summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* conf: Ignore user configuration if the program is running as rootDaiki Ueno2019-05-181-1/+3
| | | | | Suggested by Bastien Nocera: https://bugzilla.redhat.com/show_bug.cgi?id=1688583
* proxy: Refresh slot list on every C_GetSlotList callDaiki Ueno2019-05-164-48/+192
| | | | | | | | Previously, the proxy module calculated the slot list only once at the C_Initialize() call. That was causing a usability limitation when the user attaches HSM after starting an application. Suggested by David Ward.
* modules: Fix index used in call to p11_dict_remove()Simon Haggett2019-03-131-1/+1
| | | | | | | | | This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use the correct index in the stolen array (i, rather than at). This avoids an assert, which was encountered on a host serving a PKCS#11 module to a remote Linux client. Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
* Fix Win32 p11_dl_error crashTom Sutcliffe2019-03-101-1/+4
| | | | | | Caused by returning a buffer that wasn't allocated with malloc and needed to be freed with LocalFree() instead. The fix is to strdup msg_buf so what's returned can be free()d.
* modules: check gl.modules before iterates on it when freeingStefano Garzarella2019-02-271-8/+10
| | | | | | | | | | | In some circumstances, as described in the BZ, can happen that free_modules_when_no_refs_unlocked() is called multiple times when the module destructor is invoked. We should check gl.modules before iterates on it in the free_modules_when_no_refs_unlocked() functions, to avoid a SIGSEGV. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963
* trust: Ignore unreadable content in anchorsDaiki Ueno2019-02-183-15/+88
| | | | | | | | | This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of failing C_FindObjectsInit, treat any errors internally and accumulates the successfully loaded certificates. Reported by Andrej Kvasnica in: https://bugzilla.redhat.com/show_bug.cgi?id=1675441
* extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCHDaiki Ueno2019-01-291-4/+4
| | | | | Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so that the test results are not affected by the envvar settings.
* Release 0.23.15Daiki Ueno2019-01-182-1/+9
|
* pem: Fix assert conditionDaiki Ueno2019-01-112-1/+19
| | | | | | If the PEM header is "-----BEGIN -----", *type should be an empty string and the parser shouldn't fail. Reported by Han Han in: https://bugzilla.redhat.com/show_bug.cgi?id=1665172
* test: Add test that exercises duplicated certs in JKSDaiki Ueno2019-01-106-5/+55
|
* trust: Fix alias generation in JKS extractorDaiki Ueno2019-01-101-1/+2
| | | | | When there is a duplicate, the JKS extractor previously assigned somewhat obscure name "-<digit>" (not "<name>-<digit>").
* trust: Continue parsing if the file cannot be read as persist formatDaiki Ueno2019-01-041-1/+1
| | | | | | A corrupted file that contains "[p11-kit-object-v1]" can be a valid PEM certs file. Continue with the next format if it cannot be read as a persistent format.
* trust: p11_token_load: Treat parse error as failureDaiki Ueno2019-01-041-3/+6
| | | | | | Those conditions can happen when the trust file is corrupted, so it makes more sense to treat them as a failure instead of programmer error.
* trust: Fail if trust anchors are not loaded from a fileDaiki Ueno2019-01-042-6/+11
| | | | | If the trust path is a file, treat parse error as fatal and abort the C_FindObjectsInit call.
* trust: Propagate library verbosity to module through init_argsDaiki Ueno2019-01-046-13/+47
| | | | | | Previously, even when the -v option is used with the 'trust' command, the messages from p11-kit-trust.so module were suppressed because the verbosity setting is not propagated to the module.
* build: Fix typo spotted by codespellDaiki Ueno2018-12-2915-22/+22
|
* doc: Make log-calls match the rest of the document styleJakub Jelen2018-12-061-2/+2
|
* build: Simplify assertionsDaiki Ueno2018-11-231-6/+0
| | | | | Let it leak memory when we assert, so not to confuse static analyzers as if this is the normal case.
* travis: Add cppcheck profileDaiki Ueno2018-11-225-0/+33
|
* travis: Allow profile overrideDaiki Ueno2018-11-221-10/+10
|
* build: Suppress cppcheck errorsDaiki Ueno2018-11-227-16/+42
|
* tests: Ensure p11_proxy_module_cleanup is calledDaiki Ueno2018-11-141-0/+2
| | | | Reported and suggested in #197.
* url: Prefer upper-case letters in hex characters when encodingDaiki Ueno2018-11-074-15/+53
| | | | | | | This makes it more compliant with RFC 3986, where the use of upper-case letters is recommended (as "SHOULD"). Suggested by Sumit Bose.
* trust/extract-jks.c: also honor SOURCE_DATE_EPOCH timeHarald Hoyer2018-11-021-4/+34
| | | | | | | For reproducible builds, accept a define timestamp for the java keystore. See https://reproducible-builds.org/docs/source-date-epoch/
* build: Require pkg.m4 >= 0.29 at bootstrapDaiki Ueno2018-10-311-0/+2
|
* virtual: Prefer fixed closures to libffi closuresDaiki Ueno2018-10-241-5/+14
| | | | | | | | On some circumstances (such as when loading p11-kit-proxy from httpd), it is known that creation of libffi closure always fails, due to SELinux policy. Although this is harmless, it pollutes the journal and gives wrong hints when troubleshooting. This patch changes the order of preference of libffi vs pre-compiled closures to avoid that.
* trust: Check index->buckets is allocated on cleanupDaiki Ueno2018-10-171-3/+5
|
* rpc-server: Check calloc failureDaiki Ueno2018-10-171-0/+4
|
* trust: Set umask before calling mkstempDaiki Ueno2018-10-171-0/+3
|
* proxy: Fix null dereference when reusing slotsDaiki Ueno2018-10-171-1/+4
|
* rpc-server: p11_kit_remote_serve_tokens: Fix memleakDaiki Ueno2018-10-171-0/+5
|
* build: Check return value of p11_rpc_buffer_get_uint64Daiki Ueno2018-10-171-1/+2
|
* build: Check return value of p11_dict_setDaiki Ueno2018-10-173-3/+9
|
* build: Free memory before return{,_val}_if_* macrosDaiki Ueno2018-10-179-17/+77
|
* build: Call va_end() always when leaving the functionDaiki Ueno2018-10-174-4/+14
|
* debug: Work around cppcheck false-positivesDaiki Ueno2018-10-171-3/+3
| | | | https://trac.cppcheck.net/ticket/8794
* common: use /proc only on LinuxLeonardo Brondani Schenkel2018-09-121-0/+2
| | | | | Non-Linux systems do not have /proc, so do not attempt to open it and eliminate an unnecessary access() syscall on those systems.
* pkcs11: Don't redefine CKM_CAMELLIA_KEY_GENDaiki Ueno2018-08-311-2/+1
| | | | Also reorder the CKM_CAMELLIA_* definitions.
* Release 0.23.14Daiki Ueno2018-08-282-1/+7
|
* virtual: Tighten error handling when fixed closures are exhaustedDaiki Ueno2018-08-281-9/+8
|
* virtual: Don't be too loud about recoverable failureDaiki Ueno2018-08-281-2/+2
|
* trust: Factor out module initialization into separate fileDaiki Ueno2018-08-283-55/+44
| | | | | This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself.
* common: Factor out common initializer code into a headerDaiki Ueno2018-08-284-111/+103
|
* travis: Manually install cpp-coverallsDaiki Ueno2018-08-281-2/+6
| | | | | | To accommodate the gcov format change in gcc 8.1: https://github.com/eddyxu/cpp-coveralls/pull/127 which is not yet available in the pip version.
* travis: Check valgrind exit code more strictlyDaiki Ueno2018-08-281-1/+1
|
* README.md: Add CII Best Practices badgeDaiki Ueno2018-08-211-1/+1
|
* README.md: Mention contact method for security issuesDaiki Ueno2018-08-211-0/+5
|
* Revert "build: Explicitly link threaded test programs to libpthread"Daiki Ueno2018-08-172-14/+4
| | | | This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.
* Revert "build: Stop linking the library with libpthread when possible"Daiki Ueno2018-08-171-3/+3
| | | | This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222.
* Revert "common: Prefer __register_atfork() to pthread_atfork() if possible"Daiki Ueno2018-08-172-20/+1
| | | | This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8.
generated by cgit v1.1 at 2025-01-05 19:28:53 +0000