summaryrefslogtreecommitdiff
path: root/common
Commit message (Collapse)AuthorAgeFilesLines
* compat: Fix trivial commentStef Walter2013-03-181-1/+1
|
* Use the nickname x-distrusted for CKA_X_DISTRUSTEDStef Walter2013-03-181-1/+1
| | | | | This is a non-standard PKCS#11 attribute, so has the X prefix like the other ones we've added.
* Refine looking up of attributes in arraysStef Walter2013-03-184-80/+91
| | | | | | | | There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
* Fix distcheck and documentationStef Walter2013-03-151-8/+8
|
* trust: Update frob-nss-tool so it can compare modules for trust infoStef Walter2013-03-152-0/+25
| | | | | Can run with two modules now so that it can compare tokens NSS trust info.
* trust: Support a p11-kit specific serialization formatStef Walter2013-03-153-0/+27
| | | | | | | This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* url: Split out the URL encoding and decoding functionsStef Walter2013-03-155-0/+369
| | | | | | | We want to use these as the format for encoding binary data in our PKCS#11 attribute persistence https://bugs.freedesktop.org/show_bug.cgi?id=62156
* lexer: Make a lexer for our config file formatStef Walter2013-03-155-0/+605
| | | | | | This lexer will be used in our PKCS#11 persistence format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by defaultStef Walter2013-03-152-0/+27
| | | | | | | This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* attrs: Add info functions for constant names and valuesStef Walter2013-03-156-232/+566
| | | | | | | * For retrieving the name and/or nick of constants * The nick is what we'll use in the file format https://bugs.freedesktop.org/show_bug.cgi?id=62329
* attrs: New p11_attrs_merge() functionStef Walter2013-03-153-6/+153
| | | | | | | This takes one set of attributes and merges them into another, without copying memory needlessly. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* asn1: Implement a parsed ASN.1 tree cacheStef Walter2013-03-153-0/+177
| | | | | | | | | In order to unmarry the parser from the future builder, but still retain efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1 cache provides this. In addition it carries around the loaded ASN.1 definitions. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* dict: Allow removal of current item in a p11_dict iterationStef Walter2013-03-152-0/+62
| | | | | | | * This was already possible to do safely before * Document and test this behavior https://bugs.freedesktop.org/show_bug.cgi?id=61499
* pem: Fix a bug decoding some PEM filesStef Walter2013-03-153-11/+221
| | | | | When bringing over the BSD base64 code, there was a regression. In addition add some tests for the base64 stuff.
* trust: Use the new NSS PKCS#11 extension codesStef Walter2013-03-082-67/+68
| | | | | NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync.
* Don't shove messages into debug output if they're already displayedStef Walter2013-03-081-2/+2
|
* tools: Add a bit of debugging to the PEM extract handlerStef Walter2013-03-081-0/+1
|
* x509: Don't break when cA field of BasicConstraints is missingStef Walter2013-03-071-2/+9
| | | | | | | The field defaults to FALSE. It sucks that libtasn1 doesn't fill this in for us. https://bugs.freedesktop.org/show_bug.cgi?id=61975
* Build with the libtasn1 CFLAGS properlyStef Walter2013-03-042-0/+7
| | | | | | Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=61739
* Redo mock.h header in order to relicenseStef Walter2013-03-041-667/+686
| | | | | Rewrite the mock.h header to relicense it. It is based on the BSD licensed mock.c file, so this isn't a big issue.
* Don't use wchar_t for storing unicode charactersStef Walter2013-03-031-35/+36
| | | | | On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion functions.
* Fix syntax errors in OS_WIN32 ifdefsStef Walter2013-03-032-5/+5
|
* Open files in binary mode on windowsStef Walter2013-03-031-0/+4
| | | | So that the Windows' C library doesn't munge line endings
* Add compat gmtime_r() and timegm() functionsStef Walter2013-03-032-0/+70
| | | | Not available on Win32 or ancient unixes
* Add compat mkstemp() and mkdtemp() functionsStef Walter2013-03-032-0/+156
| | | | Not available on Win32 or ancient unixes
* Add compat vasprintf() and asprintf() functionsStef Walter2013-03-032-0/+83
| | | | These are not available on Win32 and ancient unixes
* Add compat strndup() functionStef Walter2013-03-032-0/+29
| | | | Not available on Win32 and ancient unixes
* Abstract mmap() into a compat APIStef Walter2013-03-033-58/+151
| | | | | The Win32 for mmap() is very different from Unix, so abstract this into our own p11_mmap_xxx() functions.
* Use putenv() instead of setenv()Stef Walter2013-03-035-5/+5
| | | | Since older operating systems don't support setenv()
* Add compat implementation of basename()Stef Walter2013-03-032-0/+68
| | | | For Win32 and older unixes
* Rename p11_module_xxx() compat functions to p11_dl_xxx()Stef Walter2013-03-032-19/+19
| | | | | | | For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string
* Update the pkcs11.h header for missing mechanismsStef Walter2013-02-202-1/+26
|
* Only do shared object and DLL initialization in librariesStef Walter2013-02-202-49/+13
| | | | | | Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future.
* Relicense the buffer code appropriate for inclusion in p11-kitStef Walter2013-02-122-46/+68
| | | | | * All original lines in this file upon arrival in the p11-kit project were written by me, and copyright held by me.
* Fix dereference of varargs in p11_attrs_build()Stef Walter2013-02-111-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60473
* Remove unnecessary code to be more compatible with various libtasn1 versionsStef Walter2013-02-111-4/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60434
* Fix various clang analyzer warningsStef Walter2013-02-062-1/+15
| | | | | * Add annotations to our precondition functions so that they don't make the analyzer complain
* Use the CN, OU or O of certificates to generate a labelStef Walter2013-02-059-0/+886
| | | | | * This is in cases where the certificate information does not already have a friendly name or alias.
* Implement code for writing PEMStef Walter2013-02-055-4/+237
| | | | | | | * Based on the gcr code * Bring in base64 output code from BSD * Make sure to output base64 lines of 64 character length since this is what OpenSSL expects
* Add public iterator API to p11-kitStef Walter2013-02-052-8/+142
|
* Move the X.509 extension parsing code in common/Stef Walter2013-02-053-12/+255
| | | | * So it can be used by other code, in addition to the trust stuff
* Add p11_array_clear() functionStef Walter2013-02-053-7/+43
| | | | * Clears an array without freeing the array itself
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-053-10/+10
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Refactor how parsing of ASN.1 data and certificate extensions workStef Walter2013-02-059-3/+1135
|
* Fill in certificate authority and trust data correctlyStef Walter2013-02-051-5/+4
| | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
* Implement stapled certificate extensions internallyStef Walter2013-02-059-21/+556
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-053-0/+58
|
* Add support for parsing PEM filesStef Walter2013-02-057-5/+801
|
* Add basic trust moduleStef Walter2013-02-0511-8/+1519
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Add basic checksum algorithmsStef Walter2013-02-055-0/+764
| | | | | | The SHA-1 and MD5 digests here are used for checksums in legacy protocols. We don't use them in cryptographic contexts at all. These particular algorithms would be poor choices for that.