| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
This is a non-standard PKCS#11 attribute, so has the X prefix
like the other ones we've added.
|
|
|
|
|
|
|
|
| |
There was a class of bugs for looking up invalid or empty
attributes in the internal PKCS#11 attribute arrays.
* Refine what p11_attrs_find_valid() treats as valid
* Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
|
| |
|
|
|
|
|
| |
Can run with two modules now so that it can compare tokens NSS
trust info.
|
|
|
|
|
|
|
| |
This is documented in doc/internals/ subdirectory
Add tests for the format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
|
| |
We want to use these as the format for encoding binary data
in our PKCS#11 attribute persistence
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
| |
This lexer will be used in our PKCS#11 persistence format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
|
| |
This is what's recommended by the spec, and allows stapled extensions
to hang off a predictable CKA_ID.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
| |
* For retrieving the name and/or nick of constants
* The nick is what we'll use in the file format
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
| |
This takes one set of attributes and merges them into
another, without copying memory needlessly.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
|
|
| |
In order to unmarry the parser from the future builder, but still retain
efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1
cache provides this. In addition it carries around the loaded ASN.1
definitions.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
| |
* This was already possible to do safely before
* Document and test this behavior
https://bugs.freedesktop.org/show_bug.cgi?id=61499
|
|
|
|
|
| |
When bringing over the BSD base64 code, there was a regression.
In addition add some tests for the base64 stuff.
|
|
|
|
|
| |
NSS had subtly changed the values of the distrust CK_TRUST codes
so update them to stay in sync.
|
| |
|
| |
|
|
|
|
|
|
|
| |
The field defaults to FALSE. It sucks that libtasn1 doesn't
fill this in for us.
https://bugs.freedesktop.org/show_bug.cgi?id=61975
|
|
|
|
|
|
| |
Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=61739
|
|
|
|
|
| |
Rewrite the mock.h header to relicense it. It is based on the BSD
licensed mock.c file, so this isn't a big issue.
|
|
|
|
|
| |
On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion
functions.
|
| |
|
|
|
|
| |
So that the Windows' C library doesn't munge line endings
|
|
|
|
| |
Not available on Win32 or ancient unixes
|
|
|
|
| |
Not available on Win32 or ancient unixes
|
|
|
|
| |
These are not available on Win32 and ancient unixes
|
|
|
|
| |
Not available on Win32 and ancient unixes
|
|
|
|
|
| |
The Win32 for mmap() is very different from Unix, so abstract
this into our own p11_mmap_xxx() functions.
|
|
|
|
| |
Since older operating systems don't support setenv()
|
|
|
|
| |
For Win32 and older unixes
|
|
|
|
|
|
|
| |
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
|
| |
|
|
|
|
|
|
| |
Don't do library initialization on shared object load when not running
in a library. We'll want to plug into this and do different things
per library in the future.
|
|
|
|
|
| |
* All original lines in this file upon arrival in the p11-kit
project were written by me, and copyright held by me.
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60473
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60434
|
|
|
|
|
| |
* Add annotations to our precondition functions so that they
don't make the analyzer complain
|
|
|
|
|
| |
* This is in cases where the certificate information does not
already have a friendly name or alias.
|
|
|
|
|
|
|
| |
* Based on the gcr code
* Bring in base64 output code from BSD
* Make sure to output base64 lines of 64 character length since
this is what OpenSSL expects
|
| |
|
|
|
|
| |
* So it can be used by other code, in addition to the trust stuff
|
|
|
|
| |
* Clears an array without freeing the array itself
|
|
|
|
|
|
| |
* Implement trust assertions for anchored and distrusted certs
* Pinned certificate trust assertions are not implemented yet
* Add an internal tool for pulling apart bits of certificates
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fill in CKA_CERTIFICATE_CATEGORY properly for authorities
based on the presence of BasicConstraints and/or v1 certificates
* Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the
parser is running for anchors or blacklist
* In addition support the concept of blacklisted certificates mixed
in with the anchors (without any purposes) since that's what exists
in the real world.
* We do this after the various hooks have had a chance to mess
with the certificate extensions and such.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
|
| |
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
| |
The SHA-1 and MD5 digests here are used for checksums in legacy
protocols. We don't use them in cryptographic contexts at all.
These particular algorithms would be poor choices for that.
|