| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This is supposed to call over to 'trust extract' and wasn't
working correctly.
|
|
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
|
| |
|
|
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Support the TAP protocol
* Much cleaner without having to carry around state
* First class support for setup/teardown
* Port the common tests
* Wait on porting other tests until we've merged outstanding code
|
|
|
|
|
|
|
|
|
| |
* Keep the module ownership apart from the tracking of module
function pointers, since these are only relevant for unmanaged
modules.
* Less assumptions that each module has a raw unmanaged module
function pointer.
* More clarity in the naming of dictionaries tracking the modules.
|
|
|
|
|
| |
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
|
|
|
|
|
|
| |
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
|
|
|
|
|
|
|
|
|
|
| |
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
|
|
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
|
|
|
|
|
| |
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
|
|
|
|
|
|
|
| |
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
|
|
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
|
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
|
|
|
| |
The global library p11_library_mutex is for libraries to use, so don't
use it from any code in common/, which is also used by the p11-kit tool
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
| |
Also remove some generated files from the po/ directory.
|
| |
|
|
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
|
|
|
|
|
| |
Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini
respectively to stop them from being exported in the ABI. It does not seem
to be necessary.
|
|
|
|
|
|
|
| |
We want to use these as the format for encoding binary data
in our PKCS#11 attribute persistence
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
| |
This lexer will be used in our PKCS#11 persistence format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
|
|
|
|
|
| |
This flag is not required to be set unless C_InitToken has been
called. Many modules, like libnssckbi.so, do not set this flag.
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60894
|
| |
|
|
|
|
| |
So that the Windows' C library doesn't munge line endings
|
|
|
|
| |
Since older operating systems don't support setenv()
|
|
|
|
|
|
|
| |
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
|
|
|
|
|
|
| |
Don't do library initialization on shared object load when not running
in a library. We'll want to plug into this and do different things
per library in the future.
|
| |
|
|
|
|
|
| |
* Add annotations to our precondition functions so that they
don't make the analyzer complain
|
| |
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
| |
* Try to make /etc/pkcs11/modules for administrator use
* Override the old pkg-config variables to help packages start
using the new location
|
|
|
|
| |
This does the opposite of p11_kit_be_quiet().
|
|
|
|
|
| |
* Move mock code into the common/ directory to be used by multiple
components of p11-kit
|
|
|
|
| |
Represents a block of memory that can be added to, parsed and so on
|
|
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Allows use of them across the whole project
* Put a stub file in the p11-kit/ directory, so we can still refer
to the headers using that path, which is what it will be at
when in the installed includes directory.
|
|
|
|
|
|
| |
* This is cleaner than building the same source files all over
the place over and over.
* Works better with code coverage.
|