| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This should also fix problems with accessing memory in a non-aligned
fashion on platforms where this causes problems.
https://bugs.freedesktop.org/show_bug.cgi?id=62819
|
|
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
|
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
| |
Also remove some generated files from the po/ directory.
|
|
|
|
|
|
| |
The murmur hash produces different output depending on the architecture
https://bugzilla.redhat.com/show_bug.cgi?id=927394
|
| |
|
|
|
|
| |
These are things that showed up in valgrind while running the tests.
|
|
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
|
|
|
|
|
|
|
| |
While it's true that we shouldn't be pritning out CKA_VALUE in
certain cases, like for keys, we obviously can do so for certificates.
We don't have keys anyway, but in the interest of being general
purpose use the class to determine whether CKA_VALUE can be printed
|
|
|
|
|
|
|
|
|
|
|
| |
Add implementation of the murmur2 hash function, and start using
it for our dictionaries. Our implementation is incremental
like our other hash functions.
Also remove p11_oid_hash() which wasn't being used.
In addition fix several tests whose success was based on the
way that the dictionary hashed. This was a hidden testing bug.
|
|
|
|
|
| |
We're going to be adding other hashes. Also build as part of a
different common library.
|
|
|
|
|
|
| |
Both are nasty. Do our own, and test it a bit
https://bugs.freedesktop.org/show_bug.cgi?id=62479
|
|
|
|
|
| |
Allow passing the number of attributes to print, which lets us use
this directly on templates passed in by callers of the PKCS#11 API.
|
|
|
|
|
|
|
|
| |
There was a class of bugs for looking up invalid or empty
attributes in the internal PKCS#11 attribute arrays.
* Refine what p11_attrs_find_valid() treats as valid
* Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
|
| |
|
|
|
|
|
|
|
| |
We want to use these as the format for encoding binary data
in our PKCS#11 attribute persistence
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
| |
This lexer will be used in our PKCS#11 persistence format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
|
| |
* For retrieving the name and/or nick of constants
* The nick is what we'll use in the file format
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
| |
This takes one set of attributes and merges them into
another, without copying memory needlessly.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
|
|
| |
In order to unmarry the parser from the future builder, but still retain
efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1
cache provides this. In addition it carries around the loaded ASN.1
definitions.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
| |
* This was already possible to do safely before
* Document and test this behavior
https://bugs.freedesktop.org/show_bug.cgi?id=61499
|
|
|
|
|
| |
When bringing over the BSD base64 code, there was a regression.
In addition add some tests for the base64 stuff.
|
|
|
|
|
|
| |
Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=61739
|
|
|
|
|
| |
The Win32 for mmap() is very different from Unix, so abstract
this into our own p11_mmap_xxx() functions.
|
|
|
|
| |
Since older operating systems don't support setenv()
|
|
|
|
|
| |
* This is in cases where the certificate information does not
already have a friendly name or alias.
|
|
|
|
|
|
|
| |
* Based on the gcr code
* Bring in base64 output code from BSD
* Make sure to output base64 lines of 64 character length since
this is what OpenSSL expects
|
|
|
|
| |
* So it can be used by other code, in addition to the trust stuff
|
|
|
|
| |
* Clears an array without freeing the array itself
|
|
|
|
|
|
| |
* Implement trust assertions for anchored and distrusted certs
* Pinned certificate trust assertions are not implemented yet
* Add an internal tool for pulling apart bits of certificates
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
| |
The SHA-1 and MD5 digests here are used for checksums in legacy
protocols. We don't use them in cryptographic contexts at all.
These particular algorithms would be poor choices for that.
|
|
|
|
|
|
|
|
| |
* Check that the size is correct when looking for a boolean
or a ulong.
* Make sure that the length is not the invalid negative ulong.
* Functions for dumping out attribute contents
* Make it possible to use attributes in hash tables
|
|
|
|
| |
Represents a block of memory that can be added to, parsed and so on
|
|
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
| |
|
| |
|
|
|
|
|
|
| |
* This is cleaner than building the same source files all over
the place over and over.
* Works better with code coverage.
|
|
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|