| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of trying to perform actions in pthread_atfork() which
are not async-signal-safe, just increment a counter so we can
later tell if the process has forked.
Note this does not make it safe to mix threads and forking without
immediately execing. This is a far broader problem that p11-kit,
however we now do the right thing when fork+exec is used from a
thread.
https://bugs.freedesktop.org/show_bug.cgi?id=84567
|
|
|
|
|
| |
In anything security sensitive, use secure_getenv() implementation
for retrieving environment variables.
|
| |
|
|
|
|
|
|
| |
Needed to fix MinGW builds.
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
|
|
|
| |
Move our internal stuff to pkcs11i.h, and install the pkcs11x.h
header containing extensions.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
|
|
|
|
|
| |
CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that
rather than defining our own.
* Fixed up by Nikos Mavrogiannopoulos <nmav@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
|
|
| |
This allows us to have old/new names for a given constant.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
| |
Still use recursive for documentation and translation.
|
|
|
|
|
|
| |
The last commit caused dirfd() to become undefined.
https://bugs.freedesktop.org/show_bug.cgi?id=82617
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older pthreads implementations like glibc NPTL prior to version 2.12, and
uClibc linuxthreads (both), need _XOPEN_SOURCE to expose
pthread_mutexattr_settype() and THREAD_MUTEX_DEFAULT. The value 600 (SuSv3,
POSIX.1-2001) is equivalent to _POSIX_C_SOURCE 200112L.
Fixes the following build error:
CC compat.lo
compat.c: In function 'p11_mutex_init':
compat.c:164:2: warning: implicit declaration of function 'pthread_mutexattr_settype' [-Wimplicit-function-declaration]
compat.c:164:2: warning: nested extern declaration of 'pthread_mutexattr_settype' [-Wnested-externs]
compat.c:164:36: error: 'PTHREAD_MUTEX_DEFAULT' undeclared (first use in this function)
https://bugs.freedesktop.org/show_bug.cgi?id=82617
|
|
|
|
|
| |
Quieten down the clang scanner by telling it to expect
that our test assertions fail
|
| |
|
|
|
|
|
|
| |
This modifies our common unit test code so we can specify full
test paths on the command line, and restrict the run tests to
the ones specified. Order is not respected at this time.
|
|
|
|
|
|
|
| |
Some mallocs (notably on Windows) have really poor behavior when
called repeatedly with a linearly growing buffer.
https://bugzilla.redhat.com/show_bug.cgi?id=985419
|
| |
|
|
|
|
|
| |
This is used when execing another process to close all open
file descriptors that we don't wish to be inherited.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This enables passing around bytes which represent PKCS#11 RPC calls.
* Caller is responsible for connecting/disconnecting and so on.
* Client side caller gets a mixin from p11_rpc_client_init() to call
into, which generates callbacks with byte arrays to be transported.
* Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR
on which relevant methods get called.
* Doesn't yet implement the actual daemon or clients etc...
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
|
|
|
|
|
| |
ie: when streror_s is missing in msvcrt.dll
https://bugs.freedesktop.org/show_bug.cgi?id=76594
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when buliding for Windows (mingw).
This issue has been reported in bug #76594
a. Moved vasprintf before asprintf
b. Added prototypes for each of them
Thanks,
pa
Signed-off-by: Pavel A <pavel.aronsky@daynix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Check the return value of mmap() correctly.
Empty files cannot be mmap'd so we implement some
work around code for that.
https://bugs.freedesktop.org/show_bug.cgi?id=74773
Signed-off-by: Stef Walter <stef@thewalter.net>
|
|
|
|
|
|
| |
This allows simpler lookups.
https://bugs.freedesktop.org/show_bug.cgi?id=73558
|
|
|
|
| |
Reported-by: Tijl Coosemans <tijl@FreeBSD.org>
|
|
|
|
|
|
|
|
|
| |
It's not only unsed, but also causes build fail because CFLAGS
for tests does not contain LIBTASN1_CFLAGS.
Signed-off-by: Stef Walter <stef@thewalter.net>
https://bugs.freedesktop.org/show_bug.cgi?id=71379
|
|
|
|
|
| |
We use the FAKED_MODE environment variable as a way to detect
fakeroot.
|
| |
|
|
|
|
|
| |
Otherwise we get all sorts of overwhelming internal debugging
when someone specifies --verbose argument to a tool.
|
|
|
|
|
|
| |
Since fprintf (stderr, ...) already doesn't print atomically, we don't
lose any atomicity here. If we want to print atomically this will need
some further reworking anyway.
|
| |
|
|
|
|
|
|
| |
As a side effect we can also not use the dirent.d_type field
https://bugs.freedesktop.org/show_bug.cgi?id=68525
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=68525
|
|
|
|
|
|
| |
MinGW builds fail due to this.
https://bugs.freedesktop.org/show_bug.cgi?id=67518
|
|
|
|
|
| |
glibc declares strerror_r completely different if in POSIX or GNU
mode. Nastiness. Stop using _GNU_SOURCE all together.
|
| |
|
|
|
|
|
| |
* Add a testing sanity check to see if we're catching errors
* Fix a few other testing issues
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985433
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985497
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985481
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985337
|
|
|
|
|
|
|
|
|
|
| |
If ~/.config is specified as a prefix to a configured path,
then it is expanded to the $XDG_CONFIG_HOME if that exists
Add --with-user-config ./configure option to configure a
different user config directory.
Interpolate the right directories into documentation.
|
|
|
|
|
|
|
| |
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
|
|
|
|
|
|
|
|
|
|
|
|
| |
TMPDIR is a more standard environment variable for locating the
temp directory on Unix. In addition since this is only used in
tests, remove the code from the generic p11_path_expand() func.
In general remove the possibility for forks to put $HOME or $TEMP
environment variables in configured paths. This was possible
due to code in p11_path_expand() but not something we supported.
https://bugzilla.redhat.com/show_bug.cgi?id=985017
|
|
|
|
| |
Among others fix possible usage of large stack allocation.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
|
|
|
|
|
|
|
|
| |
If we see an integer overflow here something has gone horribly wrong
(or malicious code is present). So treat this as unrecoverable, and
fail if we're going to overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=985019
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reflects that preconditions are invalid/unreachable on a
functioning system and with valid input. We do not try to recover
from such conditions.
In addition teach coverity about how our test suite fails
See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html
https://bugzilla.redhat.com/show_bug.cgi?id=985005
|
| |
|
|
|
|
|
|
| |
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
|