summaryrefslogtreecommitdiff
path: root/common
Commit message (Collapse)AuthorAgeFilesLines
* common: Re-add placeholder definition of p11_debugDaiki Ueno2017-08-181-0/+4
| | | | | This was mistakenly removed in commit efe6dc56c. Pointed by Lars Wendler in issue #97.
* build: Include <stdint.h> for SIZE_MAXDaiki Ueno2017-08-161-0/+1
| | | | Fixes issue #95.
* build: Include <stdint.h> for SIZE_MAXDaiki Ueno2017-08-151-0/+1
|
* common: New p11_array_insert functionDaiki Ueno2017-08-082-0/+20
|
* common: Use reallocarray instead of realloc as appropriateDaiki Ueno2017-08-084-4/+35
| | | | | | reallocarray is a new POSIX function added in glibc 2.26, with built-in overflow checks. Take advantage of that function for internal array allocation.
* pkcs11.h: updated informationNikos Mavrogiannopoulos2017-08-031-3/+3
| | | | | The scute project no longer exists, and the PKCS#11 standard is from OASIS group.
* pkcs11.h: added OTP-related mechanismsNikos Mavrogiannopoulos2017-08-031-0/+97
|
* pkcs11.h: added definitions of GOST CKA attributesNikos Mavrogiannopoulos2017-08-011-0/+3
|
* pkcs11.h: added definitions of GOST mechanismsNikos Mavrogiannopoulos2017-08-011-0/+12
| | | | | This follows the definitions in PKCS#11 v2.40: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html
* common: always use p11_dl_close wrapperFabian Groffen2017-06-272-10/+13
| | | | | | | | | Solaris doesn't like it when dlclose is referenced using a define, resulting in a linker error looking for a symbol version. Simply calling the function in a normal way (instead of storing its address) solves this linking error. The error message seen by GNU ld is: dlclose: invalid version 7 (max 0)
* p11_get_upeer_id: implement case using ucred.hFabian Groffen2017-06-271-0/+19
| | | | Solaris can retrieve this information via getpeerucred().
* Be silent by default and do not print messages on stderrNikos Mavrogiannopoulos2017-06-261-1/+1
| | | | | | | | | As p11-kit is a library there are cases where it is not desirable to log on stderr by default. See for example this report https://bugzilla.redhat.com/show_bug.cgi?id=1464490 where wget prints an error due to an unconfigured pkcs11 module. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* build: Allow use of _GNU_SOURCEDaiki Ueno2017-06-122-9/+0
| | | | | | This reverts commit 6b457ffc, which forbids the use of GNU extension for the incompatibility of strerror_r. However, now that strerror_l is used instead on glibc systems, it has no point to do that.
* debug: Add p11_debug_err to prevent use of strerrorDaiki Ueno2017-06-122-2/+48
|
* compat: Prefer strerror_l to strerror_rDaiki Ueno2017-06-121-1/+14
| | | | | strerror_r is being obsolete in the next POSIX specification: http://austingroupbugs.net/view.php?id=655
* build: Delay building test programs until "make check"Daiki Ueno2017-05-291-1/+1
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* pkcs11: Define RSA-PSS mechanism parameterDaiki Ueno2017-05-241-0/+11
|
* pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS usefulDaiki Ueno2017-05-241-1/+7
|
* fixed license in unix peer fileNikos Mavrogiannopoulos2017-02-271-12/+27
|
* common: New p11_get_upeer_id() functionNikos Mavrogiannopoulos2017-02-173-0/+132
|
* common: Add path encoding functionsDaiki Ueno2017-02-163-0/+59
| | | | | | | | | This adds p11_path_{encode,decode}(), following the escaping rule described in: https://dbus.freedesktop.org/doc/dbus-specification.html#addresses Although they are merely a wrapper around p11_url_{decode,encode}(), having dedicated functions hides the implementation details.
* library: Initialize p11_virtual_mutex for WindowsDaiki Ueno2017-02-161-0/+2
|
* test: Fix Windows test case for p11_path_expandDaiki Ueno2017-02-161-1/+1
|
* argv: Fix misinterpretation of backslash in quotesDaiki Ueno2017-02-163-1/+119
| | | | | Don't append the backslash character twice to the output. It is interpolated a few lines below, if it is really required.
* compat: Fix character generation in mk{s,d}temp()Daiki Ueno2017-02-161-1/+1
|
* Fix a typo in "x-cetrificate-value", see also ↵Kai Engert2017-02-161-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=99600
* Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files.Kai Engert2017-02-162-0/+2
| | | | | See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
* library: Deinit p11_virtual_mutexDaiki Ueno2017-02-161-0/+1
| | | | | Follow-up fix for commit 4d228aa0, which forgot to clear p11_virtual_mutex on library finalization.
* virtual: Move mutex into p11_library_init()Daiki Ueno2017-02-142-0/+6
| | | | | | | | | We used to provide p11_virtual_fixed_{,un}init() to only initialize a mutex used in virtual.c. That required all the tests calling virtual functions to call p11_virtual_fixed_{,un}init() in main(). For simplicity, move the mutex variable initialization into p11_library_init().
* Fix compiler warnings on FreeBSDRoman Bogorodskiy2017-01-232-0/+5
| | | | | | | | | | | * common/compat.c: Fix "implicit declaration of function 'issetugid'" warning. On FreeBSD, it's required to define __BSD_VISIBLE to make issetugid(2) visible * common/test-message.c: Fix "implicit declaration of function 'asprintf'" by including <stdio.h> * p11-kit/test-iter.c: Fix "format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'int'" by changing format string to "%d"
* common: use recursive pthread mutex for library lockLubomir Rintel2017-01-191-1/+1
| | | | | | | | | | | | | | | | This allows us to do nested locking within one thread avoiding a lockup when remoting the p11-kit-proxy.so module: #0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0 #1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0 #2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355 #3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337 #4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382 #5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427 #6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105 #7 main (argc=1, argv=<optimized out>) at p11-kit/remote.c:169 The Windows NT mutex is aready recursive by default.
* test: Remove setgid()ed copy of frob-getenvDaiki Ueno2016-12-131-2/+1
| | | | Otherwise the file is left in builddir, after make distclean.
* pkcs11: Update CRYPTOKI_VERSION to 2.40Daiki Ueno2016-12-131-6/+3
|
* pkcs11: Add CK_RSA_PKCS_OAEP_PARAMS definitionDaiki Ueno2016-12-131-0/+20
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1191209
* pkcs11: Add CKA_COPYABLE definitionDaiki Ueno2016-12-131-0/+1
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1191231
* pkcs11: Add AES key wrap mechanismsDaiki Ueno2016-12-131-0/+3
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1191231
* mock: Check return value of calloc()Pankaj2016-12-131-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92813
* common, trust: Avoid integer overflowDaiki Ueno2016-12-063-3/+9
| | | | | | | This fixes issues pointed in: https://bugzilla.redhat.com/show_bug.cgi?id=985445 except for p11-kit/conf.c:read_config_file(), which was rewritten using mmap() and thus length calculation is no longer needed.
* test-conf: don't create the setuid copy in /tmpLubomir Rintel2016-11-291-1/+1
| | | | | The temporary directory is often mounted with nosuid, thus whatever runs from there doesn't get AT_SECURE in auxv.
* Fix leak when C_Initialize() is called from childDaiki Ueno2016-08-221-0/+3
| | | | | | | The test case added for bug 90289 (commit c73edd00) revealed that some of the C_Initialize() implementations do not consider the case where it is called from the parent process and then from the child process, without calling C_Finalize() in between.
* p11-kit: Fix redundant check for 'signature' is always 'true'Pankaj2015-11-231-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92807
* common: Fix warning about dereferencing NULL pointerPankaj2015-11-091-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92842
* common: Fix in test-code for file descriptor validity checkPankaj2015-11-091-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92843
* common: Remove compat timegm() implementationStef Walter2015-10-191-31/+0
| | | | We no longer use timegm()
* p11-kit: 'int' comparison with 'unsigned int' in for() for the array indexPankaj2015-10-191-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92443
* p11-kit: 'int' comparison with 'unsigned int' in for() for array indexPankaj2015-10-191-1/+1
|
* Fix trust command segfaults in expand_homedir() when no matching password ↵Robert Milasan2015-07-311-9/+9
| | | | | | | | | | | | | record was found Hello, it looks like under some conditions, command trust segfaults in expand_homedir() due to no matching password record was found: Signed-off-by: Robert Milasan <rmilasan@suse.com> Signed-off-by: Stef Walter <stefw@redhat.com> * Updated path so message is printed and errno is not overwritten https://bugs.freedesktop.org/show_bug.cgi?id=91506
* compat: Add definition for setenv for Win32Michael Cronenworth2014-11-121-0/+4
| | | | Signed-off-by: Michael Cronenworth <mike@cchtml.com>
* p11-kit: Use pthread_atfork() in a safe mannerStef Walter2014-10-033-0/+14
| | | | | | | | | | | | | Instead of trying to perform actions in pthread_atfork() which are not async-signal-safe, just increment a counter so we can later tell if the process has forked. Note this does not make it safe to mix threads and forking without immediately execing. This is a far broader problem that p11-kit, however we now do the right thing when fork+exec is used from a thread. https://bugs.freedesktop.org/show_bug.cgi?id=84567
* common: Use secure_getenv() implementation when setuidStef Walter2014-10-027-3/+112
| | | | | In anything security sensitive, use secure_getenv() implementation for retrieving environment variables.