summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Implement basic extract supportStef Walter2013-02-0515-2/+1796
| | | | | | * The only formats supported are x509-file and x509-directory Allow tool to build without extract
* Support for sane writing to files extractedStef Walter2013-02-0510-0/+1504
| | | | | | * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way
* Add public iterator API to p11-kitStef Walter2013-02-0513-10/+2308
|
* Allow internal use of token and module info matchingStef Walter2013-02-052-20/+41
|
* Move the X.509 extension parsing code in common/Stef Walter2013-02-055-133/+335
| | | | * So it can be used by other code, in addition to the trust stuff
* Add p11_array_clear() functionStef Walter2013-02-053-7/+43
| | | | * Clears an array without freeing the array itself
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-0511-53/+804
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Refactor how parsing of ASN.1 data and certificate extensions workStef Walter2013-02-0514-667/+1193
|
* Fill in certificate authority and trust data correctlyStef Walter2013-02-058-168/+552
| | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
* Implement stapled certificate extensions internallyStef Walter2013-02-0517-387/+1450
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Better debugging and checks for attribute valuesStef Walter2013-02-054-86/+124
|
* Add tool for testing how fast the token loadsStef Walter2013-02-052-0/+65
|
* Some debug info about which files are being loadedStef Walter2013-02-051-2/+15
|
* Test a TRUSTED CERTIFICATE without any trust OIDsStef Walter2013-02-054-0/+40
|
* Add the builtin roots NSS specific objectStef Walter2013-02-054-5/+61
| | | | This tells NSS that this is a source of anchors.
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-058-40/+368
|
* Add support for parsing PEM filesStef Walter2013-02-0512-6/+910
|
* Add basic trust moduleStef Walter2013-02-0560-47/+6580
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Add basic checksum algorithmsStef Walter2013-02-056-2/+766
| | | | | | The SHA-1 and MD5 digests here are used for checksums in legacy protocols. We don't use them in cryptographic contexts at all. These particular algorithms would be poor choices for that.
* Remove the unused err() function and friendsStef Walter2013-02-052-187/+0
| | | | | We want to use p11_message in our commands anyway, since that allows us control with --verbose and --quiet.
* Tweak style of the manualStef Walter2013-02-054-7/+27
| | | | | | | * Unindent the main headings * Don't wrap options * Better spacing in table of contents * Don't have line numbers on code examples
* Add documentation about contributing to p11-kitStef Walter2013-02-056-83/+241
|
* Add a p11-kit tool manual pageStef Walter2013-02-055-35/+130
|
* Change the documentation configure arg to --enable-docStef Walter2013-02-052-19/+24
| | | | * We're building more than just the gtk-doc reference
* Add a /usr/share/p11-kit/modules directory for package module configsStef Walter2013-02-0510-12/+31
| | | | | | * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location
* Make the p11-kit tool have distinct commandsStef Walter2013-02-054-42/+459
| | | | | | * Change the -l argument into the list-modules command. * Add proper functions for printing usage * Support for external commands in the path or /usr/share/p11-kit
* Add p11_kit_be_loud() function for use in tests and toolsStef Walter2013-02-053-0/+17
| | | | This does the opposite of p11_kit_be_quiet().
* Add internal function for turning on messagesStef Walter2013-02-052-0/+10
| | | | To be used from tests
* Add more mock-module implementationStef Walter2013-02-049-1243/+3835
| | | | | * Move mock code into the common/ directory to be used by multiple components of p11-kit
* Further tweaks and cleanup for functions dealing with PKCS#11 attributesStef Walter2013-02-043-70/+910
| | | | | | | | * Check that the size is correct when looking for a boolean or a ulong. * Make sure that the length is not the invalid negative ulong. * Functions for dumping out attribute contents * Make it possible to use attributes in hash tables
* Add generic buffer codeStef Walter2013-02-046-56/+515
| | | | Represents a block of memory that can be added to, parsed and so on
* Use the stdbool.h C99 bool typeStef Walter2013-01-2320-234/+311
| | | | | | It was getting really wild knowing whether a function returning an int would return -1 on failure or 0 or whether the int return value was actually a number etc..
* Only initialize p11-kit libraries onceStef Walter2013-01-092-6/+14
| | | | * Make the gcc constructor call p11_library_init_once()
* Set strict debug preconditions during testingStef Walter2013-01-097-0/+10
|
* Add common functions for manipulating CK_ATTRIBUTE arraysStef Walter2013-01-098-154/+977
|
* Move the pkcs11.h header files into common directoryStef Walter2013-01-095-1374/+1577
| | | | | | | * Allows use of them across the whole project * Put a stub file in the p11-kit/ directory, so we can still refer to the headers using that path, which is what it will be at when in the installed includes directory.
* Build common code into noinst librariesStef Walter2013-01-095-43/+37
| | | | | | * This is cleaner than building the same source files all over the place over and over. * Works better with code coverage.
* Move debug and library code into the common/ subdirectoryStef Walter2013-01-0970-1651/+1746
| | | | | | | | | | | Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally.
* Fix leak when initializing the proxy modulePankaj Sharma2013-01-091-0/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=58704
* Documentation fixes for PIN functionsStef Walter2013-01-091-6/+6
|
* Fix file descriptor leak in p11_kit_pin_file_callback()Pankaj Sharma2013-01-091-0/+2
| | | | | | * Close the file descriptor used to read the the pin file https://bugs.freedesktop.org/show_bug.cgi?id=58706
* Distribute HACKING in the tarballStef Walter2013-01-081-1/+3
|
* Fix documentation warnings.Stef Walter2013-01-073-5/+9
| | | | | | * P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably never actually be returned. But kept for API compatibility. * make distcheck doc fix
* Guarantee that the key is freed when replacedStef Walter2013-01-073-35/+102
| | | | | | | | | * When setting a key in a map that already exists, then free the old key and replace with the new one. * Fix related bug where key was not properly allocated * Add tests for this https://bugs.freedesktop.org/show_bug.cgi?id=59087
* Don't complain if we cannot access ~/.pkcs11/pkcs11.confStef Walter2012-11-142-9/+34
| | | | | | | * If a process is running under selinux it may not be able to access the home directory of the uid that it is running as. https://bugs.freedesktop.org/show_bug.cgi?id=57115
* Refuse to load the p11-kit-proxy.so as a registered moduleStef Walter2012-09-183-9/+13
| | | | | | | | | | * Since p11-kit-proxy.so is a symlink to the libp11-kit.so library we check that we are not calling into our known CK_FUNCTION_LIST for the proxy code. * Although such a configuration is invalid, detecting this directly prevents strange initialization loop issues that are hard to debug. https://bugs.freedesktop.org/show_bug.cgi?id=55052
* Don't fail initialization if last initialized module failsStef Walter2012-09-181-4/+6
| | | | | | | | | | * We weren't resetting the result code after a failure, so even though failures for critical modules didn't interrupt the initialization loop, the result still leaked to callers. * Also print an error message clearly indicating that a module failed to initialize, regardless of whether critical or not. https://bugs.freedesktop.org/show_bug.cgi?id=55051
* Release version 0.14Stef Walter2012-09-062-1/+9
|
* Change the default of 'user-config' to merge.Stef Walter2012-09-063-5/+5
| | | | | | | * This allows user configured PKCS#11 modules by default. * Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf to go back to the previous behavior. * Posted to the mailing list.
* configure.ac: Fix bogus comma, and fix up spacingAntoine Jacoutot2012-08-231-5/+5
| | | | | | * Fixes a mistake in the previous commit https://bugs.freedesktop.org/show_bug.cgi?id=53706
generated by cgit v1.1 at 2024-10-08 02:42:21 +0000