Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | trust: Fail if trust anchors are not loaded from a file | Daiki Ueno | 2019-01-04 | 2 | -6/+11 |
| | | | | | If the trust path is a file, treat parse error as fatal and abort the C_FindObjectsInit call. | ||||
* | trust: Propagate library verbosity to module through init_args | Daiki Ueno | 2019-01-04 | 6 | -13/+47 |
| | | | | | | Previously, even when the -v option is used with the 'trust' command, the messages from p11-kit-trust.so module were suppressed because the verbosity setting is not propagated to the module. | ||||
* | build: Fix typo spotted by codespell | Daiki Ueno | 2018-12-29 | 15 | -22/+22 |
| | |||||
* | doc: Make log-calls match the rest of the document style | Jakub Jelen | 2018-12-06 | 1 | -2/+2 |
| | |||||
* | build: Simplify assertions | Daiki Ueno | 2018-11-23 | 1 | -6/+0 |
| | | | | | Let it leak memory when we assert, so not to confuse static analyzers as if this is the normal case. | ||||
* | travis: Add cppcheck profile | Daiki Ueno | 2018-11-22 | 5 | -0/+33 |
| | |||||
* | travis: Allow profile override | Daiki Ueno | 2018-11-22 | 1 | -10/+10 |
| | |||||
* | build: Suppress cppcheck errors | Daiki Ueno | 2018-11-22 | 7 | -16/+42 |
| | |||||
* | tests: Ensure p11_proxy_module_cleanup is called | Daiki Ueno | 2018-11-14 | 1 | -0/+2 |
| | | | | Reported and suggested in #197. | ||||
* | url: Prefer upper-case letters in hex characters when encoding | Daiki Ueno | 2018-11-07 | 4 | -15/+53 |
| | | | | | | | This makes it more compliant with RFC 3986, where the use of upper-case letters is recommended (as "SHOULD"). Suggested by Sumit Bose. | ||||
* | trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time | Harald Hoyer | 2018-11-02 | 1 | -4/+34 |
| | | | | | | | For reproducible builds, accept a define timestamp for the java keystore. See https://reproducible-builds.org/docs/source-date-epoch/ | ||||
* | build: Require pkg.m4 >= 0.29 at bootstrap | Daiki Ueno | 2018-10-31 | 1 | -0/+2 |
| | |||||
* | virtual: Prefer fixed closures to libffi closures | Daiki Ueno | 2018-10-24 | 1 | -5/+14 |
| | | | | | | | | On some circumstances (such as when loading p11-kit-proxy from httpd), it is known that creation of libffi closure always fails, due to SELinux policy. Although this is harmless, it pollutes the journal and gives wrong hints when troubleshooting. This patch changes the order of preference of libffi vs pre-compiled closures to avoid that. | ||||
* | trust: Check index->buckets is allocated on cleanup | Daiki Ueno | 2018-10-17 | 1 | -3/+5 |
| | |||||
* | rpc-server: Check calloc failure | Daiki Ueno | 2018-10-17 | 1 | -0/+4 |
| | |||||
* | trust: Set umask before calling mkstemp | Daiki Ueno | 2018-10-17 | 1 | -0/+3 |
| | |||||
* | proxy: Fix null dereference when reusing slots | Daiki Ueno | 2018-10-17 | 1 | -1/+4 |
| | |||||
* | rpc-server: p11_kit_remote_serve_tokens: Fix memleak | Daiki Ueno | 2018-10-17 | 1 | -0/+5 |
| | |||||
* | build: Check return value of p11_rpc_buffer_get_uint64 | Daiki Ueno | 2018-10-17 | 1 | -1/+2 |
| | |||||
* | build: Check return value of p11_dict_set | Daiki Ueno | 2018-10-17 | 3 | -3/+9 |
| | |||||
* | build: Free memory before return{,_val}_if_* macros | Daiki Ueno | 2018-10-17 | 9 | -17/+77 |
| | |||||
* | build: Call va_end() always when leaving the function | Daiki Ueno | 2018-10-17 | 4 | -4/+14 |
| | |||||
* | debug: Work around cppcheck false-positives | Daiki Ueno | 2018-10-17 | 1 | -3/+3 |
| | | | | https://trac.cppcheck.net/ticket/8794 | ||||
* | common: use /proc only on Linux | Leonardo Brondani Schenkel | 2018-09-12 | 1 | -0/+2 |
| | | | | | Non-Linux systems do not have /proc, so do not attempt to open it and eliminate an unnecessary access() syscall on those systems. | ||||
* | pkcs11: Don't redefine CKM_CAMELLIA_KEY_GEN | Daiki Ueno | 2018-08-31 | 1 | -2/+1 |
| | | | | Also reorder the CKM_CAMELLIA_* definitions. | ||||
* | Release 0.23.14 | Daiki Ueno | 2018-08-28 | 2 | -1/+7 |
| | |||||
* | virtual: Tighten error handling when fixed closures are exhausted | Daiki Ueno | 2018-08-28 | 1 | -9/+8 |
| | |||||
* | virtual: Don't be too loud about recoverable failure | Daiki Ueno | 2018-08-28 | 1 | -2/+2 |
| | |||||
* | trust: Factor out module initialization into separate file | Daiki Ueno | 2018-08-28 | 3 | -55/+44 |
| | | | | | This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself. | ||||
* | common: Factor out common initializer code into a header | Daiki Ueno | 2018-08-28 | 4 | -111/+103 |
| | |||||
* | travis: Manually install cpp-coveralls | Daiki Ueno | 2018-08-28 | 1 | -2/+6 |
| | | | | | | To accommodate the gcov format change in gcc 8.1: https://github.com/eddyxu/cpp-coveralls/pull/127 which is not yet available in the pip version. | ||||
* | travis: Check valgrind exit code more strictly | Daiki Ueno | 2018-08-28 | 1 | -1/+1 |
| | |||||
* | README.md: Add CII Best Practices badge | Daiki Ueno | 2018-08-21 | 1 | -1/+1 |
| | |||||
* | README.md: Mention contact method for security issues | Daiki Ueno | 2018-08-21 | 1 | -0/+5 |
| | |||||
* | Revert "build: Explicitly link threaded test programs to libpthread" | Daiki Ueno | 2018-08-17 | 2 | -14/+4 |
| | | | | This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0. | ||||
* | Revert "build: Stop linking the library with libpthread when possible" | Daiki Ueno | 2018-08-17 | 1 | -3/+3 |
| | | | | This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222. | ||||
* | Revert "common: Prefer __register_atfork() to pthread_atfork() if possible" | Daiki Ueno | 2018-08-17 | 2 | -20/+1 |
| | | | | This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8. | ||||
* | Revert "build: Link to libpthread, if pthread_atfork() needs to be used" | Daiki Ueno | 2018-08-17 | 3 | -13/+6 |
| | | | | This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496. | ||||
* | Update pkcs11 header to allow SoftHSMv2 to compile | Alexander Bokovoy | 2018-08-17 | 1 | -18/+220 |
| | | | | | Replace vendor-specific values with the IDs from PKCS11 v3.0 for those constants that were already standardized. | ||||
* | travis: Check that proxy module can be loaded and unloaded | Daiki Ueno | 2018-08-15 | 2 | -1/+2 |
| | |||||
* | proxy: Avoid invalid memory access when unloading proxy module | Daiki Ueno | 2018-08-15 | 1 | -13/+4 |
| | | | | | | | | | | | | | | | | | | | | | | | When loading and unloading p11-kit-proxy.so with pkcs11-tool, it accesses already free'd memory area: $ valgrind pkcs11-tool --module p11-kit-proxy.so -L ==25173== Invalid read of size 8 ==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724) ==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65) ==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so) ==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so) ==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so) ==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so) ==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so) ==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so) ==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so) ==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd ==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530) ==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902) ==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723) | ||||
* | build: Link to libpthread, if pthread_atfork() needs to be used | Daiki Ueno | 2018-08-10 | 3 | -6/+13 |
| | | | | | | | | On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is provided as a nop and our fork detection mechanism doesn't work. Pull in the actual implementation from libpthread in that case. Signed-off-by: Daiki Ueno <dueno@redhat.com> | ||||
* | build: Don't install systemd unit files when "make distcheck" | Daiki Ueno | 2018-08-10 | 1 | -0/+1 |
| | |||||
* | Release 0.23.13 | Daiki Ueno | 2018-08-10 | 2 | -1/+8 |
| | |||||
* | common: Prefer __register_atfork() to pthread_atfork() if possible | Daiki Ueno | 2018-08-10 | 2 | -1/+20 |
| | |||||
* | build: Stop linking the library with libpthread when possible | Daiki Ueno | 2018-08-10 | 1 | -3/+3 |
| | |||||
* | common: Use thread-local storage class when possible | Daiki Ueno | 2018-08-10 | 2 | -0/+34 |
| | | | | | This eliminates the unconditional use of pthread_{get,set}specific() and pthread_key_{create,delete}(), which glibc doesn't provide the stubs. | ||||
* | build: Explicitly link threaded test programs to libpthread | Daiki Ueno | 2018-08-10 | 2 | -4/+14 |
| | | | | | Some test programs use pthread_create(), which glibc doesn't provide the stub. Link those programs with -lpthread. | ||||
* | common, p11-kit, trust: Use pthread_once only when necessary | Daiki Ueno | 2018-08-10 | 5 | -4/+16 |
| | | | | | | If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor. | ||||
* | common: Use static mutex initializer when possible | Daiki Ueno | 2018-08-10 | 3 | -6/+30 |
| | | | | | This eliminates the use of pthread_mutexattr_* functions, which glibc doesn't provide the stubs. |