This project is mirrored from https://github.com/smallstep/pkcs11-proxy.
Pull mirroring updated .
- Jan 29, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
Initialize seccomp again in dispatch threads, only requiring a small subset of the syscalls required by the parent process.
-
Fredrik Thulin authored
Rewrite to use open() instead of fopen() to avoid having to seccomp-allow the mmap() syscall.
-
Fredrik Thulin authored
The list of allowed syscalls is shrinked by postponing seccomp initialization to after the PKCS#11 module is initialized and the network socket is opened.
-
Fredrik Thulin authored
-
Fredrik Thulin authored
-
- Jan 28, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
-
Fredrik Thulin authored
-
- Jan 21, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
Code to pass NULL strings was only used in C_InitToken, but since the argument there was really space padded and not NULL terminated, this code is no longer needed.
-
Fredrik Thulin authored
PKCS#11 v2.2 is very clear that the 'label' argument provided to C_InitToken is *not* necessarily NULL-terminated, but rather of fixed size (32 bytes) and whitespace-padded.
-
Fredrik Thulin authored
-
- Jan 18, 2013
-
-
Fredrik Thulin authored
Two potential issues reported by clang.
-
Fredrik Thulin authored
Threads on pkcs11-proxy map to applications rather than threads in the PKCS#11 (v2.2) specification. It is therefor important to not close sessions opened by other threads in C_CloseAllSessions.
-
- Jan 17, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
Since p11proxy is a threaded application, the underlying p11 module should do locking (the proxy does no locking).
-
- Jan 16, 2013
-
-
Fredrik Thulin authored
-
- Jan 15, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
-
Fredrik Thulin authored
-
- Jan 14, 2013
-
-
Fredrik Thulin authored
New name : gck_rpc_parse_host_port().
-
Fredrik Thulin authored
Resolve host/service to listen on using getaddrinfo().
-
- Jan 09, 2013
-
-
Fredrik Thulin authored
-
- Jan 08, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
-
Fredrik Thulin authored
I am a bit uncertain about this change, since both NULL and non-NULL will make test cases fail within the SoftHSM test suite for example (some SoftHSM C_ functions want the pointer to be NULL when there are no attributes, and some allow (expect) it to be possible to pass a non-NULL pointer with a zero count). It seems that making it a NULL pointer when the count is 0 is the most sensible thing though. How could the C_ function use the data pointed to by the pointer, when the count says there is no data there? The result would really be undefined.
-
- Jan 07, 2013
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
Remove a bunch of input data checks now that byte buffers support NULL data length pointers in order to be as transparent as possible.
-
Fredrik Thulin authored
Since PKCS#11 module initialization is done globally on the server side, the real PKCS#11 modules check for initialization is made a no-op. The only place it is possible to check for proper initialization by the application is here - on the client side.
-
Fredrik Thulin authored
A number of PKCS#11 functions take a pointer to a buffer size as argument. To be a transparent proxy of PKCS#11 calls, it is necessary to support invoking these functions with a NULL pointer. pkcs11-proxy used to send the buffer size as an integer and create a pointer to the integer on the server side, but this is different to the backend PKCS#11 module in some cases. E.g. the C_Encrypt call is specified to have side effectes (finalizing) when called with a NULL encrypted data length. The softhsm test suite exposed that these side effects never occured because the NULL data length pointer was conveyed as a valid pointer to the integer zero. Since an additional uint8_t was added to "byte buffers", this is an backwards incompatible change. As such, the version number in the protocol greeting was increased (GCK_RPC_HANDSHAKE).
-
- Dec 21, 2012
-
-
Fredrik Thulin authored
Passing size_t to _get_uint32 might leave garbage in top 32 bits of size_t on 64 bits platforms. While initializing the size_t to 0 would probably work, using a temporary uint32_t and casting that is more explicit IMO.
-
- Dec 20, 2012
-
-
Fredrik Thulin authored
-
Fredrik Thulin authored
Sending side gck_rpc_message_write_byte_array() adds length data when valid == 0, so receiving code (this) need to parse that obviosly.
-
- Dec 19, 2012
-
-
Fredrik Thulin authored
Since proto_write_attribute_array() happily writes arrays with len == 0, we should probably parse them. Tounge in cheek.
-
Fredrik Thulin authored
-
Fredrik Thulin authored
Necessary to close all ongoing sessions.
-
Fredrik Thulin authored
-
- Dec 18, 2012
-
-
Fredrik Thulin authored
This harmonizes with the softhsm test suite.
-
Fredrik Thulin authored
This matches the PKCS#11 specification better, and also matches the test cases for softhsm.
-