| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Those conditions can happen when the trust file is corrupted, so it
makes more sense to treat them as a failure instead of programmer
error.
|
|
|
|
|
| |
If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.
|
|
|
|
|
|
| |
Previously, even when the -v option is used with the 'trust' command,
the messages from p11-kit-trust.so module were suppressed because the
verbosity setting is not propagated to the module.
|
| |
|
| |
|
|
|
|
|
|
|
| |
For reproducible builds, accept a define timestamp for the java
keystore.
See https://reproducible-builds.org/docs/source-date-epoch/
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This prevents double call to p11_library_init() in test-module.c, once
from the ELF constructor, and secondly from the test itself.
|
|
|
|
|
|
| |
If the ELF constructor is usable, we don't really need the once-init
function because it is guaranteed that the code runs only once in the
constructor.
|
| |
|
|
|
|
|
|
| |
The tolower()/toupper() functions take into account of the current
locale settings, which p11-kit doesn't want. Add replacement
functions that work as if they are called under the C locale.
|
| |
|
| |
|
|
|
|
|
| |
Currently it only checks that "disable-in: p11-kit-proxy" properly
prevents the trust module being loaded by the proxy module.
|
|
|
|
|
| |
Otherwise, when the proxy module were registerd in NSS database, the
trust module would be loaded twice and degrade search performance.
|
|
|
|
|
| |
p11_kit_iter_add_filter() takes the ownership of given attributes.
Spotted by address sanitizer.
|
| |
|
|
|
|
|
| |
Piggybacking commit de963b96, this adds a multi-cert test case for the
Java keystore extractor.
|
|
|
|
|
|
|
|
| |
Add a multi-cert test case for the edk2 extractor, heavily based on the
"/openssl/test_file_multiple" test case.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST
format that is
- defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object
per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID),
- and expected by edk2's HttpDxe when it configures the certificate list
for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the
TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c").
The intended command line is
p11-kit extract \
--format=edk2-cacerts \
--filter=ca-anchors \
--overwrite \
--purpose=server-auth \
$DEST/edk2/cacerts.bin
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
|
|
|
|
|
| |
Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always
fails, silently.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The "Default Trust" token is typically mounted as $datadir, which is
considered as read-only on modern OSes.
Suggestd by Kai Engert in:
https://bugzilla.redhat.com/show_bug.cgi?id=1523630
|
|
|
|
|
|
|
|
|
|
|
|
| |
The trust policy module keeps all the objects in the database, while
PKIX doesn't allow multiple extensions identified by the same OID can
be attached to a certificate. Add a check to C_FindObjects to exclude
any duplicates and only return the first matching object.
It would be better if the module rejects such duplicates when loading,
but it would make startup slower.
https://bugzilla.redhat.com/show_bug.cgi?id=1141241
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This is to disable clang-analyzer against test programs, which can
contain several false-positives.
|
|
|
|
|
| |
Instead of reusing the CKA_X_GENERATED attribute, check the file
contents directly in the caller side.
|
|
|
|
|
|
|
| |
A persistent file written by the trust module starts with the line "#
This file has been auto-generated and written by p11-kit". This can
be used as a magic word to determine whether the objects read from a
.p11-kit file are read-only.
|
|
|
|
|
| |
This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which
broke "trust anchor --remove".
|
|
|
|
|
|
|
|
|
| |
Previously, all objects read from p11-kit persist files are marked as
modifiable when parsing, regardless of the explicit "modifiable: false"
setting in the file.
Reported by Kai Engert in:
https://bugs.freedesktop.org/show_bug.cgi?id=99797
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a PKCS#11 module that connects to the p11-kit server
exposed on the filesystem. The filename of the socket is determined in
the following order:
- $P11_KIT_SERVER_ADDRESS, if the envvar is available
- $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available
- /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists
- /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists
- ~/.cache/p11-kit/pkcs11.
Note that the program loading this module may have called setuid() and
secure_getenv() which we use for fetching envvars could return NULL.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976
and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
|
|
|
|
|
|
|
|
| |
Since commit f4384a40, due to a missing ex->flags setting, the 'trust
extract' command didn't retrieve correlation between related objects and
that was causing assertion failure when writing PEM files.
https://bugs.freedesktop.org/show_bug.cgi?id=99795
|
|
|
|
|
|
|
|
|
|
|
| |
This dumps all the PKCS#11 objects in the internal .p11-kit
persistence format.
This is part of the trust command and tooling, even though
at some point it could go in the p11-kit command. The reason
for this is that the code related to the internal .p11-kit
objects is in the trust code, and consumed solely by the
trust related modules.
|
|
|
|
|
| |
These should not be encoded by default for readability in
strings.
|
| |
|
|
|
|
|
| |
This is so that the code can be shared by the upcoming 'trust dump'
command where correlation between related objects is not desired.
|
|
|
|
|
| |
We load all known attributes for each object we're enumerating
over in the 'trust list' and 'trust extract' commands.
|
|
|
|
|
| |
Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must
be substituted in the script beforehand.
|
|
|
|
|
|
|
| |
While 'trust anchor' command tries to add CKA_TRUSTED attribute to any
object, it is only valid for a certificate object.
https://bugzilla.redhat.com/show_bug.cgi?id=1158926
|