| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the
additional CertAux (ie: trust fields) information. It simply leaves
that block out. This happens with a command like:
$ openssl x509 -in my-cert.pem -out output -trustout
|
|
|
|
|
|
| |
This modifies our common unit test code so we can specify full
test paths on the command line, and restrict the run tests to
the ones specified. Order is not respected at this time.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Some mallocs (notably on Windows) have really poor behavior when
called repeatedly with a linearly growing buffer.
https://bugzilla.redhat.com/show_bug.cgi?id=985419
|
|
|
|
|
| |
When we hadn't forked, but were just not initialized, still return
CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
|
|
|
|
|
|
| |
When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.
|
|
|
|
|
|
|
| |
This sets 'remote' appropriately to run the module in a separate
process.
https://bugs.freedesktop.org/show_bug.cgi?id=80472
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
|
|
|
|
| |
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This is used when execing another process to close all open
file descriptors that we don't wish to be inherited.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This enables passing around bytes which represent PKCS#11 RPC calls.
* Caller is responsible for connecting/disconnecting and so on.
* Client side caller gets a mixin from p11_rpc_client_init() to call
into, which generates callbacks with byte arrays to be transported.
* Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR
on which relevant methods get called.
* Doesn't yet implement the actual daemon or clients etc...
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
| |
|
| |
|
| |
|
|
|
|
|
| |
These are useful functions for callers who want to supress all output
from p11-kit library.
|
|
|
|
|
|
|
|
| |
Correctly allow reinitialization when a process forks.
We don't yet implement checks on all entry points of a managed
module, but this allows callers to call C_Initialize again
after forking, as outlined by the PKCS#11 v2 spec.
|
|
|
|
|
|
| |
ie: when streror_s is missing in msvcrt.dll
https://bugs.freedesktop.org/show_bug.cgi?id=76594
|
|
|
|
|
|
|
|
| |
This fixes the function call p11_kit_module_initialize() to
correctly rearrange the modules array when initializing a module
fails.
Also fixes p11_kit_modules_load_and_initialize()
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=76594
|
|
|
|
|
| |
We can't use automake 1.10 as serial-tests is not supported
there.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when buliding for Windows (mingw).
This issue has been reported in bug #76594
a. Moved vasprintf before asprintf
b. Added prototypes for each of them
Thanks,
pa
Signed-off-by: Pavel A <pavel.aronsky@daynix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The proxy module would unload the PKCS#11 modules it was proxying
when C_Finalize() was called. However if a caller in another thread
was inside of a PKCS#11 function at the time, this would cause
a crash.
Change things around so that underlying modules are finalized during
the proxy C_Finalize() but not released/unloaded until the proxy
module itself is unloaded.
https://bugs.freedesktop.org/show_bug.cgi?id=74919
|
|
|
|
|
|
|
|
| |
We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than
assert() when proxy PKCS#11 functions are called before the
module is initialized.
https://bugs.freedesktop.org/show_bug.cgi?id=74919
|
|
|
|
|
|
|
|
|
|
|
| |
Check the return value of mmap() correctly.
Empty files cannot be mmap'd so we implement some
work around code for that.
https://bugs.freedesktop.org/show_bug.cgi?id=74773
Signed-off-by: Stef Walter <stef@thewalter.net>
|
| |
|
|
|
|
|
|
| |
Because Windows is really properly screwed up.
https://bugs.freedesktop.org/show_bug.cgi?id=74149
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This is an integration test that the extract and blacklist
functionality basics work.
More integration tests should follow, at which point we should
place the various generic testing bits into their own file.
|
|
|
|
| |
Naturally this doesn't apply to tarballs
|
| |
|
|
|
|
|
|
|
| |
This fixes an issue where a blacklist in one token wasn't properly
skipping anchors being extracted with extract-compat
https://bugs.freedesktop.org/show_bug.cgi?id=73558
|
|
|
|
|
|
| |
This allows simpler lookups.
https://bugs.freedesktop.org/show_bug.cgi?id=73558
|
|
|
|
|
|
| |
This gives a little broader testing of the enumerator
https://bugs.freedesktop.org/show_bug.cgi?id=73558
|
| |
|
|
|
|
| |
A simple wrapper for C_GetAttributeValue()
|
| |
|
| |
|
|
|
|
| |
Reported-by: Tijl Coosemans <tijl@FreeBSD.org>
|
|
|
|
|
|
|
|
|
| |
In recent versions of glibc this is true and prevents linking with
pthreads when it is not necessary.
Tweaked by Stef Walter
Signed-off-by: Stef Walter <stef@thewalter.net>
|