Daiki Ueno [Wed, 22 Aug 2018 11:47:03 +0000 (13:47 +0200)]
virtual: Tighten error handling when fixed closures are exhausted
Daiki Ueno [Wed, 22 Aug 2018 11:41:38 +0000 (13:41 +0200)]
virtual: Don't be too loud about recoverable failure
Daiki Ueno [Fri, 24 Aug 2018 15:42:16 +0000 (17:42 +0200)]
trust: Factor out module initialization into separate file
This prevents double call to p11_library_init() in test-module.c, once
from the ELF constructor, and secondly from the test itself.
Daiki Ueno [Mon, 27 Aug 2018 10:57:51 +0000 (12:57 +0200)]
common: Factor out common initializer code into a header
Daiki Ueno [Fri, 24 Aug 2018 15:10:20 +0000 (17:10 +0200)]
travis: Manually install cpp-coveralls
To accommodate the gcov format change in gcc 8.1:
https://github.com/eddyxu/cpp-coveralls/pull/127
which is not yet available in the pip version.
Daiki Ueno [Thu, 23 Aug 2018 16:39:14 +0000 (18:39 +0200)]
travis: Check valgrind exit code more strictly
Daiki Ueno [Tue, 21 Aug 2018 10:48:26 +0000 (12:48 +0200)]
README.md: Add CII Best Practices badge
Daiki Ueno [Tue, 21 Aug 2018 09:32:47 +0000 (11:32 +0200)]
README.md: Mention contact method for security issues
Daiki Ueno [Fri, 17 Aug 2018 10:34:08 +0000 (12:34 +0200)]
Revert "build: Explicitly link threaded test programs to libpthread"
This reverts commit
dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.
Daiki Ueno [Fri, 17 Aug 2018 10:29:28 +0000 (12:29 +0200)]
Revert "build: Stop linking the library with libpthread when possible"
This reverts commit
50f8906e63c9413a7687bab6608496d83c29a222.
Daiki Ueno [Fri, 17 Aug 2018 10:29:15 +0000 (12:29 +0200)]
Revert "common: Prefer __register_atfork() to pthread_atfork() if possible"
This reverts commit
ce3cec7f8742254b8627b9db48973b81e91cbfc8.
Daiki Ueno [Fri, 17 Aug 2018 10:29:03 +0000 (12:29 +0200)]
Revert "build: Link to libpthread, if pthread_atfork() needs to be used"
This reverts commit
541d79cb651cfd3238b9aa41fce70208df8e9496.
Alexander Bokovoy [Tue, 14 Aug 2018 08:49:08 +0000 (11:49 +0300)]
Update pkcs11 header to allow SoftHSMv2 to compile
Replace vendor-specific values with the IDs from PKCS11 v3.0 for those
constants that were already standardized.
Daiki Ueno [Mon, 13 Aug 2018 13:25:10 +0000 (15:25 +0200)]
travis: Check that proxy module can be loaded and unloaded
Daiki Ueno [Mon, 13 Aug 2018 13:23:03 +0000 (15:23 +0200)]
proxy: Avoid invalid memory access when unloading proxy module
When loading and unloading p11-kit-proxy.so with pkcs11-tool, it
accesses already free'd memory area:
$ valgrind pkcs11-tool --module p11-kit-proxy.so -L
==25173== Invalid read of size 8
==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724)
==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65)
==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so)
==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so)
==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so)
==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so)
==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so)
==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so)
==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool)
==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool)
==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so)
==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd
==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530)
==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902)
==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)
Daiki Ueno [Fri, 10 Aug 2018 14:45:07 +0000 (16:45 +0200)]
build: Link to libpthread, if pthread_atfork() needs to be used
On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is
provided as a nop and our fork detection mechanism doesn't work. Pull
in the actual implementation from libpthread in that case.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Daiki Ueno [Fri, 10 Aug 2018 12:26:26 +0000 (14:26 +0200)]
build: Don't install systemd unit files when "make distcheck"
Daiki Ueno [Fri, 10 Aug 2018 10:59:50 +0000 (12:59 +0200)]
Release 0.23.13
Daiki Ueno [Thu, 9 Aug 2018 15:45:37 +0000 (17:45 +0200)]
common: Prefer __register_atfork() to pthread_atfork() if possible
Daiki Ueno [Fri, 13 Jul 2018 06:37:34 +0000 (08:37 +0200)]
build: Stop linking the library with libpthread when possible
Daiki Ueno [Fri, 20 Jul 2018 09:43:15 +0000 (11:43 +0200)]
common: Use thread-local storage class when possible
This eliminates the unconditional use of pthread_{get,set}specific()
and pthread_key_{create,delete}(), which glibc doesn't provide the stubs.
Daiki Ueno [Fri, 20 Jul 2018 11:22:14 +0000 (13:22 +0200)]
build: Explicitly link threaded test programs to libpthread
Some test programs use pthread_create(), which glibc doesn't provide
the stub. Link those programs with -lpthread.
Daiki Ueno [Fri, 20 Jul 2018 11:11:36 +0000 (13:11 +0200)]
common, p11-kit, trust: Use pthread_once only when necessary
If the ELF constructor is usable, we don't really need the once-init
function because it is guaranteed that the code runs only once in the
constructor.
Daiki Ueno [Fri, 20 Jul 2018 09:24:48 +0000 (11:24 +0200)]
common: Use static mutex initializer when possible
This eliminates the use of pthread_mutexattr_* functions, which glibc
doesn't provide the stubs.
Daiki Ueno [Wed, 1 Aug 2018 13:24:20 +0000 (15:24 +0200)]
server: Avoid FD leak in error cases
Spotted by coverity.
Daiki Ueno [Thu, 19 Jul 2018 09:01:31 +0000 (11:01 +0200)]
trust: Clarify C_Login behavior that returns an error
Daiki Ueno [Tue, 10 Jul 2018 14:57:07 +0000 (16:57 +0200)]
proxy: Fail early if there is no slot mappings
Daiki Ueno [Mon, 9 Jul 2018 16:18:02 +0000 (18:18 +0200)]
travis: Install pip for coveralls
Daiki Ueno [Wed, 27 Jun 2018 14:31:54 +0000 (16:31 +0200)]
rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules
This patch removes the restriction of p11_kit_remote_serve_tokens()
that were not capable of serving tokens across multiple modules.
Daiki Ueno [Wed, 27 Jun 2018 09:22:44 +0000 (11:22 +0200)]
build: Use separate p11-kit-{remote,server} executable for testing
Otherwise, the p11-kit-remote program called from p11-kit-server would
load the system modules instead of the local fixtures.
Daiki Ueno [Mon, 25 Jun 2018 15:17:41 +0000 (17:17 +0200)]
proxy: Allow proxy to be created from the library
Previously, to aggregate multiple modules into one, there was no other
way than loading the proxy module. From the p11-kit applications,
however, it is not possible to load that module because of the
recursive loading check (p11_proxy_module_check).
This patch adds another means to aggregate modules, through a library
function p11_proxy_module_create.
Daiki Ueno [Mon, 25 Jun 2018 15:09:26 +0000 (17:09 +0200)]
proxy: Turn global variables module local
Daiki Ueno [Fri, 13 Jul 2018 15:39:35 +0000 (17:39 +0200)]
build: Make reallocarray detection robuster
On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is
defined. Reported by Patrick Welche in:
https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html
Daiki Ueno [Wed, 20 Jun 2018 08:43:24 +0000 (10:43 +0200)]
server: Enable socket activation through systemd
This enables socket activation of "p11-kit server" through systemd.
The feature provided is essentially the same as commit
a4fb2bb5 (reverted), but implemented with "p11-kit server" and
libsystemd API instead of wrapping "p11-kit remote" in the unit file.
Note that, while it exposes all tokens through the socket, it doesn't
increase attack surface beyond the PKCS#11 binary interface provided
by p11-kit-proxy.so, because the service is per-user.
Daiki Ueno [Thu, 31 May 2018 09:02:51 +0000 (11:02 +0200)]
build: Ease issetugid() check when cross-compiling
When cross-compiling, the configure check for issetugid() aborts,
because of the pessimistic default of AC_RUN_IFELSE. This patch
provides the non-pessimistic default to AC_RUN_IFELSE and wrap the
macro invocation with AC_CACHE_CHECK so that the user can override the
check by setting ac_cv_issetugid_openbsd=yes, as suggested in:
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime
Daiki Ueno [Mon, 28 May 2018 14:07:37 +0000 (16:07 +0200)]
Release 0.23.12
Daiki Ueno [Tue, 29 May 2018 11:29:51 +0000 (13:29 +0200)]
travis: Add build scripts for macOS
Daiki Ueno [Tue, 29 May 2018 10:37:57 +0000 (12:37 +0200)]
travis: Use matrix
Daiki Ueno [Tue, 29 May 2018 14:35:05 +0000 (16:35 +0200)]
test: Avoid unnecessary memory allocation
Daiki Ueno [Tue, 29 May 2018 14:37:07 +0000 (16:37 +0200)]
common: Fix runtime directory detection when given prefix is long
Daiki Ueno [Tue, 29 May 2018 14:30:35 +0000 (16:30 +0200)]
common: Don't rely on issetugid() when it is broken
On macOS and FreeBSD, issetugid() has different semantics from the
original OpenBSD implementation and cannot reliably detect if the
process made setuid/setgid:
https://gist.github.com/nicowilliams/
4daf74a3a0c86848d3cbd9d0cdb5e26e
This should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=67451
https://bugs.freedesktop.org/show_bug.cgi?id=100287
Daiki Ueno [Mon, 28 May 2018 11:33:32 +0000 (13:33 +0200)]
build: Don't use locale funcs if locale_t is not defined in locale.h
On macOS, locale_t is not defined in <locale.h>. Although it is
defined in <xlocale.h>, we rather not use locales at all for POSIX
compliance.
Daiki Ueno [Mon, 28 May 2018 10:54:39 +0000 (12:54 +0200)]
pkcs11: Exercise GNU calling convention at compile time
Daiki Ueno [Fri, 25 May 2018 14:16:23 +0000 (16:16 +0200)]
build: Simplify README inclusion
Use symlink in the repository, instead of copying.
Daiki Ueno [Thu, 24 May 2018 08:06:38 +0000 (10:06 +0200)]
NEWS: Mention latest changes
Daiki Ueno [Fri, 25 May 2018 01:20:51 +0000 (03:20 +0200)]
build: Delay building mock-six.la until "make check"
Daiki Ueno [Thu, 24 May 2018 14:30:43 +0000 (16:30 +0200)]
build: Include README in the distribution
As we removed README from the repository, it is no longer
automatically picked up for the distribution by Automake.
Daiki Ueno [Thu, 24 May 2018 14:29:37 +0000 (16:29 +0200)]
build: Fix ChangeLog generation
Daiki Ueno [Thu, 24 May 2018 08:03:51 +0000 (10:03 +0200)]
build: Remove obsolete upload rules
Daiki Ueno [Thu, 24 May 2018 08:02:31 +0000 (10:02 +0200)]
build: Include p11-kit/test-messages.sh in distribution
Daiki Ueno [Thu, 24 May 2018 09:12:21 +0000 (11:12 +0200)]
uri: Make scheme comparison case-insensitive
RFC 3986 suggests that implementations should accept uppercase letters
as equivalent to lowercase in scheme names.
Daiki Ueno [Thu, 24 May 2018 09:01:33 +0000 (11:01 +0200)]
common: Make case conversion locale independent
The tolower()/toupper() functions take into account of the current
locale settings, which p11-kit doesn't want. Add replacement
functions that work as if they are called under the C locale.
Nathaniel McCallum [Mon, 14 May 2018 18:58:56 +0000 (14:58 -0400)]
Improve const correctness for P11KitUri
This does not improve const for the getters. The reason for this is that
they are usually passed into the PKCS#11 APIs directly and these APIs
are not const correct. Trying to force const correctnesss here would
result in pain for library consumers.
This is an API and ABI compatible change.
Nikos Mavrogiannopoulos [Fri, 18 May 2018 12:24:23 +0000 (14:24 +0200)]
README: replace by README.md
That is, use README.md as primary source to generate README as
README is required by the GNU guidelines. We don't try to convert
to "real" plain text as markdown is readable, and to avoid introducing
another dependency (e.g., pandoc).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Fri, 18 May 2018 12:20:29 +0000 (14:20 +0200)]
NEWS: mark the 0.23 series as stable
Resolves #80
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Nikos Mavrogiannopoulos [Fri, 18 May 2018 12:19:29 +0000 (14:19 +0200)]
README.md: added reference to Daiki's key
Resolves #153
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Daiki Ueno [Mon, 7 May 2018 08:44:10 +0000 (10:44 +0200)]
Release 0.23.11
Daiki Ueno [Mon, 7 May 2018 12:25:57 +0000 (14:25 +0200)]
common: Pacify clang-analyzer
Daiki Ueno [Mon, 7 May 2018 09:19:35 +0000 (11:19 +0200)]
trust: Avoid array overflow
Daiki Ueno [Mon, 7 May 2018 09:46:43 +0000 (11:46 +0200)]
trust: Don't null terminate PKCS #11 string fields
Daiki Ueno [Mon, 7 May 2018 09:19:10 +0000 (11:19 +0200)]
proxy: Don't null terminate PKCS #11 string fields
Daiki Ueno [Thu, 3 May 2018 15:29:40 +0000 (17:29 +0200)]
test: Avoid exceeding maximum pathname length of Unix socket
Daiki Ueno [Fri, 27 Apr 2018 08:00:52 +0000 (10:00 +0200)]
library: Use dedicated locale object for printing error
Daiki Ueno [Fri, 27 Apr 2018 07:51:59 +0000 (09:51 +0200)]
Revert "build: Check strerror_l() and uselocale() seperately"
This reverts commit
173ad93cc54057886b2055f3d73ea64a047127d1.
We should rather use newlocale() when per-thread locale is not set.
Otherwise uselocale() could return LC_GLOBAL_LOCALE on some
platforms (e.g. musl-libc) and calling strerror_l() with it leads to
an undefined behavior.
Daiki Ueno [Thu, 19 Apr 2018 14:19:28 +0000 (16:19 +0200)]
build: Check strerror_l() and uselocale() seperately
NetBSD deliberately doesn't support per-thread locale and our
thread-safe replacement of strerror() using strerror_l() cannot be
used. Fallback to strerror_r() in that case.
Daiki Ueno [Tue, 10 Apr 2018 15:40:24 +0000 (17:40 +0200)]
travis: Optimize dnf install invocation
Daiki Ueno [Tue, 10 Apr 2018 07:47:24 +0000 (09:47 +0200)]
test: Add installcheck script to test trust module
Currently it only checks that "disable-in: p11-kit-proxy" properly
prevents the trust module being loaded by the proxy module.
Daiki Ueno [Tue, 10 Apr 2018 07:47:19 +0000 (09:47 +0200)]
trust: Prevent trust module being loaded by proxy module
Otherwise, when the proxy module were registerd in NSS database, the
trust module would be loaded twice and degrade search performance.
Daiki Ueno [Tue, 10 Apr 2018 07:47:12 +0000 (09:47 +0200)]
travis: Run "make installcheck"
Daiki Ueno [Tue, 10 Apr 2018 07:47:06 +0000 (09:47 +0200)]
trust: Fix memleak in p11_enumerate_opt_filter
p11_kit_iter_add_filter() takes the ownership of given attributes.
Spotted by address sanitizer.
Daiki Ueno [Tue, 10 Apr 2018 07:46:56 +0000 (09:46 +0200)]
test: Factor out common harness from test-extract.in
Daiki Ueno [Sat, 31 Mar 2018 12:26:52 +0000 (14:26 +0200)]
test: Add test for JKS extractor
Piggybacking commit
de963b96, this adds a multi-cert test case for the
Java keystore extractor.
Daiki Ueno [Thu, 5 Apr 2018 14:03:07 +0000 (16:03 +0200)]
test: Add test for p11_attrs_purge()
Daiki Ueno [Thu, 5 Apr 2018 13:11:09 +0000 (15:11 +0200)]
mock-module-ep: Properly override C_GetFunctionList
Daiki Ueno [Thu, 5 Apr 2018 09:14:39 +0000 (11:14 +0200)]
modules: Add option to control module visibility from proxy
This enables to control whether a module will be loaded from the proxy
module. The configuration reuses the "enable-in" and "disable-in"
options, with a special literal "p11-kit-proxy" as the value.
Laszlo Ersek [Thu, 29 Mar 2018 19:32:24 +0000 (21:32 +0200)]
trust: add unit test for the "edk2-cacerts" extractor
Add a multi-cert test case for the edk2 extractor, heavily based on the
"/openssl/test_file_multiple" test case.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=
1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Laszlo Ersek [Tue, 27 Mar 2018 15:28:11 +0000 (17:28 +0200)]
trust: implement the "edk2-cacerts" extractor
Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST
format that is
- defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object
per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID),
- and expected by edk2's HttpDxe when it configures the certificate list
for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the
TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c").
The intended command line is
p11-kit extract \
--format=edk2-cacerts \
--filter=ca-anchors \
--overwrite \
--purpose=server-auth \
$DEST/edk2/cacerts.bin
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=
1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Laszlo Ersek [Tue, 27 Mar 2018 13:19:06 +0000 (15:19 +0200)]
trust: introduce the "edk2-cacerts" extractor skeleton
Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always
fails, silently.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=
1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Daiki Ueno [Thu, 29 Mar 2018 13:54:35 +0000 (15:54 +0200)]
modules: Fix memleak in re-initialization case
Justin King-Lacroix [Sat, 17 Mar 2018 02:37:24 +0000 (19:37 -0700)]
Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
In p11_kit_modules_initialize(), treat a return code
of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to
CKR_OK.
Daiki Ueno [Thu, 29 Mar 2018 11:02:39 +0000 (13:02 +0200)]
travis: Disallow failure on mingw
Daiki Ueno [Thu, 29 Mar 2018 10:40:47 +0000 (12:40 +0200)]
test: Add missing seven.module in Windows fixtures
Daiki Ueno [Thu, 29 Mar 2018 09:56:30 +0000 (11:56 +0200)]
travis: Use LOG_COMPILER to run tests under wine
Daiki Ueno [Thu, 29 Mar 2018 09:56:18 +0000 (11:56 +0200)]
build: Enable make check with wine
Daiki Ueno [Thu, 29 Mar 2018 08:28:59 +0000 (10:28 +0200)]
common: Fix compilation of runtime.c under mingw
Daiki Ueno [Tue, 27 Mar 2018 13:41:51 +0000 (15:41 +0200)]
test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED
Daiki Ueno [Wed, 7 Mar 2018 14:40:20 +0000 (15:40 +0100)]
test: Add test for error messages
Daiki Ueno [Wed, 28 Mar 2018 05:49:29 +0000 (07:49 +0200)]
test: Use _exit() in child process to immediately close open FDs
Daiki Ueno [Wed, 28 Mar 2018 05:50:30 +0000 (07:50 +0200)]
test: Rewrite test-server.sh in TAP style
Daiki Ueno [Tue, 27 Mar 2018 14:23:12 +0000 (16:23 +0200)]
test: Take advantage of TAP test driver
Daiki Ueno [Tue, 27 Mar 2018 13:19:07 +0000 (15:19 +0200)]
common: Add assert_skip() and assert_todo()
Andreas Metzler [Tue, 27 Feb 2018 18:02:03 +0000 (19:02 +0100)]
test-server.sh: Fix bashism
Daiki Ueno [Tue, 27 Feb 2018 11:32:35 +0000 (12:32 +0100)]
Release 0.23.10
Daiki Ueno [Tue, 27 Feb 2018 11:31:42 +0000 (12:31 +0100)]
maint: Point to the new URLs
Daiki Ueno [Tue, 27 Feb 2018 13:57:45 +0000 (14:57 +0100)]
test-server: Add test for detecting address
Daiki Ueno [Tue, 27 Feb 2018 14:45:57 +0000 (15:45 +0100)]
test-server: Fix compilation error on FreeBSD
Daiki Ueno [Tue, 27 Feb 2018 13:56:33 +0000 (14:56 +0100)]
common, client: Move runtime directory detection to libp11-common
Daiki Ueno [Tue, 27 Feb 2018 13:57:20 +0000 (14:57 +0100)]
common: Make p11_test_directory_delete() work recursively
Daiki Ueno [Tue, 27 Feb 2018 15:05:41 +0000 (16:05 +0100)]
test: Improve temporary directory handling
Daiki Ueno [Mon, 5 Feb 2018 10:10:01 +0000 (11:10 +0100)]
p11_kit_remote_serve_tokens: Read "write-protected" setting from URI