cgi?id=985005
* iter: Document guarantees for filter matches argumetStef Walter2013-07-181-0/+4
| | | | | | | | The matches argument is always initialized to CK_TRUE when a filter is called, and it's up to filters to set it to CK_FALSE. Filters don't need to set to CK_TRUE. https://bugzilla.redhat.com/show_bug.cgi?id=985009
* Fixes for some recent win32 regressionsStef Walter2013-07-183-16/+37
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-173-3/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Build with -fno-common to catch definition problemsStef Walter2013-07-102-3/+3
| | | | | | Fix some global variables not declared as extern https://bugs.freedesktop.org/show_bug.cgi?id=66015
* Various documentation tweaks and fixes for warningsStef Walter2013-07-103-1/+13
|
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1017-648/+922
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-093-3/+22
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* trust: Fix bug with load validation failuresStef Walter2013-07-082-2/+53
|
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-084-0/+348
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-088-252/+483
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Mark CKA_X_DISTRUSTED as a boolean attributeStef Walter2013-07-081-0/+1
|
* trust: Support token directory paths in user's home directoryStef Walter2013-07-082-1/+2
|
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-085-28/+73
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-083-7/+41
|
* asn1: In p11_asn1_read() allocate an extra null terminatorStef Walter2013-07-081-2/+5
| | | | As a courtesy for callers.
* common: Fix typo, and don't escape '6' in URL encodingStef Walter2013-07-081-1/+1
|
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-046-56/+98
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0418-216/+561
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.