summaryrefslogtreecommitdiff
path: root/p11-kit
Commit message (Collapse)AuthorAgeFilesLines
* build: Suppress cppcheck errorsDaiki Ueno2018-11-221-2/+6
|
* tests: Ensure p11_proxy_module_cleanup is calledDaiki Ueno2018-11-141-0/+2
| | | | Reported and suggested in #197.
* url: Prefer upper-case letters in hex characters when encodingDaiki Ueno2018-11-071-7/+7
| | | | | | | This makes it more compliant with RFC 3986, where the use of upper-case letters is recommended (as "SHOULD"). Suggested by Sumit Bose.
* virtual: Prefer fixed closures to libffi closuresDaiki Ueno2018-10-241-5/+14
| | | | | | | | On some circumstances (such as when loading p11-kit-proxy from httpd), it is known that creation of libffi closure always fails, due to SELinux policy. Although this is harmless, it pollutes the journal and gives wrong hints when troubleshooting. This patch changes the order of preference of libffi vs pre-compiled closures to avoid that.
* rpc-server: Check calloc failureDaiki Ueno2018-10-171-0/+4
|
* proxy: Fix null dereference when reusing slotsDaiki Ueno2018-10-171-1/+4
|
* rpc-server: p11_kit_remote_serve_tokens: Fix memleakDaiki Ueno2018-10-171-0/+5
|
* build: Check return value of p11_rpc_buffer_get_uint64Daiki Ueno2018-10-171-1/+2
|
* build: Check return value of p11_dict_setDaiki Ueno2018-10-172-2/+7
|
* build: Free memory before return{,_val}_if_* macrosDaiki Ueno2018-10-172-3/+12
|
* virtual: Tighten error handling when fixed closures are exhaustedDaiki Ueno2018-08-281-9/+8
|
* virtual: Don't be too loud about recoverable failureDaiki Ueno2018-08-281-2/+2
|
* common: Factor out common initializer code into a headerDaiki Ueno2018-08-282-111/+8
|
* Revert "build: Explicitly link threaded test programs to libpthread"Daiki Ueno2018-08-171-4/+4
| | | | This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.
* proxy: Avoid invalid memory access when unloading proxy moduleDaiki Ueno2018-08-151-13/+4
| | | | | | | | | | | | | | | | | | | | | | | When loading and unloading p11-kit-proxy.so with pkcs11-tool, it accesses already free'd memory area: $ valgrind pkcs11-tool --module p11-kit-proxy.so -L ==25173== Invalid read of size 8 ==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724) ==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65) ==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so) ==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so) ==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so) ==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so) ==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so) ==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so) ==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so) ==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd ==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530) ==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902) ==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)
* build: Explicitly link threaded test programs to libpthreadDaiki Ueno2018-08-101-4/+4
| | | | | Some test programs use pthread_create(), which glibc doesn't provide the stub. Link those programs with -lpthread.
* common, p11-kit, trust: Use pthread_once only when necessaryDaiki Ueno2018-08-102-2/+2
| | | | | | If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor.
* server: Avoid FD leak in error casesDaiki Ueno2018-08-011-0/+3
| | | | Spotted by coverity.
* proxy: Fail early if there is no slot mappingsDaiki Ueno2018-07-162-0/+44
|
* rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modulesDaiki Ueno2018-07-164-89/+210
| | | | | This patch removes the restriction of p11_kit_remote_serve_tokens() that were not capable of serving tokens across multiple modules.
* build: Use separate p11-kit-{remote,server} executable for testingDaiki Ueno2018-07-163-3/+29
| | | | | Otherwise, the p11-kit-remote program called from p11-kit-server would load the system modules instead of the local fixtures.
* proxy: Allow proxy to be created from the libraryDaiki Ueno2018-07-162-1/+42
| | | | | | | | | | Previously, to aggregate multiple modules into one, there was no other way than loading the proxy module. From the p11-kit applications, however, it is not possible to load that module because of the recursive loading check (p11_proxy_module_check). This patch adds another means to aggregate modules, through a library function p11_proxy_module_create.
* proxy: Turn global variables module localDaiki Ueno2018-07-161-21/+14
|
* server: Enable socket activation through systemdDaiki Ueno2018-06-204-9/+72
| | | | | | | | | | | This enables socket activation of "p11-kit server" through systemd. The feature provided is essentially the same as commit a4fb2bb5 (reverted), but implemented with "p11-kit server" and libsystemd API instead of wrapping "p11-kit remote" in the unit file. Note that, while it exposes all tokens through the socket, it doesn't increase attack surface beyond the PKCS#11 binary interface provided by p11-kit-proxy.so, because the service is per-user.
* pkcs11: Exercise GNU calling convention at compile timeDaiki Ueno2018-05-283-0/+46
|
* build: Delay building mock-six.la until "make check"Daiki Ueno2018-05-251-1/+1
|
* build: Include p11-kit/test-messages.sh in distributionDaiki Ueno2018-05-251-0/+1
|
* uri: Make scheme comparison case-insensitiveDaiki Ueno2018-05-252-3/+30
| | | | | RFC 3986 suggests that implementations should accept uppercase letters as equivalent to lowercase in scheme names.
* Improve const correctness for P11KitUriNathaniel McCallum2018-05-243-41/+41
| | | | | | | | | This does not improve const for the getters. The reason for this is that they are usually passed into the PKCS#11 APIs directly and these APIs are not const correct. Trying to force const correctnesss here would result in pain for library consumers. This is an API and ABI compatible change.
* proxy: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-2/+2
|
* test: Avoid exceeding maximum pathname length of Unix socketDaiki Ueno2018-05-041-2/+7
|
* mock-module-ep: Properly override C_GetFunctionListDaiki Ueno2018-04-061-1/+1
|
* modules: Add option to control module visibility from proxyDaiki Ueno2018-04-065-10/+116
| | | | | | This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value.
* modules: Fix memleak in re-initialization caseDaiki Ueno2018-03-291-0/+1
|
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctlyJustin King-Lacroix2018-03-291-1/+6
| | | | | | In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK.
* test: Add missing seven.module in Windows fixturesDaiki Ueno2018-03-291-0/+4
|
* build: Enable make check with wineDaiki Ueno2018-03-291-1/+1
|
* test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZEDDaiki Ueno2018-03-294-1/+115
|
* test: Add test for error messagesDaiki Ueno2018-03-292-0/+112
|
* test: Use _exit() in child process to immediately close open FDsDaiki Ueno2018-03-291-1/+1
|
* test: Rewrite test-server.sh in TAP styleDaiki Ueno2018-03-291-11/+27
|
* test-server.sh: Fix bashismAndreas Metzler2018-02-281-4/+4
|
* test-server: Add test for detecting addressDaiki Ueno2018-02-271-1/+29
|
* test-server: Fix compilation error on FreeBSDDaiki Ueno2018-02-271-0/+1
|
* common, client: Move runtime directory detection to libp11-commonDaiki Ueno2018-02-271-65/+2
|
* test: Improve temporary directory handlingDaiki Ueno2018-02-271-2/+4
|
* p11_kit_remote_serve_tokens: Read "write-protected" setting from URIDaiki Ueno2018-02-272-0/+42
|
* filter: Respect CKF_WRITE_PROTECTED setting when allowing a tokenDaiki Ueno2018-02-272-16/+134
|
* test: Add test for client-server interactionDaiki Ueno2018-02-272-0/+203
| | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module.
* server: Print envvars even when running in foregroundDaiki Ueno2018-02-271-22/+39
|
generated by cgit v1.1 at 2025-01-01 04:15:46 +0000