summaryrefslogtreecommitdiff
path: root/p11-kit
Commit message (Collapse)AuthorAgeFilesLines
* build: Check return value of p11_dict_setDaiki Ueno2018-10-172-2/+7
|
* build: Free memory before return{,_val}_if_* macrosDaiki Ueno2018-10-172-3/+12
|
* virtual: Tighten error handling when fixed closures are exhaustedDaiki Ueno2018-08-281-9/+8
|
* virtual: Don't be too loud about recoverable failureDaiki Ueno2018-08-281-2/+2
|
* common: Factor out common initializer code into a headerDaiki Ueno2018-08-282-111/+8
|
* Revert "build: Explicitly link threaded test programs to libpthread"Daiki Ueno2018-08-171-4/+4
| | | | This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.
* proxy: Avoid invalid memory access when unloading proxy moduleDaiki Ueno2018-08-151-13/+4
| | | | | | | | | | | | | | | | | | | | | | | When loading and unloading p11-kit-proxy.so with pkcs11-tool, it accesses already free'd memory area: $ valgrind pkcs11-tool --module p11-kit-proxy.so -L ==25173== Invalid read of size 8 ==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724) ==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65) ==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so) ==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so) ==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so) ==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so) ==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so) ==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so) ==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so) ==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd ==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530) ==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902) ==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)
* build: Explicitly link threaded test programs to libpthreadDaiki Ueno2018-08-101-4/+4
| | | | | Some test programs use pthread_create(), which glibc doesn't provide the stub. Link those programs with -lpthread.
* common, p11-kit, trust: Use pthread_once only when necessaryDaiki Ueno2018-08-102-2/+2
| | | | | | If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor.
* server: Avoid FD leak in error casesDaiki Ueno2018-08-011-0/+3
| | | | Spotted by coverity.
* proxy: Fail early if there is no slot mappingsDaiki Ueno2018-07-162-0/+44
|
* rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modulesDaiki Ueno2018-07-164-89/+210
| | | | | This patch removes the restriction of p11_kit_remote_serve_tokens() that were not capable of serving tokens across multiple modules.
* build: Use separate p11-kit-{remote,server} executable for testingDaiki Ueno2018-07-163-3/+29
| | | | | Otherwise, the p11-kit-remote program called from p11-kit-server would load the system modules instead of the local fixtures.
* proxy: Allow proxy to be created from the libraryDaiki Ueno2018-07-162-1/+42
| | | | | | | | | | Previously, to aggregate multiple modules into one, there was no other way than loading the proxy module. From the p11-kit applications, however, it is not possible to load that module because of the recursive loading check (p11_proxy_module_check). This patch adds another means to aggregate modules, through a library function p11_proxy_module_create.
* proxy: Turn global variables module localDaiki Ueno2018-07-161-21/+14
|
* server: Enable socket activation through systemdDaiki Ueno2018-06-204-9/+72
| | | | | | | | | | | This enables socket activation of "p11-kit server" through systemd. The feature provided is essentially the same as commit a4fb2bb5 (reverted), but implemented with "p11-kit server" and libsystemd API instead of wrapping "p11-kit remote" in the unit file. Note that, while it exposes all tokens through the socket, it doesn't increase attack surface beyond the PKCS#11 binary interface provided by p11-kit-proxy.so, because the service is per-user.
* pkcs11: Exercise GNU calling convention at compile timeDaiki Ueno2018-05-283-0/+46
|
* build: Delay building mock-six.la until "make check"Daiki Ueno2018-05-251-1/+1
|
* build: Include p11-kit/test-messages.sh in distributionDaiki Ueno2018-05-251-0/+1
|
* uri: Make scheme comparison case-insensitiveDaiki Ueno2018-05-252-3/+30
| | | | | RFC 3986 suggests that implementations should accept uppercase letters as equivalent to lowercase in scheme names.
* Improve const correctness for P11KitUriNathaniel McCallum2018-05-243-41/+41
| | | | | | | | | This does not improve const for the getters. The reason for this is that they are usually passed into the PKCS#11 APIs directly and these APIs are not const correct. Trying to force const correctnesss here would result in pain for library consumers. This is an API and ABI compatible change.
* proxy: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-2/+2
|
* test: Avoid exceeding maximum pathname length of Unix socketDaiki Ueno2018-05-041-2/+7
|
* mock-module-ep: Properly override C_GetFunctionListDaiki Ueno2018-04-061-1/+1
|
* modules: Add option to control module visibility from proxyDaiki Ueno2018-04-065-10/+116
| | | | | | This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value.
* modules: Fix memleak in re-initialization caseDaiki Ueno2018-03-291-0/+1
|
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctlyJustin King-Lacroix2018-03-291-1/+6
| | | | | | In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK.
* test: Add missing seven.module in Windows fixturesDaiki Ueno2018-03-291-0/+4
|
* build: Enable make check with wineDaiki Ueno2018-03-291-1/+1
|
* test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZEDDaiki Ueno2018-03-294-1/+115
|
* test: Add test for error messagesDaiki Ueno2018-03-292-0/+112
|
* test: Use _exit() in child process to immediately close open FDsDaiki Ueno2018-03-291-1/+1
|
* test: Rewrite test-server.sh in TAP styleDaiki Ueno2018-03-291-11/+27
|
* test-server.sh: Fix bashismAndreas Metzler2018-02-281-4/+4
|
* test-server: Add test for detecting addressDaiki Ueno2018-02-271-1/+29
|
* test-server: Fix compilation error on FreeBSDDaiki Ueno2018-02-271-0/+1
|
* common, client: Move runtime directory detection to libp11-commonDaiki Ueno2018-02-271-65/+2
|
* test: Improve temporary directory handlingDaiki Ueno2018-02-271-2/+4
|
* p11_kit_remote_serve_tokens: Read "write-protected" setting from URIDaiki Ueno2018-02-272-0/+42
|
* filter: Respect CKF_WRITE_PROTECTED setting when allowing a tokenDaiki Ueno2018-02-272-16/+134
|
* test: Add test for client-server interactionDaiki Ueno2018-02-272-0/+203
| | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module.
* server: Print envvars even when running in foregroundDaiki Ueno2018-02-271-22/+39
|
* test-transport: Make sure to initialize addrlen given to acceptDaiki Ueno2018-02-271-0/+1
|
* client: Fix memleaks in the moduleDaiki Ueno2018-02-271-3/+9
|
* test: Fix unconditional jump in test-proxy.cDaiki Ueno2018-02-271-0/+1
|
* build: Split out generated code from p11-kit/virtual.cDaiki Ueno2018-01-313-199/+35
|
* build: Delay compilation of test-related stuffDaiki Ueno2018-01-301-6/+9
|
* proxy: Remove dead codeDaiki Ueno2018-01-301-708/+0
| | | | | Since the libffi became optional (commit 9f632bed), the fallback code path in proxy.c has never taken.
* proxy: Reuse the existing slot ID mapping after forkDaiki Ueno2018-01-295-4/+122
| | | | | | | While the proxy module reassigns slot IDs in C_Initialize(), some applications assume that valid slot IDs should never change across multiple calls to C_Initialize(). This patch mitigates this by preserving the slot IDs, if they are known to the proxy module.
* server: Avoid null-dereference of timespec value on timeoutDaiki Ueno2018-01-171-1/+2
| | | | Spotted by clang-analyzer.
generated by cgit v1.1 at 2024-10-18 10:28:37 +0000