Initialize seccomp again in dispatch threads, only requiring a
small subset of the syscalls required by the parent process.

Rewrite to use open() instead of fopen() to avoid having to
seccomp-allow the mmap() syscall.

The list of allowed syscalls is shrinked by postponing seccomp
initialization to after the PKCS#11 module is initialized and
the network socket is opened.

Code to pass NULL strings was only used in C_InitToken, but since
the argument there was really space padded and not NULL terminated,
this code is no longer needed.

PKCS#11 v2.2 is very clear that the 'label' argument provided to
C_InitToken is *not* necessarily NULL-terminated, but rather of
fixed size (32 bytes) and whitespace-padded.

Two potential issues reported by clang.

Threads on pkcs11-proxy map to applications rather than threads in the
PKCS#11 (v2.2) specification. It is therefor important to not close
sessions opened by other threads in C_CloseAllSessions.

Since p11proxy is a threaded application, the underlying p11
module should do locking (the proxy does no locking).

New name : gck_rpc_parse_host_port().

Resolve host/service to listen on using getaddrinfo().

I am a bit uncertain about this change, since both NULL and non-NULL
will make test cases fail within the SoftHSM test suite for example
(some SoftHSM C_ functions want the pointer to be NULL when there
are no attributes, and some allow (expect) it to be possible to pass a
non-NULL pointer with a zero count).

It seems that making it a NULL pointer when the count is 0 is the most
sensible thing though. How could the C_ function use the data pointed
to by the pointer, when the count says there is no data there? The
result would really be undefined.

Remove a bunch of input data checks now that byte buffers support
NULL data length pointers in order to be as transparent as possible.

Since PKCS#11 module initialization is done globally on the server side,
the real PKCS#11 modules check for initialization is made a no-op. The
only place it is possible to check for proper initialization by the
application is here - on the client side.

A number of PKCS#11 functions take a pointer to a buffer size as
argument. To be a transparent proxy of PKCS#11 calls, it is necessary to
support invoking these functions with a NULL pointer. pkcs11-proxy used
to send the buffer size as an integer and create a pointer to the integer
on the server side, but this is different to the backend PKCS#11 module
in some cases.

E.g. the C_Encrypt call is specified to have side effectes (finalizing)
when called with a NULL encrypted data length. The softhsm test suite
exposed that these side effects never occured because the NULL data length
pointer was conveyed as a valid pointer to the integer zero.

Since an additional uint8_t was added to "byte buffers", this is an
backwards incompatible change. As such, the version number in the protocol
greeting was increased (GCK_RPC_HANDSHAKE).

Passing size_t to _get_uint32 might leave garbage in top 32 bits of size_t
on 64 bits platforms. While initializing the size_t to 0 would probably
work, using a temporary uint32_t and casting that is more explicit IMO.

Sending side gck_rpc_message_write_byte_array() adds length data
when valid == 0, so receiving code (this) need to parse that obviosly.

Since proto_write_attribute_array() happily writes arrays with len == 0,
we should probably parse them. Tounge in cheek.

Necessary to close all ongoing sessions.

This harmonizes with the softhsm test suite.

This matches the PKCS#11 specification better, and also matches
the test cases for softhsm.