| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=64378
|
|
|
|
| |
* This passes all checks and is compatible
|
| |
|
| |
|
| |
|
|
|
|
|
| |
These are possibly architecture specific binaries, so they should be
in $libdir/p11-kit and not in $datadir/p11-kit
|
| |
|
|
|
|
|
| |
We didn't treat the two digit year 00 as a valid year, whereas it
actually represents the year 2000. This is in a non-critical code path.
|
|
|
|
|
| |
The parser automatically skips over files that it cannot parse. Don't
print confusing debug messages about DER parse failures when it does so.
|
|
|
|
|
|
|
| |
This should also fix problems with accessing memory in a non-aligned
fashion on platforms where this causes problems.
https://bugs.freedesktop.org/show_bug.cgi?id=62819
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PKCS#11 specification does not note what timezone these dates
are in. In addition the time values are not represented in PKCS#11.
So don't reinterpret certificate dates, other than filling in the
century for dates that have a two digit year.
Lastly, these are low resolution optional fields so not being all
strict about timezones here is appropriate.
https://bugs.freedesktop.org/show_bug.cgi?id=62825
|
|
|
|
|
|
|
|
| |
Sometimes NSS queries for trust objects using invalid serial numbers
that do not have their DER decoding. We fixed this earlier, but want
to make sure there are no corner cases, accidentally not matching
serial numbers that happen to start with the same bytes as a DER
TLV would.
|
|
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
|
|
|
| |
ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
|
|
|
| |
The global library p11_library_mutex is for libraries to use, so don't
use it from any code in common/, which is also used by the p11-kit tool
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
| |
Add win32 cross build, and build out of tree
|
|
|
|
|
|
| |
Don't reference an undefined macro
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
| |
|
|
|
|
| |
Also remove some generated files from the po/ directory.
|
|
|
|
|
|
|
| |
These don't contain the CKA_VALUE attribute for certificate data
but rather the CKA_X_CERTIFICATE_VALUE attribute.
https://bugs.freedesktop.org/show_bug.cgi?id=62896
|
|
|
|
|
|
|
| |
Some callers erroneously call our C_Logout function, like NSS.
So return appropriate error codes in these cases.
https://bugs.freedesktop.org/show_bug.cgi?id=62874
|
| |
|
|
|
|
|
|
|
|
|
| |
Since CKA_START_DATE and CKA_END_DATE are the only places
where we want to parse out times, and these are optional, just
leave blank if the time overflows what libc can handle on
a 32-bit system.
https://bugs.freedesktop.org/show_bug.cgi?id=62825
|
|
|
|
|
|
| |
The murmur hash produces different output depending on the architecture
https://bugzilla.redhat.com/show_bug.cgi?id=927394
|
| |
|
| |
|
|
|
|
| |
These are things that showed up in valgrind while running the tests.
|
|
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
|
|
|
|
|
|
|
| |
If duplicate certificates are present in a token, we warn about this,
and don't really recommend it. However we have predictable behavior
where blacklist is prefered to anchor is preferred to unknown trust.
https://bugs.freedesktop.org/show_bug.cgi?id=62548
|
|
|
|
|
|
|
|
|
| |
The index now uses a sort of cross between a hash table and a bloom
filter internally to select matching items. This is needed for the
massive amount of lookups we want to do during loading.
In addition make p11_index_find() and p11_index_replace() easier
to use.
|
|
|
|
|
|
|
|
| |
While it's true that we shouldn't be pritning out CKA_VALUE in
certain cases, like for keys, we obviously can do so for certificates.
We don't have keys anyway, but in the interest of being general
purpose use the class to determine whether CKA_VALUE can be printed
|
|
|
|
|
|
|
|
|
|
|
| |
Add implementation of the murmur2 hash function, and start using
it for our dictionaries. Our implementation is incremental
like our other hash functions.
Also remove p11_oid_hash() which wasn't being used.
In addition fix several tests whose success was based on the
way that the dictionary hashed. This was a hidden testing bug.
|
|
|
|
|
| |
We're going to be adding other hashes. Also build as part of a
different common library.
|
| |
|
|
|
|
|
|
|
|
| |
Try to determine which one is the system trust input token,
and which one is the default token by using datadir and sysconfdir
respectively.
https://bugs.freedesktop.org/show_bug.cgi?id=62534
|
|
|
|
| |
These should now be loaded from the .p11-kit persist format.
|
|
|
|
|
|
| |
This is not a security feature or anything like that, but a hint
that the files are managed by the extract tool and should not be
modified manually.
|
|
|
|
|
|
| |
Both are nasty. Do our own, and test it a bit
https://bugs.freedesktop.org/show_bug.cgi?id=62479
|
|
|
|
|
|
| |
Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini
respectively to stop them from being exported in the ABI. It does not seem
to be necessary.
|
| |
|
| |
|
| |
|
|
|
|
| |
* Fix distcheck bugs surrounding the strndup() workaround
|
|
|
|
|
| |
Make C_FindObjects() and C_GetAttributeValue() functions dump the
attributes that they're dealing with when in debug mode.
|
|
|
|
|
| |
Allow passing the number of attributes to print, which lets us use
this directly on templates passed in by callers of the PKCS#11 API.
|
|
|
|
|
|
|
|
| |
Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER
attributes without appropriate DER encoding.
In addition allow creation of NSS trust objects as PKCS#11 session
objects, so that we can test this behavior.
|
|
|
|
|
|
|
| |
Unconditionally use our own strndup() until this issue is resolved
and in the stable versions of various distros.
See: https://bugzilla.mozilla.org/show_bug.cgi?id=826171
|