Bartlomiej Grzelewski [Wed, 17 Jan 2018 15:21:28 +0000 (16:21 +0100)]
Fix out of bound access
Change-Id: I830cdc82351b18a670c4950a720f18433532a966
Bartlomiej Grzelewski [Wed, 29 Nov 2017 15:32:28 +0000 (16:32 +0100)]
Add backend field in policy
New field will allow user to force usage of software/hardwere backend
during runtime.
Change-Id: I6f3c575fa979807f456a32a70b278942cdb28b04
Lukasz Kostyra [Tue, 25 Jul 2017 12:59:49 +0000 (14:59 +0200)]
tz-backend: Implement symmetric encryption through TA
Change-Id: Id1b563f099e1671fb5fbcca9ca08757b34b1dfd8
Lukasz Kostyra [Thu, 26 Oct 2017 09:05:21 +0000 (11:05 +0200)]
Change GID of key-manager
Key-manager main group ID was changed to security_fw
to workaround the issue with TrustZone backend - client
application created shared memory segments inaccessible
by TEF Simulator Daemon.
Change-Id: I8da3dacfb5001cc4b230219820acc53b287f6cfb
Krzysztof Jackiewicz [Wed, 22 Nov 2017 10:37:53 +0000 (11:37 +0100)]
Merge branches 'tizen' and 'tizen_4.0'
Change-Id: I0e30db44df252ac6a5629542dfd9cea022a04971
Krzysztof Jackiewicz [Fri, 10 Nov 2017 12:53:17 +0000 (13:53 +0100)]
Fix SVACE defects
- Initialize required members in default Row ctor
- Remove unused Row objects
- Refactor string memcpy'ing so that SVACE stops complaining
- Fix memory leak in DescriptorSet
Change-Id: I8a22a3c5388b0c17b6f44ebaf89d32e9065526dd
Bartlomiej Grzelewski [Thu, 9 Nov 2017 13:21:13 +0000 (14:21 +0100)]
Add host parameter in HTTP header
Change-Id: Iacd8d8e244df289af8c4ab0fe87a26fcb91b5644
Bartlomiej Grzelewski [Fri, 10 Nov 2017 14:03:23 +0000 (15:03 +0100)]
Remove debug logs from framework files
This logs were used during framework test and are useless now.
Change-Id: I4425bc4ab0229cd9430491767a18cc43e7748b6b
Bartlomiej Grzelewski [Fri, 10 Nov 2017 13:55:34 +0000 (14:55 +0100)]
Remove dlog file info information from log
Change-Id: I7a961beae5943d6ce670c94c52f4d8cd1a47f989
Bartlomiej Grzelewski [Thu, 2 Nov 2017 13:40:12 +0000 (14:40 +0100)]
OCSP implementation update
Add support for OCSP responses that does not contain
issuer certificate.
Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7
Bartlomiej Grzelewski [Thu, 2 Nov 2017 13:40:12 +0000 (14:40 +0100)]
OCSP implementation update
Add support for OCSP responses that does not contain
issuer certificate.
Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7
Bartlomiej Grzelewski [Tue, 17 Oct 2017 14:47:59 +0000 (16:47 +0200)]
Support for http proxy during ocsp check
Change-Id: I4966c6dc08411491b419809be402ac8808027478
Bartlomiej Grzelewski [Tue, 17 Oct 2017 14:47:59 +0000 (16:47 +0200)]
Support for http proxy during ocsp check
Change-Id: I4966c6dc08411491b419809be402ac8808027478
Bartlomiej Grzelewski [Wed, 20 Sep 2017 09:19:33 +0000 (11:19 +0200)]
Prevent key-manager client crash
Key-manager client crashed during pthread_cancel because
try catch sections did not support stack unwind correctly.
Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0
(cherry picked from commit
3eb9315f621035b8ea237096506e77dfb232d842)
Bartlomiej Grzelewski [Wed, 20 Sep 2017 09:19:33 +0000 (11:19 +0200)]
Prevent key-manager client crash
Key-manager client crashed during pthread_cancel because
try catch sections did not support stack unwind correctly.
Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0
Sunmin Lee [Tue, 5 Sep 2017 01:03:43 +0000 (10:03 +0900)]
Remove old update script
RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0.
Remove this file to avoid being executed during Tizen 4.0 update.
Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4
(cherry picked from commit
a8a5076372d8473663ed565eac3a14503f4c99b2)
Sunmin Lee [Tue, 5 Sep 2017 01:03:43 +0000 (10:03 +0900)]
Remove old update script
RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0.
Remove this file to avoid being executed during Tizen 4.0 update.
Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4
Tomasz Swierczek [Tue, 5 Sep 2017 06:01:02 +0000 (08:01 +0200)]
setPermissions should succeed when called with empty permissions & no permissions exist
Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Tomasz Swierczek [Tue, 5 Sep 2017 06:01:02 +0000 (08:01 +0200)]
setPermissions should succeed when called with empty permissions & no permissions exist
Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Krzysztof Jackiewicz [Wed, 23 Aug 2017 07:45:21 +0000 (09:45 +0200)]
Ensure key/cert pointer validity before accessing the DER
In many cases the getDER() function is called on a shared_ptr to a key or
certficiate without checking the pointer validity which may lead to segfaults.
Add proper checks before calling the getDER() function.
Change-Id: Ifb209737f14a13f6e7946e21c9d7c1cf5791973e
Igor Kotrasinski [Wed, 16 Aug 2017 08:21:26 +0000 (10:21 +0200)]
Force PIE compilation flags in CMakeLists
Fixes ckm_tool executable not being PIE.
Change-Id: I5bfd915171cb0f9a9b6a17cc8fbec921c4bfb127
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Krzysztof Jackiewicz [Fri, 21 Jul 2017 09:21:42 +0000 (11:21 +0200)]
Remove unused m_reason from Exception
Change-Id: If58cc6d4db141b92ee169b8f3cc5ee9f745c8c67
Krzysztof Jackiewicz [Thu, 20 Jul 2017 09:13:09 +0000 (11:13 +0200)]
Fix segfault in internal tests
Unregister libxml2 callbacks in parser destructor.
Change-Id: Ieeeaebc9299df55325612800304c32f55708091c
Krzysztof Jackiewicz [Mon, 17 Jul 2017 12:59:06 +0000 (14:59 +0200)]
Fix defects reported by SVACE
Change-Id: Ia890a846836d2c7cf9657a889b304ec1e0171ead
Dongsun Lee [Mon, 24 Jul 2017 07:13:29 +0000 (16:13 +0900)]
prevent buffer overflow at strncat
- The third argument of strncat is the string length to be copied, not buffer size.
So the last byte should be left for NULL character which terminates string.
- The alias arguemnt is under control of a client,
this alias variable can be manipulated maliciouly by the client.
Change-Id: Iff4677af36b91d02b7127eb46360033a301b5f87
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Krzysztof Jackiewicz [Tue, 4 Jul 2017 09:00:05 +0000 (11:00 +0200)]
Detect invalid rsa padding parameter
Return proper error in case of wrong RSA padding parameter. Add more detailed
description of valid parameter combinations.
Change-Id: I100f0b900566dbb17bd66c62fabe278baf83c1ff
Rafal Krypa [Fri, 16 Jun 2017 17:05:59 +0000 (19:05 +0200)]
Fix casting of AbstractLogProvider::LogLevel to int
When DPL dlog provider prints error message about unsupported log level, it must
explicitly cast LogLevel to int before printing it with %d.
This fixes KONA issue RQ170612-01344 reported by VD.
Change-Id: I31f298550d4ebe2888a82878489fa061b93c2995
Tomasz Swierczek [Tue, 16 May 2017 06:31:19 +0000 (08:31 +0200)]
Release 0.1.26
* Adjust tests to boost 1.62
Change-Id: I6ab59675a2f11cf34cff4c0fb2902038e6d799c1
Zofia Abramowska [Wed, 19 Apr 2017 12:09:13 +0000 (14:09 +0200)]
Adjust tests to boost 1.62
* Fix missing file
* Fix missing virtual methods
* Fix missing semicolons after macros
* Support boost version before 1.59
Change-Id: If4032191c662d365571d961d87a97ff88658778e
Piotr Sawicki [Tue, 2 May 2017 09:29:57 +0000 (11:29 +0200)]
Version 0.1.25
- Fix defects detected by SVACE
Change-Id: I433ec7ed94b0afc6030e41e3f9ef5a6d29ee85a9
Piotr Sawicki [Tue, 18 Apr 2017 09:42:01 +0000 (11:42 +0200)]
Fix defects detected by SVACE
Use a dedicated ckmc_cert_free() function to safely destroy ckmc_cert_s struct.
Change-Id: Icd6ac4faef597d93e7b617c3e4e5dce8449baa92
Piotr Sawicki [Tue, 11 Apr 2017 14:35:58 +0000 (16:35 +0200)]
Version 0.1.24
- Fix issues detected by the SVACE tool
- Add internal test cases
- Replace stringify template with macro
- Update API documentation
- CryptoLogic: Fix function name (CLEAR_FLAGS) and set max schema version
- CryptoLogic: Clean up bit masking ENCR
- Fix issues associated with OpenSSL and locking functions
- Map System subdomains to System for sharing data between system services
- Enable privilege check on control API
- Use argos_watchdog
- Add upgrade script for moving rw data
- Return incomplete PKCS12 with exportable parts only
- CAPI: add ckmc_alias_new()
- Fix buffer overflow in sqlcipher.c
- Adjust smack labels on ipc unix sockets
- Add secure-storage data migration
- Replace old exceptions with new ones
- CAPI: Fix memory leak
- Apply coding style rules
- Change priorities of temporary directories used by sqlcipher.c
- Change API visibility for mobile and wearable profiles
- Hotfix: build error by warning on 64bit arch
Change-Id: I40c4199a6c48392db0d79a91680048ad148959db
Piotr Sawicki [Thu, 6 Apr 2017 13:50:20 +0000 (15:50 +0200)]
Fix issues detected by SVACE
Fix possible memory leak in _toNewCkmCertList()
Change-Id: I706332a37a48fb720b693b526425c03d2d04e0aa
Dongsun Lee [Wed, 29 Mar 2017 08:18:37 +0000 (17:18 +0900)]
Add %license macro for each sub package
Change-Id: Iab00d7a0f4b4e19e30ab37d9bfe3dde755981fe2
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Fri, 13 Jan 2017 11:06:41 +0000 (20:06 +0900)]
Add internal test cases
Change-Id: Ifd6b70245a8210f17097cd47d7739c8d19ab1819
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
(cherry picked from commit
925c8d123fd9ece130ccf359446ad9e0e63906e3)
Kyungwook Tak [Wed, 25 Jan 2017 04:12:44 +0000 (13:12 +0900)]
Replace stringify template to macro
Change-Id: Ifc6e0d65d903ec17c2669ddfa32c3b3b23a7bcb0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 3 Feb 2017 02:13:09 +0000 (11:13 +0900)]
Update documents in doc/
Change-Id: I3de73523d2a51f8508482247eddb2bc2a0078ad7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Thu, 5 Jan 2017 11:11:57 +0000 (20:11 +0900)]
Apply the reviewed API documentation
Change-Id: Ifab4e5d251ce90642b07a5c5274adcf58e3083f7
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
(cherry picked from commit
edf7e603070dedac237898a9c60ec5205a44d4d3)
Kyungwook Tak [Fri, 6 Jan 2017 08:52:44 +0000 (17:52 +0900)]
gcc version condition check on using pragma
pragma dianogstic ignored makes warning on gcc version 4
so define it when gcc version is 6 or upper
Change-Id: I0a62af50418ae4f11d7396fc52bbc770143e037f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 2 Jan 2017 08:13:25 +0000 (17:13 +0900)]
Suppress warning on sqlcipher(unused-const-variable)
unused-const-variable warning occurs in sqlcipher when it built with
gcc version 6.2. sqlcipher code is hard to touch and not recommended so
just suppress the warning on that file only by pragma
Change-Id: Icc29d829ed460592b8d883497b69bd9dc9df2a3f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 20 Dec 2016 04:10:16 +0000 (13:10 +0900)]
[CryptoLogic] Fix func name and set max schema version
Change function name: CLEAR_FLAG => CLEAR_FLAGS
Define maximum variable of schema version available.
To changing encryption schema bitmask from int to std::bitset
makes some backward compatability issue because it resides in
DB::Row::encryptionScheme as int already which is in DB.
But std::bitset cannot support converting to int (only ulong & ulong
long) so it's hard to use.
Change-Id: Ia27ec252f67c61fece9b34b1458724476b653b77
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 04:22:32 +0000 (13:22 +0900)]
Replace deprecated readdir_r with readdir
Change-Id: I10857c628068c2a53978c16670fab1f9f9d23033
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 10:35:18 +0000 (19:35 +0900)]
Clean up bit masking ENCR in CryptoLogic
Clean up some variables are double declared in anonymous
namespace and class member.
Make inline private member function for bit masking
operations for encryption scheme/version to clean up related codes.
Change-Id: I7bccdccd3f80fd259fa54b95d1906e1f386b2116
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 08:31:08 +0000 (17:31 +0900)]
Fix shift overflow which makes build err in gcc6.2
Change-Id: I17a1c729b83442e90ff91f0771ea845d09140873
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 04:11:00 +0000 (13:11 +0900)]
C++11 destructor should not throw exception
Change-Id: If6e3e469acec69bd0a4c2678348d92af607b39d2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 08:27:58 +0000 (17:27 +0900)]
Add missing header
Change-Id: Ic9660e80708abb71c293245755912c1bf4bdd438
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 04:10:39 +0000 (13:10 +0900)]
Static cast enum value to int
Change-Id: I738b0a745725c47a0608c58396df79f745ccd412
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 16 Dec 2016 04:04:15 +0000 (13:04 +0900)]
Replace deprecated auto_ptr with unique_ptr
Change-Id: Ib0ebc0f297f51a4cc3335a7d1c9033a37edea016
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 15 Dec 2016 04:19:28 +0000 (13:19 +0900)]
Remove to add openssl locking function on client
To add locking function in client library side is dangerous of occuring
segmentation fault because it can be used in some dynamic loaded
plugins. If multiple plugins are adding locking function, there is race
condition issue that symbol is unloaded out from the plugin so it makes
segmentation fault.
Change-Id: I1ac443c5d2e166cf05c65b3d937dae64472c713b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Sunmin Lee [Wed, 30 Nov 2016 04:37:38 +0000 (13:37 +0900)]
Upgrade: cp instead of mv
Because RO partition shouldn't be modified,
use cp instead of mv.
Change-Id: If852002611569ebc5146c73b82617ee9e14975c4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
(cherry picked from commit
592432e551bd61800d488a0bf6b4a52762445e58)
Kyungwook Tak [Mon, 28 Nov 2016 02:37:47 +0000 (11:37 +0900)]
Use valid group tag
Based on gbs build errorcode and groups are listed here:
https://wiki.tizen.org/wiki/Packaging/Guidelines#Group_Tag
Change-Id: I81e416b30454a951a51cd6f9fe9ca832e700ff6d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 28 Nov 2016 02:26:41 +0000 (11:26 +0900)]
License name changed: BSD-2.0 -> BSD-3.0-Clause
Change-Id: Id415803d99a9bad4f89adae3c8d5030e8920f438
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Fri, 14 Oct 2016 12:08:49 +0000 (14:08 +0200)]
Remove socket-2-id-wrapper and socket-2-id-mockup
Change-Id: I3637563d2e7869041693887c96697a495a26d3b5
Dong Sun Lee [Mon, 26 Sep 2016 01:40:57 +0000 (18:40 -0700)]
Merge "Map System subdomains to System" into tizen
Kyungwook Tak [Fri, 23 Sep 2016 06:32:07 +0000 (15:32 +0900)]
Map System subdomains to System
e.g., System::Privileged -> System
This is for sharing data between system services regardless subdomain
like System::Privileged which has special subdomain label for onlycap
Change-Id: Ibd6f99c8ced3b7bbb3ba3da6e7bd7ee39cd2bfe2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 23 Sep 2016 08:46:59 +0000 (17:46 +0900)]
Enable privilege check on control API
privilege: http://tizen.org/privilege/internal/service
storage API is still disabled because it's non-privileged
Change-Id: I89cfa8f11181d0a89280d204f2bf611a3a237d78
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 23 Sep 2016 06:48:45 +0000 (15:48 +0900)]
Fix typo in link_directories
Change-Id: I273107afabcf2bb95db7a35906618fd01b207928
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 23 Sep 2016 05:55:26 +0000 (14:55 +0900)]
Use argos_watchdog
argos watchdog is watchdog lib which has systemd backend
on platform and backend can be reimplemented by product developer
argos watchdog provides per-process watchdog registration
(systemd allows per-thread but it's not guaranteed by other
backends for now)
This feature is on discussion with multiple product divisions
so it would be easily enabled/disabled by build feature
in compile time
Change-Id: Idb28caa52f3d20a2e0030c84852ad101fdbb6623
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 23 Sep 2016 05:14:14 +0000 (14:14 +0900)]
Fix doxygen warnings
Change-Id: I7ed6f71aaa631510622ea8d934dfb7d25a57611b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Wed, 24 Aug 2016 10:35:48 +0000 (12:35 +0200)]
Fix compilation scripts.
key-manager does not build when libraries are placed in
non standard directories.
Change-Id: I5e60c51ba89059fd233c721c0122dd66f33fd5ba
Kyungwook Tak [Mon, 12 Sep 2016 09:55:50 +0000 (18:55 +0900)]
Add upgrade script for moving rw data
Change-Id: Iab98d014daf3bee0785c21a14657c0b1f6d4c5a8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 12 Sep 2016 03:57:09 +0000 (12:57 +0900)]
Revert "DAC change of .central-key-manager-api-control.sock to 770 to protect control functions"
This reverts commit
aa24737c5837cc0a3d4ed1c2865b6b1c669af96c.
Currently socket stream file is created as root:root so others cannot
access. This patch should be excluded from 37 week SR and apply it later
with related proper patch.
Change-Id: I1740c2206992b3e46be0dbfeb16cf8b631fa6f60
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 12 Sep 2016 01:25:47 +0000 (10:25 +0900)]
Remove tag to key-manager_doc.h
key-manager_doc.h is invisible for SDK user
Change-Id: I33195575d930ef51a54dc917138a0408d456cbc3
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Thu, 8 Sep 2016 06:47:57 +0000 (15:47 +0900)]
DAC change of .central-key-manager-api-control.sock to 770 to protect control functions
Change-Id: I976f31bddf77946f62173a5670684a8fc56be857
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Wed, 7 Sep 2016 05:17:35 +0000 (14:17 +0900)]
Fix SVACE defects: unsafe functions and dead code
Change-Id: I1f670628bc6636e89ca9a7d9eae72922f062fd22
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 6 Sep 2016 08:25:50 +0000 (17:25 +0900)]
Add migrate script for removed cert-svc store API
cert svc API in cert-service.h is removed and certificates saved by
those API could be used through key-manager API after certificates
migrated.
(related cert-svc commit:
project : platform/core/security/cert-svc
commitid :
3f2d8b2afcbefa5d2668a08bcd2a3acd25ffe067)
For now added script only moves certs directory from old cert-svc path
to key-manager data directory. Reading those resources and save to
key-manager db when service loaded is TODO
Change-Id: I54019a31d8b7549a770d8acf0da8df28be6f99a6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 6 Sep 2016 06:58:41 +0000 (15:58 +0900)]
Add temporary file suffix to gitignore
Change-Id: Ifd75cbfc7c629059d1b6280efa38190fa627728d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Wed, 31 Aug 2016 13:35:24 +0000 (15:35 +0200)]
Return incomplete PKCS12 with exportable parts only
[Problem] There's no way to get CA certificates list for PKCS12 with
non-exportable key.
[Solution] Create an incomplete PKCS12 structure with exportable fields only.
[Verification] Run ckm-tests --group=T310_CKMC_CAPI_PKCS12
Change-Id: I77b7ef153fc5d7eb16a587a5bb0450c6a74f6ba1
Kyungwook Tak [Thu, 25 Aug 2016 06:48:09 +0000 (15:48 +0900)]
Move upgrade patchs to platform upgrade script dir
Platform upgrade script dir: /usr/share/upgrade/scripts
Change-Id: Ia705efe39ce537f42899761b5f2f2b08e3a52e05
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 4 Aug 2016 08:47:03 +0000 (17:47 +0900)]
Add deprecated attributes and logs
Change-Id: I511f7dc4fc711f433ef23448badf468c8169afef
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 19 Aug 2016 07:35:49 +0000 (16:35 +0900)]
Remove @see link to deprecated API
ckmc_load_from_pkcs12_file is deprecated but @see links from other APIs
still exist.
Change-Id: I5c58cb8bbc1e1268f23ec09a828e66be581e3ddc
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 18 Aug 2016 10:07:24 +0000 (19:07 +0900)]
Fix sha1 digest length and type mismatch(size_t and uint)
Change-Id: Ia53c49ea40d225971a3061241ee90c58534eaf65
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 29 Jul 2016 00:24:49 +0000 (09:24 +0900)]
[CAPI added] ckmc_alias_new()
Make full alias with owner id and data alias (and separator between them)
Change-Id: I103d3ca0577c6847df65a402907b12b388a8e49e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Yury Usishchev [Mon, 25 Jul 2016 07:41:31 +0000 (10:41 +0300)]
Fix global-buffer-overflow in sqlcipher.c
null-terminated string(pVfs->zName) has no assurance that the length
is longer than 10 so buffer-overflow can occured
Change-Id: I9dad1321ba2e8be4260feb33eb3874bb2c6cbb09
Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
Kyungwook Tak [Tue, 26 Jul 2016 05:28:10 +0000 (14:28 +0900)]
Declare smack label on socket ipc in/out
Change-Id: I1e8b680b53516f92b21fa76cadcafb413be89792
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 22 Jul 2016 04:29:17 +0000 (13:29 +0900)]
Migrate ss data to both of system/admin user db
Some services changed from system to user and they should handle
migrated data and newly saved data differently by changing owner
label because user service cannot save to system db
To use key-manager uniformly by client who is in the case above,
migrated data is going to saved on both of system and admin user
(owner : 5001) db with owner "/User" because user service's smack label
is "User"
Change-Id: Ic3f3b2d02945a12ba2dd12cf9b303a640421afd2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 11 Jul 2016 09:30:51 +0000 (18:30 +0900)]
Migrate secure-storage data
Change-Id: Ifa89e9086a40f8dcbd82bdbc26fe14a7dcc1c8c1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Wed, 9 Mar 2016 17:22:48 +0000 (18:22 +0100)]
Replace old exception with new ones.
Change-Id: I3390d6ff8a7d8e1594847fd87625144e11ec0f69
Kyungwook Tak [Wed, 13 Jul 2016 06:59:20 +0000 (15:59 +0900)]
Fix internal test: xml IV length contraint changed
Change-Id: I8f11c416a13347afe91329fa8f7f856e073601df
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Fri, 8 Jul 2016 02:04:17 +0000 (11:04 +0900)]
exclude not used DPL DB sources from line coverage measurement
Change-Id: Ia6d51db6d568dfa68476e55518036dca37a832e9
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Fri, 1 Jul 2016 02:35:32 +0000 (11:35 +0900)]
bug fix for memory leak in CAPI
Change-Id: I9dcce77ae4a8593a65f5dfc052a2ddb654322da2
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 28 Jun 2016 08:08:27 +0000 (17:08 +0900)]
set PATH variable in each script files to prevent attacks modifying PATH variable
Change-Id: Ia761ed172d39585a5b2c1561d4fda80166943ef9
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Tue, 3 May 2016 00:40:40 +0000 (09:40 +0900)]
change wearable SINCE for deprecated APIs for tizen 2.4
Change-Id: Ic2feeda1bc274fa3944c3e2e93cb4d2215712ac6
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Tue, 12 Apr 2016 10:19:09 +0000 (19:19 +0900)]
Coding style applied according to style checker
Checker/Guide in http://10.113.136.204/confluence/pages/viewpage.action?pageId=
44567756
Change-Id: Ie1c934dcc898b72a68b7a56d43eea4a3298b509c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 29 Mar 2016 02:43:54 +0000 (11:43 +0900)]
Use "/tmp" sqlcipher tmp dir as top priority
[Reason]
Original top priority tmp dir was /var/tmp(->/opt/var/tmp)
which is labeled as "_" so not available to write.
[Solution]
Use "/tmp" instead
[Verification]
Run security-tests
Change-Id: I509bedfec48a0ecf8672c6219ad7df2d565e380f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 22 Mar 2016 05:57:31 +0000 (14:57 +0900)]
APIs since 3.0 for wearable profile
Wearable profile doesn't have platform version 2.4
So APIs newly added on platform version 2.4 (on mobile profile)
should be shown as since 3.0 for wearable profile
Change-Id: I63d107740ac17b682fb2a06bbd3a59db0663e3e1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 21 Mar 2016 11:55:45 +0000 (20:55 +0900)]
Change char unique_ptr to char vector
char vector can free resource naturally than unique_ptr
which should use delete [] explicitly by destructor.
Related SVACE defect id : 56526, 56527
Vericiation: ckm-tests-internal --run_test=ENCRYPTION_SCHEME_TEST
Change-Id: I508192c49557b9f980556e7a20d589be37390b3b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 16 Mar 2016 04:50:35 +0000 (13:50 +0900)]
Hotfix: build error by warning on 64bit arch
unused return value of BIO_reset
Change-Id: If03759de08a0f5e67d8e344f0026032b3f16ccf3
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 16 Mar 2016 04:24:01 +0000 (13:24 +0900)]
Version 0.1.23
Remove unused internal functions in common lib
Refactor client-capi code as c++ style
Remove CKMC error -> CKMC error converter
Change-Id: I0f1a0b166720eec86821aa5cfbc80814c03ed66b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 13:30:54 +0000 (22:30 +0900)]
Add internal TC: for Base64, DataType
Change-Id: Ic5bdcd1298e1b76c37ee69f58dff2b7dc39fbcdf
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 05:27:19 +0000 (14:27 +0900)]
Clean up move/copy assignment/constructor
Change-Id: If87eacaa85ac5b7d11cede5a256c62e4e71cc935
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 03:06:23 +0000 (12:06 +0900)]
Clean up old dpl core sources
errno to string function is too heavy. make it light-weighted
Use dpl log to print assert message and unhandled exception
dpl log can print to several provider(console, journal, dlog) already
by modify configuration file
Change-Id: Ib2e090a0e1c5aafa51bde40c73030b435ae1a1e8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 02:47:09 +0000 (11:47 +0900)]
Remove unused functions in certificate-impl
Change-Id: I343f14a7fa076ea8c7f744b5aa6c2c4babe70633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 02:26:58 +0000 (11:26 +0900)]
Refactor client-capi manager as c++ style
Change-Id: If26aab66bc2b8e4fdfb14c62d9c79300d8af61e0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 01:06:03 +0000 (10:06 +0900)]
Remove useless CKMC error -> CKM error converter
Change-Id: Ia8fcfd5424d2886ffcc535220b301c1bb9ea8078
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 13:46:06 +0000 (22:46 +0900)]
Add for_each files handling style when reading dir
Change-Id: I41ecf62acf6277db6651fdbf3ac5b0eb4761f005
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 11 Mar 2016 08:13:54 +0000 (17:13 +0900)]
Fix SVACE defects
Use thread-safe functions
Initialize values in constructor
Catch all exceptions
Change-Id: I7ce649b7ba1a11e45949e8f8fca257be4eb7f37d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 11 Mar 2016 05:03:09 +0000 (14:03 +0900)]
Hotfix: image creation failed
/usr/sbin/ldconfig cannot be found.
Use /sbin/ldconfig as it was.
Change-Id: Ieb38a62b2474ae3b89c0305c5bfb20bd9c4dbe9f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 4 Mar 2016 07:21:37 +0000 (16:21 +0900)]
Version 0.1.22
- Fix SVACE defects
- Remove hard-coded paths
- remove dependency from pwdutils -> user/group manage backup plan given up for now...
Change-Id: I91ede36bcbc017a067783fbbf46a6c919cf6c717
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 4 Mar 2016 07:14:40 +0000 (16:14 +0900)]
Sync error code description with common package
platform/core/api/common error_message/key-manager.xml
Change-Id: Iae51652c580f4b3ccf4fbd2dec261e97a0a04bcd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
projects / platform / core / security / key-manager.git / log