commit b61746609a0cb8fecc24c5dc00bdda0bb8316c18 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:11:11 2019 -0400 Package init diff --git a/build-Call-va_end-always-when-leaving-the-function.patch b/build-Call-va_end-always-when-leaving-the-function.patch new file mode 100644 index 0000000..6e2befa --- /dev/null +++ b/build-Call-va_end-always-when-leaving-the-function.patch @@ -0,0 +1,79 @@ +From c76197ddbbd0c29adc2bceff2ee9f740f71d134d Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 16 Oct 2018 18:06:56 +0200 +Subject: [PATCH 04/36] build: Call va_end() always when leaving the function + +--- + common/attrs.c | 4 +++- + common/compat.c | 5 ++++- + common/path.c | 5 ++++- + trust/parser.c | 4 +++- + 4 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/common/attrs.c b/common/attrs.c +index aa91891..a387a66 100644 +--- a/common/attrs.c ++++ b/common/attrs.c +@@ -538,8 +538,10 @@ buffer_append_printf (p11_buffer *buffer, + va_list va; + + va_start (va, format); +- if (vasprintf (&string, format, va) < 0) ++ if (vasprintf (&string, format, va) < 0) { ++ va_end (va); + return_if_reached (); ++ } + va_end (va); + + p11_buffer_add (buffer, string, -1); +diff --git a/common/compat.c b/common/compat.c +index 5a9702d..48614fa 100644 +--- a/common/compat.c ++++ b/common/compat.c +@@ -525,7 +525,10 @@ strconcat (const char *first, + for (arg = first; arg; arg = va_arg (va, const char*)) { + size_t old_length = length; + length += strlen (arg); +- return_val_if_fail (length >= old_length, NULL); ++ if (length < old_length) { ++ va_end (va); ++ return_val_if_reached (NULL); ++ } + } + + va_end (va); +diff --git a/common/path.c b/common/path.c +index 5cf0e1a..17a6230 100644 +--- a/common/path.c ++++ b/common/path.c +@@ -218,7 +218,10 @@ p11_path_build (const char *path, + while (path != NULL) { + size_t old_len = len; + len += strlen (path) + 1; +- return_val_if_fail (len >= old_len, NULL); ++ if (len < old_len) { ++ va_end (va); ++ return_val_if_reached (NULL); ++ } + path = va_arg (va, const char *); + } + va_end (va); +diff --git a/trust/parser.c b/trust/parser.c +index f92cdc9..e912c3a 100644 +--- a/trust/parser.c ++++ b/trust/parser.c +@@ -697,8 +697,10 @@ p11_parser_formats (p11_parser *parser, + func = va_arg (va, parser_func); + if (func == NULL) + break; +- if (!p11_array_push (formats, func)) ++ if (!p11_array_push (formats, func)) { ++ va_end (va); + return_if_reached (); ++ } + } + va_end (va); + +-- +2.19.1 + diff --git a/debug-Work-around-cppcheck-false-positives.patch b/debug-Work-around-cppcheck-false-positives.patch new file mode 100644 index 0000000..1863422 --- /dev/null +++ b/debug-Work-around-cppcheck-false-positives.patch @@ -0,0 +1,42 @@ +From 8a8db182af533a43b4d478d28af8623035475d68 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 16 Oct 2018 18:05:10 +0200 +Subject: [PATCH 03/36] debug: Work around cppcheck false-positives + +https://trac.cppcheck.net/ticket/8794 +--- + common/debug.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/common/debug.h b/common/debug.h +index 255c62c..7ea36f3 100644 +--- a/common/debug.h ++++ b/common/debug.h +@@ -71,13 +71,13 @@ void p11_debug_precond (const char *format, + #endif + + #define return_val_if_fail(x, v) \ +- do { if (!(x)) { \ ++ do { if (x) { } else { \ + p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ + return v; \ + } } while (false) + + #define return_if_fail(x) \ +- do { if (!(x)) { \ ++ do { if (x) { } else { \ + p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ + return; \ + } } while (false) +@@ -100,7 +100,7 @@ void p11_debug_precond (const char *format, + } while (false) + + #define warn_if_fail(x) \ +- do { if (!(x)) { \ ++ do { if (x) { } else { \ + p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ + } } while (false) + +-- +2.19.1 + diff --git a/modules-Fix-index-used-in-call-to-p11_dict_remove.patch b/modules-Fix-index-used-in-call-to-p11_dict_remove.patch new file mode 100644 index 0000000..df65ef1 --- /dev/null +++ b/modules-Fix-index-used-in-call-to-p11_dict_remove.patch @@ -0,0 +1,31 @@ +From 793cc3b78f17bb5a3c151eba1144b73a5d51be3e Mon Sep 17 00:00:00 2001 +From: Simon Haggett +Date: Tue, 12 Mar 2019 11:26:20 +0000 +Subject: [PATCH 36/36] modules: Fix index used in call to p11_dict_remove() + +This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use +the correct index in the stolen array (i, rather than at). This avoids an +assert, which was encountered on a host serving a PKCS#11 module to a remote +Linux client. + +Signed-off-by: Simon Haggett +--- + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/p11-kit/modules.c b/p11-kit/modules.c +index 891ce4c..39e1fda 100644 +--- a/p11-kit/modules.c ++++ b/p11-kit/modules.c +@@ -1647,7 +1647,7 @@ managed_steal_sessions_inlock (p11_dict *sessions, + /* Only removed some, go through and remove those */ + } else { + for (i = 0; i < at; i++) { +- if (!p11_dict_remove (sessions, stolen + at)) ++ if (!p11_dict_remove (sessions, stolen + i)) + assert_not_reached (); + } + } +-- +2.19.1 + diff --git a/modules-check-gl.modules-before-iterates-on-it-when-.patch b/modules-check-gl.modules-before-iterates-on-it-when-.patch new file mode 100644 index 0000000..38c5c28 --- /dev/null +++ b/modules-check-gl.modules-before-iterates-on-it-when-.patch @@ -0,0 +1,50 @@ +From 4a925177a81c2566d2a81a0a450607a5ff4d9048 Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Wed, 27 Feb 2019 12:25:20 +0100 +Subject: [PATCH 34/36] modules: check gl.modules before iterates on it when + freeing + +In some circumstances, as described in the BZ, can happen that +free_modules_when_no_refs_unlocked() is called multiple times +when the module destructor is invoked. +We should check gl.modules before iterates on it in the +free_modules_when_no_refs_unlocked() functions, to avoid +a SIGSEGV. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963 +--- + p11-kit/modules.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/p11-kit/modules.c b/p11-kit/modules.c +index 0299eda..891ce4c 100644 +--- a/p11-kit/modules.c ++++ b/p11-kit/modules.c +@@ -797,14 +797,16 @@ init_globals_unlocked (void) + static void + free_modules_when_no_refs_unlocked (void) + { +- Module *mod; +- p11_dictiter iter; +- +- /* Check if any modules have a ref count */ +- p11_dict_iterate (gl.modules, &iter); +- while (p11_dict_next (&iter, (void **)&mod, NULL)) { +- if (mod->ref_count) +- return; ++ if (gl.modules) { ++ Module *mod; ++ p11_dictiter iter; ++ ++ /* Check if any modules have a ref count */ ++ p11_dict_iterate (gl.modules, &iter); ++ while (p11_dict_next (&iter, (void **)&mod, NULL)) { ++ if (mod->ref_count) ++ return; ++ } + } + + p11_dict_free (gl.unmanaged_by_funcs); +-- +2.19.1 + diff --git a/p11-kit-0.23.14.tar.gz b/p11-kit-0.23.14.tar.gz new file mode 100644 index 0000000..0e68c9a Binary files /dev/null and b/p11-kit-0.23.14.tar.gz differ diff --git a/p11-kit-client.service b/p11-kit-client.service new file mode 100644 index 0000000..c9b8e30 --- /dev/null +++ b/p11-kit-client.service @@ -0,0 +1,11 @@ +[Unit] +Description=p11-kit client + +[Service] +Type=oneshot +RemainAfterExit=true +RuntimeDirectory=p11-kit +ExecStart=/usr/bin/true + +[Install] +WantedBy=default.target diff --git a/p11-kit.spec b/p11-kit.spec new file mode 100644 index 0000000..a74fc93 --- /dev/null +++ b/p11-kit.spec @@ -0,0 +1,133 @@ +Name: p11-kit +Version: 0.23.14 +Release: 2 +Summary: Provides a way to load and enumerate PKCS#11 modules. +License: BSD +URL: http://p11-glue.freedesktop.org/p11-kit.html + +Source0: %{name}-%{version}.tar.gz +Source1: trust-extract-compat +Source2: p11-kit-client.service + +Patch6001: debug-Work-around-cppcheck-false-positives.patch +Patch6002: build-Call-va_end-always-when-leaving-the-function.patch +Patch6003: rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch +Patch6004: rpc-server-Check-calloc-failure.patch +Patch6005: trust-Check-index-buckets-is-allocated-on-cleanup.patch +Patch6006: trust-Propagate-library-verbosity-to-module-through-.patch +Patch6007: trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch +Patch6008: trust-p11_token_load-Treat-parse-error-as-failure.patch +Patch6009: trust-Continue-parsing-if-the-file-cannot-be-read-as.patch +Patch6010: pem-Fix-assert-condition.patch +Patch6011: trust-Ignore-unreadable-content-in-anchors.patch +Patch6012: modules-check-gl.modules-before-iterates-on-it-when-.patch +Patch6013: modules-Fix-index-used-in-call-to-p11_dict_remove.patch + +BuildRequires: gcc libtasn1-devel >= 2.3 libffi-devel gtk-doc systemd-devel pkgconfig(glib-2.0) + +%description +Provides a way to load and enumerate PKCS#11 modules. +Provides a standard configuration setup for installing +PKCS#11 modules in such a way that they're discoverable. +Also solves problems with coordinating the use of PKCS#11 +by different components or libraries living in the same process. + +Provides: %{name}-server +Obsoletes: %{name}-server + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} + +%description devel +Provides header and libraries files for applications use %{name} to develop. + +%package trust +Summary: Trust policy module of %{name} +Requires: %{name} = %{version}-%{release} +Conflicts: nss < 3.14.3-9 + +%description trust +This package contains PKCS#11 trust policy module. + +%package help +Summary: Help infomation of %{name} +Requires: %{name} = %{version}-%{release} + +%description help +This package contains help information of p11-kit. + +%prep +%autosetup -p1 + +%build +%configure --enable-doc --with-trust-paths=/etc/pki/ca-trust/source:/usr/share/pki/ca-trust-source +make -j 4 V=1 + +%install +make install DESTDIR=$RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules +install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/ +install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir} +find $RPM_BUILD_ROOT -type f -name "*.la" -delete -print + +%check +make check + +%post -p /sbin/ldconfig + +%post trust +%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so 30 + +%postun -p /sbin/ldconfig + +%postun trust +if [ $1 -eq 0 ]; then + %{_sbindir}/update-alternatives --remove libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so +fi + +%files +%license COPYING +%dir %{_libexecdir}/p11-kit +%dir %{_sysconfdir}/pkcs11 +%dir %{_sysconfdir}/pkcs11/modules +%dir %{_datadir}/p11-kit +%dir %{_datadir}/p11-kit/modules +%{_bindir}/p11-kit +%{_libdir}/libp11-kit.so.* +%{_libdir}/p11-kit-proxy.so +%{_libdir}/pkcs11/p11-kit-client.so +%{_libexecdir}/p11-kit/p11-kit-remote +%{_libexecdir}/p11-kit/p11-kit-server +%{_userunitdir}/p11-kit-client.service +%{_userunitdir}/p11-kit-server.service +%{_userunitdir}/p11-kit-server.socket + +%files help +%doc AUTHORS NEWS README +%doc p11-kit/pkcs11.conf.example +%{_mandir}/man1/trust.1.gz +%{_mandir}/man8/p11-kit.8.gz +%{_mandir}/man5/pkcs11.conf.5.gz +%{_sysconfdir}/pkcs11/pkcs11.conf.example + +%files devel +%doc %{_datadir}/gtk-doc/ +%{_includedir}/p11-kit-1/ +%{_libdir}/libp11-kit.so +%{_libdir}/pkgconfig/p11-kit-1.pc + +%files trust +%{_bindir}/trust +%dir %{_libdir}/pkcs11 +%ghost %{_libdir}/libnssckbi.so +%{_libdir}/pkcs11/p11-kit-trust.so +%{_datadir}/p11-kit/modules/p11-kit-trust.module +%{_libexecdir}/p11-kit/trust-extract-compat + +%changelog +* Fri Sep 27 2019 openEuler Buildteam - 0.23.14-2 +- Correct patch number + +* Sat Sep 7 2019 openEuler Buildteam - 0.23.14-1 +- Package init diff --git a/pem-Fix-assert-condition.patch b/pem-Fix-assert-condition.patch new file mode 100644 index 0000000..46b8a45 --- /dev/null +++ b/pem-Fix-assert-condition.patch @@ -0,0 +1,58 @@ +From f277a1469aef05d3542e8ae9fd3f5dbadbe12463 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 11 Jan 2019 10:35:16 +0100 +Subject: [PATCH 30/36] pem: Fix assert condition + +If the PEM header is "-----BEGIN -----", *type should be an empty +string and the parser shouldn't fail. Reported by Han Han in: +https://bugzilla.redhat.com/show_bug.cgi?id=1665172 +--- + trust/pem.c | 2 +- + trust/test-pem.c | 18 ++++++++++++++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/trust/pem.c b/trust/pem.c +index ce4f554..fae7dd6 100644 +--- a/trust/pem.c ++++ b/trust/pem.c +@@ -84,7 +84,7 @@ pem_find_begin (const char *data, + + if (type) { + pref += ARMOR_PREF_BEGIN_L; +- assert (suff > pref); ++ assert (suff >= pref); + *type = strndup (pref, suff - pref); + return_val_if_fail (*type != NULL, NULL); + } +diff --git a/trust/test-pem.c b/trust/test-pem.c +index 0c7d60a..6feff86 100644 +--- a/trust/test-pem.c ++++ b/trust/test-pem.c +@@ -119,6 +119,24 @@ struct { + } + }, + ++ { ++ /* one block with empty type */ ++ "-----BEGIN -----\n" ++ "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" ++ "-----END -----", ++ { ++ { ++ "", ++ "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" ++ "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", ++ 30, ++ }, ++ { ++ NULL, ++ } ++ } ++ }, ++ + { + NULL, + } +-- +2.19.1 + diff --git a/rpc-server-Check-calloc-failure.patch b/rpc-server-Check-calloc-failure.patch new file mode 100644 index 0000000..3b85d59 --- /dev/null +++ b/rpc-server-Check-calloc-failure.patch @@ -0,0 +1,27 @@ +From 6417780ebbbbb0f01ddb001b239347655fb98578 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 17 Oct 2018 09:53:27 +0200 +Subject: [PATCH 11/36] rpc-server: Check calloc failure + +--- + p11-kit/rpc-server.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c +index 5b3dbf0..3216742 100644 +--- a/p11-kit/rpc-server.c ++++ b/p11-kit/rpc-server.c +@@ -2219,6 +2219,10 @@ p11_kit_remote_serve_tokens (const char **tokens, + filter = p11_dict_get (filters, module); + if (filter == NULL) { + lower = calloc (1, sizeof (p11_virtual)); ++ if (lower == NULL) { ++ error = ENOMEM; ++ goto out; ++ } + p11_virtual_init (lower, &p11_virtual_base, module, NULL); + filter = p11_filter_subclass (lower, NULL); + if (filter == NULL) { +-- +2.19.1 + diff --git a/rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch b/rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch new file mode 100644 index 0000000..3f6ec69 --- /dev/null +++ b/rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch @@ -0,0 +1,28 @@ +From 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 16 Oct 2018 18:16:51 +0200 +Subject: [PATCH 08/36] rpc-server: p11_kit_remote_serve_tokens: Fix memleak + +--- + p11-kit/rpc-server.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c +index 3a8991d..5b3dbf0 100644 +--- a/p11-kit/rpc-server.c ++++ b/p11-kit/rpc-server.c +@@ -2285,6 +2285,11 @@ p11_kit_remote_serve_tokens (const char **tokens, + p11_kit_modules_release (modules); + if (error != 0) + errno = error; ++ if (uris) { ++ for (i = 0; i < n_tokens; i++) ++ p11_kit_uri_free (uris[i]); ++ free (uris); ++ } + + return ret; + } +-- +2.19.1 + diff --git a/trust-Check-index-buckets-is-allocated-on-cleanup.patch b/trust-Check-index-buckets-is-allocated-on-cleanup.patch new file mode 100644 index 0000000..6dae406 --- /dev/null +++ b/trust-Check-index-buckets-is-allocated-on-cleanup.patch @@ -0,0 +1,31 @@ +From 83e92c2f9575707083d8b0c70ef330e285d70836 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 17 Oct 2018 09:53:46 +0200 +Subject: [PATCH 12/36] trust: Check index->buckets is allocated on cleanup + +--- + trust/index.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/trust/index.c b/trust/index.c +index 6a8e535..2d1da29 100644 +--- a/trust/index.c ++++ b/trust/index.c +@@ -193,9 +193,11 @@ p11_index_free (p11_index *index) + + p11_dict_free (index->objects); + p11_dict_free (index->changes); +- for (i = 0; i < NUM_BUCKETS; i++) +- free (index->buckets[i].elem); +- free (index->buckets); ++ if (index->buckets) { ++ for (i = 0; i < NUM_BUCKETS; i++) ++ free (index->buckets[i].elem); ++ free (index->buckets); ++ } + free (index); + } + +-- +2.19.1 + diff --git a/trust-Continue-parsing-if-the-file-cannot-be-read-as.patch b/trust-Continue-parsing-if-the-file-cannot-be-read-as.patch new file mode 100644 index 0000000..095fe54 --- /dev/null +++ b/trust-Continue-parsing-if-the-file-cannot-be-read-as.patch @@ -0,0 +1,29 @@ +From 5e6a92b67ddade14a54769b05cc717043bc56b78 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 25 Dec 2018 08:32:19 +0100 +Subject: [PATCH 27/36] trust: Continue parsing if the file cannot be read as + persist format + +A corrupted file that contains "[p11-kit-object-v1]" can be a valid +PEM certs file. Continue with the next format if it cannot be read as +a persistent format. +--- + trust/parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/trust/parser.c b/trust/parser.c +index e912c3a..e84e47c 100644 +--- a/trust/parser.c ++++ b/trust/parser.c +@@ -639,7 +639,7 @@ p11_parser_format_persist (p11_parser *parser, + } + + p11_array_free (objects); +- return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE; ++ return ret ? P11_PARSE_SUCCESS : P11_PARSE_UNRECOGNIZED; + } + + p11_parser * +-- +2.19.1 + diff --git a/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch b/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch new file mode 100644 index 0000000..d762d81 --- /dev/null +++ b/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch @@ -0,0 +1,69 @@ +From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 25 Dec 2018 07:32:01 +0100 +Subject: [PATCH 25/36] trust: Fail if trust anchors are not loaded from a file + +If the trust path is a file, treat parse error as fatal and abort the +C_FindObjectsInit call. +--- + trust/module.c | 11 ++++++++--- + trust/token.c | 6 +++--- + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/trust/module.c b/trust/module.c +index 0c16a39..1722340 100644 +--- a/trust/module.c ++++ b/trust/module.c +@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, + indices[n++] = session->index; + if (want_token_objects) { + if (!session->loaded) +- p11_token_load (session->token); +- session->loaded = CK_TRUE; +- indices[n++] = p11_token_index (session->token); ++ if (p11_token_load (session->token) < 0) ++ rv = CKR_FUNCTION_FAILED; ++ if (rv == CKR_OK) { ++ session->loaded = CK_TRUE; ++ indices[n++] = p11_token_index (session->token); ++ } + } ++ } + ++ if (rv == CKR_OK) { + find = calloc (1, sizeof (FindObjects)); + warn_if_fail (find != NULL); + +diff --git a/trust/token.c b/trust/token.c +index fd3b043..030c17b 100644 +--- a/trust/token.c ++++ b/trust/token.c +@@ -196,14 +196,14 @@ loader_load_file (p11_token *token, + default: + p11_debug ("failed to parse: %s", filename); + loader_gone_file (token, filename); +- return 0; ++ return -1; + } + + /* Update each parsed object with the origin */ + parsed = p11_parser_parsed (token->parser); + for (i = 0; i < parsed->num; i++) { + parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL); +- return_val_if_fail (parsed->elem[i] != NULL, 0); ++ return_val_if_fail (parsed->elem[i] != NULL, -1); + } + + p11_index_load (token->index); +@@ -215,7 +215,7 @@ loader_load_file (p11_token *token, + + if (rv != CKR_OK) { + p11_message ("couldn't load file into objects: %s", filename); +- return 0; ++ return -1; + } + + loader_was_loaded (token, filename, sb); +-- +2.19.1 + diff --git a/trust-Ignore-unreadable-content-in-anchors.patch b/trust-Ignore-unreadable-content-in-anchors.patch new file mode 100644 index 0000000..9df3687 --- /dev/null +++ b/trust-Ignore-unreadable-content-in-anchors.patch @@ -0,0 +1,181 @@ +From e2170b295992cb7fdf115227a78028ac3780619f Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 18 Feb 2019 14:53:49 +0100 +Subject: [PATCH 33/36] trust: Ignore unreadable content in anchors + +This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of +failing C_FindObjectsInit, treat any errors internally and accumulates +the successfully loaded certificates. + +Reported by Andrej Kvasnica in: +https://bugzilla.redhat.com/show_bug.cgi?id=1675441 +--- + trust/module.c | 3 +- + trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 23 ++++++-------- + 3 files changed, 88 insertions(+), 15 deletions(-) + +diff --git a/trust/module.c b/trust/module.c +index 1722340..ec3333d 100644 +--- a/trust/module.c ++++ b/trust/module.c +@@ -1198,8 +1198,7 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, + indices[n++] = session->index; + if (want_token_objects) { + if (!session->loaded) +- if (p11_token_load (session->token) < 0) +- rv = CKR_FUNCTION_FAILED; ++ p11_token_load (session->token); + if (rv == CKR_OK) { + session->loaded = CK_TRUE; + indices[n++] = p11_token_index (session->token); +diff --git a/trust/test-module.c b/trust/test-module.c +index 1e8d812..4024d81 100644 +--- a/trust/test-module.c ++++ b/trust/test-module.c +@@ -163,6 +163,80 @@ setup_writable (void *unused) + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); + } + ++/* This is similar to setup(), but it adds an unreadable content in ++ * the anchor directory. */ ++static void ++setup_unreadable (void *unused) ++{ ++ CK_C_INITIALIZE_ARGS args; ++ const char *paths; ++ char *p, *pp, *anchors; ++ FILE *f, *ff; ++ char buffer[4096]; ++ char *arguments; ++ CK_ULONG count; ++ CK_RV rv; ++ ++ memset (&test, 0, sizeof (test)); ++ ++ /* This is the entry point of the trust module, linked to this test */ ++ rv = C_GetFunctionList (&test.module); ++ assert (rv == CKR_OK); ++ ++ test.directory = p11_test_directory ("test-module"); ++ anchors = p11_path_build (test.directory, "anchors", NULL); ++#ifdef OS_UNIX ++ if (mkdir (anchors, S_IRWXU) < 0) ++#else ++ if (mkdir (anchors) < 0) ++#endif ++ assert_fail ("mkdir()", anchors); ++ ++ p = p11_path_build (anchors, "unreadable", NULL); ++ f = fopen (p, "w"); ++ fwrite ("foo", 3, 1, f); ++ fclose (f); ++ chmod (p, 0); ++ free (p); ++ ++ pp = p11_path_build (anchors, "thawte", NULL); ++ ff = fopen (pp, "w"); ++ f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r"); ++ while (!feof (f)) { ++ size_t size; ++ size = fread (buffer, 1, sizeof (buffer), f); ++ if (ferror (f)) ++ assert_fail ("fread()", ++ SRCDIR "/trust/fixtures/thawte.pem"); ++ fwrite (buffer, 1, size, ff); ++ if (ferror (ff)) ++ assert_fail ("write()", pp); ++ } ++ free (pp); ++ fclose (ff); ++ fclose (f); ++ free (anchors); ++ ++ memset (&args, 0, sizeof (args)); ++ paths = SRCDIR "/trust/input" P11_PATH_SEP \ ++ SRCDIR "/trust/fixtures/self-signed-with-ku.der"; ++ if (asprintf (&arguments, "paths='%s%c%s'", ++ paths, P11_PATH_SEP_C, test.directory) < 0) ++ assert (false && "not reached"); ++ args.pReserved = arguments; ++ args.flags = CKF_OS_LOCKING_OK; ++ ++ rv = test.module->C_Initialize (&args); ++ assert (rv == CKR_OK); ++ ++ free (arguments); ++ ++ count = NUM_SLOTS; ++ rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); ++ assert (rv == CKR_OK); ++ assert (count == NUM_SLOTS); ++} ++ + static void + test_get_slot_list (void) + { +@@ -1324,5 +1398,8 @@ main (int argc, + p11_fixture (NULL, NULL); + p11_test (test_token_write_protected, "/module/token-write-protected"); + ++ p11_fixture (setup_unreadable, teardown); ++ p11_test (test_find_certificates, "/module/unreadable"); ++ + return p11_test_run (argc, argv); + } +diff --git a/trust/token.c b/trust/token.c +index b91a1d0..8c75d06 100644 +--- a/trust/token.c ++++ b/trust/token.c +@@ -266,8 +266,8 @@ loader_load_directory (p11_token *token, + return_val_if_fail (path != NULL, -1); + + ret = loader_load_if_file (token, path); +- return_val_if_fail (ret >=0, -1); +- total += ret; ++ if (ret >= 0) ++ total += ret; + + /* Make note that this file was seen */ + p11_dict_remove (present, path); +@@ -328,8 +328,8 @@ loader_load_path (p11_token *token, + p11_dict_iterate (present, &iter); + while (p11_dict_next (&iter, (void **)&filename, NULL)) { + ret = loader_load_if_file (token, filename); +- return_val_if_fail (ret >= 0, ret); +- total += ret; ++ if (ret >= 0) ++ total += ret; + } + } + +@@ -377,20 +377,17 @@ p11_token_load (p11_token *token) + int ret; + + ret = loader_load_path (token, token->path, &is_dir); +- if (ret < 0) +- return -1; +- total += ret; ++ if (ret >= 0) ++ total += ret; + + if (is_dir) { + ret = loader_load_path (token, token->anchors, &is_dir); +- if (ret < 0) +- return -1; +- total += ret; ++ if (ret >= 0) ++ total += ret; + + ret = loader_load_path (token, token->blacklist, &is_dir); +- if (ret < 0) +- return -1; +- total += ret; ++ if (ret >= 0) ++ total += ret; + } + + return total; +-- +2.19.1 + diff --git a/trust-Propagate-library-verbosity-to-module-through-.patch b/trust-Propagate-library-verbosity-to-module-through-.patch new file mode 100644 index 0000000..10763a2 --- /dev/null +++ b/trust-Propagate-library-verbosity-to-module-through-.patch @@ -0,0 +1,222 @@ +From 0dd62395788ae566d3adef967611bce214a04435 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Sun, 23 Dec 2018 14:11:00 +0100 +Subject: [PATCH 24/36] trust: Propagate library verbosity to module through + init_args + +Previously, even when the -v option is used with the 'trust' command, +the messages from p11-kit-trust.so module were suppressed because the +verbosity setting is not propagated to the module. +--- + common/message.c | 8 ++++---- + p11-kit/modules.c | 29 +++++++++++++++++++++++------ + p11-kit/p11-kit.h | 3 ++- + trust/enumerate.c | 11 +++++++++-- + trust/module.c | 5 +++++ + trust/p11-kit-trust.module | 4 ++++ + 6 files changed, 47 insertions(+), 13 deletions(-) + +diff --git a/common/message.c b/common/message.c +index f9d4f57..e439def 100644 +--- a/common/message.c ++++ b/common/message.c +@@ -58,7 +58,7 @@ + #include + #include + +-static bool print_messages = false; ++bool p11_print_messages = false; + + #ifdef HAVE_STRERROR_L + locale_t p11_message_locale = (locale_t) 0; +@@ -148,7 +148,7 @@ p11_message (const char* msg, + buffer[length] = 0; + + /* If printing is not disabled, just print out */ +- if (print_messages) ++ if (p11_print_messages) + fprintf (stderr, "p11-kit: %s\n", buffer); + else + p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer); +@@ -158,13 +158,13 @@ p11_message (const char* msg, + void + p11_message_quiet (void) + { +- print_messages = false; ++ p11_print_messages = false; + } + + void + p11_message_loud (void) + { +- print_messages = true; ++ p11_print_messages = true; + } + + const char * +diff --git a/p11-kit/modules.c b/p11-kit/modules.c +index cfc4daf..0299eda 100644 +--- a/p11-kit/modules.c ++++ b/p11-kit/modules.c +@@ -306,6 +306,7 @@ free_module_unlocked (void *data) + p11_dict_free (mod->config); + free (mod->name); + free (mod->filename); ++ free (mod->init_args.pReserved); + free (mod); + } + +@@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name, + static CK_RV + take_config_and_load_module_inlock (char **name, + p11_dict **config, +- bool critical) ++ bool critical, ++ bool verbose) + { + const char *filename = NULL; + const char *remote = NULL; ++ char *init_reserved = NULL; + CK_RV rv = CKR_OK; + Module *mod; + +@@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name, + * 'x-init-reserved' setting in the config. This only works with specific + * PKCS#11 modules, and is non-standard use of that field. + */ +- mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved"); ++ init_reserved = p11_dict_get (*config, "x-init-reserved"); ++ if (init_reserved) { ++ if (verbose) { ++ init_reserved = strconcat (init_reserved, " verbose=yes", NULL); ++ } else { ++ init_reserved = strdup (init_reserved); ++ } ++ if (init_reserved == NULL) { ++ rv = CKR_HOST_MEMORY; ++ goto out; ++ } ++ } ++ mod->init_args.pReserved = init_reserved; + + /* Take ownership of thes evariables */ + p11_dict_free (mod->config); +@@ -607,7 +622,7 @@ out: + } + + static CK_RV +-load_registered_modules_unlocked (void) ++load_registered_modules_unlocked (int flags) + { + p11_dictiter iter; + p11_dict *configs; +@@ -617,6 +632,7 @@ load_registered_modules_unlocked (void) + int mode; + CK_RV rv; + bool critical; ++ bool verbose; + + if (gl.config) + return CKR_OK; +@@ -652,7 +668,8 @@ load_registered_modules_unlocked (void) + + /* Is this a critical module, should abort loading of others? */ + critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false); +- rv = take_config_and_load_module_inlock (&name, &config, critical); ++ verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0; ++ rv = take_config_and_load_module_inlock (&name, &config, critical, verbose); + + /* + * These variables will be cleared if ownership is transeferred +@@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void) + if (rv != CKR_OK) + return rv; + +- rv = load_registered_modules_unlocked (); ++ rv = load_registered_modules_unlocked (0); + if (rv == CKR_OK) { + p11_dict_iterate (gl.unmanaged_by_funcs, &iter); + while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) { +@@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags, + if (rv != CKR_OK) + return rv; + +- rv = load_registered_modules_unlocked (); ++ rv = load_registered_modules_unlocked (flags); + if (rv != CKR_OK) + return rv; + +diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h +index abf618b..cc89595 100644 +--- a/p11-kit/p11-kit.h ++++ b/p11-kit/p11-kit.h +@@ -57,7 +57,8 @@ enum { + P11_KIT_MODULE_UNMANAGED = 1 << 0, + P11_KIT_MODULE_CRITICAL = 1 << 1, + P11_KIT_MODULE_TRUSTED = 1 << 2, +- P11_KIT_MODULE_MASK = (1 << 3) - 1 ++ P11_KIT_MODULE_VERBOSE = 1 << 3, ++ P11_KIT_MODULE_MASK = (1 << 4) - 1 + }; + + typedef void (* p11_kit_destroyer) (void *data); +diff --git a/trust/enumerate.c b/trust/enumerate.c +index e197765..0cef089 100644 +--- a/trust/enumerate.c ++++ b/trust/enumerate.c +@@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex, + return true; + } + ++extern bool p11_print_messages; ++ + bool + p11_enumerate_ready (p11_enumerate *ex, + const char *def_filter) +@@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex, + * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes + * we get from modules explicitly marked as containing trust-policy. + */ +- if (!ex->modules) +- ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); ++ if (!ex->modules) { ++ int flags = P11_KIT_MODULE_TRUSTED; ++ if (p11_print_messages) ++ flags |= P11_KIT_MODULE_VERBOSE; ++ ++ ex->modules = p11_kit_modules_load_and_initialize (flags); ++ } + if (!ex->modules) + return false; + if (ex->modules[0] == NULL) +diff --git a/trust/module.c b/trust/module.c +index 24cda87..0c16a39 100644 +--- a/trust/module.c ++++ b/trust/module.c +@@ -287,6 +287,11 @@ parse_argument (char *arg, + free (gl.paths); + gl.paths = value ? strdup (value) : NULL; + ++ } else if (strcmp (arg, "verbose") == 0) { ++ if (strcmp (value, "yes") == 0) ++ p11_message_loud (); ++ else if (strcmp (value, "no") == 0) ++ p11_message_quiet (); + } else { + p11_message ("unrecognized module argument: %s", arg); + } +diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module +index 72122c3..a2a3306 100644 +--- a/trust/p11-kit-trust.module ++++ b/trust/p11-kit-trust.module +@@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module + + # Prevent this module being loaded by the proxy module + disable-in: p11-kit-proxy ++ ++# This will be overwritten by appending "verbose=yes", if the trust ++# command is called with the -v option. ++x-init-reserved: +-- +2.19.1 + diff --git a/trust-extract-compat b/trust-extract-compat new file mode 100755 index 0000000..5ca0216 --- /dev/null +++ b/trust-extract-compat @@ -0,0 +1,20 @@ +#!/bin/sh + +# This script is a placeholder designed to be replaced when this software +# has been customized for distribution. It should be symlinked linked to the +# distribution's update-ca-certificates or update-ca-trust command as +# appropriate. In the future this script will be called when the PKCS#11 +# trust module is used to modify trust anchors and related data. + +if [ $# -ne 0 ]; then + echo "usage: trust extract-compat" >&2 + exit 2 +fi + +uid=$(id -u) +if [ "$uid" != 0 ]; then + echo "trust: running as non-root user: skip extracting compat bundles" >&2 + exit 0 +fi + +exec /usr/bin/update-ca-trust diff --git a/trust-p11_token_load-Treat-parse-error-as-failure.patch b/trust-p11_token_load-Treat-parse-error-as-failure.patch new file mode 100644 index 0000000..10de39b --- /dev/null +++ b/trust-p11_token_load-Treat-parse-error-as-failure.patch @@ -0,0 +1,42 @@ +From 4aa6ef9e82f6bb14746a47a7d56789d5e982a1f5 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 25 Dec 2018 07:38:26 +0100 +Subject: [PATCH 26/36] trust: p11_token_load: Treat parse error as failure + +Those conditions can happen when the trust file is corrupted, so it +makes more sense to treat them as a failure instead of programmer +error. +--- + trust/token.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/trust/token.c b/trust/token.c +index 030c17b..b91a1d0 100644 +--- a/trust/token.c ++++ b/trust/token.c +@@ -377,16 +377,19 @@ p11_token_load (p11_token *token) + int ret; + + ret = loader_load_path (token, token->path, &is_dir); +- return_val_if_fail (ret >= 0, -1); ++ if (ret < 0) ++ return -1; + total += ret; + + if (is_dir) { + ret = loader_load_path (token, token->anchors, &is_dir); +- return_val_if_fail (ret >= 0, -1); ++ if (ret < 0) ++ return -1; + total += ret; + + ret = loader_load_path (token, token->blacklist, &is_dir); +- return_val_if_fail (ret >= 0, -1); ++ if (ret < 0) ++ return -1; + total += ret; + } + +-- +2.19.1 +