| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This eliminates the use of pthread_mutexattr_* functions, which glibc
doesn't provide the stubs.
|
|
|
|
|
|
| |
On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is
defined. Reported by Patrick Welche in:
https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html
|
|
|
|
|
|
| |
On macOS, locale_t is not defined in <locale.h>. Although it is
defined in <xlocale.h>, we rather not use locales at all for POSIX
compliance.
|
|
|
|
|
|
| |
The tolower()/toupper() functions take into account of the current
locale settings, which p11-kit doesn't want. Add replacement
functions that work as if they are called under the C locale.
|
|
|
|
|
|
| |
reallocarray is a new POSIX function added in glibc 2.26, with
built-in overflow checks. Take advantage of that function for
internal array allocation.
|
|
|
|
|
|
|
|
|
| |
Solaris doesn't like it when dlclose is referenced using a define,
resulting in a linker error looking for a symbol version. Simply
calling the function in a normal way (instead of storing its address)
solves this linking error.
The error message seen by GNU ld is:
dlclose: invalid version 7 (max 0)
|
|
|
|
|
|
| |
This reverts commit 6b457ffc, which forbids the use of GNU extension
for the incompatibility of strerror_r. However, now that strerror_l
is used instead on glibc systems, it has no point to do that.
|
|
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
|
| |
In anything security sensitive, use secure_getenv() implementation
for retrieving environment variables.
|
|
|
|
|
| |
This is used when execing another process to close all open
file descriptors that we don't wish to be inherited.
|
|
|
|
|
|
| |
As a side effect we can also not use the dirent.d_type field
https://bugs.freedesktop.org/show_bug.cgi?id=68525
|
|
|
|
|
| |
glibc declares strerror_r completely different if in POSIX or GNU
mode. Nastiness. Stop using _GNU_SOURCE all together.
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985481
|
|
|
|
|
|
|
| |
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
|
|
|
|
|
| |
Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths
which we will be able to write to.
|
|
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
|
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
|
|
|
|
|
| |
Both are nasty. Do our own, and test it a bit
https://bugs.freedesktop.org/show_bug.cgi?id=62479
|
| |
|
|
|
|
| |
So that the Windows' C library doesn't munge line endings
|
|
|
|
| |
Not available on Win32 or ancient unixes
|
|
|
|
| |
Not available on Win32 or ancient unixes
|
|
|
|
| |
These are not available on Win32 and ancient unixes
|
|
|
|
| |
Not available on Win32 and ancient unixes
|
|
|
|
|
| |
The Win32 for mmap() is very different from Unix, so abstract
this into our own p11_mmap_xxx() functions.
|
|
|
|
| |
For Win32 and older unixes
|
|
|
|
|
|
|
| |
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
|
|
|
|
|
| |
* Add annotations to our precondition functions so that they
don't make the analyzer complain
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
| |
We want to use p11_message in our commands anyway, since that
allows us control with --verbose and --quiet.
|
|
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
|
|
|
|
|
|
|
|
|
|
| |
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|
|
|
|
|
|
|
| |
* Conditional inclusion of the errno.h header
* Link librt when appropriate for nanosleep
https://bugs.freedesktop.org/show_bug.cgi?id=52261
|
|
|
|
|
| |
* Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check
correct printf and NULL terminated style varargs
|
|
|
|
| |
* And use them in our replacement err() and p11_kit_set_progname()
|
|
* And the compat stuff in the p11-kit directory merged
into util.c and util.h
|