Vincent JARDIN [Tue, 22 Oct 2019 21:44:44 +0000 (23:44 +0200)]
Fix RPC calls: ATTRIBUTE buf not null but length 0
Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill then buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.
See the previous commit for IN_ULONG_BUFFER(). This patch is
follow a similar design pattern.
Vincent JARDIN [Tue, 22 Oct 2019 20:50:45 +0000 (22:50 +0200)]
Fix RPC calls: BYTE buffer not null and length 0
Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.
This current fix is for IN_BYTE_BUFFER(), same
for IN_ATTRIBUTE_BUFFER().
See the previous commit for IN_ULONG_BUFFER(). This patch is
strictly using the same design pattern.
Vincent JARDIN [Mon, 21 Oct 2019 21:20:37 +0000 (23:20 +0200)]
Fix C_GetSlotList() when length is 0
Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.
This current fix is for IN_ULONG_BUFFER(), same
should be applied for IN_BYTE_BUFFER() and for IN_ATTRIBUTE_BUFFER().
Jakub Jelen [Wed, 23 Oct 2019 12:51:41 +0000 (14:51 +0200)]
modules: Implement correct search in list
The current version of matching was failing, when the list contained
also a searched string with some suffix, for example, when we ran from
p11-kit and the p11-kit-proxy was first in the list and p11-kit later,
it was not matched, because the test did not find a separator after
the first match, decided that it does not match and did not try further.
example program p11-kit
example enable-in: p11-kit-proxy,p11-kit
Simon Haggett [Thu, 13 Jun 2019 16:00:17 +0000 (17:00 +0100)]
rpc: On UNIX wait on condition variable instead of FD if header is for a different thread.
If rpc_socket_read() receives a header for a different thread, it tries to yield by
releasing the read mutex and waiting on the socket's read FD. On Linux systems, this has
been observed to cause a performance problem in cases where multiple threads are being
used. Threads expecting a different header can rapidly unlock and relock the read mutex,
as they resume when sock->read_code hasn't changed. This can result in contention on the
read mutex, which delays the thread that is expecting to consume the header.
This fix updates rpc_socket_read() on UNIX to wait on a condition variable instead of the
socket's read FD. The condition variable is signalled when sock->read_code changes. This
allows waiting threads to only resume once the header and payload have been consumed by
their target thread. This fix only targets UNIX platforms, as the Windows version that
p11-kit targets by default (Windows 2000) does not provide support for condition
variables.
Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
Daiki Ueno [Thu, 16 May 2019 14:52:37 +0000 (16:52 +0200)]
proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified
While fully implementing C_WaitForSlotEvent() would require a separate
thread to monitor events, it is straightforward to implement the
function if the CKF_DONT_BLOCK flag is given.
Daiki Ueno [Wed, 15 May 2019 14:17:43 +0000 (16:17 +0200)]
proxy: Refresh slot list on every C_GetSlotList call
Previously, the proxy module calculated the slot list only once at the
C_Initialize() call. That was causing a usability limitation when the
user attaches HSM after starting an application.
Simon Haggett [Tue, 12 Mar 2019 11:26:20 +0000 (11:26 +0000)]
modules: Fix index used in call to p11_dict_remove()
This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use
the correct index in the stolen array (i, rather than at). This avoids an
assert, which was encountered on a host serving a PKCS#11 module to a remote
Linux client.
Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
Tom Sutcliffe [Sat, 9 Mar 2019 13:41:22 +0000 (13:41 +0000)]
Fix Win32 p11_dl_error crash
Caused by returning a buffer that wasn't allocated with malloc and
needed to be freed with LocalFree() instead. The fix is to strdup
msg_buf so what's returned can be free()d.
modules: check gl.modules before iterates on it when freeing
In some circumstances, as described in the BZ, can happen that
free_modules_when_no_refs_unlocked() is called multiple times
when the module destructor is invoked.
We should check gl.modules before iterates on it in the
free_modules_when_no_refs_unlocked() functions, to avoid
a SIGSEGV.
Daiki Ueno [Mon, 18 Feb 2019 13:53:49 +0000 (14:53 +0100)]
trust: Ignore unreadable content in anchors
This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of
failing C_FindObjectsInit, treat any errors internally and accumulates
the successfully loaded certificates.
Reported by Andrej Kvasnica in:
https://bugzilla.redhat.com/show_bug.cgi?id=1675441
Daiki Ueno [Fri, 11 Jan 2019 09:35:16 +0000 (10:35 +0100)]
pem: Fix assert condition
If the PEM header is "-----BEGIN -----", *type should be an empty
string and the parser shouldn't fail. Reported by Han Han in:
https://bugzilla.redhat.com/show_bug.cgi?id=1665172
Daiki Ueno [Tue, 25 Dec 2018 07:32:19 +0000 (08:32 +0100)]
trust: Continue parsing if the file cannot be read as persist format
A corrupted file that contains "[p11-kit-object-v1]" can be a valid
PEM certs file. Continue with the next format if it cannot be read as
a persistent format.
Daiki Ueno [Sun, 23 Dec 2018 13:11:00 +0000 (14:11 +0100)]
trust: Propagate library verbosity to module through init_args
Previously, even when the -v option is used with the 'trust' command,
the messages from p11-kit-trust.so module were suppressed because the
verbosity setting is not propagated to the module.
Daiki Ueno [Fri, 19 Oct 2018 08:21:36 +0000 (10:21 +0200)]
virtual: Prefer fixed closures to libffi closures
On some circumstances (such as when loading p11-kit-proxy from httpd),
it is known that creation of libffi closure always fails, due to
SELinux policy. Although this is harmless, it pollutes the journal
and gives wrong hints when troubleshooting. This patch changes the
order of preference of libffi vs pre-compiled closures to avoid that.