summaryrefslogtreecommitdiff
path: root/trust/index.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix various issues highlighted by coverity scannerStef Walter2013-07-181-9/+9
| | | | Among others fix possible usage of large stack allocation.
* trust: Fix bug with load validation failuresStef Walter2013-07-081-2/+3
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-081-8/+121
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Rename p11_index_batch() to p11_index_load()Stef Walter2013-07-031-2/+2
| | | | | | The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage.
* trust: Implement reloading of token dataStef Walter2013-07-031-6/+12
| | | | | | | | | | | | | | | * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-201-3/+4
|
* Fix invalid memory accesses reported by 'make memcheck'Stef Walter2013-03-201-1/+1
| | | | These are things that showed up in valgrind while running the tests.
* trust: Rework index to be faster and more usableStef Walter2013-03-201-120/+319
| | | | | | | | | The index now uses a sort of cross between a hash table and a bloom filter internally to select matching items. This is needed for the massive amount of lookups we want to do during loading. In addition make p11_index_find() and p11_index_replace() easier to use.
* trust: Better generation of nss objects and assertions for serial+issuerStef Walter2013-03-181-1/+2
| | | | | | | In many cases certficates are distrusted by serial+issuer. Make sure this works, and fix various cases where we weren't generating compat NSS objects and compat trust assertions for these types of input.
* Refine looking up of attributes in arraysStef Walter2013-03-181-1/+1
| | | | | | | | There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
* trust: Refactor to include concept of the indexStef Walter2013-03-151-0/+566
* The index holds PKCS#11 objects whether for the token or for the session. * The index provides hook for a builder to expand or validate objects being added to the index. * In addition theres a change hook so that a builder can maintain state between objects, such as the compat NSS trust objects. https://bugs.freedesktop.org/show_bug.cgi?id=62329