Compare commits
No commits in common. "imports/c8-beta/p11-kit-0.23.14-5.el8_0" and "c8" have entirely different histories.
imports/c8
...
c8
|
@ -1 +1,3 @@
|
||||||
SOURCES/p11-kit-0.23.14.tar.gz
|
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
SOURCES/p11-kit-0.23.22.tar.xz
|
||||||
|
SOURCES/p11-kit-0.23.22.tar.xz.sig
|
||||||
|
|
|
@ -1 +1,3 @@
|
||||||
30cab1d4b716022e6918f9a49976609c425f9cfc SOURCES/p11-kit-0.23.14.tar.gz
|
526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
|
339e5163ed50a9984a74739b9207ea8cd77fa7e2 SOURCES/p11-kit-0.23.22.tar.xz
|
||||||
|
1ab50d9f01bb186c60c32b56467c6f9f56e365da SOURCES/p11-kit-0.23.22.tar.xz.sig
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
From a91266ef087532e2332c75c4fd9244df66f30b64 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Fri, 18 Dec 2020 13:37:10 +0100
|
||||||
|
Subject: [PATCH] meson: Link trust/client modules explicitly to -ldl
|
||||||
|
|
||||||
|
This adds the -ldl link flag missing in the meson build, but present
|
||||||
|
in the autotools build. Although the use-case is unlikely, this
|
||||||
|
allows those modules to be linked as a normal shared library to a
|
||||||
|
program.
|
||||||
|
---
|
||||||
|
p11-kit/meson.build | 1 +
|
||||||
|
trust/meson.build | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/meson.build b/p11-kit/meson.build
|
||||||
|
index 7d57cd7..02147a9 100644
|
||||||
|
--- a/p11-kit/meson.build
|
||||||
|
+++ b/p11-kit/meson.build
|
||||||
|
@@ -92,6 +92,7 @@ if host_system != 'windows'
|
||||||
|
'client.c', 'client-init.c',
|
||||||
|
name_prefix: '',
|
||||||
|
include_directories: [configinc, commoninc],
|
||||||
|
+ dependencies: dlopen_deps,
|
||||||
|
link_args: p11_module_ldflags,
|
||||||
|
link_depends: [p11_module_symbol_map,
|
||||||
|
p11_module_symbol_def],
|
||||||
|
diff --git a/trust/meson.build b/trust/meson.build
|
||||||
|
index 482a3c1..d4a8e15 100644
|
||||||
|
--- a/trust/meson.build
|
||||||
|
+++ b/trust/meson.build
|
||||||
|
@@ -56,7 +56,7 @@ shared_module('p11-kit-trust',
|
||||||
|
'module-init.c',
|
||||||
|
name_prefix: '',
|
||||||
|
c_args: p11_kit_trust_c_args,
|
||||||
|
- dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps,
|
||||||
|
+ dependencies: [asn_h_dep, libp11_library_dep] + dlopen_deps + libtasn1_deps,
|
||||||
|
link_args: p11_module_ldflags,
|
||||||
|
link_depends: [p11_module_symbol_map,
|
||||||
|
p11_module_symbol_def],
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
From 9f01a8a45ba913a9b65894cef9369b6010005096 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eli Schwartz <eschwartz@archlinux.org>
|
||||||
|
Date: Tue, 11 Jan 2022 23:25:05 -0500
|
||||||
|
Subject: [PATCH] gtkdoc: remove dependencies on custom target files
|
||||||
|
|
||||||
|
Sadly, the `dependencies` kwarg does not actually do what it seems to be
|
||||||
|
trying to be used for, here. It is for listing dependency or library
|
||||||
|
objects whose compiler flags should be added to gtkdoc-scangobj.
|
||||||
|
|
||||||
|
It will not actually add ninja target dependencies. The similar kwarg in
|
||||||
|
other meson functions (e.g. genmarshal and compile_schemas) that *do*
|
||||||
|
allow adding target dependencies, is `depend_files`.
|
||||||
|
|
||||||
|
Older versions of meson simply did nothing in an if/elif/elif block
|
||||||
|
where these custom_targets never matched anything, and were thus
|
||||||
|
silently ignored.
|
||||||
|
|
||||||
|
Meson 0.61 type-validates the arguments and rejects CustomTarget as
|
||||||
|
invalid:
|
||||||
|
|
||||||
|
```
|
||||||
|
doc/manual/meson.build:72:8: ERROR: gnome.gtkdoc keyword argument 'dependencies' was of type array[CustomTarget | PkgConfigDependency] but should have been array[Dependency | SharedLibrary | StaticLibrary]
|
||||||
|
```
|
||||||
|
|
||||||
|
Fixes #406
|
||||||
|
---
|
||||||
|
doc/manual/meson.build | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/doc/manual/meson.build b/doc/manual/meson.build
|
||||||
|
index cf8758dbf..560df8dbc 100644
|
||||||
|
--- a/doc/manual/meson.build
|
||||||
|
+++ b/doc/manual/meson.build
|
||||||
|
@@ -73,7 +73,7 @@ if get_option('gtk_doc')
|
||||||
|
main_xml: 'p11-kit-docs.xml',
|
||||||
|
namespace: 'p11_kit',
|
||||||
|
src_dir: 'p11-kit',
|
||||||
|
- dependencies: libffi_deps + dlopen_deps + xml_deps,
|
||||||
|
+ dependencies: libffi_deps + dlopen_deps,
|
||||||
|
scan_args: [
|
||||||
|
'--ignore-headers=' + ' '.join(ignore_headers),
|
||||||
|
'--rebuild-types',
|
|
@ -0,0 +1,953 @@
|
||||||
|
diff --color -ruNp a/common/attrs.c b/common/attrs.c
|
||||||
|
--- a/common/attrs.c 2020-12-11 15:48:46.000000000 +0100
|
||||||
|
+++ b/common/attrs.c 2023-11-29 14:29:45.130552239 +0100
|
||||||
|
@@ -709,6 +709,23 @@ attribute_is_sensitive (const CK_ATTRIBU
|
||||||
|
X (CKA_TRUST_STEP_UP_APPROVED)
|
||||||
|
X (CKA_CERT_SHA1_HASH)
|
||||||
|
X (CKA_CERT_MD5_HASH)
|
||||||
|
+ X (CKA_IBM_OPAQUE)
|
||||||
|
+ X (CKA_IBM_RESTRICTABLE)
|
||||||
|
+ X (CKA_IBM_NEVER_MODIFIABLE)
|
||||||
|
+ X (CKA_IBM_RETAINKEY)
|
||||||
|
+ X (CKA_IBM_ATTRBOUND)
|
||||||
|
+ X (CKA_IBM_KEYTYPE)
|
||||||
|
+ X (CKA_IBM_CV)
|
||||||
|
+ X (CKA_IBM_MACKEY)
|
||||||
|
+ X (CKA_IBM_USE_AS_DATA)
|
||||||
|
+ X (CKA_IBM_STRUCT_PARAMS)
|
||||||
|
+ X (CKA_IBM_STD_COMPLIANCE1)
|
||||||
|
+ X (CKA_IBM_PROTKEY_EXTRACTABLE)
|
||||||
|
+ X (CKA_IBM_PROTKEY_NEVER_EXTRACTABLE)
|
||||||
|
+ X (CKA_IBM_OPAQUE_PKEY)
|
||||||
|
+ X (CKA_IBM_DILITHIUM_KEYFORM)
|
||||||
|
+ X (CKA_IBM_DILITHIUM_RHO)
|
||||||
|
+ X (CKA_IBM_DILITHIUM_T1)
|
||||||
|
case CKA_VALUE:
|
||||||
|
return (klass != CKO_CERTIFICATE &&
|
||||||
|
klass != CKO_X_CERTIFICATE_EXTENSION);
|
||||||
|
diff --color -ruNp a/common/constants.c b/common/constants.c
|
||||||
|
--- a/common/constants.c 2020-12-11 15:48:46.000000000 +0100
|
||||||
|
+++ b/common/constants.c 2023-11-29 14:29:45.130552239 +0100
|
||||||
|
@@ -141,6 +141,28 @@ const p11_constant p11_constant_types[]
|
||||||
|
CT (CKA_WRAP_TEMPLATE, "wrap-template")
|
||||||
|
CT (CKA_UNWRAP_TEMPLATE, "unwrap-template")
|
||||||
|
CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms")
|
||||||
|
+ CT (CKA_IBM_OPAQUE, "ibm-opaque")
|
||||||
|
+ CT (CKA_IBM_RESTRICTABLE, "ibm-restrictable")
|
||||||
|
+ CT (CKA_IBM_NEVER_MODIFIABLE, "ibm-never-modifiable")
|
||||||
|
+ CT (CKA_IBM_RETAINKEY, "ibm-retainkey")
|
||||||
|
+ CT (CKA_IBM_ATTRBOUND, "ibm-attrbound")
|
||||||
|
+ CT (CKA_IBM_KEYTYPE, "ibm-keytype")
|
||||||
|
+ CT (CKA_IBM_CV, "ibm-cv")
|
||||||
|
+ CT (CKA_IBM_MACKEY, "ibm-mackey")
|
||||||
|
+ CT (CKA_IBM_USE_AS_DATA, "ibm-use-as-data")
|
||||||
|
+ CT (CKA_IBM_STRUCT_PARAMS, "ibm-struct-params")
|
||||||
|
+ CT (CKA_IBM_STD_COMPLIANCE1, "ibm-std_compliance1")
|
||||||
|
+ CT (CKA_IBM_PROTKEY_EXTRACTABLE, "ibm-protkey-extractable")
|
||||||
|
+ CT (CKA_IBM_PROTKEY_NEVER_EXTRACTABLE, "ibm-protkey-never-extractable")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_KEYFORM, "ibm-dilithium-keyform")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_RHO, "ibm-dilithium-rho")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_SEED, "ibm-dilithium-seed")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_TR, "ibm-dilithium-tr")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_S1, "ibm-dilithium-s1")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_S2, "ibm-dilithium-s2")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_T0, "ibm-dilithium-t0")
|
||||||
|
+ CT (CKA_IBM_DILITHIUM_T1, "ibm-dilithium-t1")
|
||||||
|
+ CT (CKA_IBM_OPAQUE_PKEY, "ibm-opaque-pkey")
|
||||||
|
CT (CKA_NSS_URL, "nss-url")
|
||||||
|
CT (CKA_NSS_EMAIL, "nss-email")
|
||||||
|
CT (CKA_NSS_SMIME_INFO, "nss-smime-constant")
|
||||||
|
@@ -247,6 +269,7 @@ const p11_constant p11_constant_keys[] =
|
||||||
|
CT (CKK_AES, "aes")
|
||||||
|
CT (CKK_BLOWFISH, "blowfish")
|
||||||
|
CT (CKK_TWOFISH, "twofish")
|
||||||
|
+ CT (CKK_IBM_PQC_DILITHIUM, "ibm-dilithium")
|
||||||
|
CT (CKK_NSS_PKCS8, "nss-pkcs8")
|
||||||
|
{ CKA_INVALID },
|
||||||
|
};
|
||||||
|
@@ -595,6 +618,21 @@ const p11_constant p11_constant_mechanis
|
||||||
|
CT (CKM_DSA_PARAMETER_GEN, "dsa-parameter-gen")
|
||||||
|
CT (CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen")
|
||||||
|
CT (CKM_X9_42_DH_PARAMETER_GEN, "x9-42-dh-parameter-gen")
|
||||||
|
+ CT (CKM_IBM_SHA3_224, "ibm-sha3-224")
|
||||||
|
+ CT (CKM_IBM_SHA3_256, "ibm-sha3-256")
|
||||||
|
+ CT (CKM_IBM_SHA3_384, "ibm-sha3-384")
|
||||||
|
+ CT (CKM_IBM_SHA3_512, "ibm-sha3-512")
|
||||||
|
+ CT (CKM_IBM_CMAC, "ibm-cmac")
|
||||||
|
+ CT (CKM_IBM_EC_X25519, "ibm-ec-x25519")
|
||||||
|
+ CT (CKM_IBM_ED25519_SHA512, "ibm-ed25519-sha512")
|
||||||
|
+ CT (CKM_IBM_EC_X448, "ibm-ec-x448")
|
||||||
|
+ CT (CKM_IBM_ED448_SHA3, "ibm-ed448-sha3")
|
||||||
|
+ CT (CKM_IBM_DILITHIUM, "ibm-dilithium")
|
||||||
|
+ CT (CKM_IBM_SHA3_224_HMAC, "ibm-sha3-224-hmac")
|
||||||
|
+ CT (CKM_IBM_SHA3_256_HMAC, "ibm-sha3-256-hmac")
|
||||||
|
+ CT (CKM_IBM_SHA3_384_HMAC, "ibm-sha3-384-hmac")
|
||||||
|
+ CT (CKM_IBM_SHA3_512_HMAC, "ibm-sha3-512-hmac")
|
||||||
|
+ CT (CKM_IBM_ATTRIBUTEBOUND_WRAP, "ibm-attributebound-wrap")
|
||||||
|
{ CKA_INVALID },
|
||||||
|
};
|
||||||
|
|
||||||
|
diff --color -ruNp a/common/pkcs11x.h b/common/pkcs11x.h
|
||||||
|
--- a/common/pkcs11x.h 2020-12-11 16:24:01.000000000 +0100
|
||||||
|
+++ b/common/pkcs11x.h 2023-11-29 14:29:45.252554771 +0100
|
||||||
|
@@ -181,6 +181,71 @@ typedef CK_ULONG
|
||||||
|
|
||||||
|
#endif /* CRYPTOKI_RU_TEAM_TC26_VENDOR_DEFINED */
|
||||||
|
|
||||||
|
+/* Define this if you want the IBM specific symbols */
|
||||||
|
+#define CRYPTOKI_IBM_VENDOR_DEFINED 1
|
||||||
|
+#ifdef CRYPTOKI_IBM_VENDOR_DEFINED
|
||||||
|
+
|
||||||
|
+#define CKK_IBM_PQC_DILITHIUM CKK_VENDOR_DEFINED + 0x10023
|
||||||
|
+
|
||||||
|
+#define CKA_IBM_OPAQUE (CKA_VENDOR_DEFINED + 1)
|
||||||
|
+#define CKA_IBM_RESTRICTABLE (CKA_VENDOR_DEFINED + 0x10001)
|
||||||
|
+#define CKA_IBM_NEVER_MODIFIABLE (CKA_VENDOR_DEFINED + 0x10002)
|
||||||
|
+#define CKA_IBM_RETAINKEY (CKA_VENDOR_DEFINED + 0x10003)
|
||||||
|
+#define CKA_IBM_ATTRBOUND (CKA_VENDOR_DEFINED + 0x10004)
|
||||||
|
+#define CKA_IBM_KEYTYPE (CKA_VENDOR_DEFINED + 0x10005)
|
||||||
|
+#define CKA_IBM_CV (CKA_VENDOR_DEFINED + 0x10006)
|
||||||
|
+#define CKA_IBM_MACKEY (CKA_VENDOR_DEFINED + 0x10007)
|
||||||
|
+#define CKA_IBM_USE_AS_DATA (CKA_VENDOR_DEFINED + 0x10008)
|
||||||
|
+#define CKA_IBM_STRUCT_PARAMS (CKA_VENDOR_DEFINED + 0x10009)
|
||||||
|
+#define CKA_IBM_STD_COMPLIANCE1 (CKA_VENDOR_DEFINED + 0x1000a)
|
||||||
|
+#define CKA_IBM_PROTKEY_EXTRACTABLE (CKA_VENDOR_DEFINED + 0x1000c)
|
||||||
|
+#define CKA_IBM_PROTKEY_NEVER_EXTRACTABLE (CKA_VENDOR_DEFINED + 0x1000d)
|
||||||
|
+#define CKA_IBM_DILITHIUM_KEYFORM (CKA_VENDOR_DEFINED + 0xd0001)
|
||||||
|
+#define CKA_IBM_DILITHIUM_RHO (CKA_VENDOR_DEFINED + 0xd0002)
|
||||||
|
+#define CKA_IBM_DILITHIUM_SEED (CKA_VENDOR_DEFINED + 0xd0003)
|
||||||
|
+#define CKA_IBM_DILITHIUM_TR (CKA_VENDOR_DEFINED + 0xd0004)
|
||||||
|
+#define CKA_IBM_DILITHIUM_S1 (CKA_VENDOR_DEFINED + 0xd0005)
|
||||||
|
+#define CKA_IBM_DILITHIUM_S2 (CKA_VENDOR_DEFINED + 0xd0006)
|
||||||
|
+#define CKA_IBM_DILITHIUM_T0 (CKA_VENDOR_DEFINED + 0xd0007)
|
||||||
|
+#define CKA_IBM_DILITHIUM_T1 (CKA_VENDOR_DEFINED + 0xd0008)
|
||||||
|
+#define CKA_IBM_OPAQUE_PKEY (CKA_VENDOR_DEFINED + 0xd0100)
|
||||||
|
+
|
||||||
|
+#define CKM_IBM_SHA3_224 (CKM_VENDOR_DEFINED + 0x10001)
|
||||||
|
+#define CKM_IBM_SHA3_256 (CKM_VENDOR_DEFINED + 0x10002)
|
||||||
|
+#define CKM_IBM_SHA3_384 (CKM_VENDOR_DEFINED + 0x10003)
|
||||||
|
+#define CKM_IBM_SHA3_512 (CKM_VENDOR_DEFINED + 0x10004)
|
||||||
|
+#define CKM_IBM_CMAC (CKM_VENDOR_DEFINED + 0x10007)
|
||||||
|
+#define CKM_IBM_EC_X25519 (CKM_VENDOR_DEFINED + 0x1001b)
|
||||||
|
+#define CKM_IBM_ED25519_SHA512 (CKM_VENDOR_DEFINED + 0x1001c)
|
||||||
|
+#define CKM_IBM_EC_X448 (CKM_VENDOR_DEFINED + 0x1001e)
|
||||||
|
+#define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED + 0x1001f)
|
||||||
|
+#define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED + 0x10023)
|
||||||
|
+#define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED + 0x10025)
|
||||||
|
+#define CKM_IBM_SHA3_256_HMAC (CKM_VENDOR_DEFINED + 0x10026)
|
||||||
|
+#define CKM_IBM_SHA3_384_HMAC (CKM_VENDOR_DEFINED + 0x10027)
|
||||||
|
+#define CKM_IBM_SHA3_512_HMAC (CKM_VENDOR_DEFINED + 0x10028)
|
||||||
|
+#define CKM_IBM_ATTRIBUTEBOUND_WRAP (CKM_VENDOR_DEFINED + 0x20004)
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * If the caller is using the PKCS#11 GNU calling convention, then we cater
|
||||||
|
+ * to that here.
|
||||||
|
+ */
|
||||||
|
+#ifdef CRYPTOKI_GNU
|
||||||
|
+#define hSignVerifyKey h_sign_verify_key
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+struct ck_ibm_attributebound_wrap {
|
||||||
|
+ CK_OBJECT_HANDLE hSignVerifyKey;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+typedef struct ck_ibm_attributebound_wrap CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS;
|
||||||
|
+
|
||||||
|
+#ifdef CRYPTOKI_GNU
|
||||||
|
+#undef hSignVerifyKey
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#endif /* CRYPTOKI_IBM_VENDOR_DEFINED */
|
||||||
|
+
|
||||||
|
#if defined(__cplusplus)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
diff --color -ruNp a/p11-kit/meson.build b/p11-kit/meson.build
|
||||||
|
--- a/p11-kit/meson.build 2023-11-29 14:27:53.265231072 +0100
|
||||||
|
+++ b/p11-kit/meson.build 2023-11-29 14:29:45.264555020 +0100
|
||||||
|
@@ -211,6 +211,9 @@ gnu_h = gnu_h_gen.process(pkcs11_gnu_hea
|
||||||
|
static_library('p11-kit-pkcs11-gnu',
|
||||||
|
gnu_h,
|
||||||
|
'pkcs11-gnu.c',
|
||||||
|
+ c_args: [
|
||||||
|
+ '-DCRYPTOKI_GNU=1', '-DP11_KIT_FUTURE_UNSTABLE_API=1',
|
||||||
|
+ ],
|
||||||
|
include_directories: [configinc, commoninc])
|
||||||
|
|
||||||
|
# Tests ----------------------------------------------------------------
|
||||||
|
diff --color -ruNp a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
|
||||||
|
--- a/p11-kit/p11-kit.h 2020-12-11 15:48:46.000000000 +0100
|
||||||
|
+++ b/p11-kit/p11-kit.h 2023-11-29 14:29:45.265555041 +0100
|
||||||
|
@@ -43,12 +43,17 @@
|
||||||
|
*/
|
||||||
|
#ifdef CRYPTOKI_GNU
|
||||||
|
typedef ck_rv_t CK_RV;
|
||||||
|
+typedef ck_object_handle_t CK_OBJECT_HANDLE;
|
||||||
|
+typedef unsigned long int CK_ULONG;
|
||||||
|
typedef struct ck_function_list* CK_FUNCTION_LIST_PTR;
|
||||||
|
typedef struct ck_function_list CK_FUNCTION_LIST;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "p11-kit/deprecated.h"
|
||||||
|
|
||||||
|
+/* For size_t. */
|
||||||
|
+#include <stddef.h>
|
||||||
|
+
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
diff --color -ruNp a/p11-kit/pkcs11-gnu.c b/p11-kit/pkcs11-gnu.c
|
||||||
|
--- a/p11-kit/pkcs11-gnu.c 2020-12-11 15:48:46.000000000 +0100
|
||||||
|
+++ b/p11-kit/pkcs11-gnu.c 2023-11-29 14:29:45.265555041 +0100
|
||||||
|
@@ -1,3 +1,8 @@
|
||||||
|
+#include "config.h"
|
||||||
|
+
|
||||||
|
+#include "p11-kit.h"
|
||||||
|
+#include "pkcs11x.h"
|
||||||
|
+
|
||||||
|
#include "pkcs11-gnu-iter.h"
|
||||||
|
#include "pkcs11-gnu-pin.h"
|
||||||
|
#include "pkcs11-gnu-uri.h"
|
||||||
|
diff --color -ruNp a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
|
||||||
|
--- a/p11-kit/rpc-client.c 2020-12-11 15:48:46.000000000 +0100
|
||||||
|
+++ b/p11-kit/rpc-client.c 2023-11-29 14:29:45.220554107 +0100
|
||||||
|
@@ -570,7 +570,7 @@ proto_read_sesssion_info (p11_rpc_messag
|
||||||
|
#define IN_BYTE_BUFFER(arr, len) \
|
||||||
|
if (len == NULL) \
|
||||||
|
{ _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
|
||||||
|
- if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? *len : 0)) \
|
||||||
|
+ if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? (*len > 0 ? *len : (uint32_t)-1) : 0)) \
|
||||||
|
{ _ret = CKR_HOST_MEMORY; goto _cleanup; }
|
||||||
|
|
||||||
|
#define IN_BYTE_ARRAY(arr, len) \
|
||||||
|
@@ -1489,8 +1489,6 @@ rpc_C_SignUpdate (CK_X_FUNCTION_LIST *se
|
||||||
|
CK_BYTE_PTR part,
|
||||||
|
CK_ULONG part_len)
|
||||||
|
{
|
||||||
|
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
|
||||||
|
-
|
||||||
|
BEGIN_CALL_OR (C_SignUpdate, self, CKR_SESSION_HANDLE_INVALID);
|
||||||
|
IN_ULONG (session);
|
||||||
|
IN_BYTE_ARRAY (part, part_len);
|
||||||
|
diff --color -ruNp a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c
|
||||||
|
--- a/p11-kit/rpc-message.c 2020-12-11 16:25:36.000000000 +0100
|
||||||
|
+++ b/p11-kit/rpc-message.c 2023-11-29 14:29:45.243554584 +0100
|
||||||
|
@@ -372,7 +372,7 @@ p11_rpc_message_write_byte_array (p11_rp
|
||||||
|
assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay"));
|
||||||
|
|
||||||
|
/* No array, no data, just length */
|
||||||
|
- if (!arr) {
|
||||||
|
+ if (!arr && num != 0) {
|
||||||
|
p11_rpc_buffer_add_byte (msg->output, 0);
|
||||||
|
p11_rpc_buffer_add_uint32 (msg->output, num);
|
||||||
|
} else {
|
||||||
|
@@ -800,6 +800,13 @@ map_attribute_to_value_type (CK_ATTRIBUT
|
||||||
|
case CKA_RESET_ON_INIT:
|
||||||
|
case CKA_HAS_RESET:
|
||||||
|
case CKA_COLOR:
|
||||||
|
+ case CKA_IBM_RESTRICTABLE:
|
||||||
|
+ case CKA_IBM_NEVER_MODIFIABLE:
|
||||||
|
+ case CKA_IBM_RETAINKEY:
|
||||||
|
+ case CKA_IBM_ATTRBOUND:
|
||||||
|
+ case CKA_IBM_USE_AS_DATA:
|
||||||
|
+ case CKA_IBM_PROTKEY_EXTRACTABLE:
|
||||||
|
+ case CKA_IBM_PROTKEY_NEVER_EXTRACTABLE:
|
||||||
|
return P11_RPC_VALUE_BYTE;
|
||||||
|
case CKA_CLASS:
|
||||||
|
case CKA_CERTIFICATE_TYPE:
|
||||||
|
@@ -821,9 +828,13 @@ map_attribute_to_value_type (CK_ATTRIBUT
|
||||||
|
case CKA_CHAR_COLUMNS:
|
||||||
|
case CKA_BITS_PER_PIXEL:
|
||||||
|
case CKA_MECHANISM_TYPE:
|
||||||
|
+ case CKA_IBM_DILITHIUM_KEYFORM:
|
||||||
|
+ case CKA_IBM_STD_COMPLIANCE1:
|
||||||
|
+ case CKA_IBM_KEYTYPE:
|
||||||
|
return P11_RPC_VALUE_ULONG;
|
||||||
|
case CKA_WRAP_TEMPLATE:
|
||||||
|
case CKA_UNWRAP_TEMPLATE:
|
||||||
|
+ case CKA_DERIVE_TEMPLATE:
|
||||||
|
return P11_RPC_VALUE_ATTRIBUTE_ARRAY;
|
||||||
|
case CKA_ALLOWED_MECHANISMS:
|
||||||
|
return P11_RPC_VALUE_MECHANISM_TYPE_ARRAY;
|
||||||
|
@@ -869,6 +880,18 @@ map_attribute_to_value_type (CK_ATTRIBUT
|
||||||
|
case CKA_REQUIRED_CMS_ATTRIBUTES:
|
||||||
|
case CKA_DEFAULT_CMS_ATTRIBUTES:
|
||||||
|
case CKA_SUPPORTED_CMS_ATTRIBUTES:
|
||||||
|
+ case CKA_IBM_OPAQUE:
|
||||||
|
+ case CKA_IBM_CV:
|
||||||
|
+ case CKA_IBM_MACKEY:
|
||||||
|
+ case CKA_IBM_STRUCT_PARAMS:
|
||||||
|
+ case CKA_IBM_OPAQUE_PKEY:
|
||||||
|
+ case CKA_IBM_DILITHIUM_RHO:
|
||||||
|
+ case CKA_IBM_DILITHIUM_SEED:
|
||||||
|
+ case CKA_IBM_DILITHIUM_TR:
|
||||||
|
+ case CKA_IBM_DILITHIUM_S1:
|
||||||
|
+ case CKA_IBM_DILITHIUM_S2:
|
||||||
|
+ case CKA_IBM_DILITHIUM_T0:
|
||||||
|
+ case CKA_IBM_DILITHIUM_T1:
|
||||||
|
return P11_RPC_VALUE_BYTE_ARRAY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -1406,9 +1429,466 @@ p11_rpc_buffer_get_rsa_pkcs_oaep_mechani
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_ecdh1_derive_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ CK_ECDH1_DERIVE_PARAMS params;
|
||||||
|
+
|
||||||
|
+ /* Check if value can be converted to CK_ECDH1_DERIVE_PARAMS. */
|
||||||
|
+ if (value_length != sizeof (CK_ECDH1_DERIVE_PARAMS)) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy (¶ms, value, value_length);
|
||||||
|
+
|
||||||
|
+ /* Check if params.kdf can be converted to uint64_t. */
|
||||||
|
+ if (params.kdf > UINT64_MAX) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_uint64 (buffer, params.kdf);
|
||||||
|
+
|
||||||
|
+ /* parmas.shared_data can only be an array of CK_BYTE or
|
||||||
|
+ * NULL */
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)params.shared_data,
|
||||||
|
+ params.shared_data_len);
|
||||||
|
+
|
||||||
|
+ /* parmas.public_data can only be an array of CK_BYTE or
|
||||||
|
+ * NULL */
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)params.public_data,
|
||||||
|
+ params.public_data_len);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_ecdh1_derive_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ uint64_t val;
|
||||||
|
+ const unsigned char *data1, *data2;
|
||||||
|
+ size_t len1, len2;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data1, &len1))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data2, &len2))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ if (value) {
|
||||||
|
+ CK_ECDH1_DERIVE_PARAMS params;
|
||||||
|
+
|
||||||
|
+ params.kdf = val;
|
||||||
|
+ params.shared_data = (void *) data1;
|
||||||
|
+ params.shared_data_len = len1;
|
||||||
|
+ params.public_data = (void *) data2;
|
||||||
|
+ params.public_data_len = len2;
|
||||||
|
+
|
||||||
|
+ memcpy (value, ¶ms, sizeof (CK_ECDH1_DERIVE_PARAMS));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = sizeof (CK_ECDH1_DERIVE_PARAMS);
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_ibm_attrbound_wrap_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS params;
|
||||||
|
+
|
||||||
|
+ /* Check if value can be converted to CKM_IBM_ATTRIBUTEBOUND_WRAP. */
|
||||||
|
+ if (value_length != sizeof (CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS)) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy (¶ms, value, value_length);
|
||||||
|
+
|
||||||
|
+ /* Check if params.hSignVerifyKey can be converted to uint64_t. */
|
||||||
|
+ if (params.hSignVerifyKey > UINT64_MAX) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_uint64 (buffer, params.hSignVerifyKey);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ uint64_t val;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (value) {
|
||||||
|
+ CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS params;
|
||||||
|
+
|
||||||
|
+ params.hSignVerifyKey = val;
|
||||||
|
+
|
||||||
|
+ memcpy (value, ¶ms, sizeof (CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = sizeof (CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS);
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_aes_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ /* Check if value can be converted to an AES IV. */
|
||||||
|
+ if (value_length != 16) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)value,
|
||||||
|
+ value_length);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_aes_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ const unsigned char *data;
|
||||||
|
+ size_t len;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (len != 16)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (value)
|
||||||
|
+ memcpy (value, data, len);
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = len;
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_aes_ctr_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ CK_AES_CTR_PARAMS params;
|
||||||
|
+
|
||||||
|
+ /* Check if value can be converted to CK_AES_CTR_PARAMS. */
|
||||||
|
+ if (value_length != sizeof (CK_AES_CTR_PARAMS)) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy (¶ms, value, value_length);
|
||||||
|
+
|
||||||
|
+ /* Check if params.counter_bits can be converted to uint64_t. */
|
||||||
|
+ if (params.counter_bits > UINT64_MAX) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_uint64 (buffer, params.counter_bits);
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)params.cb,
|
||||||
|
+ sizeof(params.cb));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_aes_ctr_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ uint64_t val;
|
||||||
|
+ const unsigned char *data;
|
||||||
|
+ size_t len;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val))
|
||||||
|
+ return false;
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (value) {
|
||||||
|
+ CK_AES_CTR_PARAMS params;
|
||||||
|
+
|
||||||
|
+ params.ulCounterBits = val;
|
||||||
|
+
|
||||||
|
+ if (len != sizeof (params.cb))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ memcpy (params.cb, data, sizeof (params.cb));
|
||||||
|
+ memcpy (value, ¶ms, sizeof (CK_AES_CTR_PARAMS));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = sizeof (CK_AES_CTR_PARAMS);
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_aes_gcm_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ CK_GCM_PARAMS params;
|
||||||
|
+
|
||||||
|
+ /* Check if value can be converted to CK_GCM_PARAMS. */
|
||||||
|
+ if (value_length != sizeof (CK_GCM_PARAMS)) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy (¶ms, value, value_length);
|
||||||
|
+
|
||||||
|
+ /* Check if params.ulTagBits/ulIvBits can be converted to uint64_t. */
|
||||||
|
+ if (params.ulTagBits > UINT64_MAX || params.ulIvBits > UINT64_MAX) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)params.pIv,
|
||||||
|
+ params.ulIvLen);
|
||||||
|
+ p11_rpc_buffer_add_uint64 (buffer, params.ulIvBits);
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)params.pAAD,
|
||||||
|
+ params.ulAADLen);
|
||||||
|
+ p11_rpc_buffer_add_uint64 (buffer, params.ulTagBits);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_aes_gcm_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ uint64_t val1, val2;
|
||||||
|
+ const unsigned char *data1, *data2;
|
||||||
|
+ size_t len1, len2;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data1, &len1))
|
||||||
|
+ return false;
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val1))
|
||||||
|
+ return false;
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data2, &len2))
|
||||||
|
+ return false;
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val2))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (value) {
|
||||||
|
+ CK_GCM_PARAMS params;
|
||||||
|
+
|
||||||
|
+ params.pIv = (void *) data1;
|
||||||
|
+ params.ulIvLen = len1;
|
||||||
|
+ params.ulIvBits = val1;
|
||||||
|
+ params.pAAD = (void *) data2;
|
||||||
|
+ params.ulAADLen = len2;
|
||||||
|
+ params.ulTagBits = val2;
|
||||||
|
+
|
||||||
|
+ memcpy (value, ¶ms, sizeof (CK_GCM_PARAMS));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = sizeof (CK_GCM_PARAMS);
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_des_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ /* Check if value can be converted to an DES IV. */
|
||||||
|
+ if (value_length != 8) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)value,
|
||||||
|
+ value_length);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_des_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ const unsigned char *data;
|
||||||
|
+ size_t len;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (len != 8)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (value)
|
||||||
|
+ memcpy (value, data, len);
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = len;
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_mac_general_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ CK_ULONG val;
|
||||||
|
+ uint64_t params;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Check if value can be converted to an CK_MAC_GENERAL_PARAMS which
|
||||||
|
+ * is a CK_ULONG.
|
||||||
|
+ */
|
||||||
|
+ if (value_length != sizeof (CK_ULONG)) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy (&val, value, value_length);
|
||||||
|
+ params = val;
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_uint64 (buffer, params);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_mac_general_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ uint64_t val;
|
||||||
|
+ CK_ULONG params;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ params = val;
|
||||||
|
+
|
||||||
|
+ if (value)
|
||||||
|
+ memcpy (value, ¶ms, sizeof (params));
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = sizeof (params);
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+p11_rpc_buffer_add_dh_pkcs_derive_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length)
|
||||||
|
+{
|
||||||
|
+ /* Mechanism parameter is public value of the other party */
|
||||||
|
+ if (value_length == 0) {
|
||||||
|
+ p11_buffer_fail (buffer);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ p11_rpc_buffer_add_byte_array (buffer,
|
||||||
|
+ (unsigned char *)value,
|
||||||
|
+ value_length);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool
|
||||||
|
+p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length)
|
||||||
|
+{
|
||||||
|
+ const unsigned char *data;
|
||||||
|
+ size_t len;
|
||||||
|
+
|
||||||
|
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (len == 0)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
+ if (value)
|
||||||
|
+ memcpy (value, data, len);
|
||||||
|
+
|
||||||
|
+ if (value_length)
|
||||||
|
+ *value_length = len;
|
||||||
|
+
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static p11_rpc_mechanism_serializer p11_rpc_mechanism_serializers[] = {
|
||||||
|
{ CKM_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
|
||||||
|
- { CKM_RSA_PKCS_OAEP, p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value }
|
||||||
|
+ { CKM_SHA1_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
|
||||||
|
+ { CKM_SHA224_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
|
||||||
|
+ { CKM_SHA256_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
|
||||||
|
+ { CKM_SHA384_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
|
||||||
|
+ { CKM_SHA512_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
|
||||||
|
+ { CKM_RSA_PKCS_OAEP, p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value },
|
||||||
|
+ { CKM_ECDH1_DERIVE, p11_rpc_buffer_add_ecdh1_derive_mechanism_value, p11_rpc_buffer_get_ecdh1_derive_mechanism_value },
|
||||||
|
+ { CKM_IBM_ATTRIBUTEBOUND_WRAP, p11_rpc_buffer_add_ibm_attrbound_wrap_mechanism_value, p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value },
|
||||||
|
+ { CKM_IBM_EC_X25519, p11_rpc_buffer_add_ecdh1_derive_mechanism_value, p11_rpc_buffer_get_ecdh1_derive_mechanism_value },
|
||||||
|
+ { CKM_IBM_EC_X448, p11_rpc_buffer_add_ecdh1_derive_mechanism_value, p11_rpc_buffer_get_ecdh1_derive_mechanism_value },
|
||||||
|
+ { CKM_AES_CBC, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CBC_PAD, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_OFB, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CFB1, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CFB8, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CFB64, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CFB128, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CTS, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
|
||||||
|
+ { CKM_AES_CTR, p11_rpc_buffer_add_aes_ctr_mechanism_value, p11_rpc_buffer_get_aes_ctr_mechanism_value },
|
||||||
|
+ { CKM_AES_GCM, p11_rpc_buffer_add_aes_gcm_mechanism_value, p11_rpc_buffer_get_aes_gcm_mechanism_value },
|
||||||
|
+ { CKM_DES_CBC, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_DES_CBC_PAD, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_DES3_CBC, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_DES3_CBC_PAD, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_DES_CFB8, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_DES_CFB64, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_DES_OFB64, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
|
||||||
|
+ { CKM_SHA_1_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_SHA224_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_SHA256_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_SHA384_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_SHA512_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_SHA512_224_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_SHA512_256_HMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_AES_MAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_AES_CMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_DES3_MAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_DES3_CMAC_GENERAL, p11_rpc_buffer_add_mac_general_mechanism_value, p11_rpc_buffer_get_mac_general_mechanism_value },
|
||||||
|
+ { CKM_DH_PKCS_DERIVE, p11_rpc_buffer_add_dh_pkcs_derive_mechanism_value, p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value },
|
||||||
|
};
|
||||||
|
|
||||||
|
static p11_rpc_mechanism_serializer p11_rpc_byte_array_mechanism_serializer = {
|
||||||
|
@@ -1453,6 +1933,7 @@ mechanism_has_no_parameters (CK_MECHANIS
|
||||||
|
case CKM_MD2_RSA_PKCS:
|
||||||
|
case CKM_MD5_RSA_PKCS:
|
||||||
|
case CKM_SHA1_RSA_PKCS:
|
||||||
|
+ case CKM_SHA224_RSA_PKCS:
|
||||||
|
case CKM_SHA256_RSA_PKCS:
|
||||||
|
case CKM_SHA384_RSA_PKCS:
|
||||||
|
case CKM_SHA512_RSA_PKCS:
|
||||||
|
@@ -1467,6 +1948,10 @@ mechanism_has_no_parameters (CK_MECHANIS
|
||||||
|
case CKM_EC_KEY_PAIR_GEN:
|
||||||
|
case CKM_ECDSA:
|
||||||
|
case CKM_ECDSA_SHA1:
|
||||||
|
+ case CKM_ECDSA_SHA224:
|
||||||
|
+ case CKM_ECDSA_SHA256:
|
||||||
|
+ case CKM_ECDSA_SHA384:
|
||||||
|
+ case CKM_ECDSA_SHA512:
|
||||||
|
case CKM_DH_PKCS_KEY_PAIR_GEN:
|
||||||
|
case CKM_DH_PKCS_PARAMETER_GEN:
|
||||||
|
case CKM_X9_42_DH_KEY_PAIR_GEN:
|
||||||
|
@@ -1480,6 +1965,7 @@ mechanism_has_no_parameters (CK_MECHANIS
|
||||||
|
case CKM_AES_KEY_GEN:
|
||||||
|
case CKM_AES_ECB:
|
||||||
|
case CKM_AES_MAC:
|
||||||
|
+ case CKM_AES_CMAC:
|
||||||
|
case CKM_DES_KEY_GEN:
|
||||||
|
case CKM_DES2_KEY_GEN:
|
||||||
|
case CKM_DES3_KEY_GEN:
|
||||||
|
@@ -1505,6 +1991,7 @@ mechanism_has_no_parameters (CK_MECHANIS
|
||||||
|
case CKM_RC2_MAC:
|
||||||
|
case CKM_DES_MAC:
|
||||||
|
case CKM_DES3_MAC:
|
||||||
|
+ case CKM_DES3_CMAC:
|
||||||
|
case CKM_CDMF_MAC:
|
||||||
|
case CKM_CAST_MAC:
|
||||||
|
case CKM_CAST3_MAC:
|
||||||
|
@@ -1521,18 +2008,46 @@ mechanism_has_no_parameters (CK_MECHANIS
|
||||||
|
case CKM_MD5_HMAC:
|
||||||
|
case CKM_SHA_1:
|
||||||
|
case CKM_SHA_1_HMAC:
|
||||||
|
+ case CKM_SHA1_KEY_DERIVATION:
|
||||||
|
+ case CKM_SHA224:
|
||||||
|
+ case CKM_SHA224_HMAC:
|
||||||
|
+ case CKM_SHA224_KEY_DERIVATION:
|
||||||
|
case CKM_SHA256:
|
||||||
|
case CKM_SHA256_HMAC:
|
||||||
|
+ case CKM_SHA256_KEY_DERIVATION:
|
||||||
|
case CKM_SHA384:
|
||||||
|
case CKM_SHA384_HMAC:
|
||||||
|
+ case CKM_SHA384_KEY_DERIVATION:
|
||||||
|
case CKM_SHA512:
|
||||||
|
case CKM_SHA512_HMAC:
|
||||||
|
+ case CKM_SHA512_KEY_DERIVATION:
|
||||||
|
+ case CKM_SHA512_T:
|
||||||
|
+ case CKM_SHA512_T_HMAC:
|
||||||
|
+ case CKM_SHA512_T_KEY_DERIVATION:
|
||||||
|
+ case CKM_SHA512_224:
|
||||||
|
+ case CKM_SHA512_224_HMAC:
|
||||||
|
+ case CKM_SHA512_224_KEY_DERIVATION:
|
||||||
|
+ case CKM_SHA512_256:
|
||||||
|
+ case CKM_SHA512_256_HMAC:
|
||||||
|
+ case CKM_SHA512_256_KEY_DERIVATION:
|
||||||
|
case CKM_FASTHASH:
|
||||||
|
case CKM_RIPEMD128:
|
||||||
|
case CKM_RIPEMD128_HMAC:
|
||||||
|
case CKM_RIPEMD160:
|
||||||
|
case CKM_RIPEMD160_HMAC:
|
||||||
|
case CKM_KEY_WRAP_LYNKS:
|
||||||
|
+ case CKM_IBM_SHA3_224:
|
||||||
|
+ case CKM_IBM_SHA3_256:
|
||||||
|
+ case CKM_IBM_SHA3_384:
|
||||||
|
+ case CKM_IBM_SHA3_512:
|
||||||
|
+ case CKM_IBM_CMAC:
|
||||||
|
+ case CKM_IBM_DILITHIUM:
|
||||||
|
+ case CKM_IBM_SHA3_224_HMAC:
|
||||||
|
+ case CKM_IBM_SHA3_256_HMAC:
|
||||||
|
+ case CKM_IBM_SHA3_384_HMAC:
|
||||||
|
+ case CKM_IBM_SHA3_512_HMAC:
|
||||||
|
+ case CKM_IBM_ED25519_SHA512:
|
||||||
|
+ case CKM_IBM_ED448_SHA3:
|
||||||
|
return true;
|
||||||
|
default:
|
||||||
|
return false;
|
||||||
|
diff --color -ruNp a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h
|
||||||
|
--- a/p11-kit/rpc-message.h 2020-12-11 16:25:36.000000000 +0100
|
||||||
|
+++ b/p11-kit/rpc-message.h 2023-11-29 14:29:45.243554584 +0100
|
||||||
|
@@ -42,6 +42,7 @@
|
||||||
|
|
||||||
|
#include "buffer.h"
|
||||||
|
#include "pkcs11.h"
|
||||||
|
+#include "pkcs11x.h"
|
||||||
|
|
||||||
|
/* The calls, must be in sync with array below */
|
||||||
|
enum {
|
||||||
|
@@ -478,5 +479,85 @@ bool p11_rpc_buffer_get_rsa_
|
||||||
|
size_t *offset,
|
||||||
|
void *value,
|
||||||
|
CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_ecdh1_derive_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_ecdh1_derive_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_ibm_attrbound_wrap_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_aes_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_aes_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_aes_ctr_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_aes_ctr_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_aes_gcm_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_aes_gcm_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_des_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_des_iv_mechanism_value (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_mac_general_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_mac_general_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
+
|
||||||
|
+void p11_rpc_buffer_add_dh_pkcs_derive_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ const void *value,
|
||||||
|
+ CK_ULONG value_length);
|
||||||
|
+
|
||||||
|
+bool p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value
|
||||||
|
+ (p11_buffer *buffer,
|
||||||
|
+ size_t *offset,
|
||||||
|
+ void *value,
|
||||||
|
+ CK_ULONG *value_length);
|
||||||
|
|
||||||
|
#endif /* _RPC_MESSAGE_H */
|
||||||
|
diff --color -ruNp a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
||||||
|
--- a/p11-kit/rpc-server.c 2020-12-11 16:25:36.000000000 +0100
|
||||||
|
+++ b/p11-kit/rpc-server.c 2023-11-29 14:29:45.221554128 +0100
|
||||||
|
@@ -84,6 +84,12 @@ proto_read_byte_buffer (p11_rpc_message
|
||||||
|
*n_buffer = length;
|
||||||
|
*buffer = NULL;
|
||||||
|
|
||||||
|
+ /* length = -1 indicates length = 0, but buffer not NULL */
|
||||||
|
+ if (length == (uint32_t)-1) {
|
||||||
|
+ *n_buffer = 0;
|
||||||
|
+ length = 1; /*allocate 1 dummy byte */
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* If set to zero, then they just want the length */
|
||||||
|
if (length == 0)
|
||||||
|
return CKR_OK;
|
|
@ -1,623 +0,0 @@
|
||||||
From 8a8db182af533a43b4d478d28af8623035475d68 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:05:10 +0200
|
|
||||||
Subject: [PATCH 01/10] debug: Work around cppcheck false-positives
|
|
||||||
|
|
||||||
https://trac.cppcheck.net/ticket/8794
|
|
||||||
---
|
|
||||||
common/debug.h | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/debug.h b/common/debug.h
|
|
||||||
index 255c62c..7ea36f3 100644
|
|
||||||
--- a/common/debug.h
|
|
||||||
+++ b/common/debug.h
|
|
||||||
@@ -71,13 +71,13 @@ void p11_debug_precond (const char *format,
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define return_val_if_fail(x, v) \
|
|
||||||
- do { if (!(x)) { \
|
|
||||||
+ do { if (x) { } else { \
|
|
||||||
p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
|
|
||||||
return v; \
|
|
||||||
} } while (false)
|
|
||||||
|
|
||||||
#define return_if_fail(x) \
|
|
||||||
- do { if (!(x)) { \
|
|
||||||
+ do { if (x) { } else { \
|
|
||||||
p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
|
|
||||||
return; \
|
|
||||||
} } while (false)
|
|
||||||
@@ -100,7 +100,7 @@ void p11_debug_precond (const char *format,
|
|
||||||
} while (false)
|
|
||||||
|
|
||||||
#define warn_if_fail(x) \
|
|
||||||
- do { if (!(x)) { \
|
|
||||||
+ do { if (x) { } else { \
|
|
||||||
p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
|
|
||||||
} } while (false)
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From c76197ddbbd0c29adc2bceff2ee9f740f71d134d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:06:56 +0200
|
|
||||||
Subject: [PATCH 02/10] build: Call va_end() always when leaving the function
|
|
||||||
|
|
||||||
---
|
|
||||||
common/attrs.c | 4 +++-
|
|
||||||
common/compat.c | 5 ++++-
|
|
||||||
common/path.c | 5 ++++-
|
|
||||||
trust/parser.c | 4 +++-
|
|
||||||
4 files changed, 14 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/attrs.c b/common/attrs.c
|
|
||||||
index aa91891..a387a66 100644
|
|
||||||
--- a/common/attrs.c
|
|
||||||
+++ b/common/attrs.c
|
|
||||||
@@ -538,8 +538,10 @@ buffer_append_printf (p11_buffer *buffer,
|
|
||||||
va_list va;
|
|
||||||
|
|
||||||
va_start (va, format);
|
|
||||||
- if (vasprintf (&string, format, va) < 0)
|
|
||||||
+ if (vasprintf (&string, format, va) < 0) {
|
|
||||||
+ va_end (va);
|
|
||||||
return_if_reached ();
|
|
||||||
+ }
|
|
||||||
va_end (va);
|
|
||||||
|
|
||||||
p11_buffer_add (buffer, string, -1);
|
|
||||||
diff --git a/common/compat.c b/common/compat.c
|
|
||||||
index 5a9702d..48614fa 100644
|
|
||||||
--- a/common/compat.c
|
|
||||||
+++ b/common/compat.c
|
|
||||||
@@ -525,7 +525,10 @@ strconcat (const char *first,
|
|
||||||
for (arg = first; arg; arg = va_arg (va, const char*)) {
|
|
||||||
size_t old_length = length;
|
|
||||||
length += strlen (arg);
|
|
||||||
- return_val_if_fail (length >= old_length, NULL);
|
|
||||||
+ if (length < old_length) {
|
|
||||||
+ va_end (va);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
va_end (va);
|
|
||||||
diff --git a/common/path.c b/common/path.c
|
|
||||||
index 5cf0e1a..17a6230 100644
|
|
||||||
--- a/common/path.c
|
|
||||||
+++ b/common/path.c
|
|
||||||
@@ -218,7 +218,10 @@ p11_path_build (const char *path,
|
|
||||||
while (path != NULL) {
|
|
||||||
size_t old_len = len;
|
|
||||||
len += strlen (path) + 1;
|
|
||||||
- return_val_if_fail (len >= old_len, NULL);
|
|
||||||
+ if (len < old_len) {
|
|
||||||
+ va_end (va);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
path = va_arg (va, const char *);
|
|
||||||
}
|
|
||||||
va_end (va);
|
|
||||||
diff --git a/trust/parser.c b/trust/parser.c
|
|
||||||
index f92cdc9..e912c3a 100644
|
|
||||||
--- a/trust/parser.c
|
|
||||||
+++ b/trust/parser.c
|
|
||||||
@@ -697,8 +697,10 @@ p11_parser_formats (p11_parser *parser,
|
|
||||||
func = va_arg (va, parser_func);
|
|
||||||
if (func == NULL)
|
|
||||||
break;
|
|
||||||
- if (!p11_array_push (formats, func))
|
|
||||||
+ if (!p11_array_push (formats, func)) {
|
|
||||||
+ va_end (va);
|
|
||||||
return_if_reached ();
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
va_end (va);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From b10dadce5a3c921149b2c9fe0dec614f8076ebda Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:10:05 +0200
|
|
||||||
Subject: [PATCH 03/10] build: Free memory before return{,_val}_if_* macros
|
|
||||||
|
|
||||||
---
|
|
||||||
p11-kit/iter.c | 5 ++++-
|
|
||||||
p11-kit/proxy.c | 10 ++++++++--
|
|
||||||
trust/asn1.c | 15 ++++++++++++---
|
|
||||||
trust/builder.c | 5 ++++-
|
|
||||||
trust/index.c | 10 ++++++++--
|
|
||||||
trust/persist.c | 5 ++++-
|
|
||||||
trust/save.c | 29 +++++++++++++++++++++++++----
|
|
||||||
trust/session.c | 10 ++++++++--
|
|
||||||
trust/token.c | 5 ++++-
|
|
||||||
9 files changed, 77 insertions(+), 17 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/iter.c b/p11-kit/iter.c
|
|
||||||
index 0e4ca6e..d1ffd91 100644
|
|
||||||
--- a/p11-kit/iter.c
|
|
||||||
+++ b/p11-kit/iter.c
|
|
||||||
@@ -157,7 +157,10 @@ p11_kit_iter_new (P11KitUri *uri,
|
|
||||||
return_val_if_fail (iter != NULL, NULL);
|
|
||||||
|
|
||||||
iter->modules = p11_array_new (NULL);
|
|
||||||
- return_val_if_fail (iter->modules != NULL, NULL);
|
|
||||||
+ if (iter->modules == NULL) {
|
|
||||||
+ p11_kit_iter_free (iter);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE);
|
|
||||||
iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS);
|
|
||||||
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
|
||||||
index b7fb63d..abe7935 100644
|
|
||||||
--- a/p11-kit/proxy.c
|
|
||||||
+++ b/p11-kit/proxy.c
|
|
||||||
@@ -267,7 +267,10 @@ proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded,
|
|
||||||
py->forkid = p11_forkid;
|
|
||||||
|
|
||||||
py->inited = modules_dup (loaded);
|
|
||||||
- return_val_if_fail (py->inited != NULL, CKR_HOST_MEMORY);
|
|
||||||
+ if (py->inited == NULL) {
|
|
||||||
+ proxy_free (py, 0);
|
|
||||||
+ return_val_if_reached (CKR_HOST_MEMORY);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
rv = p11_kit_modules_initialize (py->inited, NULL);
|
|
||||||
|
|
||||||
@@ -320,7 +323,10 @@ proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded,
|
|
||||||
}
|
|
||||||
|
|
||||||
py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
|
|
||||||
- return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY);
|
|
||||||
+ if (py->sessions == NULL) {
|
|
||||||
+ proxy_free (py, 1);
|
|
||||||
+ return_val_if_reached (CKR_HOST_MEMORY);
|
|
||||||
+ }
|
|
||||||
py->refs = 1;
|
|
||||||
|
|
||||||
*res = py;
|
|
||||||
diff --git a/trust/asn1.c b/trust/asn1.c
|
|
||||||
index dd1812d..5ce682d 100644
|
|
||||||
--- a/trust/asn1.c
|
|
||||||
+++ b/trust/asn1.c
|
|
||||||
@@ -285,11 +285,17 @@ p11_asn1_cache_new (void)
|
|
||||||
return_val_if_fail (cache != NULL, NULL);
|
|
||||||
|
|
||||||
cache->defs = p11_asn1_defs_load ();
|
|
||||||
- return_val_if_fail (cache->defs != NULL, NULL);
|
|
||||||
+ if (cache->defs == NULL) {
|
|
||||||
+ p11_asn1_cache_free (cache);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
|
|
||||||
NULL, free_asn1_item);
|
|
||||||
- return_val_if_fail (cache->items != NULL, NULL);
|
|
||||||
+ if (cache->items == NULL) {
|
|
||||||
+ p11_asn1_cache_free (cache);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return cache;
|
|
||||||
}
|
|
||||||
@@ -342,7 +348,10 @@ p11_asn1_cache_take (p11_asn1_cache *cache,
|
|
||||||
item->length = der_len;
|
|
||||||
item->node = node;
|
|
||||||
item->struct_name = strdup (struct_name);
|
|
||||||
- return_if_fail (item->struct_name != NULL);
|
|
||||||
+ if (item->struct_name == NULL) {
|
|
||||||
+ free_asn1_item (item);
|
|
||||||
+ return_if_reached ();
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (!p11_dict_set (cache->items, (void *)der, item))
|
|
||||||
return_if_reached ();
|
|
||||||
diff --git a/trust/builder.c b/trust/builder.c
|
|
||||||
index 742c544..d819dc8 100644
|
|
||||||
--- a/trust/builder.c
|
|
||||||
+++ b/trust/builder.c
|
|
||||||
@@ -187,7 +187,10 @@ p11_builder_new (int flags)
|
|
||||||
return_val_if_fail (builder != NULL, NULL);
|
|
||||||
|
|
||||||
builder->asn1_cache = p11_asn1_cache_new ();
|
|
||||||
- return_val_if_fail (builder->asn1_cache, NULL);
|
|
||||||
+ if (builder->asn1_cache == NULL) {
|
|
||||||
+ p11_builder_free (builder);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
builder->asn1_defs = p11_asn1_cache_defs (builder->asn1_cache);
|
|
||||||
|
|
||||||
builder->flags = flags;
|
|
||||||
diff --git a/trust/index.c b/trust/index.c
|
|
||||||
index f4b6b4b..6a8e535 100644
|
|
||||||
--- a/trust/index.c
|
|
||||||
+++ b/trust/index.c
|
|
||||||
@@ -170,10 +170,16 @@ p11_index_new (p11_index_build_cb build,
|
|
||||||
index->objects = p11_dict_new (p11_dict_ulongptr_hash,
|
|
||||||
p11_dict_ulongptr_equal,
|
|
||||||
NULL, free_object);
|
|
||||||
- return_val_if_fail (index->objects != NULL, NULL);
|
|
||||||
+ if (index->objects == NULL) {
|
|
||||||
+ p11_index_free (index);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
index->buckets = calloc (NUM_BUCKETS, sizeof (index_bucket));
|
|
||||||
- return_val_if_fail (index->buckets != NULL, NULL);
|
|
||||||
+ if (index->buckets == NULL) {
|
|
||||||
+ p11_index_free (index);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return index;
|
|
||||||
}
|
|
||||||
diff --git a/trust/persist.c b/trust/persist.c
|
|
||||||
index 887b316..569cea1 100644
|
|
||||||
--- a/trust/persist.c
|
|
||||||
+++ b/trust/persist.c
|
|
||||||
@@ -89,7 +89,10 @@ p11_persist_new (void)
|
|
||||||
return_val_if_fail (persist != NULL, NULL);
|
|
||||||
|
|
||||||
persist->constants = p11_constant_reverse (true);
|
|
||||||
- return_val_if_fail (persist->constants != NULL, NULL);
|
|
||||||
+ if (persist->constants == NULL) {
|
|
||||||
+ free (persist);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return persist;
|
|
||||||
}
|
|
||||||
diff --git a/trust/save.c b/trust/save.c
|
|
||||||
index abff864..8184e13 100644
|
|
||||||
--- a/trust/save.c
|
|
||||||
+++ b/trust/save.c
|
|
||||||
@@ -68,6 +68,8 @@ static char * make_unique_name (const char *bare,
|
|
||||||
const char *extension,
|
|
||||||
int (*check) (void *, char *),
|
|
||||||
void *data);
|
|
||||||
+static void filo_free (p11_save_file *file);
|
|
||||||
+static void dir_free (p11_save_dir *dir);
|
|
||||||
|
|
||||||
bool
|
|
||||||
p11_save_write_and_finish (p11_save_file *file,
|
|
||||||
@@ -114,9 +116,15 @@ p11_save_open_file (const char *path,
|
|
||||||
return_val_if_fail (file != NULL, NULL);
|
|
||||||
file->temp = temp;
|
|
||||||
file->bare = strdup (path);
|
|
||||||
- return_val_if_fail (file->bare != NULL, NULL);
|
|
||||||
+ if (file->bare == NULL) {
|
|
||||||
+ filo_free (file);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
file->extension = strdup (extension);
|
|
||||||
- return_val_if_fail (file->extension != NULL, NULL);
|
|
||||||
+ if (file->extension == NULL) {
|
|
||||||
+ filo_free (file);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
file->flags = flags;
|
|
||||||
file->fd = fd;
|
|
||||||
|
|
||||||
@@ -166,6 +174,13 @@ filo_free (p11_save_file *file)
|
|
||||||
free (file);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void
|
|
||||||
+dir_free (p11_save_dir *dir) {
|
|
||||||
+ p11_dict_free (dir->cache);
|
|
||||||
+ free (dir->path);
|
|
||||||
+ free (dir);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#ifdef OS_UNIX
|
|
||||||
|
|
||||||
static int
|
|
||||||
@@ -349,10 +364,16 @@ p11_save_open_directory (const char *path,
|
|
||||||
return_val_if_fail (dir != NULL, NULL);
|
|
||||||
|
|
||||||
dir->path = strdup (path);
|
|
||||||
- return_val_if_fail (dir->path != NULL, NULL);
|
|
||||||
+ if (dir->path == NULL) {
|
|
||||||
+ dir_free (dir);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
|
|
||||||
- return_val_if_fail (dir->cache != NULL, NULL);
|
|
||||||
+ if (dir->cache == NULL) {
|
|
||||||
+ dir_free (dir);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
dir->flags = flags;
|
|
||||||
return dir;
|
|
||||||
diff --git a/trust/session.c b/trust/session.c
|
|
||||||
index b93a5c3..d464394 100644
|
|
||||||
--- a/trust/session.c
|
|
||||||
+++ b/trust/session.c
|
|
||||||
@@ -59,12 +59,18 @@ p11_session_new (p11_token *token)
|
|
||||||
session->handle = p11_module_next_id ();
|
|
||||||
|
|
||||||
session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE);
|
|
||||||
- return_val_if_fail (session->builder, NULL);
|
|
||||||
+ if (session->builder == NULL) {
|
|
||||||
+ p11_session_free (session);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
session->index = p11_index_new (p11_builder_build, NULL, NULL,
|
|
||||||
p11_builder_changed,
|
|
||||||
session->builder);
|
|
||||||
- return_val_if_fail (session->index != NULL, NULL);
|
|
||||||
+ if (session->index == NULL) {
|
|
||||||
+ p11_session_free (session);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
session->token = token;
|
|
||||||
|
|
||||||
diff --git a/trust/token.c b/trust/token.c
|
|
||||||
index 4cbcc77..fd3b043 100644
|
|
||||||
--- a/trust/token.c
|
|
||||||
+++ b/trust/token.c
|
|
||||||
@@ -829,7 +829,10 @@ p11_token_new (CK_SLOT_ID slot,
|
|
||||||
return_val_if_fail (token != NULL, NULL);
|
|
||||||
|
|
||||||
token->builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
|
|
||||||
- return_val_if_fail (token->builder != NULL, NULL);
|
|
||||||
+ if (token->builder == NULL) {
|
|
||||||
+ p11_token_free (token);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
token->index = p11_index_new (on_index_build,
|
|
||||||
on_index_store,
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From 06323aed926ddc67bd18ed98e5af92035a8e3d39 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:14:46 +0200
|
|
||||||
Subject: [PATCH 04/10] build: Check return value of p11_dict_set
|
|
||||||
|
|
||||||
---
|
|
||||||
p11-kit/proxy.c | 3 ++-
|
|
||||||
p11-kit/rpc-server.c | 6 +++++-
|
|
||||||
trust/module.c | 3 ++-
|
|
||||||
3 files changed, 9 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
|
||||||
index abe7935..11e6165 100644
|
|
||||||
--- a/p11-kit/proxy.c
|
|
||||||
+++ b/p11-kit/proxy.c
|
|
||||||
@@ -612,7 +612,8 @@ proxy_C_OpenSession (CK_X_FUNCTION_LIST *self,
|
|
||||||
sess->wrap_slot = map.wrap_slot;
|
|
||||||
sess->real_session = *handle;
|
|
||||||
sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */
|
|
||||||
- p11_dict_set (state->px->sessions, &sess->wrap_session, sess);
|
|
||||||
+ if (!p11_dict_set (state->px->sessions, &sess->wrap_session, sess))
|
|
||||||
+ warn_if_reached ();
|
|
||||||
*handle = sess->wrap_session;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
|
||||||
index 2db3524..3a8991d 100644
|
|
||||||
--- a/p11-kit/rpc-server.c
|
|
||||||
+++ b/p11-kit/rpc-server.c
|
|
||||||
@@ -2226,7 +2226,11 @@ p11_kit_remote_serve_tokens (const char **tokens,
|
|
||||||
p11_message_err (error, "couldn't subclass filter");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- p11_dict_set (filters, module, filter);
|
|
||||||
+ if (!p11_dict_set (filters, module, filter)) {
|
|
||||||
+ error = EINVAL;
|
|
||||||
+ p11_message_err (error, "couldn't register filter");
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 0; i < n_tokens; i++) {
|
|
||||||
diff --git a/trust/module.c b/trust/module.c
|
|
||||||
index e09113b..24cda87 100644
|
|
||||||
--- a/trust/module.c
|
|
||||||
+++ b/trust/module.c
|
|
||||||
@@ -1321,7 +1321,8 @@ find_objects_match (CK_ATTRIBUTE *attrs,
|
|
||||||
}
|
|
||||||
value = memdup (oid->pValue, oid->ulValueLen);
|
|
||||||
return_val_if_fail (value != NULL, false);
|
|
||||||
- p11_dict_set (find->extensions, value, value);
|
|
||||||
+ if (!p11_dict_set (find->extensions, value, value))
|
|
||||||
+ warn_if_reached ();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From 213ea0815ef45411bf6c134918b79d2aad69c1dc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:16:12 +0200
|
|
||||||
Subject: [PATCH 05/10] build: Check return value of p11_rpc_buffer_get_uint64
|
|
||||||
|
|
||||||
---
|
|
||||||
p11-kit/rpc-client.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
|
|
||||||
index 0dd4525..e202e37 100644
|
|
||||||
--- a/p11-kit/rpc-client.c
|
|
||||||
+++ b/p11-kit/rpc-client.c
|
|
||||||
@@ -371,7 +371,8 @@ proto_read_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr,
|
|
||||||
|
|
||||||
/* We need to go ahead and read everything in all cases */
|
|
||||||
for (i = 0; i < num; ++i) {
|
|
||||||
- p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val);
|
|
||||||
+ if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val))
|
|
||||||
+ return PARSE_ERROR;
|
|
||||||
if (arr)
|
|
||||||
arr[i] = (CK_ULONG)val;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:16:51 +0200
|
|
||||||
Subject: [PATCH 06/10] rpc-server: p11_kit_remote_serve_tokens: Fix memleak
|
|
||||||
|
|
||||||
---
|
|
||||||
p11-kit/rpc-server.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
|
||||||
index 3a8991d..5b3dbf0 100644
|
|
||||||
--- a/p11-kit/rpc-server.c
|
|
||||||
+++ b/p11-kit/rpc-server.c
|
|
||||||
@@ -2285,6 +2285,11 @@ p11_kit_remote_serve_tokens (const char **tokens,
|
|
||||||
p11_kit_modules_release (modules);
|
|
||||||
if (error != 0)
|
|
||||||
errno = error;
|
|
||||||
+ if (uris) {
|
|
||||||
+ for (i = 0; i < n_tokens; i++)
|
|
||||||
+ p11_kit_uri_free (uris[i]);
|
|
||||||
+ free (uris);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From 033cd90806cb1e2eab7e799703757abc2f07052e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:18:05 +0200
|
|
||||||
Subject: [PATCH 07/10] proxy: Fix null dereference when reusing slots
|
|
||||||
|
|
||||||
---
|
|
||||||
p11-kit/proxy.c | 5 ++++-
|
|
||||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
|
||||||
index 11e6165..8eaf205 100644
|
|
||||||
--- a/p11-kit/proxy.c
|
|
||||||
+++ b/p11-kit/proxy.c
|
|
||||||
@@ -307,7 +307,10 @@ proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded,
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
py->mappings[py->n_mappings].funcs = funcs;
|
|
||||||
- py->mappings[py->n_mappings].wrap_slot = j == n_mappings ? py->n_mappings + MAPPING_OFFSET : mappings[j].wrap_slot;
|
|
||||||
+ py->mappings[py->n_mappings].wrap_slot =
|
|
||||||
+ (n_mappings == 0 || j == n_mappings) ?
|
|
||||||
+ py->n_mappings + MAPPING_OFFSET :
|
|
||||||
+ mappings[j].wrap_slot;
|
|
||||||
py->mappings[py->n_mappings].real_slot = slots[i];
|
|
||||||
++py->n_mappings;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From da73c2804b3ca962fa51473bb4c303a5ed32d4a1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Tue, 16 Oct 2018 18:20:12 +0200
|
|
||||||
Subject: [PATCH 08/10] trust: Set umask before calling mkstemp
|
|
||||||
|
|
||||||
---
|
|
||||||
trust/save.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/trust/save.c b/trust/save.c
|
|
||||||
index 8184e13..bb77348 100644
|
|
||||||
--- a/trust/save.c
|
|
||||||
+++ b/trust/save.c
|
|
||||||
@@ -95,6 +95,7 @@ p11_save_open_file (const char *path,
|
|
||||||
{
|
|
||||||
p11_save_file *file;
|
|
||||||
char *temp;
|
|
||||||
+ mode_t mode;
|
|
||||||
int fd;
|
|
||||||
|
|
||||||
return_val_if_fail (path != NULL, NULL);
|
|
||||||
@@ -105,7 +106,9 @@ p11_save_open_file (const char *path,
|
|
||||||
if (asprintf (&temp, "%s%s.XXXXXX", path, extension) < 0)
|
|
||||||
return_val_if_reached (NULL);
|
|
||||||
|
|
||||||
+ mode = umask (0077);
|
|
||||||
fd = mkstemp (temp);
|
|
||||||
+ umask (mode);
|
|
||||||
if (fd < 0) {
|
|
||||||
p11_message_err (errno, "couldn't create file: %s%s", path, extension);
|
|
||||||
free (temp);
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From 6417780ebbbbb0f01ddb001b239347655fb98578 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Wed, 17 Oct 2018 09:53:27 +0200
|
|
||||||
Subject: [PATCH 09/10] rpc-server: Check calloc failure
|
|
||||||
|
|
||||||
---
|
|
||||||
p11-kit/rpc-server.c | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
|
||||||
index 5b3dbf0..3216742 100644
|
|
||||||
--- a/p11-kit/rpc-server.c
|
|
||||||
+++ b/p11-kit/rpc-server.c
|
|
||||||
@@ -2219,6 +2219,10 @@ p11_kit_remote_serve_tokens (const char **tokens,
|
|
||||||
filter = p11_dict_get (filters, module);
|
|
||||||
if (filter == NULL) {
|
|
||||||
lower = calloc (1, sizeof (p11_virtual));
|
|
||||||
+ if (lower == NULL) {
|
|
||||||
+ error = ENOMEM;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
p11_virtual_init (lower, &p11_virtual_base, module, NULL);
|
|
||||||
filter = p11_filter_subclass (lower, NULL);
|
|
||||||
if (filter == NULL) {
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
||||||
|
|
||||||
From 83e92c2f9575707083d8b0c70ef330e285d70836 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Wed, 17 Oct 2018 09:53:46 +0200
|
|
||||||
Subject: [PATCH 10/10] trust: Check index->buckets is allocated on cleanup
|
|
||||||
|
|
||||||
---
|
|
||||||
trust/index.c | 8 +++++---
|
|
||||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/trust/index.c b/trust/index.c
|
|
||||||
index 6a8e535..2d1da29 100644
|
|
||||||
--- a/trust/index.c
|
|
||||||
+++ b/trust/index.c
|
|
||||||
@@ -193,9 +193,11 @@ p11_index_free (p11_index *index)
|
|
||||||
|
|
||||||
p11_dict_free (index->objects);
|
|
||||||
p11_dict_free (index->changes);
|
|
||||||
- for (i = 0; i < NUM_BUCKETS; i++)
|
|
||||||
- free (index->buckets[i].elem);
|
|
||||||
- free (index->buckets);
|
|
||||||
+ if (index->buckets) {
|
|
||||||
+ for (i = 0; i < NUM_BUCKETS; i++)
|
|
||||||
+ free (index->buckets[i].elem);
|
|
||||||
+ free (index->buckets);
|
|
||||||
+ }
|
|
||||||
free (index);
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
|
@ -1,71 +0,0 @@
|
||||||
From 6e1046de2233fba7875d3d6a1b260192678dd0ad Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <dueno@redhat.com>
|
|
||||||
Date: Fri, 19 Oct 2018 10:21:36 +0200
|
|
||||||
Subject: [PATCH] virtual: Prefer fixed closures to libffi closures
|
|
||||||
|
|
||||||
On some circumstances (such as when loading p11-kit-proxy from httpd),
|
|
||||||
it is known that creation of libffi closure always fails, due to
|
|
||||||
SELinux policy. Although this is harmless, it pollutes the journal
|
|
||||||
and gives wrong hints when troubleshooting. This patch changes the
|
|
||||||
order of preference of libffi vs pre-compiled closures to avoid that.
|
|
||||||
---
|
|
||||||
p11-kit/virtual.c | 19 ++++++++++++++-----
|
|
||||||
1 file changed, 14 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c
|
|
||||||
index 6abfe7a..338239f 100644
|
|
||||||
--- a/p11-kit/virtual.c
|
|
||||||
+++ b/p11-kit/virtual.c
|
|
||||||
@@ -2832,9 +2832,14 @@ p11_virtual_wrap (p11_virtual *virt,
|
|
||||||
p11_destroyer destroyer)
|
|
||||||
{
|
|
||||||
Wrapper *wrapper;
|
|
||||||
+ CK_FUNCTION_LIST *result;
|
|
||||||
|
|
||||||
return_val_if_fail (virt != NULL, NULL);
|
|
||||||
|
|
||||||
+ result = p11_virtual_wrap_fixed (virt, destroyer);
|
|
||||||
+ if (result)
|
|
||||||
+ return result;
|
|
||||||
+
|
|
||||||
wrapper = calloc (1, sizeof (Wrapper));
|
|
||||||
return_val_if_fail (wrapper != NULL, NULL);
|
|
||||||
|
|
||||||
@@ -2844,8 +2849,10 @@ p11_virtual_wrap (p11_virtual *virt,
|
|
||||||
wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR;
|
|
||||||
wrapper->fixed_index = -1;
|
|
||||||
|
|
||||||
- if (!init_wrapper_funcs (wrapper))
|
|
||||||
- return p11_virtual_wrap_fixed (virt, destroyer);
|
|
||||||
+ if (!init_wrapper_funcs (wrapper)) {
|
|
||||||
+ free (wrapper);
|
|
||||||
+ return_val_if_reached (NULL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
assert ((void *)wrapper == (void *)&wrapper->bound);
|
|
||||||
assert (p11_virtual_is_wrapper (&wrapper->bound));
|
|
||||||
@@ -2859,7 +2866,11 @@ CK_FUNCTION_LIST *
|
|
||||||
p11_virtual_wrap (p11_virtual *virt,
|
|
||||||
p11_destroyer destroyer)
|
|
||||||
{
|
|
||||||
- return p11_virtual_wrap_fixed (virt, destroyer);
|
|
||||||
+ CK_FUNCTION_LIST *result;
|
|
||||||
+
|
|
||||||
+ result = p11_virtual_wrap_fixed (virt, destroyer);
|
|
||||||
+ return_val_if_fail (result != NULL, NULL);
|
|
||||||
+ return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* !FFI_CLOSURES */
|
|
||||||
@@ -3068,8 +3079,6 @@ p11_virtual_wrap_fixed (p11_virtual *virt,
|
|
||||||
}
|
|
||||||
p11_mutex_unlock (&p11_virtual_mutex);
|
|
||||||
|
|
||||||
- return_val_if_fail (result != NULL, NULL);
|
|
||||||
-
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
|
@ -1,49 +0,0 @@
|
||||||
From 4a925177a81c2566d2a81a0a450607a5ff4d9048 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefano Garzarella <sgarzare@redhat.com>
|
|
||||||
Date: Wed, 27 Feb 2019 12:25:20 +0100
|
|
||||||
Subject: [PATCH] modules: check gl.modules before iterates on it when freeing
|
|
||||||
|
|
||||||
In some circumstances, as described in the BZ, can happen that
|
|
||||||
free_modules_when_no_refs_unlocked() is called multiple times
|
|
||||||
when the module destructor is invoked.
|
|
||||||
We should check gl.modules before iterates on it in the
|
|
||||||
free_modules_when_no_refs_unlocked() functions, to avoid
|
|
||||||
a SIGSEGV.
|
|
||||||
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963
|
|
||||||
---
|
|
||||||
p11-kit/modules.c | 18 ++++++++++--------
|
|
||||||
1 file changed, 10 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
|
|
||||||
index 0299eda..891ce4c 100644
|
|
||||||
--- a/p11-kit/modules.c
|
|
||||||
+++ b/p11-kit/modules.c
|
|
||||||
@@ -797,14 +797,16 @@ init_globals_unlocked (void)
|
|
||||||
static void
|
|
||||||
free_modules_when_no_refs_unlocked (void)
|
|
||||||
{
|
|
||||||
- Module *mod;
|
|
||||||
- p11_dictiter iter;
|
|
||||||
-
|
|
||||||
- /* Check if any modules have a ref count */
|
|
||||||
- p11_dict_iterate (gl.modules, &iter);
|
|
||||||
- while (p11_dict_next (&iter, (void **)&mod, NULL)) {
|
|
||||||
- if (mod->ref_count)
|
|
||||||
- return;
|
|
||||||
+ if (gl.modules) {
|
|
||||||
+ Module *mod;
|
|
||||||
+ p11_dictiter iter;
|
|
||||||
+
|
|
||||||
+ /* Check if any modules have a ref count */
|
|
||||||
+ p11_dict_iterate (gl.modules, &iter);
|
|
||||||
+ while (p11_dict_next (&iter, (void **)&mod, NULL)) {
|
|
||||||
+ if (mod->ref_count)
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
p11_dict_free (gl.unmanaged_by_funcs);
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
|
@ -1,26 +1,38 @@
|
||||||
# This spec file has been automatically updated
|
# This spec file has been automatically updated
|
||||||
Version: 0.23.14
|
Version: 0.23.22
|
||||||
Release: 5%{?dist}
|
Release: 2%{?dist}
|
||||||
Name: p11-kit
|
Name: p11-kit
|
||||||
Summary: Library for loading and sharing PKCS#11 modules
|
Summary: Library for loading and sharing PKCS#11 modules
|
||||||
|
|
||||||
License: BSD
|
License: BSD-3-Clause
|
||||||
URL: http://p11-glue.freedesktop.org/p11-kit.html
|
URL: http://p11-glue.freedesktop.org/p11-kit.html
|
||||||
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
|
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz
|
||||||
Source1: trust-extract-compat
|
Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
|
||||||
Source2: p11-kit-client.service
|
Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
Patch1: p11-kit-coverity.patch
|
Source3: trust-extract-compat
|
||||||
Patch2: p11-kit-lower-libffi-priority.patch
|
Source4: p11-kit-client.service
|
||||||
Patch3: p11-kit-unloading-fix.patch
|
|
||||||
|
Patch0: 001-dt-needed.patch
|
||||||
|
Patch1: 002-doc-dep.patch
|
||||||
|
# commits: 4059f17, d07a8ff, 218e971, c4ade85, 242e5db, ac0da82, 7235af6,
|
||||||
|
# b72aa47, 506b941, 3c0be1d, 7ea5901, 7675f86, d1782b6
|
||||||
|
Patch2: 003-IBM-mechs-and-attrs.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: libtasn1-devel >= 2.3
|
BuildRequires: libtasn1-devel >= 2.3
|
||||||
|
BuildRequires: libtasn1-tools
|
||||||
BuildRequires: libffi-devel
|
BuildRequires: libffi-devel
|
||||||
|
BuildRequires: gettext
|
||||||
BuildRequires: gtk-doc
|
BuildRequires: gtk-doc
|
||||||
BuildRequires: systemd-devel
|
BuildRequires: meson
|
||||||
|
BuildRequires: systemd-devel
|
||||||
|
BuildRequires: bash-completion
|
||||||
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
||||||
# Remove this once it is fixed
|
# Remove this once it is fixed
|
||||||
BuildRequires: pkgconfig(glib-2.0)
|
BuildRequires: pkgconfig(glib-2.0)
|
||||||
|
BuildRequires: pkgconfig(systemd)
|
||||||
|
BuildRequires: gnupg2
|
||||||
|
BuildRequires: /usr/bin/xsltproc
|
||||||
|
|
||||||
%description
|
%description
|
||||||
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
||||||
|
@ -38,15 +50,15 @@ developing applications that use %{name}.
|
||||||
|
|
||||||
|
|
||||||
%package trust
|
%package trust
|
||||||
Summary: System trust module from %{name}
|
Summary: System trust module from %{name}
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires(post): %{_sbindir}/update-alternatives
|
Requires(post): %{_sbindir}/alternatives
|
||||||
Requires(postun): %{_sbindir}/update-alternatives
|
Requires(postun): %{_sbindir}/alternatives
|
||||||
Conflicts: nss < 3.14.3-9
|
Conflicts: nss < 3.14.3-9
|
||||||
|
|
||||||
%description trust
|
%description trust
|
||||||
The %{name}-trust package contains a system trust PKCS#11 module which
|
The %{name}-trust package contains a system trust PKCS#11 module which
|
||||||
contains certificate anchors and black lists.
|
contains certificate anchors and blocklists.
|
||||||
|
|
||||||
|
|
||||||
%package server
|
%package server
|
||||||
|
@ -69,49 +81,46 @@ feature is still experimental.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
|
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||||
|
|
||||||
%autosetup -p1
|
%autosetup -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# These paths are the source paths that come from the plan here:
|
# These paths are the source paths that come from the plan here:
|
||||||
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
|
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
|
||||||
%configure --disable-static --enable-doc --with-trust-paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source --disable-silent-rules
|
%meson -Dgtk_doc=true -Dman=true -Dtrust_paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source
|
||||||
make %{?_smp_mflags} V=1
|
%meson_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
%meson_install
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
install -p -m 755 %{SOURCE3} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
|
|
||||||
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
|
|
||||||
# Install the example conf with %%doc instead
|
# Install the example conf with %%doc instead
|
||||||
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
|
mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}
|
||||||
|
mv $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example $RPM_BUILD_ROOT%{_docdir}/%{name}/pkcs11.conf.example
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
|
mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
|
||||||
install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
|
install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir}
|
||||||
|
%find_lang %{name}
|
||||||
|
|
||||||
%check
|
%check
|
||||||
make check
|
%meson_test
|
||||||
|
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%post trust
|
%post trust
|
||||||
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
|
%{_sbindir}/alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
|
||||||
%{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%postun trust
|
%postun trust
|
||||||
if [ $1 -eq 0 ] ; then
|
if [ $1 -eq 0 ] ; then
|
||||||
# package removal
|
# package removal
|
||||||
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
|
%{_sbindir}/alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
%files
|
%files -f %{name}.lang
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%doc AUTHORS NEWS README
|
%doc AUTHORS NEWS README
|
||||||
%doc p11-kit/pkcs11.conf.example
|
%{_docdir}/%{name}/pkcs11.conf.example
|
||||||
%dir %{_sysconfdir}/pkcs11
|
%dir %{_sysconfdir}/pkcs11
|
||||||
%dir %{_sysconfdir}/pkcs11/modules
|
%dir %{_sysconfdir}/pkcs11/modules
|
||||||
%dir %{_datadir}/p11-kit
|
%dir %{_datadir}/p11-kit
|
||||||
|
@ -124,6 +133,7 @@ fi
|
||||||
%{_mandir}/man1/trust.1.gz
|
%{_mandir}/man1/trust.1.gz
|
||||||
%{_mandir}/man8/p11-kit.8.gz
|
%{_mandir}/man8/p11-kit.8.gz
|
||||||
%{_mandir}/man5/pkcs11.conf.5.gz
|
%{_mandir}/man5/pkcs11.conf.5.gz
|
||||||
|
%{_datadir}/bash-completion/completions/p11-kit
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%{_includedir}/p11-kit-1/
|
%{_includedir}/p11-kit-1/
|
||||||
|
@ -138,6 +148,7 @@ fi
|
||||||
%{_libdir}/pkcs11/p11-kit-trust.so
|
%{_libdir}/pkcs11/p11-kit-trust.so
|
||||||
%{_datadir}/p11-kit/modules/p11-kit-trust.module
|
%{_datadir}/p11-kit/modules/p11-kit-trust.module
|
||||||
%{_libexecdir}/p11-kit/trust-extract-compat
|
%{_libexecdir}/p11-kit/trust-extract-compat
|
||||||
|
%{_datadir}/bash-completion/completions/trust
|
||||||
|
|
||||||
%files server
|
%files server
|
||||||
%{_libdir}/pkcs11/p11-kit-client.so
|
%{_libdir}/pkcs11/p11-kit-client.so
|
||||||
|
@ -148,6 +159,29 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 01 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.23.22-2
|
||||||
|
- Add IBM specific mechanisms and attributes
|
||||||
|
Resolves: RHEL-10571
|
||||||
|
|
||||||
|
* Mon Jan 11 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-1
|
||||||
|
- Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363)
|
||||||
|
- Preserve DT_NEEDED information from the previous version, flagged by rpmdiff
|
||||||
|
- Add xsltproc to BR
|
||||||
|
|
||||||
|
* Tue Nov 10 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-4
|
||||||
|
- Fix realloc usage on proxy cleanup (#1894979)
|
||||||
|
- Make 'trust anchor --store' preserve all attributes from .p11-kit files
|
||||||
|
|
||||||
|
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-3
|
||||||
|
- Restore clobbered changelog entry
|
||||||
|
|
||||||
|
* Mon Nov 2 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-2
|
||||||
|
- Update p11-kit-invalid-config.patch to be more thorough (thanks to
|
||||||
|
Alexander Sosedkin)
|
||||||
|
|
||||||
|
* Tue Oct 20 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-1
|
||||||
|
- Update to upstream 0.23.21 release
|
||||||
|
|
||||||
* Fri Mar 29 2019 Daiki Ueno <dueno@redhat.com> - 0.23.14-5
|
* Fri Mar 29 2019 Daiki Ueno <dueno@redhat.com> - 0.23.14-5
|
||||||
- Fix crash on unloading the library, when it is both linked and dlopen'ed
|
- Fix crash on unloading the library, when it is both linked and dlopen'ed
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue