summaryrefslogtreecommitdiff
path: root/common
Commit message (Collapse)AuthorAgeFilesLines
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-185-2/+55
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-181-4/+4
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* Support expanding $XDG_CONFIG_HOME in user config pathsStef Walter2013-07-182-13/+30
| | | | | | | | | | If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation.
* Don't load configs from user directory when setuidStef Walter2013-07-188-1/+270
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-184-74/+60
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-182-1/+3
| | | | Among others fix possible usage of large stack allocation.
* open files with O_CLOEXEC when possibleStef Walter2013-07-182-3/+19
| | | | | | | | | | | | | This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986
* buffer: Check for unlikely integer overflowStef Walter2013-07-181-0/+6
| | | | | | | | If we see an integer overflow here something has gone horribly wrong (or malicious code is present). So treat this as unrecoverable, and fail if we're going to overflow. https://bugzilla.redhat.com/show_bug.cgi?id=985019
* Make preconditions abort unconditionally when scanning with coverityStef Walter2013-07-182-0/+9
| | | | | | | | | | | | This reflects that preconditions are invalid/unreachable on a functioning system and with valid input. We do not try to recover from such conditions. In addition teach coverity about how our test suite fails See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html https://bugzilla.redhat.com/show_bug.cgi?id=985005
* Fixes for some recent win32 regressionsStef Walter2013-07-181-3/+18
|
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-103-614/+0
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* common: Fix typo, and don't escape '6' in URL encodingStef Walter2013-07-081-1/+1
|
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-043-0/+3
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* path: Add p11_path_canon() functionStef Walter2013-07-033-0/+34
| | | | Cleans up a filename with readable characters.
* path: Add p11_path_prefix() functionStef Walter2013-07-033-0/+33
| | | | | Checks if a wellformed path is identical to or a prefix of another path.
* Reorganize various componentsStef Walter2013-06-2532-5244/+373
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* trust: Writable module PKCS#11 token functionsStef Walter2013-06-171-3/+11
| | | | | | Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects
* trust: Correctly reflect the CK_TOKEN_INFO writability flagsStef Walter2013-06-141-0/+3
| | | | | Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to.
* path: Add p11_path_parent() functionStef Walter2013-06-143-0/+55
| | | | | Gets the parent element of the path, removing the last component. Handles trailing and duplicate path separators correctly.
* path: Fix expanding of paths and testsStef Walter2013-06-142-25/+37
|
* common: Abort test cases when one failsStef Walter2013-06-131-0/+2
|
* Fix uninitialized p11_library_oncemanphiz@gmail.com2013-05-281-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=57714
* constants: Tweaks and add mechanismsStef Walter2013-05-272-253/+245
|
* pem: Write PEM data directly to a bufferStef Walter2013-05-273-32/+34
|
* url: Encode directly to a bufferStef Walter2013-05-273-33/+31
|
* Fix up Makefile.am files for automake 1.13 warningsStef Walter2013-05-211-2/+2
|
* Our own unit testing frameworkStef Walter2013-05-2121-1006/+1162
| | | | | | | | * Support the TAP protocol * Much cleaner without having to carry around state * First class support for setup/teardown * Port the common tests * Wait on porting other tests until we've merged outstanding code
* Pull the argv parsing code into its own fileStef Walter2013-05-213-0/+160
| | | | So it can be used from multiple code paths
* Support /xxx/yyy as an absolute path with Win32Stef Walter2013-05-212-5/+5
| | | | | Because win32 code doesn't just run on windows, wine runs with unix style paths.
* Add the log-calls module config optionStef Walter2013-05-215-20/+387
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Manage C_CloseAllSessions function for multiple callersStef Walter2013-05-211-1/+1
| | | | | | Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-212-9/+11
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-214-25/+54
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Add subclassable CK_X_FUNCTION_LISTStef Walter2013-05-153-4/+1561
| | | | | | | | | | One of the flaws in PKCS#11 for our usage is that each PKCS#11 module is not passed the pointer to the function list, ie: the vtable Here we define a new function list vtable, where each PKCS#11 function takes the vtable itself as the first argument. We use this new list internally to represent subclassable PKCS#11 modules for various features.
* Implement valgrind's hellgrind checks for threading problemsStef Walter2013-05-151-1/+1
| | | | | | | And cleanup our locks/locking model. There's no need to use recursive locks, especially since we can't use them on all platforms. In addition adjust taking of locks during initialization so that there's no chance of deadlocking here.
* Patch to make test-lexer depend on ASN.1manphiz@gmail.com2013-05-141-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=64378
* Don't print erroneous debug messages when skipping filesStef Walter2013-04-041-6/+6
| | | | | The parser automatically skips over files that it cannot parse. Don't print confusing debug messages about DER parse failures when it does so.
* Update to MurmurHash3Stef Walter2013-04-035-84/+91
| | | | | | | This should also fix problems with accessing memory in a non-aligned fashion on platforms where this causes problems. https://bugs.freedesktop.org/show_bug.cgi?id=62819
* Don't respect timezones for CKA_START_DATE or CKA_END_DATEStef Walter2013-04-032-338/+0
| | | | | | | | | | | | | The PKCS#11 specification does not note what timezone these dates are in. In addition the time values are not represented in PKCS#11. So don't reinterpret certificate dates, other than filling in the century for dates that have a two digit year. Lastly, these are low resolution optional fields so not being all strict about timezones here is appropriate. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* More compatible path munging and handling codeStef Walter2013-04-038-73/+526
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Don't use free() on memory allocated by LocalFree()Stef Walter2013-04-031-1/+1
| | | | ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046
* Separate library init from message codeStef Walter2013-04-0311-102/+234
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Don't use library locks from p11-kit toolStef Walter2013-04-031-4/+0
| | | | | | | The global library p11_library_mutex is for libraries to use, so don't use it from any code in common/, which is also used by the p11-kit tool https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Fix build with automake 1.13Stef Walter2013-04-031-2/+2
| | | | Also remove some generated files from the po/ directory.
* Don't try to guess at overflowing time values on 32-bit systemsStef Walter2013-03-281-3/+3
| | | | | | | | | Since CKA_START_DATE and CKA_END_DATE are the only places where we want to parse out times, and these are optional, just leave blank if the time overflows what libc can handle on a 32-bit system. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* Fix testing of murmur hash on bigendian systemsStef Walter2013-03-251-37/+23
| | | | | | The murmur hash produces different output depending on the architecture https://bugzilla.redhat.com/show_bug.cgi?id=927394
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-205-1/+11
|
* Fix invalid memory accesses reported by 'make memcheck'Stef Walter2013-03-203-18/+31
| | | | These are things that showed up in valgrind while running the tests.
* Add a bit of infrastructure for running valgrindStef Walter2013-03-202-3/+2
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* attrs: Print out the CKA_VALUE for certificates when debuggingStef Walter2013-03-203-14/+51
| | | | | | | | While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed
generated by cgit v1.1 at 2024-12-27 09:24:44 +0000