summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-231-1/+1
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-239-14/+29
|
* Use simple serial automake test harnessStef Walter2013-07-233-6/+11
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Add appropriate const qualifiersStef Walter2013-07-181-1/+1
|
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-183-44/+24
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-184-23/+23
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-187-22/+13
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-185-23/+25
| | | | Among others fix possible usage of large stack allocation.
* Fixes for some recent win32 regressionsStef Walter2013-07-182-13/+19
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-172-2/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1012-34/+878
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-091-1/+1
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* trust: Fix bug with load validation failuresStef Walter2013-07-082-2/+53
|
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-084-0/+348
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-088-252/+483
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Mark CKA_X_DISTRUSTED as a boolean attributeStef Walter2013-07-081-0/+1
|
* trust: Support token directory paths in user's home directoryStef Walter2013-07-082-1/+2
|
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-085-28/+73
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-083-7/+41
|
* asn1: In p11_asn1_read() allocate an extra null terminatorStef Walter2013-07-081-2/+5
| | | | As a courtesy for callers.
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-041-37/+12
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0414-207/+548
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* trust: Add p11_oid_hash() and various oid stringsStef Walter2013-07-043-5/+34
|
* trust: Add p11_asn1_read() and p11_asn1_free() functionsStef Walter2013-07-046-58/+74
| | | | Some helpers for commonly used ASN.1 related stuff.
* trust: Initial support for writing out token objectsStef Walter2013-07-039-39/+443
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: If token path is a file, don't try loading subdirectoriesStef Walter2013-07-031-8/+15
|
* trust: Correctly handle persisting OIDs with zero lengthStef Walter2013-07-031-2/+3
|
* trust: Don't write out internal attributes when persistingStef Walter2013-07-034-15/+63
|
* trust: Add support for saving files with unique file namesStef Walter2013-07-038-114/+298
|
* path: Add p11_path_canon() functionStef Walter2013-07-031-9/+2
| | | | Cleans up a filename with readable characters.
* trust: Rename p11_index_batch() to p11_index_load()Stef Walter2013-07-036-22/+22
| | | | | | The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage.
* trust: Implement reloading of token dataStef Walter2013-07-0314-407/+746
| | | | | | | | | | | | | | | * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
* iter: Add iteration mode where session is not busyStef Walter2013-07-037-12/+12
| | | | | | | | | | | In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests.
* trust: Implement validation for creating/modifying objectsStef Walter2013-06-262-43/+661
|
* Fix running trust module tests under distcheckStef Walter2013-06-251-10/+12
|
* Reorganize various componentsStef Walter2013-06-2557-12/+11145
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Merge branch 'stable'Stef Walter2013-06-172-0/+30
|\
| * trust: Move the extract-trust external placeholder command into trust/Stef Walter2013-06-172-0/+30
| |
* | trust: Writable module PKCS#11 token functionsStef Walter2013-06-173-27/+100
| | | | | | | | | | | | Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects
* | trust: Correctly reflect the CK_TOKEN_INFO writability flagsStef Walter2013-06-145-3/+184
| | | | | | | | | | Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to.
* | Merge branch 'stable'Stef Walter2013-06-053-5/+161
|\ \ | |/
| * trust: Fix crash when C_Initialize args are NULLStef Walter2013-06-052-1/+22
| | | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=65401
| * trust: Fix reinitialization of trust moduleStef Walter2013-06-053-4/+139
| | | | | | | | | | | | | | | | | | Track number of C_Initialize calls, and require similar number of C_Finalize calls to finalize. This fixes leaks/disappearing sessions in the trust module. https://bugs.freedesktop.org/show_bug.cgi?id=65401
* | persist: Support for writing out p11-kit persist filesStef Walter2013-05-275-90/+587
| |
* | Fix up Makefile.am files for automake 1.13 warningsStef Walter2013-05-212-2/+2
| |
* | Our own unit testing frameworkStef Walter2013-05-219-1133/+746
| | | | | | | | | | | | | | | | * Support the TAP protocol * Much cleaner without having to carry around state * First class support for setup/teardown * Port the common tests * Wait on porting other tests until we've merged outstanding code
* | Pull the argv parsing code into its own fileStef Walter2013-05-211-74/+4
| | | | | | | | So it can be used from multiple code paths
* | p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-211-6/+19
|/ | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Fix off by one in date parsing codeStef Walter2013-04-041-1/+1
| | | | | We didn't treat the two digit year 00 as a valid year, whereas it actually represents the year 2000. This is in a non-critical code path.