summaryrefslogtreecommitdiff
path: root/p11-kit
Commit message (Collapse)AuthorAgeFilesLines
* Add test case for bug 90289 (deadlock on C_Initialize() in child after fork)David Woodhouse2015-06-291-0/+57
| | | | Reviewed-by: Stef Walter <stefw@redhat.com>
* Do not deinitialize libffi's wrapper functionsNikos Mavrogiannopoulos2015-06-291-0/+11
| | | | | | | | Libffi uses shared memory to store them, and a deallocation in a child will cause issues for the parent or vice versa. Signed-off-by: Stef Walter <stefw@redhat.com> * Use #if to comment out code, avoid compiler warnings
* Added test case for crash after a fork in proxy moduleNikos Mavrogiannopoulos2015-06-291-1/+45
| | | | Reviewed-by: Stef Walter <stefw@redhat.com>
* p11-kit: Missing unlock in function rpc_socket_read()Pankaj2015-06-031-1/+3
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=90827
* Generate URIs compliant to the PKCS#11 URI draft in LCNikos Mavrogiannopoulos2015-02-202-14/+14
| | | | | | | | | | | | We continue to accept both the older style 'object-type' field in addition to the new 'type' field. However we start generating URIs in the new form. In other words we have backwards compatibility, but not forwards compatibility. Given the fact that PKCS#11 URIs are now standardizing this is an acceptable compromise. https://bugs.freedesktop.org/show_bug.cgi?id=86474
* Added test for pin-valueNikos Mavrogiannopoulos2015-02-201-0/+54
| | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=87582 Signed-off-by: Stef Walter <stefw@redhat.com> * Added test for bad encoded pin-value in uri
* Added support for pin-value PKCS#11 URI elementNikos Mavrogiannopoulos2015-02-202-0/+57
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=87582
* p11-kit: Remove duplicate WHITESPACE defineStef Walter2015-02-201-5/+3
|
* uri: Accept 'type' in additon to 'object-type' in PKCS#11 URIsStef Walter2014-11-142-2/+30
| | | | This was a later change to the PKCS#11 specification drafts
* Unbreak build on OpenBSDAntoine Jacoutot2014-10-061-0/+5
| | | | | | | Add missing header for strdup(3). When EPROTO is not available, fallback to EIO. https://bugs.freedesktop.org/show_bug.cgi?id=84665
* p11-kit: Use pthread_atfork() in a safe mannerStef Walter2014-10-036-117/+49
| | | | | | | | | | | | | Instead of trying to perform actions in pthread_atfork() which are not async-signal-safe, just increment a counter so we can later tell if the process has forked. Note this does not make it safe to mix threads and forking without immediately execing. This is a far broader problem that p11-kit, however we now do the right thing when fork+exec is used from a thread. https://bugs.freedesktop.org/show_bug.cgi?id=84567
* remote: Run separate executable binary for 'p11-kit remote'Stef Walter2014-10-024-157/+163
| | | | | This allows security frameworks like SELinux or AppArmor to target it specifically.
* p11-kit: P11_KIT_PRIVATEDIR env var overrides private binary dirStef Walter2014-10-022-1/+7
| | | | | | External binaries are searched for in $(libdir)/p11-kit. The P11_KIT_PRIVATEDIR can be used to override that, for example during 'make check'
* p11-kit: Remove the 'isolated' option for nowStef Walter2014-10-011-13/+0
| | | | | | This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process.
* common: New public pkcs11x.h header containing extensionsStef Walter2014-09-101-1/+1
| | | | | | | Move our internal stuff to pkcs11i.h, and install the pkcs11x.h header containing extensions. https://bugs.freedesktop.org/show_bug.cgi?id=83495
* p11-kit: Fix tests when building with MinGWMichael Cronenworth2014-09-093-0/+30
| | | | Signed-off-by: Michael Cronenworth <mike@cchtml.com>
* p11-kit: Compilation fixes for previous commitStef Walter2014-09-091-4/+1
| | | | Pushed the wrong version
* p11-kit: Make proxy module respect critical = noStef Walter2014-09-091-37/+47
| | | | | | | The p11-kit-proxy.so module would not respect the critical = no setting in module configuration, and fail if any module failed to initialize. https://bugs.freedesktop.org/show_bug.cgi?id=83651
* Fix build without debugRoman Bogorodskiy2014-09-091-0/+2
| | | | | | | | | | | | | When building without debug build fails with: CCLD p11-kit/p11-kit ./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS' cc: error: linker command failed with exit code 1 (use -v to see invocation) gmake[2]: *** [p11-kit/p11-kit] Error 1 This happens because P11_RPC_CHECK_CALLS is not defined when debugging is enabled, so provide a noop macro for that case.
* Move to non-recursive Makefile for building bins and libsStef Walter2014-08-1545-196/+201
| | | | Still use recursive for documentation and translation.
* p11-kit: Fix various noise/issues highlighted by clangStef Walter2014-08-114-13/+13
|
* p11-kit: Remove use after free in debug output code pathStef Walter2014-08-081-1/+1
|
* Quiten down scanner warnings about unused variablesStef Walter2014-08-081-4/+1
|
* Fix mostly erroneous scanner warnings in testsStef Walter2014-08-082-1/+8
|
* p11-kit: Fix integer overflow in memset() argumentStef Walter2014-08-081-1/+1
|
* p11-kit: Fix bad check of asprintf() return valueStef Walter2014-08-081-1/+1
|
* p11-kit: Tweak last commit, handle the not-forked caseStef Walter2014-08-071-1/+4
| | | | | When we hadn't forked, but were just not initialized, still return CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
* p11-kit: Don't complain about C_Finalize called in wrong processStef Walter2014-08-071-6/+13
| | | | | | When C_Finalize is called in the wrong process, it's often because of a caller unaware of forking. This is a painful area of PKCS#11, but at least for C_Finalize, lets not complain loudly about it.
* p11-kit: Add a new 'isolate' pkcs11 config optionStef Walter2014-07-081-12/+32
| | | | | | | This sets 'remote' appropriately to run the module in a separate process. https://bugs.freedesktop.org/show_bug.cgi?id=80472
* p11-kit: Cleanup and add documentation for 'remote' optionStef Walter2014-07-082-28/+31
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=54105
* p11-kit: Add 'p11-kit remote' command for isolating modulesStef Walter2014-07-086-58/+160
| | | | | This adds a new tool to the p11-kit command called 'remote'. This is the server side of remoting a PKCS#11 module.
* rpc: Implement execution of another tool to transport PKCS#11 RPCStef Walter2014-07-089-44/+1600
|
* mock: Minor testing tweaks to mock testingStef Walter2014-07-081-2/+2
|
* modules: Make config file and module configs overridable by testsStef Walter2014-07-082-4/+18
|
* rpc: Implement PKCS#11 messages/client/server codeStef Walter2014-07-089-2/+6149
| | | | | | | | | | | | * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105
* Fix typo: supress - > suppressAndreas Metzler2014-07-071-1/+1
|
* Added test for non-null values in empty ID and label URI partsNikos Mavrogiannopoulos2014-07-041-0/+66
|
* p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stableStef Walter2014-07-041-4/+4
| | | | | These are useful functions for callers who want to supress all output from p11-kit library.
* p11-kit: Handle managed modules correctly when forkingStef Walter2014-07-042-5/+56
| | | | | | | | Correctly allow reinitialization when a process forks. We don't yet implement checks on all entry points of a managed module, but this allows callers to call C_Initialize again after forking, as outlined by the PKCS#11 v2 spec.
* p11-kit: Fix corrupted list when initialization of modules failStef Walter2014-06-251-0/+2
| | | | | | | | This fixes the function call p11_kit_module_initialize() to correctly rearrange the modules array when initializing a module fails. Also fixes p11_kit_modules_load_and_initialize()
* Don't try to symlink p11-proxy.so on windowsMilan Crha2014-06-201-5/+5
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=76594
* proxy: Fix cases where modules are unloaded while in useStef Walter2014-02-131-22/+31
| | | | | | | | | | | | | The proxy module would unload the PKCS#11 modules it was proxying when C_Finalize() was called. However if a caller in another thread was inside of a PKCS#11 function at the time, this would cause a crash. Change things around so that underlying modules are finalized during the proxy C_Finalize() but not released/unloaded until the proxy module itself is unloaded. https://bugs.freedesktop.org/show_bug.cgi?id=74919
* proxy: Remove assertions when module is not initializedStef Walter2014-02-131-2/+0
| | | | | | | | We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than assert() when proxy PKCS#11 functions are called before the module is initialized. https://bugs.freedesktop.org/show_bug.cgi?id=74919
* test-iter: Fix use of uninitialized variableStef Walter2014-01-141-0/+1
|
* iter: Fix return value in rare memory allocation caseStef Walter2014-01-131-1/+1
|
* iter: Add p11_kit_iter_get_attributes() functionStef Walter2014-01-133-0/+106
| | | | A simple wrapper for C_GetAttributeValue()
* Disable tests with setgid binaries when running in fakerootAndreas Metzler2013-10-011-1/+4
| | | | | We use the FAKED_MODE environment variable as a way to detect fakeroot.
* Remove unused make variablesStef Walter2013-09-091-1/+0
|
* messages: Better message for CKR_FUNCTION_REJECTEDStef Walter2013-09-051-1/+1
|
* Route 'p11-kit extract-trust' over to trust toolStef Walter2013-08-291-28/+30
| | | | | | The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present.
generated by cgit v1.1 at 2024-12-26 16:44:13 +0000