project/ucert.git
4 years agofix possibly garbage value returned in cert_process_revoker
Petr Štetiar [Mon, 16 Dec 2019 13:34:20 +0000 (14:34 +0100)]
fix possibly garbage value returned in cert_process_revoker

Fixes following warning reported by clang-9 scan-build analyzer:

 ucert.c:585:2: warning: Undefined or garbage value returned to caller
        return ret;
        ^~~~~~~~~~

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoadd cram based unit tests
Petr Štetiar [Mon, 16 Dec 2019 13:43:19 +0000 (14:43 +0100)]
add cram based unit tests

For improved QA etc. for the start with initial test case for dump
command.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agocmake: split usign bits into static library
Petr Štetiar [Mon, 16 Dec 2019 13:29:57 +0000 (14:29 +0100)]
cmake: split usign bits into static library

So it could be reused easily in unit tests for example.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agocmake: reindent the file
Petr Štetiar [Mon, 16 Dec 2019 13:23:26 +0000 (14:23 +0100)]
cmake: reindent the file

In order to make the indentation consistent within the file.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agocmake: enable hardening compiler flags and fix the reported issues
Petr Štetiar [Mon, 16 Dec 2019 12:56:29 +0000 (13:56 +0100)]
cmake: enable hardening compiler flags and fix the reported issues

Lets enable some useful flags in order to spot possible issues during
QA on CI (GCC version 6 and higher). Fix warnings uncovered by this new
flags as reported by clang-9 on x86/64:

 ucert.c:158:33: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare]
 ucert.c:176:14: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ucert.c:314:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 ucert.c:315:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 ucert.c:557:17: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]

Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoadd initial GitLab CI support
Petr Štetiar [Thu, 28 Nov 2019 21:44:08 +0000 (22:44 +0100)]
add initial GitLab CI support

Uses currently proof-of-concept openwrt-ci[1] in order to:

 * improve the quality of the codebase in various areas
 * decrease code review time and help merging contributions faster
 * get automagic feedback loop on various platforms and tools
   - out of tree build with OpenWrt SDK on following targets:
     * ath79-generic
     * imx6-generic
     * malta-be
     * mvebu-cortexa53
   - out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 10
   - out of tree native x86/64 static code analysis with cppcheck and
     scan-build from Clang 10

1. https://gitlab.com/ynezz/openwrt-ci/

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agocmake: add proper include and library dependencies
Petr Štetiar [Tue, 17 Sep 2019 13:31:08 +0000 (15:31 +0200)]
cmake: add proper include and library dependencies

Otherwise it's not possible to compile it properly if the dependencies
are not installed in the standard include/libraries paths.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agocast ucert_argv to proper type when passing to execv
Rosen Penev [Thu, 28 Nov 2019 19:17:20 +0000 (11:17 -0800)]
cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agobe more tolerant when reading key fingerprint
Daniel Golle [Tue, 18 Sep 2018 11:29:10 +0000 (13:29 +0200)]
be more tolerant when reading key fingerprint

usign occasionally writes 16 characters then exits without writing a LF,
leaving ucert hanging waiting for more input.  Accept 16 characters
or more rather than 17 to work around the short read.

Signed-off-by: Mike McCormack <mike@atratus.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agoChange the sigb buffer to be the same size as the fread
Damien Mascord [Wed, 8 Aug 2018 13:54:53 +0000 (23:54 +1000)]
Change the sigb buffer to be the same size as the fread

Signed-off-by: Damien Mascord <tusker@tusker.org>
6 years agoblob_buf needs to be zero'd
Daniel Golle [Tue, 7 Aug 2018 16:07:56 +0000 (18:07 +0200)]
blob_buf needs to be zero'd

Fixes weird segfaults when compiling libubox with GCC 8.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agoset rpath to make bundle-libraries.sh happy
Daniel Golle [Mon, 6 Aug 2018 15:23:46 +0000 (17:23 +0200)]
set rpath to make bundle-libraries.sh happy

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agodon't ever set pointer outside of buffer
Daniel Golle [Sun, 10 Jun 2018 17:03:00 +0000 (19:03 +0200)]
don't ever set pointer outside of buffer

even if it's not going to be used.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agofix host build
Daniel Golle [Sun, 10 Jun 2018 16:44:36 +0000 (18:44 +0200)]
fix host build

use execvp in host builds instead of hardcoding /usr/bin/usign path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoharden reading fingerprint from usign process
Daniel Golle [Fri, 8 Jun 2018 16:16:00 +0000 (18:16 +0200)]
harden reading fingerprint from usign process

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd light build variant without -C, -A and -D
Daniel Golle [Fri, 8 Jun 2018 03:30:44 +0000 (05:30 +0200)]
add light build variant without -C, -A and -D

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoremove unused stat variable and gettimeofday only once while verifying
Daniel Golle [Fri, 8 Jun 2018 00:56:22 +0000 (02:56 +0200)]
remove unused stat variable and gettimeofday only once while verifying

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoREADME.md...
Daniel Golle [Fri, 8 Jun 2018 00:50:00 +0000 (02:50 +0200)]
README.md...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoallow issue to append existing cert and be strictly quiet
Daniel Golle [Fri, 8 Jun 2018 00:49:18 +0000 (02:49 +0200)]
allow issue to append existing cert and be strictly quiet

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agodon't be crazily strickt on position of '-q' parameter
Daniel Golle [Fri, 8 Jun 2018 00:07:46 +0000 (02:07 +0200)]
don't be crazily strickt on position of '-q' parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agofix memory corruption caused by use-after-free
Daniel Golle [Thu, 7 Jun 2018 23:15:26 +0000 (01:15 +0200)]
fix memory corruption caused by use-after-free

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoREADME.md: add a line about context and dependencies
Daniel Golle [Thu, 7 Jun 2018 22:01:35 +0000 (00:01 +0200)]
README.md: add a line about context and dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agooutput error message in case of revoked key
Daniel Golle [Thu, 7 Jun 2018 21:52:16 +0000 (23:52 +0200)]
output error message in case of revoked key

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd README.md
Daniel Golle [Thu, 7 Jun 2018 21:44:57 +0000 (23:44 +0200)]
add README.md

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd comments in usign-exec
Daniel Golle [Thu, 7 Jun 2018 20:53:46 +0000 (22:53 +0200)]
add comments in usign-exec

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoharden cmdline options
Daniel Golle [Thu, 7 Jun 2018 20:22:26 +0000 (22:22 +0200)]
harden cmdline options

make all options single-set, only accept options after command and only
those needed for the specific command.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd comments and license headers
Daniel Golle [Thu, 7 Jun 2018 20:12:06 +0000 (22:12 +0200)]
add comments and license headers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agotake care of revokers in verify path
Daniel Golle [Thu, 7 Jun 2018 19:28:50 +0000 (21:28 +0200)]
take care of revokers in verify path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoimprove usage message and start working on revoker logic
Daniel Golle [Thu, 7 Jun 2018 17:14:18 +0000 (19:14 +0200)]
improve usage message and start working on revoker logic

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoallow append also on non-existing certfile
Daniel Golle [Thu, 7 Jun 2018 13:16:41 +0000 (15:16 +0200)]
allow append also on non-existing certfile

Just in case someone just wants a single plain signature without any
chain.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoenumerate chain elements in dump output
Daniel Golle [Thu, 7 Jun 2018 12:39:06 +0000 (14:39 +0200)]
enumerate chain elements in dump output

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoalways include complete signature file including trailing newline
Daniel Golle [Thu, 7 Jun 2018 10:32:21 +0000 (12:32 +0200)]
always include complete signature file including trailing newline

just to harmonize things

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd forgotten usign_v sigfile parameter
Daniel Golle [Thu, 7 Jun 2018 10:09:57 +0000 (12:09 +0200)]
add forgotten usign_v sigfile parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoread more than one cert from file
Daniel Golle [Thu, 7 Jun 2018 09:38:42 +0000 (11:38 +0200)]
read more than one cert from file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoimplement chain and message verify
Daniel Golle [Thu, 7 Jun 2018 00:17:28 +0000 (02:17 +0200)]
implement chain and message verify

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agouse list to model certificate chain
Daniel Golle [Wed, 6 Jun 2018 20:48:31 +0000 (22:48 +0200)]
use list to model certificate chain

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoimplement cert issue
Daniel Golle [Wed, 6 Jun 2018 20:21:23 +0000 (22:21 +0200)]
implement cert issue

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd usign-exec.c
Daniel Golle [Wed, 6 Jun 2018 19:12:50 +0000 (21:12 +0200)]
add usign-exec.c

create C function wrappers calling the /usr/bin/usign executable and
processing the results.

usign_v()   : usign -V ...
usign_s()   : usign -S ...
usign_f_*() : usign -F ...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agostart implementing loading cert from filesystem, add validity times
Daniel Golle [Wed, 6 Jun 2018 18:37:50 +0000 (20:37 +0200)]
start implementing loading cert from filesystem, add validity times

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd external blob and internal blobmsg data structures
Daniel Golle [Mon, 4 Jun 2018 22:02:00 +0000 (00:02 +0200)]
add external blob and internal blobmsg data structures

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd shim executable and CMakeLists
Daniel Golle [Mon, 4 Jun 2018 21:54:09 +0000 (23:54 +0200)]
add shim executable and CMakeLists

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd COPYING license file
Daniel Golle [Mon, 4 Jun 2018 21:40:28 +0000 (23:40 +0200)]
add COPYING license file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)

6 years agoadd .gitignore
Daniel Golle [Mon, 4 Jun 2018 21:36:24 +0000 (23:36 +0200)]
add .gitignore

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)