# Generate automatically. Do not edit. commit 3770793f026e46a000d2d8816d56122598289d5c Author: Daiki Ueno Date: 2018-08-28 Release 0.23.14 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit c1b565413dae632a4ab78cea08ed103d9418921b Author: Daiki Ueno Date: 2018-08-22 virtual: Tighten error handling when fixed closures are exhausted p11-kit/virtual.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit 347a8793d23036433ab0ba39049f0e832bb05b3d Author: Daiki Ueno Date: 2018-08-22 virtual: Don't be too loud about recoverable failure p11-kit/virtual.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9a7892ef3fd9d4bd70df41fb0200782dc6134c70 Author: Daiki Ueno Date: 2018-08-24 trust: Factor out module initialization into separate file This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself. trust/Makefile.am | 2 +- trust/module-init.c | 43 ++++++++++++++++++++++++++++++++++++++++++ trust/module.c | 54 ----------------------------------------------------- 3 files changed, 44 insertions(+), 55 deletions(-) commit 0d7fbd5189ba1414d84326ddc8e4cff98f66a44b Author: Daiki Ueno Date: 2018-08-27 common: Factor out common initializer code into a header common/Makefile.am | 1 + common/init.h | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/client-init.c | 60 +++----------------------------- p11-kit/proxy-init.c | 59 +++----------------------------- 4 files changed, 103 insertions(+), 111 deletions(-) commit 0961cf527f1414bf5a900d958ee776cdd28f3525 Author: Daiki Ueno Date: 2018-08-24 travis: Manually install cpp-coveralls To accommodate the gcov format change in gcc 8.1: https://github.com/eddyxu/cpp-coveralls/pull/127 which is not yet available in the pip version. .travis/linux/after_success.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 2066e7c57a7ae82e35fee3deaa06d89498d749a3 Author: Daiki Ueno Date: 2018-08-23 travis: Check valgrind exit code more strictly .travis/linux/script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a844d8e8c1c87401b161094023cf309ca111095 Author: Daiki Ueno Date: 2018-08-21 README.md: Add CII Best Practices badge README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f2a17c5e1dbc75a0142c6330bab588deb0060151 Author: Daiki Ueno Date: 2018-08-21 README.md: Mention contact method for security issues README.md | 5 +++++ 1 file changed, 5 insertions(+) commit b9ef1c5f4dbdfbab504479fdc899e344ff7bb44a Author: Daiki Ueno Date: 2018-08-17 Revert "build: Explicitly link threaded test programs to libpthread" This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0. configure.ac | 10 ---------- p11-kit/Makefile.am | 8 ++++---- 2 files changed, 4 insertions(+), 14 deletions(-) commit 35b39cb2bf6d50a117a9e4c8e18100d19716ea71 Author: Daiki Ueno Date: 2018-08-17 Revert "build: Stop linking the library with libpthread when possible" This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222. configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 56f3b9370747a7a33a9d56ff9365c89700dd0e67 Author: Daiki Ueno Date: 2018-08-17 Revert "common: Prefer __register_atfork() to pthread_atfork() if possible" This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8. common/library.c | 19 +------------------ configure.ac | 2 -- 2 files changed, 1 insertion(+), 20 deletions(-) commit a877b0eca3d59f7f8cd126047c0e899df6018858 Author: Daiki Ueno Date: 2018-08-17 Revert "build: Link to libpthread, if pthread_atfork() needs to be used" This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496. NEWS | 2 +- common/library.c | 10 ++++------ configure.ac | 7 +------ 3 files changed, 6 insertions(+), 13 deletions(-) commit f69746d140cec20516c223825523fb0ade53384a Author: Alexander Bokovoy Date: 2018-08-14 Update pkcs11 header to allow SoftHSMv2 to compile Replace vendor-specific values with the IDs from PKCS11 v3.0 for those constants that were already standardized. common/pkcs11.h | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 220 insertions(+), 18 deletions(-) commit abc542bd5abf46c5170f8a0c3dcc62eff0c9cfde Author: Daiki Ueno Date: 2018-08-13 travis: Check that proxy module can be loaded and unloaded .travis/linux/before_install.sh | 2 +- .travis/linux/script.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 34416ed787d804e0d293e47f2d10dc62ddea407c Author: Daiki Ueno Date: 2018-08-13 proxy: Avoid invalid memory access when unloading proxy module When loading and unloading p11-kit-proxy.so with pkcs11-tool, it accesses already free'd memory area: $ valgrind pkcs11-tool --module p11-kit-proxy.so -L ==25173== Invalid read of size 8 ==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724) ==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65) ==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so) ==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so) ==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so) ==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so) ==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so) ==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so) ==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so) ==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd ==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530) ==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902) ==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723) p11-kit/proxy.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) commit 541d79cb651cfd3238b9aa41fce70208df8e9496 Author: Daiki Ueno Date: 2018-08-10 build: Link to libpthread, if pthread_atfork() needs to be used On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is provided as a nop and our fork detection mechanism doesn't work. Pull in the actual implementation from libpthread in that case. Signed-off-by: Daiki Ueno NEWS | 2 +- common/library.c | 10 ++++++---- configure.ac | 7 ++++++- 3 files changed, 13 insertions(+), 6 deletions(-) commit 6a8da20c0432499480731548256294844cade631 Author: Daiki Ueno Date: 2018-08-10 build: Don't install systemd unit files when "make distcheck" Makefile.am | 1 + 1 file changed, 1 insertion(+) commit ef001069d069df43de029f3b84206676badd8a4e Author: Daiki Ueno Date: 2018-08-10 Release 0.23.13 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit ce3cec7f8742254b8627b9db48973b81e91cbfc8 Author: Daiki Ueno Date: 2018-08-09 common: Prefer __register_atfork() to pthread_atfork() if possible common/library.c | 19 ++++++++++++++++++- configure.ac | 2 ++ 2 files changed, 20 insertions(+), 1 deletion(-) commit 50f8906e63c9413a7687bab6608496d83c29a222 Author: Daiki Ueno Date: 2018-07-13 build: Stop linking the library with libpthread when possible configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ebfd7da82d7b9eea81067479861aac2d2c07cc29 Author: Daiki Ueno Date: 2018-07-20 common: Use thread-local storage class when possible This eliminates the unconditional use of pthread_{get,set}specific() and pthread_key_{create,delete}(), which glibc doesn't provide the stubs. common/library.c | 22 ++++++++++++++++++++++ configure.ac | 12 ++++++++++++ 2 files changed, 34 insertions(+) commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0 Author: Daiki Ueno Date: 2018-07-20 build: Explicitly link threaded test programs to libpthread Some test programs use pthread_create(), which glibc doesn't provide the stub. Link those programs with -lpthread. configure.ac | 10 ++++++++++ p11-kit/Makefile.am | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-) commit f04c2a84ad2a017a778fa2f23719318acb9ca89f Author: Daiki Ueno Date: 2018-07-20 common, p11-kit, trust: Use pthread_once only when necessary If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor. common/library.c | 4 +++- common/library.h | 10 ++++++++++ p11-kit/client-init.c | 2 +- p11-kit/proxy-init.c | 2 +- trust/module.c | 2 +- 5 files changed, 16 insertions(+), 4 deletions(-) commit 5b18e77e9dbb6a598812427ba07ad6df63eb7a67 Author: Daiki Ueno Date: 2018-07-20 common: Use static mutex initializer when possible This eliminates the use of pthread_mutexattr_* functions, which glibc doesn't provide the stubs. common/compat.c | 4 +++- common/compat.h | 18 +++++++++++++++++- common/library.c | 14 ++++++++++---- 3 files changed, 30 insertions(+), 6 deletions(-) commit 22cb49b9105657cafb98624be37f05b169f73dd6 Author: Daiki Ueno Date: 2018-08-01 server: Avoid FD leak in error cases Spotted by coverity. p11-kit/server.c | 3 +++ 1 file changed, 3 insertions(+) commit 19aaf573580e52265f57f9b7af7a03bfdfaf71e0 Author: Daiki Ueno Date: 2018-07-19 trust: Clarify C_Login behavior that returns an error trust/module.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit ab27346ceb5d4e856671a033ac1f6521c86514a1 Author: Daiki Ueno Date: 2018-07-10 proxy: Fail early if there is no slot mappings p11-kit/proxy.c | 2 ++ p11-kit/test-proxy.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) commit fb5742cdecfde1c13d9ce610cdec050792cc57ca Author: Daiki Ueno Date: 2018-07-09 travis: Install pip for coveralls .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6d20ac16da7128089031248eed4afe08f6934d3 Author: Daiki Ueno Date: 2018-06-27 rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules This patch removes the restriction of p11_kit_remote_serve_tokens() that were not capable of serving tokens across multiple modules. p11-kit/Makefile.am | 5 +- p11-kit/remote.h | 2 +- p11-kit/rpc-server.c | 209 ++++++++++++++++++++++++++++++++++---------------- p11-kit/test-server.c | 83 +++++++++++++++----- 4 files changed, 210 insertions(+), 89 deletions(-) commit 9d2ce267e6714c6a565a9ded3aa0001918d1ae1d Author: Daiki Ueno Date: 2018-06-27 build: Use separate p11-kit-{remote,server} executable for testing Otherwise, the p11-kit-remote program called from p11-kit-server would load the system modules instead of the local fixtures. .gitignore | 2 ++ p11-kit/Makefile.am | 26 ++++++++++++++++++++++++++ p11-kit/server.c | 2 +- p11-kit/test-server.c | 4 ++-- 4 files changed, 31 insertions(+), 3 deletions(-) commit 8d8bff0a2edf4659b641dde1333eb6a7c695671c Author: Daiki Ueno Date: 2018-06-25 proxy: Allow proxy to be created from the library Previously, to aggregate multiple modules into one, there was no other way than loading the proxy module. From the p11-kit applications, however, it is not possible to load that module because of the recursive loading check (p11_proxy_module_check). This patch adds another means to aggregate modules, through a library function p11_proxy_module_create. p11-kit/proxy.c | 40 +++++++++++++++++++++++++++++++++++++++- p11-kit/proxy.h | 3 +++ 2 files changed, 42 insertions(+), 1 deletion(-) commit a65696b3e79acb602bd0c000f8524d3cc8998187 Author: Daiki Ueno Date: 2018-06-25 proxy: Turn global variables module local p11-kit/proxy.c | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) commit c53888a802eed4baa4aff54060334d2fdbfc7648 Author: Daiki Ueno Date: 2018-07-13 build: Make reallocarray detection robuster On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is defined. Reported by Patrick Welche in: https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html common/compat.h | 2 +- configure.ac | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 53a7e915b2694bc1957d98493a7aee9abfa3c6c5 Author: Daiki Ueno Date: 2018-06-20 server: Enable socket activation through systemd This enables socket activation of "p11-kit server" through systemd. The feature provided is essentially the same as commit a4fb2bb5 (reverted), but implemented with "p11-kit server" and libsystemd API instead of wrapping "p11-kit remote" in the unit file. Note that, while it exposes all tokens through the socket, it doesn't increase attack surface beyond the PKCS#11 binary interface provided by p11-kit-proxy.so, because the service is per-user. .gitignore | 2 +- configure.ac | 23 +++++++++++++++++++++++ p11-kit/Makefile.am | 22 ++++++++++++++++++++++ p11-kit/p11-kit-server.service.in | 15 +++++++++++++++ p11-kit/p11-kit-server.socket | 11 +++++++++++ p11-kit/server.c | 33 ++++++++++++++++++++++++--------- 6 files changed, 96 insertions(+), 10 deletions(-) commit d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c Author: Daiki Ueno Date: 2018-05-31 build: Ease issetugid() check when cross-compiling When cross-compiling, the configure check for issetugid() aborts, because of the pessimistic default of AC_RUN_IFELSE. This patch provides the non-pessimistic default to AC_RUN_IFELSE and wrap the macro invocation with AC_CACHE_CHECK so that the user can override the check by setting ac_cv_issetugid_openbsd=yes, as suggested in: https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime configure.ac | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 3dd5810143e51dabdc58069e55b09a950349fa08 Author: Daiki Ueno Date: 2018-05-28 Release 0.23.12 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit f696eddecaa1f1cd1687ab5dbb942128aaca1903 Author: Daiki Ueno Date: 2018-05-29 travis: Add build scripts for macOS .travis.yml | 1 + .travis/osx/after_failure.sh | 3 +++ .travis/osx/before_install.sh | 5 +++++ .travis/osx/script.sh | 6 ++++++ 4 files changed, 15 insertions(+) commit a21898570d3e713155f0d8048bc6350f069f58ff Author: Daiki Ueno Date: 2018-05-29 travis: Use matrix .travis.yml | 84 +++++++++++++++++++++-------------------- .travis/linux/after_failure.sh | 3 ++ .travis/linux/after_success.sh | 9 +++++ .travis/linux/before_install.sh | 9 +++++ .travis/linux/install.sh | 14 +++++++ .travis/linux/script.sh | 11 ++++++ 6 files changed, 90 insertions(+), 40 deletions(-) commit 35637892e517d0e8e08dbe214f638317499ea0f5 Author: Daiki Ueno Date: 2018-05-29 test: Avoid unnecessary memory allocation common/test-runtime.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit ccb0c207964189742e97acfd817fb3c6b99e5865 Author: Daiki Ueno Date: 2018-05-29 common: Fix runtime directory detection when given prefix is long common/runtime.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 71b62aa1cdbdec3724c8e451f621309994dc59a0 Author: Daiki Ueno Date: 2018-05-29 common: Don't rely on issetugid() when it is broken On macOS and FreeBSD, issetugid() has different semantics from the original OpenBSD implementation and cannot reliably detect if the process made setuid/setgid: https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e This should fix: https://bugs.freedesktop.org/show_bug.cgi?id=67451 https://bugs.freedesktop.org/show_bug.cgi?id=100287 common/compat.c | 2 +- configure.ac | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) commit 79f928492dba6a46c63e77d6b22c17c23e66403b Author: Daiki Ueno Date: 2018-05-28 build: Don't use locale funcs if locale_t is not defined in locale.h On macOS, locale_t is not defined in . Although it is defined in , we rather not use locales at all for POSIX compliance. common/compat.h | 6 ++++++ common/debug.c | 4 ++-- common/library.c | 6 +++--- common/message.c | 4 ++-- common/test-message.c | 6 +++--- configure.ac | 11 ++++++++--- 6 files changed, 24 insertions(+), 13 deletions(-) commit cd0a2de679a81829b7323bc5db46222b9eaab1d9 Author: Daiki Ueno Date: 2018-05-28 pkcs11: Exercise GNU calling convention at compile time .gitignore | 1 + p11-kit/Makefile.am | 32 ++++++++++++++++++++++++++++++++ p11-kit/iter.h | 10 ++++++++++ p11-kit/uri.h | 4 ++++ 4 files changed, 47 insertions(+) commit e4c5d3b34941bdc433072a492a0a7fdbddba0cc2 Author: Daiki Ueno Date: 2018-05-25 build: Simplify README inclusion Use symlink in the repository, instead of copying. .gitignore | 1 - Makefile.am | 7 +------ README | 1 + 3 files changed, 2 insertions(+), 7 deletions(-) commit 65dd5469ad164465583167c63114478587db59fd Author: Daiki Ueno Date: 2018-05-24 NEWS: Mention latest changes NEWS | 2 ++ 1 file changed, 2 insertions(+) commit 8b90031aeb495116a87851dca50845b8df0d1e90 Author: Daiki Ueno Date: 2018-05-25 build: Delay building mock-six.la until "make check" p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8df105871eb5f6bca3e5f4dcf165f2bbf920f106 Author: Daiki Ueno Date: 2018-05-24 build: Include README in the distribution As we removed README from the repository, it is no longer automatically picked up for the distribution by Automake. Makefile.am | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 275eed62b5d0e17c092b66af233ffc5b2f45245b Author: Daiki Ueno Date: 2018-05-24 build: Fix ChangeLog generation Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf204ada4685415287b3d03b3d79634c86739b83 Author: Daiki Ueno Date: 2018-05-24 build: Remove obsolete upload rules Makefile.am | 15 --------------- 1 file changed, 15 deletions(-) commit e2002df5707dd306cea0684706361be72891231b Author: Daiki Ueno Date: 2018-05-24 build: Include p11-kit/test-messages.sh in distribution p11-kit/Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 258da75cd606a3653bc414a6ace01c8bfdfabca6 Author: Daiki Ueno Date: 2018-05-24 uri: Make scheme comparison case-insensitive RFC 3986 suggests that implementations should accept uppercase letters as equivalent to lowercase in scheme names. p11-kit/test-uri.c | 21 +++++++++++++++++++++ p11-kit/uri.c | 12 +++++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) commit 117b35db99af4331daad4279eadfb9280e0c1325 Author: Daiki Ueno Date: 2018-05-24 common: Make case conversion locale independent The tolower()/toupper() functions take into account of the current locale settings, which p11-kit doesn't want. Add replacement functions that work as if they are called under the C locale. common/compat.c | 16 ++++++++++++++++ common/compat.h | 3 +++ common/mock.c | 4 ++-- common/url.c | 4 ++-- trust/extract-jks.c | 2 +- trust/extract-openssl.c | 2 +- 6 files changed, 25 insertions(+), 6 deletions(-) commit e42dcf5283a5537c196147c9a2468ee537b9da7b Author: Nathaniel McCallum Date: 2018-05-14 Improve const correctness for P11KitUri This does not improve const for the getters. The reason for this is that they are usually passed into the PKCS#11 APIs directly and these APIs are not const correct. Trying to force const correctnesss here would result in pain for library consumers. This is an API and ABI compatible change. p11-kit/private.h | 12 ++++++------ p11-kit/uri.c | 34 +++++++++++++++++----------------- p11-kit/uri.h | 36 ++++++++++++++++++------------------ 3 files changed, 41 insertions(+), 41 deletions(-) commit 6af8234936f805a9c6dceb29a84e73d40ed4b257 Author: Nikos Mavrogiannopoulos Date: 2018-05-18 README: replace by README.md That is, use README.md as primary source to generate README as README is required by the GNU guidelines. We don't try to convert to "real" plain text as markdown is readable, and to avoid introducing another dependency (e.g., pandoc). Signed-off-by: Nikos Mavrogiannopoulos .gitignore | 1 + Makefile.am | 1 + README | 8 -------- 3 files changed, 2 insertions(+), 8 deletions(-) commit 58c3eb9acf5885069652f1b02edb7aca01580b96 Author: Nikos Mavrogiannopoulos Date: 2018-05-18 NEWS: mark the 0.23 series as stable Resolves #80 Signed-off-by: Nikos Mavrogiannopoulos NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 14610d49c4e6c68022be63df1481f74ccb0aa75a Author: Nikos Mavrogiannopoulos Date: 2018-05-18 README.md: added reference to Daiki's key Resolves #153 Signed-off-by: Nikos Mavrogiannopoulos README.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) commit f272dd4a1c68125c8f696b1e0eebb15c45c6923a Author: Daiki Ueno Date: 2018-05-07 Release 0.23.11 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 5f68c96da949b08e2afd109d276d80e42cab68b7 Author: Daiki Ueno Date: 2018-05-07 common: Pacify clang-analyzer common/buffer.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 98fbfc3b6126c809eb44c700871facca6ac7727d Author: Daiki Ueno Date: 2018-05-07 trust: Avoid array overflow trust/builder.c | 4 ++-- trust/extract-openssl.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 34ab20cbf79ca50972bf3088c8b6e9978ff0dc2b Author: Daiki Ueno Date: 2018-05-07 trust: Don't null terminate PKCS #11 string fields trust/module.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ba006ed40cad2e0d1fe3c3355c18bdfb612c2cd6 Author: Daiki Ueno Date: 2018-05-07 proxy: Don't null terminate PKCS #11 string fields p11-kit/proxy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1b85c62af8146efa0e648a297179db2bbfe59b43 Author: Daiki Ueno Date: 2018-05-03 test: Avoid exceeding maximum pathname length of Unix socket p11-kit/test-server.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit a625dfa4f2456b1a866489e5be15fb46578237a5 Author: Daiki Ueno Date: 2018-04-27 library: Use dedicated locale object for printing error common/debug.c | 14 +++++++------- common/library.c | 13 +++++++++++++ common/message.c | 14 +++++++------- common/test-message.c | 15 +++++++++++++++ configure.ac | 2 +- 5 files changed, 43 insertions(+), 15 deletions(-) commit 6202903b261dfae740af3f8e985244bab48470ba Author: Daiki Ueno Date: 2018-04-27 Revert "build: Check strerror_l() and uselocale() seperately" This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1. We should rather use newlocale() when per-thread locale is not set. Otherwise uselocale() could return LC_GLOBAL_LOCALE on some platforms (e.g. musl-libc) and calling strerror_l() with it leads to an undefined behavior. common/debug.c | 9 ++------- common/message.c | 9 ++------- configure.ac | 2 +- 3 files changed, 5 insertions(+), 15 deletions(-) commit 173ad93cc54057886b2055f3d73ea64a047127d1 Author: Daiki Ueno Date: 2018-04-19 build: Check strerror_l() and uselocale() seperately NetBSD deliberately doesn't support per-thread locale and our thread-safe replacement of strerror() using strerror_l() cannot be used. Fallback to strerror_r() in that case. common/debug.c | 9 +++++++-- common/message.c | 9 +++++++-- configure.ac | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) commit a95c7a3e936896349bf925ca7cd47f0a03166249 Author: Daiki Ueno Date: 2018-04-10 travis: Optimize dnf install invocation .travis.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) commit e4b86e449a83428592e45db28834be950e837d74 Author: Daiki Ueno Date: 2018-04-10 test: Add installcheck script to test trust module Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module. trust/Makefile.am | 4 +++- trust/test-trust.sh | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) commit 5d97643884879d4967d21cb29c9917271a4b65db Author: Daiki Ueno Date: 2018-04-10 trust: Prevent trust module being loaded by proxy module Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance. trust/p11-kit-trust.module | 3 +++ 1 file changed, 3 insertions(+) commit af71f7961370714112f258c0e404d96bdef9cee9 Author: Daiki Ueno Date: 2018-04-10 travis: Run "make installcheck" .travis.yml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit cbef7f5d8a14d46ecdf0c25c3d38d26598a66f8c Author: Daiki Ueno Date: 2018-04-10 trust: Fix memleak in p11_enumerate_opt_filter p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer. trust/enumerate.c | 1 + 1 file changed, 1 insertion(+) commit e4a5466e5e3cfe22344e79c6e1a0ad9a7945a602 Author: Daiki Ueno Date: 2018-04-10 test: Factor out common harness from test-extract.in .gitignore | 2 +- configure.ac | 2 +- trust/Makefile.am | 7 +- trust/{test-extract.in => test-extract.sh} | 92 +------------------------ trust/test-init.sh.in | 106 +++++++++++++++++++++++++++++ 5 files changed, 114 insertions(+), 95 deletions(-) commit dcb6ee3fa89e0c9586e2b09e1f60aa076f263123 Author: Daiki Ueno Date: 2018-03-31 test: Add test for JKS extractor Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor. trust/Makefile.am | 5 ++ trust/extract-jks.c | 7 +- trust/fixtures/multiple.jks | Bin 0 -> 2556 bytes trust/test-jks.c | 213 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 224 insertions(+), 1 deletion(-) commit af6ab322b1ad9a4f4a0117a79bd566550ec0a0a8 Author: Daiki Ueno Date: 2018-04-05 test: Add test for p11_attrs_purge() common/test-attrs.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit 843fca9b67b7407a47bcae698f434c975a4a4e91 Author: Daiki Ueno Date: 2018-04-05 mock-module-ep: Properly override C_GetFunctionList p11-kit/mock-module-ep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a6d0e490209638605b17b0bdc66ad03d36909dae Author: Daiki Ueno Date: 2018-04-05 modules: Add option to control module visibility from proxy This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value. doc/manual/pkcs11.conf.xml | 2 ++ p11-kit/modules.c | 35 ++++++++++++++----- p11-kit/p11-kit.h | 1 + p11-kit/private.h | 5 +++ p11-kit/proxy.c | 2 +- p11-kit/test-proxy.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 118 insertions(+), 10 deletions(-) commit de963b96929b9da61916a0c43b4ac4c34a39e238 Author: Laszlo Ersek Date: 2018-03-29 trust: add unit test for the "edk2-cacerts" extractor Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek trust/Makefile.am | 5 ++ trust/fixtures/multiple.edk2 | Bin 0 -> 2549 bytes trust/test-edk2.c | 209 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 214 insertions(+) commit ee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8 Author: Laszlo Ersek Date: 2018-03-27 trust: implement the "edk2-cacerts" extractor Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek trust/extract-edk2.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 1 deletion(-) commit 59054e4f9fe3e95f8db881973901ab59a0b1ef8a Author: Laszlo Ersek Date: 2018-03-27 trust: introduce the "edk2-cacerts" extractor skeleton Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek trust/Makefile.am | 1 + trust/extract-edk2.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ trust/extract.c | 4 +++- trust/extract.h | 3 +++ 4 files changed, 51 insertions(+), 1 deletion(-) commit ba6ebb05fc0c8010d8510984ce3c5f908edf13b6 Author: Daiki Ueno Date: 2018-03-29 modules: Fix memleak in re-initialization case p11-kit/modules.c | 1 + 1 file changed, 1 insertion(+) commit 1ca877e3d3b1315ee9358f7e3c9096e10e14486e Author: Justin King-Lacroix Date: 2018-03-16 Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK. p11-kit/modules.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 46901ab914e3f37e6e7287d47d9ab1281e3d64dc Author: Daiki Ueno Date: 2018-03-29 travis: Disallow failure on mingw .travis.yml | 4 ---- 1 file changed, 4 deletions(-) commit 41301742772b411eb8b3e819c54b1eb5b9ca82dd Author: Daiki Ueno Date: 2018-03-29 test: Add missing seven.module in Windows fixtures p11-kit/fixtures/system-modules/win32/seven.module | 4 ++++ 1 file changed, 4 insertions(+) commit a3478f097bff647892c18cbab1e6f5b8bd5a6614 Author: Daiki Ueno Date: 2018-03-29 travis: Use LOG_COMPILER to run tests under wine .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a711a578ba7a1775bdc20ea00fbbdb4f10f91d58 Author: Daiki Ueno Date: 2018-03-29 build: Enable make check with wine build/wine-wrapper.sh | 13 +++++++++++++ p11-kit/test-messages.sh | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) commit bfdd4372ff381ce234d357bb43636b86e6cc1e8f Author: Daiki Ueno Date: 2018-03-29 common: Fix compilation of runtime.c under mingw common/runtime.c | 29 ++++++++++++++++++++--------- common/test-runtime.c | 14 +++++++++++++- 2 files changed, 33 insertions(+), 10 deletions(-) commit 7827e65abacc87018be035a3008a4bb89280a85a Author: Daiki Ueno Date: 2018-03-27 test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED p11-kit/Makefile.am | 7 ++- p11-kit/fixtures/system-modules/seven.module | 4 ++ p11-kit/mock-module-ep5.c | 80 ++++++++++++++++++++++++++++ p11-kit/test-modules.c | 25 +++++++++ 4 files changed, 115 insertions(+), 1 deletion(-) commit e454338dddef9089a3b9998cc8ba33e247ee9f26 Author: Daiki Ueno Date: 2018-03-07 test: Add test for error messages .travis.yml | 2 +- p11-kit/Makefile.am | 2 + p11-kit/test-messages.sh | 110 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 1 deletion(-) commit 007023002811469ae3982a0cfcd9a73aed762ad1 Author: Daiki Ueno Date: 2018-03-28 test: Use _exit() in child process to immediately close open FDs p11-kit/test-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 294c0efda49a623f47eb3c459bb5ed812ebc757c Author: Daiki Ueno Date: 2018-03-28 test: Rewrite test-server.sh in TAP style p11-kit/test-server.sh | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) commit 1eb22867b1123601387b1fa06643077225bd7590 Author: Daiki Ueno Date: 2018-03-27 test: Take advantage of TAP test driver .gitignore | 1 + Makefile.am | 4 ++++ configure.ac | 1 + 3 files changed, 6 insertions(+) commit 9abfcd53e922f5c3841061e363e5ac88d92c2433 Author: Daiki Ueno Date: 2018-03-27 common: Add assert_skip() and assert_todo() common/test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- common/test.h | 20 ++++++++++ 2 files changed, 126 insertions(+), 15 deletions(-) commit e8d569045c7d224e94836edd77856823aadf8267 Author: Andreas Metzler Date: 2018-02-27 test-server.sh: Fix bashism p11-kit/test-server.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f6b7a992e442218a5afdbf8ae1697c53f3f03991 Author: Daiki Ueno Date: 2018-02-27 Release 0.23.10 NEWS | 12 ++++++++++++ configure.ac | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) commit 39eb7a3dd16233b16fb1e50fe30d55f5f86fbaa5 Author: Daiki Ueno Date: 2018-02-27 maint: Point to the new URLs HACKING | 6 +++--- configure.ac | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit d2318ca31774d6a02eff5d0b3af2f3c89cb58c9d Author: Daiki Ueno Date: 2018-02-27 test-server: Add test for detecting address p11-kit/test-server.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) commit 264ecf416d6d07c558d80031c077a46a909a6f90 Author: Daiki Ueno Date: 2018-02-27 test-server: Fix compilation error on FreeBSD p11-kit/test-server.c | 1 + 1 file changed, 1 insertion(+) commit 44c67d90b0448888c784e661b5967204f5b0d47d Author: Daiki Ueno Date: 2018-02-27 common, client: Move runtime directory detection to libp11-common common/Makefile.am | 5 ++ common/runtime.c | 111 ++++++++++++++++++++++++++++++++++++++++++ common/runtime.h | 42 ++++++++++++++++ common/test-runtime.c | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/client.c | 67 +------------------------ 5 files changed, 292 insertions(+), 65 deletions(-) commit d8acebf175d727a3e146956fb362c30e7fdec9df Author: Daiki Ueno Date: 2018-02-27 common: Make p11_test_directory_delete() work recursively common/test.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit bcf2c4e0a24303f976dbedc0ef0a564b9808a989 Author: Daiki Ueno Date: 2018-02-27 test: Improve temporary directory handling p11-kit/test-transport.c | 6 ++++-- trust/test-module.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) commit fb8bf5a5f82e5b4f0afe72e247255f37fc0dedc8 Author: Daiki Ueno Date: 2018-02-05 p11_kit_remote_serve_tokens: Read "write-protected" setting from URI p11-kit/rpc-server.c | 12 ++++++++++++ p11-kit/test-server.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) commit a0984024470218295d74bed364c37862d4c61d60 Author: Daiki Ueno Date: 2018-02-05 filter: Respect CKF_WRITE_PROTECTED setting when allowing a token p11-kit/filter.c | 48 ++++++++++++++++-------- p11-kit/test-filter.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 16 deletions(-) commit d3a1498ef9b8a626bbd864a6c90e45a6278a0e75 Author: Daiki Ueno Date: 2018-02-26 test: Add test for client-server interaction The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module. .travis.yml | 10 ++- build/lsan.supp | 3 + p11-kit/Makefile.am | 4 + p11-kit/test-server.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 213 insertions(+), 3 deletions(-) commit f73868b710d4463cc0cff6f8ea2f3a171f86c8e2 Author: Daiki Ueno Date: 2018-02-26 server: Print envvars even when running in foreground p11-kit/server.c | 61 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 22 deletions(-) commit adc760e5ce90d49f7c6183c689f95868341f6fb7 Author: Daiki Ueno Date: 2018-02-26 test-transport: Make sure to initialize addrlen given to accept p11-kit/test-transport.c | 1 + 1 file changed, 1 insertion(+) commit 47297f9785a21af1bb79450bad549aa8bd33a24c Author: Daiki Ueno Date: 2018-02-26 client: Fix memleaks in the module p11-kit/client.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 7a018706b54e09f1cc7ce8c6d1ceaecf28b7308b Author: Daiki Ueno Date: 2018-02-26 test: Fix unconditional jump in test-proxy.c p11-kit/test-proxy.c | 1 + 1 file changed, 1 insertion(+) commit 975f2ccf5dcde210e1da5557eda627c42763e322 Author: Daiki Ueno Date: 2018-02-16 doc: Replace links to freedesktop.org to github pages doc/manual/p11-kit-devel.xml | 8 ++++---- doc/manual/p11-kit.xml | 4 ++-- doc/manual/pkcs11.conf.xml | 2 +- doc/manual/trust.xml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) commit 9616790b9ad4147acd5b11de11d6d79bc9ad807f Author: Daiki Ueno Date: 2018-01-19 trust: Forcibly mark "Default Trust" read-only The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630 trust/Makefile.am | 6 ++++- trust/frob-token.c | 2 +- trust/module.c | 12 ++++++---- trust/test-module.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++-- trust/test-token.c | 10 ++++---- trust/token.c | 9 ++++++- trust/token.h | 8 ++++++- 7 files changed, 101 insertions(+), 15 deletions(-) commit 49d2ededb64197702a8708cb4a453497bc7eaecd Author: Daiki Ueno Date: 2018-01-31 po: Update translations from transifex po/LINGUAS | 8 +- po/ast.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ca.po | 171 +++++++++++++++--------------- po/cs.po | 85 +++++++-------- po/da.po | 6 +- po/de.po | 6 +- po/el.po | 6 +- po/en_GB.po | 6 +- po/eo.po | 6 +- po/es.po | 12 +-- po/fi.po | 6 +- po/fr.po | 6 +- po/fur.po | 343 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/gl.po | 6 +- po/hr.po | 79 +++++++------- po/hu.po | 6 +- po/id.po | 6 +- po/it.po | 6 +- po/ja.po | 10 +- po/ka.po | 6 +- po/kk.po | 6 +- po/ko.po | 6 +- po/lv.po | 6 +- po/nl.po | 6 +- po/oc.po | 171 +++++++++++++++--------------- po/pa.po | 8 +- po/pl.po | 28 ++--- po/pt.po | 171 +++++++++++++++--------------- po/pt_BR.po | 6 +- po/ru.po | 6 +- po/sk.po | 6 +- po/sl.po | 6 +- po/sr.po | 6 +- po/sv.po | 6 +- po/tr.po | 6 +- po/uk.po | 6 +- po/zh_CN.po | 8 +- po/zh_TW.po | 6 +- 38 files changed, 1139 insertions(+), 447 deletions(-) commit f7387ddea8a5fe609f052a9a40691ebb3ae86372 Author: Daiki Ueno Date: 2018-01-31 build: Add more files to .gitignore .gitignore | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) commit bb2b064c9921e7bdcd7335ed3001a5e19512d3e1 Author: Daiki Ueno Date: 2018-01-31 travis: Exclude generated files from coverage .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a88f2ed573a5bb04d2397c626f6bcf3b1a814da Author: Daiki Ueno Date: 2018-01-31 build: Split out generated code from p11-kit/virtual.c .gitignore | 1 + Makefile.am | 2 + configure.ac | 13 ++++ p11-kit/Makefile.am | 34 +++++++++ p11-kit/virtual-fixed.h | 3 - p11-kit/virtual.c | 197 +----------------------------------------------- 6 files changed, 51 insertions(+), 199 deletions(-) commit 57697eda68a3343c2e54e5f8f3f4ce65a99383f5 Author: Daiki Ueno Date: 2018-01-31 trust: Filter out duplicate extensions The trust policy module keeps all the objects in the database, while PKIX doesn't allow multiple extensions identified by the same OID can be attached to a certificate. Add a check to C_FindObjects to exclude any duplicates and only return the first matching object. It would be better if the module rejects such duplicates when loading, but it would make startup slower. https://bugzilla.redhat.com/show_bug.cgi?id=1141241 trust/input/extensions.p11-kit | 23 +++++++++++++++++++++ trust/input/extensions.pem | 13 ++++++++++++ trust/module.c | 42 ++++++++++++++++++++++++++++++++++++--- trust/test-module.c | 45 +++++++++++++++++++++++++++++++++++++++++- trust/test-token.c | 2 +- 5 files changed, 120 insertions(+), 5 deletions(-) commit 14853b1d8466d4e3b5aa23ff14f2abacd4e7e8ef Author: Daiki Ueno Date: 2018-01-25 build: Delay compilation of test-related stuff Makefile.am | 9 ++++++--- common/Makefile.am | 9 ++++++--- p11-kit/Makefile.am | 15 +++++++++------ trust/Makefile.am | 12 ++++++++---- 4 files changed, 29 insertions(+), 16 deletions(-) commit 05b67a36e2118b4485da7bd26ed3ba85efdeddb4 Author: Daiki Ueno Date: 2018-01-25 proxy: Remove dead code Since the libffi became optional (commit 9f632bed), the fallback code path in proxy.c has never taken. p11-kit/proxy.c | 708 -------------------------------------------------------- 1 file changed, 708 deletions(-) commit 3eed501fab5e2a2b19115f4840709c34e9b8ac55 Author: Daiki Ueno Date: 2018-01-16 proxy: Reuse the existing slot ID mapping after fork While the proxy module reassigns slot IDs in C_Initialize(), some applications assume that valid slot IDs should never change across multiple calls to C_Initialize(). This patch mitigates this by preserving the slot IDs, if they are known to the proxy module. p11-kit/Makefile.am | 7 +++ p11-kit/fixtures/package-modules/six.module | 7 +++ p11-kit/mock-module-ep4.c | 69 +++++++++++++++++++++++++++++ p11-kit/proxy.c | 25 +++++++++-- p11-kit/test-proxy.c | 18 ++++++++ 5 files changed, 122 insertions(+), 4 deletions(-) commit 031d3c74c0ff5da8e9650da0615bbb8107ab1fde Author: Daiki Ueno Date: 2018-01-17 server: Avoid null-dereference of timespec value on timeout Spotted by clang-analyzer. p11-kit/server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 50b752e081e1ca8b674d05e8ddeaf04451065629 Author: Nikos Mavrogiannopoulos Date: 2017-12-22 Added p11-kit remoting page in manual doc/manual/Makefile.am | 1 + doc/manual/p11-kit-docs.xml | 1 + doc/manual/p11-kit-remoting.xml | 253 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 255 insertions(+) commit 2c84475ca612c33351d9f311ef24b3b89a7c856c Author: Daiki Ueno Date: 2017-11-29 build: Add README.md to display build status README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 3b137039f5c222dbc6688bd6c9aec01a6dbeeece Author: Daiki Ueno Date: 2017-11-28 travis: Exclude test programs from coveralls .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1163e7e1cd3d8b5b42a1d2b463536a36fa0e77af Author: Daiki Ueno Date: 2017-11-27 travis: Supply necessary envvars to container for coveralls .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fda7c32b5796be7cee6a457940110effcd80d7f9 Author: Daiki Ueno Date: 2017-11-15 travis: Use in-tree build for coverage The coverage tools (gcov, cpp-coveralls, etc) cannot detect source files if the project is built out-of-tree. Use the same directory for $srcdir and $builddir for the build with --enable-coverage. .travis.yml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) commit b889dec9e3493efb72c9903bb4d6007ec00e1c89 Author: Daiki Ueno Date: 2017-10-02 test: Improve code coverage of filter.c p11-kit/test-filter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) commit 64b96efca97479a67e2ac1fcbf1492fceab64ba8 Author: Daiki Ueno Date: 2017-10-02 travis: Use coveralls for measuring coverage .travis.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d40d6ca27850a95c4c9df8b66f8a47d80bb1d18a Author: Nikos Mavrogiannopoulos Date: 2017-10-30 p11_kit_override_system_files: introduced new function That allows overriding the default module and configuration locations, for use in test suites, etc. Signed-off-by: Nikos Mavrogiannopoulos p11-kit/modules.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit.h | 5 +++++ p11-kit/test-transport.c | 13 ++++++++----- 3 files changed, 59 insertions(+), 5 deletions(-) commit 7f919fc1fd8684000d456ead2e65b3fa19ac0adc Author: Nikos Mavrogiannopoulos Date: 2017-10-30 p11_kit_modules_load*: enhanced documentation on flags Signed-off-by: Nikos Mavrogiannopoulos p11-kit/modules.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 29b8197e879dc8be8e356f57e6a3a501cdf657f9 Author: Daiki Ueno Date: 2017-10-06 build: Take advantage of parallel-tests .travis.yml | 5 ++++- Makefile.am | 1 + configure.ac | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) commit 96a3d3e6371785f846bc72c2a701a1eb67c89b77 Author: Daiki Ueno Date: 2017-10-06 server: Better shell integration This adds -k, -c, and -s options to the "p11-kit server" command, which allows you to terminate the server process, select which C-shell or Bourne shell command line is printed on startup, respectively. Makefile.am | 6 ++- p11-kit/Makefile.am | 5 ++ p11-kit/server.c | 122 +++++++++++++++++++++++++++++++++++++++++-------- p11-kit/test-server.sh | 39 ++++++++++++++++ 4 files changed, 152 insertions(+), 20 deletions(-) commit 031912fa844c4f3da327c8b2578d9d9ce2a6473e Author: Daiki Ueno Date: 2017-10-05 server: Make it possible to eval envvar settings Previously, calling "eval $(p11-kit server)" from shell hung because the program didn't properly close stdout before forking. p11-kit/server.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit bda61680218a4ff5a9f05b5592bb282cbedfd936 Author: Daiki Ueno Date: 2017-10-02 Release 0.23.9 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 00b829d50389c6a8dd25145355a8e6599a7c378a Author: Daiki Ueno Date: 2017-08-18 trust: Respect anyExtendedKeyUsage in CA certificates trust/enumerate.c | 5 +++++ trust/oid.h | 9 +++++++++ trust/test-enumerate.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+) commit f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e Author: Daiki Ueno Date: 2017-09-27 rpc: Fix crash when retrieving attribute length It is possible that NULL is given to the serializers, when C_GetAttributeValue() just wants to know the size of an attribute. Previously, this resulted in giving NULL to memcpy(). p11-kit/rpc-message.c | 10 ++++++---- p11-kit/test-rpc.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) commit dcd932786c970fc50922ec4f19786b177481570a Author: Daiki Ueno Date: 2017-09-26 server: Make it work only when token URI is provided Previously, when "p11-kit server" started only with a token URI, it couldn't properly find and initialize the module which provides the token. This was because of the wrong order of cleanup of the modules. p11-kit/rpc-server.c | 88 ++++++++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 47 deletions(-) commit 26312a8774b5d113f6e7f904f7b6654449ab7b2e Author: Daiki Ueno Date: 2017-08-18 common: Re-add placeholder definition of p11_debug This was mistakenly removed in commit efe6dc56c. Pointed by Lars Wendler in issue #97. common/debug.h | 4 ++++ 1 file changed, 4 insertions(+) commit 61acf20f26b07e2f3eb253cbfee4c473544df9a7 Author: Daiki Ueno Date: 2017-08-16 build: Include for SIZE_MAX Fixes issue #95. common/compat.c | 1 + 1 file changed, 1 insertion(+) commit 32d6f9d2468ea2851d16ad0e1a2046dfd8cd7fa5 Author: Daiki Ueno Date: 2017-08-14 Release 0.23.8 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 6a137c035c2db373b9171cd7e0569edbe9700f9c Author: Daiki Ueno Date: 2017-08-15 build: Include for SIZE_MAX common/array.c | 1 + 1 file changed, 1 insertion(+) commit 5f0a948ebcf659a1f2c3d5fb30991ebdf73b5976 Author: Daiki Ueno Date: 2017-08-11 client: Fix order of cleanup In C_GetFunctionList, state->virt is wrapped with a destroyer function free(). Thus p11_rpc_transport_free must be called before p11_virtual_unwrap. p11-kit/client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04da143dce2d430dcc14e8a45c31177a23d7e301 Author: Daiki Ueno Date: 2017-08-08 test: Add checks for duplicate vendor attributes p11-kit/test-uri.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 992b6000459b9eb5159cb6826b40d7cdb6c4c412 Author: Daiki Ueno Date: 2017-08-08 uri: Make vendor query attribute handling reliable Previously we used p11_dict to keep track of vendor query attributes. This had a couple of limitations: duplicate attributes are not allowed while they are actually allowed in RFC 7512, and the order of attributes is unpredictable. This patch switches to using an array instead of p11_dict and ensures that the attributes are sorted in alphabetical order. Fixes #88. p11-kit/uri.c | 104 ++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 80 insertions(+), 24 deletions(-) commit c29f51ad8ef97a1fae356dd7660e41d81cde0d09 Author: Daiki Ueno Date: 2017-08-08 common: New p11_array_insert function common/array.c | 16 ++++++++++++++++ common/array.h | 4 ++++ 2 files changed, 20 insertions(+) commit a860db364521ca6e9046bbf60fbbb1ca2bc08711 Author: Daiki Ueno Date: 2017-08-08 common: Use reallocarray instead of realloc as appropriate reallocarray is a new POSIX function added in glibc 2.26, with built-in overflow checks. Take advantage of that function for internal array allocation. common/array.c | 9 ++++++--- common/attrs.c | 5 ++++- common/compat.c | 17 +++++++++++++++++ common/compat.h | 8 ++++++++ configure.ac | 1 + 5 files changed, 36 insertions(+), 4 deletions(-) commit 53402f9e5296718d22ddf1a77658067c2751f068 Author: Nikos Mavrogiannopoulos Date: 2017-08-01 pkcs11.h: updated information The scute project no longer exists, and the PKCS#11 standard is from OASIS group. common/pkcs11.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2e5f24b195f11b88825ccdd97af4b8456a2c2a88 Author: Nikos Mavrogiannopoulos Date: 2017-08-01 pkcs11.h: added OTP-related mechanisms common/pkcs11.h | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) commit febad3a45082167a0b882e9b36dc4915d2e0e02c Author: Nikos Mavrogiannopoulos Date: 2017-08-01 pkcs11.h: added definitions of GOST CKA attributes common/pkcs11.h | 3 +++ 1 file changed, 3 insertions(+) commit 2915740f447d0c17f8bcf5fdf4eccd82f2d9fd50 Author: Nikos Mavrogiannopoulos Date: 2017-07-31 pkcs11.h: added definitions of GOST mechanisms This follows the definitions in PKCS#11 v2.40: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html common/pkcs11.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit db1c3cd7eade9ec30163c394b37a4048d2e359af Author: Daiki Ueno Date: 2017-07-03 test: Fix failure on 32-bit big endian platform The value given to p11_rpc_buffer_add_ulong_value() must be a pointer of CK_ULONG. Similarly, the value returned from p11_rpc_buffer_get_ulong_value() must be converted to CK_ULONG before comparison. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-July/000665.html p11-kit/test-rpc.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) commit bc1f7570968043ba732922f633c24474565d66c0 Author: Daiki Ueno Date: 2017-07-14 trust: Fix build error with -Werror=return-type trust/save.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc2f4c69bd319313dab9d85a6f8d622501593b0a Author: Colin Walters Date: 2017-07-07 conf: Introduce P11_KIT_NO_USER_CONFIG Currently `ca-certificates.spec` in Fedora ends up doing in `%post`: ``` /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt ``` etc. And due to this bit of code in p11-kit, we end up looking for the home directory for configuration. In this case, `/root`. It's categorically wrong to do this; the root user is distinct from "the system". This issue is equivalent to one I fixed in Pango: https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c Fast forward to today, and the reason I'm making this change is I'm working on `rpm-ostree ex container`, which builds containers as *non-root* (like gnome-continuous does, but now with RPMs), keeping the invoking uid. And this bug causes the `ca-certificates` `%post` to fail because it's trying to look for my uid 1000 which doesn't exist in the target rootfs' password database. Again, there's no reason to be looking for a home directory for system triggers, regadless of UID, so once this patch lands, I'll update `ca-certificates` to use it, and traditional RPM `%post` will stop looking in `/root` too. p11-kit/conf.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 9dd50249b597109c5956a531e44d46dc344daea5 Author: Fabian Groffen Date: 2017-06-07 common: always use p11_dl_close wrapper Solaris doesn't like it when dlclose is referenced using a define, resulting in a linker error looking for a symbol version. Simply calling the function in a normal way (instead of storing its address) solves this linking error. The error message seen by GNU ld is: dlclose: invalid version 7 (max 0) common/compat.c | 17 +++++++++++------ common/compat.h | 6 ++---- 2 files changed, 13 insertions(+), 10 deletions(-) commit 20b9df53cf07c0693257f5f01fa1ff945b4cae4a Author: Fabian Groffen Date: 2017-06-07 p11_get_upeer_id: implement case using ucred.h Solaris can retrieve this information via getpeerucred(). common/unix-peer.c | 19 +++++++++++++++++++ configure.ac | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) commit ca9648c7c1cd38e306d7b3194900e4120eb179a0 Author: Fabian Groffen Date: 2017-06-07 configure: pull in -lnsl -lsocket for socket functions Solaris has socket() etc. in these two libs. configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) commit f992eb64e8cd2925a37ec09d0f5dbd00b5fbb234 Author: Nikos Mavrogiannopoulos Date: 2017-06-23 Be silent by default and do not print messages on stderr As p11-kit is a library there are cases where it is not desirable to log on stderr by default. See for example this report https://bugzilla.redhat.com/show_bug.cgi?id=1464490 where wget prints an error due to an unconfigured pkcs11 module. Signed-off-by: Nikos Mavrogiannopoulos common/message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit af2050a585ee3f242230f69de22b643f6ad2200c Author: Daiki Ueno Date: 2017-06-12 doc: Use correct PKCS#11 URI syntax doc/manual/trust.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b309aea5174d6d3af569c2c54632a35825734579 Author: Daiki Ueno Date: 2017-06-09 build: Allow use of _GNU_SOURCE This reverts commit 6b457ffc, which forbids the use of GNU extension for the incompatibility of strerror_r. However, now that strerror_l is used instead on glibc systems, it has no point to do that. common/compat.h | 4 ---- common/unix-peer.c | 5 ----- configure.ac | 3 +++ 3 files changed, 3 insertions(+), 9 deletions(-) commit efe6dc56c3951c301dda1b548d4cbcd02e074462 Author: Daiki Ueno Date: 2017-06-12 debug: Add p11_debug_err to prevent use of strerror common/debug.c | 35 +++++++++++++++++++++++++++++++++++ common/debug.h | 15 +++++++++++++-- p11-kit/rpc-transport.c | 2 +- 3 files changed, 49 insertions(+), 3 deletions(-) commit bf3c1a9d8e4ace4c3a92b4af56e4b62657907522 Author: Daiki Ueno Date: 2017-06-09 compat: Prefer strerror_l to strerror_r strerror_r is being obsolete in the next POSIX specification: http://austingroupbugs.net/view.php?id=655 common/message.c | 15 ++++++++++++++- configure.ac | 4 ++-- 2 files changed, 16 insertions(+), 3 deletions(-) commit bf168f00e64a0291f5a718eb451915768659c160 Author: Daiki Ueno Date: 2017-05-29 Release 0.23.7 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit fe1faa9d814a180d432e4ee97fa5b097cfb2d294 Author: Daiki Ueno Date: 2017-05-29 trust: Suppress dead-assignment warnings from clang-analyzer trust/digest.c | 1 + trust/extract-openssl.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) commit b7ba8c625637f3a161cafd81c4a8a30b1f3971b3 Author: Daiki Ueno Date: 2017-05-29 rpc: Avoid use-after-free when creating socket base directory Spotted by clang-analyzer. p11-kit/server.c | 1 - 1 file changed, 1 deletion(-) commit a2a2108fce9a5cebaee17f29bda8d9edf6a0fbc8 Author: Daiki Ueno Date: 2017-05-29 rpc: Avoid calling memcmp() on NULL buffer Spotted by clang-analyzer. p11-kit/rpc-message.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3e65d8a23b1f0e1a4d132cf04fdbc9d588cbe02f Author: Daiki Ueno Date: 2017-05-29 proxy: Don't call realloc() with size 0 Spotted by clang-analyzer. p11-kit/proxy.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 350bd148d3181c564eeb884dadc37aaed7d3fb9b Author: Daiki Ueno Date: 2017-05-29 build: Delay building test programs until "make check" This is to disable clang-analyzer against test programs, which can contain several false-positives. Makefile.am | 7 +++---- common/Makefile.am | 2 +- p11-kit/Makefile.am | 4 ++-- trust/Makefile.am | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) commit 6738ade89f10516b589441282e95d5f13f6c1bdd Author: Daiki Ueno Date: 2017-05-29 travis: Enable clang-analyzer .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit cd64b9a7cb4b9f0030d17917370f50753671b93a Author: Daiki Ueno Date: 2017-05-29 server: Avoid use-after-free Reported by Mantas Mikulėnas in: https://bugs.freedesktop.org/show_bug.cgi?id=101212 p11-kit/server.c | 1 - 1 file changed, 1 deletion(-) commit 9cbf590b468f9596284c5bc34be8add09f3f5bee Author: Daiki Ueno Date: 2017-05-26 Release 0.23.6 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 80e3ce9eff5094c2c40905e2cb8b86c4aaf2329b Author: Daiki Ueno Date: 2017-05-26 test: Check the size of unsigned long configure.ac | 2 ++ p11-kit/test-rpc.c | 18 +++++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) commit 4de8f7a9c4f8010069402ce943e5d777cd1f3c28 Author: Daiki Ueno Date: 2017-05-26 rpc: Load advapi32.dll on the fly p11-kit/Makefile.am | 7 ----- p11-kit/server.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 7 deletions(-) commit 95b67e71e19a8415808b5ddf14f253561f11466f Author: Daiki Ueno Date: 2017-05-26 remote: Remove unnecessary declaration p11-kit/remote.h | 4 ---- 1 file changed, 4 deletions(-) commit 036c8fc6492b13eacca7433ca44b91b83abeb961 Author: Daiki Ueno Date: 2017-05-26 doc: Clarify p11-kit server documentation doc/manual/p11-kit.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit dd673f20e1ab4916f7565fe055b09433aa88a9b0 Author: Daiki Ueno Date: 2017-03-09 server: Port to Windows Instead of a Unix domain socket on Unix, use a named pipe on Windows. p11-kit/Makefile.am | 9 +- p11-kit/server.c | 541 ++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 511 insertions(+), 39 deletions(-) commit da7f0d65355089f4919bcdffca98bd833258db04 Author: Daiki Ueno Date: 2017-03-10 rpc: New p11_kit_remote_serve_tokens function doc/manual/p11-kit-sections.txt | 1 + p11-kit/remote.c | 118 +++++++++++++-------------------- p11-kit/remote.h | 14 ++++ p11-kit/rpc-server.c | 142 ++++++++++++++++++++++++++++++++++++++++ p11-kit/server.c | 74 +++++++++++++-------- 5 files changed, 248 insertions(+), 101 deletions(-) commit 7310d92af3b0291ab627fcf3e07800cd5b2983c8 Author: Daiki Ueno Date: 2017-03-10 remote: Name command line options consistently p11-kit/remote.c | 4 +- p11-kit/server.c | 183 ++++++++++++++++++++++++++++++++++--------------------- 2 files changed, 116 insertions(+), 71 deletions(-) commit dfe606d40c33a6213b89b310df0964392fd6d64d Author: Daiki Ueno Date: 2017-05-23 rpc: Convert mechanism parameters for portability This is similar to commit ba49b85e, but for mechanism parameters. p11-kit/rpc-client.c | 153 +--------------------- p11-kit/rpc-message.c | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc-message.h | 31 +++++ p11-kit/rpc-server.c | 33 +++-- p11-kit/test-rpc.c | 66 ++++++++++ 5 files changed, 467 insertions(+), 158 deletions(-) commit 3b484b87e13e52873ea48f920132ecd96cb79cbc Author: Daiki Ueno Date: 2017-05-23 pkcs11: Define RSA-PSS mechanism parameter common/pkcs11.h | 11 +++++++++++ 1 file changed, 11 insertions(+) commit c11a951a24b91f80e109951b0fe2ce418ea70f17 Author: Daiki Ueno Date: 2017-05-23 pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS useful common/pkcs11.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 9e4ea3ff80b736bddbca834eef7e7f61f4b15c23 Author: Daiki Ueno Date: 2017-05-23 rpc: Fix typo in encoding CK_DATE value p11-kit/rpc-message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 41b07cdf4210b299dc6c92352475c7c095f6f915 Author: Daiki Ueno Date: 2017-05-23 rpc: Factor out attribute value serializer definitions p11-kit/rpc-message.c | 51 +++++++++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 26 deletions(-) commit f6112aa79a251079aef344d77cbe172031db1e8b Author: Daiki Ueno Date: 2017-05-24 rpc: Add a comment why we call _get_attribute() twice p11-kit/rpc-server.c | 1 + 1 file changed, 1 insertion(+) commit ba49b85ecf280e7fb6eec96c3ef33c50122e75a6 Author: Daiki Ueno Date: 2017-05-11 rpc: Convert attribute value for portability When using the RPC across multiple architectures, where data models are different, say LP64 vs ILP32, there can be unwanted truncation of attribute values. This patch converts the values into portable format for the known attributes. Co-authored-by: Nikos Mavrogiannopoulos p11-kit/rpc-client.c | 63 +++---- p11-kit/rpc-message.c | 509 ++++++++++++++++++++++++++++++++++++++++++++++++-- p11-kit/rpc-message.h | 77 ++++++++ p11-kit/rpc-server.c | 35 ++-- p11-kit/test-rpc.c | 223 +++++++++++++++++++++- 5 files changed, 827 insertions(+), 80 deletions(-) commit 480337a68446033dc9374e9c4fe4d3cae9d4e972 Author: Daiki Ueno Date: 2017-05-22 rpc: Return early if call_id of request is ERROR Otherwise it will cause assertion failure in a few lines below. Spotted by amrican fuzzy lop. p11-kit/rpc-message.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8b64577c3bb4d5dd60e4939223550f2f2002284b Author: Daiki Ueno Date: 2017-05-22 build: Add fuzzer using AFL build/fuzz/main.c | 44 ++++++++++++++++++++++++++++++++++++ build/fuzz/rpc.in/transcript | Bin 0 -> 146 bytes build/fuzz/rpc_fuzzer.c | 52 +++++++++++++++++++++++++++++++++++++++++++ build/fuzz/run-afl.sh | 46 ++++++++++++++++++++++++++++++++++++++ build/fuzz/transcript | Bin 0 -> 5694933 bytes 5 files changed, 142 insertions(+) commit 723dfeb3dd9b8426c4c1d6236f4b22354c122dae Author: Daiki Ueno Date: 2017-05-18 trust: Simplify the check for the magic Instead of reusing the CKA_X_GENERATED attribute, check the file contents directly in the caller side. trust/parser.c | 7 +++---- trust/persist.c | 19 +++++++++++-------- trust/persist.h | 3 +++ 3 files changed, 17 insertions(+), 12 deletions(-) commit 66c6a7e912d39d66cd4cc91375ac7be418bf7176 Author: Daiki Ueno Date: 2017-05-18 trust: Check magic comment in persist file for modifiablity A persistent file written by the trust module starts with the line "# This file has been auto-generated and written by p11-kit". This can be used as a magic word to determine whether the objects read from a .p11-kit file are read-only. trust/parser.c | 6 +++++- trust/persist.c | 9 ++++++++- trust/test-token.c | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) commit acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea Author: Daiki Ueno Date: 2017-05-18 Revert "trust: Honor "modifiable" setting in persist file" This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which broke "trust anchor --remove". trust/input/verisign-v1.p11-kit | 1 - trust/parser.c | 10 +--------- trust/test-parser.c | 1 - 3 files changed, 1 insertion(+), 11 deletions(-) commit 5a52fe4fa8dffdaf33cd024e1a4b18c8facb451c Author: Daiki Ueno Date: 2017-03-09 remote: Fix typo when writing a credential byte out_fd is not always 1 when p11_kit_remote_serve_module() is used for writing a custom server. p11-kit/rpc-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 13160c1f95758387dffc41345e20d89ff9b5a5c0 Author: Daniel Black Date: 2017-03-06 correct text for --user-config option configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 817a1c67c407850ab1756fdacb1c38e4bded5509 Author: Daiki Ueno Date: 2017-03-01 Release 0.23.5 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit a827b55fed09b72ffd0e176c6630cb7b591c6e04 Author: Daiki Ueno Date: 2017-02-28 build: Remove systemd unit files for now Given that the remote proxy service shall be only used by NetworkManager and not generally useful, revert commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now. Once the necessary command that runs the proxy module is implemented in p11-kit, maybe NetworkManager itself could install those files. p11-kit/Makefile.am | 19 ------------------- p11-kit/p11-kit-remote.socket | 10 ---------- p11-kit/p11-kit-remote@.service.in | 10 ---------- 3 files changed, 39 deletions(-) commit 7053ace4ae5b3e2129e5a8ffe482420bfc14f894 Author: Daiki Ueno Date: 2017-02-24 systemd: Fix location of p11-kit-remote The p11-kit-remote executable is now located under $libexecdir, but we should use the p11-kit command to launch the subcommand. Makefile.am | 2 ++ configure.ac | 1 - p11-kit/Makefile.am | 8 ++++++++ p11-kit/p11-kit-remote@.service.in | 2 +- 4 files changed, 11 insertions(+), 2 deletions(-) commit 156b0c9249f6da54195d2a6a817ea92552e78bf8 Author: Nikos Mavrogiannopoulos Date: 2017-02-27 fixed license in unix peer file common/unix-peer.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) commit b674c94029fd2012d8a5cba13a9e7b8dd097ac56 Author: Roman Bogorodskiy Date: 2017-02-23 build: add missing includes for FreeBSD Include signal.h for kill(2) and SIGKILL on FreeBSD. p11-kit/test-transport.c | 1 + 1 file changed, 1 insertion(+) commit bc6fec4422ddc84541776b6f0cfca1542e28f350 Author: Roman Bogorodskiy Date: 2017-02-23 build: check for getpeereid In common/unix-peer.c, we are checking if HAVE_GETPEEREID is defined, however, we never actually check if getpeereid() is available, so fix that by checking this function using AC_CHECK_FUNCS(). configure.ac | 1 + 1 file changed, 1 insertion(+) commit 54d9f0799e32796f8e762d8b58ecd4e3dd3fef82 Author: Daiki Ueno Date: 2017-02-17 Release 0.23.4 NEWS | 17 +++++++++++++++++ configure.ac | 6 +++--- 2 files changed, 20 insertions(+), 3 deletions(-) commit 1e80b5858a90497879e1e3faee4c7f76d5cbd6f0 Author: Daiki Ueno Date: 2017-02-20 uri: Support vendor query attributes If an unknown attribute is present in the query part of the PKCS#11 URI, the parser treated it as unrecognized and subsequent matches failed. Instead, keep track of such attributes and provide a set of API to deal with them. doc/manual/p11-kit-sections.txt | 2 + p11-kit/test-uri.c | 40 ++++++++++++++++ p11-kit/uri.c | 100 +++++++++++++++++++++++++++++++++++++++- p11-kit/uri.h | 6 +++ 4 files changed, 146 insertions(+), 2 deletions(-) commit eb65a85a4abfbab489f271c9f074409ba46ce8f5 Author: Daiki Ueno Date: 2017-02-21 rpc: Make it less verbose about connection failure The connection failure here is not fatal. Use p11_debug() instead of p11_message(). p11-kit/rpc-transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c65752d596e69f48ebe67694cfb2a91697a676bf Author: Mantas Mikulėnas Date: 2017-02-20 rpc: Try $XDG_CACHE_HOME before ~/.cache This is unset on most systems, but might as well follow the Base Directory spec properly. p11-kit/client.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 8eed1e60b0921d05872e2f43eee9088cef038d7e Author: Daiki Ueno Date: 2017-02-17 trust: Honor "modifiable" setting in persist file Previously, all objects read from p11-kit persist files are marked as modifiable when parsing, regardless of the explicit "modifiable: false" setting in the file. Reported by Kai Engert in: https://bugs.freedesktop.org/show_bug.cgi?id=99797 trust/input/verisign-v1.p11-kit | 1 + trust/parser.c | 10 +++++++++- trust/test-parser.c | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) commit 0684cd7b7f815b411ea5041c021f92ca5ef42606 Author: Daiki Ueno Date: 2017-01-11 rpc: Add PKCS#11 module that connects to socket This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL. Makefile.am | 3 + doc/manual/Makefile.am | 1 + doc/manual/p11-kit.xml | 17 ++++ p11-kit/Makefile.am | 58 ++++++++++--- p11-kit/client-init.c | 109 +++++++++++++++++++++++++ p11-kit/client.c | 215 +++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/client.h | 41 ++++++++++ p11-kit/modules.c | 10 +++ p11-kit/proxy-init.c | 98 ++++++++++++++++++++++ p11-kit/remote.c | 2 +- p11-kit/util.c | 57 ------------- trust/Makefile.am | 3 +- 12 files changed, 543 insertions(+), 71 deletions(-) commit c28ff652e5d6c6ddff513716e22064e0e17a58d3 Author: Daiki Ueno Date: 2016-12-25 remote: Add API to serve a token doc/manual/p11-kit-sections.txt | 1 + p11-kit/remote.h | 5 +++++ p11-kit/rpc-server.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+) commit 426b693aa7fe2e9750abf8cb39f28251a4b54668 Author: Daiki Ueno Date: 2016-12-26 remote, server: Recognize PKCS#11 URI p11-kit/remote.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 69 insertions(+), 8 deletions(-) commit 4bac7e0e95712a4c7bfd03471c973f491ad81df4 Author: Nikos Mavrogiannopoulos Date: 2016-08-24 p11-kit: Add 'p11-kit server' command This adds a new tool to the p11-kit command called 'server', which allows us to access a PKCS#11 module over a Unix domain socket. Internally, it is implemented as a wrapper around 'p11-kit remote'. Upon connection it executes 'p11-kit remote' in a forked process. configure.ac | 3 + p11-kit/Makefile.am | 14 ++ p11-kit/server.c | 578 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 595 insertions(+) commit f2742c72bc29444bcfe63425819506fa42073d64 Author: Nikos Mavrogiannopoulos Date: 2016-08-24 common: New p11_get_upeer_id() function common/Makefile.am | 6 ++++ common/unix-peer.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/unix-peer.h | 42 +++++++++++++++++++++++++++ 3 files changed, 132 insertions(+) commit 89fa381ce5573a925b90da973cd8956937d79caa Author: Nikos Mavrogiannopoulos Date: 2016-08-24 rpc: New rpc_unix transport based on Unix socket p11-kit/rpc-transport.c | 89 +++++++++++++++++++++++++++++++++++ p11-kit/test-transport.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 207 insertions(+) commit 3bab48000c4e61104b30ac379806cad3e1376ea6 Author: Daiki Ueno Date: 2017-01-25 common: Add path encoding functions This adds p11_path_{encode,decode}(), following the escaping rule described in: https://dbus.freedesktop.org/doc/dbus-specification.html#addresses Although they are merely a wrapper around p11_url_{decode,encode}(), having dedicated functions hides the implementation details. common/path.c | 33 +++++++++++++++++++++++++++++++++ common/path.h | 4 ++++ common/test-path.c | 22 ++++++++++++++++++++++ 3 files changed, 59 insertions(+) commit 5442b1cfa13da9307cc38a8fd289a67a05fe26ad Author: Daiki Ueno Date: 2017-02-15 travis: Enable mingw64 cross build .travis.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 98f02ef5ebf6966af4937dd2f730d808f13d8a1c Author: Daiki Ueno Date: 2017-02-16 trust: Fix uninitialized value in anchor command trust/anchor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6dfa59954d882971e4516192f18319cbc75b5e4b Author: Daiki Ueno Date: 2017-02-16 library: Initialize p11_virtual_mutex for Windows common/library.c | 2 ++ 1 file changed, 2 insertions(+) commit 8594841ed349818bb8cb43a57b734a7945427c64 Author: Daiki Ueno Date: 2017-02-16 test: Fix modules test for Windows Synchronize the fixture module to the non-Unix one and enable "/modules/test_filename". p11-kit/fixtures/system-modules/win32/one.module | 4 +++- p11-kit/test-modules.c | 4 +--- 2 files changed, 4 insertions(+), 4 deletions(-) commit 63b31ebfa1a978789cb31635fd95d00d7e398fa2 Author: Daiki Ueno Date: 2017-02-15 trust: Fix saving trust file on Windows trust/save.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 99aabc614cce4e0a9751d9409546c34abc1fe2db Author: Daiki Ueno Date: 2017-02-15 test: Fix Windows test case for p11_path_expand common/test-path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b534f1801d82c565e38305b2ed73dd00dc165f65 Author: Daiki Ueno Date: 2017-02-15 rpc: Port exec transport to Windows On Windows, use _spawnv() to create a subprocess and two unidirectional pipe created with _pipe() to communicate with it. If we can assume WinSock, it might be simpler to use a socketpair() replacement from: https://github.com/ncm/selectable-socketpair. p11-kit/rpc-transport.c | 275 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 245 insertions(+), 30 deletions(-) commit 46e35810f8e9774bd5984b9fcb6d92450bf6ba0a Author: Daiki Ueno Date: 2017-02-15 build: Adjust executable/module names for Windows Append EXEEXT or SHLEXT to the filename if needed. configure.ac | 2 ++ p11-kit/p11-kit.c | 7 ++++++- p11-kit/test-transport.c | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) commit 69293e9e894c9a3141f8d59e78a81b3fcf2beb28 Author: Daiki Ueno Date: 2017-02-01 build: Avoid undefined reference to rpc_exec_init p11-kit/rpc-transport.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7b5ad15a68ab7fc0a0cb051f641120c6301694a7 Author: Daiki Ueno Date: 2017-02-01 build: Include for execv trust/extract.c | 1 + 1 file changed, 1 insertion(+) commit b78bc9304b21da16312473b1f4dc0f8870fb8df9 Author: Daiki Ueno Date: 2017-02-01 build: Check *asprintf on all platforms configure.ac | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit b16500f93407aef72445b03c1ee96c6768917906 Author: Daiki Ueno Date: 2017-02-15 argv: Fix misinterpretation of backslash in quotes Don't append the backslash character twice to the output. It is interpolated a few lines below, if it is really required. common/Makefile.am | 4 ++ common/argv.c | 2 +- common/test-argv.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+), 1 deletion(-) commit 873d391fa5015e8c5c82457a0641ed5bb1e2b7e3 Author: Daiki Ueno Date: 2017-02-16 compat: Fix character generation in mk{s,d}temp() common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b8f1e4febe31f18bf63a3a9ad0e336ede82dd0f1 Author: Kai Engert Date: 2017-02-02 Fix a typo in "x-cetrificate-value", see also https://bugs.freedesktop.org/show_bug.cgi?id=99600 common/constants.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dbadd5da6ccbb17ec5c4bbb142fdc244b4903bfb Author: Kai Engert Date: 2017-02-02 Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files. See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453 common/constants.c | 1 + common/pkcs11x.h | 1 + trust/builder.c | 1 + trust/persist.c | 1 + 4 files changed, 4 insertions(+) commit ee740e904030c3fb2640f524014474a510dda7eb Author: Daiki Ueno Date: 2017-02-16 library: Deinit p11_virtual_mutex Follow-up fix for commit 4d228aa0, which forgot to clear p11_virtual_mutex on library finalization. common/library.c | 1 + 1 file changed, 1 insertion(+) commit 4d228aa0129bcafb97d7196d8c18e379b492406d Author: Daiki Ueno Date: 2017-02-14 virtual: Move mutex into p11_library_init() We used to provide p11_virtual_fixed_{,un}init() to only initialize a mutex used in virtual.c. That required all the tests calling virtual functions to call p11_virtual_fixed_{,un}init() in main(). For simplicity, move the mutex variable initialization into p11_library_init(). common/library.c | 3 +++ common/library.h | 3 +++ p11-kit/util.c | 5 ----- p11-kit/virtual-fixed.h | 3 --- p11-kit/virtual.c | 27 +++++---------------------- 5 files changed, 11 insertions(+), 30 deletions(-) commit 1ea08989cecee217befd3b964b5a4f0d584e2a29 Author: Daiki Ueno Date: 2017-02-13 trust: Revert to the original 'extract' behavior Since commit f4384a40, due to a missing ex->flags setting, the 'trust extract' command didn't retrieve correlation between related objects and that was causing assertion failure when writing PEM files. https://bugs.freedesktop.org/show_bug.cgi?id=99795 trust/extract.c | 1 + 1 file changed, 1 insertion(+) commit fd9b5c19485e2b88150696b523d889df2ed41cba Author: Daiki Ueno Date: 2016-12-13 filter: New virtual wrapper for access control doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 5 + p11-kit/filter.c | 420 +++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/filter.h | 55 +++++++ p11-kit/test-filter.c | 143 +++++++++++++++++ 5 files changed, 624 insertions(+) commit 3d54011b0d0bf1b31fbab8d7025b7201722d61c3 Author: Daiki Ueno Date: 2016-12-17 iter: Enable iteration over slots/tokens/modules While PKCS#11 URI can identify slots/tokens/modules, P11KitIter is only capable of iterating over objects. This patch adds new behaviors to P11KitIter to support iterations over slots/tokens/modules, using the C coroutine trick as described in: http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html doc/manual/p11-kit-sections.txt | 2 + p11-kit/iter.c | 149 +++++++++++++++++++++++++++++++------- p11-kit/iter.h | 16 +++- p11-kit/test-iter.c | 157 +++++++++++++++++++++++++++++++++++++++- 4 files changed, 297 insertions(+), 27 deletions(-) commit 77913af71be81208b4e9af68cd10bc55669543e1 Author: Daiki Ueno Date: 2017-01-23 uri: Relax pin-* parsing for compatibility While 'pin-source' and 'pin-value' are defined as query atttribute, they were defined as path attribute in earlier drafts, and some implementations still stick to it. For backward compatibility, accept those in path attributes when parsing (but not when formatting). Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000637.html p11-kit/uri.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) commit cfa9fefb2b4c4d8c1d38284817c61dcf5d3f4716 Author: Stef Walter Date: 2017-01-29 trust: Implement a 'trust dump' command This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules. doc/manual/trust.xml | 39 +++++++++++ trust/Makefile.am | 1 + trust/dump.c | 191 +++++++++++++++++++++++++++++++++++++++++++++++++++ trust/dump.h | 43 ++++++++++++ trust/trust.c | 2 + 5 files changed, 276 insertions(+) commit 2a46d81d84682181e0108ff2e5f973f7a319d25f Author: Stef Walter Date: 2017-01-29 trust: Don't encode spaces when writing .p11-kit format These should not be encoded by default for readability in strings. trust/persist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6caa48db1cab9a4d680062edcd139d9625c5aa7f Author: Stef Walter Date: 2017-01-29 trust: Add an "all" filter option for trust commands trust/enumerate.c | 3 +++ 1 file changed, 3 insertions(+) commit f4384a40657e6abde6658ac7600abb879818b493 Author: Stef Walter Date: 2017-01-29 trust: Make extraction and correlation of certificate info optional This is so that the code can be shared by the upcoming 'trust dump' command where correlation between related objects is not desired. trust/enumerate.c | 28 +++++++++++++++------------- trust/enumerate.h | 1 + trust/list.c | 1 + trust/test-bundle.c | 1 + trust/test-cer.c | 1 + trust/test-enumerate.c | 16 ++++++++++------ trust/test-openssl.c | 1 + 7 files changed, 30 insertions(+), 19 deletions(-) commit d5a2d993c8e983290aea33fac2a086240af39c6b Author: Stef Walter Date: 2017-01-29 trust: Load all attributes for each object when enumerating We load all known attributes for each object we're enumerating over in the 'trust list' and 'trust extract' commands. trust/enumerate.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) commit 9bb1613011370b00c7b561d7de30c205a246a586 Author: Daiki Ueno Date: 2017-01-25 virtual: Make virtual-fixed internal API cleaner Add proper inclusion guard to virtual-fixed.h and move the declarations of the (un)initialization functions there. p11-kit/util.c | 10 +++++----- p11-kit/virtual-fixed.h | 9 +++++++++ p11-kit/virtual.c | 4 ++-- p11-kit/virtual.h | 4 ---- 4 files changed, 16 insertions(+), 11 deletions(-) commit 08ecac9deb63904c6482eab64198580aac9e1a4e Author: Daiki Ueno Date: 2017-01-25 test: Release transport mock module To prevent leaks of fixed closures, p11_kit_module_release() needs to be called on the mock module itself. p11-kit/test-transport.c | 1 + 1 file changed, 1 insertion(+) commit c01b59e5594b395cf084068e513a68f63c9b95a4 Author: Nikos Mavrogiannopoulos Date: 2016-11-30 test: Check exhaustion of fixed closures p11-kit/test-managed.c | 49 +++++++++++++++++++++++++++++++++++++++++++++---- p11-kit/test-modules.c | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 82 insertions(+), 5 deletions(-) commit 9f632bed73c8800af16a69c97bd4c315bd350f8b Author: Daiki Ueno Date: 2016-08-26 build: Make libffi closure optional libffi's closure support is not available on all platforms and may fail at run time if running under a stricter SELinux policy. Fallback to pre-compiled closures if it is not usable. https://bugs.freedesktop.org/show_bug.cgi?id=97611 configure.ac | 11 - doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 5 +- p11-kit/modules.c | 26 +- p11-kit/proxy.c | 2 +- p11-kit/test-init.c | 12 +- p11-kit/test-virtual.c | 1 - p11-kit/util.c | 5 + p11-kit/virtual-fixed.h | 1135 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/virtual.c | 614 ++++++++++++++++++++----- p11-kit/virtual.h | 6 +- 11 files changed, 1662 insertions(+), 156 deletions(-) commit 91861f634a1299af28a29de70c45f469562123f6 Author: Daiki Ueno Date: 2017-01-23 maint: Add .dir-locals.el file for Emacs .dir-locals.el | 1 + 1 file changed, 1 insertion(+) commit 7f6488fc95a2cbd3b8012923d6fd522a83ae6bba Author: Daiki Ueno Date: 2017-01-23 travis: Enable strict code compilation .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1e0bc1f164ce73f9feeeb14754d09072b3e9bc68 Author: Roman Bogorodskiy Date: 2017-01-21 Fix compiler warnings on FreeBSD * common/compat.c: Fix "implicit declaration of function 'issetugid'" warning. On FreeBSD, it's required to define __BSD_VISIBLE to make issetugid(2) visible * common/test-message.c: Fix "implicit declaration of function 'asprintf'" by including * p11-kit/test-iter.c: Fix "format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'int'" by changing format string to "%d" common/compat.c | 4 ++++ common/test-message.c | 1 + p11-kit/test-iter.c | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 Author: Lubomir Rintel Date: 2016-12-08 systemd: add per-user remoting socket This allows daemons outside user's session to use per-user PKCS#11 modules. Useful for letting VPN daemons or wpa_supplicant use certificates stored in user's GNOME keyring, etc. .gitignore | 1 + configure.ac | 1 + p11-kit/Makefile.am | 11 +++++++++++ p11-kit/p11-kit-remote.socket | 10 ++++++++++ p11-kit/p11-kit-remote@.service.in | 10 ++++++++++ 5 files changed, 33 insertions(+) commit 563606efe17cbf3b84679f5e54f60b8d68ba9015 Author: Lubomir Rintel Date: 2015-11-03 common: use recursive pthread mutex for library lock This allows us to do nested locking within one thread avoiding a lockup when remoting the p11-kit-proxy.so module: #0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0 #1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0 #2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355 #3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337 #4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382 #5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427 #6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105 #7 main (argc=1, argv=) at p11-kit/remote.c:169 The Windows NT mutex is aready recursive by default. common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cfc654b2a532aa1adf3cda4bdee8b1397920f912 Author: Daiki Ueno Date: 2017-01-18 uri: Support query attributes to specify module Accept and produce 'module-name' and 'module-path' query attributes defined in RFC 7512. doc/manual/p11-kit-sections.txt | 4 ++ p11-kit/test-uri.c | 115 ++++++++++++++++++++++++++++++++++++++ p11-kit/uri.c | 121 +++++++++++++++++++++++++++++++++++++--- p11-kit/uri.h | 10 ++++ 4 files changed, 241 insertions(+), 9 deletions(-) commit a126365a49547da6b532210a886bb5d5fc531b77 Author: Daiki Ueno Date: 2017-01-16 uri: Avoid typecasting confusion on s390x Like memcpy(), the 'void *' argument of p11_buffer_add() points to the memory area ordered in host's endianness. Add typecast of int->char to avoid the confusion. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000633.html p11-kit/uri.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 726c08847c263af9c9fd8c74aea738612795dbb6 Author: Lubomir Rintel Date: 2016-12-28 uri: fix producing the query attributes Put the pin-* attributes where they belong: to the query part. p11-kit/test-uri.c | 2 +- p11-kit/uri.c | 81 +++++++++++++++++++++++++++++++----------------------- 2 files changed, 48 insertions(+), 35 deletions(-) commit cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea Author: Lubomir Rintel Date: 2016-12-28 uri: fix the query attribute parsing The pin-* attributes belong to the query part. We should not parse them until we see a '?' and they're separated with a '&'. This might be an important thing -- some of the query attributes may have security implications reaching outside scope of the token itself, to the host system itself. E.g. a pin-source may cause the consumer to access a file or module-path (unimplemented) execute code. The user may want to just chop the attribute part off if they want the consumer access the token and not take the security considerations into account. p11-kit/test-uri.c | 6 +++--- p11-kit/uri.c | 50 +++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 42 insertions(+), 14 deletions(-) commit 287ae8c14145d9cef55079e4de36b1607176cf89 Author: Roman Bogorodskiy Date: 2017-01-07 build: improve p11-kit-proxy symlink handling - Current command for creation of the p11-kit-proxy symlink uses shell brace expansion that isn't supported by all the shells (e.g. FreeBSD's /bin/sh does not support that). Replace it with the old-fashioned 'for' loop - Match extension of the source and the target, i.e. so links to so, dylib links to dylib (previously dylib linked to so) - Add an uninstall-local target to clean up the symlink p11-kit/Makefile.am | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 794385d24fe794455798946ce9de1e2280e78a8c Author: Daiki Ueno Date: 2016-12-13 Release version 0.23.3 NEWS | 10 ++++++++++ configure.ac | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) commit 62d7cd6a0e1ce76b2dd6c5a44933cee1bac93c19 Author: Daiki Ueno Date: 2016-12-19 doc: More tweaks for gtk-doc doc/manual/p11-kit-sections.txt | 7 +++++++ 1 file changed, 7 insertions(+) commit eb6433f0d1406d3dda42c98fa94060cab5d5d0ac Author: Daiki Ueno Date: 2016-12-19 doc: Mention new API functions doc/manual/p11-kit-sections.txt | 6 ++++++ 1 file changed, 6 insertions(+) commit 4442748b1cbb4da4f355ece6d498a2272e2c7238 Author: Andreas Metzler Date: 2016-12-15 rpc: Fix typo flagged by lintian p11-kit/rpc-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9773fa8ca877d305a5dea26d07cfcfc445232ae2 Author: Daiki Ueno Date: 2016-12-13 test: Remove setgid()ed copy of frob-getenv Otherwise the file is left in builddir, after make distclean. common/test-compat.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 5af8da1f4949807925e23b866f6280dcf7d74f87 Author: Daiki Ueno Date: 2016-12-13 test: Fix privatedir substitution in test-extract Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must be substituted in the script beforehand. trust/test-extract.in | 1 + 1 file changed, 1 insertion(+) commit 352d2090628d6a040846508e51de06318b69a475 Author: Daiki Ueno Date: 2016-12-06 pkcs11: Update CRYPTOKI_VERSION to 2.40 common/pkcs11.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 5287a57b9e6d96504af4ad0f989328397f845d55 Author: Daiki Ueno Date: 2016-12-06 pkcs11: Add CK_RSA_PKCS_OAEP_PARAMS definition https://bugzilla.redhat.com/show_bug.cgi?id=1191209 common/pkcs11.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 15a28b263f37de4796899dff04bcf3886f9d010e Author: Daiki Ueno Date: 2016-12-06 pkcs11: Add CKA_COPYABLE definition https://bugzilla.redhat.com/show_bug.cgi?id=1191231 common/pkcs11.h | 1 + 1 file changed, 1 insertion(+) commit ccc81bbfaffb5617a509126b8f882b6c930434e3 Author: Daiki Ueno Date: 2016-12-06 pkcs11: Add AES key wrap mechanisms https://bugzilla.redhat.com/show_bug.cgi?id=1191231 common/pkcs11.h | 3 +++ 1 file changed, 3 insertions(+) commit b034e8601036c41acfcbd39f12fcd4bfb75dfd13 Author: Pankaj Date: 2016-09-20 proxy: Remove redundant NULL check https://bugs.freedesktop.org/show_bug.cgi?id=93589 p11-kit/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f8ff3bec65e31dad1cabe0bd3e2f1fae9ef77f40 Author: Pankaj Date: 2016-09-20 modules: Remove redundant NULL check https://bugs.freedesktop.org/show_bug.cgi?id=93588 p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 873e52cc72701f7a5714a5006f15810ba5981d10 Author: Pankaj Date: 2016-09-20 proxy: Check return value of calloc() https://bugs.freedesktop.org/show_bug.cgi?id=92815 p11-kit/proxy.c | 1 + 1 file changed, 1 insertion(+) commit 2cf22900bbcb3a0f3d11b56ad262bef33e997a00 Author: Pankaj Date: 2016-09-20 mock: Check return value of calloc() https://bugs.freedesktop.org/show_bug.cgi?id=92813 common/mock.c | 1 + 1 file changed, 1 insertion(+) commit 694c95d8da89e2f6aae47c7c379b3c0e2b9adbe8 Author: Daiki Ueno Date: 2016-12-06 doc: State 'p11-kit trust' is a deprecated form https://bugzilla.redhat.com/show_bug.cgi?id=1160783 doc/manual/p11-kit.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit b3418c2f0d223955723df7d65a31026ad038d943 Author: Daiki Ueno Date: 2016-09-23 trust: Don't add CKA_TRUSTED to extension object While 'trust anchor' command tries to add CKA_TRUSTED attribute to any object, it is only valid for a certificate object. https://bugzilla.redhat.com/show_bug.cgi?id=1158926 trust/anchor.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) commit 65e8ad30e7832f3a979f88f4308cfa4f9a969829 Author: Daiki Ueno Date: 2016-09-22 common, trust: Avoid integer overflow This fixes issues pointed in: https://bugzilla.redhat.com/show_bug.cgi?id=985445 except for p11-kit/conf.c:read_config_file(), which was rewritten using mmap() and thus length calculation is no longer needed. common/compat.c | 8 ++++++-- common/path.c | 2 ++ common/url.c | 2 +- trust/base64.c | 5 +++++ 4 files changed, 14 insertions(+), 3 deletions(-) commit 99c3d823fc96c47af4810a5ee091501721159a48 Author: Stanislav Brabec Date: 2016-11-22 move privatedir from libdir to libexecdir According to the GNU Coding Standards[1], private executables should be installed to libexecdir, not libdir. Move privatedir to libexecdir. [1] https://www.gnu.org/prep/standards/ https://bugs.freedesktop.org/show_bug.cgi?id=98817 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7d33b9fc54d618feda8960f12c71214dc9ec697 Author: Daiki Ueno Date: 2016-09-27 trust: Avoid confusion in DER/PEM decoding Previously p11-kit-trust.so tried to interpret certificate as PEM format first. This could cause potential conflict if the certificate were actually in DER format and contained a PEM marker strings. https://bugs.freedesktop.org/show_bug.cgi?id=92063 trust/test-token.c | 18 ++++++++++ trust/test-trust.h | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 2 +- 3 files changed, 115 insertions(+), 1 deletion(-) commit 2b86585f1b1d140b73b693c81aac8b4a9af1cb8d Author: Stef Walter Date: 2016-11-29 doc: Update documentation to point towards GitHub The p11-kit code has moved to GitHub. The documentation needs an update. HACKING | 5 ++++- doc/manual/p11-kit-devel.xml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) commit 8046370a9d0c8333d84a1294c302d21634729cc8 Author: Lubomir Rintel Date: 2016-11-28 test-conf: don't create the setuid copy in /tmp The temporary directory is often mounted with nosuid, thus whatever runs from there doesn't get AT_SECURE in auxv. common/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9cb55d7357db929960dca26b9f22f488b756bac2 Author: Daiki Ueno Date: 2016-09-27 trust: Clarify the error message of 'extract' https://bugzilla.redhat.com/show_bug.cgi?id=1154693 trust/extract.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit d6d0dfd10e360fdcb974e74abe92bb0910bdf172 Author: Daiki Ueno Date: 2016-09-23 trust: Mention anchor --remove option in help https://bugzilla.redhat.com/show_bug.cgi?id=1158467 trust/anchor.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1d2276dc20153eb513d67aeb3464cf0c1edf6d38 Author: Daiki Ueno Date: 2016-09-22 trust: Reject invalid UTF-8 input Merge changes from utf8.c in FreeBSD's libc: https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196 https://bugzilla.redhat.com/show_bug.cgi?id=985449 trust/test-utf8.c | 2 ++ trust/utf8.c | 6 ++++++ 2 files changed, 8 insertions(+) commit 3846526ee94f6b4bbc0ea07d9d3cb72ed9f92707 Author: Daiki Ueno Date: 2016-09-22 pkg-config: Expose p11_trust_paths variable The variable is mentioned in the manual but wasn't exposed from the pkg-config. p11-kit/p11-kit-1.pc.in | 1 + 1 file changed, 1 insertion(+) commit c32a16ce821cf37307e53139027c5939c0b1925b Author: Daiki Ueno Date: 2016-09-22 build: Remove *.in files from EXTRA_DIST The files created with AC_CONFIG_FILES are automatically added to the distribution. p11-kit/Makefile.am | 2 -- 1 file changed, 2 deletions(-) commit 4965a8b2f150ea6c8dadd7dd22aab718f2814591 Author: Daiki Ueno Date: 2016-10-21 build: Don't update po files on every make run Update po/Makevars to the latest template and take advantage of PO_DEPENDS_ON_POT = no. po/Makevars | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) commit de5f2e5c59a8811aaea0c19a4a8899e370413851 Author: Daiki Ueno Date: 2016-10-31 travis: Enable GCC sanitizers .travis.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 09f584cbef43cac2a071b54f0fc97dd318fe88ea Author: Daiki Ueno Date: 2016-10-31 travis: Disable silent rules .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6305c66bfb607f49c99f820e7123c753364e894 Author: Daiki Ueno Date: 2016-09-21 test: Remove /proxy/deinit-after-fork test This test hasn't been working since the removal of the pthread_atfork() deinit code. To properly clean up, the child process needs to call C_Initialize() and C_Finalize(), and it is already tested by /proxy/initialize-child. p11-kit/test-proxy.c | 37 ------------------------------------- 1 file changed, 37 deletions(-) commit bc6469c4fd576c698bab9c8b620de00d7ba1fe1a Author: Daiki Ueno Date: 2016-09-20 test: Fix memleak in test-token cleanup GCC's asan spotted this: Direct leak of 338 byte(s) in 13 object(s) allocated from: #0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x445e8c in p11_path_build ../common/path.c:222 #2 0x4385bd in expand_tempdir ../common/test.c:334 #3 0x43869c in p11_test_directory ../common/test.c:361 #4 0x4033e3 in setup_temp ../trust/test-token.c:79 trust/test-token.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ecaf79c6a0b35e55b27f465c6d6628f165874b78 Author: Daiki Ueno Date: 2016-09-22 modules: Reset the init count on fork() Reset mod->init_count when forkid has changed. Otherwise C_Finalize does not get called. GCC's asan spotted this: Direct leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f89bc7bfe20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x7f89bc47a1f1 in p11_dict_new ../common/dict.c:278 #2 0x7f89bc42143d in managed_C_Initialize ../p11-kit/modules.c:1477 #3 0x7f89bc464c72 in binding_C_Initialize ../p11-kit/virtual.c:121 #4 0x7f89bc1b0a51 in ffi_closure_unix64_inner (/lib64/libffi.so.6+0x5a51) #5 0x7f89bc1b0dbf in ffi_closure_unix64 (/lib64/libffi.so.6+0x5dbf) #6 0x7f89bc44f9e8 in rpc_C_Initialize ../p11-kit/rpc-server.c:691 p11-kit/modules.c | 4 ++++ 1 file changed, 4 insertions(+) commit ae0527969dbb2dea5bf97257c92a65b72ba71db5 Author: Daiki Ueno Date: 2016-09-21 modules: Fix memleak when loading remote module Make sure to call p11_virtual_uninit() on managed module. Otherwise the associated lower_module will not be released. GCC's asan spotted this: Direct leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7f6c5368dfe0 in calloc (/lib64/libasan.so.3+0xc6fe0) #1 0x4436ba in p11_rpc_client_init ../p11-kit/rpc-client.c:2082 #2 0x42c147 in p11_rpc_transport_new ../p11-kit/rpc-transport.c:850 #3 0x415d95 in setup_module_for_remote_inlock ../p11-kit/modules.c:411 p11-kit/modules.c | 2 ++ 1 file changed, 2 insertions(+) commit 7e94bcac88e16c22b8258bcdcb4b2165b198679a Author: Daiki Ueno Date: 2016-09-21 rpc: Fix memleak in rpc_socket cleanup GCC's asan spotted this: Direct leak of 120 byte(s) in 1 object(s) allocated from: #0 0x7f8d4f221fe0 in calloc (/lib64/libasan.so.3+0xc6fe0) #1 0x427f55 in rpc_socket_new ../p11-kit/rpc-transport.c:100 #2 0x42bc1b in rpc_exec_connect ../p11-kit/rpc-transport.c:767 p11-kit/rpc-transport.c | 1 + 1 file changed, 1 insertion(+) commit 07cadc6fd3716f1b2a8265c40b59426847042967 Author: Daiki Ueno Date: 2016-09-23 uri: Port to PKCS#11 GNU calling convention https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/uri.h | 2 ++ 1 file changed, 2 insertions(+) commit c30353ec1869024de672731236d9a4acd2f7dd28 Author: Daiki Ueno Date: 2016-09-20 uri: Fix buffer overflow in memcmp() The commit 63644dc introduced several memcmp() calls without checking the length of the first argument. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/uri.c | 57 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 25 deletions(-) commit dd514f46c880c508f69412850286d70ec8967758 Author: Daiki Ueno Date: 2016-10-06 travis: Enable build on the CI .travis.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit a96f354c3068edb6c8ac80ae6d9a6611651145d7 Author: Daiki Ueno Date: 2016-09-19 rpc: Send x-init-reserved to remote module Signed-off-by: Stef Walter * Fixed up indentation https://bugs.freedesktop.org/show_bug.cgi?id=80519 p11-kit/Makefile.am | 7 ++++- p11-kit/mock-module-ep3.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/modules.c | 30 ++++++++++++--------- p11-kit/rpc-client.c | 16 ++++++++++- p11-kit/rpc-message.h | 2 +- p11-kit/rpc-server.c | 13 +++++++++ p11-kit/test-transport.c | 24 +++++++++++++++++ 7 files changed, 144 insertions(+), 16 deletions(-) commit 2fe688e8bd360ce2f364bfb6ef80e07712c9bb86 Author: Daiki Ueno Date: 2016-09-20 test: Fix p11_virtual_init() usage p11_virtual_init() should take a CK_FUNCTION_LIST as the 3rd argument, if the 2nd argument is &p11_virtual_base. https://bugs.freedesktop.org/show_bug.cgi?id=87192 p11-kit/test-virtual.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6923e8fb56692b20d24398d4746d2399490acdc1 Author: Leonardo Brondani Schenkel Date: 2016-10-03 Fix link of p11-kit-proxy.dylib on Mac OS X However, on Mac OS X the library is named libp11-kit.dylib so in the above command the source of the link resolves to nothing, the destination becomes the source and the link to a non-existent file is created in the working directory. https://bugs.freedesktop.org/show_bug.cgi?id=98022 p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d74e29cf9733a405a0ea254a2d1edf236ae8735e Author: Daiki Ueno Date: 2016-08-12 test: Make test-module work --without-trust-module The test-module program currently depends on TRUST_PATHS, which is determined by the configure script and normally points to a resource outside of the build tree. To make the test system-independent, use a crafted path for testing. https://bugs.freedesktop.org/show_bug.cgi?id=89027 trust/test-module.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 927c8e98f159607acf7fa8b0f5bcf9a4d0497742 Author: Daiki Ueno Date: 2016-08-10 iter: Utilize 'slot-id' URI path attribute https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/iter.c | 8 +++++- p11-kit/test-iter.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 1 deletion(-) commit e0c5d429df6ebe2cb88425edf42f65bfb33f0b77 Author: Daiki Ueno Date: 2016-08-10 iter: Utilize slot info URI path attributes https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/iter.c | 27 ++++++++++++++ p11-kit/iter.h | 2 + p11-kit/test-iter.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 134 insertions(+) commit 31fbc32c41518b93a7b9903d7840378bab55370c Author: Daiki Ueno Date: 2016-08-08 uri: Support 'slot-id' path attribute Accept 'slot-id' path attribute defined in RFC 7512. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/test-uri.c | 47 ++++++++++++++++++++++++++++++++ p11-kit/uri.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++--- p11-kit/uri.h | 4 +++ 3 files changed, 126 insertions(+), 3 deletions(-) commit 8577e4dc23349ae8d04708190de6d1ae469ab460 Author: Daiki Ueno Date: 2016-08-08 uri: Support slot info path attributes Accept 'slot-description' and 'slot-manifacturer' path attributes defined in RFC 7512. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/private.h | 3 ++ p11-kit/test-uri.c | 70 +++++++++++++++++++++++++++++++++++++ p11-kit/uri.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/uri.h | 6 ++++ 4 files changed, 180 insertions(+) commit 63644dcb6ccf52508f41633945fce9c3a8e46d3d Author: Daiki Ueno Date: 2016-08-08 uri: Remove whitespace early when parsing For every path/query component, p11_kit_uri_parse() allocates a small buffer to strip whitespace out. This patch removes any whitespace in the URI at the entry of the function to simplify the code. Note that RFC 7512 actually suggests to ignore whitespace at the extracting phase rather than the parsing phase. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/uri.c | 144 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 66 deletions(-) commit d8f90d300eb76e04dec2caba99f78e7f8a99b215 Author: Daiki Ueno Date: 2016-08-12 Fix leak when C_Initialize() is called from child The test case added for bug 90289 (commit c73edd00) revealed that some of the C_Initialize() implementations do not consider the case where it is called from the parent process and then from the child process, without calling C_Finalize() in between. common/mock.c | 3 +++ p11-kit/modules.c | 2 ++ 2 files changed, 5 insertions(+) commit 8afd8d92771d279b38acc098c84027b2cf0dd168 Author: Daiki Ueno Date: 2016-08-18 configure: Remove redundant AM_GNU_GETTEXT There is the same line a few lines below. configure.ac | 1 - 1 file changed, 1 deletion(-) commit 8c8c81942038e0068472dd9bab8d57c00b2acee4 Author: Daiki Ueno Date: 2016-08-12 Fix typos flagged by codespell p11-kit/fixtures/test-system-none.conf | 2 +- p11-kit/iter.c | 8 ++++---- p11-kit/modules.c | 4 ++-- p11-kit/rpc-server.c | 2 +- p11-kit/util.c | 2 +- trust/builder.c | 2 +- trust/p11-kit-trust.module | 2 +- trust/parser.c | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) commit fb73b3a908d8fa21b0e7f6461fc9e77c1e15f4b3 Author: Stef Walter Date: 2016-08-09 Fix typo in pkcs11.conf Pointed out by David Woodhouse doc/manual/pkcs11.conf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fedcaf873e4d08741407c7be1db8c2d73dcc1241 Author: Stef Walter Date: 2016-08-09 doc: Fix interpolation of p11-kit configuration paths in documentation Previously these were expanded based on the home directory of the one building the documentation (me). doc/manual/Makefile.am | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 77d0791d0d6baf6fcc7578e0d170d754850c4068 Author: Andreas Metzler Date: 2016-02-23 Doc: p11_kit_module_load accepts a filename arg. p11_kit_module_load() hands on the module_path argument to load_module_from_file_inlock() which accepts relative paths, prepending P11_MODULE_PATH. Update API documentation accordingly. https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html p11-kit/modules.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 6c4ef3f492d88acca931174519b7aa1215cc1a18 Author: Pankaj Date: 2016-01-05 Avoiding redundant check https://bugs.freedesktop.org/show_bug.cgi?id=93587 p11-kit/modules.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 5f6cc6c4c66050069d0db93006299cde44920559 Author: Stef Walter Date: 2015-12-07 Fix distcheck by removing some linguas that don't build po/LINGUAS | 2 -- 1 file changed, 2 deletions(-) commit 8ccd99b26d5fb2e19ec45ce3dca28bf53b73c70d Author: Stef Walter Date: 2015-12-07 Bump version number NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit d0b59f5b155369dd2b933c359c1f81e6199e2c3f Author: Gustavo Zacarias Date: 2015-12-02 rpc-transport.c: include sys/select.h for fd_set fd_set and friends, according to POSIX.1-2001, needs sys/select.h, so include it otherwise the build fails for uClibc: p11-kit/rpc-transport.c: In function ‘rpc_socket_read’: p11-kit/rpc-transport.c:350:2: error: unknown type name ‘fd_set’ p11-kit/rpc-transport.c:416:4: warning: implicit declaration of function ‘FD_ZERO’ [-Wimplicit-function-declaration] Signed-off-by: Gustavo Zacarias https://bugs.freedesktop.org/show_bug.cgi?id=93211 p11-kit/rpc-transport.c | 1 + 1 file changed, 1 insertion(+) commit 981f5358988a4c7044aeddd5bd783c28b2665410 Author: Pankaj Date: 2015-11-04 p11-kit: Fix redundant check for 'signature' is always 'true' https://bugs.freedesktop.org/show_bug.cgi?id=92807 common/mock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 957c6d8c610b71665573564f2299d9aca86d2483 Author: Pankaj Date: 2015-11-06 common: Fix warning about dereferencing NULL pointer https://bugs.freedesktop.org/show_bug.cgi?id=92842 common/mock.c | 1 + 1 file changed, 1 insertion(+) commit 4e22ebfda7b51ec978eacf0c3653bb534de97fe3 Author: Pankaj Date: 2015-11-06 common: Fix in test-code for file descriptor validity check https://bugs.freedesktop.org/show_bug.cgi?id=92843 common/test-compat.c | 1 + 1 file changed, 1 insertion(+) commit a512a01e4c2700a6454d024150aa222f64885d59 Author: Stef Walter Date: 2015-11-09 trust: Fix always false comparison of EAGAIN and EINTR https://bugs.freedesktop.org/show_bug.cgi?id=92864 trust/save.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6558c7174bc6778f13347fc1a356ed6773cef830 Author: Pankaj Date: 2015-10-21 p11-kit: Remove unused pointer https://bugs.freedesktop.org/show_bug.cgi?id=92532 p11-kit/modules.c | 2 -- 1 file changed, 2 deletions(-) commit 478f1065fb6d92fbd4bdf8b0a513f32cf48af170 Author: Stef Walter Date: 2015-10-20 po: Update translations from transifex build/tx-update | 6 +- po/ar.po | 4 +- po/as.po | 4 +- po/az.po | 6 +- po/bg.po | 16 ++- po/bn_IN.po | 4 +- po/ca.po | 4 +- po/ca@valencia.po | 4 +- po/cs.po | 152 ++++++++++++------------ po/cy.po | 4 +- po/da.po | 4 +- po/de.po | 30 ++--- po/el.po | 179 ++++++++++++++-------------- po/en_GB.po | 179 ++++++++++++++-------------- po/eo.po | 18 ++- po/es.po | 21 ++-- po/es_CL.po | 342 ------------------------------------------------------ po/et.po | 2 +- po/eu.po | 16 ++- po/fa.po | 16 ++- po/fi.po | 25 ++-- po/fo.po | 4 +- po/fr.po | 179 ++++++++++++++-------------- po/ga.po | 4 +- po/gl.po | 30 +++-- po/gu.po | 4 +- po/he.po | 4 +- po/hi.po | 4 +- po/hr.po | 23 ++-- po/hu.po | 21 ++-- po/ia.po | 16 ++- po/id.po | 19 ++- po/it.po | 24 ++-- po/it_IT.po | 342 ------------------------------------------------------ po/ja.po | 19 ++- po/ka.po | 21 ++-- po/kk.po | 17 +-- po/kn.po | 4 +- po/ko.po | 23 ++-- po/lt.po | 4 +- po/lv.po | 24 ++-- po/ml.po | 4 +- po/mr.po | 4 +- po/ms.po | 4 +- po/nb.po | 4 +- po/nl.po | 21 ++-- po/nn.po | 4 +- po/oc.po | 6 +- po/or.po | 4 +- po/pa.po | 18 ++- po/pl.po | 22 ++-- po/pt.po | 4 +- po/pt_BR.po | 21 ++-- po/ro.po | 4 +- po/ru.po | 184 ++++++++++++++--------------- po/sk.po | 180 ++++++++++++++-------------- po/sl.po | 21 ++-- po/sq.po | 16 ++- po/sr.po | 24 ++-- po/sr@latin.po | 4 +- po/sv.po | 171 +++++++++++++-------------- po/ta.po | 4 +- po/te.po | 16 ++- po/th.po | 4 +- po/tr.po | 144 ++++++++++++----------- po/uk.po | 21 ++-- po/vi.po | 4 +- po/wa.po | 4 +- po/zh_CN.po | 179 ++++++++++++++-------------- po/zh_HK.po | 16 ++- po/zh_TW.po | 19 ++- 71 files changed, 1097 insertions(+), 1856 deletions(-) commit 5e6336ba0393c9d69be843c432e4c4927caea245 Author: Stef Walter Date: 2015-10-20 Add estonian translation from Transifex po/LINGUAS | 1 + po/et.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 343 insertions(+) commit 98dbc98709bb9a5fe1d6e7beea585c39073e528c Author: Pankaj Date: 2015-10-20 p11-kit: Fix warnings related to use dangling pointer https://bugs.freedesktop.org/show_bug.cgi?id=92551 p11-kit/modules.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 29014eab3caf4f70fcd94c8198ca24992b1e5ec6 Author: Stef Walter Date: 2015-10-19 common: Remove compat timegm() implementation We no longer use timegm() common/compat.c | 31 ------------------------------- configure.ac | 1 - 2 files changed, 32 deletions(-) commit 3be562d4d386eddc79489715507d979135d4b74a Author: Pankaj Date: 2015-10-19 p11-kit: 'int' comparison with 'unsigned int' in for() for the array index https://bugs.freedesktop.org/show_bug.cgi?id=92443 common/array.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2db405ff7781ec43b77bd2592c41eff22e2b362a Author: Pankaj Date: 2015-10-19 p11-kit: 'int' comparison with 'unsigned int' in for() for array index common/dict.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c57c1d592c82da7f444cde440c5f32930542b43a Author: Pankaj Date: 2015-10-19 p11-kit: 'int' comparison with 'unsigned int' in for() for array index https://bugs.freedesktop.org/show_bug.cgi?id=92445 p11-kit/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4286fd792b869e27cc362a8de9334d4686aed539 Author: Ludovic Rousseau Date: 2015-10-19 manual: Fix typos in documentation https://bugs.freedesktop.org/show_bug.cgi?id=92520 doc/manual/p11-kit-sharing.xml | 4 ++-- doc/manual/pkcs11.conf.xml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit ee1d48020b24164b5547de2affd0f38dafab8949 Author: Pankaj Date: 2015-10-12 p11-kit: Fix expression 'call_id < 0' is always false https://bugs.freedesktop.org/show_bug.cgi?id=92434 p11-kit/rpc-message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a005e75a4e1b63db8e19ea0e73479588ab345a6 Author: Robert Milasan Date: 2015-07-30 Fix trust command segfaults in expand_homedir() when no matching password record was found Hello, it looks like under some conditions, command trust segfaults in expand_homedir() due to no matching password record was found: Signed-off-by: Robert Milasan Signed-off-by: Stef Walter * Updated path so message is printed and errno is not overwritten https://bugs.freedesktop.org/show_bug.cgi?id=91506 common/path.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit ac151af6e41242eb46689f326311195b5f7b65fc Author: Lew Palm Date: 2015-07-14 Fix build on Mingw due to missing EWOULDBLOCK https://bugs.freedesktop.org/show_bug.cgi?id=89081 p11-kit/rpc-transport.c | 3 +++ 1 file changed, 3 insertions(+) commit 406803044f61fcbd491749a5530b39beed270dd2 Author: Nikos Mavrogiannopoulos Date: 2015-07-10 Added p11_kit_module_get_filename() That function allows to obtain the filename used by the PKCS #11 module. That is the filename used by dlopen(). Note that we don't provide p11_kit_module_for_filename() because it would have to deal with filename equivalences. Signed-off-by: Stef Walter * Fixed up whitespace p11-kit/modules.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit.h | 1 + p11-kit/test-modules.c | 40 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 85 insertions(+), 1 deletion(-) commit cacaf8cd0b0a4f2cd61b61b012cd5cbf715fe38f Author: Nikos Mavrogiannopoulos Date: 2015-06-24 In proxy module don't call C_Finalize on a forked process. This corrects a deadlock on the forked process. The deadlock happened because the proxy called C_Finalize prior to a C_Initialize which is wrong according to PKCS #11 (2.40). This patch eliminates the C_Finalize call in that case. This resolves #90289 https://bugs.freedesktop.org/show_bug.cgi?id=90289 Reviewed-by: Stef Walter p11-kit/proxy.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit c73edd002462ca1185de1e9e72d9f68f01c93f32 Author: David Woodhouse Date: 2015-06-03 Add test case for bug 90289 (deadlock on C_Initialize() in child after fork) Reviewed-by: Stef Walter p11-kit/test-proxy.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) commit ec8a291efb87f1751a18c7e023a67232c15a4ef2 Author: Nikos Mavrogiannopoulos Date: 2015-06-24 Do not deinitialize libffi's wrapper functions Libffi uses shared memory to store them, and a deallocation in a child will cause issues for the parent or vice versa. Signed-off-by: Stef Walter * Use #if to comment out code, avoid compiler warnings p11-kit/virtual.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit c9095cb154cfd9937332b1a980316d10a9655d51 Author: Nikos Mavrogiannopoulos Date: 2015-06-23 Added test case for crash after a fork in proxy module Reviewed-by: Stef Walter p11-kit/test-proxy.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) commit c562aff333bd73a3fe5c15d2969a4ea70300a426 Author: Pankaj Date: 2015-06-03 p11-kit: Missing unlock in function rpc_socket_read() https://bugs.freedesktop.org/show_bug.cgi?id=90827 p11-kit/rpc-transport.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8768b4611d3268d6fca7fc214ce0a5c7ec7fc332 Author: Pankaj Date: 2015-06-01 trust: Fix double close() trust/save.c | 1 - 1 file changed, 1 deletion(-) commit 6712b49861e3e59534c5e4b6d75146a01b939aff Author: Stef Walter Date: 2015-04-17 Fix some compiler warnings from GCC 5.x trust/test-persist.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ec9e2450bafa1cda47525b38a28c8f981f43c1e1 Author: Stef Walter Date: 2015-02-20 Release version 0.23.1 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit e49fba71493408305b297df7eb4e64d882b778ee Author: Nikos Mavrogiannopoulos Date: 2014-12-23 Generate URIs compliant to the PKCS#11 URI draft in LC We continue to accept both the older style 'object-type' field in addition to the new 'type' field. However we start generating URIs in the new form. In other words we have backwards compatibility, but not forwards compatibility. Given the fact that PKCS#11 URIs are now standardizing this is an acceptable compromise. https://bugs.freedesktop.org/show_bug.cgi?id=86474 p11-kit/test-uri.c | 26 +++++++++++++------------- p11-kit/uri.c | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) commit 6fb74150b8c8f957e96fd423beeccd36cf04e1bc Author: Nikos Mavrogiannopoulos Date: 2014-12-23 Added test for pin-value https://bugs.freedesktop.org/show_bug.cgi?id=87582 Signed-off-by: Stef Walter * Added test for bad encoded pin-value in uri p11-kit/test-uri.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) commit d1122aa7587c445b3d03f35258ea46038807bf69 Author: Nikos Mavrogiannopoulos Date: 2014-12-23 Added support for pin-value PKCS#11 URI element https://bugs.freedesktop.org/show_bug.cgi?id=87582 p11-kit/uri.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/uri.h | 5 +++++ 2 files changed, 57 insertions(+) commit 890d69d7fde23ea15a082026a4d1c01aba805569 Author: Stef Walter Date: 2015-02-20 p11-kit: Remove duplicate WHITESPACE define p11-kit/uri.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit a6df1f21e42a3b57448eb6897b976ac8883908eb Author: Adam Williamson Date: 2015-01-13 trust: Add pem-directory-hash extract format This allows extraction of a directory of standard PEM files with the OpenSSL hash symlinks; this is a format used by some popular platforms (Debian's /etc/ssl/certs is in this form, and OpenSUSE provides it for compatibility). Initially by: Ludwig Nussel Signed-off-by: Stef Walter * Added header, fixed compiler warnings doc/manual/trust.xml | 6 +++- trust/extract-openssl.c | 76 ++++++++++++++++++++++++++----------------------- trust/extract-pem.c | 49 +++++++++++++++++++++++++------ trust/extract.c | 17 ++++++----- trust/extract.h | 8 ++++++ trust/test-bundle.c | 35 +++++++++++++++++++++++ 6 files changed, 139 insertions(+), 52 deletions(-) commit b65e3148a8ea2d54b17a8be617bbdcb026c49fcd Author: Stef Walter Date: 2014-11-14 uri: Accept 'type' in additon to 'object-type' in PKCS#11 URIs This was a later change to the PKCS#11 specification drafts p11-kit/test-uri.c | 27 +++++++++++++++++++++++++++ p11-kit/uri.c | 5 +++-- 2 files changed, 30 insertions(+), 2 deletions(-) commit 7c2270eaaaf0e60e204cb81dd017bc89394f4f59 Author: Michael Cronenworth Date: 2014-11-11 compat: Add definition for setenv for Win32 Signed-off-by: Michael Cronenworth common/compat.h | 4 ++++ configure.ac | 1 + 2 files changed, 5 insertions(+) commit bfb3bd47aa48983f5349479bca598403097ff81c Author: Stef Walter Date: 2014-10-09 Release version 0.22.1 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 03d280df9a73aca5cb6eabbcb97ef3ca4e1ae0e5 Author: Stef Walter Date: 2014-10-09 trust: Certificate CKA_ID is SubjectKeyIdentifier if possible The PKCS#11 spec states that the CKA_ID should match the SubjectKeyIdentifier if such an extension is present. We delay the filling of CKA_ID until the builder phase of populating attributes which allows us to have more control over how this works. Note that we don't make CKA_ID reflect SubjectKeyIdentifier *attached* extensions. The CKA_ID isn't supposed to change after object creation. Making it dependent on attached extensions would be making promises we cannot keep, since attached extensions can be added/removed at any time. This also means the CKA_ID of attached extensions and certificates won't necessarily match up, but that was never promised, and not how attached extensions should be matched to their certificate anyway. Based on a patch and research done by David Woodhouse. https://bugs.freedesktop.org/show_bug.cgi?id=84761 trust/builder.c | 55 ++++++++++++++++++++++++++++++++++++++++++---------- trust/parser.c | 37 ++++++++++------------------------- trust/test-builder.c | 2 +- trust/test-parser.c | 2 -- trust/test-trust.c | 2 ++ trust/x509.c | 32 +++++++++++++++++++++++++----- trust/x509.h | 7 ++++++- 7 files changed, 91 insertions(+), 46 deletions(-) commit b3579cb54bd5cd16e9740404408b2505b4b1e26b Author: Stef Walter Date: 2014-09-12 trust: Allow 'BEGIN PUBLIC KEY' PEM blocks in .p11-kit files These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object being read/written. https://bugs.freedesktop.org/show_bug.cgi?id=83799 doc/internal/persist-format.txt | 13 +++++++++---- trust/persist.c | 24 ++++++++++++++++++++++++ trust/test-persist.c | 27 +++++++++++++++++++++++++++ trust/test-trust.h | 22 ++++++++++++++++++++++ 4 files changed, 82 insertions(+), 4 deletions(-) commit c1dd399d265f20bd3df4dc76dcf735aba1ffa515 Author: Roman Bogorodskiy Date: 2014-10-06 trust: add missing libtasn1 cflags Add a number of missing LIBTASN1_CFLAGS where it's required trust/Makefile.am | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit af8fba2fa90c6d9b98750f7e33c3b0df9f698cfc Author: Stef Walter Date: 2014-10-06 Bump libtool versioning for added APIs configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ab778cc54c8671ba79cf4baca7be2608c7cce886 Author: Antoine Jacoutot Date: 2014-10-05 Unbreak build on OpenBSD Add missing header for strdup(3). When EPROTO is not available, fallback to EIO. https://bugs.freedesktop.org/show_bug.cgi?id=84665 p11-kit/rpc-transport.c | 5 +++++ 1 file changed, 5 insertions(+) commit 80e4f6a6e04582fe11c98e6133e3e306e5556d8d Author: Michael Cronenworth Date: 2014-10-04 makefile: Rename DATADIR to not conflict with Win32 define Signed-off-by: Michael Cronenworth Makefile.am | 2 +- trust/module.c | 2 +- trust/test-module.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit b785f39384af08c35b08ab74671443234260cccc Author: Stef Walter Date: 2014-10-02 Release version 0.22.0 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 16e25b2890927108ec15297aabb1d86a49792741 Author: Stef Walter Date: 2014-10-03 p11-kit: Use pthread_atfork() in a safe manner Instead of trying to perform actions in pthread_atfork() which are not async-signal-safe, just increment a counter so we can later tell if the process has forked. Note this does not make it safe to mix threads and forking without immediately execing. This is a far broader problem that p11-kit, however we now do the right thing when fork+exec is used from a thread. https://bugs.freedesktop.org/show_bug.cgi?id=84567 common/library.c | 11 ++++++++++ common/library.h | 2 ++ common/mock.c | 1 + p11-kit/modules.c | 55 ++++++++++------------------------------------ p11-kit/proxy.c | 62 ++++++++++++++++------------------------------------ p11-kit/proxy.h | 2 -- p11-kit/rpc-client.c | 20 ++++++++--------- p11-kit/test-proxy.c | 2 +- p11-kit/test-rpc.c | 25 +++++++-------------- 9 files changed, 63 insertions(+), 117 deletions(-) commit a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908 Author: Stef Walter Date: 2014-10-01 remote: Run separate executable binary for 'p11-kit remote' This allows security frameworks like SELinux or AppArmor to target it specifically. Makefile.am | 1 + p11-kit/Makefile.am | 13 ++++- p11-kit/p11-kit.c | 69 +------------------------- p11-kit/remote.c | 137 ++++++++++++++++++--------------------------------- p11-kit/rpc-server.c | 101 +++++++++++++++++++++++++++++++++++++ 5 files changed, 164 insertions(+), 157 deletions(-) commit 76f230ced6e9ca2a598988bc00b7b971208e8f64 Author: Stef Walter Date: 2014-10-02 p11-kit: P11_KIT_PRIVATEDIR env var overrides private binary dir External binaries are searched for in $(libdir)/p11-kit. The P11_KIT_PRIVATEDIR can be used to override that, for example during 'make check' p11-kit/p11-kit.c | 7 ++++++- p11-kit/test-transport.c | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) commit 960cb9a7db1950ad1414f70b0e3ec240542601ac Author: Stef Walter Date: 2014-10-02 common: Use secure_getenv() implementation when setuid In anything security sensitive, use secure_getenv() implementation for retrieving environment variables. common/Makefile.am | 8 ++++++- common/compat.c | 8 +++++++ common/compat.h | 2 ++ common/debug.c | 3 ++- common/frob-getenv.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++ common/test-compat.c | 27 ++++++++++++++++++++++ common/test.c | 2 +- configure.ac | 2 +- 8 files changed, 113 insertions(+), 4 deletions(-) commit c9474683dd3db5ad87227dd3c3734ab31bfc01e9 Author: Stef Walter Date: 2014-10-02 common: In tests preserve parent environment for children common/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d3505c2b556b859e1a14062579fd67ec2ab25435 Author: Stef Walter Date: 2014-10-01 p11-kit: Remove the 'isolated' option for now This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process. doc/manual/p11-kit-sharing.xml | 5 +++-- doc/manual/pkcs11.conf.xml | 11 ++--------- p11-kit/modules.c | 13 ------------- 3 files changed, 5 insertions(+), 24 deletions(-) commit c41e0e1d9a4a9a4533bc6f370e5eebe1d6b9752c Author: Michael Cronenworth Date: 2014-09-12 common: Move unistd include to define getopt and friends Needed to fix MinGW builds. Signed-off-by: Michael Cronenworth common/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eeca6f88e1c59543b09df3f9a45224e32d531ef7 Author: Stef Walter Date: 2014-09-17 Release version 2.21.3 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 800f310dd3f2fcbf3852a42c67b5dd37e4ef4415 Author: Stef Walter Date: 2014-09-10 trust: Use term 'attached extensions' instead of 'stapled' The term 'stapled extensions' is confusing because it overloads terminology used with OSCP stapling. Suggested by Daniel Kahn Gillmor. trust/builder.c | 4 ++-- trust/enumerate.c | 48 ++++++++++++++++++++++++------------------------ trust/enumerate.h | 2 +- trust/extract-openssl.c | 8 ++++---- trust/parser.c | 46 +++++++++++++++++++++++----------------------- trust/test-builder.c | 30 +++++++++++++++--------------- trust/test-enumerate.c | 2 +- trust/test-parser.c | 4 ++-- 8 files changed, 72 insertions(+), 72 deletions(-) commit eccbcc298f59eb9518b07baf840930cec54c7655 Author: Stef Walter Date: 2014-09-04 common: New public pkcs11x.h header containing extensions Move our internal stuff to pkcs11i.h, and install the pkcs11x.h header containing extensions. https://bugs.freedesktop.org/show_bug.cgi?id=83495 common/Makefile.am | 3 +- common/attrs.c | 1 + common/constants.c | 1 + common/mock.h | 2 +- common/pkcs11i.h | 505 +++++++++++++++++++++++++++++++++++++++++++++++++ common/pkcs11x.h | 458 +------------------------------------------- doc/manual/Makefile.am | 1 + p11-kit/virtual.h | 2 +- trust/builder.c | 1 + trust/persist.c | 1 + trust/test-builder.c | 1 + trust/test-persist.c | 1 + 12 files changed, 520 insertions(+), 457 deletions(-) commit b1cd802e4241aa81c12ba4ecccdb17404799ff03 Author: Stef Walter Date: 2014-09-04 common: Change the CKA_X_PUBLIC_KEY_INFO constant to CKA_PUBLIC_KEY_INFO CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that rather than defining our own. * Fixed up by Nikos Mavrogiannopoulos https://bugs.freedesktop.org/show_bug.cgi?id=83495 common/attrs.c | 2 +- common/constants.c | 2 +- common/pkcs11x.h | 6 +++++- trust/builder.c | 14 +++++++------- trust/enumerate.c | 16 ++++++++-------- trust/list.c | 2 +- trust/parser.c | 2 +- trust/test-builder.c | 28 ++++++++++++++-------------- trust/test-enumerate.c | 8 ++++---- trust/test-openssl.c | 12 ++++++------ trust/test-parser.c | 8 ++++---- 11 files changed, 52 insertions(+), 48 deletions(-) commit 9ba2165ef75c63960ce95c9b1b085a0a630cfb14 Author: Stef Walter Date: 2014-09-04 common: Add support for multiple field names (ie: nicks) per constant This allows us to have old/new names for a given constant. https://bugs.freedesktop.org/show_bug.cgi?id=83495 common/constants.c | 31 ++++++++++++++++--------------- common/constants.h | 2 +- common/test-constants.c | 10 +++++----- 3 files changed, 22 insertions(+), 21 deletions(-) commit 1ede9a957c5a4f2c44b6bc88ba380a41c145a81b Author: Michael Cronenworth Date: 2014-09-09 p11-kit: Fix tests when building with MinGW Signed-off-by: Michael Cronenworth p11-kit/test-managed.c | 9 +++++++++ p11-kit/test-rpc.c | 9 +++++++++ p11-kit/test-transport.c | 12 ++++++++++++ 3 files changed, 30 insertions(+) commit 086c08ceef86825b7b738c2da016915e91896a20 Author: Michael Cronenworth Date: 2014-08-17 trust: Fix token test when building with MinGW Signed-off-by: Michael Cronenworth trust/test-token.c | 4 ++++ 1 file changed, 4 insertions(+) commit 92ad58dec9a170a128734ea99e532e8a6a7d5499 Author: Roman Bogorodskiy Date: 2014-09-09 configure: Check for pthread_create() in pthread library Check for pthread_create() in pthread library instaed of pthread_mutexattr_init(). This fixes a linking error on FreeBSD. https://bugs.freedesktop.org/show_bug.cgi?id=75674 configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 4dd71231c7b425c44ca231c6c7b1df97545d1501 Author: Stef Walter Date: 2014-09-09 p11-kit: Compilation fixes for previous commit Pushed the wrong version p11-kit/proxy.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 50e4702e6c94aeb3c9096661a78f59db96c86226 Author: Stef Walter Date: 2014-09-09 p11-kit: Make proxy module respect critical = no The p11-kit-proxy.so module would not respect the critical = no setting in module configuration, and fail if any module failed to initialize. https://bugs.freedesktop.org/show_bug.cgi?id=83651 p11-kit/proxy.c | 84 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 47 insertions(+), 37 deletions(-) commit aff7ac7ef469f96a55063ba423af66fca17c29c7 Author: Roman Bogorodskiy Date: 2014-08-18 Fix build without debug When building without debug build fails with: CCLD p11-kit/p11-kit ./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS' cc: error: linker command failed with exit code 1 (use -v to see invocation) gmake[2]: *** [p11-kit/p11-kit] Error 1 This happens because P11_RPC_CHECK_CALLS is not defined when debugging is enabled, so provide a noop macro for that case. p11-kit/rpc-message.h | 2 ++ 1 file changed, 2 insertions(+) commit c3fc7b49890bef7c28c1315476c6270d8ed1a492 Author: Stef Walter Date: 2014-09-05 trust: Show public-key-info in 'trust list --details' Since the public-key-info is an important part of the way we represent trust, show it in 'trust list' if --details is present. trust/list.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit d715fe5312f7b7c1b881cc49847cc15347e286fc Author: Stef Walter Date: 2014-09-05 Release version 0.21.2 NEWS | 10 ++++++++++ configure.ac | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) commit dc55d9d5fc5d904f0bc3c06ba3caf64483b18fa9 Author: Stef Walter Date: 2014-09-05 trust: Produce a proper message for an invalid stapled extension Previously we would output a line like this: p11-kit: 'node != NULL' not true at lookup_extension trust/builder.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 677dee1a04058aefe8c7689f88da52afe3b4b4bb Author: Stef Walter Date: 2014-08-15 Move to non-recursive Makefile for building bins and libs Still use recursive for documentation and translation. Makefile.am | 66 +++-- build/Makefile.decl | 16 -- build/Makefile.tests | 21 -- build/certs/Makefile | 38 +-- common/Makefile.am | 113 ++++++--- common/{tests => }/frob-getauxval.c | 0 common/{tests => }/test-array.c | 0 common/{tests => }/test-attrs.c | 0 common/{tests => }/test-buffer.c | 0 common/{tests => }/test-compat.c | 0 common/{tests => }/test-constants.c | 0 common/{tests => }/test-dict.c | 0 common/{tests => }/test-hash.c | 0 common/{tests => }/test-lexer.c | 0 common/{tests => }/test-message.c | 0 common/{tests => }/test-path.c | 0 common/{tests => }/test-tests.c | 0 common/{tests => }/test-url.c | 0 common/tests/Makefile.am | 39 --- configure.ac | 8 +- doc/manual/Makefile.am | 8 +- p11-kit/Makefile.am | 244 ++++++++++++------ .../files => fixtures}/package-modules/four.module | 0 .../package-modules/win32/four.module | 0 .../files => fixtures}/system-modules/one.module | 0 .../system-modules/two-duplicate.module | 0 .../files => fixtures}/system-modules/two.badname | 0 .../system-modules/win32/one.module | 0 .../system-modules/win32/two-duplicate.module | 0 .../system-modules/win32/two.badname | 0 .../{tests/files => fixtures}/system-pkcs11.conf | 0 p11-kit/{tests/files => fixtures}/test-1.conf | 0 p11-kit/{tests/files => fixtures}/test-pinfile | 0 .../{tests/files => fixtures}/test-pinfile-large | 0 .../files => fixtures}/test-system-invalid.conf | 0 .../files => fixtures}/test-system-merge.conf | 0 .../files => fixtures}/test-system-none.conf | 0 .../files => fixtures}/test-system-only.conf | 0 .../files => fixtures}/test-user-invalid.conf | 0 .../{tests/files => fixtures}/test-user-only.conf | 0 p11-kit/{tests/files => fixtures}/test-user.conf | 0 .../files => fixtures}/user-modules/one.module | 0 .../files => fixtures}/user-modules/three.module | 0 .../user-modules/win32/one.module | 0 .../user-modules/win32/three.module | 0 p11-kit/{tests => }/frob-setuid.c | 0 p11-kit/{tests => }/mock-module-ep.c | 0 p11-kit/{tests => }/mock-module-ep2.c | 0 p11-kit/{tests => }/print-messages.c | 0 p11-kit/{tests => }/test-conf.c | 54 ++-- p11-kit/{tests => }/test-deprecated.c | 0 p11-kit/{tests => }/test-init.c | 0 p11-kit/{tests => }/test-iter.c | 0 p11-kit/{tests => }/test-log.c | 0 p11-kit/{tests => }/test-managed.c | 0 p11-kit/{tests => }/test-mock.c | 0 p11-kit/{tests => }/test-modules.c | 0 p11-kit/{tests => }/test-pin.c | 6 +- p11-kit/{tests => }/test-progname.c | 0 p11-kit/{tests => }/test-proxy.c | 0 p11-kit/{tests => }/test-rpc.c | 0 p11-kit/{tests => }/test-transport.c | 2 +- p11-kit/{tests => }/test-uri.c | 0 p11-kit/{tests => }/test-util.c | 0 p11-kit/{tests => }/test-virtual.c | 0 p11-kit/tests/Makefile.am | 91 ------- trust/Makefile.am | 273 +++++++++++++++------ trust/anchor.c | 5 +- trust/enumerate.h | 5 +- trust/extract.c | 5 +- trust/{tests/files => fixtures}/cacert-ca.der | Bin .../files => fixtures}/cacert3-distrust-all.pem | 0 .../files => fixtures}/cacert3-distrusted-all.pem | 0 .../files => fixtures}/cacert3-not-trusted.pem | 0 .../files => fixtures}/cacert3-trusted-alias.pem | 0 .../files => fixtures}/cacert3-trusted-keyid.pem | 0 .../cacert3-trusted-server-alias.pem | 0 .../{tests/files => fixtures}/cacert3-trusted.pem | 0 trust/{tests/files => fixtures}/cacert3-twice.pem | 0 trust/{tests/files => fixtures}/cacert3.der | Bin trust/{tests/files => fixtures}/cacert3.pem | 0 trust/{tests/files => fixtures}/distrusted.pem | 0 trust/{tests/files => fixtures}/empty-file | 0 trust/{tests/files => fixtures}/multiple.pem | 0 .../files => fixtures}/openssl-trust-no-trust.pem | 0 trust/{tests/files => fixtures}/redhat-ca.der | Bin .../files => fixtures}/self-signed-with-eku.der | Bin .../files => fixtures}/self-signed-with-ku.der | Bin trust/{tests/files => fixtures}/simple-string | 0 trust/{tests/files => fixtures}/testing-server.der | Bin trust/{tests/files => fixtures}/thawte.pem | 0 .../files => fixtures}/unrecognized-file.txt | 0 trust/{tests/files => fixtures}/verisign-v1.der | Bin trust/{tests/files => fixtures}/verisign-v1.pem | 0 trust/{tests => }/frob-bc.c | 0 trust/{tests => }/frob-cert.c | 0 trust/{tests => }/frob-eku.c | 0 trust/{tests => }/frob-ext.c | 0 trust/{tests => }/frob-ku.c | 0 trust/{tests => }/frob-multi-init.c | 0 trust/{tests => }/frob-nss-trust.c | 0 trust/{tests => }/frob-oid.c | 0 trust/{tests => }/frob-pow.c | 0 trust/{tests => }/frob-token.c | 0 trust/{tests => }/input/anchors/cacert3.der | Bin trust/{tests => }/input/anchors/testing-ca.der | Bin trust/{tests => }/input/blacklist/self-server.der | Bin trust/{tests => }/input/cacert-ca.der | Bin trust/{tests => }/input/distrusted.pem | 0 trust/{tests => }/input/verisign-v1.p11-kit | 0 trust/list.c | 5 +- trust/{tests => }/test-asn1.c | 0 trust/{tests => }/test-base64.c | 0 trust/{tests => }/test-builder.c | 0 trust/{tests => }/test-bundle.c | 12 +- trust/{tests => }/test-cer.c | 12 +- trust/{tests => }/test-digest.c | 0 trust/{tests => }/test-enumerate.c | 2 + trust/{tests => }/test-extract.in | 0 trust/{tests => }/test-index.c | 0 trust/{tests => }/test-module.c | 16 +- trust/{tests => }/test-oid.c | 0 trust/{tests => }/test-openssl.c | 20 +- trust/{tests => }/test-parser.c | 20 +- trust/{tests => }/test-pem.c | 0 trust/{tests => }/test-persist.c | 0 trust/{tests => }/test-save.c | 14 +- trust/{tests => }/test-token.c | 4 +- trust/{tests => }/test-trust.c | 0 trust/{tests => }/test-trust.h | 0 trust/{tests => }/test-utf8.c | 0 trust/{tests => }/test-x509.c | 0 trust/tests/Makefile.am | 122 --------- 133 files changed, 632 insertions(+), 589 deletions(-) commit 2a35a67923c26cd38839197aee51c274e5c2550e Author: Stef Walter Date: 2014-08-15 common: Fix regression introduced by last commit The last commit caused dirfd() to become undefined. https://bugs.freedesktop.org/show_bug.cgi?id=82617 common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf8dfa9f33c1aa8d76f8d1ae6cf79afb90497cd4 Author: Baruch Siach Date: 2014-05-05 Fix build against older pthreads implementations Older pthreads implementations like glibc NPTL prior to version 2.12, and uClibc linuxthreads (both), need _XOPEN_SOURCE to expose pthread_mutexattr_settype() and THREAD_MUTEX_DEFAULT. The value 600 (SuSv3, POSIX.1-2001) is equivalent to _POSIX_C_SOURCE 200112L. Fixes the following build error: CC compat.lo compat.c: In function 'p11_mutex_init': compat.c:164:2: warning: implicit declaration of function 'pthread_mutexattr_settype' [-Wimplicit-function-declaration] compat.c:164:2: warning: nested extern declaration of 'pthread_mutexattr_settype' [-Wnested-externs] compat.c:164:36: error: 'PTHREAD_MUTEX_DEFAULT' undeclared (first use in this function) https://bugs.freedesktop.org/show_bug.cgi?id=82617 common/compat.c | 6 ++++++ 1 file changed, 6 insertions(+) commit ea10b26125eff14d5b138ceb0e55994bd38f7381 Author: Stef Walter Date: 2014-08-14 Fix 'make upload-release' target Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6333aedd27b1a9cb81ac2d0556c1a97f726bdb33 Author: Stef Walter Date: 2014-08-11 doc: Fix missing tag in p11-kit-sharing.xml doc/manual/p11-kit-sharing.xml | 1 + 1 file changed, 1 insertion(+) commit ea39cf40a881fd28f86e2625dff80fde58f2e08a Author: Stef Walter Date: 2014-08-11 p11-kit: Fix various noise/issues highlighted by clang p11-kit/modules.c | 1 - p11-kit/remote.c | 3 +-- p11-kit/rpc-client.c | 4 ++-- p11-kit/rpc-server.c | 18 ++++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) commit a7b012fcfa4fd0c1c53de3006a63a8bad4a08041 Author: Stef Walter Date: 2014-08-08 Ignore clang scanner litter .gitignore | 1 + 1 file changed, 1 insertion(+) commit c62ce78b8ae6961c9d1dda092781b6988488a135 Author: Stef Walter Date: 2014-08-08 trust: Don't use invalid public keys for looking up stapled extensions https://bugs.freedesktop.org/show_bug.cgi?id=82328 trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1576ac9495333d0f285e0ab69f444d3ae0630859 Author: Stef Walter Date: 2014-08-08 trust: Print label of certificate when complaining about basic constraints https://bugs.freedesktop.org/show_bug.cgi?id=82328 trust/builder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d9df354fffbbfa42aac796235cf446c63ad2eef8 Author: Stef Walter Date: 2014-08-08 trust: Double check that index bucket is valid before access trust/index.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3748527ed4deb980a2aa0a74893ccb4384951015 Author: Stef Walter Date: 2014-08-08 p11-kit: Remove use after free in debug output code path p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1d563400c9747d6c470cba7abfa9a31d92349d3 Author: Stef Walter Date: 2014-08-08 Quiten down scanner warnings about unused variables p11-kit/lists.c | 5 +---- trust/list.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) commit 26b3e98f7934bd47ab3d387124135f254bd6f8ba Author: Stef Walter Date: 2014-08-08 common: Quiet down clang scanner with assertions Quieten down the clang scanner by telling it to expect that our test assertions fail common/test.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9cd9153a4d4cf78011d2a8f8c7a69aa8f3eda9f3 Author: Stef Walter Date: 2014-08-08 Fix mostly erroneous scanner warnings in tests common/tests/test-array.c | 1 + common/tests/test-dict.c | 3 +++ common/tests/test-tests.c | 2 ++ p11-kit/tests/test-deprecated.c | 6 +++++- p11-kit/tests/test-uri.c | 3 +++ trust/tests/frob-bc.c | 1 + trust/tests/frob-eku.c | 1 + trust/tests/frob-ext.c | 1 + trust/tests/frob-ku.c | 2 ++ trust/tests/frob-oid.c | 2 ++ trust/tests/test-token.c | 2 +- 11 files changed, 22 insertions(+), 2 deletions(-) commit eb9d1fcc8e0adc38ff494af619db37013ff17cb9 Author: Stef Walter Date: 2014-08-08 trust: Fix leak in token loading error path trust/token.c | 1 + 1 file changed, 1 insertion(+) commit 4750c617829b666dd1acb2a12ca61419fa12bc26 Author: Stef Walter Date: 2014-08-08 trust: Fix unlikely use of uninitialized memory in token loading trust/token.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a35cc9be7a34e4fd012b0fa25a7091acf044a038 Author: Stef Walter Date: 2014-08-08 trust: Fix leak in trust list command trust/list.c | 1 + 1 file changed, 1 insertion(+) commit cdf540cefd7e106bc4607584dfa153d847f1a2a9 Author: Stef Walter Date: 2014-08-08 trust: Fix use after free and double free in extract command trust/extract.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit 29325102bb93239313f4b2928f18a589731bd125 Author: Stef Walter Date: 2014-08-08 trust: Remove dead while condition in anchor commond trust/anchor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2663c834561207b947f6a8e98a7661644b6c9630 Author: Stef Walter Date: 2014-08-08 p11-kit: Fix integer overflow in memset() argument p11-kit/virtual.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f8c7ed390672d0749aaf0bbbad2c2af7145ebc01 Author: Stef Walter Date: 2014-08-08 p11-kit: Fix bad check of asprintf() return value p11-kit/p11-kit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a21a0bc541348803f7da01ef6c5b4baf6bc221a Author: Stef Walter Date: 2014-08-08 configure.ac: Add subdir-objects to satisfy newer automakes configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 92523973caae8b195c4d39b6cf872ea09d72d497 Author: Stef Walter Date: 2014-08-08 trust: Fix use of invalid memory in PEM parser trust/pem.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit c22e37091278ffb339c692f5c994c3393b12a254 Author: Stef Walter Date: 2014-08-08 trust: Parse TRUSTED CERTIFICATE openssl format even without CertAux openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the additional CertAux (ie: trust fields) information. It simply leaves that block out. This happens with a command like: $ openssl x509 -in my-cert.pem -out output -trustout trust/parser.c | 32 ++++---- trust/tests/files/openssl-trust-no-trust.pem | 27 +++++++ trust/tests/test-parser.c | 105 +++++++++++++++++++++++++++ 3 files changed, 151 insertions(+), 13 deletions(-) commit 2e503dccd889a3f83951830fda18c9357377693d Author: Stef Walter Date: 2014-08-08 common: Allow specifying which tests to run on command line This modifies our common unit test code so we can specify full test paths on the command line, and restrict the run tests to the ones specified. Order is not respected at this time. common/test.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) commit 6a8843b3c5f6d44eb280a54653388a3de316f638 Author: Stef Walter Date: 2014-08-07 Release version 0.21.1 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 3cbe204722e2d5dfa8e8756e0b57b44c67fdd2c4 Author: Stef Walter Date: 2014-08-07 po: Add new translations: oc Makefile.am | 2 +- po/LINGUAS | 1 + po/oc.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 344 insertions(+), 1 deletion(-) commit 4f2cc97a95733e9ea8f85510b0f1e5c99053ae5e Author: Stef Walter Date: 2014-08-07 common: Don't do repeated linear reallocation of array memory Some mallocs (notably on Windows) have really poor behavior when called repeatedly with a linearly growing buffer. https://bugzilla.redhat.com/show_bug.cgi?id=985419 common/array.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 08a017dbae88f6e57eee387b5984d0494e62d976 Author: Stef Walter Date: 2014-08-07 p11-kit: Tweak last commit, handle the not-forked case When we hadn't forked, but were just not initialized, still return CKR_CRYPTOKI_NOT_INITIALIZED from managed modules. p11-kit/modules.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c61187f879395bb334edba39ee6dfb91f1a9e59b Author: Stef Walter Date: 2014-08-07 p11-kit: Don't complain about C_Finalize called in wrong process When C_Finalize is called in the wrong process, it's often because of a caller unaware of forking. This is a painful area of PKCS#11, but at least for C_Finalize, lets not complain loudly about it. p11-kit/modules.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 8e132ab21378fb5fa1f44afb38c23f44b1277f7d Author: Stef Walter Date: 2014-06-24 p11-kit: Add a new 'isolate' pkcs11 config option This sets 'remote' appropriately to run the module in a separate process. https://bugs.freedesktop.org/show_bug.cgi?id=80472 doc/manual/p11-kit-sharing.xml | 4 ++++ doc/manual/pkcs11.conf.xml | 8 ++++++++ p11-kit/modules.c | 44 ++++++++++++++++++++++++++++++------------ 3 files changed, 44 insertions(+), 12 deletions(-) commit 17ea60eaf9d1b4eab9546d6dfc7e7afe83779f91 Author: Stef Walter Date: 2014-06-24 p11-kit: Cleanup and add documentation for 'remote' option https://bugs.freedesktop.org/show_bug.cgi?id=54105 doc/manual/p11-kit.xml | 15 +++++++++++ doc/manual/pkcs11.conf.xml | 13 ++++++++++ p11-kit/rpc-transport.c | 57 ++++++++++++++++++++++-------------------- p11-kit/tests/test-transport.c | 2 +- 4 files changed, 59 insertions(+), 28 deletions(-) commit d4289fbe420e19882d94827bd82a667a0132fccf Author: Stef Walter Date: 2014-06-24 p11-kit: Add 'p11-kit remote' command for isolating modules This adds a new tool to the p11-kit command called 'remote'. This is the server side of remoting a PKCS#11 module. doc/manual/p11-kit-sections.txt | 1 + p11-kit/Makefile.am | 2 + p11-kit/p11-kit.c | 69 +++++++++++++++++++++++++ p11-kit/{tests/frob-server.c => remote.c} | 86 ++++++++++++------------------- p11-kit/remote.h | 56 ++++++++++++++++++++ p11-kit/tests/Makefile.am | 3 -- p11-kit/tests/test-transport.c | 2 +- 7 files changed, 161 insertions(+), 58 deletions(-) commit 7ec80ff13adb167705a999b7d082c76219adc909 Author: Stef Walter Date: 2013-02-20 rpc: Implement execution of another tool to transport PKCS#11 RPC p11-kit/Makefile.am | 3 +- p11-kit/modules.c | 70 +++- p11-kit/rpc-transport.c | 850 ++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc.h | 36 +- p11-kit/tests/Makefile.am | 19 +- p11-kit/tests/frob-server.c | 173 ++++++++ p11-kit/tests/mock-module-ep2.c | 56 +++ p11-kit/tests/test-rpc.c | 156 +++++++- p11-kit/tests/test-transport.c | 281 +++++++++++++ 9 files changed, 1600 insertions(+), 44 deletions(-) commit 5ecfe2c8aa58a170aac2d9a9c22d7ffb3cc9442a Author: Stef Walter Date: 2013-10-09 mock: Minor testing tweaks to mock testing p11-kit/tests/test-mock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 989eab4f5886c7455242c04bf359619ac148d5ff Author: Stef Walter Date: 2013-10-09 modules: Make config file and module configs overridable by tests p11-kit/modules.c | 15 +++++++++++---- p11-kit/private.h | 7 +++++++ 2 files changed, 18 insertions(+), 4 deletions(-) commit 895f0416448c297a3d06160d748cd0e94eadb366 Author: Stef Walter Date: 2013-10-09 test: Move some file and directory code into general test stuff common/test.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++ common/test.h | 10 ++++++ trust/tests/test-token.c | 52 +++++++++++++++--------------- trust/tests/test-trust.c | 75 ------------------------------------------- trust/tests/test-trust.h | 28 ---------------- 5 files changed, 119 insertions(+), 129 deletions(-) commit ccc5e1569b360b54962e7f4cfaded8ab466b021d Author: Stef Walter Date: 2013-02-20 Add compatibility fdwalk() function This is used when execing another process to close all open file descriptors that we don't wish to be inherited. common/compat.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 7 ++++++ configure.ac | 3 +++ 3 files changed, 83 insertions(+) commit c785ab66890ad7b73c556d6afdf2bb8a32dd50e2 Author: Stef Walter Date: 2012-08-23 rpc: Implement PKCS#11 messages/client/server code * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105 common/debug.c | 1 + common/debug.h | 1 + common/mock.c | 7 + common/mock.h | 3 + doc/manual/Makefile.am | 2 + p11-kit/Makefile.am | 2 + p11-kit/rpc-client.c | 2092 +++++++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc-message.c | 769 +++++++++++++++++ p11-kit/rpc-message.h | 368 ++++++++ p11-kit/rpc-server.c | 1901 ++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc.h | 69 ++ p11-kit/tests/Makefile.am | 1 + p11-kit/tests/test-mock.c | 10 +- p11-kit/tests/test-rpc.c | 939 ++++++++++++++++++++ 14 files changed, 6163 insertions(+), 2 deletions(-) commit 469e75bb8184392cb47b3cb4897589caabe56e70 Author: Andreas Metzler Date: 2014-01-19 Fix typo: supress - > suppress p11-kit/lists.c | 2 +- trust/anchor.c | 2 +- trust/extract.c | 2 +- trust/list.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit 08e4fcd2c7a9b9ea7a46bff5809a7c383f6063a9 Author: Stef Walter Date: 2014-07-04 Release version 0.20.3 NEWS | 10 ++++++++++ configure.ac | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) commit 840ec0f54daeb7c3bc37e22b6ec09ea7cfede868 Author: Nikos Mavrogiannopoulos Date: 2014-07-04 Added test for non-null values in empty ID and label URI parts p11-kit/tests/test-uri.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) commit d8c064dff11af8537d1c228927c9da82cb6b60e4 Author: Stef Walter Date: 2014-07-04 p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stable These are useful functions for callers who want to supress all output from p11-kit library. doc/manual/p11-kit-sections.txt | 4 ++-- p11-kit/p11-kit.h | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit 25e8999fd11d0b2c156f3bdd8597142dedd042cb Author: Stef Walter Date: 2014-07-03 p11-kit: Handle managed modules correctly when forking Correctly allow reinitialization when a process forks. We don't yet implement checks on all entry points of a managed module, but this allows callers to call C_Initialize again after forking, as outlined by the PKCS#11 v2 spec. p11-kit/modules.c | 14 ++++++++----- p11-kit/tests/test-managed.c | 47 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 5 deletions(-) commit a2bd1a8c5ba3c611899f7dfc27d553010899eeec Author: Pavel A Date: 2014-07-01 common: Fixed implementation of strerror_r for WinXP ie: when streror_s is missing in msvcrt.dll https://bugs.freedesktop.org/show_bug.cgi?id=76594 common/compat.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 6527f5d3b24a96369a24281db7593d5c4fc73408 Author: Stef Walter Date: 2014-06-25 p11-kit: Fix corrupted list when initialization of modules fail This fixes the function call p11_kit_module_initialize() to correctly rearrange the modules array when initializing a module fails. Also fixes p11_kit_modules_load_and_initialize() p11-kit/modules.c | 2 ++ 1 file changed, 2 insertions(+) commit d21967cdcd18c8fcb749f874c492b7f6c4965817 Author: Milan Crha Date: 2014-06-20 Don't try to symlink p11-proxy.so on windows https://bugs.freedesktop.org/show_bug.cgi?id=76594 p11-kit/Makefile.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ead043f7f29d7d724f559fc4caab17edd8206d78 Author: Stef Walter Date: 2014-06-20 configure: Require automake 1.12 or later We can't use automake 1.10 as serial-tests is not supported there. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4faa892e97e59dd6ab01b4cae3e2534663e18ba7 Author: Pavel A Date: 2014-06-20 Proposed fix for compiler warnings in common/compat.c when buliding for Windows (mingw). This issue has been reported in bug #76594 a. Moved vasprintf before asprintf b. Added prototypes for each of them Thanks, pa Signed-off-by: Pavel A common/compat.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) commit 98292d6bbc21168b517cdfca2635d35f2b47740d Author: Stef Walter Date: 2014-02-13 proxy: Fix cases where modules are unloaded while in use The proxy module would unload the PKCS#11 modules it was proxying when C_Finalize() was called. However if a caller in another thread was inside of a PKCS#11 function at the time, this would cause a crash. Change things around so that underlying modules are finalized during the proxy C_Finalize() but not released/unloaded until the proxy module itself is unloaded. https://bugs.freedesktop.org/show_bug.cgi?id=74919 p11-kit/proxy.c | 53 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 22 deletions(-) commit deca4955a6cce1dd77bbd45b9524b0f7b0825169 Author: Stef Walter Date: 2014-02-13 proxy: Remove assertions when module is not initialized We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than assert() when proxy PKCS#11 functions are called before the module is initialized. https://bugs.freedesktop.org/show_bug.cgi?id=74919 p11-kit/proxy.c | 2 -- 1 file changed, 2 deletions(-) commit 44beedb8c2b4e30b421b604fb1b044402a1d1ff6 Author: Pascal Terjan Date: 2014-02-09 Fix handling of mmap failure and mapping empty files Check the return value of mmap() correctly. Empty files cannot be mmap'd so we implement some work around code for that. https://bugs.freedesktop.org/show_bug.cgi?id=74773 Signed-off-by: Stef Walter common/compat.c | 11 +++++++++-- common/tests/test-compat.c | 17 +++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) commit c59a6b577b7ba1990a7dc04a894c3bc4f4671471 Author: Stef Walter Date: 2014-01-29 Support running autogen.sh from srcdir != builddir autogen.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 73aab81e55a2c2d0161484de756317ad32c80ddc Author: Stef Walter Date: 2014-01-29 Don't use 'aux' directory name Because Windows is really properly screwed up. https://bugs.freedesktop.org/show_bug.cgi?id=74149 build/{aux => litter}/.empty | 0 configure.ac | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) commit 43c54570e97c60457ed09ffb18ad8416b640e51d Author: Stef Walter Date: 2014-01-14 Release version 0.20.2 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 90479889d9ee0c6f64067cb762286e6d25dca4b3 Author: Stef Walter Date: 2014-01-14 distcheck: Build with optimizations so we get proper warnings Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 426db01ae6c793d59b055e2ff7b14eeb14a48e68 Author: Stef Walter Date: 2014-01-14 test-iter: Fix use of uninitialized variable p11-kit/tests/test-iter.c | 1 + 1 file changed, 1 insertion(+) commit 99904e84d9f8f0637f66107807ac4ac9e3339e4a Author: Stef Walter Date: 2014-01-14 trust: Add installcheck target for testing extract This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file. .gitignore | 2 + configure.ac | 1 + trust/tests/Makefile.am | 6 ++ trust/tests/test-extract.in | 189 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 198 insertions(+) commit 1f4f072346e388d7b6b6cf79b111952069c4e95c Author: Stef Walter Date: 2014-01-14 Build in srcdir != builddir fashion by default Naturally this doesn't apply to tarballs .gitignore | 7 +++++++ Makefile.am | 4 ++-- autogen.sh | 3 ++- automaint.sh | 6 +++--- build/Makefile.am | 9 --------- build/certs/{Makefile.am => Makefile} | 2 +- configure.ac | 2 -- doc/manual/Makefile.am | 3 ++- 8 files changed, 17 insertions(+), 19 deletions(-) commit 9afb6eff85489614d0bc56a3a661473c25f9d892 Author: Stef Walter Date: 2014-01-14 Move gtk-doc.make into build directory gtk-doc.make => build/gtk-doc.make | 0 doc/manual/Makefile.am | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) commit 635c22f4518200c7e106cdf507a4c89072f8b6ca Author: Stef Walter Date: 2014-01-13 enumerate: Preload and respect blacklist across all tokens This fixes an issue where a blacklist in one token wasn't properly skipping anchors being extracted with extract-compat https://bugs.freedesktop.org/show_bug.cgi?id=73558 trust/enumerate.c | 196 ++++++++++++++++++++++++++++++++----------- trust/enumerate.h | 3 + trust/tests/test-enumerate.c | 39 ++++++++- 3 files changed, 186 insertions(+), 52 deletions(-) commit 6bc661e907f5382dbd9a76fb47a3b554c2ea0028 Author: Stef Walter Date: 2014-01-13 attrs: Allow NULL attribute to be passed to p11_attr_hash() This allows simpler lookups. https://bugs.freedesktop.org/show_bug.cgi?id=73558 common/attrs.c | 12 +++++++----- common/tests/test-attrs.c | 3 +++ 2 files changed, 10 insertions(+), 5 deletions(-) commit 8d5bff64a7050e983c688bb5612bf4046fe96393 Author: Stef Walter Date: 2014-01-13 enumerate: Use p11_enumerate_ready() from tests This gives a little broader testing of the enumerator https://bugs.freedesktop.org/show_bug.cgi?id=73558 trust/enumerate.c | 5 +++-- trust/tests/test-enumerate.c | 31 ++++++++++++++++++++----------- 2 files changed, 23 insertions(+), 13 deletions(-) commit f875bda849626cb5b894fe56985408ab7ee8f9a3 Author: Stef Walter Date: 2014-01-13 iter: Fix return value in rare memory allocation case p11-kit/iter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc60631d3e327fd97f53c68c5b3134e4cefad7e1 Author: Stef Walter Date: 2014-01-13 iter: Add p11_kit_iter_get_attributes() function A simple wrapper for C_GetAttributeValue() p11-kit/iter.c | 35 +++++++++++++++++++++++++ p11-kit/iter.h | 4 +++ p11-kit/tests/test-iter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) commit f864a68195a9b8fb25c529f539077691fff924a5 Author: Stef Walter Date: 2014-01-08 Remove straggler file in the tools directory tools/tests/test.c | 266 ----------------------------------------------------- 1 file changed, 266 deletions(-) commit e96bc57639a8837e5900a85e282dc0d8bd487fc3 Author: Stef Walter Date: 2014-01-08 Update translations from transifex po/da.po | 169 ++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 85 insertions(+), 84 deletions(-) commit ae7c79d466deff4c37587f11531327c8fa5f534c Author: Stef Walter Date: 2014-01-08 Fix typo in mock.c Reported-by: Tijl Coosemans common/mock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 157941cbd75492b0c74ff21f95de3093cf6d4aca Author: Nikos Mavrogiannopoulos Date: 2013-11-26 Check if pthread and nanosleep() are in libc before linking other libs In recent versions of glibc this is true and prevents linking with pthreads when it is not necessary. Tweaked by Stef Walter Signed-off-by: Stef Walter configure.ac | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit ec02489eca1b7b57c35db71bce5a6f7b876e535e Author: Roman Bogorodskiy Date: 2013-11-08 Drop unused libtasn1.h include It's not only unsed, but also causes build fail because CFLAGS for tests does not contain LIBTASN1_CFLAGS. Signed-off-by: Stef Walter https://bugs.freedesktop.org/show_bug.cgi?id=71379 common/tests/frob-getauxval.c | 2 -- 1 file changed, 2 deletions(-) commit 5ed8c3d3ede6ef30e4b5a40db1438dd6231d5088 Author: Stef Walter Date: 2013-09-13 trust: Check for race in BasicConstraints stapled extension Related to the following bug: https://bugs.freedesktop.org/show_bug.cgi?id=69314 trust/tests/test-builder.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) commit beb377f7479e834366be60dc6c1da2e53278e091 Author: Andreas Metzler Date: 2013-10-01 Disable tests with setgid binaries when running in fakeroot We use the FAKED_MODE environment variable as a way to detect fakeroot. common/tests/test-compat.c | 5 ++++- p11-kit/tests/test-conf.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) commit 895327695f141d5bce5e260b80b5ec01796b214a Author: Stef Walter Date: 2013-09-08 Fix documentation build doc/manual/Makefile.am | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit b5f7f7023365c31d0d26ce91e29c801fe9bec1ed Author: Stef Walter Date: 2013-09-09 Update from transifex and string changes po/LINGUAS | 36 +++++- po/ar.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/as.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/az.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/bg.po | 4 +- po/bn_IN.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ca.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ca@valencia.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/cs.po | 4 +- po/cy.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/da.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/de.po | 5 +- po/el.po | 4 +- po/en_GB.po | 4 +- po/eo.po | 4 +- po/es.po | 5 +- po/es_CL.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/eu.po | 4 +- po/fa.po | 4 +- po/fi.po | 5 +- po/fo.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/fr.po | 4 +- po/ga.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/gl.po | 5 +- po/gu.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/he.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hr.po | 5 +- po/hu.po | 5 +- po/ia.po | 4 +- po/id.po | 5 +- po/it.po | 5 +- po/it_IT.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ja.po | 5 +- po/ka.po | 5 +- po/kk.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/kn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ko.po | 5 +- po/lt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/lv.po | 5 +- po/ml.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/mr.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ms.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/nb.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/nl.po | 5 +- po/nn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/or.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pa.po | 4 +- po/pl.po | 5 +- po/pt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pt_BR.po | 5 +- po/ro.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ru.po | 4 +- po/sk.po | 4 +- po/sl.po | 5 +- po/sq.po | 4 +- po/sr.po | 5 +- po/sr@latin.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sv.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ta.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/te.po | 4 +- po/th.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/tr.po | 4 +- po/uk.po | 5 +- po/vi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/wa.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_CN.po | 4 +- po/zh_HK.po | 4 +- po/zh_TW.po | 4 +- 69 files changed, 11068 insertions(+), 74 deletions(-) commit 247e31c94666fbeab08a5dc67b0b8f7a3edbef27 Author: Stef Walter Date: 2013-09-09 Release version 0.20.1 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 88ac590d2e9786d5b364aac7a23b2b0567e87020 Author: Stef Walter Date: 2013-09-09 Remove unused make variables common/tests/Makefile.am | 6 ++---- p11-kit/tests/Makefile.am | 1 - 2 files changed, 2 insertions(+), 5 deletions(-) commit 8d834060b5af54dcc9581840dfb6452a17a7a7d3 Author: Stef Walter Date: 2013-09-05 extract-compat: Skip extraction if running as non-root trust/trust-extract-compat.in | 6 ++++++ 1 file changed, 6 insertions(+) commit a5713df2c05debd269615226b41e1e0b83de2ba3 Author: Stef Walter Date: 2013-09-05 anchor: Run extract-compat after we've changed something When the 'trust anchor' tool changes something, run 'trust extract-compat' after that point trust/anchor.c | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) commit 00dc2340eab9f9504ef78006686802eb8e3542ad Author: Stef Walter Date: 2013-09-05 trust: More appropriate rv when non-modifiable object deleted This will change once the spec has a specific attribute and code to signify deletability. trust/anchor.c | 1 + trust/module.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 3c7553a1fd47671a98a6d496ac7eeedb1b43df7c Author: Stef Walter Date: 2013-09-05 anchor: Better failure messages when removing anchors trust/anchor.c | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) commit 2476ecb35e175a45ba72101ddfa38b2d048323bb Author: Stef Walter Date: 2013-09-05 messages: Better message for CKR_FUNCTION_REJECTED p11-kit/messages.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 40631193e4979426f10e5244f477d3c411f8e6c3 Author: Stef Walter Date: 2013-09-04 Release version 0.20.0 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 11619d1ddb682ad8f42676732e2179fdcd810566 Author: Stef Walter Date: 2013-09-04 Documentation tweaks doc/manual/p11-kit-config.xml | 2 +- doc/manual/p11-kit-sections.txt | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) commit b4faa7f7e17dea909cd4393d27adbc21b2dea9fb Author: Stef Walter Date: 2013-08-29 Release version 0.19.4 NEWS | 10 ++++++++++ configure.ac | 2 +- doc/manual/Makefile.am | 3 +++ trust/Makefile.am | 2 +- trust/anchor.c | 2 +- trust/extract.c | 4 ++-- 6 files changed, 18 insertions(+), 5 deletions(-) commit c980eb29619edc28610a03ccb62514683604257c Author: Stef Walter Date: 2013-08-29 Route 'p11-kit extract-trust' over to trust tool The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present. .gitignore | 1 + configure.ac | 2 +- p11-kit/p11-kit.c | 58 +++++++++++----------- trust/Makefile.am | 3 +- trust/extract.c | 38 ++++++++++++++ trust/extract.h | 3 ++ ...it-extract-trust.in => trust-extract-compat.in} | 10 ++-- trust/trust.c | 1 + 8 files changed, 81 insertions(+), 35 deletions(-) commit f2beacb7c59b9c4b41b00da993c747fd814882a8 Author: Stef Walter Date: 2013-08-29 trust: Document the new command line trust tool .gitignore | 1 + doc/manual/Makefile.am | 4 + doc/manual/p11-kit-docs.xml | 1 + doc/manual/p11-kit-trust.xml | 5 +- doc/manual/p11-kit.xml | 145 +---------------- doc/manual/trust.xml | 368 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 385 insertions(+), 139 deletions(-) commit 5c19a0e8f5d07a4defb3239a89c224c5f5f9eef4 Author: Stef Walter Date: 2013-08-28 trust: Add 'trust anchor --remove' command Also prevent --store from storing an anchor multiple times trust/anchor.c | 417 ++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 365 insertions(+), 52 deletions(-) commit 2e6d7d3a1e03dc2dbcd98c995bd2d6e5906680d9 Author: Stef Walter Date: 2013-08-28 trust: Add a list command to the trust tool Lists with PKCS#11 URI's and some basic fields. trust/Makefile.am | 1 + trust/list.c | 247 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/list.h | 43 ++++++++++ trust/trust.c | 4 +- 4 files changed, 294 insertions(+), 1 deletion(-) commit dee46ac0c6287fbd57ec9b57ddeade27933fea05 Author: Stef Walter Date: 2013-08-28 trust: Add support for removing trust token objects trust/tests/test-token.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 87 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 185 insertions(+), 1 deletion(-) commit b693517966b1cbe5b81e39aeefad7b52b6f10492 Author: Stef Walter Date: 2013-08-28 trust: Refactor enumeration of certificates to extract Because we want to use this same logic for listing trust trust/Makefile.am | 2 +- trust/{extract-info.c => enumerate.c} | 228 ++++++++++++++++++----- trust/enumerate.h | 103 ++++++++++ trust/extract-cer.c | 18 +- trust/extract-jks.c | 13 +- trust/extract-openssl.c | 36 ++-- trust/extract-pem.c | 20 +- trust/extract.c | 180 ++---------------- trust/extract.h | 84 ++------- trust/tests/Makefile.am | 14 +- trust/tests/test-bundle.c | 62 +++--- trust/tests/test-cer.c | 62 +++--- trust/tests/{test-extract.c => test-enumerate.c} | 151 +++++++-------- trust/tests/test-openssl.c | 111 ++++++----- 14 files changed, 541 insertions(+), 543 deletions(-) commit 714e4a22a82295c41360fbfa6019a31b1e2a0f30 Author: Stef Walter Date: 2013-08-27 trust: Do reload object removals inside a loading block So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module. trust/token.c | 4 ++++ 1 file changed, 4 insertions(+) commit 570403f3421b222167196d380c60eb8430eb4cd7 Author: Stef Walter Date: 2013-08-28 trust: Add index callback for when an object is removed This allows a token to remove the file if desired trust/index.c | 25 ++++++++++++ trust/index.h | 5 +++ trust/session.c | 2 +- trust/tests/test-builder.c | 2 +- trust/tests/test-index.c | 99 ++++++++++++++++++++++++++++++++++++++++++---- trust/token.c | 1 + 6 files changed, 125 insertions(+), 9 deletions(-) commit 58466648aa84ea10c20213d4665c5c93dbf285e9 Author: Stef Walter Date: 2013-08-27 trust: Prefer parsing the persist format to PEM This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data. trust/token.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 619e81b5ffe0677d1d511ef60b8451434c2a32a0 Author: Stef Walter Date: 2013-08-27 trust: Correctly rewrite other objects in a modifiable persist file There was a bug where we were rewriting the modified object multiple times. trust/tests/test-token.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 2 +- 2 files changed, 75 insertions(+), 1 deletion(-) commit 8a9a90e197d67c58898e959358b9a13482732d3d Author: Stef Walter Date: 2013-08-27 Add p11-kit style typedefs for iter and uri In general we're slowly migrating towards the lower case style for stuctures/objects. p11-kit/iter.h | 1 + p11-kit/uri.h | 1 + 2 files changed, 2 insertions(+) commit 1fac2b92d6c53655086a2cc3a653b8e78d92a043 Author: Stef Walter Date: 2013-08-27 iter: Add a p11_kit_iter_destroy_object() function Handy function since this is a common need. doc/manual/p11-kit-sections.txt | 1 + p11-kit/iter.c | 18 ++++++++++++++++++ p11-kit/iter.h | 1 + p11-kit/tests/test-iter.c | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 60 insertions(+) commit dec3efbaf4a6550bc45d1b9926e4d66b93306802 Author: Stef Walter Date: 2013-08-27 iter: Add p11_kit_iter_set_uri() function This is so we can set a filtering uri on the iterator after construction doc/manual/p11-kit-sections.txt | 3 ++- p11-kit/iter.c | 41 ++++++++++++++++++++++++++++++++++------- p11-kit/iter.h | 3 +++ p11-kit/tests/test-iter.c | 28 ++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 8 deletions(-) commit c15dca006ca69c26ec083a4f2d4aac76b9f30d52 Author: Stef Walter Date: 2013-08-27 iter: Add p11_kit_iter_get_token() call To get the already loaded CK_TOKEN_INFO during iteration for the token that the current object is on. doc/manual/p11-kit-sections.txt | 1 + p11-kit/iter.c | 25 +++++++++++++++++++++---- p11-kit/iter.h | 2 ++ p11-kit/tests/test-iter.c | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+), 4 deletions(-) commit 3f357776c15255710997e61ca305aa5a2ce5cf02 Author: Stef Walter Date: 2013-08-27 iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behavior This allows us to try to get a RW session, but if not fallback to a read-only session. doc/manual/p11-kit-sections.txt | 1 - p11-kit/iter.c | 36 ++++++++++++++---------------------- p11-kit/iter.h | 4 +--- p11-kit/tests/test-iter.c | 4 +--- 4 files changed, 16 insertions(+), 29 deletions(-) commit 22220bda09585239533b6a9fef6de51c1ddc2ae6 Author: Stef Walter Date: 2013-08-27 tool: Only include debug lines marked 'tool' when --verbose Otherwise we get all sorts of overwhelming internal debugging when someone specifies --verbose argument to a tool. common/tool.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7f6fd42ea33e09687487e8981e02080c8a6c7b40 Author: Stef Walter Date: 2013-08-27 debug: Allow debug lines longer than 512 characters Since fprintf (stderr, ...) already doesn't print atomically, we don't lose any atomicity here. If we want to print atomically this will need some further reworking anyway. common/debug.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 095a385ead70651536d29c7ddab53f42592a3ef5 Author: Stef Walter Date: 2013-08-27 debug: Add missing 'tool' flag to debug flags common/debug.c | 1 + 1 file changed, 1 insertion(+) commit e835d0f6eae21e1b6f13b8ad585c179bbf1eb946 Author: Stef Walter Date: 2013-08-27 p11-kit: Rename list.c to lists.c to simplify debugging p11-kit/Makefile.am | 2 +- p11-kit/{list.c => lists.c} | 0 2 files changed, 1 insertion(+), 1 deletion(-) commit cdad5bceee79afbf8b3440b39c72890d2e67448d Author: Stef Walter Date: 2013-08-26 Avoid multiple stat() calls for same file As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525 common/compat.c | 39 ++++++++++++++++++++++++++++----------- common/compat.h | 3 +++ common/test.c | 2 +- configure.ac | 1 - p11-kit/conf.c | 35 ++++++++++++++++------------------- p11-kit/conf.h | 3 ++- p11-kit/tests/test-conf.c | 6 +++--- trust/anchor.c | 2 +- trust/parser.c | 3 ++- trust/parser.h | 1 + trust/save.c | 14 ++------------ trust/tests/frob-cert.c | 2 +- trust/tests/test-module.c | 4 ++-- trust/tests/test-parser.c | 20 ++++++++++---------- trust/tests/test-token.c | 12 +++++++----- trust/token.c | 2 +- 16 files changed, 80 insertions(+), 69 deletions(-) commit e1042e93488f2b38abeea58b65440111df69afdc Author: Stef Walter Date: 2013-08-26 compat: Check return value of mmap() properly https://bugs.freedesktop.org/show_bug.cgi?id=68525 common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2978f8fb27681e9f40575ae2be26012e8a54fc71 Author: Pascal Ernster Date: 2013-08-16 Add --with-module-config parameter to the configure script https://bugs.freedesktop.org/show_bug.cgi?id=68122 configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit c777194f0a8d00bcb4e1dc89beebcadf2249ddc0 Author: Stef Walter Date: 2013-08-12 trust: Add test tool for creating BasicConstraints trust/tests/Makefile.am | 1 + trust/tests/frob-bc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) commit 4b1d38759c8cdc85b9ab9ce3a8a24a0dc28f2aa6 Author: Michael Cronenworth Date: 2013-07-30 test-compat calls test_getauxval which is in a UNIX defined block MinGW builds fail due to this. https://bugs.freedesktop.org/show_bug.cgi?id=67518 common/tests/test-compat.c | 2 ++ 1 file changed, 2 insertions(+) commit cdb1a88ba117d92991298445e5db51b6e1f5ce3c Author: Alon Bar-Lev Date: 2013-07-27 do not assume dead code existence in autoconf checks when compiler optimize source, it removes dead code so a linkage error in these cases are not visisble. Signed-off-by: Alon Bar-Lev https://bugs.freedesktop.org/show_bug.cgi?id=67413 configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 68beea0bca786730019df002fa625986a4d65d91 Author: Stef Walter Date: 2013-07-23 Release version 0.19.3 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 2e7952e62ef205c67175e3e717526e4375ca8325 Author: Stef Walter Date: 2013-07-23 Make tests work on file systems with block size directories On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249 trust/tests/test-token.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 02a3bbd560bdb56501fea1b46c5583582832b008 Author: Stef Walter Date: 2013-07-23 Fix uninitialized variables trust/anchor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b457ffc260100e0e3e6b2143b00e34bb419665e Author: Stef Walter Date: 2013-07-23 Don't use _GNU_SOURCE and fix strerror_r usage glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together. common/compat.h | 10 ++++--- common/message.c | 6 +++++ common/test.c | 1 + common/tests/Makefile.am | 1 + common/tests/test-message.c | 65 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 4 +-- trust/token.c | 2 +- 7 files changed, 83 insertions(+), 6 deletions(-) commit b14fc0351c4dd71c5ca71df77e325d2b2a4c0583 Author: Stef Walter Date: 2013-07-23 Fix various memory leaks exposed by 'make leakcheck' common/tests/test-path.c | 90 ++++++++++++++++++++++++---------------------- p11-kit/modules.c | 2 ++ trust/asn1.c | 4 ++- trust/builder.c | 6 ++-- trust/extract-openssl.c | 1 + trust/index.c | 2 +- trust/parser.c | 1 + trust/tests/Makefile.am | 12 +++---- trust/tests/test-asn1.c | 3 +- trust/tests/test-builder.c | 4 +++ trust/token.c | 10 ++++-- 11 files changed, 79 insertions(+), 56 deletions(-) commit b7cc29a78c3c705374ff25223fe14749ddb076b9 Author: Stef Walter Date: 2013-07-23 Use simple serial automake test harness * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues build/Makefile.tests | 2 +- common/test.c | 2 +- common/tests/Makefile.am | 1 + common/tests/test-compat.c | 4 +- common/tests/test-tests.c | 93 +++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- p11-kit/conf.c | 2 +- p11-kit/tests/test-deprecated.c | 1 + p11-kit/tests/test-init.c | 1 + trust/builder.c | 2 +- trust/tests/test-builder.c | 12 ++++-- trust/token.c | 3 +- 12 files changed, 113 insertions(+), 12 deletions(-) commit 4d04cfdf2ac078cc4a95ff9a145f0045e074470b Author: Stef Walter Date: 2013-07-23 Use an automake aux directory for storing litter build/aux/.empty | 1 + configure.ac | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) commit 884819d4028faa77d38a99d3f63376b2f4fdfcd4 Author: Stef Walter Date: 2013-07-18 doc: Add identifiers to doc sections so gtk-doc doesn't autogen them doc/manual/p11-kit-config.xml | 2 +- doc/manual/p11-kit.xml | 12 ++++++------ doc/manual/pkcs11.conf.xml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) commit 86060d6b17fa3848e60aaff9be7768a761c7c428 Author: Stef Walter Date: 2013-07-18 Add appropriate const qualifiers p11-kit/conf.c | 2 +- trust/extract-openssl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 263a83278bd305eb2951907faa3fe08a79fcdeec Author: Stef Walter Date: 2013-07-18 Release version 0.19.2 NEWS | 20 +++++++++++++++++++- configure.ac | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) commit d8532de9570fd7501b8b25ff10ab05392f3a1d42 Author: Stef Walter Date: 2013-07-18 Fix extract example in documentation doc/manual/p11-kit.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 91bbe5ad80a760a58d5eba48f65ddd07fa56a953 Author: Stef Walter Date: 2013-07-18 Use $XDG_CONFIG_HOME/pkcs11 as default user config directory By default this evaluates to ~/.config/pkcs11. This is a somewhat backwards incompatible change. However so far only advanced users have been exposed to the user p11-kit configuration. Distributors are able to revert this if necessary with a --with-user-config='~/.pkcs11' ./configure option. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a1a398ae150cee642efaa03f28e8457c75185d55 Author: Stef Walter Date: 2013-07-18 Use getpwuid_r() instead of the non-thread-sofe getpwuid() common/path.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit b03be8429847451ddf25508b3dc3c520e96a2cc3 Author: Stef Walter Date: 2013-07-18 Fix p11_kit_space_strlen() result when empty string https://bugzilla.redhat.com/show_bug.cgi?id=985416 p11-kit/tests/Makefile.am | 1 + p11-kit/tests/test-util.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/util.c | 6 ++--- 3 files changed, 63 insertions(+), 3 deletions(-) commit 2a69ff5691e114362564a2ab572cd4b3b20dcc27 Author: Stef Walter Date: 2013-07-17 Always pass size_t varargs to p11_hash_xxx() functions https://bugzilla.redhat.com/show_bug.cgi?id=985421 trust/extract-jks.c | 4 ++-- trust/extract-openssl.c | 2 +- trust/x509.c | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) commit 1548d82560b242579f5ba216b66bd59ccd0f3fd0 Author: Stef Walter Date: 2013-07-17 Don't call memdup with zero length or NULL pointer https://bugzilla.redhat.com/show_bug.cgi?id=985433 common/attrs.c | 9 +++++++-- p11-kit/pin.c | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) commit 29a5df009656dc09be781c4939cec3613a0a12cb Author: Stef Walter Date: 2013-07-17 attrs: Check printf formatting in buffer_append_printf() https://bugzilla.redhat.com/show_bug.cgi?id=985497 common/attrs.c | 5 +++++ 1 file changed, 5 insertions(+) commit 9a1fe66f08149596567fedb4e2338ae786a19ab9 Author: Stef Walter Date: 2013-07-17 Avoid using the non-thread-safe strerror() function https://bugzilla.redhat.com/show_bug.cgi?id=985481 common/compat.c | 16 ++++ common/compat.h | 8 ++ common/message.c | 26 ++++++ common/message.h | 4 + common/path.c | 3 +- configure.ac | 2 +- p11-kit/conf.c | 6 +- tools/tests/test.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/parser.c | 2 +- trust/save.c | 47 ++++------ trust/token.c | 19 ++-- 11 files changed, 348 insertions(+), 51 deletions(-) commit e403f7b33ac35e961c72ed1b6335bbe3084e4642 Author: Stef Walter Date: 2013-07-17 Declare static variables const where it makes sense https://bugzilla.redhat.com/show_bug.cgi?id=985337 common/path.c | 8 ++++---- p11-kit/conf.c | 4 ++-- p11-kit/uri.c | 4 ++-- trust/builder.c | 38 +++++++++++++++++++------------------- trust/extract-info.c | 2 +- trust/extract-openssl.c | 2 +- trust/module.c | 4 ++-- 7 files changed, 31 insertions(+), 31 deletions(-) commit 52a84b84a924a9f1cd8090b0a47b9f7d00ca69f3 Author: Stef Walter Date: 2013-07-17 Support expanding $XDG_CONFIG_HOME in user config paths If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation. .gitignore | 2 ++ common/path.c | 37 ++++++++++++++++++++++++------------- common/tests/test-path.c | 6 ++++++ configure.ac | 8 ++++++-- doc/manual/Makefile.am | 17 +++++++++++++++-- doc/manual/p11-kit-config.xml | 18 +++++++++++------- doc/manual/p11-kit-devel.xml | 10 ++++++++++ doc/manual/p11-kit-trust.xml | 10 +++++++--- doc/manual/pkcs11.conf.xml | 14 +++++++++----- doc/manual/version.xml.in | 1 - p11-kit/pkcs11.conf.example.in | 2 +- 11 files changed, 91 insertions(+), 34 deletions(-) commit 936e4c229a4ed205e9981fc4f31acea063701b69 Author: Stef Walter Date: 2013-07-17 Don't load configs from user directory when setuid When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014 common/compat.c | 48 +++++++++++++ common/compat.h | 12 ++++ common/path.c | 5 ++ common/test.c | 99 +++++++++++++++++++++++++++ common/test.h | 9 +++ common/tests/Makefile.am | 5 +- common/tests/frob-getauxval.c | 63 +++++++++++++++++ common/tests/test-compat.c | 30 ++++++++ configure.ac | 3 + doc/manual/p11-kit-config.xml | 3 + doc/manual/pkcs11.conf.xml | 3 + p11-kit/conf.c | 5 ++ p11-kit/tests/Makefile.am | 1 + p11-kit/tests/files/system-modules/one.module | 3 +- p11-kit/tests/files/user-modules/one.module | 3 +- p11-kit/tests/frob-setuid.c | 95 +++++++++++++++++++++++++ p11-kit/tests/test-conf.c | 39 +++++++++++ 17 files changed, 423 insertions(+), 3 deletions(-) commit 81a6e16539e5e4a27c55194ae095cc4a75d08ade Author: Stef Walter Date: 2013-07-17 tools: Use $TMPDIR instead of $TEMP TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017 common/path.c | 44 ----------------------------------- common/test.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++ common/test.h | 2 ++ common/tests/test-path.c | 31 +------------------------ trust/tests/test-bundle.c | 4 +--- trust/tests/test-cer.c | 4 +--- trust/tests/test-module.c | 4 +--- trust/tests/test-openssl.c | 4 +--- trust/tests/test-save.c | 4 +--- trust/tests/test-token.c | 9 ++------ trust/tests/test-trust.c | 6 +++++ 11 files changed, 73 insertions(+), 96 deletions(-) commit eb8f5859b1349f8147ba47a1da8032df192f2370 Author: Stef Walter Date: 2013-07-17 Fix various issues highlighted by coverity scanner Among others fix possible usage of large stack allocation. common/hash.c | 1 + common/lexer.c | 3 ++- p11-kit/iter.c | 12 ++++++------ p11-kit/p11-kit.c | 6 ++++++ p11-kit/tests/test-init.c | 3 +++ trust/extract.c | 20 ++++++++++---------- trust/index.c | 18 +++++++++--------- trust/parser.c | 2 +- trust/tests/frob-nss-trust.c | 1 + trust/tests/test-index.c | 7 ++++--- 10 files changed, 43 insertions(+), 30 deletions(-) commit ab1caffd9e09fd4d6ab92713de29436db0da6dea Author: Stef Walter Date: 2013-07-16 open files with O_CLOEXEC when possible This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986 common/compat.c | 18 ++++++++-- common/compat.h | 4 +++ p11-kit/conf.c | 101 +++++++++++++++----------------------------------------- p11-kit/pin.c | 2 +- 4 files changed, 46 insertions(+), 79 deletions(-) commit 9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361 Author: Stef Walter Date: 2013-07-16 buffer: Check for unlikely integer overflow If we see an integer overflow here something has gone horribly wrong (or malicious code is present). So treat this as unrecoverable, and fail if we're going to overflow. https://bugzilla.redhat.com/show_bug.cgi?id=985019 common/buffer.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 0ddd67184b65dfde0e5d05a957f01eeca161e384 Author: Stef Walter Date: 2013-07-16 Make preconditions abort unconditionally when scanning with coverity This reflects that preconditions are invalid/unreachable on a functioning system and with valid input. We do not try to recover from such conditions. In addition teach coverity about how our test suite fails See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html https://bugzilla.redhat.com/show_bug.cgi?id=985005 common/debug.c | 4 ++++ common/test.c | 5 +++++ 2 files changed, 9 insertions(+) commit b2e6bc0ea2b2d2b90f6a159a23a4e676b1f302e4 Author: Stef Walter Date: 2013-07-16 iter: Document guarantees for filter matches argumet The matches argument is always initialized to CK_TRUE when a filter is called, and it's up to filters to set it to CK_FALSE. Filters don't need to set to CK_TRUE. https://bugzilla.redhat.com/show_bug.cgi?id=985009 p11-kit/iter.c | 4 ++++ 1 file changed, 4 insertions(+) commit 3f9da410144fd45ee6250dda28cae49300077e29 Author: Stef Walter Date: 2013-07-17 Fixes for some recent win32 regressions common/path.c | 21 ++++++++++++++++++--- trust/save.c | 22 ++++++++++------------ trust/token.c | 10 +++++++++- 3 files changed, 37 insertions(+), 16 deletions(-) commit 82738fe7d6143cb25fc1cb201a75b8a071043be8 Author: Stef Walter Date: 2013-07-16 Remove erroneous comments about readdir() and thread-safety https://bugzilla.redhat.com/show_bug.cgi?id=984989 p11-kit/conf.c | 1 - trust/save.c | 1 - trust/token.c | 1 - 3 files changed, 3 deletions(-) commit d00f6b24e5349d8d37868b8f4451b1dc9b38767e Author: Stef Walter Date: 2013-07-10 Build with -fno-common to catch definition problems Fix some global variables not declared as extern https://bugs.freedesktop.org/show_bug.cgi?id=66015 configure.ac | 2 +- p11-kit/virtual.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit fb039d0c292c3cd339179bdc98a09d4103fb9c5f Author: Stef Walter Date: 2013-07-10 Various documentation tweaks and fixes for warnings doc/manual/p11-kit-devel.xml | 2 +- doc/manual/p11-kit-sections.txt | 4 ++++ p11-kit/iter.c | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) commit edd04b610c1c83f26ed036569ad95b89a41fc558 Author: Stef Walter Date: 2013-07-10 Add support for using freebl3 for SHA1 and MD5 hashing Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory. common/hash.c | 502 ---------------------------------- common/hash.h | 20 -- common/tests/test-hash.c | 92 ------- configure.ac | 33 +++ doc/manual/p11-kit-devel.xml | 11 + trust/Makefile.am | 4 + trust/builder.c | 16 +- trust/digest.c | 632 +++++++++++++++++++++++++++++++++++++++++++ trust/digest.h | 60 ++++ trust/extract-jks.c | 14 +- trust/extract-openssl.c | 10 +- trust/parser.c | 4 +- trust/tests/Makefile.am | 9 +- trust/tests/test-builder.c | 6 +- trust/tests/test-digest.c | 143 ++++++++++ trust/tests/test-module.c | 10 +- trust/x509.c | 4 +- 17 files changed, 922 insertions(+), 648 deletions(-) commit eca5a6e491f5f85ba1f06afcea3177c3442ae557 Author: Stef Walter Date: 2013-07-09 trust: Fix the 'p11-kit extract' command This is supposed to call over to 'trust extract' and wasn't working correctly. p11-kit/Makefile.am | 1 + p11-kit/p11-kit.c | 22 ++++++++++++++++++++-- trust/extract.c | 2 +- 3 files changed, 22 insertions(+), 3 deletions(-) commit a314ab2aa9dbfcbc8d2d9a84554265e498520a20 Author: Stef Walter Date: 2013-07-08 trust: Fix bug with load validation failures trust/index.c | 5 +++-- trust/tests/test-index.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) commit 3c36c7a68dfefdf75f7239dd7e006e7eb1366620 Author: Stef Walter Date: 2013-07-08 trust: Add a basic 'anchor' command to store a new anchor trust/Makefile.am | 3 + trust/anchor.c | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/anchor.h | 43 ++++++++ trust/trust.c | 2 + 4 files changed, 348 insertions(+) commit dcca67d72544e394f43a8c62840692c85d5b5b29 Author: Stef Walter Date: 2013-07-08 trust: Fix various issues writing objects in trust token * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly. trust/builder.c | 152 +++++++++-------------------- trust/builder.h | 5 +- trust/index.c | 129 ++++++++++++++++++++++-- trust/index.h | 11 ++- trust/session.c | 2 +- trust/tests/test-builder.c | 238 ++++++++++++++++++++++++++++++++------------- trust/tests/test-index.c | 32 +++--- trust/token.c | 166 +++++++++++++++++++++---------- 8 files changed, 483 insertions(+), 252 deletions(-) commit 3318c443b7a3660f0aee80cfa0d5e915d3a21734 Author: Stef Walter Date: 2013-07-08 trust: Mark CKA_X_DISTRUSTED as a boolean attribute trust/persist.c | 1 + 1 file changed, 1 insertion(+) commit c0a2fe9c974b51e7495d0598a925c07744d895de Author: Stef Walter Date: 2013-07-08 trust: Support token directory paths in user's home directory trust/module.c | 1 + trust/token.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 2c4f5ed657976d868c33f0ddf430477ee2bf0191 Author: Stef Walter Date: 2013-07-08 trust: Explicitly specify which formats parser should parse trust/parser.c | 69 +++++++++++++++++++++++++++++------------------ trust/parser.h | 18 +++++++++++-- trust/tests/test-module.c | 2 ++ trust/tests/test-parser.c | 10 +++++++ trust/token.c | 2 ++ 5 files changed, 73 insertions(+), 28 deletions(-) commit 03787ae83b1911118a7a689c4817bbce1e74dabd Author: Stef Walter Date: 2013-07-08 trust: Support using the parser without an asn1_cache trust/asn1.c | 11 ++++++++--- trust/parser.c | 15 +++++++++++---- trust/tests/test-parser.c | 22 ++++++++++++++++++++++ 3 files changed, 41 insertions(+), 7 deletions(-) commit 9f7c426d5a6bfb0e60895a690ed835c47e04cb4e Author: Stef Walter Date: 2013-07-08 asn1: In p11_asn1_read() allocate an extra null terminator As a courtesy for callers. trust/asn1.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 09ece36663a3672dfa2db97029cfd5f5360188e8 Author: Stef Walter Date: 2013-07-08 common: Fix typo, and don't escape '6' in URL encoding common/url.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 75e2cb73df51a2688ecd2f4b4e3b490ae7b9f5a7 Author: Stef Walter Date: 2013-07-04 p11-kit: Add P11_KIT_MODULE_TRUSTED flag A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes". p11-kit/modules.c | 48 +++++++++++++++--------- p11-kit/p11-kit.h | 1 + p11-kit/tests/files/package-modules/four.module | 3 +- p11-kit/tests/files/system-modules/one.module | 3 +- p11-kit/tests/test-modules.c | 50 +++++++++++++++++++++++++ trust/extract.c | 49 ++++++------------------ 6 files changed, 98 insertions(+), 56 deletions(-) commit 7d4941715b5afc2ef8ea18716990d28965737c70 Author: Stef Walter Date: 2013-07-04 trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above. build/certs/Makefile.am | 19 ++-- common/attrs.c | 1 + common/constants.c | 1 + common/pkcs11x.h | 1 + trust/builder.c | 118 +++++++++++++-------- trust/extract-info.c | 112 ++++++++++++------- trust/extract-openssl.c | 37 ++++--- trust/parser.c | 109 +++++++++++++------ trust/tests/Makefile.am | 1 + .../{cacert3-trusted-multiple.pem => multiple.pem} | 53 +++------ trust/tests/files/verisign-v1.pem | 15 +++ trust/tests/frob-eku.c | 1 + trust/tests/frob-ext.c | 118 +++++++++++++++++++++ trust/tests/test-builder.c | 59 ++++++++--- trust/tests/test-extract.c | 7 +- trust/tests/test-openssl.c | 33 ++++-- trust/tests/test-parser.c | 30 ++++-- trust/tests/test-trust.h | 62 +++++++++++ 18 files changed, 561 insertions(+), 216 deletions(-) commit 2be55821c1ffab99b91c76c43c91dd95db1c21c7 Author: Stef Walter Date: 2013-07-04 trust: Add p11_oid_hash() and various oid strings trust/oid.c | 13 +++++++++++++ trust/oid.h | 7 +++++++ trust/tests/test-oid.c | 19 ++++++++++++++----- 3 files changed, 34 insertions(+), 5 deletions(-) commit ec7c2ff2011d774217c1e35d664072d0487853c7 Author: Stef Walter Date: 2013-07-04 trust: Add p11_asn1_read() and p11_asn1_free() functions Some helpers for commonly used ASN.1 related stuff. trust/asn1.c | 38 ++++++++++++++++++++++++++++++++++++++ trust/asn1.h | 6 ++++++ trust/parser.c | 16 +++------------- trust/persist.c | 11 ++--------- trust/tests/test-asn1.c | 19 +++++++++++++++++++ trust/x509.c | 42 ++++++------------------------------------ 6 files changed, 74 insertions(+), 58 deletions(-) commit a2165fe35e336fd807af053a21a396b020f90a23 Author: Stef Walter Date: 2013-07-03 trust: Initial support for writing out token objects * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable trust/Makefile.am | 1 + trust/module.c | 18 ++-- trust/parser.c | 2 +- trust/tests/test-module.c | 126 +++++++++++++++++++++++++-- trust/tests/test-parser.c | 1 - trust/tests/test-token.c | 110 ++++++++++++++++++++++- trust/tests/test-trust.c | 1 - trust/token.c | 218 +++++++++++++++++++++++++++++++++++++++++----- trust/token.h | 5 +- 9 files changed, 443 insertions(+), 39 deletions(-) commit 269c4c2e82543de273fa9415dec1b9b6e00c51af Author: Stef Walter Date: 2013-07-03 trust: If token path is a file, don't try loading subdirectories trust/token.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) commit 4bbb7038816d3664c92cb442e3d1ccac8f92f83c Author: Stef Walter Date: 2013-07-03 trust: Correctly handle persisting OIDs with zero length trust/persist.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 6f212d25c6e03705d58137a2ffa0ccb59bf944ff Author: Stef Walter Date: 2013-07-03 trust: Don't write out internal attributes when persisting trust/Makefile.am | 1 + trust/index.h | 16 +--------------- trust/persist.c | 7 +++++++ trust/types.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 15 deletions(-) commit e355c6724c6fb8cd604763ad2518751056512b2b Author: Stef Walter Date: 2013-07-03 trust: Add support for saving files with unique file names trust/extract-cer.c | 4 +- trust/extract-jks.c | 2 +- trust/extract-openssl.c | 52 ++++++++------ trust/extract-pem.c | 8 ++- trust/save.c | 171 +++++++++++++++++++++++++++++++++------------ trust/save.h | 6 +- trust/tests/test-openssl.c | 1 - trust/tests/test-save.c | 168 +++++++++++++++++++++++++++++++++----------- 8 files changed, 298 insertions(+), 114 deletions(-) commit 81431ffd8cbf55175b1b9a9ed130fc67d0d4000b Author: Stef Walter Date: 2013-07-03 path: Add p11_path_canon() function Cleans up a filename with readable characters. common/path.c | 15 +++++++++++++++ common/path.h | 2 ++ common/tests/test-path.c | 17 +++++++++++++++++ trust/extract-info.c | 11 ++--------- 4 files changed, 36 insertions(+), 9 deletions(-) commit 1c4522e5df79bd197feab8448008fc2bf6b4ea2e Author: Stef Walter Date: 2013-06-28 trust: Rename p11_index_batch() to p11_index_load() The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage. trust/builder.c | 4 ++-- trust/index.c | 4 ++-- trust/index.h | 4 ++-- trust/tests/test-builder.c | 16 ++++++++-------- trust/tests/test-index.c | 12 ++++++------ trust/token.c | 4 ++-- 6 files changed, 22 insertions(+), 22 deletions(-) commit 17bc43cb82320f2aba4ccb804bd8599232524c6a Author: Stef Walter Date: 2013-06-28 trust: Implement reloading of token data * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes. trust/builder.c | 3 +- trust/extract-info.c | 86 ++++++++---- trust/index.c | 18 ++- trust/index.h | 6 + trust/module.c | 5 +- trust/parser.c | 124 +++-------------- trust/parser.h | 7 +- trust/tests/test-extract.c | 28 ++-- trust/tests/test-parser.c | 184 +++++-------------------- trust/tests/test-token.c | 255 ++++++++++++++++++++++++++++++---- trust/tests/test-trust.c | 75 ++++++++++ trust/tests/test-trust.h | 28 ++++ trust/token.c | 331 +++++++++++++++++++++++++++++++++++---------- trust/token.h | 3 + 14 files changed, 746 insertions(+), 407 deletions(-) commit 7bb9ad33da0154c9a4317f0123046eee85738349 Author: Stef Walter Date: 2013-06-28 iter: Add iteration mode where session is not busy In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests. p11-kit/iter.c | 59 +++++++++++++++-------- p11-kit/iter.h | 7 ++- p11-kit/tests/test-iter.c | 111 +++++++++++++++++++++++++++++++++---------- trust/extract-info.c | 8 ++-- trust/extract.c | 2 +- trust/tests/frob-nss-trust.c | 6 +-- trust/tests/test-bundle.c | 2 +- trust/tests/test-cer.c | 2 +- trust/tests/test-extract.c | 2 +- trust/tests/test-openssl.c | 2 +- 10 files changed, 144 insertions(+), 57 deletions(-) commit 7eabbee227f09cc4ff9e472520f03bba1e35596b Author: Stef Walter Date: 2013-06-28 path: Add p11_path_prefix() function Checks if a wellformed path is identical to or a prefix of another path. common/path.c | 17 +++++++++++++++++ common/path.h | 3 +++ common/tests/test-path.c | 13 +++++++++++++ 3 files changed, 33 insertions(+) commit 1e777512e554db76ba2f1aba800ee09a9fa074f0 Author: Stef Walter Date: 2013-06-26 trust: Implement validation for creating/modifying objects trust/builder.c | 277 ++++++++++++++++++++++++----- trust/tests/test-builder.c | 427 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 661 insertions(+), 43 deletions(-) commit c807b2432bb954caf89f3092b65ea61a1bc6942e Author: Stef Walter Date: 2013-06-25 Fix dependency between p11-kit command and library p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6daeaa08d0e7c7f49392cd9e419c74b6c8721811 Author: Stef Walter Date: 2013-06-25 Fix running trust module tests under distcheck trust/tests/test-module.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) commit 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4 Author: Stef Walter Date: 2013-06-24 Reorganize various components * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory .gitignore | 2 + Makefile.am | 1 - common/Makefile.am | 31 +-- common/tests/Makefile.am | 32 +-- common/tests/test-lexer.c | 35 +-- {tools => common}/tool.c | 76 +++--- {tools => common}/tool.h | 18 +- configure.ac | 2 - doc/manual/Makefile.am | 1 - gtk-doc.make | 2 +- p11-kit/Makefile.am | 20 ++ {tools => p11-kit}/list.c | 15 +- p11-kit/p11-kit.c | 102 ++++++++ tools/Makefile.am | 53 ----- tools/tests/Makefile.am | 84 ------- tools/tests/files/cacert3.der | Bin 1885 -> 0 bytes tools/tests/files/cacert3.pem | 42 ---- tools/tests/test-tools.c | 216 ----------------- tools/tests/test-tools.h | 260 --------------------- trust/Makefile.am | 56 ++++- {common => trust}/asn1.c | 0 {common => trust}/asn1.h | 0 {common => trust}/base64.c | 0 {common => trust}/base64.h | 0 {common => trust}/basic.asn | 0 {common => trust}/basic.asn.h | 0 tools/extract-x509.c => trust/extract-cer.c | 0 {tools => trust}/extract-info.c | 0 {tools => trust}/extract-jks.c | 0 {tools => trust}/extract-openssl.c | 0 {tools => trust}/extract-pem.c | 0 {tools => trust}/extract.c | 4 +- {tools => trust}/extract.h | 3 + {common => trust}/oid.c | 0 {common => trust}/oid.h | 0 {common => trust}/openssl.asn | 0 {common => trust}/openssl.asn.h | 0 {common => trust}/pem.c | 0 {common => trust}/pem.h | 0 {common => trust}/pkix.asn | 0 {common => trust}/pkix.asn.h | 0 {tools => trust}/save.c | 0 {tools => trust}/save.h | 0 trust/tests/Makefile.am | 70 +++++- .../tests/files/cacert3-distrust-all.pem | 0 .../tests/files/cacert3-distrusted-all.pem | 0 .../tests/files/cacert3-not-trusted.pem | 0 .../tests/files/cacert3-trusted-alias.pem | 0 .../tests/files/cacert3-trusted-keyid.pem | 0 .../tests/files/cacert3-trusted-multiple.pem | 0 .../tests/files/cacert3-trusted-server-alias.pem | 0 {tools => trust}/tests/files/cacert3-twice.pem | 0 {tools => trust}/tests/files/empty-file | 0 {tools => trust}/tests/files/simple-string | 0 {common => trust}/tests/frob-cert.c | 0 {common => trust}/tests/frob-eku.c | 0 {common => trust}/tests/frob-ku.c | 0 {common => trust}/tests/frob-oid.c | 0 {common => trust}/tests/test-asn1.c | 0 {common => trust}/tests/test-base64.c | 0 .../tests/test-pem.c => trust/tests/test-bundle.c | 5 +- tools/tests/test-x509.c => trust/tests/test-cer.c | 5 +- {tools => trust}/tests/test-extract.c | 5 +- {common => trust}/tests/test-oid.c | 0 {tools => trust}/tests/test-openssl.c | 5 +- {common => trust}/tests/test-pem.c | 0 {tools => trust}/tests/test-save.c | 5 +- trust/tests/test-trust.c | 176 +++++++++++++- trust/tests/test-trust.h | 74 ++++++ {common => trust}/tests/test-utf8.c | 0 {common => trust}/tests/test-x509.c | 0 trust/trust.c | 64 +++++ {common => trust}/utf8.c | 0 {common => trust}/utf8.h | 0 {common => trust}/x509.c | 0 {common => trust}/x509.h | 0 76 files changed, 638 insertions(+), 826 deletions(-) commit 5489a1456c5a6f320bd2b3aa849f36f10d538e81 Merge: 1caa880 93f1977 Author: Stef Walter Date: 2013-06-17 Merge branch 'stable' commit 1caa8801f6d888befb3515d24171bf77a172a93c Author: Stef Walter Date: 2013-06-14 trust: Writable module PKCS#11 token functions Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects common/test.c | 14 ++++++-- trust/module.c | 88 ++++++++++++++++++++++++++++++++++++----------- trust/session.h | 1 + trust/tests/test-module.c | 38 ++++++++++++++++---- 4 files changed, 111 insertions(+), 30 deletions(-) commit 93f197792150ae2e2e3ffafb903dfab6854915cb Author: Stef Walter Date: 2013-06-17 trust: Move the extract-trust external placeholder command into trust/ .gitignore | 3 ++- configure.ac | 2 +- tools/Makefile.am | 4 ---- trust/Makefile.am | 4 ++++ {tools => trust}/p11-kit-extract-trust.in | 0 5 files changed, 7 insertions(+), 6 deletions(-) commit 41d2a28b89af41799d01d5973d026712d9174f31 Author: Stef Walter Date: 2013-06-17 trust: Print out usage when extract-trust run incorrectly Also sorta covers --help and -h usage tools/p11-kit-extract-trust.in | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit e32481727387460d5900d0bbb495d3694facf64b Author: Stef Walter Date: 2013-06-17 tools: Fix passing args to external commands There were various bugs passing arguments, with duplicates being passed, as well as certain arguments being skipped.t tools/tool.c | 4 ++++ 1 file changed, 4 insertions(+) commit b6e065cda1db37a6c8ed52dac3432468e1277323 Author: Stef Walter Date: 2013-06-17 tools: Only use our private path when looking for external commands Instead of looking for external commands in the path, just look for them in our private directory. We want to be conservative early on, and limit what sorta things we have to maintain later. We can later remove this restriction if a real use case presents itself. tools/tool.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit bfe10cd0660fd81d78c8c5ce3eaa7d1f046859e1 Author: Stef Walter Date: 2013-06-14 trust: Correctly reflect the CK_TOKEN_INFO writability flags Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to. common/compat.h | 3 ++ trust/module.c | 5 +++- trust/tests/test-module.c | 57 +++++++++++++++++++++++++++++++++-- trust/tests/test-token.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 47 +++++++++++++++++++++++++++++ trust/token.h | 2 ++ 6 files changed, 187 insertions(+), 3 deletions(-) commit 045df29606ea9853b4fc8bdba062a5e4a7a5be95 Author: Stef Walter Date: 2013-06-14 path: Add p11_path_parent() function Gets the parent element of the path, removing the last component. Handles trailing and duplicate path separators correctly. common/path.c | 36 ++++++++++++++++++++++++++++++++++++ common/path.h | 2 ++ common/tests/test-path.c | 17 +++++++++++++++++ 3 files changed, 55 insertions(+) commit 8c6dd48789bdaf2a3dc800df7ed3416ddc3b7e1f Author: Stef Walter Date: 2013-06-14 path: Fix expanding of paths and tests common/path.c | 16 +++++++++++----- common/tests/test-path.c | 46 ++++++++++++++++++++++++++-------------------- 2 files changed, 37 insertions(+), 25 deletions(-) commit 9e03e9950d78b58a91454b494513d1fc0872dcf2 Author: Stef Walter Date: 2013-06-13 common: Abort test cases when one fails common/test.c | 2 ++ 1 file changed, 2 insertions(+) commit 125aa8b136fa950172c3946ca4768cf4750b697a Merge: f48e1a2 49e344c Author: Stef Walter Date: 2013-06-05 Merge branch 'stable' commit 49e344cfa48d765ccc83a7313b1ba1c30252b84e Author: Stef Walter Date: 2013-06-05 Release version 0.18.3 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 1b61494bb10866841e52956a2b65b75259f64e3c Author: Stef Walter Date: 2013-06-05 trust: Fix crash when C_Initialize args are NULL https://bugs.freedesktop.org/show_bug.cgi?id=65401 trust/module.c | 5 ++++- trust/tests/test-module.c | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) commit 3dc38f294af5bbe1939d38ec9b3fcd699f97c8ce Author: Stef Walter Date: 2013-06-05 trust: Fix reinitialization of trust module Track number of C_Initialize calls, and require similar number of C_Finalize calls to finalize. This fixes leaks/disappearing sessions in the trust module. https://bugs.freedesktop.org/show_bug.cgi?id=65401 trust/module.c | 25 +++++++++++++--- trust/tests/frob-multi-init.c | 69 +++++++++++++++++++++++++++++++++++++++++++ trust/tests/test-module.c | 49 ++++++++++++++++++++++++++++++ 3 files changed, 139 insertions(+), 4 deletions(-) commit f48e1a2a496604a835d0f9230113218951a1ced2 Author: manphiz@gmail.com Date: 2013-04-24 Fix uninitialized p11_library_once https://bugs.freedesktop.org/show_bug.cgi?id=57714 common/library.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6132376b31f6d8c27fa63b219e7330f4489de6cc Author: Stef Walter Date: 2013-04-05 Force Mac OS shared library extension to .so Darwin and libtool seem confused about what shared library extension they actually use. https://bugs.freedesktop.org/show_bug.cgi?id=57714 configure.ac | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit cf91dc6975424e3ba3971e4496e91036e97419e5 Author: manphiz@gmail.com Date: 2013-04-24 Fix uninitialized p11_library_once https://bugs.freedesktop.org/show_bug.cgi?id=57714 common/library.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f358242f0068b280c1478075617288095dd95adc Author: Stef Walter Date: 2013-04-05 Force Mac OS shared library extension to .so Darwin and libtool seem confused about what shared library extension they actually use. https://bugs.freedesktop.org/show_bug.cgi?id=57714 configure.ac | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 96771f49dc945800ae28c77ff407753cbb995c7f Author: Stef Walter Date: 2013-05-21 persist: Support for writing out p11-kit persist files trust/parser.c | 10 +- trust/persist.c | 458 +++++++++++++++++++++++++++++++++++++++------ trust/persist.h | 4 + trust/tests/test-persist.c | 203 +++++++++++++++++--- trust/tests/test-trust.c | 2 +- 5 files changed, 587 insertions(+), 90 deletions(-) commit daf63f2cf66669b3555f2f15498a0aa2db234b2f Author: Stef Walter Date: 2013-05-21 constants: Tweaks and add mechanisms common/constants.c | 428 +++++++++++++++++++++--------------------- common/tests/test-constants.c | 70 +++---- 2 files changed, 245 insertions(+), 253 deletions(-) commit 56fec770071713bf800e7e9f3905973703105ec5 Author: Stef Walter Date: 2013-05-21 pem: Write PEM data directly to a buffer common/pem.c | 38 +++++++++++++++++--------------------- common/pem.h | 7 +++++-- common/tests/test-pem.c | 21 ++++++++++++--------- tools/extract-openssl.c | 29 +++++++++++++++++------------ tools/extract-pem.c | 32 ++++++++++++++++++++------------ 5 files changed, 71 insertions(+), 56 deletions(-) commit cb8f2e3a04d9365121ffea0d76d8b3d47e2cc1ec Author: Stef Walter Date: 2013-05-21 url: Encode directly to a buffer common/tests/test-url.c | 30 ++++++++++++++++++------------ common/url.c | 29 ++++++++++------------------- common/url.h | 5 +++-- p11-kit/uri.c | 32 +++++++++++++++++++------------- 4 files changed, 50 insertions(+), 46 deletions(-) commit 4fd057258177f4f14bbe78c2d02d5a65eaf3f3dc Author: Stef Walter Date: 2013-05-27 Release version 0.19.1 NEWS | 11 +++++++++++ configure.ac | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) commit e98522ba9e92be79526eba9daee9f60aa30ad942 Author: Stef Walter Date: 2013-05-21 Mark p11_kit_message() as a stable function doc/manual/p11-kit-sections.txt | 2 +- p11-kit/p11-kit.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 61a9cfa62972678f1cbbad7f4d1a814e9b7f05e2 Author: Stef Walter Date: 2013-05-21 Fix building of applications using CRYPTOKI_GNU style p11-kit/p11-kit.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 435843812ab7b85f97cfdc32ae9412f78242b950 Author: Stef Walter Date: 2013-05-21 Bump the version for deprecated function documentation p11-kit/modules.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 30830eb693ac2e89f28bb34459db6837031ca795 Author: Stef Walter Date: 2013-04-09 Fix up Makefile.am files for automake 1.13 warnings common/tests/Makefile.am | 4 ++-- p11-kit/Makefile.am | 2 +- p11-kit/tests/Makefile.am | 2 +- tools/Makefile.am | 2 +- tools/tests/Makefile.am | 2 +- trust/Makefile.am | 2 +- trust/tests/Makefile.am | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) commit dcabaf1d56d410ba7ddb3dfbab9011bbbea5e6bc Author: Stef Walter Date: 2013-04-05 Our own unit testing framework * Support the TAP protocol * Much cleaner without having to carry around state * First class support for setup/teardown * Port the common tests * Wait on porting other tests until we've merged outstanding code build/Makefile.am | 8 - build/Makefile.tests | 5 +- build/cutest/CuTest.c | 329 ------- build/cutest/CuTest.h | 111 --- build/cutest/README.txt | 211 ---- build/cutest/license.txt | 38 - common/Makefile.am | 5 +- common/debug.h | 2 + common/test.c | 261 +++++ common/test.h | 131 +++ common/tests/Makefile.am | 3 +- common/tests/test-array.c | 101 +- common/tests/test-asn1.c | 53 +- common/tests/test-attrs.c | 461 +++++---- common/tests/test-base64.c | 67 +- common/tests/test-buffer.c | 113 +-- common/tests/test-compat.c | 28 +- common/tests/test-constants.c | 45 +- common/tests/test-dict.c | 250 +++-- common/tests/test-hash.c | 74 +- common/tests/test-lexer.c | 126 ++- common/tests/test-oid.c | 45 +- common/tests/test-path.c | 68 +- common/tests/test-pem.c | 76 +- common/tests/test-url.c | 93 +- common/tests/test-utf8.c | 60 +- common/tests/test-x509.c | 106 +- p11-kit/tests/Makefile.am | 14 +- p11-kit/tests/{conf-test.c => test-conf.c} | 252 +++-- p11-kit/tests/test-deprecated.c | 187 ++-- p11-kit/tests/test-init.c | 144 ++- p11-kit/tests/test-iter.c | 481 +++++----- p11-kit/tests/test-log.c | 41 +- p11-kit/tests/test-managed.c | 97 +- p11-kit/tests/test-mock.c | 1012 ++++++++++---------- p11-kit/tests/test-modules.c | 157 ++- p11-kit/tests/{pin-test.c => test-pin.c} | 104 +- p11-kit/tests/{progname-test.c => test-progname.c} | 34 +- p11-kit/tests/test-proxy.c | 75 +- p11-kit/tests/{uri-test.c => test-uri.c} | 633 ++++++------ p11-kit/tests/test-virtual.c | 70 +- tools/tests/Makefile.am | 6 +- tools/tests/test-extract.c | 221 ++--- tools/tests/test-openssl.c | 186 ++-- tools/tests/test-pem.c | 96 +- tools/tests/test-save.c | 329 +++---- tools/tests/{test.c => test-tools.c} | 65 +- tools/tests/{test.h => test-tools.h} | 34 +- tools/tests/test-x509.c | 102 +- trust/tests/Makefile.am | 5 +- trust/tests/test-builder.c | 446 +++------ trust/tests/test-index.c | 395 ++++---- trust/tests/test-module.c | 470 ++++----- trust/tests/test-parser.c | 219 ++--- trust/tests/test-persist.c | 155 ++- trust/tests/test-token.c | 93 +- trust/tests/{test-data.c => test-trust.c} | 56 +- trust/tests/{test-data.h => test-trust.h} | 40 +- 58 files changed, 3901 insertions(+), 5188 deletions(-) commit 7fd6d89d92b6f1b543bf2aa4b2e578201dad7147 Author: Stef Walter Date: 2013-04-06 Further reorganization of the core module tracking * Keep the module ownership apart from the tracking of module function pointers, since these are only relevant for unmanaged modules. * Less assumptions that each module has a raw unmanaged module function pointer. * More clarity in the naming of dictionaries tracking the modules. p11-kit/modules.c | 349 +++++++++++++++++++++++++----------------------------- 1 file changed, 161 insertions(+), 188 deletions(-) commit eb88be6c0b7ea39a74cd2aa8af33371de4aeb74c Author: Stef Walter Date: 2013-04-07 Pull the argv parsing code into its own file So it can be used from multiple code paths common/Makefile.am | 1 + common/argv.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++ common/argv.h | 44 ++++++++++++++++++++ trust/module.c | 78 ++---------------------------------- 4 files changed, 164 insertions(+), 74 deletions(-) commit 7b848defc704cc1fbb47a16b23727583c14b804d Author: Stef Walter Date: 2013-04-06 Support /xxx/yyy as an absolute path with Win32 Because win32 code doesn't just run on windows, wine runs with unix style paths. common/path.c | 8 ++++---- common/tests/test-path.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 10d26767fa39f43b0aabb82d73ed88b2c2522397 Author: Stef Walter Date: 2013-05-21 Bump the version number to unstable configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b73f4ef126bdead47262e29e47d159a89984d65f Author: Stef Walter Date: 2013-02-19 Add the log-calls module config option If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr. common/attrs.c | 22 +- common/attrs.h | 9 + common/constants.c | 350 ++++++- common/constants.h | 8 + common/tests/test-constants.c | 18 +- doc/manual/Makefile.am | 1 + doc/manual/p11-kit-sharing.xml | 5 + doc/manual/pkcs11.conf.xml | 19 + p11-kit/Makefile.am | 1 + p11-kit/log.c | 2022 ++++++++++++++++++++++++++++++++++++++++ p11-kit/log.h | 53 ++ p11-kit/modules.c | 44 +- p11-kit/tests/Makefile.am | 1 + p11-kit/tests/test-log.c | 125 +++ p11-kit/tests/test-mock.c | 4 +- 15 files changed, 2646 insertions(+), 36 deletions(-) commit a14ff781ebf231daa99990fd65c2312f26db93a8 Author: Stef Walter Date: 2013-02-19 Manage C_CloseAllSessions function for multiple callers Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called. common/mock.c | 2 +- doc/manual/p11-kit-sharing.xml | 6 ++ p11-kit/modules.c | 202 ++++++++++++++++++++++++++++++++++++++++- p11-kit/tests/test-init.c | 9 +- p11-kit/tests/test-managed.c | 64 ++++++++++++- 5 files changed, 275 insertions(+), 8 deletions(-) commit 0cb1132469c1e13be64f85cd6566e6617bfe32cc Author: Stef Walter Date: 2013-02-15 Update the proxy module to use managed PKCS#11 modules Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module. common/mock.c | 9 - common/mock.h | 11 + doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 2 +- p11-kit/modules.c | 5 +- p11-kit/private.h | 4 - p11-kit/proxy.c | 1465 +++++++++++++++++++++++++++++++++++++------- p11-kit/proxy.h | 45 ++ p11-kit/tests/test-mock.c | 26 +- p11-kit/tests/test-proxy.c | 116 +++- p11-kit/util.c | 3 + 11 files changed, 1422 insertions(+), 265 deletions(-) commit 5c19f0cf66495f00ccf69eba1d0915f862a88c8d Author: Stef Walter Date: 2013-02-06 p11-kit: Managed PKCS#11 module loading Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such. common/compat.c | 6 + common/compat.h | 4 +- common/mock.c | 63 +- common/mock.h | 6 +- doc/manual/Makefile.am | 2 + doc/manual/p11-kit-docs.xml | 2 + doc/manual/p11-kit-proxy.xml | 29 + doc/manual/p11-kit-sections.txt | 39 +- doc/manual/p11-kit-sharing.xml | 94 +- doc/manual/pkcs11.conf.xml | 24 + gtk-doc.make | 2 +- p11-kit/Makefile.am | 7 +- p11-kit/deprecated.h | 97 ++ p11-kit/docs.h | 38 + p11-kit/modules.c | 1498 ++++++++++++++++++++---- p11-kit/modules.h | 51 + p11-kit/p11-kit.h | 63 +- p11-kit/private.h | 6 - p11-kit/proxy.c | 231 ++-- p11-kit/tests/Makefile.am | 10 +- p11-kit/tests/files/system-pkcs11.conf | 5 +- p11-kit/tests/files/user-modules/one.module | 3 +- p11-kit/tests/test-deprecated.c | 521 +++++++++ p11-kit/tests/test-init.c | 176 ++- p11-kit/tests/test-iter.c | 72 +- p11-kit/tests/test-managed.c | 168 +++ p11-kit/tests/test-mock.c | 1687 +++++++++++++++++++++++++++ p11-kit/tests/test-modules.c | 124 +- p11-kit/tests/test-proxy.c | 94 ++ tools/extract.c | 15 +- tools/list.c | 16 +- tools/tests/test-extract.c | 7 +- tools/tests/test-openssl.c | 9 +- tools/tests/test-pem.c | 9 +- tools/tests/test-x509.c | 9 +- trust/tests/frob-nss-trust.c | 25 +- 36 files changed, 4660 insertions(+), 552 deletions(-) commit ff853bd7902e271256cada4a1b20a3d46b519b69 Author: Stef Walter Date: 2013-01-10 Use libffi to implement mixins for managed code * This allows us to call into subclassed PKCS#11 modules as if they were plain old PKCS#11 modules * libffi is an optional dependency configure.ac | 31 + doc/manual/Makefile.am | 5 +- doc/manual/p11-kit-devel.xml | 3 + p11-kit/Makefile.am | 7 +- p11-kit/tests/Makefile.am | 7 + p11-kit/tests/test-virtual.c | 183 +++ p11-kit/virtual.c | 2964 ++++++++++++++++++++++++++++++++++++++++++ p11-kit/virtual.h | 68 + 8 files changed, 3265 insertions(+), 3 deletions(-) commit a7af75a31010109529a9edddc825538884f326ca Author: Stef Walter Date: 2013-02-14 Add subclassable CK_X_FUNCTION_LIST One of the flaws in PKCS#11 for our usage is that each PKCS#11 module is not passed the pointer to the function list, ie: the vtable Here we define a new function list vtable, where each PKCS#11 function takes the vtable itself as the first argument. We use this new list internally to represent subclassable PKCS#11 modules for various features. common/mock.c | 757 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- common/mock.h | 370 ++++++++++++++++++++++++++- common/pkcs11x.h | 438 ++++++++++++++++++++++++++++++++ 3 files changed, 1561 insertions(+), 4 deletions(-) commit 06a84bafc7c5f0ac92883e9219a7c00f456df39c Author: Stef Walter Date: 2013-05-15 Fail early when running automaint.sh automaint.sh | 2 ++ 1 file changed, 2 insertions(+) commit de8b99e2f04f94313a7748adedf7535603013951 Author: Stef Walter Date: 2013-05-15 Implement valgrind's hellgrind checks for threading problems And cleanup our locks/locking model. There's no need to use recursive locks, especially since we can't use them on all platforms. In addition adjust taking of locks during initialization so that there's no chance of deadlocking here. automaint.sh | 2 +- build/Makefile.decl | 5 +++++ build/Makefile.tests | 5 +++++ common/compat.c | 2 +- p11-kit/modules.c | 2 +- 5 files changed, 13 insertions(+), 3 deletions(-) commit 4bd7eda265b94dfcb9a1db4aba756e1e05dd4f87 Author: Stef Walter Date: 2013-05-14 Release version 0.18.2 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit c6793097e6f0d82cfca07aaeb55c7e9b742d2fdf Author: manphiz@gmail.com Date: 2013-05-09 Patch to make test-lexer depend on ASN.1 https://bugs.freedesktop.org/show_bug.cgi?id=64378 common/tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e72df3c2546a79f51e7c203bc5735494d45c5c26 Author: Stef Walter Date: 2013-05-03 Reduce libtasn1 dependency to 2.3 * This passes all checks and is compatible configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32e26b5c1852fd7b0261929e3a9b39c473621fd2 Author: Stef Walter Date: 2013-04-15 Release version 0.18.1 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit d4392aef7fa3a3b2c308ad3d05c691569361ee49 Author: Stef Walter Date: 2013-04-04 doc: Use gtk-doc in the no-tmpl flavor doc/manual/Makefile.am | 6 ++++++ gtk-doc.make | 39 +++++++++------------------------------ 2 files changed, 15 insertions(+), 30 deletions(-) commit 153dc7a750a11d7940f4e4e6e718939d23ee4541 Author: Stef Walter Date: 2013-04-04 manual: Use a consistent docbook version doc/manual/p11-kit-config.xml | 5 +++-- doc/manual/p11-kit-devel.xml | 5 +++-- doc/manual/p11-kit-sharing.xml | 5 +++-- doc/manual/p11-kit-trust.xml | 5 +++-- doc/manual/p11-kit.xml | 4 ++-- doc/manual/pkcs11.conf.xml | 4 ++-- 6 files changed, 16 insertions(+), 12 deletions(-) commit 3e5916530b995bda1a5deea7ecf9c185a402d463 Author: Stef Walter Date: 2013-04-04 Put the external tools in $libdir/p11-kit These are possibly architecture specific binaries, so they should be in $libdir/p11-kit and not in $datadir/p11-kit configure.ac | 3 +++ tools/Makefile.am | 4 ++-- tools/tool.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) commit 941ff24161e040fca7382e3f98b0c1b51da21dac Author: Stef Walter Date: 2013-04-04 Release version 0.18.0 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 32b0b448d0ac4f1fa5f9143f0c4385066a9b4a76 Author: Stef Walter Date: 2013-04-04 Fix off by one in date parsing code We didn't treat the two digit year 00 as a valid year, whereas it actually represents the year 2000. This is in a non-critical code path. trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d6e0982658acb231333ebfbfb7efff8b762231d0 Author: Stef Walter Date: 2013-04-04 Don't print erroneous debug messages when skipping files The parser automatically skips over files that it cannot parse. Don't print confusing debug messages about DER parse failures when it does so. common/asn1.c | 12 ++++++------ trust/parser.c | 8 +++++--- 2 files changed, 11 insertions(+), 9 deletions(-) commit 032fbd8806333bdaf0201cfd9d7bcaac8ec75184 Author: Stef Walter Date: 2013-04-02 Update to MurmurHash3 This should also fix problems with accessing memory in a non-aligned fashion on platforms where this causes problems. https://bugs.freedesktop.org/show_bug.cgi?id=62819 common/attrs.c | 2 +- common/dict.c | 2 +- common/hash.c | 149 +++++++++++++++++++++++++---------------------- common/hash.h | 4 +- common/tests/test-hash.c | 18 +++--- 5 files changed, 91 insertions(+), 84 deletions(-) commit 8c69e467527c5ee484c9a921e9b5fd18c0c49b12 Author: Stef Walter Date: 2013-03-29 Don't respect timezones for CKA_START_DATE or CKA_END_DATE The PKCS#11 specification does not note what timezone these dates are in. In addition the time values are not represented in PKCS#11. So don't reinterpret certificate dates, other than filling in the century for dates that have a two digit year. Lastly, these are low resolution optional fields so not being all strict about timezones here is appropriate. https://bugs.freedesktop.org/show_bug.cgi?id=62825 common/asn1.c | 332 --------------------------------------------- common/asn1.h | 6 - trust/builder.c | 100 +++++++++++--- trust/tests/test-builder.c | 14 +- 4 files changed, 81 insertions(+), 371 deletions(-) commit 91aa0f9623e232fa253308c4f7464dab8902dfea Author: Stef Walter Date: 2013-03-29 trust: Fix logic for matching invalid NSS serial numbers Sometimes NSS queries for trust objects using invalid serial numbers that do not have their DER decoding. We fixed this earlier, but want to make sure there are no corner cases, accidentally not matching serial numbers that happen to start with the same bytes as a DER TLV would. trust/module.c | 120 ++++++++++++++++++++++++++++------------------ trust/tests/test-module.c | 107 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+), 47 deletions(-) commit a63311a0f3f2669138d09ff8f618fd4d12fa0c3d Author: Stef Walter Date: 2013-04-03 More compatible path munging and handling code Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN https://bugs.freedesktop.org/show_bug.cgi?id=63062 common/Makefile.am | 1 + common/compat.c | 34 ------ common/compat.h | 9 +- common/path.c | 258 +++++++++++++++++++++++++++++++++++++++++++++ common/path.h | 62 +++++++++++ common/tests/Makefile.am | 1 + common/tests/test-compat.c | 32 ------ common/tests/test-path.c | 202 +++++++++++++++++++++++++++++++++++ p11-kit/conf.c | 60 +---------- p11-kit/modules.c | 38 +------ tools/tests/test-openssl.c | 3 +- tools/tests/test-pem.c | 3 +- tools/tests/test-save.c | 3 +- tools/tests/test-x509.c | 3 +- tools/tool.c | 3 +- trust/module.c | 5 +- trust/parser.c | 3 +- trust/tests/test-module.c | 10 +- trust/token.c | 3 +- 19 files changed, 558 insertions(+), 175 deletions(-) commit c3f1b0a45eb1c28b6f025f8ae56c3b020801b6aa Author: Stef Walter Date: 2013-04-03 Don't use free() on memory allocated by LocalFree() ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046 common/library.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fcc3a83cc4d540bc2c4096524b5e8003046ba561 Author: Stef Walter Date: 2013-04-02 Separate library init from message code Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046 common/Makefile.am | 15 ++--- common/lexer.c | 2 +- common/library.c | 85 +++++--------------------- common/library.h | 14 ----- common/message.c | 140 +++++++++++++++++++++++++++++++++++++++++++ common/message.h | 62 +++++++++++++++++++ common/mock.c | 2 +- common/tests/Makefile.am | 3 +- common/tests/test-base64.c | 5 +- common/tests/test-lexer.c | 3 +- common/tests/test-url.c | 5 +- p11-kit/Makefile.am | 2 +- p11-kit/conf.c | 2 +- p11-kit/modules.c | 1 + p11-kit/pin.c | 1 + p11-kit/proxy.c | 1 + p11-kit/tests/Makefile.am | 6 +- p11-kit/tests/conf-test.c | 31 +++++----- p11-kit/tests/test-iter.c | 1 + p11-kit/tests/test-modules.c | 1 + p11-kit/tests/uri-test.c | 5 +- p11-kit/uri.c | 2 +- p11-kit/util.c | 1 + tools/Makefile.am | 3 +- tools/extract-info.c | 2 +- tools/extract-jks.c | 2 +- tools/extract-openssl.c | 2 +- tools/extract-pem.c | 2 +- tools/extract-x509.c | 2 +- tools/extract.c | 2 +- tools/list.c | 2 +- tools/save.c | 2 +- tools/tests/Makefile.am | 3 +- tools/tests/test-extract.c | 3 +- tools/tests/test-openssl.c | 3 +- tools/tests/test-pem.c | 3 +- tools/tests/test-save.c | 5 +- tools/tests/test-x509.c | 3 +- tools/tool.c | 2 +- trust/Makefile.am | 2 +- trust/builder.c | 2 +- trust/module.c | 1 + trust/parser.c | 2 +- trust/session.c | 2 +- trust/tests/Makefile.am | 5 +- trust/tests/test-builder.c | 3 +- trust/tests/test-index.c | 3 +- trust/tests/test-module.c | 2 - trust/tests/test-parser.c | 3 +- trust/tests/test-persist.c | 3 +- trust/tests/test-token.c | 3 +- trust/token.c | 2 +- 52 files changed, 294 insertions(+), 170 deletions(-) commit ae7dd1be6d431f25b101bc7e2b3fa373a8cbb47b Author: Stef Walter Date: 2013-04-02 Don't use library locks from p11-kit tool The global library p11_library_mutex is for libraries to use, so don't use it from any code in common/, which is also used by the p11-kit tool https://bugs.freedesktop.org/show_bug.cgi?id=63046 common/library.c | 4 ---- p11-kit/util.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) commit 2e8f586cd5a0c4cf2471c085e9e0e4fdcc04d996 Author: Stef Walter Date: 2013-04-03 Add new script for setting up p11-kit for a maintainer Add win32 cross build, and build out of tree .gitignore | 6 ++++++ automaint.sh | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) commit b7ccd06e1f969a6b86285360234582fe01d3aeaf Author: Stef Walter Date: 2013-04-03 Fix build on Win32 Don't reference an undefined macro https://bugs.freedesktop.org/show_bug.cgi?id=63046 tools/tests/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd6e31c485cd84746f474a64a63c15a7ea87d650 Author: Stef Walter Date: 2013-04-03 Fix documentation so it builds out of tree doc/manual/Makefile.am | 7 +- doc/manual/{p11-kit-docs.sgml => p11-kit-docs.xml} | 0 gtk-doc.make | 189 +++++++++++++-------- 3 files changed, 123 insertions(+), 73 deletions(-) commit e67c0e4465607560e0f6af9e9b0395a9ee78adbc Author: Stef Walter Date: 2013-04-02 Fix build with automake 1.13 Also remove some generated files from the po/ directory. .gitignore | 5 + common/tests/Makefile.am | 4 +- p11-kit/tests/Makefile.am | 2 +- po/Makefile.in.in | 444 ---------------------------------------------- po/Rules-quot | 47 ----- tools/tests/Makefile.am | 2 +- trust/tests/Makefile.am | 2 +- 7 files changed, 10 insertions(+), 496 deletions(-) commit c3c18a1ea9cd84ee35783809c059d1b9c80c5cbe Author: Stef Walter Date: 2013-03-29 Use CKA_X_CERTIFICATE_VALUE for trust assertions These don't contain the CKA_VALUE attribute for certificate data but rather the CKA_X_CERTIFICATE_VALUE attribute. https://bugs.freedesktop.org/show_bug.cgi?id=62896 trust/builder.c | 15 ++++++++++----- trust/tests/test-builder.c | 6 +++--- 2 files changed, 13 insertions(+), 8 deletions(-) commit 4560373c254473990306c13178b959ccc5d338e4 Author: Stef Walter Date: 2013-03-28 Don't complain when applications call C_Logout or C_Login Some callers erroneously call our C_Logout function, like NSS. So return appropriate error codes in these cases. https://bugs.freedesktop.org/show_bug.cgi?id=62874 trust/module.c | 32 ++++++++++++++++++++++++++++++-- trust/tests/test-module.c | 23 +++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) commit 10d8e6d1836701e311d2b55e116909198932915b Author: Stef Walter Date: 2013-03-28 Release version 0.17.5 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 87a0afed5db7e916a6ad6715e14996b2e25641d7 Author: Stef Walter Date: 2013-03-27 Don't try to guess at overflowing time values on 32-bit systems Since CKA_START_DATE and CKA_END_DATE are the only places where we want to parse out times, and these are optional, just leave blank if the time overflows what libc can handle on a 32-bit system. https://bugs.freedesktop.org/show_bug.cgi?id=62825 build/certs/Makefile.am | 3 ++ build/certs/distant-end-date.der | Bin 0 -> 366 bytes common/asn1.c | 6 ++-- trust/builder.c | 5 +-- trust/tests/test-builder.c | 71 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 80 insertions(+), 5 deletions(-) commit b0e44f8e1e589726c95506da5121e95a54269fd7 Author: Stef Walter Date: 2013-03-25 Fix testing of murmur hash on bigendian systems The murmur hash produces different output depending on the architecture https://bugzilla.redhat.com/show_bug.cgi?id=927394 common/tests/test-hash.c | 60 +++++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 37 deletions(-) commit 3f74a3b32ce42cc7e38bdbf8349f976000c3af4c Author: Stef Walter Date: 2013-03-20 Release 0.17.4 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 4b09d2b4d3958b58b020c1ae21fcd932e1eb6c37 Author: Stef Walter Date: 2013-03-20 Fix memory leaks reported by 'make leakcheck' common/mock.c | 4 +++- common/pem.c | 1 + common/tests/test-hash.c | 2 ++ common/tests/test-utf8.c | 4 ++++ common/tests/test-x509.c | 1 + p11-kit/iter.c | 3 +++ p11-kit/tests/pin-test.c | 1 - p11-kit/tests/test-iter.c | 1 + p11-kit/tests/test-modules.c | 2 ++ p11-kit/uri.c | 5 +---- tools/extract-openssl.c | 3 --- tools/tests/test-openssl.c | 7 ++++++ tools/tests/test-pem.c | 6 +++--- tools/tests/test-save.c | 2 ++ tools/tests/test-x509.c | 3 +++ trust/builder.c | 2 ++ trust/index.c | 7 +++--- trust/module.c | 5 +++-- trust/session.c | 1 + trust/tests/test-builder.c | 51 +++++++++++++++++++++++++++++++++++--------- trust/tests/test-index.c | 5 +++++ trust/tests/test-module.c | 2 ++ 22 files changed, 91 insertions(+), 27 deletions(-) commit 57d8f36a6cfbde5a9a783f11f2b75f19005c23e1 Author: Stef Walter Date: 2013-03-20 Fix invalid memory accesses reported by 'make memcheck' These are things that showed up in valgrind while running the tests. common/compat.c | 11 ++++------- common/tests/test-compat.c | 16 ++++++++++++++++ common/tests/test-hash.c | 22 +++++++++++----------- trust/index.c | 2 +- trust/tests/test-index.c | 2 ++ 5 files changed, 34 insertions(+), 19 deletions(-) commit 9cf89e4b43e5e018bb3103be1873a3993769ce4a Author: Stef Walter Date: 2013-03-20 Add a bit of infrastructure for running valgrind * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking Makefile.am | 2 ++ build/Makefile.am | 4 ++++ build/Makefile.decl | 11 +++++++++++ build/Makefile.tests | 11 +++++++++++ common/Makefile.am | 3 ++- common/tests/Makefile.am | 2 -- doc/Makefile.am | 4 ++++ doc/manual/p11-kit-devel.xml | 4 ++++ p11-kit/Makefile.am | 3 ++- tools/Makefile.am | 3 ++- tools/tests/Makefile.am | 4 ++-- trust/Makefile.am | 3 ++- trust/tests/Makefile.am | 2 -- 13 files changed, 46 insertions(+), 10 deletions(-) commit 0ecabc858dd6c1c2055f53202a01251e2ad7d2c2 Author: Stef Walter Date: 2013-03-20 trust: Predictable behavior with duplicate certificates in token If duplicate certificates are present in a token, we warn about this, and don't really recommend it. However we have predictable behavior where blacklist is prefered to anchor is preferred to unknown trust. https://bugs.freedesktop.org/show_bug.cgi?id=62548 trust/parser.c | 94 +++++++++++++++++++++++++++++++++- trust/tests/test-parser.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 19 ++----- 3 files changed, 224 insertions(+), 16 deletions(-) commit e075585ef1cffc988894b4efbf3d14d5e55dcdcc Author: Stef Walter Date: 2013-03-20 trust: Rework index to be faster and more usable The index now uses a sort of cross between a hash table and a bloom filter internally to select matching items. This is needed for the massive amount of lookups we want to do during loading. In addition make p11_index_find() and p11_index_replace() easier to use. trust/builder.c | 14 +- trust/index.c | 439 ++++++++++++++++++++++++++++++++------------- trust/index.h | 15 +- trust/tests/Makefile.am | 3 +- trust/tests/frob-pow.c | 57 ++++++ trust/tests/test-builder.c | 44 ++--- trust/tests/test-index.c | 36 ++-- trust/tests/test-parser.c | 6 +- trust/tests/test-token.c | 2 +- 9 files changed, 437 insertions(+), 179 deletions(-) commit fc562261c6bbb35dfed585a78fdec9a408b981c7 Author: Stef Walter Date: 2013-03-20 attrs: Print out the CKA_VALUE for certificates when debugging While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed common/attrs.c | 49 ++++++++++++++++++++++++++++++++++++++--------- common/attrs.h | 14 ++++++++++---- common/tests/test-attrs.c | 2 +- trust/tests/test-data.c | 15 ++++++++++----- trust/tests/test-data.h | 3 ++- 5 files changed, 63 insertions(+), 20 deletions(-) commit f45942a4fc3e1c5219e9b5201b82203337ee7280 Author: Stef Walter Date: 2013-03-20 hash: Add the murmur2 hash and start using it Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug. build/certs/Makefile.am | 6 +- common/attrs.c | 11 +- common/dict.c | 11 +- common/hash.c | 126 +++++++++++++++++++++ common/hash.h | 7 ++ common/oid.c | 17 --- common/oid.h | 2 - common/tests/test-hash.c | 71 ++++++++++++ tools/tests/files/cacert3-trusted-multiple.pem | 4 +- ...-alias.pem => cacert3-trusted-server-alias.pem} | 4 +- tools/tests/test-openssl.c | 14 +-- tools/tests/test.h | 5 +- trust/tests/files/cacert3-trusted.pem | 4 +- trust/tests/test-parser.c | 3 +- 14 files changed, 234 insertions(+), 51 deletions(-) commit 1dc227b4fce16fcc721276925492f4ba4db00b4f Author: Stef Walter Date: 2013-03-20 hash: Rename file and functions for hashes We're going to be adding other hashes. Also build as part of a different common library. common/Makefile.am | 2 +- common/{checksum.c => hash.c} | 22 ++++++++++----------- common/{checksum.h => hash.h} | 26 ++++++++++++------------- common/tests/Makefile.am | 2 +- common/tests/{test-checksum.c => test-hash.c} | 28 +++++++++++++-------------- common/x509.c | 4 ++-- tools/extract-jks.c | 14 +++++++------- tools/extract-openssl.c | 10 +++++----- trust/builder.c | 16 +++++++-------- trust/parser.c | 4 ++-- trust/tests/test-builder.c | 6 +++--- trust/tests/test-module.c | 10 +++++----- 12 files changed, 72 insertions(+), 72 deletions(-) commit ef8c54a355d3f9814cc53a0aad72d61247b169a0 Author: Stef Walter Date: 2013-03-19 Release version 0.17.3 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 80303340701c2cba78937193084f3d716b883b55 Author: Stef Walter Date: 2013-03-19 trust: Use descriptive labels for tokens Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534 trust/Makefile.am | 2 ++ trust/module.c | 63 +++++++++++++++++++++++++++++++++++++---------- trust/tests/Makefile.am | 2 ++ trust/tests/frob-token.c | 2 +- trust/tests/test-module.c | 30 +++++++++++++++------- trust/tests/test-token.c | 13 +++++++++- trust/token.c | 22 +++++++++++++++-- trust/token.h | 5 +++- 8 files changed, 112 insertions(+), 27 deletions(-) commit 832015f1fd91a9e94478514d7fe9b21e050f121a Author: Stef Walter Date: 2013-03-19 trust: Remove the temporary built in distrust objects These should now be loaded from the .p11-kit persist format. trust/token.c | 148 ---------------------------------------------------------- 1 file changed, 148 deletions(-) commit b6295dd63a8028ae0b239859406c477d779f4d5e Author: Stef Walter Date: 2013-03-19 extract: Make extracted output directories read-only This is not a security feature or anything like that, but a hint that the files are managed by the extract tool and should not be modified manually. tools/save.c | 60 ++++++++++++++++++++++++++++++++++++------------- tools/tests/test-save.c | 25 +++++++++------------ tools/tests/test.c | 8 +++++-- 3 files changed, 61 insertions(+), 32 deletions(-) commit 7c27e9fbbe86b3268065f248eab2d6964983a715 Author: Stef Walter Date: 2013-03-19 trust: Don't use POSIX or GNU basename() Both are nasty. Do our own, and test it a bit https://bugs.freedesktop.org/show_bug.cgi?id=62479 common/compat.c | 44 +++++++++++++--------- common/compat.h | 17 ++++++--- common/tests/Makefile.am | 1 + common/tests/test-compat.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++ trust/module.c | 5 ++- trust/parser.c | 4 +- 6 files changed, 137 insertions(+), 27 deletions(-) commit 535475c238c427cb685b4282997f7bce0876bfdf Author: Andreas Metzler Date: 2013-03-19 Do not export (de)constructor Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini respectively to stop them from being exported in the ABI. It does not seem to be necessary. p11-kit/util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1d60d5a6b8c5784b7ac10098c3d9b513094f49a8 Author: Stef Walter Date: 2013-03-18 Release version 0.17.2 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 4ad4d5742037f156e07a4e28b202e49984e27a89 Author: Stef Walter Date: 2013-03-18 trust: Fix trust tests on 32-bit builds trust/tests/test-persist.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ba67d1214f6d9254546997ceec310fce2f675679 Author: Stef Walter Date: 2013-03-18 trust: Fix invalid varargs call in the builder trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit caaeaffb86c572f996bec31f67443da2219def84 Author: Stef Walter Date: 2013-03-18 Release version 0.17.1 * Fix distcheck bugs surrounding the strndup() workaround NEWS | 16 ++++++++++++++++ common/compat.c | 22 +++++++++++++++++++++- configure.ac | 9 ++------- 3 files changed, 39 insertions(+), 8 deletions(-) commit 6c47831b3bfc66e1e995fb27e80c23085bb41e08 Author: Stef Walter Date: 2013-03-18 trust: Provide better debugging of trust module functions Make C_FindObjects() and C_GetAttributeValue() functions dump the attributes that they're dealing with when in debug mode. trust/module.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit 128239732a5b7e184d5d9c505402630ee9215080 Author: Stef Walter Date: 2013-03-18 attrs: Change p11_attrs_to_string() to allow static templates Allow passing the number of attributes to print, which lets us use this directly on templates passed in by callers of the PKCS#11 API. common/attrs.c | 13 ++++++++----- common/attrs.h | 3 ++- common/tests/test-attrs.c | 6 +++++- trust/tests/frob-nss-trust.c | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) commit 1ad9f98b11f3f0d411bf9517f1dc8985ea3dbe2a Author: Stef Walter Date: 2013-03-18 trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookups Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER attributes without appropriate DER encoding. In addition allow creation of NSS trust objects as PKCS#11 session objects, so that we can test this behavior. trust/builder.c | 2 +- trust/module.c | 47 +++++++++++++++++++++++++++++++++ trust/tests/test-module.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) commit f40e5f7129ece4b74aa2cb23b28b24b381bbe223 Author: Stef Walter Date: 2013-03-18 Add workaround for broken strndup() in firefox Unconditionally use our own strndup() until this issue is resolved and in the stable versions of various distros. See: https://bugzilla.mozilla.org/show_bug.cgi?id=826171 configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 749c0cdfeb3b7cc86165deb1cc51c32c0768a149 Author: Stef Walter Date: 2013-03-18 compat: Fix trivial comment common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 64aa734f484f81ac97914b2ddecf68ff76b317c0 Author: Stef Walter Date: 2013-03-18 Use the nickname x-distrusted for CKA_X_DISTRUSTED This is a non-standard PKCS#11 attribute, so has the X prefix like the other ones we've added. common/constants.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6c574777f6ab5996a9ba3bea493e96e4ad53dc69 Author: Stef Walter Date: 2013-03-18 trust: Better generation of nss objects and assertions for serial+issuer In many cases certficates are distrusted by serial+issuer. Make sure this works, and fix various cases where we weren't generating compat NSS objects and compat trust assertions for these types of input. trust/builder.c | 267 ++++++++++++++++++++++------------------ trust/index.c | 3 +- trust/tests/test-builder.c | 296 ++++++++++++++++++++++++++++----------------- 3 files changed, 341 insertions(+), 225 deletions(-) commit a904e98b78b55e7a6213356225e45a04fdc457e1 Author: Stef Walter Date: 2013-03-18 Refine looking up of attributes in arrays There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity common/attrs.c | 62 ++++++++++++------------------ common/attrs.h | 11 ++---- common/mock.c | 44 +++++++-------------- common/tests/test-attrs.c | 54 ++++++++++++++++++++++++-- tools/extract-info.c | 21 +++------- tools/extract-jks.c | 2 +- tools/extract-openssl.c | 8 ++-- tools/tests/test-extract.c | 7 ++-- trust/builder.c | 96 +++++++++++++++++++++------------------------- trust/index.c | 2 +- trust/parser.c | 8 ++-- trust/tests/test-data.c | 2 +- trust/tests/test-module.c | 4 +- 13 files changed, 158 insertions(+), 163 deletions(-) commit f71baf6adf00626e73326149d55183bc62f827ae Author: Stef Walter Date: 2013-03-17 trust: Remove file that's no longer used trust/mozilla.c | 301 -------------------------------------------------------- 1 file changed, 301 deletions(-) commit d5b9e3915d75c04c547a0db7fe0c92839a0e78a5 Author: Stef Walter Date: 2013-03-15 Bump version number configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 062c09fbcad6945d6c40c5f2ce47894abdf87b07 Author: Stef Walter Date: 2013-03-15 Fix distcheck and documentation common/tests/test-dict.c | 16 ++++++++-------- doc/manual/p11-kit-devel.xml | 15 +++++---------- trust/tests/Makefile.am | 3 +-- trust/tests/test-module.c | 7 +++++-- 4 files changed, 19 insertions(+), 22 deletions(-) commit 57e835d55f6eae39c25b97e35efe0cb58e46b897 Author: Stef Walter Date: 2013-03-15 trust: Update frob-nss-tool so it can compare modules for trust info Can run with two modules now so that it can compare tokens NSS trust info. common/attrs.c | 23 ++++++ common/attrs.h | 2 + trust/tests/frob-nss-trust.c | 174 ++++++++++++++++++++++++++++++++++--------- 3 files changed, 164 insertions(+), 35 deletions(-) commit 7fd74a78fcad81227be3650239669bca5851a1db Author: Stef Walter Date: 2013-03-15 trust: Support a p11-kit specific serialization format This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156 common/Makefile.am | 2 + common/basic.asn | 12 + common/basic.asn.h | 13 + doc/internal/persist-format.txt | 54 ++++ trust/Makefile.am | 1 + trust/parser.c | 35 +++ trust/persist.c | 401 +++++++++++++++++++++++++++++ trust/persist.h | 59 +++++ trust/tests/Makefile.am | 1 + trust/tests/input/verisign-v1.p11-kit | 17 ++ trust/tests/test-builder.c | 39 --- trust/tests/test-data.h | 39 +++ trust/tests/test-module.c | 2 +- trust/tests/test-parser.c | 32 +++ trust/tests/test-persist.c | 472 ++++++++++++++++++++++++++++++++++ trust/tests/test-token.c | 2 +- 16 files changed, 1140 insertions(+), 41 deletions(-) commit 48004b92d4c65080ac71f6a48297abd4d83dfdcb Author: Stef Walter Date: 2013-03-11 url: Split out the URL encoding and decoding functions We want to use these as the format for encoding binary data in our PKCS#11 attribute persistence https://bugs.freedesktop.org/show_bug.cgi?id=62156 common/Makefile.am | 1 + common/tests/Makefile.am | 1 + common/tests/test-url.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++ common/url.c | 142 ++++++++++++++++++++++++++++++++++++++++ common/url.h | 59 +++++++++++++++++ p11-kit/uri.c | 120 ++++------------------------------ 6 files changed, 381 insertions(+), 108 deletions(-) commit 06bf3da80eb780621e0f1eb0ab8d4716ed7b3478 Author: Stef Walter Date: 2013-03-11 lexer: Make a lexer for our config file format This lexer will be used in our PKCS#11 persistence format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156 common/Makefile.am | 1 + common/lexer.c | 238 +++++++++++++++++++++++++++++++++++++++ common/lexer.h | 84 ++++++++++++++ common/tests/Makefile.am | 1 + common/tests/test-lexer.c | 281 ++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/conf.c | 131 +++++++-------------- 6 files changed, 644 insertions(+), 92 deletions(-) commit 29af2c1eeca2fb0257e1172753b129d638472f0f Author: Stef Walter Date: 2013-03-15 trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/x509.c | 22 +++++++++++++++++ common/x509.h | 5 ++++ trust/builder.c | 20 +++++++++++----- trust/parser.c | 48 +++++++++++++++++--------------------- trust/tests/files/verisign-v1.der | Bin 0 -> 576 bytes trust/tests/test-builder.c | 18 +++++++++++++- trust/tests/test-module.c | 10 ++++---- trust/tests/test-parser.c | 31 ++++++++++++++++++++++++ 8 files changed, 115 insertions(+), 39 deletions(-) commit 2d75eb32793a569dc3de359bb623713c80393d24 Author: Stef Walter Date: 2013-03-14 trust: Add a builder which builds objects out of parsed data The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329 build/certs/entrust-invalid.der | Bin 0 -> 1120 bytes build/certs/verisign-v1.der | Bin 0 -> 576 bytes trust/Makefile.am | 2 +- trust/adapter.c | 472 ------------ trust/builder.c | 1556 +++++++++++++++++++++++++++++++++++++ trust/{adapter.h => builder.h} | 36 +- trust/parser.c | 836 +++++--------------- trust/parser.h | 45 +- trust/session.c | 7 +- trust/session.h | 2 + trust/tests/Makefile.am | 1 + trust/tests/test-builder.c | 1611 +++++++++++++++++++++++++++++++++++++++ trust/tests/test-data.c | 2 - trust/tests/test-module.c | 28 +- trust/tests/test-parser.c | 666 +++------------- trust/tests/test-token.c | 58 +- trust/token.c | 21 +- 17 files changed, 3593 insertions(+), 1750 deletions(-) commit d7d68de6c9de9190c85da36b731e61ae3421a811 Author: Stef Walter Date: 2013-03-14 attrs: Add info functions for constant names and values * For retrieving the name and/or nick of constants * The nick is what we'll use in the file format https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/Makefile.am | 1 + common/attrs.c | 242 ++-------------------------- common/constants.c | 363 ++++++++++++++++++++++++++++++++++++++++++ common/constants.h | 74 +++++++++ common/tests/Makefile.am | 1 + common/tests/test-constants.c | 117 ++++++++++++++ 6 files changed, 566 insertions(+), 232 deletions(-) commit ff009f8a671e6ddd02a684bb1707a2a797fe4600 Author: Stef Walter Date: 2013-03-12 trust: Refactor to include concept of the index * The index holds PKCS#11 objects whether for the token or for the session. * The index provides hook for a builder to expand or validate objects being added to the index. * In addition theres a change hook so that a builder can maintain state between objects, such as the compat NSS trust objects. https://bugs.freedesktop.org/show_bug.cgi?id=62329 trust/Makefile.am | 1 + trust/index.c | 566 +++++++++++++++++++++++ trust/index.h | 126 ++++++ trust/module.c | 111 ++--- trust/session.c | 121 +---- trust/session.h | 19 +- trust/tests/Makefile.am | 2 +- trust/tests/frob-token.c | 6 +- trust/tests/test-index.c | 1063 ++++++++++++++++++++++++++++++++++++++++++++ trust/tests/test-module.c | 238 ++++++++++ trust/tests/test-session.c | 161 ------- trust/tests/test-token.c | 32 +- trust/token.c | 32 +- trust/token.h | 3 +- 14 files changed, 2097 insertions(+), 384 deletions(-) commit 3fc6365093ad07b2eb5ef859093c5c5eb56ee700 Author: Stef Walter Date: 2013-03-14 attrs: New p11_attrs_merge() function This takes one set of attributes and merges them into another, without copying memory needlessly. https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/attrs.c | 52 ++++++++++++++++++++--- common/attrs.h | 4 ++ common/tests/test-attrs.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 153 insertions(+), 6 deletions(-) commit 5208fc8539aabc626c1699f181e1191d6bb1c787 Author: Stef Walter Date: 2013-03-14 asn1: Implement a parsed ASN.1 tree cache In order to unmarry the parser from the future builder, but still retain efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1 cache provides this. In addition it carries around the loaded ASN.1 definitions. https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/asn1.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++ common/asn1.h | 21 +++++++++ common/tests/test-asn1.c | 46 ++++++++++++++++++++ 3 files changed, 177 insertions(+) commit 07a53cecc3220b3811f9db7514e49235fff32b94 Author: Stef Walter Date: 2013-03-15 extract: Combine trust policy when extracting * Collapse multiple identical certificates coming from different tokens. Note that if a certificate should not be placed multiple times on a token. We cannot know which one to respect. * Add a new extract filter: --trust-policy This extracts all anchor and blacklist information https://bugs.freedesktop.org/show_bug.cgi?id=61497 doc/manual/p11-kit.xml | 19 ++++- tools/extract-info.c | 80 ++++++++++++++++++++- tools/extract.c | 82 ++++++++++++++-------- tools/extract.h | 4 ++ tools/tests/test-extract.c | 171 +++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 313 insertions(+), 43 deletions(-) commit 7fc0ecd1ca7840e71958e62163b27d645c936c25 Author: Stef Walter Date: 2013-03-15 extract: --comment option adds comments to PEM bundles * Placed before the certificate, simple one liner * No need to put comments in PEM files extracted into directories, as the file names are already descriptive. https://bugs.freedesktop.org/show_bug.cgi?id=62029 doc/manual/p11-kit.xml | 5 +++++ tools/extract-info.c | 20 ++++++++++++++++++++ tools/extract-openssl.c | 11 ++++++++++- tools/extract-pem.c | 11 +++++++++-- tools/extract.c | 6 ++++++ tools/extract.h | 8 ++++++++ tools/tests/test-extract.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 103 insertions(+), 3 deletions(-) commit 58e1e3764250fbda96c5ef7244e891a6be04d4cb Author: Stef Walter Date: 2013-03-15 extract: Allow p11_save_write() to automatically calculate length Also if automatically calculating length, then ignore input that is NULL, as something that shouldn't be written out. This allows easier chaining of optional output, such as comments. https://bugs.freedesktop.org/show_bug.cgi?id=62029 tools/save.c | 11 +++++++-- tools/save.h | 4 ++-- tools/tests/files/empty-file | 0 tools/tests/files/simple-string | 1 + tools/tests/test-save.c | 50 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 62 insertions(+), 4 deletions(-) commit 8fd55c8089c90b52f00e4ffad572d1b9da72e6ba Author: Stef Walter Date: 2013-03-07 p11-kit: New priority option and change trust-policy option * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978 doc/manual/p11-kit-trust.xml | 5 ++- doc/manual/pkcs11.conf.xml | 20 ++++++--- p11-kit/modules.c | 47 ++++++++++++++++++++++ p11-kit/tests/files/package-modules/four.module | 1 + .../tests/files/package-modules/win32/four.module | 1 + .../files/system-modules/two-duplicate.module | 1 + p11-kit/tests/files/system-modules/two.badname | 1 + .../tests/files/system-modules/win32/one.module | 3 +- .../system-modules/win32/two-duplicate.module | 1 + .../tests/files/system-modules/win32/two.badname | 1 + p11-kit/tests/files/user-modules/three.module | 3 +- .../tests/files/user-modules/win32/three.module | 3 +- p11-kit/tests/test-modules.c | 42 +++++++++++++++++++ tools/extract.c | 47 +++------------------- trust/p11-kit-trust.module | 14 +++++-- 15 files changed, 136 insertions(+), 54 deletions(-) commit 0e75a5ba8261955d4d75a38a528f79ff4edd5c21 Author: Stef Walter Date: 2013-03-06 trust: Make each configured path its own token * Each source directory or file configured into the module or passed in as an initialization argument becomes its own token. Previously there was one token that contained certificates from all the configured paths. * These tokens are clearly labeled in the token info as to the directory or file that they represent. * Update PKCS#11 module logic to deal with multiple tokens, validate the slot ids and so on. * The order in which the paths are configured will become the order of trust priority. This is the same order in which they are listed through 'p11-kit list-modules' and C_GetSlotList. * Update the frob-token internal tool to only play with one path * Adjust tests where necessary to reflect the new state of things and add tests for modified trust module code https://bugs.freedesktop.org/show_bug.cgi?id=61499 trust/module.c | 202 +++++++++++++++++++++++--------- trust/tests/frob-token.c | 4 +- trust/tests/test-module.c | 283 +++++++++++++++++++++++++++++++++++++++------ trust/tests/test-session.c | 2 +- trust/tests/test-token.c | 33 +++++- trust/token.c | 64 ++++------ trust/token.h | 8 +- 7 files changed, 460 insertions(+), 136 deletions(-) commit d2128c263ea77e4f99bccc6ac46964ad419ec2d1 Author: Stef Walter Date: 2013-03-06 dict: Allow removal of current item in a p11_dict iteration * This was already possible to do safely before * Document and test this behavior https://bugs.freedesktop.org/show_bug.cgi?id=61499 common/dict.h | 2 ++ common/tests/test-dict.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) commit 86e60637394340ef2fa3b3db6b451dac1d73052b Author: Stef Walter Date: 2013-03-14 trust: Rework input path treatment * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327 build/certs/Makefile.am | 13 ++- build/certs/self-signed-with-ku.der | Bin 501 -> 478 bytes configure.ac | 74 ++++--------- doc/manual/p11-kit-trust.xml | 61 +++++----- p11-kit/p11-kit-1.pc.in | 3 - trust/module.c | 21 ++-- trust/parser.c | 47 +++++++- trust/tests/certificates/self-signed-with-ku.der | Bin 501 -> 0 bytes .../self-signed-with-eku.der | Bin trust/tests/frob-token.c | 2 +- trust/tests/{ => input}/anchors/cacert3.der | Bin trust/tests/{ => input}/anchors/testing-ca.der | Bin .../{files => input/blacklist}/self-server.der | Bin trust/tests/{certificates => input}/cacert-ca.der | Bin trust/tests/input/distrusted.pem | 23 ++++ trust/tests/test-module.c | 8 +- trust/tests/test-session.c | 2 +- trust/tests/test-token.c | 123 ++++++++++++++++++++- trust/token.c | 78 ++++++++----- trust/token.h | 3 +- 20 files changed, 318 insertions(+), 140 deletions(-) commit bf63f009cd4a1147a3e0684d898f140f46666b0e Author: Stef Walter Date: 2013-03-15 pem: Fix a bug decoding some PEM files When bringing over the BSD base64 code, there was a regression. In addition add some tests for the base64 stuff. common/base64.c | 19 ++-- common/tests/Makefile.am | 1 + common/tests/test-base64.c | 212 +++++++++++++++++++++++++++++++++++++++++++ trust/tests/files/thawte.pem | 25 +++++ 4 files changed, 246 insertions(+), 11 deletions(-) commit 08f11e4c8fb173ed1341e6e0cf0cb0403df7e547 Author: Stef Walter Date: 2013-03-10 Don't overwrite the build directory when uploading documentation Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3177cbccb237bfef66721eeb773b574f1d8ba076 Author: Stef Walter Date: 2013-03-10 Fix up the system anchors/certificates configure arguments Double check various combinations, and make sure we don't fail needlessly when --disable-trust-module. Also check that actual paths are passed into the arguments. configure.ac | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) commit df29c0dcb6cce6a215dee9dc4e17aff59ae67c5b Author: Stef Walter Date: 2013-03-11 doc: Move manual into doc/manual subdirectory .gitignore | 34 ++++---- Makefile.am | 2 +- configure.ac | 7 +- doc/Makefile.am | 132 +------------------------------ doc/manual/Makefile.am | 132 +++++++++++++++++++++++++++++++ doc/{ => manual}/annotation-glossary.xml | 0 doc/{ => manual}/docbook-params.xsl | 0 doc/{ => manual}/p11-kit-config.xml | 0 doc/{ => manual}/p11-kit-devel.xml | 0 doc/{ => manual}/p11-kit-docs.sgml | 0 doc/{ => manual}/p11-kit-overrides.txt | 0 doc/{ => manual}/p11-kit-sections.txt | 0 doc/{ => manual}/p11-kit-sharing.xml | 0 doc/{ => manual}/p11-kit-trust.xml | 6 +- doc/{ => manual}/p11-kit.xml | 2 +- doc/{ => manual}/pkcs11.conf.xml | 0 doc/{ => manual}/style.css | 0 doc/{ => manual}/version.xml.in | 0 18 files changed, 159 insertions(+), 156 deletions(-) commit 0a6bf1bfad01aae0b707b9e13e6d14deade9cecf Author: Stef Walter Date: 2013-03-12 Release version 0.16.4 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 22993290d75bacb33c177be8ee2bc78ea0687ac8 Author: Stef Walter Date: 2013-03-11 tools: Display per-command help appropriately * Fixes a regression * In addition allows --help to be specified before the command. If a command is present, command help will be shown https://bugs.freedesktop.org/show_bug.cgi?id=62153 tools/tool.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit c80956aef3abaa90fa9ab7c2873a45adbe127dc4 Author: Stef Walter Date: 2013-03-11 tools: Initialize local debug code correctly Unless initialized according to the environment all debug output is printed. https://bugs.freedesktop.org/show_bug.cgi?id=62152 tools/tool.c | 3 +++ 1 file changed, 3 insertions(+) commit ee632a4a904f9f16c66a24c97f5724f0c3150b10 Author: Stef Walter Date: 2013-03-08 Release version 0.16.3 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit b5660380769aa5b1c9b51af7e0fd2f18ed463a7e Author: Stef Walter Date: 2013-03-08 iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZED This flag is not required to be set unless C_InitToken has been called. Many modules, like libnssckbi.so, do not set this flag. p11-kit/iter.c | 4 ---- p11-kit/tests/test-iter.c | 33 --------------------------------- 2 files changed, 37 deletions(-) commit ab14d9291df41b27f70ec3158d94f50f68ed80e1 Author: Stef Walter Date: 2013-03-08 trust: add a simple frob-nss-token tool to dump distrust Add a simple tool to dump NSS style distrust attributes from a module. trust/tests/Makefile.am | 6 +++ trust/tests/frob-nss-trust.c | 103 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) commit 6ecf586a1e31f2874c7b185f4f2061aa9e83c08a Author: Stef Walter Date: 2013-03-08 trust: Use the new NSS PKCS#11 extension codes NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync. common/attrs.c | 76 +++++++++++++++++++++++------------------------ common/pkcs11x.h | 59 ++++++++++++++++++------------------ trust/adapter.c | 22 +++++++------- trust/tests/test-module.c | 4 +-- trust/tests/test-parser.c | 22 +++++++------- trust/token.c | 6 ++-- 6 files changed, 95 insertions(+), 94 deletions(-) commit 66fbcf7b6aac7fb808d3146335625cc15d4d2959 Author: Stef Walter Date: 2013-03-08 Hard code distrust temporarily. This is because we have no way to load this data into the trust module. Working on a real solution. trust/token.c | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 149 insertions(+), 1 deletion(-) commit b96095115a17818d3e6107e10bad0fef757611d7 Author: Stef Walter Date: 2013-03-08 tools: Parse global options appropriately, even if after command tools/tool.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) commit 2ce1b21109c90b7dab240806686829e498875d74 Author: Stef Walter Date: 2013-03-08 trust: Refactor how we load builtin objects trust/token.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit b06b58b275ebccf6d7360083708b2614dd75e1b5 Author: Stef Walter Date: 2013-03-08 Don't shove messages into debug output if they're already displayed common/library.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 347ac14998835ee18e5958a8b7c9aa1afec8eaa2 Author: Stef Walter Date: 2013-03-08 Release 0.16.2 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit ba9cb5cab824fa4180355def6bc2e464b4e24ab0 Author: Stef Walter Date: 2013-03-08 extract: Use bool instead of int where appropriate tools/extract-info.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit d7aee0a1ab76fb1299db5cf398088ebec1fe98be Author: Stef Walter Date: 2013-03-08 tools: Add a bit of debugging to the PEM extract handler common/debug.h | 1 + tools/extract-pem.c | 3 +++ 2 files changed, 4 insertions(+) commit 082bc5773abe1c003bf34bbb3bf6a6b5282a212c Author: Stef Walter Date: 2013-03-08 extract: Fix regression in --purpose option The --purpose option would only match certificates that had no purposes marked on them. Fix it so that it correctly matches certificates with the given purpose. https://bugs.freedesktop.org/show_bug.cgi?id=62009 tools/extract-info.c | 13 ++++++++++-- tools/tests/test-extract.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) commit fc383e025f09af70d3eb52fcd7e03c02733b14b0 Author: Stef Walter Date: 2013-03-08 Document and put code coverage online * Document our testing practices * Put lcov code coverage output online Makefile.am | 16 ++++++++++++---- doc/p11-kit-devel.xml | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) commit 945585b698b08b6f349e2e104862589b5acce0aa Author: Stef Walter Date: 2013-03-08 Properly detect the stdbool.h header https://bugs.freedesktop.org/show_bug.cgi?id=62001 configure.ac | 2 ++ 1 file changed, 2 insertions(+) commit cc6189fc4051be33c6f5c86ab767e614633bf831 Author: Stef Walter Date: 2013-03-07 Release version 0.16.1 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 85eaff1aebb0e6625382fba179164490b6ebb538 Author: Stef Walter Date: 2013-03-07 doc: Fix external URLs in documentation doc/p11-kit-devel.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ae05057c69a6ef9ed49b47db6e9ba2b8acdcfe23 Author: Stef Walter Date: 2013-03-07 doc: Add P11_KIT_STRICT=yes debugging tip doc/p11-kit-devel.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 220d7b027871f79f446c7b3c2db9ef43f24c19cc Author: Stef Walter Date: 2013-03-07 x509: Don't break when cA field of BasicConstraints is missing The field defaults to FALSE. It sucks that libtasn1 doesn't fill this in for us. https://bugs.freedesktop.org/show_bug.cgi?id=61975 common/x509.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 3e532011ac100391315ffa13f537ed130cc45b2e Author: Stef Walter Date: 2013-03-07 tools: Remove extra debugging statement when running external commands tools/tool.c | 1 - 1 file changed, 1 deletion(-) commit be5d505fe840836561488bba3d11d8584ca9cb97 Author: Stef Walter Date: 2013-03-07 extract-trust: Turn into a placeholder script that does nothing If the 'p11-kit extract-trust' command is to be used by distributions, make them customize it appropriately. tools/p11-kit-extract-trust.in | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) commit 0644bfd4c09c710fec1ed424779919fea7c06fca Author: Stef Walter Date: 2013-03-07 doc: Don't wrap the options in the pkcs11.conf manual page doc/pkcs11.conf.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 7b3da7d5bdaa97488668a16fcf1ea04b3d9de64e Author: Stef Walter Date: 2013-03-04 Release version 0.16.0 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 3f13da890649b8cb88e8e2e39872831c13567a1e Author: Stef Walter Date: 2013-03-04 Build with the libtasn1 CFLAGS properly Tweaks by: Roman Bogorodskiy https://bugs.freedesktop.org/show_bug.cgi?id=61739 common/Makefile.am | 3 +++ common/tests/Makefile.am | 4 ++++ tools/Makefile.am | 4 +++- tools/tests/Makefile.am | 4 +++- trust/Makefile.am | 1 + 5 files changed, 14 insertions(+), 2 deletions(-) commit 14b3b3d158bdd874f5bbd626f948d20e78b38f01 Author: Stef Walter Date: 2013-03-04 Redo mock.h header in order to relicense Rewrite the mock.h header to relicense it. It is based on the BSD licensed mock.c file, so this isn't a big issue. common/mock.h | 1353 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 686 insertions(+), 667 deletions(-) commit a90cb3cc21fc479434165c8c531e1e49a6de6dd4 Author: Stef Walter Date: 2013-03-04 Remove duplicate typedef https://bugs.freedesktop.org/show_bug.cgi?id=60894 p11-kit/iter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3ccec864bfc57ebdd524a0c9603aca829c64e3dc Author: Roman Bogorodskiy Date: 2013-03-03 Fix missing bracket in trust module check This fixes building --without-libtasn1 https://bugs.freedesktop.org/show_bug.cgi?id=61740 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 205ed0e0e26010150950e9e963a9a36693b5f71e Author: Stef Walter Date: 2013-03-03 Initialize modules correctly in tests This fixes hangs when running tests on windows tools/tests/test-extract.c | 2 ++ tools/tests/test-openssl.c | 2 ++ tools/tests/test-pem.c | 2 ++ tools/tests/test-save.c | 2 ++ tools/tests/test-x509.c | 2 ++ trust/tests/test-module.c | 2 +- trust/tests/test-parser.c | 1 + trust/tests/test-session.c | 1 + trust/tests/test-token.c | 1 + 9 files changed, 14 insertions(+), 1 deletion(-) commit 6c55425a7de23a71d0abc3137f0015e878188bae Author: Stef Walter Date: 2013-03-03 Windows doesn't support symlinks, chmod, or atomic renames * Don't create symlinks on windows * No atomic renames, so delete and then rename * Make sure to close files before unlinking on windows * No chmod permissions on windows tools/extract-openssl.c | 14 +++++++++++++- tools/save.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- tools/save.h | 4 ++++ tools/tests/test-openssl.c | 7 ++++++- tools/tests/test-save.c | 26 ++++++++++++++++++++++++-- tools/tests/test.c | 4 ++++ tools/tests/test.h | 8 ++++++++ 7 files changed, 101 insertions(+), 6 deletions(-) commit 3acf285916968a05ea42b3ef0f9654a33e308da7 Author: Stef Walter Date: 2013-03-03 Use mingw compatible coverage flags The way that coverage is built and linked is different with mingw so just use the --coverage flag to represent the correct behavior when cross compiling. configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5868e4aba23b211d8dd35af5061939ee72fe9c41 Author: Stef Walter Date: 2013-03-03 Don't use wchar_t for storing unicode characters On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion functions. common/utf8.c | 71 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 36 insertions(+), 35 deletions(-) commit bee435e09111f43dcc406160e9c9bdd8645fc86c Author: Stef Walter Date: 2013-03-03 Fix syntax errors in OS_WIN32 ifdefs common/compat.h | 4 ++-- common/library.c | 6 +++--- p11-kit/conf.c | 2 +- p11-kit/util.c | 4 ++-- trust/module.c | 6 ++++-- trust/tests/test-module.c | 2 ++ 6 files changed, 14 insertions(+), 10 deletions(-) commit 61e0cb5dddb89ddab1d68791eb28d892c114622f Author: Stef Walter Date: 2013-03-03 Open files in binary mode on windows So that the Windows' C library doesn't munge line endings common/compat.h | 4 ++++ p11-kit/conf.c | 2 +- p11-kit/pin.c | 2 +- tools/tests/test.c | 11 +++++------ 4 files changed, 11 insertions(+), 8 deletions(-) commit d9076a99c59bb0132b25277a2340f428c9b6c98e Author: Stef Walter Date: 2013-03-03 Add compat gmtime_r() and timegm() functions Not available on Win32 or ancient unixes common/compat.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 15 +++++++++++++++ configure.ac | 6 ++++++ 3 files changed, 76 insertions(+) commit 2737be8914270275d07ccf4526a4ba8b781c195e Author: Stef Walter Date: 2013-03-03 Add compat mkstemp() and mkdtemp() functions Not available on Win32 or ancient unixes common/compat.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 12 +++++ 2 files changed, 156 insertions(+) commit 193f0043a546e0ef186addb2a0487d09e690d5b1 Author: Stef Walter Date: 2013-03-03 Add compat vasprintf() and asprintf() functions These are not available on Win32 and ancient unixes common/compat.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 17 +++++++++++++++ configure.ac | 1 + 3 files changed, 84 insertions(+) commit 66ee55e5947682d10eed7a36b9da72a8cf6a40f2 Author: Stef Walter Date: 2013-03-03 Add compat strndup() function Not available on Win32 and ancient unixes common/compat.c | 22 ++++++++++++++++++++++ common/compat.h | 7 +++++++ configure.ac | 1 + 3 files changed, 30 insertions(+) commit ae76545a0094114ef29dba52df97e69ab28b3dbc Author: Stef Walter Date: 2013-03-03 Abstract mmap() into a compat API The Win32 for mmap() is very different from Unix, so abstract this into our own p11_mmap_xxx() functions. common/compat.c | 158 +++++++++++++++++++++++++++++++++++++---------- common/compat.h | 16 +++++ common/tests/frob-cert.c | 35 ++++------- tools/tests/test.c | 2 + trust/parser.c | 28 +++------ 5 files changed, 160 insertions(+), 79 deletions(-) commit 38acf11889c1e1da2610c8e05f1f380f2a2a1ae6 Author: Stef Walter Date: 2013-03-03 Use putenv() instead of setenv() Since older operating systems don't support setenv() common/tests/test-asn1.c | 2 +- common/tests/test-attrs.c | 2 +- common/tests/test-buffer.c | 2 +- common/tests/test-oid.c | 2 +- common/tests/test-x509.c | 2 +- p11-kit/tests/conf-test.c | 2 +- p11-kit/tests/pin-test.c | 2 +- p11-kit/tests/progname-test.c | 2 +- p11-kit/tests/test-init.c | 2 +- p11-kit/tests/test-iter.c | 2 +- p11-kit/tests/test-modules.c | 2 +- p11-kit/tests/uri-test.c | 2 +- trust/tests/test-module.c | 2 +- trust/tests/test-parser.c | 2 +- trust/tests/test-session.c | 2 +- trust/tests/test-token.c | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) commit 7823c9ddcb18b5155b3cc0e9d9f57ad0333d5eba Author: Stef Walter Date: 2013-03-03 Add compat implementation of basename() For Win32 and older unixes common/compat.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 6 ++++++ configure.ac | 5 +++-- 3 files changed, 71 insertions(+), 2 deletions(-) commit 02d7da2ba2247d017f248dd48e4365bd0a219bff Author: Stef Walter Date: 2013-02-24 tools: Update comments for cacerts jks format tools/extract-jks.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b06bee023df6f4f2b004030e86e8ee90579681f5 Author: Stef Walter Date: 2013-02-20 Rename p11_module_xxx() compat functions to p11_dl_xxx() For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string common/compat.c | 18 +++++++++--------- common/compat.h | 20 ++++++++++---------- p11-kit/modules.c | 15 ++++++++++----- 3 files changed, 29 insertions(+), 24 deletions(-) commit 6521cccc021530f59f2f5e60a9cbf0c5b458360d Author: Stef Walter Date: 2013-02-15 Update the pkcs11.h header for missing mechanisms common/attrs.c | 2 +- common/pkcs11.h | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) commit 95ec58961a480c15fe780bbce6d6cd974f478407 Author: Stef Walter Date: 2013-02-06 Only do shared object and DLL initialization in libraries Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future. common/library.c | 60 +++++++++++--------------------------------------------- common/library.h | 2 ++ p11-kit/util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ trust/module.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 122 insertions(+), 49 deletions(-) commit c6ebe7eb68e07e4f22c7b7ede14a1e4f04e893b7 Author: Stef Walter Date: 2013-02-15 Move pkcs11.conf and module documentation to a manual page .gitignore | 1 + doc/Makefile.am | 19 ++++- doc/p11-kit-config.xml | 166 +++------------------------------------ doc/p11-kit-docs.sgml | 3 +- doc/p11-kit.xml | 5 +- doc/pkcs11.conf.xml | 207 +++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 239 insertions(+), 162 deletions(-) commit 726e98ed071601770c2724f358eabbbc682f1fdc Author: Stef Walter Date: 2013-02-13 Pull translations from transifex * Build a script to help with this https://bugs.freedesktop.org/show_bug.cgi?id=60792 .gitignore | 1 + Makefile.am | 3 + build/tx-update | 68 +++++++++++ po/LINGUAS | 34 ++++++ po/bg.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/cs.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/de.po | 24 ++-- po/el.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/en_GB.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/eo.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/es.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/eu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/fa.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/fi.po | 20 ++-- po/fr.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/gl.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ia.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/id.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/it.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ja.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ka.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ko.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/lv.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/nl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pa.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pl.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pt_BR.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ru.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sk.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sq.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sr.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/te.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/tr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/uk.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_CN.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_HK.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_TW.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 40 files changed, 11845 insertions(+), 21 deletions(-) commit 380f457ce458e32f1ccc15acfa664df82629981f Author: Stef Walter Date: 2013-02-12 Relicense the buffer code appropriate for inclusion in p11-kit * All original lines in this file upon arrival in the p11-kit project were written by me, and copyright held by me. common/buffer.c | 57 ++++++++++++++++++++++++++++++++++----------------------- common/buffer.h | 57 ++++++++++++++++++++++++++++++++++----------------------- 2 files changed, 68 insertions(+), 46 deletions(-) commit 65e68c88d85d8b6896afe9f9e101aefb618ce6be Author: Stef Walter Date: 2013-02-12 Release version 0.15.2 * This is an unstable release NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit efef089a772f4f05caefebf2a6466b4225dc9b00 Author: Timo Jyrinki Date: 2013-02-12 Add finish translation po/LINGUAS | 1 + po/fi.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 344 insertions(+) commit 41b3f707906a4f6273f7fdb1174be3343bbf1ea7 Author: Andreas Metzler Date: 2011-09-24 Add and enable German gettext translation Enable installation of gettext translations and add German translation by Chris Leick. .gitignore | 3 + configure.ac | 3 + po/LINGUAS | 4 + po/de.po | 351 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 361 insertions(+) commit b90410f7c6ef5e1bb73837d7ddbda855a91ac79f Author: Andreas Metzler Date: 2013-02-12 Respect destdir when creating package module config directory p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04781672277a537551c369ae71ecdc8410e31dc3 Author: Stef Walter Date: 2013-02-11 Fix dereference of varargs in p11_attrs_build() https://bugs.freedesktop.org/show_bug.cgi?id=60473 common/attrs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 077fd91bed34bb6226e0a43a26f9e546372db54a Author: Stef Walter Date: 2013-02-11 Remove unnecessary code to be more compatible with various libtasn1 versions https://bugs.freedesktop.org/show_bug.cgi?id=60434 common/asn1.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 828df42b98fa0ffc1695db8af9bd0bd03f2583bc Author: Andreas Metzler Date: 2013-02-07 Don't require explictly disabling trust module if --without-libtasn1 And provide more intelligent error messages about why to build with libtasn1 Tweaked by Stef Walter configure.ac | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) commit 2e8ce8c5ecb6d1f1c8f0af244d9f9b75dc6050ea Author: Stef Walter Date: 2013-02-06 Fix various clang analyzer warnings * Add annotations to our precondition functions so that they don't make the analyzer complain common/compat.h | 13 +++++++++++++ common/debug.h | 3 ++- p11-kit/conf.c | 2 +- p11-kit/pin.c | 3 ++- p11-kit/uri.c | 1 - tools/extract-openssl.c | 9 +++++++-- tools/extract.c | 3 +++ tools/tool.c | 3 +-- 8 files changed, 29 insertions(+), 8 deletions(-) commit 0c6517104d1306228c31e596b0df6a4fb5af4dd1 Author: Stef Walter Date: 2013-02-05 Our minimum version of libtasn1 is 2.14 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e7fe6fd2cdde5e15a14abca39303c5049174f4f9 Author: Stef Walter Date: 2013-02-05 Release version 0.15.1 * This is an unstable release NEWS | 14 ++++++++++++++ configure.ac | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) commit f3a3e1e6a413dc93d0a1eb330a32404d803f5307 Author: Stef Walter Date: 2013-02-03 Add a placeholder external 'extract-trust' command .gitignore | 1 + configure.ac | 1 + doc/p11-kit-devel.xml | 23 +++++++++++++++++++++++ doc/p11-kit.xml | 19 +++++++++++++++++++ tools/Makefile.am | 4 ++++ tools/p11-kit-extract-trust.in | 27 +++++++++++++++++++++++++++ 6 files changed, 75 insertions(+) commit 08f1a7f3cfe87bc19ecd564711b4d2beaa603924 Author: Stef Walter Date: 2013-02-01 Implement support for java JKS keystore format * All aliases must be lower case in order to work with the default keystore implementation. doc/p11-kit.xml | 4 + tools/Makefile.am | 2 +- tools/extract-jks.c | 331 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/extract.c | 4 +- 4 files changed, 339 insertions(+), 2 deletions(-) commit 32ca4f6d3167d08fc985d66fe48f453954596f87 Author: Stef Walter Date: 2013-02-03 Use the CN, OU or O of certificates to generate a label * This is in cases where the certificate information does not already have a friendly name or alias. common/Makefile.am | 1 + common/oid.h | 18 +++++ common/tests/Makefile.am | 1 + {tools => common}/tests/test-utf8.c | 0 common/tests/test-x509.c | 81 +++++++++++++++++++++ {tools => common}/utf8.c | 0 {tools => common}/utf8.h | 0 common/x509.c | 136 ++++++++++++++++++++++++++++++++++++ common/x509.h | 16 +++++ tools/extract-openssl.c | 70 ++++--------------- tools/tests/Makefile.am | 7 -- tools/tests/test-openssl.c | 16 +++-- trust/parser.c | 51 ++++++++------ trust/tests/test-parser.c | 22 +++--- 14 files changed, 318 insertions(+), 101 deletions(-) commit 39e9f190416ecb4260a3b079e1d79fc2e55f5a33 Author: Stef Walter Date: 2013-01-30 Add support for exporting OpenSSL's TRUSTED CERTIFICATE format build/certs/Makefile.am | 9 + doc/p11-kit.xml | 8 + tools/Makefile.am | 2 + tools/extract-openssl.c | 686 +++++++++++++++++++++ tools/extract.c | 4 + tools/tests/Makefile.am | 15 + tools/tests/files/cacert3-distrust-all.pem | 44 ++ tools/tests/files/cacert3-distrusted-all.pem | 43 ++ tools/tests/files/cacert3-not-trusted.pem | 42 ++ tools/tests/files/cacert3-trusted-alias.pem | 42 ++ .../files/cacert3-trusted-client-server-alias.pem | 43 ++ tools/tests/files/cacert3-trusted-keyid.pem | 42 ++ tools/tests/files/cacert3-trusted-multiple.pem | 85 +++ tools/tests/test-openssl.c | 671 ++++++++++++++++++++ tools/tests/test-utf8.c | 252 ++++++++ tools/tests/test.h | 9 + tools/utf8.c | 328 ++++++++++ tools/utf8.h | 53 ++ 18 files changed, 2378 insertions(+) commit dbcf3c049f4aadc1d25eb952b4feabdec14cf35d Author: Stef Walter Date: 2013-01-30 Add support for extracting to pem-bundle and pem-directory formats build/certs/Makefile.am | 2 + doc/p11-kit.xml | 8 ++ tools/Makefile.am | 1 + tools/extract-pem.c | 125 +++++++++++++++++ tools/extract.c | 2 + tools/tests/Makefile.am | 8 ++ tools/tests/files/cacert3-twice.pem | 84 +++++++++++ tools/tests/files/cacert3.pem | 42 ++++++ tools/tests/test-pem.c | 269 ++++++++++++++++++++++++++++++++++++ 9 files changed, 541 insertions(+) commit 5df24bf0fb8532e0ebdf5f2366834848fdf6097d Author: Stef Walter Date: 2013-01-23 Implement code for writing PEM * Based on the gcr code * Bring in base64 output code from BSD * Make sure to output base64 lines of 64 character length since this is what OpenSSL expects common/base64.c | 62 ++++++++++++++++++++++++++ common/base64.h | 6 +++ common/pem.c | 54 ++++++++++++++++++++++- common/pem.h | 5 +++ common/tests/test-pem.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 237 insertions(+), 4 deletions(-) commit 722efb88cf12261d705e2a6dfb4aceab9ff7b76f Author: Stef Walter Date: 2013-01-30 Implement basic extract support * The only formats supported are x509-file and x509-directory Allow tool to build without extract configure.ac | 1 + doc/Makefile.am | 1 - doc/p11-kit.xml | 95 ++++++++++ doc/style.css | 4 + tools/Makefile.am | 20 +- tools/extract-info.c | 359 +++++++++++++++++++++++++++++++++++ tools/extract-x509.c | 116 ++++++++++++ tools/extract.c | 461 +++++++++++++++++++++++++++++++++++++++++++++ tools/extract.h | 110 +++++++++++ tools/tests/Makefile.am | 15 ++ tools/tests/test-extract.c | 301 +++++++++++++++++++++++++++++ tools/tests/test-x509.c | 276 +++++++++++++++++++++++++++ tools/tests/test.h | 33 ++++ tools/tool.c | 3 + tools/tool.h | 3 + 15 files changed, 1796 insertions(+), 2 deletions(-) commit 9a21e6ddf9eb7bb0f13f01cddba9dedd7a6e43b3 Author: Stef Walter Date: 2013-01-23 Support for sane writing to files extracted * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way build/certs/Makefile.am | 2 + configure.ac | 1 + tools/Makefile.am | 3 + tools/save.c | 462 +++++++++++++++++++++++++++++++++++++++ tools/save.h | 79 +++++++ tools/tests/Makefile.am | 52 +++++ tools/tests/files/cacert3.der | Bin 0 -> 1885 bytes tools/tests/test-save.c | 494 ++++++++++++++++++++++++++++++++++++++++++ tools/tests/test.c | 200 +++++++++++++++++ tools/tests/test.h | 211 ++++++++++++++++++ 10 files changed, 1504 insertions(+) commit 3e70ecbab850bcc08ee89e1256d82cca70d80ee7 Author: Stef Walter Date: 2013-01-21 Add public iterator API to p11-kit common/mock.c | 113 +++- common/mock.h | 37 ++ doc/Makefile.am | 1 + doc/annotation-glossary.xml | 67 +++ doc/p11-kit-docs.sgml | 3 + doc/p11-kit-sections.txt | 17 + p11-kit/Makefile.am | 2 + p11-kit/iter.c | 829 +++++++++++++++++++++++++++++ p11-kit/iter.h | 101 ++++ p11-kit/p11-kit.h | 2 + p11-kit/tests/Makefile.am | 4 +- p11-kit/tests/mock-module-ep.c | 2 +- p11-kit/tests/test-iter.c | 1140 ++++++++++++++++++++++++++++++++++++++++ 13 files changed, 2308 insertions(+), 10 deletions(-) commit e5816187231ce27e5f634995e62c1d3ae5c5b2f1 Author: Stef Walter Date: 2013-01-21 Allow internal use of token and module info matching p11-kit/private.h | 6 ++++++ p11-kit/uri.c | 55 +++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 41 insertions(+), 20 deletions(-) commit 67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5 Author: Stef Walter Date: 2013-01-21 Move the X.509 extension parsing code in common/ * So it can be used by other code, in addition to the trust stuff common/tests/test-x509.c | 191 +++++++++++++++++++++++++++++++++++++++++++++-- common/x509.c | 67 ++++++++++++++++- common/x509.h | 9 ++- trust/adapter.c | 132 ++++++++++++++++++-------------- trust/parser.c | 69 ++--------------- 5 files changed, 335 insertions(+), 133 deletions(-) commit 5e4a3ea9b8f254d99544490eed8e17e88c81f975 Author: Stef Walter Date: 2013-01-18 Add p11_array_clear() function * Clears an array without freeing the array itself common/array.c | 21 ++++++++++++++------- common/array.h | 2 ++ common/tests/test-array.c | 27 +++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 7 deletions(-) commit 4400d8ecc4525cfc848937dc562c542fc58a533a Author: Stef Walter Date: 2013-01-04 Implement trust assertion PKCS#11 objects * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates common/oid.h | 1 - common/tests/Makefile.am | 1 + common/tests/test-oid.c | 18 +- doc/p11-kit-trust.xml | 11 + trust/Makefile.am | 2 +- trust/adapter.c | 456 ++++++++++++++++++++++++++++++++++++++++ trust/{mozilla.h => adapter.h} | 8 +- trust/p11-kit-trust.module | 3 + trust/parser.c | 5 +- trust/tests/files/redhat-ca.der | Bin 0 -> 948 bytes trust/tests/test-parser.c | 352 ++++++++++++++++++++++++++++--- 11 files changed, 804 insertions(+), 53 deletions(-) commit 7e61265ced3f33685b68bb6e2c7505485cfe0177 Author: Stef Walter Date: 2013-01-04 Refactor how parsing of ASN.1 data and certificate extensions work common/Makefile.am | 2 + common/asn1.c | 551 ++++++++++++++++++++++++++++++++++++++++++++++ common/asn1.h | 65 ++++++ common/oid.h | 12 +- common/tests/Makefile.am | 2 + common/tests/test-asn1.c | 113 ++++++++++ common/tests/test-x509.c | 185 ++++++++++++++++ common/x509.c | 152 +++++++++++++ common/x509.h | 56 +++++ trust/mozilla.c | 31 ++- trust/parser.c | 546 +++------------------------------------------ trust/parser.h | 14 +- trust/tests/test-data.h | 28 +-- trust/tests/test-parser.c | 103 --------- 14 files changed, 1193 insertions(+), 667 deletions(-) commit 8b02ff64b30311a4730b60dd72590435f56fb3a2 Author: Stef Walter Date: 2013-01-03 Fill in certificate authority and trust data correctly * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such. common/oid.h | 9 +- trust/mozilla.c | 74 +++++----- trust/parser.c | 351 ++++++++++++++++++++++++++++++++++++---------- trust/parser.h | 11 +- trust/tests/test-data.c | 18 ++- trust/tests/test-data.h | 9 ++ trust/tests/test-parser.c | 246 ++++++++++++++++++++++++-------- trust/tests/test-token.c | 2 +- 8 files changed, 552 insertions(+), 168 deletions(-) commit 18bb2582c32f4373f7ed85894fb490f2733cb03b Author: Stef Walter Date: 2013-01-02 Implement stapled certificate extensions internally * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser common/Makefile.am | 1 + common/compat.c | 2 +- common/compat.h | 2 +- common/oid.c | 100 +++++ common/oid.h | 209 +++++++++ common/tests/Makefile.am | 2 + common/tests/frob-ku.c | 28 +- common/tests/frob-oid.c | 100 +++++ common/tests/test-oid.c | 133 ++++++ trust/Makefile.am | 1 + trust/mozilla.c | 284 ++++++++++++ trust/mozilla.h | 44 ++ trust/parser.c | 724 +++++++++++++++++------------- trust/parser.h | 39 +- trust/tests/files/self-signed-with-ku.der | Bin 0 -> 478 bytes trust/tests/test-data.c | 9 +- trust/tests/test-parser.c | 159 +++++-- 17 files changed, 1450 insertions(+), 387 deletions(-) commit 3b482acc47ba971406db526ebddf589ad1a8f16e Author: Stef Walter Date: 2013-01-02 Better debugging and checks for attribute values trust/tests/test-data.c | 154 ++++++++++++++++++++++++---------------------- trust/tests/test-data.h | 32 +++++++++- trust/tests/test-module.c | 13 ++-- trust/tests/test-parser.c | 11 ++-- 4 files changed, 124 insertions(+), 86 deletions(-) commit e46c74aef6eee7da3cdfb17077905811b9e04a61 Author: Stef Walter Date: 2012-12-19 Add tool for testing how fast the token loads trust/tests/Makefile.am | 1 + trust/tests/frob-token.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) commit 83af40091fdc50a1da21d6cd2582ecef759bfb7c Author: Stef Walter Date: 2012-12-17 Some debug info about which files are being loaded trust/token.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) commit 1f47fbffe1befb30a1bd3dfcec079a8a9f2fd957 Author: Stef Walter Date: 2012-12-17 Test a TRUSTED CERTIFICATE without any trust OIDs build/certs/Makefile.am | 2 ++ build/certs/redhat-newca.der | Bin 0 -> 948 bytes trust/tests/files/distrusted.pem | 23 +++++++++++++++++++++++ trust/tests/test-parser.c | 15 +++++++++++++++ 4 files changed, 40 insertions(+) commit 75654253498993ff1638e0e64440c335b54df1db Author: Stef Walter Date: 2012-12-17 Add the builtin roots NSS specific object This tells NSS that this is a source of anchors. doc/p11-kit-trust.xml | 5 ++++- trust/tests/test-module.c | 27 +++++++++++++++++++++++++++ trust/tests/test-token.c | 6 +++--- trust/token.c | 28 +++++++++++++++++++++++++++- 4 files changed, 61 insertions(+), 5 deletions(-) commit c2dcd0b3cb1ccac4eff98044d43d3f8696094644 Author: Stef Walter Date: 2012-12-17 Add support for openssl TRUSTED CERTIFICATE PEM files build/certs/Makefile.am | 3 + common/Makefile.am | 2 + common/openssl.asn | 28 ++++ common/openssl.asn.h | 28 ++++ doc/p11-kit-trust.xml | 8 ++ trust/parser.c | 244 ++++++++++++++++++++++++++++------ trust/tests/files/cacert3-trusted.pem | 43 ++++++ trust/tests/test-parser.c | 52 ++++++++ 8 files changed, 368 insertions(+), 40 deletions(-) commit a286df75050db8b306685cb22e491d11be842584 Author: Stef Walter Date: 2012-12-17 Add support for parsing PEM files build/certs/Makefile.am | 1 + common/Makefile.am | 2 + common/base64.c | 192 +++++++++++++++++++++++++++++++ common/base64.h | 53 +++++++++ common/pem.c | 241 +++++++++++++++++++++++++++++++++++++++ common/pem.h | 50 +++++++++ common/tests/Makefile.am | 14 ++- common/tests/test-pem.c | 254 ++++++++++++++++++++++++++++++++++++++++++ trust/Makefile.am | 3 +- trust/parser.c | 38 +++++++ trust/tests/files/cacert3.pem | 42 +++++++ trust/tests/test-parser.c | 26 +++++ 12 files changed, 910 insertions(+), 6 deletions(-) commit 5147d71466455b3d087b3f3a7472a35e8216c55a Author: Stef Walter Date: 2013-01-24 Add basic trust module This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects. Makefile.am | 7 + build/Makefile.am | 2 + build/certs/Makefile.am | 27 + build/certs/cacert-ca.der | Bin 0 -> 1857 bytes build/certs/cacert3.der | Bin 0 -> 1885 bytes build/certs/self-server.der | Bin 0 -> 396 bytes build/certs/self-signed-with-eku.der | Bin 0 -> 480 bytes build/certs/self-signed-with-ku.der | Bin 0 -> 501 bytes build/certs/testing-ca.der | Bin 0 -> 970 bytes build/certs/testing-server.der | Bin 0 -> 554 bytes build/certs/with-eku.conf | 19 + build/certs/with-ku.conf | 19 + common/Makefile.am | 15 +- common/compat.c | 107 ++ common/compat.h | 17 +- common/debug.c | 1 + common/debug.h | 11 + common/pkix.asn | 566 ++++++++ common/pkix.asn.h | 408 ++++++ common/tests/Makefile.am | 20 +- common/tests/frob-cert.c | 147 ++ common/tests/frob-eku.c | 101 ++ common/tests/frob-ku.c | 134 ++ configure.ac | 128 +- doc/Makefile.am | 2 + doc/p11-kit-config.xml | 10 + doc/p11-kit-devel.xml | 24 + doc/p11-kit-docs.sgml | 1 + doc/p11-kit-trust.xml | 90 ++ doc/style.css | 6 +- p11-kit/Makefile.am | 1 + p11-kit/conf.c | 37 - p11-kit/p11-kit-1.pc.in | 3 + trust/Makefile.am | 52 + trust/module.c | 1517 +++++++++++++++++++++ trust/module.h | 42 + trust/p11-kit-trust.module | 6 + trust/parser.c | 1103 +++++++++++++++ trust/parser.h | 108 ++ trust/session.c | 206 +++ trust/session.h | 78 ++ trust/tests/Makefile.am | 44 + trust/tests/anchors/cacert3.der | Bin 0 -> 1885 bytes trust/tests/anchors/testing-ca.der | Bin 0 -> 970 bytes trust/tests/certificates/cacert-ca.der | Bin 0 -> 1857 bytes trust/tests/certificates/self-signed-with-eku.der | Bin 0 -> 480 bytes trust/tests/certificates/self-signed-with-ku.der | Bin 0 -> 501 bytes trust/tests/files/cacert-ca.der | Bin 0 -> 1857 bytes trust/tests/files/cacert3.der | Bin 0 -> 1885 bytes trust/tests/files/self-server.der | Bin 0 -> 396 bytes trust/tests/files/testing-server.der | Bin 0 -> 554 bytes trust/tests/files/unrecognized-file.txt | 1 + trust/tests/test-data.c | 128 ++ trust/tests/test-data.h | 220 +++ trust/tests/test-module.c | 331 +++++ trust/tests/test-parser.c | 315 +++++ trust/tests/test-session.c | 160 +++ trust/tests/test-token.c | 106 ++ trust/token.c | 256 ++++ trust/token.h | 51 + 60 files changed, 6580 insertions(+), 47 deletions(-) commit 603c7d4eb996f51178ccc9d235597497bbb2c7a4 Author: Stef Walter Date: 2013-01-24 Add basic checksum algorithms The SHA-1 and MD5 digests here are used for checksums in legacy protocols. We don't use them in cryptographic contexts at all. These particular algorithms would be poor choices for that. .gitignore | 4 +- common/Makefile.am | 9 + common/checksum.c | 542 +++++++++++++++++++++++++++++++++++++++++++ common/checksum.h | 60 +++++ common/tests/Makefile.am | 2 + common/tests/test-checksum.c | 151 ++++++++++++ 6 files changed, 766 insertions(+), 2 deletions(-) commit f6db686846480e0611879c5f4751955a53859808 Author: Stef Walter Date: 2013-02-05 Remove the unused err() function and friends We want to use p11_message in our commands anyway, since that allows us control with --verbose and --quiet. common/compat.c | 164 -------------------------------------------------------- common/compat.h | 23 -------- 2 files changed, 187 deletions(-) commit 1ac3edf711b1cdb5e7fb8b1d6321fa855e07c1da Author: Stef Walter Date: 2013-02-05 Tweak style of the manual * Unindent the main headings * Don't wrap options * Better spacing in table of contents * Don't have line numbers on code examples doc/Makefile.am | 5 ++++- doc/p11-kit-devel.xml | 4 ---- doc/p11-kit.xml | 2 -- doc/style.css | 23 +++++++++++++++++++++++ 4 files changed, 27 insertions(+), 7 deletions(-) commit 866e3204cee593817850f5e5c23a0bcf7af9c591 Author: Stef Walter Date: 2013-02-05 Add documentation about contributing to p11-kit HACKING | 34 ++------ doc/Makefile.am | 2 +- doc/p11-kit-config.xml | 4 +- doc/p11-kit-devel.xml | 223 +++++++++++++++++++++++++++++++++++++++++++++++++ doc/p11-kit-docs.sgml | 13 +-- doc/p11-kit-notes.xml | 48 ----------- 6 files changed, 241 insertions(+), 83 deletions(-) commit 28777eeebf38c13a43d0118a86391d2a487ad15b Author: Stef Walter Date: 2013-02-05 Add a p11-kit tool manual page .gitignore | 1 + configure.ac | 4 ++ doc/Makefile.am | 33 +++++++++++++- doc/p11-kit-docs.sgml | 5 +++ doc/p11-kit.xml | 122 ++++++++++++++++++++++++++++++++++++-------------- 5 files changed, 130 insertions(+), 35 deletions(-) commit 23b18cb345afe061274ff73cd66fe8e6672fbcd4 Author: Stef Walter Date: 2013-02-05 Change the documentation configure arg to --enable-doc * We're building more than just the gtk-doc reference Makefile.am | 2 +- configure.ac | 41 +++++++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 19 deletions(-) commit 85751aa21dd9b93d8eb51e36767b5564ce6ce005 Author: Stef Walter Date: 2013-01-29 Add a /usr/share/p11-kit/modules directory for package module configs * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location configure.ac | 3 +++ doc/p11-kit-notes.xml | 4 ++-- p11-kit/Makefile.am | 4 ++++ p11-kit/conf.c | 8 ++++++-- p11-kit/conf.h | 3 ++- p11-kit/modules.c | 4 +++- p11-kit/p11-kit-1.pc.in | 13 +++++++------ p11-kit/tests/conf-test.c | 4 ++++ .../files/{system-modules => package-modules}/four.module | 0 .../{system-modules => package-modules}/win32/four.module | 0 10 files changed, 31 insertions(+), 12 deletions(-) commit a9790a21302f47016a88ba9a2c904bed11efb388 Author: Stef Walter Date: 2013-01-29 Make the p11-kit tool have distinct commands * Change the -l argument into the list-modules command. * Add proper functions for printing usage * Support for external commands in the path or /usr/share/p11-kit tools/Makefile.am | 9 +- tools/{p11-kit.c => list.c} | 99 +++++++------ tools/tool.c | 337 ++++++++++++++++++++++++++++++++++++++++++++ tools/tool.h | 56 ++++++++ 4 files changed, 459 insertions(+), 42 deletions(-) commit 15163fb9b7b03543da02d74d75d0f49c314f1c33 Author: Stef Walter Date: 2013-01-29 Add p11_kit_be_loud() function for use in tests and tools This does the opposite of p11_kit_be_quiet(). doc/p11-kit-sections.txt | 1 + p11-kit/p11-kit.h | 2 ++ p11-kit/util.c | 14 ++++++++++++++ 3 files changed, 17 insertions(+) commit cba41e5a46893b16cfbd845d55285894f4a43408 Author: Stef Walter Date: 2012-08-23 Add internal function for turning on messages To be used from tests common/library.c | 8 ++++++++ common/library.h | 2 ++ 2 files changed, 10 insertions(+) commit 43a3f5df8124bb85567feb18975d19fa1b639b9f Author: Stef Walter Date: 2013-01-24 Add more mock-module implementation * Move mock code into the common/ directory to be used by multiple components of p11-kit common/Makefile.am | 5 + common/mock.c | 3117 ++++++++++++++++++++++++++++++++++++++++ common/mock.h | 696 +++++++++ doc/Makefile.am | 3 + p11-kit/tests/Makefile.am | 14 +- p11-kit/tests/mock-module-ep.c | 4 +- p11-kit/tests/mock-module.c | 898 ------------ p11-kit/tests/mock-module.h | 337 ----- p11-kit/tests/test-init.c | 4 +- 9 files changed, 3835 insertions(+), 1243 deletions(-) commit 7ddff6795830deff6ec5fb1b8b0c704fbdea2c97 Author: Stef Walter Date: 2013-01-24 Further tweaks and cleanup for functions dealing with PKCS#11 attributes * Check that the size is correct when looking for a boolean or a ulong. * Make sure that the length is not the invalid negative ulong. * Functions for dumping out attribute contents * Make it possible to use attributes in hash tables common/attrs.c | 795 +++++++++++++++++++++++++++++++++++++++++++--- common/attrs.h | 59 +++- common/tests/test-attrs.c | 126 +++++++- 3 files changed, 910 insertions(+), 70 deletions(-) commit 322b4739cb51aa45568d9479224f2b07ac82a35f Author: Stef Walter Date: 2013-01-24 Add generic buffer code Represents a block of memory that can be added to, parsed and so on common/Makefile.am | 1 + common/buffer.c | 180 ++++++++++++++++++++++++++++++++++++++ common/buffer.h | 82 +++++++++++++++++ common/tests/Makefile.am | 1 + common/tests/test-buffer.c | 214 +++++++++++++++++++++++++++++++++++++++++++++ p11-kit/uri.c | 93 ++++++++------------ 6 files changed, 515 insertions(+), 56 deletions(-) commit b28c936bd281c4b7ff9ed0f621b840f6d5a4b328 Author: Stef Walter Date: 2013-01-23 Use the stdbool.h C99 bool type It was getting really wild knowing whether a function returning an int would return -1 on failure or 0 or whether the int return value was actually a number etc.. common/array.c | 16 +++--- common/array.h | 4 +- common/attrs.c | 12 ++--- common/compat.h | 8 +++ common/debug.c | 8 +-- common/debug.h | 14 +++--- common/dict.c | 41 +++++++-------- common/dict.h | 26 +++++----- common/library.c | 4 +- common/tests/test-dict.c | 90 +++++++++++++++++---------------- configure.ac | 2 +- p11-kit/conf.c | 58 +++++++++++----------- p11-kit/conf.h | 6 +-- p11-kit/modules.c | 32 ++++++------ p11-kit/pin.c | 22 ++++----- p11-kit/tests/conf-test.c | 19 +++++-- p11-kit/tests/mock-module.c | 14 +++--- p11-kit/tests/uri-test.c | 41 +++++++++++++-- p11-kit/uri.c | 118 ++++++++++++++++++++++++++------------------ tools/p11-kit.c | 10 ++-- 20 files changed, 311 insertions(+), 234 deletions(-) commit 4671352fe2a4f56c6707322dcab0015e2e8600c4 Author: Stef Walter Date: 2012-12-17 Only initialize p11-kit libraries once * Make the gcc constructor call p11_library_init_once() common/library.c | 14 ++++++++++---- common/library.h | 6 ++++-- 2 files changed, 14 insertions(+), 6 deletions(-) commit b39c9a7792824dfa8a05926261315356d9007098 Author: Stef Walter Date: 2012-12-10 Set strict debug preconditions during testing common/tests/test-attrs.c | 4 ++++ p11-kit/tests/conf-test.c | 1 + p11-kit/tests/pin-test.c | 1 + p11-kit/tests/progname-test.c | 1 + p11-kit/tests/test-init.c | 1 + p11-kit/tests/test-modules.c | 1 + p11-kit/tests/uri-test.c | 1 + 7 files changed, 10 insertions(+) commit 3ebc9a78d4bca0b630a8b887ab93d6cc654f2cb2 Author: Stef Walter Date: 2013-01-07 Add common functions for manipulating CK_ATTRIBUTE arrays common/Makefile.am | 1 + common/attrs.c | 310 +++++++++++++++++++++++++++ common/attrs.h | 86 ++++++++ common/tests/Makefile.am | 1 + common/tests/test-attrs.c | 518 ++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- p11-kit/tests/uri-test.c | 6 +- p11-kit/uri.c | 207 +++++------------- 8 files changed, 977 insertions(+), 154 deletions(-) commit 4a0bd25fcafae57ef2ae0cfe8676eee2332d5951 Author: Stef Walter Date: 2013-01-02 Move the pkcs11.h header files into common directory * Allows use of them across the whole project * Put a stub file in the p11-kit/ directory, so we can still refer to the headers using that path, which is what it will be at when in the installed includes directory. common/Makefile.am | 7 + common/pkcs11.h | 1373 +++++++++++++++++++++++++++++++++++++++++++++++++ common/pkcs11x.h | 155 ++++++ p11-kit/Makefile.am | 3 +- p11-kit/pkcs11.h | 1413 ++------------------------------------------------- 5 files changed, 1577 insertions(+), 1374 deletions(-) commit 8fb222266c5bf9181cd934c27528507d45476dad Author: Stef Walter Date: 2013-01-08 Build common code into noinst libraries * This is cleaner than building the same source files all over the place over and over. * Works better with code coverage. common/Makefile.am | 12 ++++++++++-- common/tests/Makefile.am | 14 +++++--------- p11-kit/Makefile.am | 34 ++++++++-------------------------- p11-kit/tests/Makefile.am | 8 ++++++-- tools/Makefile.am | 12 ++++++++---- 5 files changed, 37 insertions(+), 43 deletions(-) commit 3d503948450d69293a3fdfec096e398fedf714f2 Author: Stef Walter Date: 2012-12-06 Move debug and library code into the common/ subdirectory Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally. .gitignore | 32 ++- Makefile.am | 13 +- build/Makefile.am | 11 + build/Makefile.tests | 8 + {tests => build}/cutest/CuTest.c | 0 {tests => build}/cutest/CuTest.h | 0 {tests => build}/cutest/README.txt | 0 {tests => build}/cutest/license.txt | 0 {m4 => build/m4}/.empty | 0 common/Makefile.am | 11 + p11-kit/ptr-array.c => common/array.c | 89 ++---- p11-kit/ptr-array.h => common/array.h | 35 ++- common/compat.c | 95 ++++++ common/compat.h | 123 ++++++++ {p11-kit => common}/debug.c | 20 +- {p11-kit => common}/debug.h | 74 ++--- p11-kit/hashmap.c => common/dict.c | 244 ++++++++-------- p11-kit/hashmap.h => common/dict.h | 101 +++---- common/library.c | 286 ++++++++++++++++++ common/library.h | 80 ++++++ common/tests/Makefile.am | 32 +++ common/tests/test-array.c | 194 +++++++++++++ tests/hash-test.c => common/tests/test-dict.c | 158 +++++----- configure.ac | 7 +- doc/Makefile.am | 11 +- p11-kit/Makefile.am | 54 ++-- p11-kit/conf.c | 116 ++++---- p11-kit/conf.h | 14 +- p11-kit/modules.c | 318 +++++++++++---------- p11-kit/pin.c | 78 ++--- p11-kit/private.h | 41 --- p11-kit/proxy.c | 86 +++--- {tests => p11-kit/tests}/Makefile.am | 25 +- {tests => p11-kit/tests}/conf-test.c | 201 ++++++------- .../tests}/files/system-modules/four.module | 0 .../tests}/files/system-modules/one.module | 0 .../files/system-modules/two-duplicate.module | 0 .../tests}/files/system-modules/two.badname | 0 .../tests}/files/system-modules/win32/four.module | 0 .../tests}/files/system-modules/win32/one.module | 0 .../system-modules/win32/two-duplicate.module | 0 .../tests}/files/system-modules/win32/two.badname | 0 {tests => p11-kit/tests}/files/system-pkcs11.conf | 0 {tests => p11-kit/tests}/files/test-1.conf | 0 {tests => p11-kit/tests}/files/test-pinfile | 0 {tests => p11-kit/tests}/files/test-pinfile-large | 0 .../tests}/files/test-system-invalid.conf | 0 .../tests}/files/test-system-merge.conf | 0 .../tests}/files/test-system-none.conf | 0 .../tests}/files/test-system-only.conf | 0 .../tests}/files/test-user-invalid.conf | 0 {tests => p11-kit/tests}/files/test-user-only.conf | 0 {tests => p11-kit/tests}/files/test-user.conf | 0 .../tests}/files/user-modules/one.module | 0 .../tests}/files/user-modules/three.module | 0 .../tests}/files/user-modules/win32/one.module | 0 .../tests}/files/user-modules/win32/three.module | 0 {tests => p11-kit/tests}/mock-module-ep.c | 0 {tests => p11-kit/tests}/mock-module.c | 16 +- {tests => p11-kit/tests}/mock-module.h | 0 {tests => p11-kit/tests}/pin-test.c | 4 +- {tests => p11-kit/tests}/print-messages.c | 0 {tests => p11-kit/tests}/progname-test.c | 21 +- {tests => p11-kit/tests}/test-init.c | 31 +- {tests => p11-kit/tests}/test-modules.c | 25 +- {tests => p11-kit/tests}/uri-test.c | 4 +- p11-kit/uri.c | 6 +- p11-kit/util.c | 318 ++------------------- p11-kit/util.h | 158 ---------- tests/ptr-array-test.c | 257 ----------------- 70 files changed, 1746 insertions(+), 1651 deletions(-) commit c343f355b6abfe65adc696b57b18dc57c834acbc Author: Pankaj Sharma Date: 2012-12-24 Fix leak when initializing the proxy module https://bugs.freedesktop.org/show_bug.cgi?id=58704 p11-kit/proxy.c | 2 ++ 1 file changed, 2 insertions(+) commit 8b4c3561d9681096d588d599d049a77bea68470b Author: Stef Walter Date: 2013-01-09 Documentation fixes for PIN functions p11-kit/pin.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit e8aa2fa8f3a085ca514e7b305ff91e2c77e5e6f4 Author: Pankaj Sharma Date: 2012-12-24 Fix file descriptor leak in p11_kit_pin_file_callback() * Close the file descriptor used to read the the pin file https://bugs.freedesktop.org/show_bug.cgi?id=58706 p11-kit/pin.c | 2 ++ 1 file changed, 2 insertions(+) commit 488a466935d7995c803880ed258792f8a99095c0 Author: Stef Walter Date: 2013-01-08 Distribute HACKING in the tarball Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6ac5af8deece74c383c912f2003b9650c87317b8 Author: Stef Walter Date: 2013-01-07 Fix documentation warnings. * P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably never actually be returned. But kept for API compatibility. * make distcheck doc fix doc/Makefile.am | 2 +- doc/p11-kit-sections.txt | 3 ++- p11-kit/uri.c | 9 ++++++--- 3 files changed, 9 insertions(+), 5 deletions(-) commit e2b5bba185c96bf4ecddfe22d34ace02706122b4 Author: Stef Walter Date: 2013-01-07 Guarantee that the key is freed when replaced * When setting a key in a map that already exists, then free the old key and replace with the new one. * Fix related bug where key was not properly allocated * Add tests for this https://bugs.freedesktop.org/show_bug.cgi?id=59087 p11-kit/hashmap.c | 7 ++- p11-kit/modules.c | 6 ++- tests/hash-test.c | 124 +++++++++++++++++++++++++++++++++++++++--------------- 3 files changed, 102 insertions(+), 35 deletions(-) commit 1559a3e43637406c8b56e880ba00c96bdd16462c Author: Stef Walter Date: 2012-11-14 Don't complain if we cannot access ~/.pkcs11/pkcs11.conf * If a process is running under selinux it may not be able to access the home directory of the uid that it is running as. https://bugs.freedesktop.org/show_bug.cgi?id=57115 p11-kit/conf.c | 42 +++++++++++++++++++++++++++++++++--------- p11-kit/conf.h | 1 + 2 files changed, 34 insertions(+), 9 deletions(-) commit b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea Author: Stef Walter Date: 2012-09-18 Refuse to load the p11-kit-proxy.so as a registered module * Since p11-kit-proxy.so is a symlink to the libp11-kit.so library we check that we are not calling into our known CK_FUNCTION_LIST for the proxy code. * Although such a configuration is invalid, detecting this directly prevents strange initialization loop issues that are hard to debug. https://bugs.freedesktop.org/show_bug.cgi?id=55052 p11-kit/modules.c | 14 ++++++++++---- p11-kit/private.h | 1 + p11-kit/proxy.c | 7 ++----- 3 files changed, 13 insertions(+), 9 deletions(-) commit 3e82c6182d913a3fd5cf904342a9a6fa44aef0d6 Author: Stef Walter Date: 2012-09-18 Don't fail initialization if last initialized module fails * We weren't resetting the result code after a failure, so even though failures for critical modules didn't interrupt the initialization loop, the result still leaked to callers. * Also print an error message clearly indicating that a module failed to initialize, regardless of whether critical or not. https://bugs.freedesktop.org/show_bug.cgi?id=55051 p11-kit/modules.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 37889e5f7ca5e2e45442f98dc84efb70d2acf907 Author: Stef Walter Date: 2012-09-06 Release version 0.14 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit bb6949da2fd071d879a13f8e24389fef697b451a Author: Stef Walter Date: 2012-09-06 Change the default of 'user-config' to merge. * This allows user configured PKCS#11 modules by default. * Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf to go back to the previous behavior. * Posted to the mailing list. doc/p11-kit-config.xml | 4 ++-- p11-kit/conf.c | 2 +- p11-kit/pkcs11.conf.example.in | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) commit 56860b7f72c444eed5923e11d735b85b630a171d Author: Antoine Jacoutot Date: 2012-08-23 configure.ac: Fix bogus comma, and fix up spacing * Fixes a mistake in the previous commit https://bugs.freedesktop.org/show_bug.cgi?id=53706 configure.ac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 359bb15bc83484e4de69fa8dbc9113d97817d01e Author: Antoine Jacoutot Date: 2012-08-21 Use AC_LANG_PROGRAM to detect program_invocation_short_name functionality Were erroneusly detecting program_invocation_short_name on OpenBSD https://bugs.freedesktop.org/show_bug.cgi?id=53706 configure.ac | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 61abcb61e8b8e988dd03cfd4553f29132a8ca38a Author: Rob McMahon Date: 2012-07-31 Fix build on solaris * Conditional inclusion of the errno.h header * Link librt when appropriate for nanosleep https://bugs.freedesktop.org/show_bug.cgi?id=52261 common/compat.h | 4 ++++ configure.ac | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) commit 76180db6b326f8c87aef5b3eded9463432ce8d82 Author: Dan Winship Date: 2012-07-27 Always encode the "id" attribute in URIs Per recommendation of the spec. https://bugs.freedesktop.org/show_bug.cgi?id=52606 p11-kit/uri.c | 24 ++++++++++++++---------- tests/uri-test.c | 2 +- 2 files changed, 15 insertions(+), 11 deletions(-) commit c6fc7b3ac4c6d4595f17989cff220d6d6dafe620 Author: Stef Walter Date: 2012-07-17 Initialize mutexes correctly in mock module https://bugzilla.gnome.org/show_bug.cgi?id=44740 tests/mock-module-ep.c | 1 + tests/mock-module.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) commit 1f428d62a13e481aa51d1fcee0c4652dc9ef7a72 Author: Stef Walter Date: 2012-07-17 Fix warning on windows https://bugzilla.gnome.org/show_bug.cgi?id=44740 tests/conf-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 542cb48951b7c4c21ca3669d07bf936b0fa58b42 Author: Stef Walter Date: 2012-07-17 Don't rely on loading order for duplicate modules * We had relied on module 'two' loading before 'two-duplicate' in the conf tests. However this isn't always the case, and the name of the module can end up as 'two-duplicate' https://bugzilla.gnome.org/show_bug.cgi?id=44740 tests/Makefile.am | 7 ++++++- tests/files/system-modules/four.module | 3 +++ tests/files/system-modules/two.badname | 2 -- tests/files/system-modules/win32/four.module | 3 +++ tests/test-modules.c | 6 +++--- 5 files changed, 15 insertions(+), 6 deletions(-) commit 06595e93ff57e97adbb313aebc50a2e32acd6039 Author: Stef Walter Date: 2012-07-17 Use Windows thread ids instead of handles for comparisons * It seems that the HANDLE's returned from GetCurrentThread are often equal for two threads. GetCurrentThreadID doesn't have this problem. * Separate our cross platform thread_t and thread_id_t types even though on unix they're the same thing. https://bugzilla.gnome.org/show_bug.cgi?id=44740 p11-kit/modules.c | 6 +++--- p11-kit/util.h | 11 ++++++++--- 2 files changed, 11 insertions(+), 6 deletions(-) commit 356377709cd1de1308d9d8cf15f528578a360cf3 Author: Stef Walter Date: 2012-07-17 Use correct shared library extension on windows * The windows shared libraries have the .dll extension * This means we also need separate directories for the test module configs on win32 https://bugzilla.gnome.org/show_bug.cgi?id=44740 configure.ac | 4 ++++ p11-kit/Makefile.am | 14 ++++++++++++++ tests/files/system-modules/win32/one.module | 3 +++ tests/files/system-modules/win32/two-duplicate.module | 3 +++ tests/files/system-modules/win32/two.badname | 5 +++++ tests/files/user-modules/win32/one.module | 2 ++ tests/files/user-modules/win32/three.module | 5 +++++ tests/test-init.c | 2 +- 8 files changed, 37 insertions(+), 1 deletion(-) commit f10d361a5b523ce7f9289ba8d45ccd847510d619 Author: Stef Walter Date: 2012-07-16 Use '.module' extension on module configs * And want alphanumeric/_.- filenames * Currently this is just a warning, soon it will be enforced * The name of a module does not include the extension Andreas Metzler and Ubuntu both worked on this patch, and I've made some more changes. See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436 https://bugs.freedesktop.org/show_bug.cgi?id=52158 doc/p11-kit-config.xml | 7 ++- p11-kit/conf.c | 56 ++++++++++++++++++++-- tests/conf-test.c | 23 ++++++--- tests/files/system-modules/{one => one.module} | 0 tests/files/system-modules/two | 5 -- .../{two-duplicate => two-duplicate.module} | 0 tests/files/system-modules/two.badname | 7 +++ tests/files/user-modules/{one => one.module} | 0 tests/files/user-modules/{three => three.module} | 0 tests/test-modules.c | 4 +- 10 files changed, 82 insertions(+), 20 deletions(-) commit c0251b132cad98318be0565f676b9fa92dd1b8b4 Author: Stef Walter Date: 2012-07-24 Fix compiler warning about uninitialized variable p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 45c4936ba0d5e3de7813c47811b277bed1c71576 Author: Stef Walter Date: 2012-07-24 Don't use strict aliasing during compilation * Due to the way in which we pass pointers of different types to _p11_hash_iter_next() configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5cd198107374ff1879767679d29df0ce78f9427f Author: Stef Walter Date: 2012-07-17 Fix getprogname() running under wine * Wine uses normal slashes instead of backslashes on windows common/compat.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d51914b6483b7ddc806ee3861084aa98ee97a7fb Author: Stef Walter Date: 2012-07-17 Use EFBIG as the error code when pin file is too large * The previous EOVERFLOW was not supported on mingw p11-kit/pin.c | 2 +- tests/pin-test.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 4a6a685c03bd92566c1656f1af3662ca7deecefa Author: Stef Walter Date: 2012-07-16 Don't define duplicate symbols * clang was giving a build failure here. tests/mock-module.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 023efacf30a7ae4ee5a76f909f973fa5058bb7b9 Author: Stef Walter Date: 2012-07-16 Release version 0.13 NEWS | 14 ++++++++++++++ configure.ac | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) commit 413ca6be40a4f9351f12030c791544edd5a52e16 Author: Stef Walter Date: 2012-06-29 Don't allow reading of pin files larger than 4096 bytes * p11_kit_pin_file_callback() only returns pins up to 4096 bytes now p11-kit/pin.c | 19 +++++++++------ tests/files/test-pinfile-large | 53 ++++++++++++++++++++++++++++++++++++++++++ tests/pin-test.c | 26 +++++++++++++++++++++ 3 files changed, 91 insertions(+), 7 deletions(-) commit da2606bfbbdbd36d5e42bf2acf614735dfc515d2 Author: Stef Walter Date: 2012-06-29 Win32 build fixes * Remove unused functions * Use getprogname() instead of calc_progname() which no longer exists * Fix up exporting of functions in the mock module common/compat.c | 11 +++++++---- configure.ac | 2 ++ p11-kit/util.c | 26 -------------------------- tests/mock-module-ep.c | 1 + 4 files changed, 10 insertions(+), 30 deletions(-) commit 89602ce99feb7e8c5a37634c3f577532f82eddbd Author: Stef Walter Date: 2012-06-27 tools: Don't barf when p11-kit -h tools/p11-kit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 483db3ee5d0c0e92dd8ecd8bf0cbefaa6254b6eb Author: Stef Walter Date: 2012-06-27 If a module is not marked 'critical' then ignore failure * Ignore failure when initializing registered modules when 'critical' is not set on a module. p11-kit/modules.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 59774b11eb478cc714a6c5da937e89c6089fd833 Author: Stef Walter Date: 2012-06-08 Fix the flags in pin.h * Due to a brain fart the P11_KIT_PIN_* flags were not bit flags but decimal numbers. * This necessarily breaks API/ABI for users of the P11_KIT_PIN_FLAGS_RETRY, P11_KIT_PIN_FLAGS_MANY_TRIES and P11_KIT_PIN_FLAGS_FINAL_TRY flags. But those wouldn't have worked anyway. p11-kit/pin.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit caa953cba4d2d0cdd4823eb2f1c4f24bbf18a231 Author: Stef Walter Date: 2012-05-13 Preconditions to check for input probs and out of memory * We don't try to guarantee completely robust and problem free behavior in cases where the caller or process isn't behaving. We consider these to be outside of our control. HACKING | 31 ++++++++++++ p11-kit/conf.c | 76 +++++++++--------------------- p11-kit/debug.c | 19 ++++++++ p11-kit/debug.h | 30 ++++++++++++ p11-kit/modules.c | 85 +++++++++++++++++---------------- p11-kit/pin.c | 138 ++++++++++++++++++++++++++---------------------------- p11-kit/proxy.c | 27 ++++------- p11-kit/uri.c | 112 ++++++++++++++++++++------------------------ p11-kit/uri.h | 4 +- p11-kit/util.c | 9 ---- p11-kit/util.h | 2 - tests/Makefile.am | 3 +- tests/test-init.c | 68 ++++++++++++++++++++++++++- tests/uri-test.c | 12 ++++- 14 files changed, 352 insertions(+), 264 deletions(-) commit 7bd4114182fcc86cd2515708fdf4d76622e0237d Author: Stef Walter Date: 2012-05-13 Use gcc extensions to check varargs during compile * Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check correct printf and NULL terminated style varargs common/compat.h | 24 ++++++++++++++++++------ p11-kit/conf.c | 11 ++++++++--- p11-kit/debug.h | 4 +++- p11-kit/modules.c | 7 +++++-- p11-kit/private.h | 4 +++- tests/Makefile.am | 1 + 6 files changed, 38 insertions(+), 13 deletions(-) commit 14b0be4353e5c4464cb9f61e419a2f8caf8757d0 Author: Stef Walter Date: 2012-05-01 Fix test modules linking errors * And display warning messages in the debug output p11-kit/Makefile.am | 2 ++ p11-kit/util.c | 1 + 2 files changed, 3 insertions(+) commit fed549ee2049a318081cfce3fde01ae625263d98 Author: Stef Walter Date: 2012-05-01 Provide compat getprogname() implementations on other OS's * And use them in our replacement err() and p11_kit_set_progname() common/compat.c | 87 +++++++++++++++++++++++++++++++++++++++-------------- common/compat.h | 10 ++++-- p11-kit/Makefile.am | 7 ++++- p11-kit/util.c | 38 ++--------------------- tools/Makefile.am | 1 + tools/p11-kit.c | 2 +- 6 files changed, 81 insertions(+), 64 deletions(-) commit a3bcb9037ddf6657f79f0aae42aa83dd2b8f6b14 Author: Stef Walter Date: 2012-04-30 Move the compat.[ch] headers into common directory/ * And the compat stuff in the p11-kit directory merged into util.c and util.h {tools => common}/compat.c | 0 {tools => common}/compat.h | 0 p11-kit/Makefile.am | 3 +- p11-kit/compat.c | 114 ---------------------------------- p11-kit/compat.h | 149 --------------------------------------------- p11-kit/conf.c | 2 +- p11-kit/debug.c | 1 - p11-kit/private.h | 2 +- p11-kit/util.c | 66 ++++++++++++++++++++ p11-kit/util.h | 111 +++++++++++++++++++++++++++++++++ tests/mock-module.c | 2 +- tests/test-init.c | 2 +- tools/Makefile.am | 3 +- tools/p11-kit.c | 4 +- 14 files changed, 186 insertions(+), 273 deletions(-) commit eeb40dccb63682367e03f52750355bf5951edff7 Author: Stef Walter Date: 2012-04-16 Doc tweaks for PIN functionality p11-kit/pin.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) commit 85f9d306832964f6d6412392f335e1fa3f3efd8b Author: Stef Walter Date: 2012-04-02 Add tests for enable-in and disable-in p11-kit/Makefile.am | 8 +-- p11-kit/modules.c | 4 +- tests/Makefile.am | 4 +- tests/conf-test.c | 16 ++--- tests/files/system-modules/two | 4 +- tests/files/system-pkcs11.conf | 3 + tests/files/user-modules/three | 4 +- tests/test-modules.c | 156 ++++++++++++++++++++++++++++++++++++++--- 8 files changed, 171 insertions(+), 28 deletions(-) commit d4c5661a695b5fc4a0126a4583e30ef70aea54ac Author: Stef Walter Date: 2012-04-02 Build some test modules for testing main p11-kit functionality * And put together a test for duplicate modules p11-kit/Makefile.am | 29 ++++++-- tests/Makefile.am | 32 +++++++-- tests/conf-test.c | 16 ++--- tests/files/system-modules/one | 2 +- tests/files/system-modules/two | 2 +- tests/files/system-modules/two-duplicate | 3 + tests/files/user-modules/three | 2 +- tests/mock-module-ep.c | 50 ++++++++++++++ tests/test-modules.c | 111 +++++++++++++++++++++++++++++++ 9 files changed, 225 insertions(+), 22 deletions(-) commit c43038d82edcfd878ff66e3aa7fe247f53876f9b Author: Stef Walter Date: 2012-02-27 Add more p11-kit cleanup to fix valgrind leak reports * per-thread memory isn't actually a real memory leak, but was still reachable after exit, so clean this up. p11-kit/util.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit ff9926b8dcead91e7fc6d08d0ca1d2d8cc982308 Author: Stef Walter Date: 2012-04-01 Fix crasher when a duplicate module is present p11-kit/modules.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit a899d9be0cab72dcfe00f100527c52ea598fed70 Author: Stef Walter Date: 2012-04-01 Add enable-in and disable-in options to module config * These can be used to load certain modules in certain programs, or prevent loading in others. * Useful for a key manager like seahorse, so we can load extra modules (think NSS) that other modules shouldn't load. .gitignore | 2 + configure.ac | 12 ++++- doc/p11-kit-config.xml | 27 +++++++++++ doc/p11-kit-sections.txt | 1 + p11-kit/modules.c | 75 ++++++++++++++++++++++++++++++- p11-kit/p11-kit.h | 2 + p11-kit/private.h | 4 ++ p11-kit/util.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++- tests/Makefile.am | 2 + tests/progname-test.c | 110 +++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 346 insertions(+), 4 deletions(-) commit af8d28014f97ab0d9e4d00961e72aefd7adb470b Author: Stef Walter Date: 2012-03-27 Fix broken hashmap behavior * We were relying on undefined gcc behavior related to the & operator. * This would show up as a test failure when running with -O2 on certain GCC versions, as well as failure on clang 3.1 p11-kit/hashmap.c | 12 +++++------- tests/hash-test.c | 2 -- 2 files changed, 5 insertions(+), 9 deletions(-) commit f40f63c2b608a399df431df366bf681e6b2bb20e Author: Stef Walter Date: 2012-03-19 Remove p11-kit.pot file from git * Generated automatically .gitignore | 1 + po/p11-kit.pot | 343 --------------------------------------------------------- 2 files changed, 1 insertion(+), 343 deletions(-) commit bbd0c4dcde10197df1473ffc5641cafe2173a676 Author: Stef Walter Date: 2012-03-09 Release version 0.12 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 300c84133390363a543854e5cd0ac3dd9018544e Author: Simon Josefsson Date: 2012-03-08 Fix build problem due to pthread extensions usage See: http://ipozgaj.blogspot.com/2006/08/posix-threads-and-manual-pages-rant.htm configure.ac | 1 + 1 file changed, 1 insertion(+) commit 632e268fa86ad8ba55d34044ccc325c20c8fc0c7 Author: Stef Walter Date: 2012-02-07 Release 0.11 NEWS | 3 +++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) commit 53c34e8ff80500d6ef9366453e88c27a3a52ee46 Author: Stef Walter Date: 2012-01-23 Remove automatic reinitialization of PKCS#11 after fork * First of all one should only call async-signal-safe functions from the callbacks of pthread_atfork(), and so we cannot reinitialize directly. * Some modules use pthread_atfork() to detect forking and setup their internal state. If we call into them in our pthread_atfork() callback then this is inherently racy. * There was danger of endless loops and deadlocks which are caused by handlers which fork in their C_Initialize * Many processes do fork/exec, reinitializing PKCS#11 for these forks is quite resourc intensive when the child process won't use PKCS#11 at all. p11-kit/modules.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) commit 001d59596a37369d094edcace455f611d9f55908 Author: Stef Walter Date: 2012-01-03 Release version 0.10 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 049e556d043aa6ecfbf32a70dae6e7e5e8eb69d3 Author: Stef Walter Date: 2012-01-02 Fix build warning on mingw64 p11-kit/hashmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 83dcc15d1d97218004137769ff68e2e8119f1d80 Author: Andreas Metzler Date: 2011-12-23 Compile CuTest.c separately. Use regular compile and link instead of having #include "CuTest.c" in every test. Works around gcc optimization issue. tests/Makefile.am | 10 +++++++++- tests/conf-test.c | 2 -- tests/hash-test.c | 2 -- tests/pin-test.c | 2 -- tests/ptr-array-test.c | 2 -- tests/test-init.c | 2 -- tests/uri-test.c | 2 -- 7 files changed, 9 insertions(+), 13 deletions(-) commit 2da833b0ca9539c12745d2f9fef1e7be7c7792dc Author: Stef Walter Date: 2011-12-20 Reorganize tests, work around optimization bug * Encountered a gcc optimization bug in gcc 4.6.1 which seems to be reordering related function calls eroneously. This bug seems to be fixed in 4.6.2. * Reorganize test code to get around this bug building on mingw, and ubuntu 11.10, both of which use gcc 4.6.1 tests/hash-test.c | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) commit 9328bb7f0aed047dea47e8674e19865d90d423a5 Author: Andreas Metzler Date: 2011-12-09 Run tests correctly in automake * This allows failing tests to stop the build tests/Makefile.am | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 336d8af58ea3d00a20a56937b11236a6bf2679dd Author: Michael Cronenworth Date: 2011-11-25 Build fix for MinGW w64 p11-kit/compat.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit e18725f71e0f070a54d763cbba7797031828dd95 Author: Stef Walter Date: 2011-11-14 Release version 0.9 NEWS | 6 ++++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) commit d3dfc6968e54b919c90967a486d20066b0f5bf57 Author: Stef Walter Date: 2011-11-02 Reduce autofoo dependencies * automake 1.10 (although can benefit from some 1.11 features) * autoconf 2.61 configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9ccc74f384ee100ec522e012ea543437b1df123c Author: Stef Walter Date: 2011-11-01 An intelligent error message when gettextize is not around autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7370d64c18b795a63eda40efcc9e786b821cb7f7 Author: Stef Walter Date: 2011-10-30 p11-kit can't be used as a static library * It just doesn't make sense. * The initialization refcounting in particular can only work as a shared library. configure.ac | 4 ++++ 1 file changed, 4 insertions(+) commit df0ed92f44fa168c0d02866796f3707687f43214 Author: Stef Walter Date: 2011-10-29 Fix problems crashing when freeing TLS on windows p11-kit/util.c | 2 ++ 1 file changed, 2 insertions(+) commit 922d53016955c0ff2d6d830d726f0d1ea3a5804b Author: Stef Walter Date: 2011-10-29 Add debug output to windows init and uninit of library p11-kit/util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit c940667c434fe64cf4d01cec0873044c54e7f174 Author: Stef Walter Date: 2011-10-29 Make build not depend on gtk-doc or pkg-config * If enabled, gtk-doc can be used, but we no longer expect the gtkdoc autoconf/automake macro files to be installed. * pkg-config is no longer used for checks. * We still do install pkg-config files, and this is the preferred way to build against and link to p11-kit. configure.ac | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) commit 0792fefb2bc9d5db038b48855f0b1bb138653332 Author: Stef Walter Date: 2011-10-29 Handle build case when gettextize is not available or not installed autogen.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 969bcab592878322e410f4342a61fccc06b9addd Author: Stef Walter Date: 2011-10-27 Fix build with clang * Just removed some unused functions that used GNUC extensions tests/cutest/CuTest.c | 10 ---------- tests/cutest/CuTest.h | 5 ----- 2 files changed, 15 deletions(-) commit 77bab108dd2a7d1c55468cc991c22397fb5f8ba5 Author: Dr. Volker Zell Date: 2011-10-25 Fix broken build on cygwin and mingw * Add correct linking options for libintl p11-kit/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) commit 69f7eaa0508326f07832b91557f9e1ad8e6864c6 Author: Michael Cronenworth Date: 2011-10-25 Fix broken build on windows * The debug_init() call needed a rename to _p11_debug_init() to match the non-Win32 code. p11-kit/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 190aee9cdf44d257333d7ef9e29113a07f1516c9 Author: Stef Walter Date: 2011-10-24 Release version 0.8 NEWS | 7 +++++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) commit 138c046a5ff1b0e532896b4d640c0cba6ead4027 Author: Stef Walter Date: 2011-10-24 More fixes for non-static function names * See previous commit * Initialize library before debug statements p11-kit/conf.c | 8 +++---- p11-kit/debug.c | 7 ------- p11-kit/debug.h | 16 +++++++------- p11-kit/modules.c | 62 +++++++++++++++++++++++++++---------------------------- p11-kit/proxy.c | 14 ++++++++----- p11-kit/uri.c | 2 +- 6 files changed, 53 insertions(+), 56 deletions(-) commit 5507dc4946f0a68cece5ec9e7096e0f9b8c55984 Author: Stef Walter Date: 2011-10-24 Rename non-static functions to have a _p11_xxx prefix. * Work around issues with brain-dead linkers not respecting the libtool -export-symbol-regex argument https://bugs.freedesktop.org/show_bug.cgi?id=42020 p11-kit/compat.c | 8 +-- p11-kit/compat.h | 48 +++++++-------- p11-kit/conf.c | 36 +++++------ p11-kit/debug.c | 17 +++--- p11-kit/debug.h | 12 ++-- p11-kit/hashmap.c | 68 +++++++++++++-------- p11-kit/hashmap.h | 63 +++++++++---------- p11-kit/modules.c | 110 ++++++++++++++++----------------- p11-kit/pin.c | 40 ++++++------ p11-kit/private.h | 4 +- p11-kit/proxy.c | 18 +++--- p11-kit/ptr-array.c | 28 +++++---- p11-kit/ptr-array.h | 14 ++--- p11-kit/uri.c | 2 +- p11-kit/util.c | 12 ++-- p11-kit/util.h | 2 +- tests/conf-test.c | 140 +++++++++++++++++++++--------------------- tests/hash-test.c | 162 ++++++++++++++++++++++++------------------------- tests/mock-module.c | 10 +-- tests/ptr-array-test.c | 122 ++++++++++++++++++------------------- tests/test-init.c | 22 +++---- tests/uri-test.c | 5 +- 22 files changed, 484 insertions(+), 459 deletions(-) commit db92b76e3acb11e330309ebce071ec2e61400a71 Author: Stef Walter Date: 2011-10-17 Initial port to win32 * Tests do not all yet pass, at least not on wine * Added abstraction of some non-portable functions in compat.h/c * Build with an argument like this for win32 support: ./autogen.sh --host=i586-mingw32msvc * This win32 port needs more work from interested parties .gitignore | 3 + configure.ac | 35 ++++++-- doc/Makefile.am | 2 +- p11-kit/Makefile.am | 1 + p11-kit/compat.c | 114 ++++++++++++++++++++++++++ p11-kit/compat.h | 143 ++++++++++++++++++++++++++++++++ p11-kit/conf.c | 64 ++++++++++----- p11-kit/debug.c | 31 +++---- p11-kit/debug.h | 2 + p11-kit/modules.c | 104 +++++++++++------------- p11-kit/private.h | 40 +++++++-- p11-kit/proxy.c | 7 +- p11-kit/util.c | 188 +++++++++++++++++++++++++++++++++++-------- tests/Makefile.am | 16 ++-- tests/conf-test.c | 2 + tests/mock-module.c | 20 +++-- tests/mock-module.h | 1 + tests/pin-test.c | 3 + tests/test-init.c | 56 +++++++------ tools/Makefile.am | 4 + tools/compat.c | 228 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/compat.h | 63 +++++++++++++++ tools/p11-kit.c | 5 +- 23 files changed, 952 insertions(+), 180 deletions(-) commit b1d9fd5f88ade222fbd2206c7e11c5514c8b5634 Author: Stef Walter Date: 2011-10-10 Fix up the build options. * --enable-debug turns off optimization * --disable-debug turns off debugging output, debug symbols * --enable-strict turns on -Werror configure.ac | 123 ++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 66 insertions(+), 57 deletions(-) commit 73880f950a7dadf712730222ac1b6ea11400746f Author: Stef Walter Date: 2011-10-10 Only call C_Initialize and C_Finalize once per module * Do not concurretnly call C_Initialize or C_Finalize in a module * The PKCS#11 spec indicates that mone thread should call those functions. * It's reasonable for a module to expect to only be initialized or finalized in one thread. * In particular NSS does not lock its C_Initialize or C_Finalize. p11-kit/modules.c | 117 ++++++++++++++++++++++++++++------------------------ tests/mock-module.c | 4 +- tests/test-init.c | 105 +++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 168 insertions(+), 58 deletions(-) commit 630ce95d7b9ec3ac3cbe71f75910711369274314 Author: Stef Walter Date: 2011-10-10 Combine initialization tests tests/Makefile.am | 14 ++---- tests/{test-fork.c => test-init.c} | 34 ++++++++++++- tests/test-recursive.c | 98 -------------------------------------- 3 files changed, 36 insertions(+), 110 deletions(-) commit d5a004ded8a0acdb7aa2100b8e116f19d0d9e402 Author: Stef Walter Date: 2011-10-10 Don't allow recursive calling of C_Initialize on a given module. p11-kit/modules.c | 9 ++++- tests/Makefile.am | 10 ++++-- tests/test-recursive.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 3 deletions(-) commit 591c1c14f2ebbcbc3f621456e31e2af1d26820b8 Author: Stef Walter Date: 2011-10-10 Rename p11-kit test .gitignore | 2 ++ tests/Makefile.am | 6 +++--- tests/{p11-test.c => test-fork.c} | 0 3 files changed, 5 insertions(+), 3 deletions(-) commit 85d9078be0456de8014a6f186f3916ddb01792d2 Author: Pino Toscano Date: 2011-09-30 Don't use PATH_MAX unless its defined * Fixes build on GNU/Hurd https://bugs.freedesktop.org/show_bug.cgi?id=41303 p11-kit/modules.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 639aa9e38692ba5001987bb496e10cca14880807 Author: Stef Walter Date: 2011-09-28 Print more information in 'p11-kit -l' tools/p11-kit.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) commit 67b52ed7d7f298f64be5ead41deeeebab1238d47 Author: Stef Walter Date: 2011-09-27 Release 0.7 NEWS | 5 +++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) commit d3e245f579d917d1393624b6ecf3ae0c3748bbb3 Author: Stef Walter Date: 2011-09-27 Don't expand p11-kit config variables in configure. * Expand them later in Makefile and pkg-config file configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit fcb71c3962314b48e9f8bd7f82673fa4e065607d Author: Stef Walter Date: 2011-09-26 Add test tool to print out error messages * Allows checking of translations .gitignore | 1 + tests/Makefile.am | 3 +- tests/print-messages.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 140 insertions(+), 1 deletion(-) commit a1cc80045864777db8c77e711f0a8efaad949c3e Author: Andreas Metzler Date: 2011-09-26 Fix quoting of build variables https://bugs.freedesktop.org/show_bug.cgi?id=40985 p11-kit/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a081b6652acc9d9a9af22a266f9175f689b8c5d1 Author: Stef Walter Date: 2011-09-19 Expand the libdir path correctly https://bugs.freedesktop.org/show_bug.cgi?id=40985 configure.ac | 6 ------ p11-kit/Makefile.am | 9 ++++++++- 2 files changed, 8 insertions(+), 7 deletions(-) commit 8054865325fdb2221f3e425d04d9e03f6475553e Author: Roman Bogorodskiy Date: 2011-09-15 Add #include for PATH_MAX to fix compilation on FreeBSD. https://bugs.freedesktop.org/show_bug.cgi?id=40923 p11-kit/modules.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 67dc760cec1653e9571b7c4e2bada3992c2b8361 Author: Stef Walter Date: 2011-09-14 Release version 0.6 NEWS | 5 +++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) commit 11f3f0effb14be788e320d2f75b0d2d769058966 Author: Stef Walter Date: 2011-09-14 Add documentation about the configuration paths * Default module path * How to lookup paths using pkg-config doc/p11-kit-config.xml | 37 ++++++++++++++++++++++--------------- doc/p11-kit-docs.sgml | 1 + doc/p11-kit-notes.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ doc/p11-kit.xml | 3 +++ doc/style.css | 2 ++ 5 files changed, 76 insertions(+), 15 deletions(-) commit 927d2e5927ddad1eafe94c0bcadd76cd73d6297a Author: Kalev Lember Date: 2011-09-14 When a module has a relative path, load it from $libdir/pkcs11 So far we have only supported full paths to the pkcs11 modules in config files. This change adds relative path support, so that for modules installed under the standard $libdir/pkcs11, the config file won't have to spell out the full path. configure.ac | 9 ++++++++ p11-kit/modules.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++--- p11-kit/p11-kit-1.pc.in | 1 + 3 files changed, 68 insertions(+), 3 deletions(-) commit 138c1efa9af4893536fb7c3a90d3cb1ac24cea89 Author: Kalev Lember Date: 2011-09-14 Rename pkgconfig configuration directory variables Renamed them to reduce ambiguity and to pave the way for exposing some additional parameters. p11_system_modules -> p11_system_config_modules p11_user_modules -> p11_user_config_modules configure --with-pkcs11-dir => configure --with-system-config configure.ac | 50 ++++++++++++++++++++++-------------------- p11-kit/Makefile.am | 2 +- p11-kit/modules.c | 5 +++-- p11-kit/p11-kit-1.pc.in | 10 +++++---- p11-kit/pkcs11.conf.example.in | 2 +- 5 files changed, 37 insertions(+), 32 deletions(-) commit 1cecad87a968ab6441b020fafb95f991b97e84b3 Author: Stef Walter Date: 2011-08-31 Release version 0.5 NEWS | 5 +++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) commit e06009c33616d07a0687d0adbb5c59ec1c8965af Author: Stef Walter Date: 2011-08-30 Don't crash if p11_kit_registered_modules() called after failed init p11-kit/modules.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit fbdb10edfa39ada801af187dd3abaa5c8bf2ae6b Author: Stef Walter Date: 2011-08-30 Remove useless typedef p11-kit/conf.h | 2 -- 1 file changed, 2 deletions(-) commit 21b64c68e6a5ffcae50f3561f6dec6ee943a006f Author: Stef Walter Date: 2011-08-30 Add 'critical' setting for modules * When a module has critical set to 'yes', and that module fails to init then it aborts the entire init process. * Defaults to 'no' doc/p11-kit-config.xml | 24 ++++++++++++++++++++++-- p11-kit/conf.c | 18 ++++++++++++++++++ p11-kit/conf.h | 3 +++ p11-kit/modules.c | 7 ++++++- 4 files changed, 49 insertions(+), 3 deletions(-) commit 25512ca5a03d723a84d6de67a7036188d08ec21b Author: Stef Walter Date: 2011-08-24 Fix bugs in the p11-kit proxy module. * Initialize the mappings properly * Lookup session handles correctly * Debug initialization and finalization p11-kit/debug.c | 1 + p11-kit/debug.h | 3 ++- p11-kit/proxy.c | 42 ++++++++++++++++++++++++++++-------------- 3 files changed, 31 insertions(+), 15 deletions(-) commit 61c925fda7385392b3961f0b44049b9ff7a68093 Author: Stef Walter Date: 2011-08-19 Release version 0.4 NEWS | 8 ++++++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) commit ae95625311e98caa3cccf82d24a3b612df11b26d Author: Stef Walter Date: 2011-08-19 Ignore spaces in PKCS#11 URIs * These should be able to occur anywhere and should be ignored according to RFC 3986. This is documented in the PKCS#11 URI specification. p11-kit/uri.c | 85 ++++++++++++++++++++++++++++++++++++++++++-------------- p11-kit/uri.h | 4 +-- tests/uri-test.c | 24 ++++++++++++++++ 3 files changed, 90 insertions(+), 23 deletions(-) commit d4abb441450deceff760086dcdf9d493b258074a Author: Stef Walter Date: 2011-08-14 Fix endless loop if module forks during initialization. * If a module forks during its C_Initialize, previously our fork handler would try to initialize it again, ad nauseum. Reported by Nikos on the mailing list. .gitignore | 1 + p11-kit/modules.c | 12 +- tests/Makefile.am | 30 +- tests/mock-module.c | 886 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/mock-module.h | 336 ++++++++++++++++++++ tests/p11-test.c | 114 +++++++ 6 files changed, 1354 insertions(+), 25 deletions(-) commit 43169c520292397439bd70fb74e9505d371f7c72 Author: Stef Walter Date: 2011-08-14 Safer initialization of individually initialized module. * More checks for out of memory. * Take more of the same code paths when initializing a single module as when initializing registered, or loading from file. * Cleanup halfway initialized globals if fail during init. p11-kit/modules.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) commit 1e2011a308500632a9fbfb541dafcd73d796f3d5 Author: Stef Walter Date: 2011-08-05 Update PKCS#11 URI code for new draft of spec * pinfile attribute was renamed to pin-source * objecttype attribute was renamed to object-type * secretkey value was renamed to secret-key We continue to support parsing the old attribute names and values but generate URIs with the new ones. doc/Makefile.am | 2 +- doc/p11-kit-sections.txt | 2 + p11-kit/pin.c | 126 +++++++++++++++++++++++------------------------ p11-kit/pin.h | 10 ++-- p11-kit/uri.c | 83 +++++++++++++++++++++---------- p11-kit/uri.h | 9 ++++ tests/pin-test.c | 38 +++++++------- tests/uri-test.c | 60 +++++++++++----------- 8 files changed, 185 insertions(+), 145 deletions(-) commit 0a2fd044770d645b7707d2b4926a3214147973a8 Author: Stef Walter Date: 2011-08-03 Don't fail when duplicate modules are configured. * Duplicate modules may be caused by editor backups, misconfigurations or a multitude of other sources. Failing dead is a bit harsh. * After discussing gnutls needs with Nikos p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3b78f626872c637339a3302b8f0607c778aef92c Author: Stef Walter Date: 2011-08-03 Better debug output for initialization and loading modules. p11-kit/modules.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit ca48cb81f8e1465fdc4e4b504ea9da0324b30658 Author: Stef Walter Date: 2011-08-03 Fix broken debug arguments p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e938d137fee800605b5c11d0c2aa6eae90e205eb Author: Stef Walter Date: 2011-08-01 Add example configuration documentation. * And also install example pkcs11.conf file. .gitignore | 1 + configure.ac | 7 ++++-- doc/p11-kit-config.xml | 48 ++++++++++++++++++++++++++++++++++++++++++ p11-kit/Makefile.am | 6 +++++- p11-kit/pkcs11.conf.example.in | 9 ++++++++ 5 files changed, 68 insertions(+), 3 deletions(-) commit dd6b2c11794a74a33bfa53fec9892cb0c7007e80 Author: Stef Walter Date: 2011-07-29 Release version 0.3 NEWS | 5 +++++ README | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) commit 24d5da1bfa82e296872ae1ef62dbc073780edf20 Author: Roman Bogorodskiy Date: 2011-07-28 Fix building with NLS enabled. https://bugs.freedesktop.org/show_bug.cgi?id=39622 tests/Makefile.am | 17 +++++++++++------ tools/Makefile.am | 3 ++- 2 files changed, 13 insertions(+), 7 deletions(-) commit 8f4923bcaa66809aa247859b48f2d67d8950097e Author: Roman Bogorodskiy Date: 2011-07-28 Use AC_SEARCH_LIBS instead of AC_CHECK_LIB for dlopen() to fix on *BSD. https://bugs.freedesktop.org/show_bug.cgi?id=39622 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1b63063e0da8518e89b485bc4d2827ba2e3fdcf Author: Stef Walter Date: 2011-07-28 Make p11-kit-proxy.so link point to libp11-kit.so.0.0.0 * The link now points to the actual library, rather than to another link. https://bugzilla.redhat.com/show_bug.cgi?id=725905 p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit daec3faa85c4f463e3b13688f2bc2bbd1b2ae106 Author: Stef Walter Date: 2011-07-27 Add libtool style versioning variables to p11-kit configure.ac | 16 ++++++++++++++++ p11-kit/Makefile.am | 4 +++- po/p11-kit.pot | 4 ++-- 3 files changed, 21 insertions(+), 3 deletions(-) commit fb0952dbeb607542b7feab80b1bbd2b1258cd15f Author: Stef Walter Date: 2011-07-27 Fix bug in hashtable rewrite. * Initialization mixup. p11-kit/hashmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9add486d5bbb2ac6a3566e21d729107c26de77a3 Author: Stef Walter Date: 2011-07-27 Cleanup documentation warnings * After recent hash table rewrite we should be ignoring the new file. doc/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4454fc36a0dd9b6e99e302769084b2964eef34c1 Author: Stef Walter Date: 2011-07-27 Create a link for the proxy module. * Install proxy module at its own path which is not prefixed by 'lib' * Since the proxy module is the same as the library, and actually needs to be loaded as the same library in memory (due to resource tracking per process), use a symlink for proxy. * Add a variable to the pkg-config file which shows the path to the proxy module. ie: $ pkg-config --variable=proxy_module p11-kit-1 https://bugzilla.redhat.com/show_bug.cgi?id=725905 p11-kit/Makefile.am | 6 +++++- p11-kit/p11-kit-1.pc.in | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) commit 308a776372eb1560480fbfcb5ef9d918a7a1454f Author: Stef Walter Date: 2011-07-27 Reimplement and remove apache licensed bits of code. * Reimplement the various bits of the hash table that were still based on the apache apr code. Use different algorithms for hashing, lookup and other stuff. * Use this as an opportunity to cleanup that code and make it more legible. https://bugzilla.redhat.com/show_bug.cgi?id=725905 COPYING | 22 +- p11-kit/Makefile.am | 2 +- p11-kit/conf.c | 50 ++--- p11-kit/conf.h | 12 +- p11-kit/hash.c | 473 ------------------------------------------ p11-kit/hashmap.c | 372 +++++++++++++++++++++++++++++++++ p11-kit/{hash.h => hashmap.h} | 71 +++---- p11-kit/modules.c | 62 +++--- p11-kit/pin.c | 6 +- p11-kit/proxy.c | 8 +- tests/conf-test.c | 64 +++--- tests/hash-test.c | 158 +++++++------- 12 files changed, 578 insertions(+), 722 deletions(-) commit 3bb86b72ca5882b1e5684db837c75df810f283c3 Author: Stef Walter Date: 2011-07-21 Expand the various pkcs11 config paths properly. * Without this the ${prefix} part of the variable wasn't being expanded and was making it into the #define. configure.ac | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 4a3a1e0b8ad676f057e4fb141b4692987e8ce558 Author: Colin Walters Date: 2011-07-18 configure: Use $sysconfdir for p11_system_conf dir, not hardcoded /etc If the user specified sysconfdir, we should respect it. Don't hardcode /etc. This is important for jhbuild, which uses /path/to/builddir/etc. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 43cf13e1a25da76297cd3397569031d7c3fd3a09 Author: Stef Walter Date: 2011-07-19 Ignore some built files after recent changes. .gitignore | 2 ++ m4/{empty => .empty} | 0 2 files changed, 2 insertions(+) commit b59ab92e640e13d10484fffc74ed6a218930c6ab Author: Colin Walters Date: 2011-07-18 build: Make autogen.sh work * We were missing a call to gettextize, which is what copies in config.rpath * Delete ABOUT-NLS, it is copied in by gettextize * While we're here, take a page from gtk+'s autogen.sh and just use autoreconf, instead of specifying everything. * We need to always have an m4/ directory, so that gettextize works, so we make a dummy empty file * Apparently gettextize is totally insane, requiring user input etc. Copy in some hacks from Avahi's autogen.sh to work around this. .gitignore | 1 - ABOUT-NLS | 1281 ------------------------------------------------------------ autogen.sh | 17 +- m4/empty | 1 + 4 files changed, 12 insertions(+), 1288 deletions(-) commit 69dd8b722bcb1a76ff586e71c580f6844412abb9 Author: Stef Walter Date: 2011-07-12 pin: Fix uninitialized variable p11-kit/pin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 087a815b2b9cd5e0ec44866be1ddddb948583e88 Author: Stef Walter Date: 2011-07-07 Bump version number, and tweak upload procedure .gitignore | 1 + Makefile.am | 3 ++- configure.ac | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) commit e27e943b83401515b8b6acc1da705df6c56416e1 Author: Stef Walter Date: 2011-07-07 Release version 0.2 NEWS | 6 ++++++ configure.ac | 2 +- po/p11-kit.pot | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) commit 98ba6f9ffb95c5473e5e32d296956e91c4fc2715 Author: Stef Walter Date: 2011-07-06 List labels of all tokens in 'p11-kit -l' tools/p11-kit.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) commit 883b3ee76c686d14bbc1f20b0805d733a0c227ad Author: Stef Walter Date: 2011-07-06 More fine tuning of the pin APIs. doc/p11-kit-sections.txt | 1 + p11-kit/pin.c | 18 ++++++++++++++++-- p11-kit/pin.h | 4 +++- 3 files changed, 20 insertions(+), 3 deletions(-) commit 1ff1a4895b2d5ff5fe559b96034fb1c3855d4b45 Author: Stef Walter Date: 2011-06-24 Add documentation for PIN callbacks. doc/Makefile.am | 2 +- doc/p11-kit-docs.sgml | 1 + doc/p11-kit-sections.txt | 19 +++ p11-kit/pin.c | 328 +++++++++++++++++++++++++++++++++++++---------- p11-kit/pin.h | 4 +- tests/pin-test.c | 18 +-- 6 files changed, 295 insertions(+), 77 deletions(-) commit fd7dee836d0b14efc48bf59955c8a12a72561043 Author: Stef Walter Date: 2011-06-24 Add P11KitPin structure, which encapsulates a returned pin. * Lets us use variable size buffers. * Helps minimize copying. p11-kit/pin.c | 171 +++++++++++++++++++++++++++++++++++++++++++---- p11-kit/pin.h | 44 ++++++++---- tests/files/test-pinfile | 1 + tests/pin-test.c | 161 ++++++++++++++++++++++++++++++-------------- 4 files changed, 302 insertions(+), 75 deletions(-) commit 2cc2ab90a6b96ea75dfe4d6413e41539075e8f8a Author: Stef Walter Date: 2011-06-21 Rename p11_kit_pin_read_pinfile to p11_kit_pin_retrieve * Fix up duplicate register logic as well. p11-kit/pin.c | 13 +++++++------ p11-kit/pin.h | 4 ++-- tests/pin-test.c | 38 +++++++++++++++++++------------------- 3 files changed, 28 insertions(+), 27 deletions(-) commit f1ca5d5b57909534d8b21f9be455c94ca57e6636 Author: Stef Walter Date: 2011-06-20 Implement support for registering and calling pinfile callbacks * These are callbacks that hanlde the pinfile part of a PKCS#11 URI. * One library can register a callback that another can then call in a thread-safe and simple fashion. .gitignore | 2 + p11-kit/Makefile.am | 3 + p11-kit/pin.c | 332 +++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/pin.h | 85 +++++++++++++ p11-kit/ptr-array.c | 150 ++++++++++++++++++++++ p11-kit/ptr-array.h | 61 +++++++++ tests/Makefile.am | 12 +- tests/pin-test.c | 237 +++++++++++++++++++++++++++++++++++ tests/ptr-array-test.c | 259 ++++++++++++++++++++++++++++++++++++++ 9 files changed, 1140 insertions(+), 1 deletion(-) commit 0a793a9e462727f434f6283a712b37ab30df5e95 Author: Stef Walter Date: 2011-06-16 Fix logic error loading registered modules. Thanks to Richard Bellgrim. p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1b62f1b0856821d046ed92be076f9b9f8c664a9 Author: Stef Walter Date: 2011-06-09 Update pkcs11.h with PKCS#11 2.20 ammendments. p11-kit/pkcs11.h | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) commit 6d36c108a0f00f7485967b528b2a9f7c22173a5b Author: Stef Walter Date: 2011-06-09 Fixed typos and made options clearer. doc/p11-kit-config.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d941244aaf0cf142fee986eb914c2767f564dc14 Author: Stef Walter Date: 2011-06-09 By default use /etc/pkcs11 for system configs and not ${prefix} * Packagers can override this with the --with-pkcs11-dir configure arg. configure.ac | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) commit 4bb63ced295ddd64a019ae49cfae191524a34f07 Author: Stef Walter Date: 2011-06-09 Complete documentation for message functionality. doc/p11-kit-docs.sgml | 1 + doc/p11-kit-sections.txt | 6 ++++++ p11-kit/modules.c | 15 +++++++++++++++ p11-kit/util.c | 29 +++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) commit d6463e70eeb0ad3d93788a3e0f13e2007be54c50 Author: Stef Walter Date: 2011-06-09 Complete testing of global config files and directories. tests/conf-test.c | 262 +++++++++++++++++++++++++++++++++++ tests/files/system-modules/one | 3 + tests/files/system-modules/two | 3 + tests/files/test-system-invalid.conf | 3 + tests/files/test-system-merge.conf | 7 + tests/files/test-system-none.conf | 8 ++ tests/files/test-system-only.conf | 8 ++ tests/files/test-user-invalid.conf | 3 + tests/files/test-user-only.conf | 4 + tests/files/test-user.conf | 3 + tests/files/user-modules/one | 2 + tests/files/user-modules/three | 3 + 12 files changed, 309 insertions(+) commit 48a08272bfcc0153887b850b4ea82e8fb7d8f1ae Author: Stef Walter Date: 2011-06-09 Store last failure message per thread. * Add p11_kit_message() function to get last message. doc/p11-kit-config.xml | 2 +- p11-kit/Makefile.am | 3 +- p11-kit/conf.c | 22 +++++++------ p11-kit/modules.c | 46 +++++++++++++++++++------- p11-kit/p11-kit.h | 8 +++++ p11-kit/private.h | 6 ++-- p11-kit/util.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++--- tests/Makefile.am | 3 +- tests/conf-test.c | 13 ++++---- 9 files changed, 151 insertions(+), 39 deletions(-) commit 21333019a5afceb5f07637fb50b784a4ecd9f9ff Author: Stef Walter Date: 2011-06-08 Refactor configuration * Move configuration loading into conf.c * Have user modules with same name merge/override modules in system. p11-kit/Makefile.am | 2 +- p11-kit/conf.c | 429 +++++++++++++++++++++++++++++++++++++++++++++++----- p11-kit/conf.h | 24 ++- p11-kit/hash.c | 117 ++++++++------ p11-kit/hash.h | 10 +- p11-kit/modules.c | 366 ++++++++------------------------------------ p11-kit/private.h | 11 ++ p11-kit/util.c | 17 +++ tests/conf-test.c | 40 +++-- 9 files changed, 610 insertions(+), 406 deletions(-) commit 7c1edab7e6c1c6939ecdeaefc5f006772298f9eb Author: Stef Walter Date: 2011-06-08 Ignore files without a 'module' value. * Just skip loading these. p11-kit/modules.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit d6b8300fe9bae0595aaf894c5d98aa7c72209e38 Author: Stef Walter Date: 2011-06-07 Bump version number. configure.ac | 6 +++++- po/p11-kit.pot | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) commit 5b77fb058c43e6b0b631e1c7df41994cc41cd2ac Author: Stef Walter Date: 2011-06-07 Make target for uploading release. Makefile.am | 3 +++ 1 file changed, 3 insertions(+) commit bfac05a80d66668a617386e7fdf569b5eb381a93 Author: Stef Walter Date: 2011-06-07 Release version 0.1 p11-kit/Makefile.am | 3 +++ po/p11-kit.pot | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) commit cab38f1cb262e7922098fdb03c2c5828f5f003a1 Author: Stef Walter Date: 2011-06-07 Fix up documentation doc/p11-kit-sections.txt | 5 ++++- p11-kit/util.c | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) commit b9a8a140cf09780671402e872130a51ec4f4b014 Author: Stef Walter Date: 2011-06-07 Add p11_kit_space_strdup() function, and rename p11_kit_space_strlen() * Print out module info in p11-kit tool. p11-kit/p11-kit.h | 6 ++++++ p11-kit/uri.c | 15 ++------------- p11-kit/uri.h | 3 --- p11-kit/util.c | 34 ++++++++++++++++++++++++++++++++++ tools/p11-kit.c | 28 +++++++++++++++++++++++++++- 5 files changed, 69 insertions(+), 17 deletions(-) commit b315f99c90d01104d6baa91ca0f2cfb32c920abd Author: Stef Walter Date: 2011-06-07 Fix more memory errors and leaks in module code. p11-kit/modules.c | 16 ++++++++++++---- tools/p11-kit.c | 3 +++ 2 files changed, 15 insertions(+), 4 deletions(-) commit 7f5d2e9471872d8c1cf7181ba647c1dc74e2c6dd Author: Stef Walter Date: 2011-06-07 Free string output of conf-test tests/conf-test.c | 1 + 1 file changed, 1 insertion(+) commit fb8b8cada7bad73acf936c1dee2e7b1be64e3513 Author: Stef Walter Date: 2011-06-07 Fix URI parsing memory leaks. p11-kit/uri.c | 1 + tests/uri-test.c | 1 + 2 files changed, 2 insertions(+) commit 7c410200143b72a5976d228d75aab59f8b965fe9 Author: Stef Walter Date: 2011-06-07 Fix some hash leaks and bugs. p11-kit/hash.c | 20 ++++++++++++-------- tests/hash-test.c | 39 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 49 insertions(+), 10 deletions(-) commit 0f09803ba95bcdfebf4bde509b43b3ca52cd9d3f Author: Stef Walter Date: 2011-06-07 Fix compiler warnings. p11-kit/hash.c | 2 +- tests/uri-test.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit a5d3e34397d847a0c9b2e3aab7bd9f0b1080af05 Author: Stef Walter Date: 2011-06-07 Remove unstable API markers. p11-kit/Makefile.am | 3 --- p11-kit/p11-kit.h | 9 --------- p11-kit/uri.h | 9 --------- tests/Makefile.am | 3 +-- tools/Makefile.am | 3 +-- 5 files changed, 2 insertions(+), 25 deletions(-) commit edf0b9584f1038797758b4ed878e1d9f48beda9f Author: Stef Walter Date: 2011-06-06 Modernize autotools setup. .gitignore | 1 + configure.ac | 13 ++++++------- 2 files changed, 7 insertions(+), 7 deletions(-) commit 0bd6cf376133f300edff57835eb95f7577d68792 Author: Stef Walter Date: 2011-05-30 Clear correct block of memory in p11_kit_uri_parse(). p11-kit/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6f1e963901ca7aff7af6bec376af00f892cbb9ca Author: Stef Walter Date: 2011-05-30 GNU style definitions in uri.h as well as normal. p11-kit/uri.h | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit 82ca953733a651216125608d5ca7f9aa8005095e Author: Stef Walter Date: 2011-05-30 Cleanup URI types * Support with/without library version. * Make names of types clearer. p11-kit/uri.c | 63 ++++++++++++++++++++++++++++++------------ p11-kit/uri.h | 18 +++++++++--- tests/uri-test.c | 84 ++++++++++++++++++++++++++++---------------------------- 3 files changed, 101 insertions(+), 64 deletions(-) commit e19300129d3fe21c9e3af1a7f95ccf3eb5315199 Author: Stef Walter Date: 2011-05-30 Set the return value properly in p11_kit_load_initialize_module() p11-kit/modules.c | 3 +++ 1 file changed, 3 insertions(+) commit b3b68fcb1d3fc4958acc6f6528fb88e7c87b7512 Author: Stef Walter Date: 2011-05-30 Add function p11_kit_uri_space_strlen() for figuring out the length of space terminated strings. doc/p11-kit-sections.txt | 1 + p11-kit/uri.c | 6 +++--- p11-kit/uri.h | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) commit 2aa964160a1615077db18b03a6c72c286c27791f Author: Stef Walter Date: 2011-05-30 Allow use with CRYPTOKI_GNU style use of PKCS#11 doc/p11-kit-sections.txt | 10 +++++++++- p11-kit/p11-kit.h | 11 ++++++++++- p11-kit/uri.c | 2 +- p11-kit/uri.h | 14 +++++++++++++- 4 files changed, 33 insertions(+), 4 deletions(-) commit cfeaf3de3d745d457feaba48c532d7a384d67341 Author: Stef Walter Date: 2011-05-27 Add p11_kit_load_initialize_module() function. * This function will load a module from a file path, and then initialize it. doc/p11-kit-sections.txt | 1 + p11-kit/modules.c | 167 ++++++++++++++++++++++++++++++++++++++++------- p11-kit/p11-kit.h | 3 + 3 files changed, 147 insertions(+), 24 deletions(-) commit f03252bf032b04ed7a5b98ea52e3c75d84dc0812 Author: Stef Walter Date: 2011-05-27 Rename module arguments from 'funcs' to 'module' p11-kit/modules.c | 244 +++++++++++++++++++++++++++--------------------------- p11-kit/p11-kit.h | 8 +- 2 files changed, 126 insertions(+), 126 deletions(-) commit 5d697e5ff8e3222bdb67d0ce8444b0323eeaba69 Author: Stef Walter Date: 2011-05-27 Fix up documentation doc/p11-kit-sections.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit a2fbdb1a3cd9d137010182be43fdf4ff8491dd9f Author: Stef Walter Date: 2011-05-27 Fix problems with 'make distcheck' Makefile.am | 4 ++++ doc/Makefile.am | 3 ++- gtk-doc.make | 9 +++++---- tests/Makefile.am | 8 ++++++-- 4 files changed, 17 insertions(+), 7 deletions(-) commit ad14c9c4c1345fe01336fc0d5bfccd3fca248ce1 Author: Stef Walter Date: 2011-05-27 Fix uninitialized variable problem. p11-kit/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bdd6188e299405e16179906bc79f9fef2605176a Author: Stef Walter Date: 2011-05-27 Change around installation of headers, pkg-config, and file names * Install headers to ${prefix}/include/p11-kit-1/p11-kit/ * This solves problems with other projects that have their own pkcs11.h files. * Change the pkg-config file name to p11-kit-1.pc * Change the source file names. .gitignore | 6 +- configure.ac | 4 +- doc/Makefile.am | 4 +- p11-kit/Makefile.am | 18 ++-- p11-kit/debug.h | 4 +- p11-kit/{p11-kit-messages.c => messages.c} | 0 p11-kit/{p11-kit-lib.c => modules.c} | 2 +- p11-kit/{p11-kit.pc.in => p11-kit-1.pc.in} | 2 +- p11-kit/p11-kit.h | 2 +- p11-kit/p11-kit.pc | 17 --- p11-kit/{p11-kit-private.h => private.h} | 0 p11-kit/{p11-kit-proxy.c => proxy.c} | 2 +- p11-kit/{p11-kit-uri.c => uri.c} | 2 +- p11-kit/{p11-kit-uri.h => uri.h} | 2 +- po/POTFILES.in | 2 +- po/p11-kit.pot | 164 ++++++++++++++--------------- tests/uri-test.c | 2 +- 17 files changed, 110 insertions(+), 123 deletions(-) commit 92f821b6883e700a97a18d244104dea1031f2dce Author: Stef Walter Date: 2011-05-26 Add functions for clearing and setting multiple attributes on URI. p11-kit/p11-kit-uri.c | 75 ++++++++++++++++++++++++++++++++++++--------------- p11-kit/p11-kit-uri.h | 12 ++++++--- tests/uri-test.c | 41 +++++++++++++++++++++++++--- 3 files changed, 100 insertions(+), 28 deletions(-) commit c37d5dfaf0c2a5e70066fd1c9606b00329c3622a Author: Stef Walter Date: 2011-05-26 Return proper errors when NULL is passed to mutex functions. p11-kit/p11-kit-lib.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 0542a87afdacd2c53da5d453b1d23e8a0dd91ea4 Author: Stef Walter Date: 2011-05-26 URI API fine tuning * Rework API for getting all the attributes, to match usage in PKCS#11 * Add support for pinfile argument in URIs. * Complete tests. p11-kit/p11-kit-uri.c | 365 ++++++++++++++++++++++++++++++-------------------- p11-kit/p11-kit-uri.h | 9 +- tests/uri-test.c | 103 ++++++++++++++ 3 files changed, 328 insertions(+), 149 deletions(-) commit 7c2a8a5b3ad134b6e3093761d617936dcbd21adf Author: Stef Walter Date: 2011-05-25 Add p11_kit_uri_message() function. Gets messages for p11-kit error codes. p11-kit/debug.c | 1 + p11-kit/debug.h | 3 ++- p11-kit/p11-kit-uri.c | 38 ++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-uri.h | 2 ++ 4 files changed, 43 insertions(+), 1 deletion(-) commit a01f4351e34fee946d1ffb81baa31a756e2851be Author: Stef Walter Date: 2011-05-24 Fix null pointer dereference. p11-kit/p11-kit-lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e16a0a7183bd7c400ea3df12ad6ee1155a17634c Author: Stef Walter Date: 2011-04-05 Fix lots of bugs and add more debugging statements. p11-kit/conf.c | 3 ++- p11-kit/p11-kit-lib.c | 51 +++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 11 deletions(-) commit 4d7cf526a352d7c9a02d05a308eef937b1a8987d Author: Stef Walter Date: 2011-04-05 Add basic tool for p11-kit. List modules: $ p11-kit -l .gitignore | 2 + Makefile.am | 1 + configure.ac | 1 + tools/Makefile.am | 12 ++++++ tools/p11-kit.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 137 insertions(+) commit 6078d6d73bc2eb1dbf2283b37d9507297fefba9d Author: Stef Walter Date: 2011-04-05 Add support for debug tracing. Use P11_KIT_DEBUG=xxx environment variable to enable tracing. Must have been built without --disable-debug option. P11_KIT_DEBUG can (at this point) be one of these values: all help conf lib .gitignore | 1 + configure.ac | 23 ++++++--- doc/Makefile.am | 2 +- p11-kit/Makefile.am | 1 + p11-kit/conf.c | 7 +++ p11-kit/debug.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/debug.h | 93 ++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-lib.c | 17 ++++++- 8 files changed, 272 insertions(+), 8 deletions(-) commit aada8e3d41c3be7cdc7e0994c7dff7c307fbbe7f Author: Stef Walter Date: 2011-04-01 Fix up copyright lines. p11-kit/conf.c | 4 ++-- p11-kit/conf.h | 4 ++-- p11-kit/hash.c | 4 ++-- p11-kit/hash.h | 4 ++-- p11-kit/p11-kit-lib.c | 2 +- p11-kit/p11-kit-private.h | 2 +- p11-kit/p11-kit-proxy.c | 2 +- p11-kit/p11-kit-uri.h | 2 +- p11-kit/p11-kit.h | 2 +- p11-kit/util.c | 1 - p11-kit/util.h | 1 - 11 files changed, 13 insertions(+), 15 deletions(-) commit 579d40eff31c7a17cc4e4f07d26c6189619fee31 Author: Stef Walter Date: 2011-03-31 Add C++ header guards, and require API instability acknowledgement. p11-kit/Makefile.am | 3 +++ p11-kit/p11-kit-uri.h | 23 ++++++++++++++++++++--- p11-kit/p11-kit.h | 17 +++++++++++++++++ tests/Makefile.am | 3 ++- 4 files changed, 42 insertions(+), 4 deletions(-) commit cf988aa7858d249887ea0818301c7211bb3cab38 Author: Stef Walter Date: 2011-03-31 Support setting of CK_C_INITIALIZE_ARGS.pReserved to string. This is a naughty little thing that a lot of PKCS#11 modules require to be properly initialized. So we support setting pReserved to a string that is in the config under the 'x-init-reserved' parameter. p11-kit/p11-kit-lib.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 540a00501ba682b420b143480d5864335cad6c71 Author: Stef Walter Date: 2011-03-31 Give reference chapter an explicit id. doc/p11-kit-docs.sgml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 52dab5cd52b19352e9f29b16c686fc545d2aadf1 Author: Stef Walter Date: 2011-03-31 Add make target for uploading docs. Makefile.am | 6 ++++++ 1 file changed, 6 insertions(+) commit a0ef9771b882bf2dc5bd56fcc6bcfdf47ed90feb Author: Stef Walter Date: 2011-03-31 Mix in other documentation. doc/Makefile.am | 2 +- doc/p11-kit-config.xml | 10 ++++++---- doc/p11-kit-docs.sgml | 12 ++++++++---- ...p11-kit-multiple-problem.xml => p11-kit-sharing.xml} | 0 doc/style.css | 17 ++++++++++------- 5 files changed, 25 insertions(+), 16 deletions(-) commit ca1d8a09e05444de07a1ad722b57f5dcae042892 Author: Stef Walter Date: 2011-03-31 Fix up styling and tweaks. doc/style.css | 24 +++++++++++++++++------- p11-kit/p11-kit-messages.c | 4 ++-- 2 files changed, 19 insertions(+), 9 deletions(-) commit 17ebc007ed0376bdea50294201a637be982d68b7 Author: Stef Walter Date: 2011-03-31 Fix up styling of documentation. doc/p11-kit-docs.sgml | 2 +- doc/style.css | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++ gtk-doc.make | 4 ++- 3 files changed, 74 insertions(+), 2 deletions(-) commit 479cbd55ee5739d3cd2566379575451dbecf4c54 Author: Stef Walter Date: 2011-03-31 Documentation and API cleanup. * Rename source directory * More consistent with return values from URI functions. * Allow formatting URI to take a uri type. .gitignore | 17 ++ Makefile.am | 6 +- configure.ac | 17 +- doc/Makefile.am | 80 ++++++-- doc/p11-kit-docs.sgml | 24 +++ doc/p11-kit-overrides.txt | 0 doc/p11-kit-sections.txt | 40 ++++ doc/version.xml.in | 1 + gtk-doc.make | 230 +++++++++++++++++++++ {module => p11-kit}/Makefile.am | 1 - {module => p11-kit}/conf.c | 0 {module => p11-kit}/conf.h | 0 {module => p11-kit}/hash.c | 1 - {module => p11-kit}/hash.h | 0 {module => p11-kit}/p11-kit-lib.c | 103 +++++++--- {module => p11-kit}/p11-kit-messages.c | 16 +- {module => p11-kit}/p11-kit-private.h | 0 {module => p11-kit}/p11-kit-proxy.c | 0 {module => p11-kit}/p11-kit-uri.c | 360 +++++++++++++++++++++++++++------ {module => p11-kit}/p11-kit-uri.h | 25 +-- {module => p11-kit}/p11-kit.h | 0 p11-kit/p11-kit.pc | 17 ++ {module => p11-kit}/p11-kit.pc.in | 0 {module => p11-kit}/pkcs11.h | 0 {module => p11-kit}/util.c | 0 {module => p11-kit}/util.h | 0 tests/Makefile.am | 8 +- tests/uri-test.c | 82 ++++---- 28 files changed, 857 insertions(+), 171 deletions(-) commit 6132cd99c39739ef5360e41e92f22d287007577e Author: Stef Walter Date: 2011-03-31 WIP module/p11-kit-lib.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++ module/p11-kit-uri.c | 43 +++++++++++++++++++ 2 files changed, 162 insertions(+) commit c45d9df39035dee8a3fff610d98ac3b4c245f1dc Author: Stef Walter Date: 2011-03-31 Fix for previous commit. Actually use the alloc_module_unlocked() function. module/p11-kit-lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9985957799fd7142125f1d2dd0fae4366ec83f32 Author: Stef Walter Date: 2011-03-31 Custom initialization and finalization arguments cannot be supported. When multiple consumers are using a PKCS#11 module, initialization (and finalization) arguments cannot be supported. The first one calling would win out, and the others would get unexpected behavior. module/p11-kit-lib.c | 193 ++++++++++++++++++++++++----------------------- module/p11-kit-private.h | 4 +- module/p11-kit-proxy.c | 4 +- module/p11-kit.h | 6 +- 4 files changed, 104 insertions(+), 103 deletions(-) commit 1104f03d9b34cc659838124e00ac864c35af4f82 Author: Stef Walter Date: 2011-03-03 Add info and copyright. doc/p11-kit.xml | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) commit d05a04968e07f6a2084ceb747938dc7cc049cb5f Author: Stef Walter Date: 2011-03-03 The start of some documentation. .gitignore | 2 + Makefile.am | 2 +- configure.ac | 1 + doc/Makefile.am | 22 ++++++++ doc/docbook-params.xsl | 39 +++++++++++++ doc/p11-kit-config.xml | 119 +++++++++++++++++++++++++++++++++++++++ doc/p11-kit-multiple-problem.xml | 92 ++++++++++++++++++++++++++++++ doc/p11-kit.xml | 11 ++++ 8 files changed, 287 insertions(+), 1 deletion(-) commit 25cbc9b3293f2c6df38bd0528b89101e5e547321 Author: Stef Walter Date: 2011-02-21 Add uri function for listing which attribute types are present. module/p11-kit-uri.c | 24 +++++++++++++++++++++++- module/p11-kit-uri.h | 3 +++ 2 files changed, 26 insertions(+), 1 deletion(-) commit ff7db14f0acae463165377f2d4b999e566298b40 Author: Stef Walter Date: 2011-02-21 Fix bug where we try to dlclose() modules we didn't load. module/p11-kit-lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1d9ca2ddb4df85b7235ec78e4996cf2d1fd775a2 Author: Stef Walter Date: 2011-02-19 Reference implementation of PKCS#11 URIs .gitignore | 1 + module/Makefile.am | 3 + module/p11-kit-proxy.c | 14 +- module/p11-kit-uri.c | 886 ++++++++++++++++++++++++++++++++++++++++ module/p11-kit-uri.h | 101 +++++ module/p11-kit.h | 2 + module/util.c | 51 +++ module/util.h | 45 +++ tests/Makefile.am | 7 +- tests/uri-test.c | 1050 ++++++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 2146 insertions(+), 14 deletions(-) commit 65509aa3a7c35d8bd5a947ca87c14d4de11deb21 Author: Stef Walter Date: 2011-02-18 Add p11_kit_strerror() method and internationalization. .gitignore | 5 + ABOUT-NLS | 1281 +++++++++++++++++++++++++++++++++++++++++++++ Makefile.am | 4 +- configure.ac | 4 + module/Makefile.am | 14 +- module/p11-kit-lib.c | 4 +- module/p11-kit-messages.c | 234 +++++++++ module/p11-kit.h | 2 + po/Makefile.in.in | 444 ++++++++++++++++ po/Makevars | 41 ++ po/POTFILES.in | 2 + po/Rules-quot | 47 ++ po/boldquot.sed | 10 + po/en@boldquot.header | 25 + po/en@quot.header | 22 + po/insert-header.sin | 23 + po/p11-kit.pot | 342 ++++++++++++ po/quot.sed | 6 + po/remove-potcdate.sin | 19 + 19 files changed, 2523 insertions(+), 6 deletions(-) commit 5cc83571c3e0e212f4d84b05bb15088409d9c752 Author: Stef Walter Date: 2011-02-17 Properly read user-config setting. * Unless the system 'user-config' setting is 'none' we allow the user to override or merge all settings, including the 'user-config' setting. module/p11-kit-lib.c | 187 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 146 insertions(+), 41 deletions(-) commit 80fe1806941d555433f3a1c97ab116dd281041e0 Author: Stef Walter Date: 2011-02-17 Add a proper pkg-config file. .gitignore | 2 ++ configure.ac | 25 ++++++++++++++----------- module/Makefile.am | 10 +++++----- module/p11-kit.pc.in | 17 +++++++++++++++++ 4 files changed, 38 insertions(+), 16 deletions(-) commit c03b1023835887569315fbec6295be3cc0f4cf42 Author: Stef Walter Date: 2011-02-17 Only allow colon between name and value. module/conf.c | 4 ++-- tests/files/test-1.conf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 14dfb79ca65dd80e117103c4f8852ae2b4a419a0 Author: Stef Walter Date: 2011-01-30 Configuration tests. .gitignore | 1 + module/conf.c | 25 ++++++---- module/conf.h | 6 +-- module/p11-kit-lib.c | 8 ++-- tests/Makefile.am | 13 ++++-- tests/conf-test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/files/test-1.conf | 6 +++ 7 files changed, 158 insertions(+), 22 deletions(-) commit 4375e297b19bc2177e17cc5616e75d96be053328 Author: Stef Walter Date: 2011-01-26 Add testing and start testing hash table functionality. .gitignore | 8 + Makefile.am | 12 +- configure.ac | 42 ++++++ module/Makefile.am | 16 +- module/hash.c | 15 ++ module/hash.h | 5 + tests/Makefile.am | 17 +++ tests/cutest/CuTest.c | 339 ++++++++++++++++++++++++++++++++++++++++++ tests/cutest/CuTest.h | 116 +++++++++++++++ tests/cutest/README.txt | 211 ++++++++++++++++++++++++++ tests/cutest/license.txt | 38 +++++ tests/hash-test.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++ 12 files changed, 1191 insertions(+), 5 deletions(-) commit f8009b4d504de0ed752b867893acd263108409e0 Author: Stef Walter Date: 2011-01-24 Reinitialize modules after fork(). module/p11-kit-lib.c | 51 ++++++++++++++++++++++++++++++++++++++++++++---- module/p11-kit-private.h | 1 + module/p11-kit-proxy.c | 18 +++++++++++++++++ 3 files changed, 66 insertions(+), 4 deletions(-) commit b2b0acbc5789823a33de9eabec10e2b8656f3632 Author: Stef Walter Date: 2011-01-24 Initial implementation with new config system. configure.ac | 3 +- module/Makefile.am | 10 +- module/conf.c | 240 ++++++++++ module/conf.h | 51 +++ module/hash.c | 512 +++++++++++---------- module/hash.h | 110 +++-- module/p11-kit-lib.c | 810 ++++++++++++++++++++++++++++++++++ module/p11-kit-private.h | 51 +++ module/{p11-kit.c => p11-kit-proxy.c} | 696 ++--------------------------- module/p11-kit.h | 12 +- 10 files changed, 1558 insertions(+), 937 deletions(-) commit 5a53e44a73d4fb62483e890fe348ea40d27ef573 Author: Stef Walter Date: 2011-01-24 Rename to p11-kit. A less pretentios, better description of what's going on. ChangeLog | 2 +- configure.ac | 4 +- module/Makefile.am | 8 +- module/{p11-unity.c => p11-kit.c} | 312 +++++++++++++++++++------------------- module/{p11-unity.h => p11-kit.h} | 28 ++-- 5 files changed, 177 insertions(+), 177 deletions(-) commit 492c2ff7c191e5df75140a47e4e43fa25fd16023 Author: Stef Walter Date: 2011-01-22 Rework public library API so that we can initialize arbitrary modules. module/p11-unity.c | 752 ++++++++++++++++++++++++++++++++++------------------- module/p11-unity.h | 21 +- 2 files changed, 502 insertions(+), 271 deletions(-) commit c2a5aaf7baf4bcc006674a1938205f93028b8ab0 Author: Stef Walter Date: 2011-01-22 Rough idea of possible library functions. configure.ac | 5 +- module/p11-unity.c | 307 ++++++++++++++++++++++++++++++++++++++++++++--------- module/p11-unity.h | 56 ++++++++++ 3 files changed, 314 insertions(+), 54 deletions(-) commit a50ba779ff3e0a5d4f35fb2b6ab525a423575cc4 Author: Stef Walter Date: 2011-01-20 Initial implementation of p11-unity .gitignore | 31 ++ AUTHORS | 1 + COPYING | 47 ++ ChangeLog | 31 ++ Makefile.am | 18 + NEWS | 2 + README | 1 + autogen.sh | 21 + configure.ac | 90 +++ module/Makefile.am | 18 + module/hash.c | 400 ++++++++++++++ module/hash.h | 158 ++++++ module/p11-unity.c | 1543 ++++++++++++++++++++++++++++++++++++++++++++++++++++ module/pkcs11.h | 1357 +++++++++++++++++++++++++++++++++++++++++++++ 14 files changed, 3718 insertions(+)