| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
|
|
|
|
|
|
|
|
|
|
| |
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
|
|
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
|
|
|
|
|
| |
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
|
|
|
|
|
|
|
| |
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
|
|
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
|
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
|
|
|
| |
The global library p11_library_mutex is for libraries to use, so don't
use it from any code in common/, which is also used by the p11-kit tool
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
|
|
|
| |
Also remove some generated files from the po/ directory.
|
| |
|
|
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
|
|
|
|
|
| |
Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini
respectively to stop them from being exported in the ABI. It does not seem
to be necessary.
|
|
|
|
|
|
|
| |
We want to use these as the format for encoding binary data
in our PKCS#11 attribute persistence
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
| |
This lexer will be used in our PKCS#11 persistence format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
|
|
|
|
|
| |
This flag is not required to be set unless C_InitToken has been
called. Many modules, like libnssckbi.so, do not set this flag.
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60894
|
| |
|
|
|
|
| |
So that the Windows' C library doesn't munge line endings
|
|
|
|
| |
Since older operating systems don't support setenv()
|
|
|
|
|
|
|
| |
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
|
|
|
|
|
|
| |
Don't do library initialization on shared object load when not running
in a library. We'll want to plug into this and do different things
per library in the future.
|
| |
|
|
|
|
|
| |
* Add annotations to our precondition functions so that they
don't make the analyzer complain
|
| |
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
| |
* Try to make /etc/pkcs11/modules for administrator use
* Override the old pkg-config variables to help packages start
using the new location
|
|
|
|
| |
This does the opposite of p11_kit_be_quiet().
|
|
|
|
|
| |
* Move mock code into the common/ directory to be used by multiple
components of p11-kit
|
|
|
|
| |
Represents a block of memory that can be added to, parsed and so on
|
|
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Allows use of them across the whole project
* Put a stub file in the p11-kit/ directory, so we can still refer
to the headers using that path, which is what it will be at
when in the installed includes directory.
|
|
|
|
|
|
| |
* This is cleaner than building the same source files all over
the place over and over.
* Works better with code coverage.
|
|
|
|
|
|
|
|
|
|
|
| |
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=58704
|
| |
|
|
|
|
|
|
| |
* Close the file descriptor used to read the the pin file
https://bugs.freedesktop.org/show_bug.cgi?id=58706
|
|
|
|
|
|
| |
* P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably
never actually be returned. But kept for API compatibility.
* make distcheck doc fix
|
|
|
|
|
|
|
|
|
| |
* When setting a key in a map that already exists, then free
the old key and replace with the new one.
* Fix related bug where key was not properly allocated
* Add tests for this
https://bugs.freedesktop.org/show_bug.cgi?id=59087
|
|
|
|
|
|
|
| |
* If a process is running under selinux it may not be able
to access the home directory of the uid that it is running as.
https://bugs.freedesktop.org/show_bug.cgi?id=57115
|
|
|
|
|
|
|
|
|
|
| |
* Since p11-kit-proxy.so is a symlink to the libp11-kit.so library
we check that we are not calling into our known CK_FUNCTION_LIST
for the proxy code.
* Although such a configuration is invalid, detecting this directly
prevents strange initialization loop issues that are hard to debug.
https://bugs.freedesktop.org/show_bug.cgi?id=55052
|
|
|
|
|
|
|
|
|
|
| |
* We weren't resetting the result code after a failure,
so even though failures for critical modules didn't interrupt
the initialization loop, the result still leaked to callers.
* Also print an error message clearly indicating that a module
failed to initialize, regardless of whether critical or not.
https://bugs.freedesktop.org/show_bug.cgi?id=55051
|
|
|
|
|
|
|
| |
* This allows user configured PKCS#11 modules by default.
* Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf
to go back to the previous behavior.
* Posted to the mailing list.
|
|
|
|
|
|
| |
Per recommendation of the spec.
https://bugs.freedesktop.org/show_bug.cgi?id=52606
|
|
|
|
|
|
|
|
|
|
| |
* It seems that the HANDLE's returned from GetCurrentThread
are often equal for two threads. GetCurrentThreadID doesn't
have this problem.
* Separate our cross platform thread_t and thread_id_t types
even though on unix they're the same thing.
https://bugzilla.gnome.org/show_bug.cgi?id=44740
|
|
|
|
|
|
|
|
| |
* The windows shared libraries have the .dll extension
* This means we also need separate directories for the test module
configs on win32
https://bugzilla.gnome.org/show_bug.cgi?id=44740
|