| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
* These can be used to load certain modules in certain
programs, or prevent loading in others.
* Useful for a key manager like seahorse, so we can load
extra modules (think NSS) that other modules shouldn't
load.
|
|
|
|
|
|
|
| |
* We were relying on undefined gcc behavior related to the &
operator.
* This would show up as a test failure when running with -O2 on
certain GCC versions, as well as failure on clang 3.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First of all one should only call async-signal-safe functions
from the callbacks of pthread_atfork(), and so we cannot
reinitialize directly.
* Some modules use pthread_atfork() to detect forking and setup
their internal state. If we call into them in our pthread_atfork()
callback then this is inherently racy.
* There was danger of endless loops and deadlocks which are caused
by handlers which fork in their C_Initialize
* Many processes do fork/exec, reinitializing PKCS#11 for these
forks is quite resourc intensive when the child process won't use
PKCS#11 at all.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
* Add correct linking options for libintl
|
|
|
|
|
| |
* The debug_init() call needed a rename to _p11_debug_init() to match
the non-Win32 code.
|
|
|
|
|
| |
* See previous commit
* Initialize library before debug statements
|
|
|
|
|
|
|
| |
* Work around issues with brain-dead linkers not respecting
the libtool -export-symbol-regex argument
https://bugs.freedesktop.org/show_bug.cgi?id=42020
|
|
|
|
|
|
|
|
| |
* Tests do not all yet pass, at least not on wine
* Added abstraction of some non-portable functions in compat.h/c
* Build with an argument like this for win32 support:
./autogen.sh --host=i586-mingw32msvc
* This win32 port needs more work from interested parties
|
|
|
|
|
|
|
|
| |
* Do not concurretnly call C_Initialize or C_Finalize in a module
* The PKCS#11 spec indicates that mone thread should call those functions.
* It's reasonable for a module to expect to only be initialized or
finalized in one thread.
* In particular NSS does not lock its C_Initialize or C_Finalize.
|
| |
|
|
|
|
|
|
| |
* Fixes build on GNU/Hurd
https://bugs.freedesktop.org/show_bug.cgi?id=41303
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40985
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40985
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40923
|
|
|
|
|
|
|
| |
So far we have only supported full paths to the pkcs11 modules in config
files. This change adds relative path support, so that for modules
installed under the standard $libdir/pkcs11, the config file won't have
to spell out the full path.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Renamed them to reduce ambiguity and to pave the way for exposing
some additional parameters.
p11_system_modules -> p11_system_config_modules
p11_user_modules -> p11_user_config_modules
configure --with-pkcs11-dir
=>
configure --with-system-config
|
| |
|
| |
|
|
|
|
|
|
| |
* When a module has critical set to 'yes', and that module fails to init
then it aborts the entire init process.
* Defaults to 'no'
|
|
|
|
|
|
| |
* Initialize the mappings properly
* Lookup session handles correctly
* Debug initialization and finalization
|
|
|
|
|
|
| |
* These should be able to occur anywhere and should be ignored
according to RFC 3986. This is documented in the PKCS#11 URI
specification.
|
|
|
|
|
|
|
| |
* If a module forks during its C_Initialize, previously our
fork handler would try to initialize it again, ad nauseum.
Reported by Nikos on the mailing list.
|
|
|
|
|
|
|
| |
* More checks for out of memory.
* Take more of the same code paths when initializing a single
module as when initializing registered, or loading from file.
* Cleanup halfway initialized globals if fail during init.
|
|
|
|
|
|
|
|
|
| |
* pinfile attribute was renamed to pin-source
* objecttype attribute was renamed to object-type
* secretkey value was renamed to secret-key
We continue to support parsing the old attribute names and values but
generate URIs with the new ones.
|
|
|
|
|
|
| |
* Duplicate modules may be caused by editor backups, misconfigurations
or a multitude of other sources. Failing dead is a bit harsh.
* After discussing gnutls needs with Nikos
|
| |
|
| |
|
|
|
|
| |
* And also install example pkcs11.conf file.
|
|
|
|
|
|
|
| |
* The link now points to the actual library, rather than to
another link.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
| |
|
|
|
|
| |
* Initialization mixup.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Install proxy module at its own path which is not prefixed by 'lib'
* Since the proxy module is the same as the library, and actually
needs to be loaded as the same library in memory (due to resource
tracking per process), use a symlink for proxy.
* Add a variable to the pkg-config file which shows the path
to the proxy module. ie:
$ pkg-config --variable=proxy_module p11-kit-1
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
|
|
|
|
|
|
|
|
|
| |
* Reimplement the various bits of the hash table that were
still based on the apache apr code. Use different algorithms
for hashing, lookup and other stuff.
* Use this as an opportunity to cleanup that code and make
it more legible.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* Lets us use variable size buffers.
* Helps minimize copying.
|
|
|
|
| |
* Fix up duplicate register logic as well.
|
|
|
|
|
|
| |
* These are callbacks that hanlde the pinfile part of a PKCS#11 URI.
* One library can register a callback that another can then call
in a thread-safe and simple fashion.
|
|
|
|
| |
Thanks to Richard Bellgrim.
|
| |
|
| |
|
|
|
|
| |
* Add p11_kit_message() function to get last message.
|
|
|
|
|
| |
* Move configuration loading into conf.c
* Have user modules with same name merge/override modules in system.
|
|
|
|
| |
* Just skip loading these.
|