| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Accept 'slot-description' and 'slot-manifacturer' path attributes
defined in RFC 7512.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
|
|
|
|
|
|
|
|
|
|
|
| |
For every path/query component, p11_kit_uri_parse() allocates a small
buffer to strip whitespace out. This patch removes any whitespace in
the URI at the entry of the function to simplify the code.
Note that RFC 7512 actually suggests to ignore whitespace at the
extracting phase rather than the parsing phase.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
|
|
|
|
|
|
|
| |
The test case added for bug 90289 (commit c73edd00) revealed that some
of the C_Initialize() implementations do not consider the case where it
is called from the parent process and then from the child process,
without calling C_Finalize() in between.
|
| |
|
|
|
|
|
|
|
|
| |
p11_kit_module_load() hands on the module_path argument to
load_module_from_file_inlock() which accepts relative paths, prepending
P11_MODULE_PATH. Update API documentation accordingly.
https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=93587
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fd_set and friends, according to POSIX.1-2001, needs sys/select.h, so
include it otherwise the build fails for uClibc:
p11-kit/rpc-transport.c: In function ‘rpc_socket_read’:
p11-kit/rpc-transport.c:350:2: error: unknown type name ‘fd_set’
p11-kit/rpc-transport.c:416:4: warning: implicit declaration of function
‘FD_ZERO’ [-Wimplicit-function-declaration]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
https://bugs.freedesktop.org/show_bug.cgi?id=93211
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92532
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92551
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92445
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92434
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=89081
|
|
|
|
|
|
|
|
|
|
|
| |
That function allows to obtain the filename used by the PKCS #11
module. That is the filename used by dlopen().
Note that we don't provide p11_kit_module_for_filename() because
it would have to deal with filename equivalences.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up whitespace
|
|
|
|
|
|
|
|
|
|
|
|
| |
This corrects a deadlock on the forked process. The deadlock
happened because the proxy called C_Finalize prior to a C_Initialize
which is wrong according to PKCS #11 (2.40). This patch eliminates
the C_Finalize call in that case.
This resolves #90289
https://bugs.freedesktop.org/show_bug.cgi?id=90289
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
| |
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
| |
Libffi uses shared memory to store them, and a deallocation
in a child will cause issues for the parent or vice versa.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Use #if to comment out code, avoid compiler warnings
|
|
|
|
| |
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=90827
|
|
|
|
|
|
|
|
|
|
|
|
| |
We continue to accept both the older style 'object-type' field
in addition to the new 'type' field. However we start generating
URIs in the new form.
In other words we have backwards compatibility, but not forwards
compatibility. Given the fact that PKCS#11 URIs are now standardizing
this is an acceptable compromise.
https://bugs.freedesktop.org/show_bug.cgi?id=86474
|
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=87582
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added test for bad encoded pin-value in uri
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=87582
|
| |
|
|
|
|
| |
This was a later change to the PKCS#11 specification drafts
|
|
|
|
|
|
|
| |
Add missing header for strdup(3).
When EPROTO is not available, fallback to EIO.
https://bugs.freedesktop.org/show_bug.cgi?id=84665
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of trying to perform actions in pthread_atfork() which
are not async-signal-safe, just increment a counter so we can
later tell if the process has forked.
Note this does not make it safe to mix threads and forking without
immediately execing. This is a far broader problem that p11-kit,
however we now do the right thing when fork+exec is used from a
thread.
https://bugs.freedesktop.org/show_bug.cgi?id=84567
|
|
|
|
|
| |
This allows security frameworks like SELinux or AppArmor to target
it specifically.
|
|
|
|
|
|
| |
External binaries are searched for in $(libdir)/p11-kit. The
P11_KIT_PRIVATEDIR can be used to override that, for example during
'make check'
|
|
|
|
|
|
| |
This option was not completed in time, and as implemented suffers
from limitations that the module is not really completely isolated
as it still runs under the same user id as the calling process.
|
|
|
|
|
|
|
| |
Move our internal stuff to pkcs11i.h, and install the pkcs11x.h
header containing extensions.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
| |
Pushed the wrong version
|
|
|
|
|
|
|
| |
The p11-kit-proxy.so module would not respect the critical = no setting
in module configuration, and fail if any module failed to initialize.
https://bugs.freedesktop.org/show_bug.cgi?id=83651
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building without debug build fails with:
CCLD p11-kit/p11-kit
./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS'
cc: error: linker command failed with exit code 1 (use -v to see
invocation)
gmake[2]: *** [p11-kit/p11-kit] Error 1
This happens because P11_RPC_CHECK_CALLS is not defined when
debugging is enabled, so provide a noop macro for that case.
|
|
|
|
| |
Still use recursive for documentation and translation.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
When we hadn't forked, but were just not initialized, still return
CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
|
|
|
|
|
|
| |
When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.
|
|
|
|
|
|
|
| |
This sets 'remote' appropriately to run the module in a separate
process.
https://bugs.freedesktop.org/show_bug.cgi?id=80472
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
|
|
|
|
| |
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This enables passing around bytes which represent PKCS#11 RPC calls.
* Caller is responsible for connecting/disconnecting and so on.
* Client side caller gets a mixin from p11_rpc_client_init() to call
into, which generates callbacks with byte arrays to be transported.
* Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR
on which relevant methods get called.
* Doesn't yet implement the actual daemon or clients etc...
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
| |
|