summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* trust: Ignore unreadable content in anchorsDaiki Ueno2019-02-183-15/+88
| | | | | | | | | This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of failing C_FindObjectsInit, treat any errors internally and accumulates the successfully loaded certificates. Reported by Andrej Kvasnica in: https://bugzilla.redhat.com/show_bug.cgi?id=1675441
* extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCHDaiki Ueno2019-01-291-4/+4
| | | | | Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so that the test results are not affected by the envvar settings.
* pem: Fix assert conditionDaiki Ueno2019-01-112-1/+19
| | | | | | If the PEM header is "-----BEGIN -----", *type should be an empty string and the parser shouldn't fail. Reported by Han Han in: https://bugzilla.redhat.com/show_bug.cgi?id=1665172
* test: Add test that exercises duplicated certs in JKSDaiki Ueno2019-01-106-5/+55
|
* trust: Fix alias generation in JKS extractorDaiki Ueno2019-01-101-1/+2
| | | | | When there is a duplicate, the JKS extractor previously assigned somewhat obscure name "-<digit>" (not "<name>-<digit>").
* trust: Continue parsing if the file cannot be read as persist formatDaiki Ueno2019-01-041-1/+1
| | | | | | A corrupted file that contains "[p11-kit-object-v1]" can be a valid PEM certs file. Continue with the next format if it cannot be read as a persistent format.
* trust: p11_token_load: Treat parse error as failureDaiki Ueno2019-01-041-3/+6
| | | | | | Those conditions can happen when the trust file is corrupted, so it makes more sense to treat them as a failure instead of programmer error.
* trust: Fail if trust anchors are not loaded from a fileDaiki Ueno2019-01-042-6/+11
| | | | | If the trust path is a file, treat parse error as fatal and abort the C_FindObjectsInit call.
* trust: Propagate library verbosity to module through init_argsDaiki Ueno2019-01-043-2/+18
| | | | | | Previously, even when the -v option is used with the 'trust' command, the messages from p11-kit-trust.so module were suppressed because the verbosity setting is not propagated to the module.
* build: Fix typo spotted by codespellDaiki Ueno2018-12-294-5/+5
|
* build: Suppress cppcheck errorsDaiki Ueno2018-11-224-14/+30
|
* trust/extract-jks.c: also honor SOURCE_DATE_EPOCH timeHarald Hoyer2018-11-021-4/+34
| | | | | | | For reproducible builds, accept a define timestamp for the java keystore. See https://reproducible-builds.org/docs/source-date-epoch/
* trust: Check index->buckets is allocated on cleanupDaiki Ueno2018-10-171-3/+5
|
* trust: Set umask before calling mkstempDaiki Ueno2018-10-171-0/+3
|
* build: Check return value of p11_dict_setDaiki Ueno2018-10-171-1/+2
|
* build: Free memory before return{,_val}_if_* macrosDaiki Ueno2018-10-177-14/+65
|
* build: Call va_end() always when leaving the functionDaiki Ueno2018-10-171-1/+3
|
* trust: Factor out module initialization into separate fileDaiki Ueno2018-08-283-55/+44
| | | | | This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself.
* common, p11-kit, trust: Use pthread_once only when necessaryDaiki Ueno2018-08-101-1/+1
| | | | | | If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor.
* trust: Clarify C_Login behavior that returns an errorDaiki Ueno2018-07-191-0/+11
|
* common: Make case conversion locale independentDaiki Ueno2018-05-252-2/+2
| | | | | | The tolower()/toupper() functions take into account of the current locale settings, which p11-kit doesn't want. Add replacement functions that work as if they are called under the C locale.
* trust: Avoid array overflowDaiki Ueno2018-05-072-3/+3
|
* trust: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-6/+6
|
* test: Add installcheck script to test trust moduleDaiki Ueno2018-04-102-1/+24
| | | | | Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module.
* trust: Prevent trust module being loaded by proxy moduleDaiki Ueno2018-04-101-0/+3
| | | | | Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance.
* trust: Fix memleak in p11_enumerate_opt_filterDaiki Ueno2018-04-101-0/+1
| | | | | p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer.
* test: Factor out common harness from test-extract.inDaiki Ueno2018-04-103-93/+112
|
* test: Add test for JKS extractorDaiki Ueno2018-04-064-1/+224
| | | | | Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor.
* trust: add unit test for the "edk2-cacerts" extractorLaszlo Ersek2018-03-303-0/+214
| | | | | | | | Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: implement the "edk2-cacerts" extractorLaszlo Ersek2018-03-301-1/+168
| | | | | | | | | | | | | | | | | | | | | | | | Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: introduce the "edk2-cacerts" extractor skeletonLaszlo Ersek2018-03-304-1/+51
| | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* test: Improve temporary directory handlingDaiki Ueno2018-02-271-0/+2
|
* trust: Forcibly mark "Default Trust" read-onlyDaiki Ueno2018-02-057-15/+101
| | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630
* trust: Filter out duplicate extensionsDaiki Ueno2018-01-315-5/+120
| | | | | | | | | | | | The trust policy module keeps all the objects in the database, while PKIX doesn't allow multiple extensions identified by the same OID can be attached to a certificate. Add a check to C_FindObjects to exclude any duplicates and only return the first matching object. It would be better if the module rejects such duplicates when loading, but it would make startup slower. https://bugzilla.redhat.com/show_bug.cgi?id=1141241
* build: Delay compilation of test-related stuffDaiki Ueno2018-01-301-4/+8
|
* trust: Respect anyExtendedKeyUsage in CA certificatesDaiki Ueno2017-10-023-0/+45
|
* trust: Fix build error with -Werror=return-typeDaiki Ueno2017-07-141-1/+1
|
* trust: Suppress dead-assignment warnings from clang-analyzerDaiki Ueno2017-05-292-1/+1
|
* build: Delay building test programs until "make check"Daiki Ueno2017-05-291-1/+1
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* trust: Simplify the check for the magicDaiki Ueno2017-05-183-12/+17
| | | | | Instead of reusing the CKA_X_GENERATED attribute, check the file contents directly in the caller side.
* trust: Check magic comment in persist file for modifiablityDaiki Ueno2017-05-183-2/+14
| | | | | | | A persistent file written by the trust module starts with the line "# This file has been auto-generated and written by p11-kit". This can be used as a magic word to determine whether the objects read from a .p11-kit file are read-only.
* Revert "trust: Honor "modifiable" setting in persist file"Daiki Ueno2017-05-183-11/+1
| | | | | This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which broke "trust anchor --remove".
* trust: Honor "modifiable" setting in persist fileDaiki Ueno2017-02-203-1/+11
| | | | | | | | | Previously, all objects read from p11-kit persist files are marked as modifiable when parsing, regardless of the explicit "modifiable: false" setting in the file. Reported by Kai Engert in: https://bugs.freedesktop.org/show_bug.cgi?id=99797
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-171-2/+1
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* trust: Fix uninitialized value in anchor commandDaiki Ueno2017-02-161-1/+1
|
* trust: Fix saving trust file on WindowsDaiki Ueno2017-02-161-6/+9
|
* build: Include <unistd.h> for execvDaiki Ueno2017-02-161-0/+1
|
* Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files.Kai Engert2017-02-162-0/+2
| | | | | See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
* trust: Revert to the original 'extract' behaviorDaiki Ueno2017-02-141-0/+1
| | | | | | | | Since commit f4384a40, due to a missing ex->flags setting, the 'trust extract' command didn't retrieve correlation between related objects and that was causing assertion failure when writing PEM files. https://bugs.freedesktop.org/show_bug.cgi?id=99795
* trust: Implement a 'trust dump' commandStef Walter2017-01-314-0/+237
| | | | | | | | | | | This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules.