p11-kit
6 years agovirtual: Tighten error handling when fixed closures are exhausted
Daiki Ueno [Wed, 22 Aug 2018 11:47:03 +0000 (13:47 +0200)]
virtual: Tighten error handling when fixed closures are exhausted

6 years agovirtual: Don't be too loud about recoverable failure
Daiki Ueno [Wed, 22 Aug 2018 11:41:38 +0000 (13:41 +0200)]
virtual: Don't be too loud about recoverable failure

6 years agotrust: Factor out module initialization into separate file
Daiki Ueno [Fri, 24 Aug 2018 15:42:16 +0000 (17:42 +0200)]
trust: Factor out module initialization into separate file

This prevents double call to p11_library_init() in test-module.c, once
from the ELF constructor, and secondly from the test itself.

6 years agocommon: Factor out common initializer code into a header
Daiki Ueno [Mon, 27 Aug 2018 10:57:51 +0000 (12:57 +0200)]
common: Factor out common initializer code into a header

6 years agotravis: Manually install cpp-coveralls
Daiki Ueno [Fri, 24 Aug 2018 15:10:20 +0000 (17:10 +0200)]
travis: Manually install cpp-coveralls

To accommodate the gcov format change in gcc 8.1:
https://github.com/eddyxu/cpp-coveralls/pull/127
which is not yet available in the pip version.

6 years agotravis: Check valgrind exit code more strictly
Daiki Ueno [Thu, 23 Aug 2018 16:39:14 +0000 (18:39 +0200)]
travis: Check valgrind exit code more strictly

6 years agoREADME.md: Add CII Best Practices badge
Daiki Ueno [Tue, 21 Aug 2018 10:48:26 +0000 (12:48 +0200)]
README.md: Add CII Best Practices badge

6 years agoREADME.md: Mention contact method for security issues
Daiki Ueno [Tue, 21 Aug 2018 09:32:47 +0000 (11:32 +0200)]
README.md: Mention contact method for security issues

6 years agoRevert "build: Explicitly link threaded test programs to libpthread"
Daiki Ueno [Fri, 17 Aug 2018 10:34:08 +0000 (12:34 +0200)]
Revert "build: Explicitly link threaded test programs to libpthread"

This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.

6 years agoRevert "build: Stop linking the library with libpthread when possible"
Daiki Ueno [Fri, 17 Aug 2018 10:29:28 +0000 (12:29 +0200)]
Revert "build: Stop linking the library with libpthread when possible"

This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222.

6 years agoRevert "common: Prefer __register_atfork() to pthread_atfork() if possible"
Daiki Ueno [Fri, 17 Aug 2018 10:29:15 +0000 (12:29 +0200)]
Revert "common: Prefer __register_atfork() to pthread_atfork() if possible"

This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8.

6 years agoRevert "build: Link to libpthread, if pthread_atfork() needs to be used"
Daiki Ueno [Fri, 17 Aug 2018 10:29:03 +0000 (12:29 +0200)]
Revert "build: Link to libpthread, if pthread_atfork() needs to be used"

This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496.

6 years agoUpdate pkcs11 header to allow SoftHSMv2 to compile
Alexander Bokovoy [Tue, 14 Aug 2018 08:49:08 +0000 (11:49 +0300)]
Update pkcs11 header to allow SoftHSMv2 to compile

Replace vendor-specific values with the IDs from PKCS11 v3.0 for those
constants that were already standardized.

6 years agotravis: Check that proxy module can be loaded and unloaded
Daiki Ueno [Mon, 13 Aug 2018 13:25:10 +0000 (15:25 +0200)]
travis: Check that proxy module can be loaded and unloaded

6 years agoproxy: Avoid invalid memory access when unloading proxy module
Daiki Ueno [Mon, 13 Aug 2018 13:23:03 +0000 (15:23 +0200)]
proxy: Avoid invalid memory access when unloading proxy module

When loading and unloading p11-kit-proxy.so with pkcs11-tool, it
accesses already free'd memory area:

$ valgrind pkcs11-tool --module p11-kit-proxy.so -L
==25173== Invalid read of size 8
==25173==    at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724)
==25173==    by 0x64BD028: _p11_kit_fini (proxy-init.c:65)
==25173==    by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so)
==25173==    by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so)
==25173==    by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so)
==25173==    by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so)
==25173==    by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so)
==25173==    by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so)
==25173==    by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool)
==25173==    by 0x110023: ??? (in /usr/bin/pkcs11-tool)
==25173==    by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so)
==25173==  Address 0x61231c8 is 552 bytes inside a block of size 584 free'd
==25173==    at 0x4C2FDAC: free (vg_replace_malloc.c:530)
==25173==    by 0x6548492: p11_virtual_unwrap (virtual.c:2902)
==25173==    by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)

6 years agobuild: Link to libpthread, if pthread_atfork() needs to be used 0.23.13
Daiki Ueno [Fri, 10 Aug 2018 14:45:07 +0000 (16:45 +0200)]
build: Link to libpthread, if pthread_atfork() needs to be used

On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is
provided as a nop and our fork detection mechanism doesn't work.  Pull
in the actual implementation from libpthread in that case.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
6 years agobuild: Don't install systemd unit files when "make distcheck"
Daiki Ueno [Fri, 10 Aug 2018 12:26:26 +0000 (14:26 +0200)]
build: Don't install systemd unit files when "make distcheck"

6 years agoRelease 0.23.13
Daiki Ueno [Fri, 10 Aug 2018 10:59:50 +0000 (12:59 +0200)]
Release 0.23.13

6 years agocommon: Prefer __register_atfork() to pthread_atfork() if possible
Daiki Ueno [Thu, 9 Aug 2018 15:45:37 +0000 (17:45 +0200)]
common: Prefer __register_atfork() to pthread_atfork() if possible

6 years agobuild: Stop linking the library with libpthread when possible
Daiki Ueno [Fri, 13 Jul 2018 06:37:34 +0000 (08:37 +0200)]
build: Stop linking the library with libpthread when possible

6 years agocommon: Use thread-local storage class when possible
Daiki Ueno [Fri, 20 Jul 2018 09:43:15 +0000 (11:43 +0200)]
common: Use thread-local storage class when possible

This eliminates the unconditional use of pthread_{get,set}specific()
and pthread_key_{create,delete}(), which glibc doesn't provide the stubs.

6 years agobuild: Explicitly link threaded test programs to libpthread
Daiki Ueno [Fri, 20 Jul 2018 11:22:14 +0000 (13:22 +0200)]
build: Explicitly link threaded test programs to libpthread

Some test programs use pthread_create(), which glibc doesn't provide
the stub.  Link those programs with -lpthread.

6 years agocommon, p11-kit, trust: Use pthread_once only when necessary
Daiki Ueno [Fri, 20 Jul 2018 11:11:36 +0000 (13:11 +0200)]
common, p11-kit, trust: Use pthread_once only when necessary

If the ELF constructor is usable, we don't really need the once-init
function because it is guaranteed that the code runs only once in the
constructor.

6 years agocommon: Use static mutex initializer when possible
Daiki Ueno [Fri, 20 Jul 2018 09:24:48 +0000 (11:24 +0200)]
common: Use static mutex initializer when possible

This eliminates the use of pthread_mutexattr_* functions, which glibc
doesn't provide the stubs.

6 years agoserver: Avoid FD leak in error cases
Daiki Ueno [Wed, 1 Aug 2018 13:24:20 +0000 (15:24 +0200)]
server: Avoid FD leak in error cases

Spotted by coverity.

6 years agotrust: Clarify C_Login behavior that returns an error
Daiki Ueno [Thu, 19 Jul 2018 09:01:31 +0000 (11:01 +0200)]
trust: Clarify C_Login behavior that returns an error

6 years agoproxy: Fail early if there is no slot mappings
Daiki Ueno [Tue, 10 Jul 2018 14:57:07 +0000 (16:57 +0200)]
proxy: Fail early if there is no slot mappings

6 years agotravis: Install pip for coveralls
Daiki Ueno [Mon, 9 Jul 2018 16:18:02 +0000 (18:18 +0200)]
travis: Install pip for coveralls

6 years agorpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules
Daiki Ueno [Wed, 27 Jun 2018 14:31:54 +0000 (16:31 +0200)]
rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules

This patch removes the restriction of p11_kit_remote_serve_tokens()
that were not capable of serving tokens across multiple modules.

6 years agobuild: Use separate p11-kit-{remote,server} executable for testing
Daiki Ueno [Wed, 27 Jun 2018 09:22:44 +0000 (11:22 +0200)]
build: Use separate p11-kit-{remote,server} executable for testing

Otherwise, the p11-kit-remote program called from p11-kit-server would
load the system modules instead of the local fixtures.

6 years agoproxy: Allow proxy to be created from the library
Daiki Ueno [Mon, 25 Jun 2018 15:17:41 +0000 (17:17 +0200)]
proxy: Allow proxy to be created from the library

Previously, to aggregate multiple modules into one, there was no other
way than loading the proxy module.  From the p11-kit applications,
however, it is not possible to load that module because of the
recursive loading check (p11_proxy_module_check).

This patch adds another means to aggregate modules, through a library
function p11_proxy_module_create.

6 years agoproxy: Turn global variables module local
Daiki Ueno [Mon, 25 Jun 2018 15:09:26 +0000 (17:09 +0200)]
proxy: Turn global variables module local

6 years agobuild: Make reallocarray detection robuster
Daiki Ueno [Fri, 13 Jul 2018 15:39:35 +0000 (17:39 +0200)]
build: Make reallocarray detection robuster

On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is
defined.  Reported by Patrick Welche in:
https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html

6 years agoserver: Enable socket activation through systemd
Daiki Ueno [Wed, 20 Jun 2018 08:43:24 +0000 (10:43 +0200)]
server: Enable socket activation through systemd

This enables socket activation of "p11-kit server" through systemd.
The feature provided is essentially the same as commit
a4fb2bb5 (reverted), but implemented with "p11-kit server" and
libsystemd API instead of wrapping "p11-kit remote" in the unit file.

Note that, while it exposes all tokens through the socket, it doesn't
increase attack surface beyond the PKCS#11 binary interface provided
by p11-kit-proxy.so, because the service is per-user.

6 years agobuild: Ease issetugid() check when cross-compiling
Daiki Ueno [Thu, 31 May 2018 09:02:51 +0000 (11:02 +0200)]
build: Ease issetugid() check when cross-compiling

When cross-compiling, the configure check for issetugid() aborts,
because of the pessimistic default of AC_RUN_IFELSE.  This patch
provides the non-pessimistic default to AC_RUN_IFELSE and wrap the
macro invocation with AC_CACHE_CHECK so that the user can override the
check by setting ac_cv_issetugid_openbsd=yes, as suggested in:
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime

6 years agoRelease 0.23.12 0.23.12
Daiki Ueno [Mon, 28 May 2018 14:07:37 +0000 (16:07 +0200)]
Release 0.23.12

6 years agotravis: Add build scripts for macOS
Daiki Ueno [Tue, 29 May 2018 11:29:51 +0000 (13:29 +0200)]
travis: Add build scripts for macOS

6 years agotravis: Use matrix
Daiki Ueno [Tue, 29 May 2018 10:37:57 +0000 (12:37 +0200)]
travis: Use matrix

6 years agotest: Avoid unnecessary memory allocation
Daiki Ueno [Tue, 29 May 2018 14:35:05 +0000 (16:35 +0200)]
test: Avoid unnecessary memory allocation

6 years agocommon: Fix runtime directory detection when given prefix is long
Daiki Ueno [Tue, 29 May 2018 14:37:07 +0000 (16:37 +0200)]
common: Fix runtime directory detection when given prefix is long

6 years agocommon: Don't rely on issetugid() when it is broken
Daiki Ueno [Tue, 29 May 2018 14:30:35 +0000 (16:30 +0200)]
common: Don't rely on issetugid() when it is broken

On macOS and FreeBSD, issetugid() has different semantics from the
original OpenBSD implementation and cannot reliably detect if the
process made setuid/setgid:
https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e

This should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=67451
https://bugs.freedesktop.org/show_bug.cgi?id=100287

6 years agobuild: Don't use locale funcs if locale_t is not defined in locale.h
Daiki Ueno [Mon, 28 May 2018 11:33:32 +0000 (13:33 +0200)]
build: Don't use locale funcs if locale_t is not defined in locale.h

On macOS, locale_t is not defined in <locale.h>.  Although it is
defined in <xlocale.h>, we rather not use locales at all for POSIX
compliance.

6 years agopkcs11: Exercise GNU calling convention at compile time
Daiki Ueno [Mon, 28 May 2018 10:54:39 +0000 (12:54 +0200)]
pkcs11: Exercise GNU calling convention at compile time

6 years agobuild: Simplify README inclusion 0.23.11
Daiki Ueno [Fri, 25 May 2018 14:16:23 +0000 (16:16 +0200)]
build: Simplify README inclusion

Use symlink in the repository, instead of copying.

6 years agoNEWS: Mention latest changes
Daiki Ueno [Thu, 24 May 2018 08:06:38 +0000 (10:06 +0200)]
NEWS: Mention latest changes

6 years agobuild: Delay building mock-six.la until "make check"
Daiki Ueno [Fri, 25 May 2018 01:20:51 +0000 (03:20 +0200)]
build: Delay building mock-six.la until "make check"

6 years agobuild: Include README in the distribution
Daiki Ueno [Thu, 24 May 2018 14:30:43 +0000 (16:30 +0200)]
build: Include README in the distribution

As we removed README from the repository, it is no longer
automatically picked up for the distribution by Automake.

6 years agobuild: Fix ChangeLog generation
Daiki Ueno [Thu, 24 May 2018 14:29:37 +0000 (16:29 +0200)]
build: Fix ChangeLog generation

6 years agobuild: Remove obsolete upload rules
Daiki Ueno [Thu, 24 May 2018 08:03:51 +0000 (10:03 +0200)]
build: Remove obsolete upload rules

6 years agobuild: Include p11-kit/test-messages.sh in distribution
Daiki Ueno [Thu, 24 May 2018 08:02:31 +0000 (10:02 +0200)]
build: Include p11-kit/test-messages.sh in distribution

6 years agouri: Make scheme comparison case-insensitive
Daiki Ueno [Thu, 24 May 2018 09:12:21 +0000 (11:12 +0200)]
uri: Make scheme comparison case-insensitive

RFC 3986 suggests that implementations should accept uppercase letters
as equivalent to lowercase in scheme names.

6 years agocommon: Make case conversion locale independent
Daiki Ueno [Thu, 24 May 2018 09:01:33 +0000 (11:01 +0200)]
common: Make case conversion locale independent

The tolower()/toupper() functions take into account of the current
locale settings, which p11-kit doesn't want.  Add replacement
functions that work as if they are called under the C locale.

6 years agoImprove const correctness for P11KitUri
Nathaniel McCallum [Mon, 14 May 2018 18:58:56 +0000 (14:58 -0400)]
Improve const correctness for P11KitUri

This does not improve const for the getters. The reason for this is that
they are usually passed into the PKCS#11 APIs directly and these APIs
are not const correct. Trying to force const correctnesss here would
result in pain for library consumers.

This is an API and ABI compatible change.

6 years agoREADME: replace by README.md
Nikos Mavrogiannopoulos [Fri, 18 May 2018 12:24:23 +0000 (14:24 +0200)]
README: replace by README.md

That is, use README.md as primary source to generate README as
README is required by the GNU guidelines. We don't try to convert
to "real" plain text as markdown is readable, and to avoid introducing
another dependency (e.g., pandoc).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
6 years agoNEWS: mark the 0.23 series as stable
Nikos Mavrogiannopoulos [Fri, 18 May 2018 12:20:29 +0000 (14:20 +0200)]
NEWS: mark the 0.23 series as stable

Resolves #80

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
6 years agoREADME.md: added reference to Daiki's key
Nikos Mavrogiannopoulos [Fri, 18 May 2018 12:19:29 +0000 (14:19 +0200)]
README.md: added reference to Daiki's key

Resolves #153

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
6 years agoRelease 0.23.11
Daiki Ueno [Mon, 7 May 2018 08:44:10 +0000 (10:44 +0200)]
Release 0.23.11

6 years agocommon: Pacify clang-analyzer
Daiki Ueno [Mon, 7 May 2018 12:25:57 +0000 (14:25 +0200)]
common: Pacify clang-analyzer

6 years agotrust: Avoid array overflow
Daiki Ueno [Mon, 7 May 2018 09:19:35 +0000 (11:19 +0200)]
trust: Avoid array overflow

6 years agotrust: Don't null terminate PKCS #11 string fields
Daiki Ueno [Mon, 7 May 2018 09:46:43 +0000 (11:46 +0200)]
trust: Don't null terminate PKCS #11 string fields

6 years agoproxy: Don't null terminate PKCS #11 string fields
Daiki Ueno [Mon, 7 May 2018 09:19:10 +0000 (11:19 +0200)]
proxy: Don't null terminate PKCS #11 string fields

6 years agotest: Avoid exceeding maximum pathname length of Unix socket
Daiki Ueno [Thu, 3 May 2018 15:29:40 +0000 (17:29 +0200)]
test: Avoid exceeding maximum pathname length of Unix socket

6 years agolibrary: Use dedicated locale object for printing error
Daiki Ueno [Fri, 27 Apr 2018 08:00:52 +0000 (10:00 +0200)]
library: Use dedicated locale object for printing error

6 years agoRevert "build: Check strerror_l() and uselocale() seperately"
Daiki Ueno [Fri, 27 Apr 2018 07:51:59 +0000 (09:51 +0200)]
Revert "build: Check strerror_l() and uselocale() seperately"

This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1.

We should rather use newlocale() when per-thread locale is not set.
Otherwise uselocale() could return LC_GLOBAL_LOCALE on some
platforms (e.g. musl-libc) and calling strerror_l() with it leads to
an undefined behavior.

6 years agobuild: Check strerror_l() and uselocale() seperately
Daiki Ueno [Thu, 19 Apr 2018 14:19:28 +0000 (16:19 +0200)]
build: Check strerror_l() and uselocale() seperately

NetBSD deliberately doesn't support per-thread locale and our
thread-safe replacement of strerror() using strerror_l() cannot be
used.  Fallback to strerror_r() in that case.

6 years agotravis: Optimize dnf install invocation
Daiki Ueno [Tue, 10 Apr 2018 15:40:24 +0000 (17:40 +0200)]
travis: Optimize dnf install invocation

6 years agotest: Add installcheck script to test trust module
Daiki Ueno [Tue, 10 Apr 2018 07:47:24 +0000 (09:47 +0200)]
test: Add installcheck script to test trust module

Currently it only checks that "disable-in: p11-kit-proxy" properly
prevents the trust module being loaded by the proxy module.

6 years agotrust: Prevent trust module being loaded by proxy module
Daiki Ueno [Tue, 10 Apr 2018 07:47:19 +0000 (09:47 +0200)]
trust: Prevent trust module being loaded by proxy module

Otherwise, when the proxy module were registerd in NSS database, the
trust module would be loaded twice and degrade search performance.

6 years agotravis: Run "make installcheck"
Daiki Ueno [Tue, 10 Apr 2018 07:47:12 +0000 (09:47 +0200)]
travis: Run "make installcheck"

6 years agotrust: Fix memleak in p11_enumerate_opt_filter
Daiki Ueno [Tue, 10 Apr 2018 07:47:06 +0000 (09:47 +0200)]
trust: Fix memleak in p11_enumerate_opt_filter

p11_kit_iter_add_filter() takes the ownership of given attributes.
Spotted by address sanitizer.

6 years agotest: Factor out common harness from test-extract.in
Daiki Ueno [Tue, 10 Apr 2018 07:46:56 +0000 (09:46 +0200)]
test: Factor out common harness from test-extract.in

6 years agotest: Add test for JKS extractor
Daiki Ueno [Sat, 31 Mar 2018 12:26:52 +0000 (14:26 +0200)]
test: Add test for JKS extractor

Piggybacking commit de963b96, this adds a multi-cert test case for the
Java keystore extractor.

6 years agotest: Add test for p11_attrs_purge()
Daiki Ueno [Thu, 5 Apr 2018 14:03:07 +0000 (16:03 +0200)]
test: Add test for p11_attrs_purge()

6 years agomock-module-ep: Properly override C_GetFunctionList
Daiki Ueno [Thu, 5 Apr 2018 13:11:09 +0000 (15:11 +0200)]
mock-module-ep: Properly override C_GetFunctionList

6 years agomodules: Add option to control module visibility from proxy
Daiki Ueno [Thu, 5 Apr 2018 09:14:39 +0000 (11:14 +0200)]
modules: Add option to control module visibility from proxy

This enables to control whether a module will be loaded from the proxy
module.  The configuration reuses the "enable-in" and "disable-in"
options, with a special literal "p11-kit-proxy" as the value.

6 years agotrust: add unit test for the "edk2-cacerts" extractor
Laszlo Ersek [Thu, 29 Mar 2018 19:32:24 +0000 (21:32 +0200)]
trust: add unit test for the "edk2-cacerts" extractor

Add a multi-cert test case for the edk2 extractor, heavily based on the
"/openssl/test_file_multiple" test case.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
6 years agotrust: implement the "edk2-cacerts" extractor
Laszlo Ersek [Tue, 27 Mar 2018 15:28:11 +0000 (17:28 +0200)]
trust: implement the "edk2-cacerts" extractor

Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST
format that is

- defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object
  per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID),

- and expected by edk2's HttpDxe when it configures the certificate list
  for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the
  TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c").

The intended command line is

  p11-kit extract \
    --format=edk2-cacerts \
    --filter=ca-anchors \
    --overwrite \
    --purpose=server-auth \
    $DEST/edk2/cacerts.bin

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
6 years agotrust: introduce the "edk2-cacerts" extractor skeleton
Laszlo Ersek [Tue, 27 Mar 2018 13:19:06 +0000 (15:19 +0200)]
trust: introduce the "edk2-cacerts" extractor skeleton

Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always
fails, silently.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
6 years agomodules: Fix memleak in re-initialization case
Daiki Ueno [Thu, 29 Mar 2018 13:54:35 +0000 (15:54 +0200)]
modules: Fix memleak in re-initialization case

6 years agoTreat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
Justin King-Lacroix [Sat, 17 Mar 2018 02:37:24 +0000 (19:37 -0700)]
Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly

In p11_kit_modules_initialize(), treat a return code
of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to
CKR_OK.

6 years agotravis: Disallow failure on mingw
Daiki Ueno [Thu, 29 Mar 2018 11:02:39 +0000 (13:02 +0200)]
travis: Disallow failure on mingw

6 years agotest: Add missing seven.module in Windows fixtures
Daiki Ueno [Thu, 29 Mar 2018 10:40:47 +0000 (12:40 +0200)]
test: Add missing seven.module in Windows fixtures

6 years agotravis: Use LOG_COMPILER to run tests under wine
Daiki Ueno [Thu, 29 Mar 2018 09:56:30 +0000 (11:56 +0200)]
travis: Use LOG_COMPILER to run tests under wine

6 years agobuild: Enable make check with wine
Daiki Ueno [Thu, 29 Mar 2018 09:56:18 +0000 (11:56 +0200)]
build: Enable make check with wine

6 years agocommon: Fix compilation of runtime.c under mingw
Daiki Ueno [Thu, 29 Mar 2018 08:28:59 +0000 (10:28 +0200)]
common: Fix compilation of runtime.c under mingw

6 years agotest: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED
Daiki Ueno [Tue, 27 Mar 2018 13:41:51 +0000 (15:41 +0200)]
test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED

6 years agotest: Add test for error messages
Daiki Ueno [Wed, 7 Mar 2018 14:40:20 +0000 (15:40 +0100)]
test: Add test for error messages

6 years agotest: Use _exit() in child process to immediately close open FDs
Daiki Ueno [Wed, 28 Mar 2018 05:49:29 +0000 (07:49 +0200)]
test: Use _exit() in child process to immediately close open FDs

6 years agotest: Rewrite test-server.sh in TAP style
Daiki Ueno [Wed, 28 Mar 2018 05:50:30 +0000 (07:50 +0200)]
test: Rewrite test-server.sh in TAP style

6 years agotest: Take advantage of TAP test driver
Daiki Ueno [Tue, 27 Mar 2018 14:23:12 +0000 (16:23 +0200)]
test: Take advantage of TAP test driver

6 years agocommon: Add assert_skip() and assert_todo()
Daiki Ueno [Tue, 27 Mar 2018 13:19:07 +0000 (15:19 +0200)]
common: Add assert_skip() and assert_todo()

6 years agotest-server.sh: Fix bashism
Andreas Metzler [Tue, 27 Feb 2018 18:02:03 +0000 (19:02 +0100)]
test-server.sh: Fix bashism

6 years agoRelease 0.23.10 0.23.10
Daiki Ueno [Tue, 27 Feb 2018 11:32:35 +0000 (12:32 +0100)]
Release 0.23.10

6 years agomaint: Point to the new URLs
Daiki Ueno [Tue, 27 Feb 2018 11:31:42 +0000 (12:31 +0100)]
maint: Point to the new URLs

6 years agotest-server: Add test for detecting address
Daiki Ueno [Tue, 27 Feb 2018 13:57:45 +0000 (14:57 +0100)]
test-server: Add test for detecting address

6 years agotest-server: Fix compilation error on FreeBSD
Daiki Ueno [Tue, 27 Feb 2018 14:45:57 +0000 (15:45 +0100)]
test-server: Fix compilation error on FreeBSD

6 years agocommon, client: Move runtime directory detection to libp11-common
Daiki Ueno [Tue, 27 Feb 2018 13:56:33 +0000 (14:56 +0100)]
common, client: Move runtime directory detection to libp11-common

6 years agocommon: Make p11_test_directory_delete() work recursively
Daiki Ueno [Tue, 27 Feb 2018 13:57:20 +0000 (14:57 +0100)]
common: Make p11_test_directory_delete() work recursively

6 years agotest: Improve temporary directory handling
Daiki Ueno [Tue, 27 Feb 2018 15:05:41 +0000 (16:05 +0100)]
test: Improve temporary directory handling

6 years agop11_kit_remote_serve_tokens: Read "write-protected" setting from URI
Daiki Ueno [Mon, 5 Feb 2018 10:10:01 +0000 (11:10 +0100)]
p11_kit_remote_serve_tokens: Read "write-protected" setting from URI