]> granicus.if.org Git - p11-kit/log
p11-kit
5 years agoFix RPC calls: ATTRIBUTE buf not null but length 0 master
Vincent JARDIN [Tue, 22 Oct 2019 21:44:44 +0000 (23:44 +0200)]
Fix RPC calls: ATTRIBUTE buf not null but length 0

Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill then buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.

See the previous commit for IN_ULONG_BUFFER(). This patch is
follow a similar design pattern.

Fix: issue #257

5 years agoFix RPC calls: BYTE buffer not null and length 0
Vincent JARDIN [Tue, 22 Oct 2019 20:50:45 +0000 (22:50 +0200)]
Fix RPC calls: BYTE buffer not null and length 0

Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.

This current fix is for IN_BYTE_BUFFER(), same
for IN_ATTRIBUTE_BUFFER().

See the previous commit for IN_ULONG_BUFFER(). This patch is
strictly using the same design pattern.

Fix: issue #257

Suggested-by: Daiki Ueno <dueno@redhat.com>
5 years agoFix C_GetSlotList() when length is 0
Vincent JARDIN [Mon, 21 Oct 2019 21:20:37 +0000 (23:20 +0200)]
Fix C_GetSlotList() when length is 0

Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.

This current fix is for IN_ULONG_BUFFER(), same
should be applied for IN_BYTE_BUFFER() and for IN_ATTRIBUTE_BUFFER().

Include a test_no_slots()

Fix: issue #257

Suggested-by: Daiki Ueno <dueno@redhat.com>
5 years agotest-proxy: Implement reproducer for bad prefix list matching
Jakub Jelen [Wed, 23 Oct 2019 16:10:34 +0000 (18:10 +0200)]
test-proxy: Implement reproducer for bad prefix list matching

5 years agomodules: Implement correct search in list
Jakub Jelen [Wed, 23 Oct 2019 12:51:41 +0000 (14:51 +0200)]
modules: Implement correct search in list

The current version of matching was failing, when the list contained
also a searched string with some suffix, for example, when we ran from
p11-kit and the p11-kit-proxy was first in the list and p11-kit later,
it was not matched, because the test did not find a separator after
the first match, decided that it does not match and did not try further.

example program p11-kit
example enable-in: p11-kit-proxy,p11-kit

5 years agoautotools: Fix bash-completion installation
Daiki Ueno [Wed, 23 Oct 2019 09:01:49 +0000 (11:01 +0200)]
autotools: Fix bash-completion installation

5 years agoInstall bash completion in the CI
Jakub Jelen [Tue, 22 Oct 2019 11:14:29 +0000 (13:14 +0200)]
Install bash completion in the CI

5 years agoAdd simple bash completion for provided commands
Jakub Jelen [Mon, 21 Oct 2019 15:13:04 +0000 (17:13 +0200)]
Add simple bash completion for provided commands

5 years agoconfigure: Fix typo to avoid errors during configure
Jakub Jelen [Tue, 22 Oct 2019 08:25:00 +0000 (10:25 +0200)]
configure: Fix typo to avoid errors during configure

5 years agocommon: add Russian PKCS#11 extensions to pkcs11x.h header
Dmitry Eremin-Solenikov [Mon, 7 Oct 2019 13:17:53 +0000 (16:17 +0300)]
common: add Russian PKCS#11 extensions to pkcs11x.h header

Add values defined to support Russian GOST cryptography to pkcs11x.h
header.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
5 years agoautotools: Add more files from meson build in distribution
Daiki Ueno [Mon, 30 Sep 2019 13:38:01 +0000 (15:38 +0200)]
autotools: Add more files from meson build in distribution

5 years agoautotools: Add more files from meson build in distribution 0.23.18.1
Daiki Ueno [Mon, 30 Sep 2019 12:57:59 +0000 (14:57 +0200)]
autotools: Add more files from meson build in distribution

5 years agobuild: Fix 'make distcheck' 0.23.18
Daiki Ueno [Mon, 30 Sep 2019 11:44:44 +0000 (13:44 +0200)]
build: Fix 'make distcheck'

5 years agoRelease 0.23.18
Daiki Ueno [Mon, 30 Sep 2019 11:07:21 +0000 (13:07 +0200)]
Release 0.23.18

5 years agorpc: Allow empty CK_DATE value
Daiki Ueno [Wed, 25 Sep 2019 13:41:04 +0000 (15:41 +0200)]
rpc: Allow empty CK_DATE value

Unlike other data types, CK_DATE value may be empty (and that is the
default).  Treat it as a valid value and serialize/deserialize
accordingly.

Reported by Vincent JARDIN in:
https://github.com/p11-glue/p11-kit/issues/244

5 years agobuild: Fix undefined behavior in left shift
Daiki Ueno [Wed, 18 Sep 2019 13:11:06 +0000 (15:11 +0200)]
build: Fix undefined behavior in left shift

Spotted by UBSan.

5 years agoautotools: Use symbol versioning if possible
Daiki Ueno [Wed, 11 Sep 2019 10:05:15 +0000 (12:05 +0200)]
autotools: Use symbol versioning if possible

The meson build already using it for:
https://github.com/mesonbuild/meson/issues/3047

Suggested by Jan Alexander Steffens

5 years agobuild: Import ld-version-script.m4 from gnulib
Daiki Ueno [Wed, 11 Sep 2019 14:41:03 +0000 (16:41 +0200)]
build: Import ld-version-script.m4 from gnulib

5 years agobuild: Add meson files in autotools distribution
Daiki Ueno [Tue, 10 Sep 2019 07:40:05 +0000 (09:40 +0200)]
build: Add meson files in autotools distribution

5 years agotravis: Run ninja install as root
Daiki Ueno [Fri, 13 Sep 2019 09:01:34 +0000 (11:01 +0200)]
travis: Run ninja install as root

This is to avoid meson calling pkexec, which doesn't work inside docker.

5 years agomeson: Add missing prefix to system path defines
Jan Alexander Steffens (heftig) [Tue, 10 Sep 2019 20:27:44 +0000 (20:27 +0000)]
meson: Add missing prefix to system path defines

5 years agomeson: Install p11-kit-server units
Jan Alexander Steffens (heftig) [Tue, 10 Sep 2019 18:08:25 +0000 (18:08 +0000)]
meson: Install p11-kit-server units

5 years agomeson: Build and install man pages
Jan Alexander Steffens (heftig) [Tue, 10 Sep 2019 18:08:25 +0000 (18:08 +0000)]
meson: Build and install man pages

5 years agomeson: Don't prefix p11_user_config
Jan Alexander Steffens (heftig) [Tue, 10 Sep 2019 18:08:25 +0000 (18:08 +0000)]
meson: Don't prefix p11_user_config

5 years agomeson: PKCS#11 modules should only export C_GetFunctionList
Jan Alexander Steffens (heftig) [Tue, 10 Sep 2019 18:08:25 +0000 (18:08 +0000)]
meson: PKCS#11 modules should only export C_GetFunctionList

5 years agomeson: Install p11-kit-client module
Jan Alexander Steffens (heftig) [Tue, 10 Sep 2019 18:08:25 +0000 (18:08 +0000)]
meson: Install p11-kit-client module

5 years agomeson: Fix dictionary syntax
Daiki Ueno [Mon, 9 Sep 2019 15:22:27 +0000 (17:22 +0200)]
meson: Fix dictionary syntax

Reported by Jan Alexander Steffens.

5 years agoRelease 0.23.17 0.23.17
Daiki Ueno [Mon, 9 Sep 2019 07:46:51 +0000 (09:46 +0200)]
Release 0.23.17

5 years agouri: Supress cppcheck false-positive
Daiki Ueno [Mon, 9 Sep 2019 10:44:36 +0000 (12:44 +0200)]
uri: Supress cppcheck false-positive

5 years agouri: Check return value of insert_attribute
Daiki Ueno [Mon, 9 Sep 2019 08:26:52 +0000 (10:26 +0200)]
uri: Check return value of insert_attribute

5 years agomeson: Update project version
Daiki Ueno [Mon, 9 Sep 2019 07:38:29 +0000 (09:38 +0200)]
meson: Update project version

5 years agobuild: Fix typo in checking program_invocation_short_name decl
Daiki Ueno [Sun, 7 Jul 2019 17:56:52 +0000 (19:56 +0200)]
build: Fix typo in checking program_invocation_short_name decl

The decl should be in errno.h, not error.h.

5 years agocommon: Fix uClibc-ng compilation
Rosen Penev [Mon, 1 Jul 2019 20:33:12 +0000 (13:33 -0700)]
common: Fix uClibc-ng compilation

program_invocation_short_name is const under uClibc-ng.

5 years agotrust: do not allow daylight to invalidate date validation
Alon Bar-Lev [Mon, 1 Jul 2019 10:38:25 +0000 (13:38 +0300)]
trust: do not allow daylight to invalidate date validation

Issue: 235
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
5 years agobuild: Declare dependency chain between static libs in common
Daiki Ueno [Wed, 19 Jun 2019 13:36:18 +0000 (15:36 +0200)]
build: Declare dependency chain between static libs in common

In common/ there are sub-libraries namely libp11-common.a,
libp11-library.a, libp11-tool.a, and libp11-test.a.

All the latter 3 libs use the symbols from libp11-common.a, it would
make sense to declare a dependency against it.

5 years agobuild: Make threads dependency more explicit
Daiki Ueno [Wed, 19 Jun 2019 13:31:32 +0000 (15:31 +0200)]
build: Make threads dependency more explicit

5 years ago.travis.yml: Use meson for building
Daiki Ueno [Sun, 2 Jun 2019 08:28:53 +0000 (10:28 +0200)]
.travis.yml: Use meson for building

5 years agobuild: Add meson build support
Daiki Ueno [Wed, 15 May 2019 11:09:25 +0000 (13:09 +0200)]
build: Add meson build support

This adds support for meson as an alternative build system.

5 years agotrust: Fix mismatched return values
Daiki Ueno [Sat, 1 Jun 2019 12:08:41 +0000 (14:08 +0200)]
trust: Fix mismatched return values

5 years agopo: Remove en@{,bold}quot from LINGUAS
Daiki Ueno [Sun, 2 Jun 2019 11:20:50 +0000 (13:20 +0200)]
po: Remove en@{,bold}quot from LINGUAS

5 years agobuild: Don't hardcode module path
Daiki Ueno [Sat, 1 Jun 2019 10:54:49 +0000 (12:54 +0200)]
build: Don't hardcode module path

5 years agobuild: Move check_PROGRAMS into subdirectories
Daiki Ueno [Sat, 1 Jun 2019 10:51:39 +0000 (12:51 +0200)]
build: Move check_PROGRAMS into subdirectories

5 years agotests: Add tmpdir argument to p11_test_copy_setgid
Daiki Ueno [Sat, 1 Jun 2019 07:17:00 +0000 (09:17 +0200)]
tests: Add tmpdir argument to p11_test_copy_setgid

To prevent BUILDDIR being embedded in the library.

5 years agotests: Fix memleaks in test-jks.c
Daiki Ueno [Sun, 16 Jun 2019 09:37:26 +0000 (11:37 +0200)]
tests: Fix memleaks in test-jks.c

5 years agotests: Skip tests calling getauxval(AT_SECURE) if binary is on /tmp
Daiki Ueno [Mon, 3 Jun 2019 01:33:05 +0000 (03:33 +0200)]
tests: Skip tests calling getauxval(AT_SECURE) if binary is on /tmp

5 years agotests: Fix temp file permission before deleting
Daiki Ueno [Sun, 16 Jun 2019 09:06:35 +0000 (11:06 +0200)]
tests: Fix temp file permission before deleting

On mingw64/wine, unlink fails if the file has no write bit.

5 years agotests: Don't assume / is not writable on Windows in test-token.c
Daiki Ueno [Mon, 17 Jun 2019 09:50:22 +0000 (11:50 +0200)]
tests: Don't assume / is not writable on Windows in test-token.c

5 years agoconf: Skip root UID check on Windows
Daiki Ueno [Sat, 15 Jun 2019 08:31:25 +0000 (10:31 +0200)]
conf: Skip root UID check on Windows

5 years agovirtual: Rename virtual-fixed.c to virtual-fixed-generated.h
Daiki Ueno [Mon, 20 May 2019 16:16:40 +0000 (18:16 +0200)]
virtual: Rename virtual-fixed.c to virtual-fixed-generated.h

Previously the generated .c file was included in another source file,
which is not supported in some build systems (e.g., meson).

5 years agocommon: Make issetugid check simpler
Daiki Ueno [Mon, 3 Jun 2019 09:28:58 +0000 (11:28 +0200)]
common: Make issetugid check simpler

5 years agocommon: Fix vasprintf emulation
Daiki Ueno [Sun, 2 Jun 2019 08:17:22 +0000 (10:17 +0200)]
common: Fix vasprintf emulation

va_list must be saved when calling vsnprintf() in a loop.

5 years agorpc: On UNIX wait on condition variable instead of FD if header is for a different...
Simon Haggett [Thu, 13 Jun 2019 16:00:17 +0000 (17:00 +0100)]
rpc: On UNIX wait on condition variable instead of FD if header is for a different thread.

If rpc_socket_read() receives a header for a different thread, it tries to yield by
releasing the read mutex and waiting on the socket's read FD. On Linux systems, this has
been observed to cause a performance problem in cases where multiple threads are being
used. Threads expecting a different header can rapidly unlock and relock the read mutex,
as they resume when sock->read_code hasn't changed. This can result in contention on the
read mutex, which delays the thread that is expecting to consume the header.

This fix updates rpc_socket_read() on UNIX to wait on a condition variable instead of the
socket's read FD. The condition variable is signalled when sock->read_code changes. This
allows waiting threads to only resume once the header and payload have been consumed by
their target thread. This fix only targets UNIX platforms, as the Windows version that
p11-kit targets by default (Windows 2000) does not provide support for condition
variables.

Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
5 years agotests: Avoid uninitialized value in test-proxy.c 0.23.16.1
Daiki Ueno [Thu, 23 May 2019 11:21:17 +0000 (13:21 +0200)]
tests: Avoid uninitialized value in test-proxy.c

5 years agobuild: Suppress compiler warning 0.23.16
Daiki Ueno [Wed, 22 May 2019 14:10:01 +0000 (16:10 +0200)]
build: Suppress compiler warning

Remove unused "global" variable.

5 years agodoc: Add 'server' command in help
Raphael Medaer [Wed, 22 May 2019 13:14:53 +0000 (15:14 +0200)]
doc: Add 'server' command in help

'server' is the last common command which is not in CLI help.
IMHO, adding this small documentation could help to promote usage of
pkcs11 forwarding.

5 years agoRelease 0.23.16
Daiki Ueno [Wed, 22 May 2019 08:17:32 +0000 (10:17 +0200)]
Release 0.23.16

5 years agoproxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified
Daiki Ueno [Thu, 16 May 2019 14:52:37 +0000 (16:52 +0200)]
proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified

While fully implementing C_WaitForSlotEvent() would require a separate
thread to monitor events, it is straightforward to implement the
function if the CKF_DONT_BLOCK flag is given.

Suggested by David Ward.

5 years agoconf: Ignore user configuration if the program is running as root
Daiki Ueno [Fri, 17 May 2019 11:49:34 +0000 (13:49 +0200)]
conf: Ignore user configuration if the program is running as root

Suggested by Bastien Nocera:
https://bugzilla.redhat.com/show_bug.cgi?id=1688583

5 years agoproxy: Refresh slot list on every C_GetSlotList call
Daiki Ueno [Wed, 15 May 2019 14:17:43 +0000 (16:17 +0200)]
proxy: Refresh slot list on every C_GetSlotList call

Previously, the proxy module calculated the slot list only once at the
C_Initialize() call.  That was causing a usability limitation when the
user attaches HSM after starting an application.

Suggested by David Ward.

5 years agomodules: Fix index used in call to p11_dict_remove()
Simon Haggett [Tue, 12 Mar 2019 11:26:20 +0000 (11:26 +0000)]
modules: Fix index used in call to p11_dict_remove()

This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use
the correct index in the stolen array (i, rather than at). This avoids an
assert, which was encountered on a host serving a PKCS#11 module to a remote
Linux client.

Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
5 years agoFix Win32 p11_dl_error crash
Tom Sutcliffe [Sat, 9 Mar 2019 13:41:22 +0000 (13:41 +0000)]
Fix Win32 p11_dl_error crash

Caused by returning a buffer that wasn't allocated with malloc and
needed to be freed with LocalFree() instead. The fix is to strdup
msg_buf so what's returned can be free()d.

5 years agomodules: check gl.modules before iterates on it when freeing
Stefano Garzarella [Wed, 27 Feb 2019 11:25:20 +0000 (12:25 +0100)]
modules: check gl.modules before iterates on it when freeing

In some circumstances, as described in the BZ, can happen that
free_modules_when_no_refs_unlocked() is called multiple times
when the module destructor is invoked.
We should check gl.modules before iterates on it in the
free_modules_when_no_refs_unlocked() functions, to avoid
a SIGSEGV.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963

5 years agotrust: Ignore unreadable content in anchors
Daiki Ueno [Mon, 18 Feb 2019 13:53:49 +0000 (14:53 +0100)]
trust: Ignore unreadable content in anchors

This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f.  Instead of
failing C_FindObjectsInit, treat any errors internally and accumulates
the successfully loaded certificates.

Reported by Andrej Kvasnica in:
https://bugzilla.redhat.com/show_bug.cgi?id=1675441

5 years agoextract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH
Daiki Ueno [Mon, 28 Jan 2019 12:03:15 +0000 (13:03 +0100)]
extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH

Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so
that the test results are not affected by the envvar settings.

5 years agoRelease 0.23.15 0.23.15
Daiki Ueno [Mon, 14 Jan 2019 16:31:58 +0000 (17:31 +0100)]
Release 0.23.15

5 years agopem: Fix assert condition
Daiki Ueno [Fri, 11 Jan 2019 09:35:16 +0000 (10:35 +0100)]
pem: Fix assert condition

If the PEM header is "-----BEGIN -----", *type should be an empty
string and the parser shouldn't fail.  Reported by Han Han in:
https://bugzilla.redhat.com/show_bug.cgi?id=1665172

5 years agotest: Add test that exercises duplicated certs in JKS
Daiki Ueno [Wed, 9 Jan 2019 14:44:48 +0000 (15:44 +0100)]
test: Add test that exercises duplicated certs in JKS

5 years agotrust: Fix alias generation in JKS extractor
Daiki Ueno [Wed, 9 Jan 2019 12:58:30 +0000 (13:58 +0100)]
trust: Fix alias generation in JKS extractor

When there is a duplicate, the JKS extractor previously assigned
somewhat obscure name "-<digit>" (not "<name>-<digit>").

5 years agotrust: Continue parsing if the file cannot be read as persist format
Daiki Ueno [Tue, 25 Dec 2018 07:32:19 +0000 (08:32 +0100)]
trust: Continue parsing if the file cannot be read as persist format

A corrupted file that contains "[p11-kit-object-v1]" can be a valid
PEM certs file.  Continue with the next format if it cannot be read as
a persistent format.

5 years agotrust: p11_token_load: Treat parse error as failure
Daiki Ueno [Tue, 25 Dec 2018 06:38:26 +0000 (07:38 +0100)]
trust: p11_token_load: Treat parse error as failure

Those conditions can happen when the trust file is corrupted, so it
makes more sense to treat them as a failure instead of programmer
error.

5 years agotrust: Fail if trust anchors are not loaded from a file
Daiki Ueno [Tue, 25 Dec 2018 06:32:01 +0000 (07:32 +0100)]
trust: Fail if trust anchors are not loaded from a file

If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.

5 years agotrust: Propagate library verbosity to module through init_args
Daiki Ueno [Sun, 23 Dec 2018 13:11:00 +0000 (14:11 +0100)]
trust: Propagate library verbosity to module through init_args

Previously, even when the -v option is used with the 'trust' command,
the messages from p11-kit-trust.so module were suppressed because the
verbosity setting is not propagated to the module.

5 years agobuild: Fix typo spotted by codespell
Daiki Ueno [Sat, 29 Dec 2018 07:09:50 +0000 (08:09 +0100)]
build: Fix typo spotted by codespell

6 years agodoc: Make log-calls match the rest of the document style
Jakub Jelen [Thu, 6 Dec 2018 14:55:04 +0000 (15:55 +0100)]
doc: Make log-calls match the rest of the document style

6 years agobuild: Simplify assertions
Daiki Ueno [Fri, 23 Nov 2018 06:47:30 +0000 (07:47 +0100)]
build: Simplify assertions

Let it leak memory when we assert, so not to confuse static analyzers
as if this is the normal case.

6 years agotravis: Add cppcheck profile
Daiki Ueno [Thu, 22 Nov 2018 16:19:21 +0000 (17:19 +0100)]
travis: Add cppcheck profile

6 years agotravis: Allow profile override
Daiki Ueno [Thu, 22 Nov 2018 16:14:35 +0000 (17:14 +0100)]
travis: Allow profile override

6 years agobuild: Suppress cppcheck errors
Daiki Ueno [Thu, 22 Nov 2018 15:19:52 +0000 (16:19 +0100)]
build: Suppress cppcheck errors

6 years agotests: Ensure p11_proxy_module_cleanup is called
Daiki Ueno [Mon, 22 Oct 2018 04:05:00 +0000 (06:05 +0200)]
tests: Ensure p11_proxy_module_cleanup is called

Reported and suggested in #197.

6 years agourl: Prefer upper-case letters in hex characters when encoding
Daiki Ueno [Mon, 15 Oct 2018 12:57:16 +0000 (14:57 +0200)]
url: Prefer upper-case letters in hex characters when encoding

This makes it more compliant with RFC 3986, where the use of
upper-case letters is recommended (as "SHOULD").

Suggested by Sumit Bose.

6 years agotrust/extract-jks.c: also honor SOURCE_DATE_EPOCH time
Harald Hoyer [Fri, 2 Nov 2018 09:38:43 +0000 (10:38 +0100)]
trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time

For reproducible builds, accept a define timestamp for the java
keystore.

See https://reproducible-builds.org/docs/source-date-epoch/

6 years agobuild: Require pkg.m4 >= 0.29 at bootstrap
Daiki Ueno [Tue, 30 Oct 2018 15:00:12 +0000 (16:00 +0100)]
build: Require pkg.m4 >= 0.29 at bootstrap

6 years agovirtual: Prefer fixed closures to libffi closures
Daiki Ueno [Fri, 19 Oct 2018 08:21:36 +0000 (10:21 +0200)]
virtual: Prefer fixed closures to libffi closures

On some circumstances (such as when loading p11-kit-proxy from httpd),
it is known that creation of libffi closure always fails, due to
SELinux policy.  Although this is harmless, it pollutes the journal
and gives wrong hints when troubleshooting.  This patch changes the
order of preference of libffi vs pre-compiled closures to avoid that.

6 years agotrust: Check index->buckets is allocated on cleanup
Daiki Ueno [Wed, 17 Oct 2018 07:53:46 +0000 (09:53 +0200)]
trust: Check index->buckets is allocated on cleanup

6 years agorpc-server: Check calloc failure
Daiki Ueno [Wed, 17 Oct 2018 07:53:27 +0000 (09:53 +0200)]
rpc-server: Check calloc failure

6 years agotrust: Set umask before calling mkstemp
Daiki Ueno [Tue, 16 Oct 2018 16:20:12 +0000 (18:20 +0200)]
trust: Set umask before calling mkstemp

6 years agoproxy: Fix null dereference when reusing slots
Daiki Ueno [Tue, 16 Oct 2018 16:18:05 +0000 (18:18 +0200)]
proxy: Fix null dereference when reusing slots

6 years agorpc-server: p11_kit_remote_serve_tokens: Fix memleak
Daiki Ueno [Tue, 16 Oct 2018 16:16:51 +0000 (18:16 +0200)]
rpc-server: p11_kit_remote_serve_tokens: Fix memleak

6 years agobuild: Check return value of p11_rpc_buffer_get_uint64
Daiki Ueno [Tue, 16 Oct 2018 16:16:12 +0000 (18:16 +0200)]
build: Check return value of p11_rpc_buffer_get_uint64

6 years agobuild: Check return value of p11_dict_set
Daiki Ueno [Tue, 16 Oct 2018 16:14:46 +0000 (18:14 +0200)]
build: Check return value of p11_dict_set

6 years agobuild: Free memory before return{,_val}_if_* macros
Daiki Ueno [Tue, 16 Oct 2018 16:10:05 +0000 (18:10 +0200)]
build: Free memory before return{,_val}_if_* macros

6 years agobuild: Call va_end() always when leaving the function
Daiki Ueno [Tue, 16 Oct 2018 16:06:56 +0000 (18:06 +0200)]
build: Call va_end() always when leaving the function

6 years agodebug: Work around cppcheck false-positives
Daiki Ueno [Tue, 16 Oct 2018 16:05:10 +0000 (18:05 +0200)]
debug: Work around cppcheck false-positives

https://trac.cppcheck.net/ticket/8794

6 years agocommon: use /proc only on Linux
Leonardo Brondani Schenkel [Mon, 28 May 2018 14:18:05 +0000 (16:18 +0200)]
common: use /proc only on Linux

Non-Linux systems do not have /proc, so do not attempt to open it and
eliminate an unnecessary access() syscall on those systems.

6 years agopkcs11: Don't redefine CKM_CAMELLIA_KEY_GEN
Daiki Ueno [Fri, 31 Aug 2018 08:25:26 +0000 (10:25 +0200)]
pkcs11: Don't redefine CKM_CAMELLIA_KEY_GEN

Also reorder the CKM_CAMELLIA_* definitions.

6 years agoRelease 0.23.14 0.23.14
Daiki Ueno [Tue, 28 Aug 2018 13:33:32 +0000 (15:33 +0200)]
Release 0.23.14

6 years agovirtual: Tighten error handling when fixed closures are exhausted
Daiki Ueno [Wed, 22 Aug 2018 11:47:03 +0000 (13:47 +0200)]
virtual: Tighten error handling when fixed closures are exhausted

6 years agovirtual: Don't be too loud about recoverable failure
Daiki Ueno [Wed, 22 Aug 2018 11:41:38 +0000 (13:41 +0200)]
virtual: Don't be too loud about recoverable failure

6 years agotrust: Factor out module initialization into separate file
Daiki Ueno [Fri, 24 Aug 2018 15:42:16 +0000 (17:42 +0200)]
trust: Factor out module initialization into separate file

This prevents double call to p11_library_init() in test-module.c, once
from the ELF constructor, and secondly from the test itself.

6 years agocommon: Factor out common initializer code into a header
Daiki Ueno [Mon, 27 Aug 2018 10:57:51 +0000 (12:57 +0200)]
common: Factor out common initializer code into a header