summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Reduce libtasn1 dependency to 2.3Stef Walter2013-05-031-1/+1
| | | | * This passes all checks and is compatible
* Release version 0.18.1Stef Walter2013-04-152-1/+5
|
* doc: Use gtk-doc in the no-tmpl flavorStef Walter2013-04-042-30/+15
|
* manual: Use a consistent docbook versionStef Walter2013-04-046-12/+16
|
* Put the external tools in $libdir/p11-kitStef Walter2013-04-043-3/+6
| | | | | These are possibly architecture specific binaries, so they should be in $libdir/p11-kit and not in $datadir/p11-kit
* Release version 0.18.0Stef Walter2013-04-042-1/+9
|
* Fix off by one in date parsing codeStef Walter2013-04-041-1/+1
| | | | | We didn't treat the two digit year 00 as a valid year, whereas it actually represents the year 2000. This is in a non-critical code path.
* Don't print erroneous debug messages when skipping filesStef Walter2013-04-042-9/+11
| | | | | The parser automatically skips over files that it cannot parse. Don't print confusing debug messages about DER parse failures when it does so.
* Update to MurmurHash3Stef Walter2013-04-035-84/+91
| | | | | | | This should also fix problems with accessing memory in a non-aligned fashion on platforms where this causes problems. https://bugs.freedesktop.org/show_bug.cgi?id=62819
* Don't respect timezones for CKA_START_DATE or CKA_END_DATEStef Walter2013-04-034-371/+81
| | | | | | | | | | | | | The PKCS#11 specification does not note what timezone these dates are in. In addition the time values are not represented in PKCS#11. So don't reinterpret certificate dates, other than filling in the century for dates that have a two digit year. Lastly, these are low resolution optional fields so not being all strict about timezones here is appropriate. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* trust: Fix logic for matching invalid NSS serial numbersStef Walter2013-04-032-47/+180
| | | | | | | | Sometimes NSS queries for trust objects using invalid serial numbers that do not have their DER decoding. We fixed this earlier, but want to make sure there are no corner cases, accidentally not matching serial numbers that happen to start with the same bytes as a DER TLV would.
* More compatible path munging and handling codeStef Walter2013-04-0319-175/+558
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Don't use free() on memory allocated by LocalFree()Stef Walter2013-04-031-1/+1
| | | | ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046
* Separate library init from message codeStef Walter2013-04-0352-170/+294
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Don't use library locks from p11-kit toolStef Walter2013-04-032-4/+4
| | | | | | | The global library p11_library_mutex is for libraries to use, so don't use it from any code in common/, which is also used by the p11-kit tool https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Add new script for setting up p11-kit for a maintainerStef Walter2013-04-032-0/+56
| | | | Add win32 cross build, and build out of tree
* Fix build on Win32Stef Walter2013-04-031-1/+1
| | | | | | Don't reference an undefined macro https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Fix documentation so it builds out of treeStef Walter2013-04-033-73/+123
|
* Fix build with automake 1.13Stef Walter2013-04-037-496/+10
| | | | Also remove some generated files from the po/ directory.
* Use CKA_X_CERTIFICATE_VALUE for trust assertionsStef Walter2013-03-292-8/+13
| | | | | | | These don't contain the CKA_VALUE attribute for certificate data but rather the CKA_X_CERTIFICATE_VALUE attribute. https://bugs.freedesktop.org/show_bug.cgi?id=62896
* Don't complain when applications call C_Logout or C_LoginStef Walter2013-03-282-2/+53
| | | | | | | Some callers erroneously call our C_Logout function, like NSS. So return appropriate error codes in these cases. https://bugs.freedesktop.org/show_bug.cgi?id=62874
* Release version 0.17.5Stef Walter2013-03-282-1/+5
|
* Don't try to guess at overflowing time values on 32-bit systemsStef Walter2013-03-285-5/+80
| | | | | | | | | Since CKA_START_DATE and CKA_END_DATE are the only places where we want to parse out times, and these are optional, just leave blank if the time overflows what libc can handle on a 32-bit system. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* Fix testing of murmur hash on bigendian systemsStef Walter2013-03-251-37/+23
| | | | | | The murmur hash produces different output depending on the architecture https://bugzilla.redhat.com/show_bug.cgi?id=927394
* Release 0.17.4Stef Walter2013-03-202-1/+5
|
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-2022-27/+91
|
* Fix invalid memory accesses reported by 'make memcheck'Stef Walter2013-03-205-19/+34
| | | | These are things that showed up in valgrind while running the tests.
* Add a bit of infrastructure for running valgrindStef Walter2013-03-2013-10/+46
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* trust: Predictable behavior with duplicate certificates in tokenStef Walter2013-03-203-16/+224
| | | | | | | | If duplicate certificates are present in a token, we warn about this, and don't really recommend it. However we have predictable behavior where blacklist is prefered to anchor is preferred to unknown trust. https://bugs.freedesktop.org/show_bug.cgi?id=62548
* trust: Rework index to be faster and more usableStef Walter2013-03-209-179/+437
| | | | | | | | | The index now uses a sort of cross between a hash table and a bloom filter internally to select matching items. This is needed for the massive amount of lookups we want to do during loading. In addition make p11_index_find() and p11_index_replace() easier to use.
* attrs: Print out the CKA_VALUE for certificates when debuggingStef Walter2013-03-205-20/+63
| | | | | | | | While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed
* hash: Add the murmur2 hash and start using itStef Walter2013-03-2014-51/+234
| | | | | | | | | | | Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug.
* hash: Rename file and functions for hashesStef Walter2013-03-2012-72/+72
| | | | | We're going to be adding other hashes. Also build as part of a different common library.
* Release version 0.17.3Stef Walter2013-03-192-1/+8
|
* trust: Use descriptive labels for tokensStef Walter2013-03-198-27/+112
| | | | | | | | Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534
* trust: Remove the temporary built in distrust objectsStef Walter2013-03-191-148/+0
| | | | These should now be loaded from the .p11-kit persist format.
* extract: Make extracted output directories read-onlyStef Walter2013-03-193-32/+61
| | | | | | This is not a security feature or anything like that, but a hint that the files are managed by the extract tool and should not be modified manually.
* trust: Don't use POSIX or GNU basename()Stef Walter2013-03-196-27/+137
| | | | | | Both are nasty. Do our own, and test it a bit https://bugs.freedesktop.org/show_bug.cgi?id=62479
* Do not export (de)constructorAndreas Metzler2013-03-191-4/+4
| | | | | | Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini respectively to stop them from being exported in the ABI. It does not seem to be necessary.
* Release version 0.17.2Stef Walter2013-03-182-1/+5
|
* trust: Fix trust tests on 32-bit buildsStef Walter2013-03-181-2/+2
|
* trust: Fix invalid varargs call in the builderStef Walter2013-03-181-1/+1
|
* Release version 0.17.1Stef Walter2013-03-183-8/+39
| | | | * Fix distcheck bugs surrounding the strndup() workaround
* trust: Provide better debugging of trust module functionsStef Walter2013-03-181-5/+15
| | | | | Make C_FindObjects() and C_GetAttributeValue() functions dump the attributes that they're dealing with when in debug mode.
* attrs: Change p11_attrs_to_string() to allow static templatesStef Walter2013-03-184-8/+16
| | | | | Allow passing the number of attributes to print, which lets us use this directly on templates passed in by callers of the PKCS#11 API.
* trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookupsStef Walter2013-03-183-1/+114
| | | | | | | | Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER attributes without appropriate DER encoding. In addition allow creation of NSS trust objects as PKCS#11 session objects, so that we can test this behavior.
* Add workaround for broken strndup() in firefoxStef Walter2013-03-181-1/+6
| | | | | | | Unconditionally use our own strndup() until this issue is resolved and in the stable versions of various distros. See: https://bugzilla.mozilla.org/show_bug.cgi?id=826171
* compat: Fix trivial commentStef Walter2013-03-181-1/+1
|
* Use the nickname x-distrusted for CKA_X_DISTRUSTEDStef Walter2013-03-181-1/+1
| | | | | This is a non-standard PKCS#11 attribute, so has the X prefix like the other ones we've added.
* trust: Better generation of nss objects and assertions for serial+issuerStef Walter2013-03-183-225/+341
| | | | | | | In many cases certficates are distrusted by serial+issuer. Make sure this works, and fix various cases where we weren't generating compat NSS objects and compat trust assertions for these types of input.