| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* This allows user configured PKCS#11 modules by default.
* Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf
to go back to the previous behavior.
* Posted to the mailing list.
|
|
|
|
|
|
| |
Per recommendation of the spec.
https://bugs.freedesktop.org/show_bug.cgi?id=52606
|
|
|
|
|
|
|
|
|
|
| |
* It seems that the HANDLE's returned from GetCurrentThread
are often equal for two threads. GetCurrentThreadID doesn't
have this problem.
* Separate our cross platform thread_t and thread_id_t types
even though on unix they're the same thing.
https://bugzilla.gnome.org/show_bug.cgi?id=44740
|
|
|
|
|
|
|
|
| |
* The windows shared libraries have the .dll extension
* This means we also need separate directories for the test module
configs on win32
https://bugzilla.gnome.org/show_bug.cgi?id=44740
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* And want alphanumeric/_.- filenames
* Currently this is just a warning, soon it will be enforced
* The name of a module does not include the extension
Andreas Metzler and Ubuntu both worked on this patch, and I've made
some more changes.
See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436
https://bugs.freedesktop.org/show_bug.cgi?id=52158
|
| |
|
|
|
|
| |
* The previous EOVERFLOW was not supported on mingw
|
|
|
|
| |
* p11_kit_pin_file_callback() only returns pins up to 4096 bytes now
|
|
|
|
|
|
| |
* Remove unused functions
* Use getprogname() instead of calc_progname() which no longer exists
* Fix up exporting of functions in the mock module
|
|
|
|
|
| |
* Ignore failure when initializing registered modules when
'critical' is not set on a module.
|
|
|
|
|
|
|
|
|
| |
* Due to a brain fart the P11_KIT_PIN_* flags were not
bit flags but decimal numbers.
* This necessarily breaks API/ABI for users of the
P11_KIT_PIN_FLAGS_RETRY, P11_KIT_PIN_FLAGS_MANY_TRIES and
P11_KIT_PIN_FLAGS_FINAL_TRY flags. But those wouldn't have
worked anyway.
|
|
|
|
|
|
| |
* We don't try to guarantee completely robust and problem
free behavior in cases where the caller or process isn't
behaving. We consider these to be outside of our control.
|
|
|
|
|
| |
* Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check
correct printf and NULL terminated style varargs
|
|
|
|
| |
* And display warning messages in the debug output
|
|
|
|
| |
* And use them in our replacement err() and p11_kit_set_progname()
|
|
|
|
|
| |
* And the compat stuff in the p11-kit directory merged
into util.c and util.h
|
| |
|
| |
|
|
|
|
| |
* And put together a test for duplicate modules
|
|
|
|
|
| |
* per-thread memory isn't actually a real memory leak, but was
still reachable after exit, so clean this up.
|
| |
|
|
|
|
|
|
|
|
| |
* These can be used to load certain modules in certain
programs, or prevent loading in others.
* Useful for a key manager like seahorse, so we can load
extra modules (think NSS) that other modules shouldn't
load.
|
|
|
|
|
|
|
| |
* We were relying on undefined gcc behavior related to the &
operator.
* This would show up as a test failure when running with -O2 on
certain GCC versions, as well as failure on clang 3.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First of all one should only call async-signal-safe functions
from the callbacks of pthread_atfork(), and so we cannot
reinitialize directly.
* Some modules use pthread_atfork() to detect forking and setup
their internal state. If we call into them in our pthread_atfork()
callback then this is inherently racy.
* There was danger of endless loops and deadlocks which are caused
by handlers which fork in their C_Initialize
* Many processes do fork/exec, reinitializing PKCS#11 for these
forks is quite resourc intensive when the child process won't use
PKCS#11 at all.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
* Add correct linking options for libintl
|
|
|
|
|
| |
* The debug_init() call needed a rename to _p11_debug_init() to match
the non-Win32 code.
|
|
|
|
|
| |
* See previous commit
* Initialize library before debug statements
|
|
|
|
|
|
|
| |
* Work around issues with brain-dead linkers not respecting
the libtool -export-symbol-regex argument
https://bugs.freedesktop.org/show_bug.cgi?id=42020
|
|
|
|
|
|
|
|
| |
* Tests do not all yet pass, at least not on wine
* Added abstraction of some non-portable functions in compat.h/c
* Build with an argument like this for win32 support:
./autogen.sh --host=i586-mingw32msvc
* This win32 port needs more work from interested parties
|
|
|
|
|
|
|
|
| |
* Do not concurretnly call C_Initialize or C_Finalize in a module
* The PKCS#11 spec indicates that mone thread should call those functions.
* It's reasonable for a module to expect to only be initialized or
finalized in one thread.
* In particular NSS does not lock its C_Initialize or C_Finalize.
|
| |
|
|
|
|
|
|
| |
* Fixes build on GNU/Hurd
https://bugs.freedesktop.org/show_bug.cgi?id=41303
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40985
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40985
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40923
|
|
|
|
|
|
|
| |
So far we have only supported full paths to the pkcs11 modules in config
files. This change adds relative path support, so that for modules
installed under the standard $libdir/pkcs11, the config file won't have
to spell out the full path.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Renamed them to reduce ambiguity and to pave the way for exposing
some additional parameters.
p11_system_modules -> p11_system_config_modules
p11_user_modules -> p11_user_config_modules
configure --with-pkcs11-dir
=>
configure --with-system-config
|
| |
|
| |
|
|
|
|
|
|
| |
* When a module has critical set to 'yes', and that module fails to init
then it aborts the entire init process.
* Defaults to 'no'
|
|
|
|
|
|
| |
* Initialize the mappings properly
* Lookup session handles correctly
* Debug initialization and finalization
|
|
|
|
|
|
| |
* These should be able to occur anywhere and should be ignored
according to RFC 3986. This is documented in the PKCS#11 URI
specification.
|
|
|
|
|
|
|
| |
* If a module forks during its C_Initialize, previously our
fork handler would try to initialize it again, ad nauseum.
Reported by Nikos on the mailing list.
|
|
|
|
|
|
|
| |
* More checks for out of memory.
* Take more of the same code paths when initializing a single
module as when initializing registered, or loading from file.
* Cleanup halfway initialized globals if fail during init.
|
|
|
|
|
|
|
|
|
| |
* pinfile attribute was renamed to pin-source
* objecttype attribute was renamed to object-type
* secretkey value was renamed to secret-key
We continue to support parsing the old attribute names and values but
generate URIs with the new ones.
|
|
|
|
|
|
| |
* Duplicate modules may be caused by editor backups, misconfigurations
or a multitude of other sources. Failing dead is a bit harsh.
* After discussing gnutls needs with Nikos
|