summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* trust: Factor out module initialization into separate fileDaiki Ueno2018-08-283-55/+44
| | | | | This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself.
* common, p11-kit, trust: Use pthread_once only when necessaryDaiki Ueno2018-08-101-1/+1
| | | | | | If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor.
* trust: Clarify C_Login behavior that returns an errorDaiki Ueno2018-07-191-0/+11
|
* common: Make case conversion locale independentDaiki Ueno2018-05-252-2/+2
| | | | | | The tolower()/toupper() functions take into account of the current locale settings, which p11-kit doesn't want. Add replacement functions that work as if they are called under the C locale.
* trust: Avoid array overflowDaiki Ueno2018-05-072-3/+3
|
* trust: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-6/+6
|
* test: Add installcheck script to test trust moduleDaiki Ueno2018-04-102-1/+24
| | | | | Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module.
* trust: Prevent trust module being loaded by proxy moduleDaiki Ueno2018-04-101-0/+3
| | | | | Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance.
* trust: Fix memleak in p11_enumerate_opt_filterDaiki Ueno2018-04-101-0/+1
| | | | | p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer.
* test: Factor out common harness from test-extract.inDaiki Ueno2018-04-103-93/+112
|
* test: Add test for JKS extractorDaiki Ueno2018-04-064-1/+224
| | | | | Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor.
* trust: add unit test for the "edk2-cacerts" extractorLaszlo Ersek2018-03-303-0/+214
| | | | | | | | Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: implement the "edk2-cacerts" extractorLaszlo Ersek2018-03-301-1/+168
| | | | | | | | | | | | | | | | | | | | | | | | Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: introduce the "edk2-cacerts" extractor skeletonLaszlo Ersek2018-03-304-1/+51
| | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* test: Improve temporary directory handlingDaiki Ueno2018-02-271-0/+2
|
* trust: Forcibly mark "Default Trust" read-onlyDaiki Ueno2018-02-057-15/+101
| | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630
* trust: Filter out duplicate extensionsDaiki Ueno2018-01-315-5/+120
| | | | | | | | | | | | The trust policy module keeps all the objects in the database, while PKIX doesn't allow multiple extensions identified by the same OID can be attached to a certificate. Add a check to C_FindObjects to exclude any duplicates and only return the first matching object. It would be better if the module rejects such duplicates when loading, but it would make startup slower. https://bugzilla.redhat.com/show_bug.cgi?id=1141241
* build: Delay compilation of test-related stuffDaiki Ueno2018-01-301-4/+8
|
* trust: Respect anyExtendedKeyUsage in CA certificatesDaiki Ueno2017-10-023-0/+45
|
* trust: Fix build error with -Werror=return-typeDaiki Ueno2017-07-141-1/+1
|
* trust: Suppress dead-assignment warnings from clang-analyzerDaiki Ueno2017-05-292-1/+1
|
* build: Delay building test programs until "make check"Daiki Ueno2017-05-291-1/+1
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* trust: Simplify the check for the magicDaiki Ueno2017-05-183-12/+17
| | | | | Instead of reusing the CKA_X_GENERATED attribute, check the file contents directly in the caller side.
* trust: Check magic comment in persist file for modifiablityDaiki Ueno2017-05-183-2/+14
| | | | | | | A persistent file written by the trust module starts with the line "# This file has been auto-generated and written by p11-kit". This can be used as a magic word to determine whether the objects read from a .p11-kit file are read-only.
* Revert "trust: Honor "modifiable" setting in persist file"Daiki Ueno2017-05-183-11/+1
| | | | | This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which broke "trust anchor --remove".
* trust: Honor "modifiable" setting in persist fileDaiki Ueno2017-02-203-1/+11
| | | | | | | | | Previously, all objects read from p11-kit persist files are marked as modifiable when parsing, regardless of the explicit "modifiable: false" setting in the file. Reported by Kai Engert in: https://bugs.freedesktop.org/show_bug.cgi?id=99797
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-171-2/+1
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* trust: Fix uninitialized value in anchor commandDaiki Ueno2017-02-161-1/+1
|
* trust: Fix saving trust file on WindowsDaiki Ueno2017-02-161-6/+9
|
* build: Include <unistd.h> for execvDaiki Ueno2017-02-161-0/+1
|
* Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files.Kai Engert2017-02-162-0/+2
| | | | | See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
* trust: Revert to the original 'extract' behaviorDaiki Ueno2017-02-141-0/+1
| | | | | | | | Since commit f4384a40, due to a missing ex->flags setting, the 'trust extract' command didn't retrieve correlation between related objects and that was causing assertion failure when writing PEM files. https://bugs.freedesktop.org/show_bug.cgi?id=99795
* trust: Implement a 'trust dump' commandStef Walter2017-01-314-0/+237
| | | | | | | | | | | This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules.
* trust: Don't encode spaces when writing .p11-kit formatStef Walter2017-01-311-1/+1
| | | | | These should not be encoded by default for readability in strings.
* trust: Add an "all" filter option for trust commandsStef Walter2017-01-311-0/+3
|
* trust: Make extraction and correlation of certificate info optionalStef Walter2017-01-317-19/+30
| | | | | This is so that the code can be shared by the upcoming 'trust dump' command where correlation between related objects is not desired.
* trust: Load all attributes for each object when enumeratingStef Walter2017-01-311-17/+21
| | | | | We load all known attributes for each object we're enumerating over in the 'trust list' and 'trust extract' commands.
* test: Fix privatedir substitution in test-extractDaiki Ueno2016-12-131-0/+1
| | | | | Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must be substituted in the script beforehand.
* trust: Don't add CKA_TRUSTED to extension objectDaiki Ueno2016-12-061-2/+33
| | | | | | | While 'trust anchor' command tries to add CKA_TRUSTED attribute to any object, it is only valid for a certificate object. https://bugzilla.redhat.com/show_bug.cgi?id=1158926
* common, trust: Avoid integer overflowDaiki Ueno2016-12-061-0/+5
| | | | | | | This fixes issues pointed in: https://bugzilla.redhat.com/show_bug.cgi?id=985445 except for p11-kit/conf.c:read_config_file(), which was rewritten using mmap() and thus length calculation is no longer needed.
* trust: Avoid confusion in DER/PEM decodingDaiki Ueno2016-11-303-1/+115
| | | | | | | | Previously p11-kit-trust.so tried to interpret certificate as PEM format first. This could cause potential conflict if the certificate were actually in DER format and contained a PEM marker strings. https://bugs.freedesktop.org/show_bug.cgi?id=92063
* trust: Clarify the error message of 'extract'Daiki Ueno2016-11-281-1/+4
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1154693
* trust: Mention anchor --remove option in helpDaiki Ueno2016-11-281-1/+2
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1158467
* trust: Reject invalid UTF-8 inputDaiki Ueno2016-11-282-0/+8
| | | | | | | Merge changes from utf8.c in FreeBSD's libc: https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196 https://bugzilla.redhat.com/show_bug.cgi?id=985449
* test: Fix memleak in test-token cleanupDaiki Ueno2016-10-311-1/+1
| | | | | | | | | | GCC's asan spotted this: Direct leak of 338 byte(s) in 13 object(s) allocated from: #0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x445e8c in p11_path_build ../common/path.c:222 #2 0x4385bd in expand_tempdir ../common/test.c:334 #3 0x43869c in p11_test_directory ../common/test.c:361 #4 0x4033e3 in setup_temp ../trust/test-token.c:79
* test: Make test-module work --without-trust-moduleDaiki Ueno2016-09-041-1/+2
| | | | | | | | | The test-module program currently depends on TRUST_PATHS, which is determined by the configure script and normally points to a resource outside of the build tree. To make the test system-independent, use a crafted path for testing. https://bugs.freedesktop.org/show_bug.cgi?id=89027
* Fix typos flagged by codespellDaiki Ueno2016-08-223-3/+3
|
* trust: Fix always false comparison of EAGAIN and EINTRStef Walter2015-11-091-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92864
* trust: Fix double close()Pankaj2015-06-011-1/+0
|
* Fix some compiler warnings from GCC 5.xStef Walter2015-04-171-3/+3
|