Stef Walter [Tue, 16 Jul 2013 20:43:37 +0000 (22:43 +0200)]
open files with O_CLOEXEC when possible
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
Stef Walter [Tue, 16 Jul 2013 19:20:44 +0000 (21:20 +0200)]
buffer: Check for unlikely integer overflow
If we see an integer overflow here something has gone horribly wrong
(or malicious code is present). So treat this as unrecoverable, and
fail if we're going to overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=985019
Stef Walter [Tue, 16 Jul 2013 16:38:24 +0000 (18:38 +0200)]
Make preconditions abort unconditionally when scanning with coverity
This reflects that preconditions are invalid/unreachable on a
functioning system and with valid input. We do not try to recover
from such conditions.
In addition teach coverity about how our test suite fails
See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html
https://bugzilla.redhat.com/show_bug.cgi?id=985005
Stef Walter [Tue, 16 Jul 2013 15:18:02 +0000 (17:18 +0200)]
iter: Document guarantees for filter matches argumet
The matches argument is always initialized to CK_TRUE when a filter
is called, and it's up to filters to set it to CK_FALSE. Filters
don't need to set to CK_TRUE.
https://bugzilla.redhat.com/show_bug.cgi?id=985009
Stef Walter [Wed, 17 Jul 2013 13:53:33 +0000 (15:53 +0200)]
Fixes for some recent win32 regressions
Stef Walter [Tue, 16 Jul 2013 15:14:56 +0000 (17:14 +0200)]
Remove erroneous comments about readdir() and thread-safety
https://bugzilla.redhat.com/show_bug.cgi?id=984989
Stef Walter [Wed, 10 Jul 2013 13:22:00 +0000 (15:22 +0200)]
Build with -fno-common to catch definition problems
Fix some global variables not declared as extern
https://bugs.freedesktop.org/show_bug.cgi?id=66015
Stef Walter [Wed, 10 Jul 2013 13:14:06 +0000 (15:14 +0200)]
Various documentation tweaks and fixes for warnings
Stef Walter [Wed, 10 Jul 2013 12:28:15 +0000 (14:28 +0200)]
Add support for using freebl3 for SHA1 and MD5 hashing
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
Stef Walter [Tue, 9 Jul 2013 10:24:40 +0000 (12:24 +0200)]
trust: Fix the 'p11-kit extract' command
This is supposed to call over to 'trust extract' and wasn't
working correctly.
Stef Walter [Mon, 8 Jul 2013 17:01:24 +0000 (19:01 +0200)]
trust: Fix bug with load validation failures
Stef Walter [Mon, 8 Jul 2013 16:41:33 +0000 (18:41 +0200)]
trust: Add a basic 'anchor' command to store a new anchor
Stef Walter [Mon, 8 Jul 2013 16:38:38 +0000 (18:38 +0200)]
trust: Fix various issues writing objects in trust token
* Create directory before trying to write files to it
* Handle write failures appropriately
Refactor how we build and store objects in the index to handle
the above cases properly.
Stef Walter [Mon, 8 Jul 2013 16:31:47 +0000 (18:31 +0200)]
trust: Mark CKA_X_DISTRUSTED as a boolean attribute
Stef Walter [Mon, 8 Jul 2013 16:30:16 +0000 (18:30 +0200)]
trust: Support token directory paths in user's home directory
Stef Walter [Mon, 8 Jul 2013 14:56:40 +0000 (16:56 +0200)]
trust: Explicitly specify which formats parser should parse
Stef Walter [Mon, 8 Jul 2013 14:36:50 +0000 (16:36 +0200)]
trust: Support using the parser without an asn1_cache
Stef Walter [Mon, 8 Jul 2013 14:30:52 +0000 (16:30 +0200)]
asn1: In p11_asn1_read() allocate an extra null terminator
As a courtesy for callers.
Stef Walter [Mon, 8 Jul 2013 14:28:48 +0000 (16:28 +0200)]
common: Fix typo, and don't escape '6' in URL encoding
Stef Walter [Thu, 4 Jul 2013 19:49:57 +0000 (21:49 +0200)]
p11-kit: Add P11_KIT_MODULE_TRUSTED flag
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
Stef Walter [Thu, 4 Jul 2013 13:48:38 +0000 (15:48 +0200)]
trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
Stef Walter [Thu, 4 Jul 2013 13:43:26 +0000 (15:43 +0200)]
trust: Add p11_oid_hash() and various oid strings
Stef Walter [Thu, 4 Jul 2013 13:37:34 +0000 (15:37 +0200)]
trust: Add p11_asn1_read() and p11_asn1_free() functions
Some helpers for commonly used ASN.1 related stuff.
Stef Walter [Wed, 3 Jul 2013 10:47:14 +0000 (12:47 +0200)]
trust: Initial support for writing out token objects
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
Stef Walter [Wed, 3 Jul 2013 10:46:41 +0000 (12:46 +0200)]
trust: If token path is a file, don't try loading subdirectories
Stef Walter [Wed, 3 Jul 2013 10:45:11 +0000 (12:45 +0200)]
trust: Correctly handle persisting OIDs with zero length
Stef Walter [Wed, 3 Jul 2013 10:44:23 +0000 (12:44 +0200)]
trust: Don't write out internal attributes when persisting
Stef Walter [Wed, 3 Jul 2013 08:45:50 +0000 (10:45 +0200)]
trust: Add support for saving files with unique file names
Stef Walter [Wed, 3 Jul 2013 08:38:19 +0000 (10:38 +0200)]
path: Add p11_path_canon() function
Cleans up a filename with readable characters.
Stef Walter [Fri, 28 Jun 2013 15:19:22 +0000 (17:19 +0200)]
trust: Rename p11_index_batch() to p11_index_load()
The name makes it clearer what's going on. This is only used
during loading, so we can track whether a change has resulted
from the trust module or from the file storage.
Stef Walter [Fri, 28 Jun 2013 11:27:42 +0000 (13:27 +0200)]
trust: Implement reloading of token data
* Reload token data whenever a new session is opened.
* Only reload files/directories that have changed.
* Move duplicate anchor/blacklist detection logic into
the extract code. This is in line with the approach
being discussed on the mailing lists and spec document.
* New internal attribute CKA_X_ORIGIN set on all objects
so we can track where an object came from, and replace
it when reloaded.
In general this is a prerequisite for modification of objects
reload before modify is necessary to prevent multiple callers
clobbering each other's changes.
Stef Walter [Fri, 28 Jun 2013 11:00:02 +0000 (13:00 +0200)]
iter: Add iteration mode where session is not busy
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
Stef Walter [Fri, 28 Jun 2013 10:51:30 +0000 (12:51 +0200)]
path: Add p11_path_prefix() function
Checks if a wellformed path is identical to or a prefix
of another path.
Stef Walter [Wed, 26 Jun 2013 11:16:42 +0000 (13:16 +0200)]
trust: Implement validation for creating/modifying objects
Stef Walter [Tue, 25 Jun 2013 12:43:02 +0000 (14:43 +0200)]
Fix dependency between p11-kit command and library
Stef Walter [Tue, 25 Jun 2013 11:30:17 +0000 (13:30 +0200)]
Fix running trust module tests under distcheck
Stef Walter [Mon, 24 Jun 2013 11:34:30 +0000 (13:34 +0200)]
Reorganize various components
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
Stef Walter [Mon, 17 Jun 2013 19:57:25 +0000 (21:57 +0200)]
Merge branch 'stable'
Stef Walter [Fri, 14 Jun 2013 20:00:42 +0000 (22:00 +0200)]
trust: Writable module PKCS#11 token functions
Although we don't actually write anything out yet, make the
various PKCS#11 functions behave properly when faced with
requests to write to token objects
Stef Walter [Mon, 17 Jun 2013 12:51:49 +0000 (14:51 +0200)]
trust: Move the extract-trust external placeholder command into trust/
Stef Walter [Mon, 17 Jun 2013 12:46:03 +0000 (14:46 +0200)]
trust: Print out usage when extract-trust run incorrectly
Also sorta covers --help and -h usage
Stef Walter [Mon, 17 Jun 2013 12:45:36 +0000 (14:45 +0200)]
tools: Fix passing args to external commands
There were various bugs passing arguments, with duplicates being
passed, as well as certain arguments being skipped.t
Stef Walter [Mon, 17 Jun 2013 12:36:37 +0000 (14:36 +0200)]
tools: Only use our private path when looking for external commands
Instead of looking for external commands in the path, just look
for them in our private directory.
We want to be conservative early on, and limit what sorta things
we have to maintain later. We can later remove this restriction
if a real use case presents itself.
Stef Walter [Fri, 14 Jun 2013 11:02:22 +0000 (13:02 +0200)]
trust: Correctly reflect the CK_TOKEN_INFO writability flags
Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths
which we will be able to write to.
Stef Walter [Fri, 14 Jun 2013 10:53:15 +0000 (12:53 +0200)]
path: Add p11_path_parent() function
Gets the parent element of the path, removing the last component.
Handles trailing and duplicate path separators correctly.
Stef Walter [Fri, 14 Jun 2013 10:49:34 +0000 (12:49 +0200)]
path: Fix expanding of paths and tests
Stef Walter [Thu, 13 Jun 2013 15:39:44 +0000 (17:39 +0200)]
common: Abort test cases when one fails
Stef Walter [Wed, 5 Jun 2013 20:01:31 +0000 (22:01 +0200)]
Merge branch 'stable'
Stef Walter [Wed, 5 Jun 2013 11:24:43 +0000 (13:24 +0200)]
Release version 0.18.3
Stef Walter [Wed, 5 Jun 2013 08:03:41 +0000 (10:03 +0200)]
trust: Fix crash when C_Initialize args are NULL
https://bugs.freedesktop.org/show_bug.cgi?id=65401
Stef Walter [Wed, 5 Jun 2013 08:41:19 +0000 (10:41 +0200)]
trust: Fix reinitialization of trust module
Track number of C_Initialize calls, and require similar number
of C_Finalize calls to finalize.
This fixes leaks/disappearing sessions in the trust module.
https://bugs.freedesktop.org/show_bug.cgi?id=65401
manphiz@gmail.com [Wed, 24 Apr 2013 01:01:00 +0000 (01:01 +0000)]
Fix uninitialized p11_library_once
https://bugs.freedesktop.org/show_bug.cgi?id=57714
Stef Walter [Fri, 5 Apr 2013 17:17:25 +0000 (19:17 +0200)]
Force Mac OS shared library extension to .so
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
manphiz@gmail.com [Wed, 24 Apr 2013 01:01:00 +0000 (01:01 +0000)]
Fix uninitialized p11_library_once
https://bugs.freedesktop.org/show_bug.cgi?id=57714
Stef Walter [Fri, 5 Apr 2013 17:17:25 +0000 (19:17 +0200)]
Force Mac OS shared library extension to .so
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
Stef Walter [Tue, 21 May 2013 19:46:27 +0000 (21:46 +0200)]
persist: Support for writing out p11-kit persist files
Stef Walter [Tue, 21 May 2013 19:44:22 +0000 (21:44 +0200)]
constants: Tweaks and add mechanisms
Stef Walter [Tue, 21 May 2013 15:33:22 +0000 (17:33 +0200)]
pem: Write PEM data directly to a buffer
Stef Walter [Tue, 21 May 2013 14:41:09 +0000 (16:41 +0200)]
url: Encode directly to a buffer
Stef Walter [Mon, 27 May 2013 08:36:23 +0000 (10:36 +0200)]
Release version 0.19.1
Stef Walter [Tue, 21 May 2013 10:38:14 +0000 (12:38 +0200)]
Mark p11_kit_message() as a stable function
Stef Walter [Tue, 21 May 2013 10:37:14 +0000 (12:37 +0200)]
Fix building of applications using CRYPTOKI_GNU style
Stef Walter [Tue, 21 May 2013 09:35:07 +0000 (11:35 +0200)]
Bump the version for deprecated function documentation
Stef Walter [Tue, 9 Apr 2013 06:34:44 +0000 (08:34 +0200)]
Fix up Makefile.am files for automake 1.13 warnings
Stef Walter [Fri, 5 Apr 2013 21:52:39 +0000 (23:52 +0200)]
Our own unit testing framework
* Support the TAP protocol
* Much cleaner without having to carry around state
* First class support for setup/teardown
* Port the common tests
* Wait on porting other tests until we've merged outstanding code
Stef Walter [Sat, 6 Apr 2013 14:42:01 +0000 (16:42 +0200)]
Further reorganization of the core module tracking
* Keep the module ownership apart from the tracking of module
function pointers, since these are only relevant for unmanaged
modules.
* Less assumptions that each module has a raw unmanaged module
function pointer.
* More clarity in the naming of dictionaries tracking the modules.
Stef Walter [Sun, 7 Apr 2013 17:39:22 +0000 (19:39 +0200)]
Pull the argv parsing code into its own file
So it can be used from multiple code paths
Stef Walter [Sat, 6 Apr 2013 14:41:08 +0000 (16:41 +0200)]
Support /xxx/yyy as an absolute path with Win32
Because win32 code doesn't just run on windows, wine runs
with unix style paths.
Stef Walter [Tue, 21 May 2013 08:50:53 +0000 (10:50 +0200)]
Bump the version number to unstable
Stef Walter [Tue, 19 Feb 2013 13:05:34 +0000 (14:05 +0100)]
Add the log-calls module config option
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
Stef Walter [Tue, 19 Feb 2013 12:51:32 +0000 (13:51 +0100)]
Manage C_CloseAllSessions function for multiple callers
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
Stef Walter [Fri, 15 Feb 2013 20:34:20 +0000 (21:34 +0100)]
Update the proxy module to use managed PKCS#11 modules
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
Stef Walter [Wed, 6 Feb 2013 20:57:45 +0000 (21:57 +0100)]
p11-kit: Managed PKCS#11 module loading
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
Stef Walter [Thu, 10 Jan 2013 15:51:31 +0000 (16:51 +0100)]
Use libffi to implement mixins for managed code
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
Stef Walter [Thu, 14 Feb 2013 14:41:45 +0000 (15:41 +0100)]
Add subclassable CK_X_FUNCTION_LIST
One of the flaws in PKCS#11 for our usage is that each PKCS#11 module
is not passed the pointer to the function list, ie: the vtable
Here we define a new function list vtable, where each PKCS#11 function
takes the vtable itself as the first argument. We use this new
list internally to represent subclassable PKCS#11 modules for
various features.
Stef Walter [Wed, 15 May 2013 09:52:52 +0000 (11:52 +0200)]
Fail early when running automaint.sh
Stef Walter [Wed, 15 May 2013 09:51:22 +0000 (11:51 +0200)]
Implement valgrind's hellgrind checks for threading problems
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
Stef Walter [Tue, 14 May 2013 09:29:25 +0000 (11:29 +0200)]
Release version 0.18.2
manphiz@gmail.com [Thu, 9 May 2013 05:40:00 +0000 (05:40 +0000)]
Patch to make test-lexer depend on ASN.1
https://bugs.freedesktop.org/show_bug.cgi?id=64378
Stef Walter [Fri, 3 May 2013 10:03:58 +0000 (12:03 +0200)]
Reduce libtasn1 dependency to 2.3
* This passes all checks and is compatible
Stef Walter [Mon, 15 Apr 2013 14:09:47 +0000 (16:09 +0200)]
Release version 0.18.1
Stef Walter [Thu, 4 Apr 2013 09:11:49 +0000 (11:11 +0200)]
doc: Use gtk-doc in the no-tmpl flavor
Stef Walter [Thu, 4 Apr 2013 09:10:28 +0000 (11:10 +0200)]
manual: Use a consistent docbook version
Stef Walter [Thu, 4 Apr 2013 07:34:21 +0000 (09:34 +0200)]
Put the external tools in $libdir/p11-kit
These are possibly architecture specific binaries, so they should be
in $libdir/p11-kit and not in $datadir/p11-kit
Stef Walter [Thu, 4 Apr 2013 06:41:27 +0000 (08:41 +0200)]
Release version 0.18.0
Stef Walter [Thu, 4 Apr 2013 06:04:51 +0000 (08:04 +0200)]
Fix off by one in date parsing code
We didn't treat the two digit year 00 as a valid year, whereas it
actually represents the year 2000. This is in a non-critical code path.
Stef Walter [Thu, 4 Apr 2013 06:04:10 +0000 (08:04 +0200)]
Don't print erroneous debug messages when skipping files
The parser automatically skips over files that it cannot parse. Don't
print confusing debug messages about DER parse failures when it does so.
Stef Walter [Tue, 2 Apr 2013 14:33:24 +0000 (16:33 +0200)]
Update to MurmurHash3
This should also fix problems with accessing memory in a non-aligned
fashion on platforms where this causes problems.
https://bugs.freedesktop.org/show_bug.cgi?id=62819
Stef Walter [Fri, 29 Mar 2013 12:17:29 +0000 (13:17 +0100)]
Don't respect timezones for CKA_START_DATE or CKA_END_DATE
The PKCS#11 specification does not note what timezone these dates
are in. In addition the time values are not represented in PKCS#11.
So don't reinterpret certificate dates, other than filling in the
century for dates that have a two digit year.
Lastly, these are low resolution optional fields so not being all
strict about timezones here is appropriate.
https://bugs.freedesktop.org/show_bug.cgi?id=62825
Stef Walter [Fri, 29 Mar 2013 12:40:44 +0000 (13:40 +0100)]
trust: Fix logic for matching invalid NSS serial numbers
Sometimes NSS queries for trust objects using invalid serial numbers
that do not have their DER decoding. We fixed this earlier, but want
to make sure there are no corner cases, accidentally not matching
serial numbers that happen to start with the same bytes as a DER
TLV would.
Stef Walter [Wed, 3 Apr 2013 08:50:59 +0000 (10:50 +0200)]
More compatible path munging and handling code
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
Stef Walter [Wed, 3 Apr 2013 08:43:03 +0000 (10:43 +0200)]
Don't use free() on memory allocated by LocalFree()
ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046
Stef Walter [Tue, 2 Apr 2013 18:40:53 +0000 (20:40 +0200)]
Separate library init from message code
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
Stef Walter [Tue, 2 Apr 2013 16:33:12 +0000 (18:33 +0200)]
Don't use library locks from p11-kit tool
The global library p11_library_mutex is for libraries to use, so don't
use it from any code in common/, which is also used by the p11-kit tool
https://bugs.freedesktop.org/show_bug.cgi?id=63046
Stef Walter [Wed, 3 Apr 2013 08:30:25 +0000 (10:30 +0200)]
Add new script for setting up p11-kit for a maintainer
Add win32 cross build, and build out of tree
Stef Walter [Wed, 3 Apr 2013 08:29:26 +0000 (10:29 +0200)]
Fix build on Win32
Don't reference an undefined macro
https://bugs.freedesktop.org/show_bug.cgi?id=63046
Stef Walter [Wed, 3 Apr 2013 08:19:11 +0000 (10:19 +0200)]
Fix documentation so it builds out of tree
Stef Walter [Tue, 2 Apr 2013 14:33:04 +0000 (16:33 +0200)]
Fix build with automake 1.13
Also remove some generated files from the po/ directory.
Stef Walter [Fri, 29 Mar 2013 08:42:37 +0000 (09:42 +0100)]
Use CKA_X_CERTIFICATE_VALUE for trust assertions
These don't contain the CKA_VALUE attribute for certificate data
but rather the CKA_X_CERTIFICATE_VALUE attribute.
https://bugs.freedesktop.org/show_bug.cgi?id=62896
Stef Walter [Thu, 28 Mar 2013 16:54:39 +0000 (17:54 +0100)]
Don't complain when applications call C_Logout or C_Login
Some callers erroneously call our C_Logout function, like NSS.
So return appropriate error codes in these cases.
https://bugs.freedesktop.org/show_bug.cgi?id=62874