From 3749ba2733d07fc588d392a87a0d080ee1894801 Mon Sep 17 00:00:00 2001 From: Packit Service Date: Dec 10 2020 00:27:34 +0000 Subject: p11-kit-0.23.21 base --- diff --git a/ABOUT-NLS b/ABOUT-NLS new file mode 100644 index 0000000..0a9d56d --- /dev/null +++ b/ABOUT-NLS @@ -0,0 +1 @@ + diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..27270fb --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Stef Walter diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..673c445 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,35 @@ +# p11-kit -- Information about our contribution rules and coding style + +# Test suite + +New functionality should be accompanied by a test case which verifies +the correctness of p11-kit's operation on successful use of the new +functionality, as well as on failure cases. The p11-kit test suite is +run on "ninja test" if you use meson for building, or on "make check" +if you use autotools. + +Bug fixes should also come with a test case that exercises the code +path that previously failed to operate. This prevents future +regressions. + +# Coding style + +In general, use [the Linux kernel coding +style](https://www.kernel.org/doc/html/latest/process/coding-style.html), +except that we put a space between function name and open parenthesis. + +# API documentation + +Use [gtk-doc](https://www.gtk.org/gtk-doc/) for API documentation. + +# Library symbol versioning + +We use [the libtool versioning scheme](https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning) to ensure ABI compatibility. If you add a new API function, update [libp11-kit.map](https://github.com/p11-glue/p11-kit/blob/master/p11-kit/libp11-kit.map) and [libp11-kit-*.dll.def](https://github.com/p11-glue/p11-kit/blob/master/p11-kit/libp11-kit-0.dll.def) accordingly. + +# Resources: + +* [Documentation on developing p11-kit](https://p11-glue.github.io/p11-glue/p11-kit/manual/devel.html) +* [Code available at](https://github.com/p11-glue/p11-kit) +* [General Website](https://p11-glue.github.io/p11-glue/p11-kit.html) +* [Mailing list](https://lists.freedesktop.org/mailman/listinfo/p11-glue) +* [Report bugs](https://github.com/p11-glue/p11-kit/issues) diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..40fd587 --- /dev/null +++ b/COPYING @@ -0,0 +1,27 @@ +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + * Redistributions of source code must retain the above + copyright notice, this list of conditions and the + following disclaimer. + * Redistributions in binary form must reproduce the + above copyright notice, this list of conditions and + the following disclaimer in the documentation and/or + other materials provided with the distribution. + * The names of contributors to this software may not be + used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +DAMAGE. \ No newline at end of file diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..dad9d13 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,15717 @@ +# Generate automatically. Do not edit. + +commit fd8b56f3ee971f94dc6fc95411fc01e1c12153ab +Author: Daiki Ueno +Date: 2020-08-18 + + autotools: Fix SUFFIXES usage + + SUFFIXES must be defined in the top-level Makefile.am, when + non-recursive make is used. + + Makefile.am | 2 ++ + p11-kit/Makefile.am | 2 +- + trust/Makefile.am | 2 +- + 3 files changed, 4 insertions(+), 2 deletions(-) + +commit 3c1304caae967b7cca40aae70c47c7f5138ea945 +Author: Daiki Ueno +Date: 2020-08-18 + + Release 0.23.21 + + NEWS | 6 ++++++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 8 insertions(+), 2 deletions(-) + +commit 43961d4e9bdceee241ce25877aad327d4daa5a10 +Author: Daiki Ueno +Date: 2020-08-18 + + packit: Adjust to doing propose-update through /packit comment + + .packit.yaml | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +commit b40f27af28406810d0f42a29b98086fb02173f0c +Author: Daiki Ueno +Date: 2020-08-18 + + README.md: Fix whitespace problem + + README.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 76f94b4ad111c4150a16d36aafd30ab8aa274a68 +Author: Daiki Ueno +Date: 2020-08-18 + + conf: Add internal option to forcibly enable user config + + Some tests need user config enabled, though it is disabled under + certain conditions (e.g., running as root) and makes those tests fail. + + p11-kit/conf.c | 5 ++++- + p11-kit/test-conf.c | 7 +++++++ + p11-kit/test-deprecated.c | 4 ++++ + p11-kit/test-modules.c | 4 ++++ + p11-kit/test-transport.c | 4 ++++ + 5 files changed, 23 insertions(+), 1 deletion(-) + +commit 46c2ff05bf92e73735575aeb8bb9b9bec545f33c +Author: Daiki Ueno +Date: 2020-08-18 + + SECURITY.md: Split from README.md + + README.md | 17 +---------------- + SECURITY.md | 5 +++++ + 2 files changed, 6 insertions(+), 16 deletions(-) + +commit da01718924623c1502eb45b7c946d6df798ea1be +Author: Daiki Ueno +Date: 2020-08-18 + + README.md: Add LGTM badges + + README.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit adbb94ea3ec3c39b71c05eff8ef86cc85a075955 +Author: Daiki Ueno +Date: 2020-08-15 + + trust: Remove generated *.asn.h files from repository + + .gitignore | 1 + + configure.ac | 1 + + trust/Makefile.am | 25 ++-- + trust/basic.asn.h | 13 -- + trust/meson.build | 43 +++--- + trust/openssl.asn.h | 26 ---- + trust/pkix.asn.h | 366 ---------------------------------------------------- + 7 files changed, 45 insertions(+), 430 deletions(-) + +commit 015fe112def654cac562b85ca864dc279ca4e897 +Author: Daiki Ueno +Date: 2020-08-15 + + uri: Limit characters in vendor query attribute names + + p11-kit/uri.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +commit 6f58217fd0590a52137b0d350d07cb4408a1bd77 +Author: Daiki Ueno +Date: 2020-08-15 + + compat: Define static assertion macro + + common/compat.h | 7 +++++++ + p11-kit/rpc-message.c | 8 ++------ + 2 files changed, 9 insertions(+), 6 deletions(-) + +commit 4e597e1858a3842798e8400eb2ac886612c1c6bf +Author: Daiki Ueno +Date: 2020-08-14 + + rpc-transport: Remove pointless FIXME comments + + Those actually shouldn't be closed. + + p11-kit/rpc-transport.c | 2 -- + 1 file changed, 2 deletions(-) + +commit d3dc234ce2ff08d0d7f29b4c464fb5a3406c341d +Author: Daiki Ueno +Date: 2020-08-14 + + trust: p11_index_snapshot: Remove redundant integer range check + + trust/index.c | 3 --- + 1 file changed, 3 deletions(-) + +commit 4e9ca11deaab88f1297c812af55dfb0036d1e207 +Author: Daiki Ueno +Date: 2020-08-14 + + build: Add header guards + + Signed-off-by: Daiki Ueno + + common/init.h | 5 +++++ + 1 file changed, 5 insertions(+) + +commit a88e7c1cc9b23f1310f3dd1a6922e270aed524eb +Author: Daiki Ueno +Date: 2020-08-14 + + common/frob-getprogname: Avoid shadowing function parameter + + Signed-off-by: Daiki Ueno + + common/frob-getprogname.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit d70d572610cd3ec7e246e898e93300615a02b267 +Author: Daiki Ueno +Date: 2020-08-14 + + server: Avoid shadowing global variable + + p11-kit/server.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +commit 82374159ca3a5c0c252b2862a32dd96baeee1812 +Author: David Halls +Date: 2019-12-14 + + If server returns already initialized, don't mark as not initialized + + p11-kit/rpc-client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 15f15549bf41dfe665583d4c1fe316a524939075 +Author: Daiki Ueno +Date: 2020-08-02 + + common: Get program name based on executable path if possible + + Some programs (e.g., Chromium) pack command line arguments into argv[0]. + Check if it is the case by reading /proc/self/exe and extract the + program name. + + Logic borrowed from: + . + + .gitignore | 1 + + common/Makefile.am | 7 +++ + common/compat.c | 29 +++++++++++ + common/frob-getprogname.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++ + common/meson.build | 5 ++ + common/test-compat.c | 15 ++++++ + 6 files changed, 177 insertions(+) + +commit d10c5a35695df82f81f22c1e7d026be07c21aec5 +Author: Daiki Ueno +Date: 2020-08-02 + + trust: Avoid uninitialized variable in session_for_store_on_module + + This suppresses the cppcheck error: + trust/anchor.c:243,error,uninitvar,Uninitialized variable: count + + Also fixes calloc invocation when the slot count is 0. + + trust/anchor.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit e4f65d88076bf915dd969efd03b7d994196b7fa9 +Author: Daiki Ueno +Date: 2020-08-02 + + test: Avoid uninitialized variable + + This suppresses the cppcheck error: + p11-kit/test-deprecated.c:481,error,uninitvar,Uninitialized variable: manufacturerID + + p11-kit/test-deprecated.c | 1 + + 1 file changed, 1 insertion(+) + +commit 5b6c66ec1121527a5db4339ff509a8fe6fdbc262 +Author: Daiki Ueno +Date: 2020-08-02 + + mock: Avoid uninitialized variable in test_find_objects + + This suppresses the cppcheck errors: + p11-kit/test-mock.c:769,error,uninitvar,Uninitialized variable: count + p11-kit/test-mock.c:776,error,uninitvar,Uninitialized variable: count + p11-kit/test-mock.c:783,error,uninitvar,Uninitialized variable: count + + p11-kit/test-mock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6242c67ed70ee95174267259ca804fd671725d91 +Author: Daiki Ueno +Date: 2020-08-02 + + constants: Tighten handling of failure case in lookup_info + + This suppresses the cppcheck error: + common/constants.c:649,error,invalidFunctionArg,Invalid bsearch() argument nr 3. The value is -1 but the valid values are '0:'. + + common/constants.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 5e98a5471fa9cf136e092c279c72ff53ddebf76d +Author: Kai Takahashi +Date: 2020-08-02 + + Avoid using setenv() for MinGW users. + + Signed-off-by: Kai Takahashi + + common/tool.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 714b216bbbaecf188685dddd98dd184e6c2721f4 +Author: Albert Chin-A-Young +Date: 2020-07-25 + + p11-kit/modules.c: Avoid passing 0 as first argument to calloc(). + Solves an issue #303 for AIX. + + p11-kit/modules.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 7f5ef7c04a24ede94a31a7e7820d9d03b9522bd5 +Author: Daiki Ueno +Date: 2020-06-12 + + anchor: Exit with non-zero code, if any error occurs + + Suggested by Nikos Mavrogiannopoulos in: + https://github.com/p11-glue/p11-kit/issues/300 + + trust/anchor.c | 35 ++++++++++++++++++++++++----------- + 1 file changed, 24 insertions(+), 11 deletions(-) + +commit 51cd2fdd844772eae874e1d6060a8cae6ad15760 +Author: Daiki Ueno +Date: 2020-06-12 + + tool: Don't override P11_KIT_DEBUG if it is already set + + common/tool.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit a9e5fe3968759f4b4e7948c231917ffda18f0c7b +Author: Daiki Ueno +Date: 2020-06-12 + + tool: Print messages by default + + common/tool.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +commit 71fdb9f5c4362c00bd9684793775f8ccc7ba6166 +Author: Daiki Ueno +Date: 2020-06-12 + + debug: Remove unused debug_inited flag + + common/debug.c | 2 -- + 1 file changed, 2 deletions(-) + +commit 56be8eae5cc337659eaddb07c502e901be8db203 +Author: Daiki Ueno +Date: 2020-06-12 + + meson: Fix typo + + doc/manual/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 47e0c1fec418df1bbf2a056f1e983b64e3e23df0 +Author: Daiki Ueno +Date: 2020-05-30 + + trust/*.asn: Drop standard types + + trust/basic.asn.h | 2 +- + trust/openssl.asn | 3 -- + trust/openssl.asn.h | 8 ++--- + trust/pkix.asn | 26 -------------- + trust/pkix.asn.h | 102 ++++++++++++++++------------------------------------ + 5 files changed, 34 insertions(+), 107 deletions(-) + +commit adf2685b23b8a631e8092aaf707cd1bcf7b230bb +Author: Daiki Ueno +Date: 2020-05-17 + + README.md: Fix typo + + README.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 7eb041e573a5dd55cea97427ab1807772c0a7c83 +Author: Daiki Ueno +Date: 2020-05-17 + + README.md: Revamp and add build instruction + + Also mention the required options for local installation. + Suggested by Andrew Johnson in: + https://github.com/p11-glue/p11-kit/issues/295 + + README.md | 31 ++++++++++++++++++++++--------- + 1 file changed, 22 insertions(+), 9 deletions(-) + +commit 4ea7cf7e819bbf8415a2aad2c99e7aa0f7fa143d +Author: Daiki Ueno +Date: 2020-05-17 + + meson: Add option to control bash-completion installation + + bash-completion/meson.build | 2 +- + meson_options.txt | 4 ++++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit e0053798510a56057b7a77bb3c59e68725888200 +Author: Daiki Ueno +Date: 2020-04-13 + + test-token: Check if the path is actually writable + + Instead of assuming a normal user cannot write to "/", this creates an + unwritable directly and checks if it is writable; otherwise the test + case is skipped. + + Reported by Jeffrey Walton in: + https://github.com/p11-glue/p11-kit/issues/288 + + trust/test-token.c | 63 ++++++++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 49 insertions(+), 14 deletions(-) + +commit c1c71b03e08ffb9384438e7f94b1b8f699dce2cd +Author: Daiki Ueno +Date: 2020-04-13 + + test: Make p11_test_{skip,todo} actually work + + common/test.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +commit 825fd4e4526589eb73a54ada18127196fb65fde3 +Author: Daiki Ueno +Date: 2020-04-13 + + meson: Add option to disable building test programs + + Suggested by Daniel Engberg in: + https://github.com/p11-glue/p11-kit/issues/285 + + common/meson.build | 88 +++++++++--------- + meson_options.txt | 4 + + p11-kit/meson.build | 252 +++++++++++++++++++++++++++------------------------- + trust/meson.build | 148 +++++++++++++++--------------- + 4 files changed, 256 insertions(+), 236 deletions(-) + +commit 3de74dc6d916ce3dd2f76f0403be189387fe4d89 +Author: Daiki Ueno +Date: 2020-04-13 + + meson: Add option to disable NLS support + + Suggested by Daniel Engberg in: + https://github.com/p11-glue/p11-kit/issues/284 + + meson.build | 4 +++- + meson_options.txt | 4 ++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 99aa8329841b986380cc4f515d57f118f40158c4 +Author: Daiki Ueno +Date: 2020-04-13 + + test-rpc: Suppress compiler warning on ILP32 platforms + + On ILP32 platforms CK_ULONG is 32-bit and 64-bit values are truncated. + This patch determins the usable value from SIZEOF_UNSIGNED_LONG. + Also, for consistency, use UINTxx_MAX for other accessors. + + Reported by Jeffrey Walton in: + https://github.com/p11-glue/p11-kit/issues/289 + + p11-kit/test-rpc.c | 47 ++++++++++++++++++++++++++++------------------- + 1 file changed, 28 insertions(+), 19 deletions(-) + +commit 3eb79b75c2ee9870352fe4acc1ef6c8783364800 +Author: Daiki Ueno +Date: 2020-02-07 + + rpc: Add missing null checks in attribute value serializers + + To get the length of an attribute value, the client calls + C_GetAttributeValue with attr->pValue set to NULL and attr->ulValueLen + set to -1. In the RPC level, this is already indicated with a + 'validity' flag, but there were a couple of places where attr->pValue + is non-NULL. + + This was uncovered by: + https://bugzilla.redhat.com/show_bug.cgi?id=1766340 + + p11-kit/rpc-message.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +commit 04cbdcf546f88d666fcb214ce42e777fa7840732 +Author: Alvin Chen +Date: 2020-03-02 + + Update pkcs11 header to allow TPM2-PKCS11 to compile + + common/pkcs11.h | 2 ++ + 1 file changed, 2 insertions(+) + +commit 51c0781410cb1292d7efbafee23ee5876c9bd2e4 +Author: Anderson Toshiyuki Sasaki +Date: 2020-02-18 + + test-proxy: Add test for slot ID reuse + + The test covers a case where duplicate slots IDs were assigned to two + different slots in the mapping. + + Signed-off-by: Anderson Toshiyuki Sasaki + + p11-kit/Makefile.am | 7 ++- + p11-kit/meson.build | 3 +- + p11-kit/mock-module-ep8.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/test-proxy.c | 39 ++++++++++++++++ + 4 files changed, 157 insertions(+), 2 deletions(-) + +commit c8f8053edc9098fdb36fbb34165b8d92ed596798 +Author: Anderson Toshiyuki Sasaki +Date: 2020-02-17 + + proxy: Fix slot ID reuse, avoiding duplicating IDs + + Previously, when re-mapping the slots, a slot ID could be assigned to + more than one device, causing errors when searching for the right + mapping (it would use the first found). + + Also assign new slot IDs for new found slots, avoiding previously used + slot IDs. The last assigned slot ID is stored in the proxy structure + in a new added field last_id. + + Signed-off-by: Anderson Toshiyuki Sasaki + + p11-kit/proxy.c | 56 +++++++++++++++++++++++++++++++++++++------------------- + 1 file changed, 37 insertions(+), 19 deletions(-) + +commit da22fd9f2a54d707db7f3021f22416b4af496ae8 +Author: Daiki Ueno +Date: 2020-01-30 + + packit: Enable Fedora package building with Packit + + .packit.yaml | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +commit 762cdaa2cd5c5ec09cc844f9a6bdc551c7f6c8ed +Author: Daiki Ueno +Date: 2020-01-29 + + Release 0.23.20 + + NEWS | 3 +++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 5 insertions(+), 2 deletions(-) + +commit ab180d64b909594bdafc9596f67a1913275c6474 +Author: Daiki Ueno +Date: 2020-01-29 + + Revert "Fix RPC calls: ATTRIBUTE buf not null but length 0" + + This reverts commit 65409c0ebd5d9a4aaf55254256dcc878862a0be1. + + p11-kit/rpc-message.c | 8 +------- + p11-kit/rpc-server.c | 22 +++------------------- + 2 files changed, 4 insertions(+), 26 deletions(-) + +commit 17a26f0948944635453a54d44c2565ed7ba91a14 +Author: Daiki Ueno +Date: 2020-01-29 + + Revert "Fix RPC calls: BYTE buffer not null and length 0" + + This reverts commit 8cb21a6a09d18156c9002b97687e5ac0bfa0fc92. + + p11-kit/rpc-client.c | 2 +- + p11-kit/rpc-message.c | 6 ++---- + p11-kit/rpc-message.h | 3 +-- + p11-kit/rpc-server.c | 7 ++----- + 4 files changed, 6 insertions(+), 12 deletions(-) + +commit 83aaa2200bfa141b0c9e1c4f5af98252f8e826cc +Author: Daiki Ueno +Date: 2020-01-29 + + Revert "Fix C_GetSlotList() when length is 0" + + This reverts commit 1ede9b8d33c4bc9a4194ffca22ac6d7351f6bcf5. + + It turned out that this breaks compatibility of the RPC protocol. The + right fix to the original issue would be probably to add a new call ID + associated with a different signature and add a fallback mechanism in + both client and server. + + p11-kit/rpc-client.c | 2 +- + p11-kit/rpc-message.c | 6 ++---- + p11-kit/rpc-message.h | 3 +-- + p11-kit/rpc-server.c | 7 ++----- + p11-kit/test-server.c | 36 ------------------------------------ + 5 files changed, 6 insertions(+), 48 deletions(-) + +commit 69a420aaa70af5b89508b5140edb0ee4e166605b +Author: Daiki Ueno +Date: 2020-01-21 + + Release 0.23.19 + + NEWS | 9 +++++++++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 11 insertions(+), 2 deletions(-) + +commit 251dfdfd765e709b7d54420c685e19f70a5e9803 +Author: Daiki Ueno +Date: 2020-01-22 + + travis: Tighten autotools build steps + + .travis/autotools/script.sh | 29 ++++++++++++++++++++++++++++- + 1 file changed, 28 insertions(+), 1 deletion(-) + +commit e9dbeeea96b0b709631d1b6d62f9877f4872993b +Author: Daiki Ueno +Date: 2020-01-22 + + travis: Do 'make distcheck' in autotools build + + .travis/autotools/script.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 2a1ee21ca31a62274e0932572f972bf3340f8bde +Author: Daiki Ueno +Date: 2020-01-21 + + build: Add --with-bash-completion configure option + + This is needed for 'make distcheck' to not install those files in the + system locations. + + Makefile.am | 1 + + configure.ac | 12 +++++++++--- + 2 files changed, 10 insertions(+), 3 deletions(-) + +commit cee7c2ad81d21795783ec28a67247cff740de2ce +Author: Daiki Ueno +Date: 2020-01-21 + + build: Only distribute XZ-compressed tarballs + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 5092f8dd5463b89642e29ca5ae7ea08aa30d5d66 +Author: Daiki Ueno +Date: 2020-01-21 + + build: Add more files to .gitignore + + .gitignore | 2 ++ + 1 file changed, 2 insertions(+) + +commit a96af650e1ac2f5faecc9354ac30d128a7e93b9f +Author: Daiki Ueno +Date: 2020-01-21 + + meson: Expose only C_GetFunctionList from the mock modules + + p11-kit/meson.build | 4 ++++ + 1 file changed, 4 insertions(+) + +commit ba3c7d16760d177be43960c9eb9572817c60c4df +Author: Daiki Ueno +Date: 2020-01-21 + + mock: Handle memory allocation error in C_Initialize + + common/mock.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 62b09608e3a311c8b8ae924805f936f8af593bfa +Author: Daiki Ueno +Date: 2020-01-15 + + meson: Use cc.has_type for types instead of cc.has_header_symbol + + meson.build | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 45cd66e3a16f0102a50f33ebb4a58aac09f40f92 +Author: Daiki Ueno +Date: 2020-01-15 + + meson: Check if exists + + meson.build | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +commit 5fe875dc598e2dc50ba8e888099c116fe12999d3 +Author: Daiki Ueno +Date: 2020-01-15 + + meson: Check program_invocation_short_name declaration + + Pointed by Rosen Penev in #268. + + meson.build | 5 +++++ + 1 file changed, 5 insertions(+) + +commit 869b657c7bfbd2f91331d5aabcf572cba6043d37 +Author: Daiki Ueno +Date: 2020-01-15 + + meson: Check endianness + + meson.build | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 1f8d523e5db688deff13329b4cba1dd6181d76a3 +Author: Daiki Ueno +Date: 2020-01-15 + + build: Fix type mismatch in reallocarray usage + + common/attrs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 1def8077a2bc1fc2a6bd3685a9d94a9a51f40e23 +Author: Daiki Ueno +Date: 2019-10-31 + + trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER + + These new attributes are introduced in: + https://bugzilla.mozilla.org/show_bug.cgi?id=1465613 + + The value of the attribute can be either false (represented as a + single octed "\x00"), or a UTCTime in a restricted form (i.e., + "YYMMDDHHMMSSZ"). For future proof, we also support GeneralizedTime + in the form "YYYYMMDDHHMMSSZ". + + common/constants.c | 2 ++ + common/pkcs11x.h | 2 ++ + trust/builder.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/test-builder.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 157 insertions(+) + +commit e8b453383ace97fc1adfc213dc718e7b62fafd96 +Author: Daiki Ueno +Date: 2020-01-14 + + build: Remove auto-generated gettext files from repository + + po/en@boldquot.header | 25 ------------------------- + po/en@quot.header | 22 ---------------------- + po/insert-header.sin | 23 ----------------------- + po/remove-potcdate.sin | 19 ------------------- + 4 files changed, 89 deletions(-) + +commit 8d92053df8a2bfed89a6f3e835386e13c7f95b61 +Author: Daiki Ueno +Date: 2020-01-14 + + build: Use AM_GNU_GETTEXT_REQUIRE_VERSION + + AM_GNU_GETTEXT_REQUIRE_VERSION was introduced a while back to instruct + autopoint to pull the latest version of gettext infrastructure. Use + it instead of hacking around gettextize call in autogen.sh. + + autogen.sh | 13 ------------- + configure.ac | 4 ++++ + 2 files changed, 4 insertions(+), 13 deletions(-) + +commit 5bb71e914532b8350dfc14697c4fa89e714e5812 +Author: David Woodhouse +Date: 2020-01-06 + + rpc: Add vsock transport + + This allows PKCS#11 remoting between virtual machines, so a software + token can be isolated into a microVM. + + common/Makefile.am | 1 + + common/meson.build | 3 +- + common/vsock.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++ + common/vsock.h | 46 ++++++++++++++++++ + configure.ac | 15 ++++++ + meson.build | 9 ++++ + p11-kit/rpc-transport.c | 97 ++++++++++++++++++++++++++++++++++++++ + p11-kit/server.c | 118 ++++++++++++++++++++++++++++++++++++++++------ + 8 files changed, 395 insertions(+), 16 deletions(-) + +commit 877de5fadaf0067272e8d0eb24893d7c823afe08 +Author: David Woodhouse +Date: 2020-01-06 + + rpc: Check for socket init failure + + In some cases, rpc_unix_init() or rpc_exec_init() can return NULL but + p11_rpc_transport_new() doesn't check and may dereference it. + + p11-kit/rpc-transport.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 96af147637f0dc10792c3abdcec1894c361229da +Author: Daiki Ueno +Date: 2020-01-09 + + build: Suppress cppcheck false-positive on tracking array length + + p11-kit/proxy.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit e931efd17950786ee61cbfc70ddf94d02ae473ba +Author: Daiki Ueno +Date: 2020-01-08 + + build: Fix realloc usage + + As realloc() doesn't touch the original memory block, we need to use a + local variable to avoid potential memory leak in failure cases. + + Pointed by David Woodhouse. + + common/attrs.c | 6 ++++-- + p11-kit/filter.c | 9 +++++---- + p11-kit/iter.c | 20 ++++++++++++++------ + p11-kit/proxy.c | 7 +++++-- + trust/index.c | 12 ++++++++++-- + 5 files changed, 38 insertions(+), 16 deletions(-) + +commit 6563ad8ececec05f2b6269b509d4e12c07d2a87e +Author: Daiki Ueno +Date: 2019-10-26 + + CONTRIBUTING.md: Mention contribution rules and coding style + + CONTRIBUTING.md | 35 +++++++++++++++++++++++++++++++++++ + HACKING | 16 ---------------- + Makefile.am | 2 +- + 3 files changed, 36 insertions(+), 17 deletions(-) + +commit 65409c0ebd5d9a4aaf55254256dcc878862a0be1 +Author: Vincent JARDIN +Date: 2019-10-22 + + Fix RPC calls: ATTRIBUTE buf not null but length 0 + + Let's add a support for cases when the buffer != NULL but the + length is 0. According to Oasis, buffer = NULL and length = 0 + means a query of the length so the subsequent calls with a + buffer != NULL should fill then buffer when length is long enough. + If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL. + + See the previous commit for IN_ULONG_BUFFER(). This patch is + follow a similar design pattern. + + Fix: issue #257 + + p11-kit/rpc-message.c | 8 +++++++- + p11-kit/rpc-server.c | 22 +++++++++++++++++++--- + 2 files changed, 26 insertions(+), 4 deletions(-) + +commit 8cb21a6a09d18156c9002b97687e5ac0bfa0fc92 +Author: Vincent JARDIN +Date: 2019-10-22 + + Fix RPC calls: BYTE buffer not null and length 0 + + Let's add a support for cases when the buffer != NULL but the + length is 0. According to Oasis, buffer = NULL and length = 0 + means a query of the length so the subsequent calls with a + buffer != NULL should fill buffer when length is long enough. + If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL. + + This current fix is for IN_BYTE_BUFFER(), same + for IN_ATTRIBUTE_BUFFER(). + + See the previous commit for IN_ULONG_BUFFER(). This patch is + strictly using the same design pattern. + + Fix: issue #257 + + Suggested-by: Daiki Ueno + + p11-kit/rpc-client.c | 2 +- + p11-kit/rpc-message.c | 6 ++++-- + p11-kit/rpc-message.h | 3 ++- + p11-kit/rpc-server.c | 7 +++++-- + 4 files changed, 12 insertions(+), 6 deletions(-) + +commit 1ede9b8d33c4bc9a4194ffca22ac6d7351f6bcf5 +Author: Vincent JARDIN +Date: 2019-10-21 + + Fix C_GetSlotList() when length is 0 + + Let's add a support for cases when the buffer != NULL but the + length is 0. According to Oasis, buffer = NULL and length = 0 + means a query of the length so the subsequent calls with a + buffer != NULL should fill buffer when length is long enough. + If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL. + + This current fix is for IN_ULONG_BUFFER(), same + should be applied for IN_BYTE_BUFFER() and for IN_ATTRIBUTE_BUFFER(). + + Include a test_no_slots() + + Fix: issue #257 + + Suggested-by: Daiki Ueno + + p11-kit/rpc-client.c | 2 +- + p11-kit/rpc-message.c | 6 ++++-- + p11-kit/rpc-message.h | 3 ++- + p11-kit/rpc-server.c | 7 +++++-- + p11-kit/test-server.c | 36 ++++++++++++++++++++++++++++++++++++ + 5 files changed, 48 insertions(+), 6 deletions(-) + +commit 9763fc8edcc5dd41e07ddf068dce6bc429dfe6b6 +Author: Jakub Jelen +Date: 2019-10-23 + + test-proxy: Implement reproducer for bad prefix list matching + + p11-kit/test-proxy.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +commit 298ad811540c538fea1906528fe8cf8a6784e5ee +Author: Jakub Jelen +Date: 2019-10-23 + + modules: Implement correct search in list + + The current version of matching was failing, when the list contained + also a searched string with some suffix, for example, when we ran from + p11-kit and the p11-kit-proxy was first in the list and p11-kit later, + it was not matched, because the test did not find a separator after + the first match, decided that it does not match and did not try further. + + example program p11-kit + example enable-in: p11-kit-proxy,p11-kit + + p11-kit/modules.c | 26 ++++++++++++++++++-------- + 1 file changed, 18 insertions(+), 8 deletions(-) + +commit 7c94eab51d08650eaa66184344325d42e812973c +Author: Daiki Ueno +Date: 2019-10-23 + + autotools: Fix bash-completion installation + + Makefile.am | 13 ++++--------- + configure.ac | 5 ++++- + p11-kit/Makefile.am | 4 ++++ + trust/Makefile.am | 4 ++++ + 4 files changed, 16 insertions(+), 10 deletions(-) + +commit ef2716d18e1098effb8f3a90653c6264b2fec426 +Author: Jakub Jelen +Date: 2019-10-22 + + Install bash completion in the CI + + .travis/autotools/before_install.sh | 2 +- + .travis/cppcheck/before_install.sh | 2 +- + .travis/linux/before_install.sh | 2 +- + .travis/osx/before_install.sh | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +commit 387594893ee8d09267a7b788f3dae6905093d3c9 +Author: Jakub Jelen +Date: 2019-10-21 + + Add simple bash completion for provided commands + + Makefile.am | 8 ++++++ + bash-completion/meson.build | 11 ++++++++ + bash-completion/p11-kit | 19 +++++++++++++ + bash-completion/trust | 67 +++++++++++++++++++++++++++++++++++++++++++++ + configure.ac | 7 +++++ + meson.build | 1 + + 6 files changed, 113 insertions(+) + +commit b879b9b8395d0a99dbc9b8ae8057dc84bdd551e6 +Author: Jakub Jelen +Date: 2019-10-22 + + configure: Fix typo to avoid errors during configure + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6b33efaa82848bac7fd73888963a106cf4c03151 +Author: Dmitry Eremin-Solenikov +Date: 2019-10-07 + + common: add Russian PKCS#11 extensions to pkcs11x.h header + + Add values defined to support Russian GOST cryptography to pkcs11x.h + header. + + Signed-off-by: Dmitry Eremin-Solenikov + + common/pkcs11x.h | 36 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 36 insertions(+) + +commit a92894c80d880b6047327a276395b1f88fc733ee +Author: Daiki Ueno +Date: 2019-09-30 + + autotools: Add more files from meson build in distribution + + Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit b0ebe7555c291808db29377ba79cb8326301f0a6 +Author: Daiki Ueno +Date: 2019-09-30 + + autotools: Add more files from meson build in distribution + + p11-kit/Makefile.am | 7 +++++++ + 1 file changed, 7 insertions(+) + +commit 3530d4946f9b9233bb0c132f3eda77c5f593fe9a +Author: Daiki Ueno +Date: 2019-09-30 + + build: Fix 'make distcheck' + + Makefile.am | 3 ++- + doc/manual/Makefile.am | 1 - + p11-kit/Makefile.am | 1 + + 3 files changed, 3 insertions(+), 2 deletions(-) + +commit 25df8dfd2fac77d8c00d87a114d6d89dd945055f +Author: Daiki Ueno +Date: 2019-09-30 + + Release 0.23.18 + + NEWS | 5 +++++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 7 insertions(+), 2 deletions(-) + +commit fde84c52f4ffd0b274ce92e5f935060e86f0a5f7 +Author: Daiki Ueno +Date: 2019-09-25 + + rpc: Allow empty CK_DATE value + + Unlike other data types, CK_DATE value may be empty (and that is the + default). Treat it as a valid value and serialize/deserialize + accordingly. + + Reported by Vincent JARDIN in: + https://github.com/p11-glue/p11-kit/issues/244 + + p11-kit/rpc-message.c | 23 +++++++++++++---------- + p11-kit/test-rpc.c | 23 +++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 10 deletions(-) + +commit df2b7b0a3c1ad3c6f54ff6c84ecc1f04976e65f7 +Author: Daiki Ueno +Date: 2019-09-18 + + build: Fix undefined behavior in left shift + + Spotted by UBSan. + + p11-kit/rpc-message.c | 2 +- + trust/utf8.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +commit 94179adeebb24f390cad6abed1f1f8f89c41f451 +Author: Daiki Ueno +Date: 2019-09-11 + + autotools: Use symbol versioning if possible + + The meson build already using it for: + https://github.com/mesonbuild/meson/issues/3047 + + Suggested by Jan Alexander Steffens + + configure.ac | 3 +++ + p11-kit/Makefile.am | 9 +++++++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +commit 783bfcb40bafc7e2b64ec80a99add15112a2e8f9 +Author: Daiki Ueno +Date: 2019-09-11 + + build: Import ld-version-script.m4 from gnulib + + .gitignore | 1 + + build/m4/ld-version-script.m4 | 48 +++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 49 insertions(+) + +commit 5240551119b99618aa4de95b88c1c2076d7ec87a +Author: Daiki Ueno +Date: 2019-09-10 + + build: Add meson files in autotools distribution + + Makefile.am | 2 +- + common/Makefile.am | 2 ++ + doc/manual/Makefile.am | 1 + + p11-kit/Makefile.am | 1 + + trust/Makefile.am | 3 ++- + 5 files changed, 7 insertions(+), 2 deletions(-) + +commit 201e9d838befb1e4641228a79212a37c81774e8f +Author: Daiki Ueno +Date: 2019-09-13 + + travis: Run ninja install as root + + This is to avoid meson calling pkexec, which doesn't work inside docker. + + .travis/linux/script.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 17b2edb1354c5d5080172af45ce55408c5e51d59 +Author: Jan Alexander Steffens (heftig) +Date: 2019-09-10 + + meson: Add missing prefix to system path defines + + p11-kit/meson.build | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit 64a7722aeab2eafcbc57c9145b3fb556e4b1a61b +Author: Jan Alexander Steffens (heftig) +Date: 2019-09-10 + + meson: Install p11-kit-server units + + p11-kit/meson.build | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit e5b0dfc2aca0d22c123a85c6cab96772af1f85fb +Author: Jan Alexander Steffens (heftig) +Date: 2019-09-10 + + meson: Build and install man pages + + doc/manual/meson.build | 185 +++++++++++++++++++++++++++++++------------------ + meson.build | 5 +- + meson_options.txt | 4 ++ + 3 files changed, 122 insertions(+), 72 deletions(-) + +commit 901749a2039ce5b0e6388295d364b22b80c37e58 +Author: Jan Alexander Steffens (heftig) +Date: 2019-09-10 + + meson: Don't prefix p11_user_config + + p11-kit/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b1d1fb011fad3e5b21665e6767fc267e0241ecf0 +Author: Jan Alexander Steffens (heftig) +Date: 2019-09-10 + + meson: PKCS#11 modules should only export C_GetFunctionList + + p11-kit/meson.build | 10 ++++++++++ + p11-kit/p11-module.def | 2 ++ + p11-kit/p11-module.map | 6 ++++++ + trust/meson.build | 6 +++++- + 4 files changed, 23 insertions(+), 1 deletion(-) + +commit cc38f6aa61f6122f182d7099f5c88548b36a0843 +Author: Jan Alexander Steffens (heftig) +Date: 2019-09-10 + + meson: Install p11-kit-client module + + p11-kit/meson.build | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit f2ee0a01272f4bbd018fb438344615cca8a74185 +Author: Daiki Ueno +Date: 2019-09-09 + + meson: Fix dictionary syntax + + Reported by Jan Alexander Steffens. + + doc/manual/meson.build | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit f00183944fad943216ac5842f6b23ab5c4149e50 +Author: Daiki Ueno +Date: 2019-09-09 + + Release 0.23.17 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 10 insertions(+), 2 deletions(-) + +commit 2dea838a5dc284db29b0f8558cd3e1f1822f47ed +Author: Daiki Ueno +Date: 2019-09-09 + + uri: Supress cppcheck false-positive + + p11-kit/uri.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 8db6d7eee38bbf1f511da6128d108a62833f84d0 +Author: Daiki Ueno +Date: 2019-09-09 + + uri: Check return value of insert_attribute + + p11-kit/uri.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +commit d6c88b4735284394e73ad0228559fc8aca948318 +Author: Daiki Ueno +Date: 2019-09-09 + + meson: Update project version + + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit ead7a4a28f0505aa5602877538ef8be9970245b2 +Author: Daiki Ueno +Date: 2019-07-07 + + build: Fix typo in checking program_invocation_short_name decl + + The decl should be in errno.h, not error.h. + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 99cdf3dc86ec7148e08351b63d8ee5f2f2a7f4d3 +Author: Rosen Penev +Date: 2019-07-01 + + common: Fix uClibc-ng compilation + + program_invocation_short_name is const under uClibc-ng. + + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 5a89453fafab796d33c37dd6861c102fc28ebde2 +Author: Alon Bar-Lev +Date: 2019-07-01 + + trust: do not allow daylight to invalidate date validation + + Issue: 235 + Signed-off-by: Alon Bar-Lev + + trust/builder.c | 1 + + 1 file changed, 1 insertion(+) + +commit 787888e181543f5a85eb69d6a3caf14f9a4262b2 +Author: Daiki Ueno +Date: 2019-06-19 + + build: Declare dependency chain between static libs in common + + In common/ there are sub-libraries namely libp11-common.a, + libp11-library.a, libp11-tool.a, and libp11-test.a. + + All the latter 3 libs use the symbols from libp11-common.a, it would + make sense to declare a dependency against it. + + common/meson.build | 17 ++++++----------- + p11-kit/meson.build | 22 ++++++++++------------ + trust/meson.build | 10 +++------- + 3 files changed, 19 insertions(+), 30 deletions(-) + +commit eb5eb7aea7fc41a2c15d853cd57c7c030644f4ee +Author: Daiki Ueno +Date: 2019-06-19 + + build: Make threads dependency more explicit + + common/meson.build | 6 ++++-- + meson.build | 12 ++++-------- + p11-kit/meson.build | 4 ++-- + 3 files changed, 10 insertions(+), 12 deletions(-) + +commit daf1a84de39c4cdbd308c6a0b80b437689a222c7 +Author: Daiki Ueno +Date: 2019-06-02 + + .travis.yml: Use meson for building + + .travis.yml | 12 ++++++------ + .travis/autotools/after_failure.sh | 3 +++ + .travis/autotools/after_success.sh | 13 +++++++++++++ + .travis/autotools/before_install.sh | 9 +++++++++ + .travis/autotools/install.sh | 14 ++++++++++++++ + .travis/autotools/script.sh | 12 ++++++++++++ + .travis/linux/after_failure.sh | 2 +- + .travis/linux/after_success.sh | 10 ++++------ + .travis/linux/before_install.sh | 4 +++- + .travis/linux/script.sh | 33 +++++++++++++++++++++++---------- + build/cross_file_mingw64.txt | 18 ++++++++++++++++++ + 11 files changed, 106 insertions(+), 24 deletions(-) + +commit 4f956698b64ac6eb8e5e8b7d143ceb11f1133814 +Author: Daiki Ueno +Date: 2019-05-15 + + build: Add meson build support + + This adds support for meson as an alternative build system. + + .dir-locals.el | 3 +- + common/meson.build | 99 ++++++++++++ + doc/manual/meson.build | 75 +++++++++ + doc/manual/sysdir.xml.in | 1 + + doc/manual/userdir.xml.in | 1 + + doc/manual/version.xml.in | 1 + + meson.build | 368 ++++++++++++++++++++++++++++++++++++++++++ + meson_options.txt | 47 ++++++ + p11-kit/gen-pkcs11-gnu.sh | 16 ++ + p11-kit/gen-virtual-fixed.sh | 28 ++++ + p11-kit/libp11-kit-0.dll.def | 101 ++++++++++++ + p11-kit/libp11-kit.map | 105 ++++++++++++ + p11-kit/meson.build | 299 ++++++++++++++++++++++++++++++++++ + p11-kit/meson_post_install.sh | 15 ++ + p11-kit/pkcs11-gnu.c | 3 + + po/meson.build | 1 + + trust/meson.build | 162 +++++++++++++++++++ + 17 files changed, 1324 insertions(+), 1 deletion(-) + +commit 411a7a6d31cd5584ff9837260d77d8c306d3b557 +Author: Daiki Ueno +Date: 2019-06-01 + + trust: Fix mismatched return values + + trust/pem.c | 2 +- + trust/x509.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +commit 58481dbb0b0ee1384e62878283a398d96e0ff5f2 +Author: Daiki Ueno +Date: 2019-06-02 + + po: Remove en@{,bold}quot from LINGUAS + + po/LINGUAS | 2 -- + 1 file changed, 2 deletions(-) + +commit cbdbfaaf255083091decc280058caa87db19aeb9 +Author: Daiki Ueno +Date: 2019-06-01 + + build: Don't hardcode module path + + Makefile.am | 4 +++- + p11-kit/Makefile.am | 12 ++++++++---- + p11-kit/test-deprecated.c | 2 +- + p11-kit/test-init.c | 2 +- + p11-kit/test-server.c | 12 ++++++------ + p11-kit/test-server.sh | 4 +++- + p11-kit/test-transport.c | 6 +++--- + 7 files changed, 25 insertions(+), 17 deletions(-) + +commit 084347319f6e832ec2c36d7b27a64c8f2614f084 +Author: Daiki Ueno +Date: 2019-06-01 + + build: Move check_PROGRAMS into subdirectories + + .gitignore | 12 ++++++------ + common/Makefile.am | 12 ++++++------ + common/test-compat.c | 4 ++-- + p11-kit/Makefile.am | 32 ++++++++++++++++---------------- + p11-kit/test-conf.c | 2 +- + p11-kit/test-messages.sh | 2 +- + p11-kit/test-server.c | 4 ++-- + p11-kit/test-server.sh | 4 ++-- + p11-kit/test-transport.c | 6 +++--- + 9 files changed, 39 insertions(+), 39 deletions(-) + +commit 6bebd5747aa49d4a124d23d4967f65a771799fe5 +Author: Daiki Ueno +Date: 2019-06-01 + + tests: Add tmpdir argument to p11_test_copy_setgid + + To prevent BUILDDIR being embedded in the library. + + common/test-compat.c | 4 ++-- + common/test.c | 7 +++++-- + common/test.h | 3 ++- + p11-kit/test-conf.c | 2 +- + 4 files changed, 10 insertions(+), 6 deletions(-) + +commit 51382cd59c89e862443421a9d697a709f2244f36 +Author: Daiki Ueno +Date: 2019-06-16 + + tests: Fix memleaks in test-jks.c + + trust/test-jks.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +commit 9c2022d292c00ccbe2413b53b7c91cf4ba4d7c14 +Author: Daiki Ueno +Date: 2019-06-03 + + tests: Skip tests calling getauxval(AT_SECURE) if binary is on /tmp + + common/test-compat.c | 5 +++-- + p11-kit/test-conf.c | 5 +++-- + 2 files changed, 6 insertions(+), 4 deletions(-) + +commit fd908a787cc868043067f5fab492f8e05b6d99ce +Author: Daiki Ueno +Date: 2019-06-16 + + tests: Fix temp file permission before deleting + + On mingw64/wine, unlink fails if the file has no write bit. + + trust/test-module.c | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +commit 2b3581c234f0097a2598395d1e0012b4ddd9a5ba +Author: Daiki Ueno +Date: 2019-06-17 + + tests: Don't assume / is not writable on Windows in test-token.c + + trust/test-token.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +commit 6708ccf6126734b4d98cc849bc4542c45ffce191 +Author: Daiki Ueno +Date: 2019-06-15 + + conf: Skip root UID check on Windows + + p11-kit/conf.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 1e8ca781b983cb31d62e21a3a61f25be1fcc694f +Author: Daiki Ueno +Date: 2019-05-20 + + virtual: Rename virtual-fixed.c to virtual-fixed-generated.h + + Previously the generated .c file was included in another source file, + which is not supported in some build systems (e.g., meson). + + .gitignore | 2 +- + .travis/linux/after_success.sh | 2 +- + p11-kit/Makefile.am | 6 +++--- + p11-kit/virtual.c | 2 +- + 4 files changed, 6 insertions(+), 6 deletions(-) + +commit 045d7546fc317deefc2d84d524a211ce6ab4869b +Author: Daiki Ueno +Date: 2019-06-03 + + common: Make issetugid check simpler + + common/compat.c | 7 ++----- + configure.ac | 16 +--------------- + 2 files changed, 3 insertions(+), 20 deletions(-) + +commit bbb7f046ff430d33267487cb6f8a0e24d2eab832 +Author: Daiki Ueno +Date: 2019-06-02 + + common: Fix vasprintf emulation + + va_list must be saved when calling vsnprintf() in a loop. + + common/compat.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +commit 5fc2d67b5ebb3daddb350d7ac60ede74dd99fcc6 +Author: Simon Haggett +Date: 2019-06-13 + + rpc: On UNIX wait on condition variable instead of FD if header is for a different thread. + + If rpc_socket_read() receives a header for a different thread, it tries to yield by + releasing the read mutex and waiting on the socket's read FD. On Linux systems, this has + been observed to cause a performance problem in cases where multiple threads are being + used. Threads expecting a different header can rapidly unlock and relock the read mutex, + as they resume when sock->read_code hasn't changed. This can result in contention on the + read mutex, which delays the thread that is expecting to consume the header. + + This fix updates rpc_socket_read() on UNIX to wait on a condition variable instead of the + socket's read FD. The condition variable is signalled when sock->read_code changes. This + allows waiting threads to only resume once the header and payload have been consumed by + their target thread. This fix only targets UNIX platforms, as the Windows version that + p11-kit targets by default (Windows 2000) does not provide support for condition + variables. + + Signed-off-by: Simon Haggett + + common/compat.h | 13 +++++++++++++ + p11-kit/rpc-transport.c | 47 +++++++++++++++++++++++++++++++++++------------ + 2 files changed, 48 insertions(+), 12 deletions(-) + +commit c689917b393379d288b868f70b2f7b7f6aafe430 +Author: Daiki Ueno +Date: 2019-05-23 + + tests: Avoid uninitialized value in test-proxy.c + + p11-kit/test-proxy.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 330148bef17a39075a0af5e446c9502bf3a225ff +Author: Daiki Ueno +Date: 2019-05-22 + + build: Suppress compiler warning + + Remove unused "global" variable. + + p11-kit/proxy.c | 1 - + 1 file changed, 1 deletion(-) + +commit 0eb1f6782c5315fc6b46861bc9f92a765e229e14 +Author: Raphael Medaer +Date: 2019-05-22 + + doc: Add 'server' command in help + + 'server' is the last common command which is not in CLI help. + IMHO, adding this small documentation could help to promote usage of + pkcs11 forwarding. + + p11-kit/p11-kit.c | 1 + + 1 file changed, 1 insertion(+) + +commit 9a546b4571f20b271058990e94833f35e4ec39c0 +Author: Daiki Ueno +Date: 2019-05-22 + + Release 0.23.16 + + NEWS | 10 ++++++++++ + configure.ac | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +commit 381d16e651d5bcace316fbab4095c8dea8c43a92 +Author: Daiki Ueno +Date: 2019-05-16 + + proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified + + While fully implementing C_WaitForSlotEvent() would require a separate + thread to monitor events, it is straightforward to implement the + function if the CKF_DONT_BLOCK flag is given. + + Suggested by David Ward. + + p11-kit/Makefile.am | 7 ++++- + p11-kit/mock-module-ep7.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/proxy.c | 64 +++++++++++++++++++++++++++++++++---------- + p11-kit/test-proxy.c | 40 +++++++++++++++++++++++++++ + 4 files changed, 166 insertions(+), 15 deletions(-) + +commit 68ce31aae9a22d18b28f4aa44b3e1006b7fe3aa7 +Author: Daiki Ueno +Date: 2019-05-17 + + conf: Ignore user configuration if the program is running as root + + Suggested by Bastien Nocera: + https://bugzilla.redhat.com/show_bug.cgi?id=1688583 + + p11-kit/conf.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 58cede114664e839b53d923863bff604ce58b1a7 +Author: Daiki Ueno +Date: 2019-05-15 + + proxy: Refresh slot list on every C_GetSlotList call + + Previously, the proxy module calculated the slot list only once at the + C_Initialize() call. That was causing a usability limitation when the + user attaches HSM after starting an application. + + Suggested by David Ward. + + p11-kit/Makefile.am | 7 ++- + p11-kit/mock-module-ep6.c | 76 ++++++++++++++++++++++++++++ + p11-kit/proxy.c | 123 +++++++++++++++++++++++++++++----------------- + p11-kit/test-proxy.c | 34 ++++++++++++- + 4 files changed, 192 insertions(+), 48 deletions(-) + +commit 793cc3b78f17bb5a3c151eba1144b73a5d51be3e +Author: Simon Haggett +Date: 2019-03-12 + + modules: Fix index used in call to p11_dict_remove() + + This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use + the correct index in the stolen array (i, rather than at). This avoids an + assert, which was encountered on a host serving a PKCS#11 module to a remote + Linux client. + + Signed-off-by: Simon Haggett + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit cbe95e35f8309493094c93d882d0c18e8063f292 +Author: Tom Sutcliffe +Date: 2019-03-09 + + Fix Win32 p11_dl_error crash + + Caused by returning a buffer that wasn't allocated with malloc and + needed to be freed with LocalFree() instead. The fix is to strdup + msg_buf so what's returned can be free()d. + + common/compat.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +commit 4a925177a81c2566d2a81a0a450607a5ff4d9048 +Author: Stefano Garzarella +Date: 2019-02-27 + + modules: check gl.modules before iterates on it when freeing + + In some circumstances, as described in the BZ, can happen that + free_modules_when_no_refs_unlocked() is called multiple times + when the module destructor is invoked. + We should check gl.modules before iterates on it in the + free_modules_when_no_refs_unlocked() functions, to avoid + a SIGSEGV. + + Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963 + + p11-kit/modules.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +commit e2170b295992cb7fdf115227a78028ac3780619f +Author: Daiki Ueno +Date: 2019-02-18 + + trust: Ignore unreadable content in anchors + + This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of + failing C_FindObjectsInit, treat any errors internally and accumulates + the successfully loaded certificates. + + Reported by Andrej Kvasnica in: + https://bugzilla.redhat.com/show_bug.cgi?id=1675441 + + trust/module.c | 3 +-- + trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 23 +++++++--------- + 3 files changed, 88 insertions(+), 15 deletions(-) + +commit 2a474e1fe8f4bd8b4ed7622e5cf3b2718a202562 +Author: Daiki Ueno +Date: 2019-01-28 + + extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH + + Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so + that the test results are not affected by the envvar settings. + + trust/extract-jks.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit 1ba80c67c492f25581ed97c8c31ffb5f20636d06 +Author: Daiki Ueno +Date: 2019-01-14 + + Release 0.23.15 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +commit f277a1469aef05d3542e8ae9fd3f5dbadbe12463 +Author: Daiki Ueno +Date: 2019-01-11 + + pem: Fix assert condition + + If the PEM header is "-----BEGIN -----", *type should be an empty + string and the parser shouldn't fail. Reported by Han Han in: + https://bugzilla.redhat.com/show_bug.cgi?id=1665172 + + trust/pem.c | 2 +- + trust/test-pem.c | 18 ++++++++++++++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + +commit bebf4f3442ea5cdaa3a9fa2d0fee366e7264a227 +Author: Daiki Ueno +Date: 2019-01-09 + + test: Add test that exercises duplicated certs in JKS + + trust/extract-jks.c | 2 +- + trust/fixtures/duplicated.jks | Bin 0 -> 2122 bytes + trust/fixtures/duplicated1.der | Bin 0 -> 1010 bytes + trust/fixtures/duplicated2.der | Bin 0 -> 1010 bytes + trust/fixtures/multiple.jks | Bin 2556 -> 2567 bytes + trust/test-jks.c | 58 ++++++++++++++++++++++++++++++++++++++--- + 6 files changed, 55 insertions(+), 5 deletions(-) + +commit 7289639cf41df1840002e865bf700f50afec523c +Author: Daiki Ueno +Date: 2019-01-09 + + trust: Fix alias generation in JKS extractor + + When there is a duplicate, the JKS extractor previously assigned + somewhat obscure name "-" (not "-"). + + trust/extract-jks.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 5e6a92b67ddade14a54769b05cc717043bc56b78 +Author: Daiki Ueno +Date: 2018-12-25 + + trust: Continue parsing if the file cannot be read as persist format + + A corrupted file that contains "[p11-kit-object-v1]" can be a valid + PEM certs file. Continue with the next format if it cannot be read as + a persistent format. + + trust/parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 4aa6ef9e82f6bb14746a47a7d56789d5e982a1f5 +Author: Daiki Ueno +Date: 2018-12-25 + + trust: p11_token_load: Treat parse error as failure + + Those conditions can happen when the trust file is corrupted, so it + makes more sense to treat them as a failure instead of programmer + error. + + trust/token.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +commit eb503f3a1467f21a5ecc9ae84ae23b216afc102f +Author: Daiki Ueno +Date: 2018-12-25 + + trust: Fail if trust anchors are not loaded from a file + + If the trust path is a file, treat parse error as fatal and abort the + C_FindObjectsInit call. + + trust/module.c | 11 ++++++++--- + trust/token.c | 6 +++--- + 2 files changed, 11 insertions(+), 6 deletions(-) + +commit 0dd62395788ae566d3adef967611bce214a04435 +Author: Daiki Ueno +Date: 2018-12-23 + + trust: Propagate library verbosity to module through init_args + + Previously, even when the -v option is used with the 'trust' command, + the messages from p11-kit-trust.so module were suppressed because the + verbosity setting is not propagated to the module. + + common/message.c | 8 ++++---- + p11-kit/modules.c | 29 +++++++++++++++++++++++------ + p11-kit/p11-kit.h | 3 ++- + trust/enumerate.c | 11 +++++++++-- + trust/module.c | 5 +++++ + trust/p11-kit-trust.module | 4 ++++ + 6 files changed, 47 insertions(+), 13 deletions(-) + +commit 95faa51a23fc416e718dbd740adfce31f642530b +Author: Daiki Ueno +Date: 2018-12-29 + + build: Fix typo spotted by codespell + + ChangeLog | 2 +- + NEWS | 8 ++++---- + common/pkcs11.h | 2 +- + common/test-lexer.c | 2 +- + doc/manual/Makefile.am | 2 +- + p11-kit/iter.c | 2 +- + p11-kit/modules.c | 2 +- + p11-kit/rpc-message.c | 6 +++--- + p11-kit/rpc-server.c | 4 ++-- + p11-kit/test-pin.c | 2 +- + p11-kit/test-virtual.c | 2 +- + trust/test-enumerate.c | 2 +- + trust/test-parser.c | 2 +- + trust/test-token.c | 4 ++-- + trust/trust-extract-compat.in | 2 +- + 15 files changed, 22 insertions(+), 22 deletions(-) + +commit 4ee6545d0188e495f195b7fe5abbe9cc382a626d +Author: Jakub Jelen +Date: 2018-12-06 + + doc: Make log-calls match the rest of the document style + + doc/manual/pkcs11.conf.xml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit b9eceda29965af989ad2150082454ae353266fa5 +Author: Daiki Ueno +Date: 2018-11-23 + + build: Simplify assertions + + Let it leak memory when we assert, so not to confuse static analyzers + as if this is the normal case. + + common/test.c | 6 ------ + 1 file changed, 6 deletions(-) + +commit b92e8c7f5c082a55073903d53293e6aeecb9d0ed +Author: Daiki Ueno +Date: 2018-11-22 + + travis: Add cppcheck profile + + .travis.yml | 4 ++++ + .travis/cppcheck/after_failure.sh | 3 +++ + .travis/cppcheck/before_install.sh | 9 +++++++++ + .travis/cppcheck/install.sh | 14 ++++++++++++++ + .travis/cppcheck/script.sh | 3 +++ + 5 files changed, 33 insertions(+) + +commit d293fd54c754190da333496df070992e2d803a87 +Author: Daiki Ueno +Date: 2018-11-22 + + travis: Allow profile override + + .travis.yml | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +commit f0c82b07f8b31a4b86de32436cb4f5053de16336 +Author: Daiki Ueno +Date: 2018-11-22 + + build: Suppress cppcheck errors + + common/test-tests.c | 2 ++ + common/test.c | 4 ++++ + p11-kit/server.c | 8 ++++++-- + trust/test-bundle.c | 9 ++++++--- + trust/test-openssl.c | 9 ++++++--- + trust/test-save.c | 22 +++++++++++++++------- + trust/test-trust.c | 4 +++- + 7 files changed, 42 insertions(+), 16 deletions(-) + +commit 8287689158403090b5828a568b122b5b3a3ce987 +Author: Daiki Ueno +Date: 2018-10-22 + + tests: Ensure p11_proxy_module_cleanup is called + + Reported and suggested in #197. + + p11-kit/test-proxy.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit f758142178b4cc5c650dde75152bfb85ac992178 +Author: Daiki Ueno +Date: 2018-10-15 + + url: Prefer upper-case letters in hex characters when encoding + + This makes it more compliant with RFC 3986, where the use of + upper-case letters is recommended (as "SHOULD"). + + Suggested by Sumit Bose. + + common/test-path.c | 2 +- + common/test-url.c | 28 ++++++++++++++++++++++++++++ + common/url.c | 24 +++++++++++++++++------- + p11-kit/test-uri.c | 14 +++++++------- + 4 files changed, 53 insertions(+), 15 deletions(-) + +commit e81f6af7ed3b39b8df0bb7ce150619ea8178d47c +Author: Harald Hoyer +Date: 2018-11-02 + + trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time + + For reproducible builds, accept a define timestamp for the java + keystore. + + See https://reproducible-builds.org/docs/source-date-epoch/ + + trust/extract-jks.c | 38 ++++++++++++++++++++++++++++++++++---- + 1 file changed, 34 insertions(+), 4 deletions(-) + +commit 1d6913d5a551b6bd8efaa1705178e49f1527aa7e +Author: Daiki Ueno +Date: 2018-10-30 + + build: Require pkg.m4 >= 0.29 at bootstrap + + configure.ac | 2 ++ + 1 file changed, 2 insertions(+) + +commit 6e1046de2233fba7875d3d6a1b260192678dd0ad +Author: Daiki Ueno +Date: 2018-10-19 + + virtual: Prefer fixed closures to libffi closures + + On some circumstances (such as when loading p11-kit-proxy from httpd), + it is known that creation of libffi closure always fails, due to + SELinux policy. Although this is harmless, it pollutes the journal + and gives wrong hints when troubleshooting. This patch changes the + order of preference of libffi vs pre-compiled closures to avoid that. + + p11-kit/virtual.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +commit 83e92c2f9575707083d8b0c70ef330e285d70836 +Author: Daiki Ueno +Date: 2018-10-17 + + trust: Check index->buckets is allocated on cleanup + + trust/index.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +commit 6417780ebbbbb0f01ddb001b239347655fb98578 +Author: Daiki Ueno +Date: 2018-10-17 + + rpc-server: Check calloc failure + + p11-kit/rpc-server.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit da73c2804b3ca962fa51473bb4c303a5ed32d4a1 +Author: Daiki Ueno +Date: 2018-10-16 + + trust: Set umask before calling mkstemp + + trust/save.c | 3 +++ + 1 file changed, 3 insertions(+) + +commit 033cd90806cb1e2eab7e799703757abc2f07052e +Author: Daiki Ueno +Date: 2018-10-16 + + proxy: Fix null dereference when reusing slots + + p11-kit/proxy.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +commit 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 +Author: Daiki Ueno +Date: 2018-10-16 + + rpc-server: p11_kit_remote_serve_tokens: Fix memleak + + p11-kit/rpc-server.c | 5 +++++ + 1 file changed, 5 insertions(+) + +commit 213ea0815ef45411bf6c134918b79d2aad69c1dc +Author: Daiki Ueno +Date: 2018-10-16 + + build: Check return value of p11_rpc_buffer_get_uint64 + + p11-kit/rpc-client.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 06323aed926ddc67bd18ed98e5af92035a8e3d39 +Author: Daiki Ueno +Date: 2018-10-16 + + build: Check return value of p11_dict_set + + p11-kit/proxy.c | 3 ++- + p11-kit/rpc-server.c | 6 +++++- + trust/module.c | 3 ++- + 3 files changed, 9 insertions(+), 3 deletions(-) + +commit b10dadce5a3c921149b2c9fe0dec614f8076ebda +Author: Daiki Ueno +Date: 2018-10-16 + + build: Free memory before return{,_val}_if_* macros + + p11-kit/iter.c | 5 ++++- + p11-kit/proxy.c | 10 ++++++++-- + trust/asn1.c | 15 ++++++++++++--- + trust/builder.c | 5 ++++- + trust/index.c | 10 ++++++++-- + trust/persist.c | 5 ++++- + trust/save.c | 29 +++++++++++++++++++++++++---- + trust/session.c | 10 ++++++++-- + trust/token.c | 5 ++++- + 9 files changed, 77 insertions(+), 17 deletions(-) + +commit c76197ddbbd0c29adc2bceff2ee9f740f71d134d +Author: Daiki Ueno +Date: 2018-10-16 + + build: Call va_end() always when leaving the function + + common/attrs.c | 4 +++- + common/compat.c | 5 ++++- + common/path.c | 5 ++++- + trust/parser.c | 4 +++- + 4 files changed, 14 insertions(+), 4 deletions(-) + +commit 8a8db182af533a43b4d478d28af8623035475d68 +Author: Daiki Ueno +Date: 2018-10-16 + + debug: Work around cppcheck false-positives + + https://trac.cppcheck.net/ticket/8794 + + common/debug.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit f4a9fa674e17cc470d9280237032f18a70313d8e +Author: Leonardo Brondani Schenkel +Date: 2018-05-28 + + common: use /proc only on Linux + + Non-Linux systems do not have /proc, so do not attempt to open it and + eliminate an unnecessary access() syscall on those systems. + + common/compat.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 7f1df14e041c6de9603a4720753ca8f31e32b4ff +Author: Daiki Ueno +Date: 2018-08-31 + + pkcs11: Don't redefine CKM_CAMELLIA_KEY_GEN + + Also reorder the CKM_CAMELLIA_* definitions. + + common/pkcs11.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +commit 3770793f026e46a000d2d8816d56122598289d5c +Author: Daiki Ueno +Date: 2018-08-28 + + Release 0.23.14 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit c1b565413dae632a4ab78cea08ed103d9418921b +Author: Daiki Ueno +Date: 2018-08-22 + + virtual: Tighten error handling when fixed closures are exhausted + + p11-kit/virtual.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +commit 347a8793d23036433ab0ba39049f0e832bb05b3d +Author: Daiki Ueno +Date: 2018-08-22 + + virtual: Don't be too loud about recoverable failure + + p11-kit/virtual.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 9a7892ef3fd9d4bd70df41fb0200782dc6134c70 +Author: Daiki Ueno +Date: 2018-08-24 + + trust: Factor out module initialization into separate file + + This prevents double call to p11_library_init() in test-module.c, once + from the ELF constructor, and secondly from the test itself. + + trust/Makefile.am | 2 +- + trust/module-init.c | 43 ++++++++++++++++++++++++++++++++++++++++++ + trust/module.c | 54 ----------------------------------------------------- + 3 files changed, 44 insertions(+), 55 deletions(-) + +commit 0d7fbd5189ba1414d84326ddc8e4cff98f66a44b +Author: Daiki Ueno +Date: 2018-08-27 + + common: Factor out common initializer code into a header + + common/Makefile.am | 1 + + common/init.h | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/client-init.c | 60 +++----------------------------- + p11-kit/proxy-init.c | 59 +++----------------------------- + 4 files changed, 103 insertions(+), 111 deletions(-) + +commit 0961cf527f1414bf5a900d958ee776cdd28f3525 +Author: Daiki Ueno +Date: 2018-08-24 + + travis: Manually install cpp-coveralls + + To accommodate the gcov format change in gcc 8.1: + https://github.com/eddyxu/cpp-coveralls/pull/127 + which is not yet available in the pip version. + + .travis/linux/after_success.sh | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +commit 2066e7c57a7ae82e35fee3deaa06d89498d749a3 +Author: Daiki Ueno +Date: 2018-08-23 + + travis: Check valgrind exit code more strictly + + .travis/linux/script.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 7a844d8e8c1c87401b161094023cf309ca111095 +Author: Daiki Ueno +Date: 2018-08-21 + + README.md: Add CII Best Practices badge + + README.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit f2a17c5e1dbc75a0142c6330bab588deb0060151 +Author: Daiki Ueno +Date: 2018-08-21 + + README.md: Mention contact method for security issues + + README.md | 5 +++++ + 1 file changed, 5 insertions(+) + +commit b9ef1c5f4dbdfbab504479fdc899e344ff7bb44a +Author: Daiki Ueno +Date: 2018-08-17 + + Revert "build: Explicitly link threaded test programs to libpthread" + + This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0. + + configure.ac | 10 ---------- + p11-kit/Makefile.am | 8 ++++---- + 2 files changed, 4 insertions(+), 14 deletions(-) + +commit 35b39cb2bf6d50a117a9e4c8e18100d19716ea71 +Author: Daiki Ueno +Date: 2018-08-17 + + Revert "build: Stop linking the library with libpthread when possible" + + This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222. + + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit 56f3b9370747a7a33a9d56ff9365c89700dd0e67 +Author: Daiki Ueno +Date: 2018-08-17 + + Revert "common: Prefer __register_atfork() to pthread_atfork() if possible" + + This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8. + + common/library.c | 19 +------------------ + configure.ac | 2 -- + 2 files changed, 1 insertion(+), 20 deletions(-) + +commit a877b0eca3d59f7f8cd126047c0e899df6018858 +Author: Daiki Ueno +Date: 2018-08-17 + + Revert "build: Link to libpthread, if pthread_atfork() needs to be used" + + This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496. + + NEWS | 2 +- + common/library.c | 10 ++++------ + configure.ac | 7 +------ + 3 files changed, 6 insertions(+), 13 deletions(-) + +commit f69746d140cec20516c223825523fb0ade53384a +Author: Alexander Bokovoy +Date: 2018-08-14 + + Update pkcs11 header to allow SoftHSMv2 to compile + + Replace vendor-specific values with the IDs from PKCS11 v3.0 for those + constants that were already standardized. + + common/pkcs11.h | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 220 insertions(+), 18 deletions(-) + +commit abc542bd5abf46c5170f8a0c3dcc62eff0c9cfde +Author: Daiki Ueno +Date: 2018-08-13 + + travis: Check that proxy module can be loaded and unloaded + + .travis/linux/before_install.sh | 2 +- + .travis/linux/script.sh | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +commit 34416ed787d804e0d293e47f2d10dc62ddea407c +Author: Daiki Ueno +Date: 2018-08-13 + + proxy: Avoid invalid memory access when unloading proxy module + + When loading and unloading p11-kit-proxy.so with pkcs11-tool, it + accesses already free'd memory area: + + $ valgrind pkcs11-tool --module p11-kit-proxy.so -L + ==25173== Invalid read of size 8 + ==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724) + ==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65) + ==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so) + ==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so) + ==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so) + ==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so) + ==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so) + ==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so) + ==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool) + ==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool) + ==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so) + ==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd + ==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530) + ==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902) + ==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723) + + p11-kit/proxy.c | 17 ++++------------- + 1 file changed, 4 insertions(+), 13 deletions(-) + +commit 541d79cb651cfd3238b9aa41fce70208df8e9496 +Author: Daiki Ueno +Date: 2018-08-10 + + build: Link to libpthread, if pthread_atfork() needs to be used + + On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is + provided as a nop and our fork detection mechanism doesn't work. Pull + in the actual implementation from libpthread in that case. + + Signed-off-by: Daiki Ueno + + NEWS | 2 +- + common/library.c | 10 ++++++---- + configure.ac | 7 ++++++- + 3 files changed, 13 insertions(+), 6 deletions(-) + +commit 6a8da20c0432499480731548256294844cade631 +Author: Daiki Ueno +Date: 2018-08-10 + + build: Don't install systemd unit files when "make distcheck" + + Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +commit ef001069d069df43de029f3b84206676badd8a4e +Author: Daiki Ueno +Date: 2018-08-10 + + Release 0.23.13 + + NEWS | 7 +++++++ + configure.ac | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +commit ce3cec7f8742254b8627b9db48973b81e91cbfc8 +Author: Daiki Ueno +Date: 2018-08-09 + + common: Prefer __register_atfork() to pthread_atfork() if possible + + common/library.c | 19 ++++++++++++++++++- + configure.ac | 2 ++ + 2 files changed, 20 insertions(+), 1 deletion(-) + +commit 50f8906e63c9413a7687bab6608496d83c29a222 +Author: Daiki Ueno +Date: 2018-07-13 + + build: Stop linking the library with libpthread when possible + + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit ebfd7da82d7b9eea81067479861aac2d2c07cc29 +Author: Daiki Ueno +Date: 2018-07-20 + + common: Use thread-local storage class when possible + + This eliminates the unconditional use of pthread_{get,set}specific() + and pthread_key_{create,delete}(), which glibc doesn't provide the stubs. + + common/library.c | 22 ++++++++++++++++++++++ + configure.ac | 12 ++++++++++++ + 2 files changed, 34 insertions(+) + +commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0 +Author: Daiki Ueno +Date: 2018-07-20 + + build: Explicitly link threaded test programs to libpthread + + Some test programs use pthread_create(), which glibc doesn't provide + the stub. Link those programs with -lpthread. + + configure.ac | 10 ++++++++++ + p11-kit/Makefile.am | 8 ++++---- + 2 files changed, 14 insertions(+), 4 deletions(-) + +commit f04c2a84ad2a017a778fa2f23719318acb9ca89f +Author: Daiki Ueno +Date: 2018-07-20 + + common, p11-kit, trust: Use pthread_once only when necessary + + If the ELF constructor is usable, we don't really need the once-init + function because it is guaranteed that the code runs only once in the + constructor. + + common/library.c | 4 +++- + common/library.h | 10 ++++++++++ + p11-kit/client-init.c | 2 +- + p11-kit/proxy-init.c | 2 +- + trust/module.c | 2 +- + 5 files changed, 16 insertions(+), 4 deletions(-) + +commit 5b18e77e9dbb6a598812427ba07ad6df63eb7a67 +Author: Daiki Ueno +Date: 2018-07-20 + + common: Use static mutex initializer when possible + + This eliminates the use of pthread_mutexattr_* functions, which glibc + doesn't provide the stubs. + + common/compat.c | 4 +++- + common/compat.h | 18 +++++++++++++++++- + common/library.c | 14 ++++++++++---- + 3 files changed, 30 insertions(+), 6 deletions(-) + +commit 22cb49b9105657cafb98624be37f05b169f73dd6 +Author: Daiki Ueno +Date: 2018-08-01 + + server: Avoid FD leak in error cases + + Spotted by coverity. + + p11-kit/server.c | 3 +++ + 1 file changed, 3 insertions(+) + +commit 19aaf573580e52265f57f9b7af7a03bfdfaf71e0 +Author: Daiki Ueno +Date: 2018-07-19 + + trust: Clarify C_Login behavior that returns an error + + trust/module.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit ab27346ceb5d4e856671a033ac1f6521c86514a1 +Author: Daiki Ueno +Date: 2018-07-10 + + proxy: Fail early if there is no slot mappings + + p11-kit/proxy.c | 2 ++ + p11-kit/test-proxy.c | 42 ++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 44 insertions(+) + +commit fb5742cdecfde1c13d9ce610cdec050792cc57ca +Author: Daiki Ueno +Date: 2018-07-09 + + travis: Install pip for coveralls + + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b6d20ac16da7128089031248eed4afe08f6934d3 +Author: Daiki Ueno +Date: 2018-06-27 + + rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules + + This patch removes the restriction of p11_kit_remote_serve_tokens() + that were not capable of serving tokens across multiple modules. + + p11-kit/Makefile.am | 5 +- + p11-kit/remote.h | 2 +- + p11-kit/rpc-server.c | 209 ++++++++++++++++++++++++++++++++++---------------- + p11-kit/test-server.c | 83 +++++++++++++++----- + 4 files changed, 210 insertions(+), 89 deletions(-) + +commit 9d2ce267e6714c6a565a9ded3aa0001918d1ae1d +Author: Daiki Ueno +Date: 2018-06-27 + + build: Use separate p11-kit-{remote,server} executable for testing + + Otherwise, the p11-kit-remote program called from p11-kit-server would + load the system modules instead of the local fixtures. + + .gitignore | 2 ++ + p11-kit/Makefile.am | 26 ++++++++++++++++++++++++++ + p11-kit/server.c | 2 +- + p11-kit/test-server.c | 4 ++-- + 4 files changed, 31 insertions(+), 3 deletions(-) + +commit 8d8bff0a2edf4659b641dde1333eb6a7c695671c +Author: Daiki Ueno +Date: 2018-06-25 + + proxy: Allow proxy to be created from the library + + Previously, to aggregate multiple modules into one, there was no other + way than loading the proxy module. From the p11-kit applications, + however, it is not possible to load that module because of the + recursive loading check (p11_proxy_module_check). + + This patch adds another means to aggregate modules, through a library + function p11_proxy_module_create. + + p11-kit/proxy.c | 40 +++++++++++++++++++++++++++++++++++++++- + p11-kit/proxy.h | 3 +++ + 2 files changed, 42 insertions(+), 1 deletion(-) + +commit a65696b3e79acb602bd0c000f8524d3cc8998187 +Author: Daiki Ueno +Date: 2018-06-25 + + proxy: Turn global variables module local + + p11-kit/proxy.c | 35 ++++++++++++++--------------------- + 1 file changed, 14 insertions(+), 21 deletions(-) + +commit c53888a802eed4baa4aff54060334d2fdbfc7648 +Author: Daiki Ueno +Date: 2018-07-13 + + build: Make reallocarray detection robuster + + On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is + defined. Reported by Patrick Welche in: + https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html + + common/compat.h | 2 +- + configure.ac | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +commit 53a7e915b2694bc1957d98493a7aee9abfa3c6c5 +Author: Daiki Ueno +Date: 2018-06-20 + + server: Enable socket activation through systemd + + This enables socket activation of "p11-kit server" through systemd. + The feature provided is essentially the same as commit + a4fb2bb5 (reverted), but implemented with "p11-kit server" and + libsystemd API instead of wrapping "p11-kit remote" in the unit file. + + Note that, while it exposes all tokens through the socket, it doesn't + increase attack surface beyond the PKCS#11 binary interface provided + by p11-kit-proxy.so, because the service is per-user. + + .gitignore | 2 +- + configure.ac | 23 +++++++++++++++++++++++ + p11-kit/Makefile.am | 22 ++++++++++++++++++++++ + p11-kit/p11-kit-server.service.in | 15 +++++++++++++++ + p11-kit/p11-kit-server.socket | 11 +++++++++++ + p11-kit/server.c | 33 ++++++++++++++++++++++++--------- + 6 files changed, 96 insertions(+), 10 deletions(-) + +commit d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c +Author: Daiki Ueno +Date: 2018-05-31 + + build: Ease issetugid() check when cross-compiling + + When cross-compiling, the configure check for issetugid() aborts, + because of the pessimistic default of AC_RUN_IFELSE. This patch + provides the non-pessimistic default to AC_RUN_IFELSE and wrap the + macro invocation with AC_CACHE_CHECK so that the user can override the + check by setting ac_cv_issetugid_openbsd=yes, as suggested in: + https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime + + configure.ac | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +commit 3dd5810143e51dabdc58069e55b09a950349fa08 +Author: Daiki Ueno +Date: 2018-05-28 + + Release 0.23.12 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit f696eddecaa1f1cd1687ab5dbb942128aaca1903 +Author: Daiki Ueno +Date: 2018-05-29 + + travis: Add build scripts for macOS + + .travis.yml | 1 + + .travis/osx/after_failure.sh | 3 +++ + .travis/osx/before_install.sh | 5 +++++ + .travis/osx/script.sh | 6 ++++++ + 4 files changed, 15 insertions(+) + +commit a21898570d3e713155f0d8048bc6350f069f58ff +Author: Daiki Ueno +Date: 2018-05-29 + + travis: Use matrix + + .travis.yml | 84 +++++++++++++++++++++-------------------- + .travis/linux/after_failure.sh | 3 ++ + .travis/linux/after_success.sh | 9 +++++ + .travis/linux/before_install.sh | 9 +++++ + .travis/linux/install.sh | 14 +++++++ + .travis/linux/script.sh | 11 ++++++ + 6 files changed, 90 insertions(+), 40 deletions(-) + +commit 35637892e517d0e8e08dbe214f638317499ea0f5 +Author: Daiki Ueno +Date: 2018-05-29 + + test: Avoid unnecessary memory allocation + + common/test-runtime.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +commit ccb0c207964189742e97acfd817fb3c6b99e5865 +Author: Daiki Ueno +Date: 2018-05-29 + + common: Fix runtime directory detection when given prefix is long + + common/runtime.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +commit 71b62aa1cdbdec3724c8e451f621309994dc59a0 +Author: Daiki Ueno +Date: 2018-05-29 + + common: Don't rely on issetugid() when it is broken + + On macOS and FreeBSD, issetugid() has different semantics from the + original OpenBSD implementation and cannot reliably detect if the + process made setuid/setgid: + https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e + + This should fix: + https://bugs.freedesktop.org/show_bug.cgi?id=67451 + https://bugs.freedesktop.org/show_bug.cgi?id=100287 + + common/compat.c | 2 +- + configure.ac | 15 ++++++++++++++- + 2 files changed, 15 insertions(+), 2 deletions(-) + +commit 79f928492dba6a46c63e77d6b22c17c23e66403b +Author: Daiki Ueno +Date: 2018-05-28 + + build: Don't use locale funcs if locale_t is not defined in locale.h + + On macOS, locale_t is not defined in . Although it is + defined in , we rather not use locales at all for POSIX + compliance. + + common/compat.h | 6 ++++++ + common/debug.c | 4 ++-- + common/library.c | 6 +++--- + common/message.c | 4 ++-- + common/test-message.c | 6 +++--- + configure.ac | 11 ++++++++--- + 6 files changed, 24 insertions(+), 13 deletions(-) + +commit cd0a2de679a81829b7323bc5db46222b9eaab1d9 +Author: Daiki Ueno +Date: 2018-05-28 + + pkcs11: Exercise GNU calling convention at compile time + + .gitignore | 1 + + p11-kit/Makefile.am | 32 ++++++++++++++++++++++++++++++++ + p11-kit/iter.h | 10 ++++++++++ + p11-kit/uri.h | 4 ++++ + 4 files changed, 47 insertions(+) + +commit e4c5d3b34941bdc433072a492a0a7fdbddba0cc2 +Author: Daiki Ueno +Date: 2018-05-25 + + build: Simplify README inclusion + + Use symlink in the repository, instead of copying. + + .gitignore | 1 - + Makefile.am | 7 +------ + README | 1 + + 3 files changed, 2 insertions(+), 7 deletions(-) + +commit 65dd5469ad164465583167c63114478587db59fd +Author: Daiki Ueno +Date: 2018-05-24 + + NEWS: Mention latest changes + + NEWS | 2 ++ + 1 file changed, 2 insertions(+) + +commit 8b90031aeb495116a87851dca50845b8df0d1e90 +Author: Daiki Ueno +Date: 2018-05-25 + + build: Delay building mock-six.la until "make check" + + p11-kit/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 8df105871eb5f6bca3e5f4dcf165f2bbf920f106 +Author: Daiki Ueno +Date: 2018-05-24 + + build: Include README in the distribution + + As we removed README from the repository, it is no longer + automatically picked up for the distribution by Automake. + + Makefile.am | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +commit 275eed62b5d0e17c092b66af233ffc5b2f45245b +Author: Daiki Ueno +Date: 2018-05-24 + + build: Fix ChangeLog generation + + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bf204ada4685415287b3d03b3d79634c86739b83 +Author: Daiki Ueno +Date: 2018-05-24 + + build: Remove obsolete upload rules + + Makefile.am | 15 --------------- + 1 file changed, 15 deletions(-) + +commit e2002df5707dd306cea0684706361be72891231b +Author: Daiki Ueno +Date: 2018-05-24 + + build: Include p11-kit/test-messages.sh in distribution + + p11-kit/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +commit 258da75cd606a3653bc414a6ace01c8bfdfabca6 +Author: Daiki Ueno +Date: 2018-05-24 + + uri: Make scheme comparison case-insensitive + + RFC 3986 suggests that implementations should accept uppercase letters + as equivalent to lowercase in scheme names. + + p11-kit/test-uri.c | 21 +++++++++++++++++++++ + p11-kit/uri.c | 12 +++++++++--- + 2 files changed, 30 insertions(+), 3 deletions(-) + +commit 117b35db99af4331daad4279eadfb9280e0c1325 +Author: Daiki Ueno +Date: 2018-05-24 + + common: Make case conversion locale independent + + The tolower()/toupper() functions take into account of the current + locale settings, which p11-kit doesn't want. Add replacement + functions that work as if they are called under the C locale. + + common/compat.c | 16 ++++++++++++++++ + common/compat.h | 3 +++ + common/mock.c | 4 ++-- + common/url.c | 4 ++-- + trust/extract-jks.c | 2 +- + trust/extract-openssl.c | 2 +- + 6 files changed, 25 insertions(+), 6 deletions(-) + +commit e42dcf5283a5537c196147c9a2468ee537b9da7b +Author: Nathaniel McCallum +Date: 2018-05-14 + + Improve const correctness for P11KitUri + + This does not improve const for the getters. The reason for this is that + they are usually passed into the PKCS#11 APIs directly and these APIs + are not const correct. Trying to force const correctnesss here would + result in pain for library consumers. + + This is an API and ABI compatible change. + + p11-kit/private.h | 12 ++++++------ + p11-kit/uri.c | 34 +++++++++++++++++----------------- + p11-kit/uri.h | 36 ++++++++++++++++++------------------ + 3 files changed, 41 insertions(+), 41 deletions(-) + +commit 6af8234936f805a9c6dceb29a84e73d40ed4b257 +Author: Nikos Mavrogiannopoulos +Date: 2018-05-18 + + README: replace by README.md + + That is, use README.md as primary source to generate README as + README is required by the GNU guidelines. We don't try to convert + to "real" plain text as markdown is readable, and to avoid introducing + another dependency (e.g., pandoc). + + Signed-off-by: Nikos Mavrogiannopoulos + + .gitignore | 1 + + Makefile.am | 1 + + README | 8 -------- + 3 files changed, 2 insertions(+), 8 deletions(-) + +commit 58c3eb9acf5885069652f1b02edb7aca01580b96 +Author: Nikos Mavrogiannopoulos +Date: 2018-05-18 + + NEWS: mark the 0.23 series as stable + + Resolves #80 + + Signed-off-by: Nikos Mavrogiannopoulos + + NEWS | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 14610d49c4e6c68022be63df1481f74ccb0aa75a +Author: Nikos Mavrogiannopoulos +Date: 2018-05-18 + + README.md: added reference to Daiki's key + + Resolves #153 + + Signed-off-by: Nikos Mavrogiannopoulos + + README.md | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +commit f272dd4a1c68125c8f696b1e0eebb15c45c6923a +Author: Daiki Ueno +Date: 2018-05-07 + + Release 0.23.11 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +commit 5f68c96da949b08e2afd109d276d80e42cab68b7 +Author: Daiki Ueno +Date: 2018-05-07 + + common: Pacify clang-analyzer + + common/buffer.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +commit 98fbfc3b6126c809eb44c700871facca6ac7727d +Author: Daiki Ueno +Date: 2018-05-07 + + trust: Avoid array overflow + + trust/builder.c | 4 ++-- + trust/extract-openssl.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +commit 34ab20cbf79ca50972bf3088c8b6e9978ff0dc2b +Author: Daiki Ueno +Date: 2018-05-07 + + trust: Don't null terminate PKCS #11 string fields + + trust/module.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +commit ba006ed40cad2e0d1fe3c3355c18bdfb612c2cd6 +Author: Daiki Ueno +Date: 2018-05-07 + + proxy: Don't null terminate PKCS #11 string fields + + p11-kit/proxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 1b85c62af8146efa0e648a297179db2bbfe59b43 +Author: Daiki Ueno +Date: 2018-05-03 + + test: Avoid exceeding maximum pathname length of Unix socket + + p11-kit/test-server.sh | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +commit a625dfa4f2456b1a866489e5be15fb46578237a5 +Author: Daiki Ueno +Date: 2018-04-27 + + library: Use dedicated locale object for printing error + + common/debug.c | 14 +++++++------- + common/library.c | 13 +++++++++++++ + common/message.c | 14 +++++++------- + common/test-message.c | 15 +++++++++++++++ + configure.ac | 2 +- + 5 files changed, 43 insertions(+), 15 deletions(-) + +commit 6202903b261dfae740af3f8e985244bab48470ba +Author: Daiki Ueno +Date: 2018-04-27 + + Revert "build: Check strerror_l() and uselocale() seperately" + + This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1. + + We should rather use newlocale() when per-thread locale is not set. + Otherwise uselocale() could return LC_GLOBAL_LOCALE on some + platforms (e.g. musl-libc) and calling strerror_l() with it leads to + an undefined behavior. + + common/debug.c | 9 ++------- + common/message.c | 9 ++------- + configure.ac | 2 +- + 3 files changed, 5 insertions(+), 15 deletions(-) + +commit 173ad93cc54057886b2055f3d73ea64a047127d1 +Author: Daiki Ueno +Date: 2018-04-19 + + build: Check strerror_l() and uselocale() seperately + + NetBSD deliberately doesn't support per-thread locale and our + thread-safe replacement of strerror() using strerror_l() cannot be + used. Fallback to strerror_r() in that case. + + common/debug.c | 9 +++++++-- + common/message.c | 9 +++++++-- + configure.ac | 2 +- + 3 files changed, 15 insertions(+), 5 deletions(-) + +commit a95c7a3e936896349bf925ca7cd47f0a03166249 +Author: Daiki Ueno +Date: 2018-04-10 + + travis: Optimize dnf install invocation + + .travis.yml | 18 +++++++----------- + 1 file changed, 7 insertions(+), 11 deletions(-) + +commit e4b86e449a83428592e45db28834be950e837d74 +Author: Daiki Ueno +Date: 2018-04-10 + + test: Add installcheck script to test trust module + + Currently it only checks that "disable-in: p11-kit-proxy" properly + prevents the trust module being loaded by the proxy module. + + trust/Makefile.am | 4 +++- + trust/test-trust.sh | 21 +++++++++++++++++++++ + 2 files changed, 24 insertions(+), 1 deletion(-) + +commit 5d97643884879d4967d21cb29c9917271a4b65db +Author: Daiki Ueno +Date: 2018-04-10 + + trust: Prevent trust module being loaded by proxy module + + Otherwise, when the proxy module were registerd in NSS database, the + trust module would be loaded twice and degrade search performance. + + trust/p11-kit-trust.module | 3 +++ + 1 file changed, 3 insertions(+) + +commit af71f7961370714112f258c0e404d96bdef9cee9 +Author: Daiki Ueno +Date: 2018-04-10 + + travis: Run "make installcheck" + + .travis.yml | 24 ++++++++++++++++-------- + 1 file changed, 16 insertions(+), 8 deletions(-) + +commit cbef7f5d8a14d46ecdf0c25c3d38d26598a66f8c +Author: Daiki Ueno +Date: 2018-04-10 + + trust: Fix memleak in p11_enumerate_opt_filter + + p11_kit_iter_add_filter() takes the ownership of given attributes. + Spotted by address sanitizer. + + trust/enumerate.c | 1 + + 1 file changed, 1 insertion(+) + +commit e4a5466e5e3cfe22344e79c6e1a0ad9a7945a602 +Author: Daiki Ueno +Date: 2018-04-10 + + test: Factor out common harness from test-extract.in + + .gitignore | 2 +- + configure.ac | 2 +- + trust/Makefile.am | 7 +- + trust/{test-extract.in => test-extract.sh} | 92 +------------------------ + trust/test-init.sh.in | 106 +++++++++++++++++++++++++++++ + 5 files changed, 114 insertions(+), 95 deletions(-) + +commit dcb6ee3fa89e0c9586e2b09e1f60aa076f263123 +Author: Daiki Ueno +Date: 2018-03-31 + + test: Add test for JKS extractor + + Piggybacking commit de963b96, this adds a multi-cert test case for the + Java keystore extractor. + + trust/Makefile.am | 5 ++ + trust/extract-jks.c | 7 +- + trust/fixtures/multiple.jks | Bin 0 -> 2556 bytes + trust/test-jks.c | 213 ++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 224 insertions(+), 1 deletion(-) + +commit af6ab322b1ad9a4f4a0117a79bd566550ec0a0a8 +Author: Daiki Ueno +Date: 2018-04-05 + + test: Add test for p11_attrs_purge() + + common/test-attrs.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +commit 843fca9b67b7407a47bcae698f434c975a4a4e91 +Author: Daiki Ueno +Date: 2018-04-05 + + mock-module-ep: Properly override C_GetFunctionList + + p11-kit/mock-module-ep.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit a6d0e490209638605b17b0bdc66ad03d36909dae +Author: Daiki Ueno +Date: 2018-04-05 + + modules: Add option to control module visibility from proxy + + This enables to control whether a module will be loaded from the proxy + module. The configuration reuses the "enable-in" and "disable-in" + options, with a special literal "p11-kit-proxy" as the value. + + doc/manual/pkcs11.conf.xml | 2 ++ + p11-kit/modules.c | 35 ++++++++++++++----- + p11-kit/p11-kit.h | 1 + + p11-kit/private.h | 5 +++ + p11-kit/proxy.c | 2 +- + p11-kit/test-proxy.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 118 insertions(+), 10 deletions(-) + +commit de963b96929b9da61916a0c43b4ac4c34a39e238 +Author: Laszlo Ersek +Date: 2018-03-29 + + trust: add unit test for the "edk2-cacerts" extractor + + Add a multi-cert test case for the edk2 extractor, heavily based on the + "/openssl/test_file_multiple" test case. + + Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 + Signed-off-by: Laszlo Ersek + + trust/Makefile.am | 5 ++ + trust/fixtures/multiple.edk2 | Bin 0 -> 2549 bytes + trust/test-edk2.c | 209 +++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 214 insertions(+) + +commit ee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8 +Author: Laszlo Ersek +Date: 2018-03-27 + + trust: implement the "edk2-cacerts" extractor + + Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST + format that is + + - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object + per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), + + - and expected by edk2's HttpDxe when it configures the certificate list + for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the + TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). + + The intended command line is + + p11-kit extract \ + --format=edk2-cacerts \ + --filter=ca-anchors \ + --overwrite \ + --purpose=server-auth \ + $DEST/edk2/cacerts.bin + + Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 + Signed-off-by: Laszlo Ersek + + trust/extract-edk2.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 168 insertions(+), 1 deletion(-) + +commit 59054e4f9fe3e95f8db881973901ab59a0b1ef8a +Author: Laszlo Ersek +Date: 2018-03-27 + + trust: introduce the "edk2-cacerts" extractor skeleton + + Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always + fails, silently. + + Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 + Signed-off-by: Laszlo Ersek + + trust/Makefile.am | 1 + + trust/extract-edk2.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ + trust/extract.c | 4 +++- + trust/extract.h | 3 +++ + 4 files changed, 51 insertions(+), 1 deletion(-) + +commit ba6ebb05fc0c8010d8510984ce3c5f908edf13b6 +Author: Daiki Ueno +Date: 2018-03-29 + + modules: Fix memleak in re-initialization case + + p11-kit/modules.c | 1 + + 1 file changed, 1 insertion(+) + +commit 1ca877e3d3b1315ee9358f7e3c9096e10e14486e +Author: Justin King-Lacroix +Date: 2018-03-16 + + Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly + + In p11_kit_modules_initialize(), treat a return code + of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to + CKR_OK. + + p11-kit/modules.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +commit 46901ab914e3f37e6e7287d47d9ab1281e3d64dc +Author: Daiki Ueno +Date: 2018-03-29 + + travis: Disallow failure on mingw + + .travis.yml | 4 ---- + 1 file changed, 4 deletions(-) + +commit 41301742772b411eb8b3e819c54b1eb5b9ca82dd +Author: Daiki Ueno +Date: 2018-03-29 + + test: Add missing seven.module in Windows fixtures + + p11-kit/fixtures/system-modules/win32/seven.module | 4 ++++ + 1 file changed, 4 insertions(+) + +commit a3478f097bff647892c18cbab1e6f5b8bd5a6614 +Author: Daiki Ueno +Date: 2018-03-29 + + travis: Use LOG_COMPILER to run tests under wine + + .travis.yml | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit a711a578ba7a1775bdc20ea00fbbdb4f10f91d58 +Author: Daiki Ueno +Date: 2018-03-29 + + build: Enable make check with wine + + build/wine-wrapper.sh | 13 +++++++++++++ + p11-kit/test-messages.sh | 2 +- + 2 files changed, 14 insertions(+), 1 deletion(-) + +commit bfdd4372ff381ce234d357bb43636b86e6cc1e8f +Author: Daiki Ueno +Date: 2018-03-29 + + common: Fix compilation of runtime.c under mingw + + common/runtime.c | 29 ++++++++++++++++++++--------- + common/test-runtime.c | 14 +++++++++++++- + 2 files changed, 33 insertions(+), 10 deletions(-) + +commit 7827e65abacc87018be035a3008a4bb89280a85a +Author: Daiki Ueno +Date: 2018-03-27 + + test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED + + p11-kit/Makefile.am | 7 ++- + p11-kit/fixtures/system-modules/seven.module | 4 ++ + p11-kit/mock-module-ep5.c | 80 ++++++++++++++++++++++++++++ + p11-kit/test-modules.c | 25 +++++++++ + 4 files changed, 115 insertions(+), 1 deletion(-) + +commit e454338dddef9089a3b9998cc8ba33e247ee9f26 +Author: Daiki Ueno +Date: 2018-03-07 + + test: Add test for error messages + + .travis.yml | 2 +- + p11-kit/Makefile.am | 2 + + p11-kit/test-messages.sh | 110 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 113 insertions(+), 1 deletion(-) + +commit 007023002811469ae3982a0cfcd9a73aed762ad1 +Author: Daiki Ueno +Date: 2018-03-28 + + test: Use _exit() in child process to immediately close open FDs + + p11-kit/test-proxy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 294c0efda49a623f47eb3c459bb5ed812ebc757c +Author: Daiki Ueno +Date: 2018-03-28 + + test: Rewrite test-server.sh in TAP style + + p11-kit/test-server.sh | 38 +++++++++++++++++++++++++++----------- + 1 file changed, 27 insertions(+), 11 deletions(-) + +commit 1eb22867b1123601387b1fa06643077225bd7590 +Author: Daiki Ueno +Date: 2018-03-27 + + test: Take advantage of TAP test driver + + .gitignore | 1 + + Makefile.am | 4 ++++ + configure.ac | 1 + + 3 files changed, 6 insertions(+) + +commit 9abfcd53e922f5c3841061e363e5ac88d92c2433 +Author: Daiki Ueno +Date: 2018-03-27 + + common: Add assert_skip() and assert_todo() + + common/test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- + common/test.h | 20 ++++++++++ + 2 files changed, 126 insertions(+), 15 deletions(-) + +commit e8d569045c7d224e94836edd77856823aadf8267 +Author: Andreas Metzler +Date: 2018-02-27 + + test-server.sh: Fix bashism + + p11-kit/test-server.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit f6b7a992e442218a5afdbf8ae1697c53f3f03991 +Author: Daiki Ueno +Date: 2018-02-27 + + Release 0.23.10 + + NEWS | 12 ++++++++++++ + configure.ac | 2 +- + 2 files changed, 13 insertions(+), 1 deletion(-) + +commit 39eb7a3dd16233b16fb1e50fe30d55f5f86fbaa5 +Author: Daiki Ueno +Date: 2018-02-27 + + maint: Point to the new URLs + + HACKING | 6 +++--- + configure.ac | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +commit d2318ca31774d6a02eff5d0b3af2f3c89cb58c9d +Author: Daiki Ueno +Date: 2018-02-27 + + test-server: Add test for detecting address + + p11-kit/test-server.c | 30 +++++++++++++++++++++++++++++- + 1 file changed, 29 insertions(+), 1 deletion(-) + +commit 264ecf416d6d07c558d80031c077a46a909a6f90 +Author: Daiki Ueno +Date: 2018-02-27 + + test-server: Fix compilation error on FreeBSD + + p11-kit/test-server.c | 1 + + 1 file changed, 1 insertion(+) + +commit 44c67d90b0448888c784e661b5967204f5b0d47d +Author: Daiki Ueno +Date: 2018-02-27 + + common, client: Move runtime directory detection to libp11-common + + common/Makefile.am | 5 ++ + common/runtime.c | 111 ++++++++++++++++++++++++++++++++++++++++++ + common/runtime.h | 42 ++++++++++++++++ + common/test-runtime.c | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/client.c | 67 +------------------------ + 5 files changed, 292 insertions(+), 65 deletions(-) + +commit d8acebf175d727a3e146956fb362c30e7fdec9df +Author: Daiki Ueno +Date: 2018-02-27 + + common: Make p11_test_directory_delete() work recursively + + common/test.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +commit bcf2c4e0a24303f976dbedc0ef0a564b9808a989 +Author: Daiki Ueno +Date: 2018-02-27 + + test: Improve temporary directory handling + + p11-kit/test-transport.c | 6 ++++-- + trust/test-module.c | 2 ++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +commit fb8bf5a5f82e5b4f0afe72e247255f37fc0dedc8 +Author: Daiki Ueno +Date: 2018-02-05 + + p11_kit_remote_serve_tokens: Read "write-protected" setting from URI + + p11-kit/rpc-server.c | 12 ++++++++++++ + p11-kit/test-server.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 42 insertions(+) + +commit a0984024470218295d74bed364c37862d4c61d60 +Author: Daiki Ueno +Date: 2018-02-05 + + filter: Respect CKF_WRITE_PROTECTED setting when allowing a token + + p11-kit/filter.c | 48 ++++++++++++++++-------- + p11-kit/test-filter.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 134 insertions(+), 16 deletions(-) + +commit d3a1498ef9b8a626bbd864a6c90e45a6278a0e75 +Author: Daiki Ueno +Date: 2018-02-26 + + test: Add test for client-server interaction + + The test spawns a process running the server command and connects to + it through p11-kit-client.so. It's is a bit tricky that the child + process requires to preload libasan.so when ASan is in in effect, to + properly load a mock module. + + .travis.yml | 10 ++- + build/lsan.supp | 3 + + p11-kit/Makefile.am | 4 + + p11-kit/test-server.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 213 insertions(+), 3 deletions(-) + +commit f73868b710d4463cc0cff6f8ea2f3a171f86c8e2 +Author: Daiki Ueno +Date: 2018-02-26 + + server: Print envvars even when running in foreground + + p11-kit/server.c | 61 ++++++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 39 insertions(+), 22 deletions(-) + +commit adc760e5ce90d49f7c6183c689f95868341f6fb7 +Author: Daiki Ueno +Date: 2018-02-26 + + test-transport: Make sure to initialize addrlen given to accept + + p11-kit/test-transport.c | 1 + + 1 file changed, 1 insertion(+) + +commit 47297f9785a21af1bb79450bad549aa8bd33a24c +Author: Daiki Ueno +Date: 2018-02-26 + + client: Fix memleaks in the module + + p11-kit/client.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +commit 7a018706b54e09f1cc7ce8c6d1ceaecf28b7308b +Author: Daiki Ueno +Date: 2018-02-26 + + test: Fix unconditional jump in test-proxy.c + + p11-kit/test-proxy.c | 1 + + 1 file changed, 1 insertion(+) + +commit 975f2ccf5dcde210e1da5557eda627c42763e322 +Author: Daiki Ueno +Date: 2018-02-16 + + doc: Replace links to freedesktop.org to github pages + + doc/manual/p11-kit-devel.xml | 8 ++++---- + doc/manual/p11-kit.xml | 4 ++-- + doc/manual/pkcs11.conf.xml | 2 +- + doc/manual/trust.xml | 6 +++--- + 4 files changed, 10 insertions(+), 10 deletions(-) + +commit 9616790b9ad4147acd5b11de11d6d79bc9ad807f +Author: Daiki Ueno +Date: 2018-01-19 + + trust: Forcibly mark "Default Trust" read-only + + The "Default Trust" token is typically mounted as $datadir, which is + considered as read-only on modern OSes. + + Suggestd by Kai Engert in: + https://bugzilla.redhat.com/show_bug.cgi?id=1523630 + + trust/Makefile.am | 6 ++++- + trust/frob-token.c | 2 +- + trust/module.c | 12 ++++++---- + trust/test-module.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++-- + trust/test-token.c | 10 ++++---- + trust/token.c | 9 ++++++- + trust/token.h | 8 ++++++- + 7 files changed, 101 insertions(+), 15 deletions(-) + +commit 49d2ededb64197702a8708cb4a453497bc7eaecd +Author: Daiki Ueno +Date: 2018-01-31 + + po: Update translations from transifex + + po/LINGUAS | 8 +- + po/ast.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ca.po | 171 +++++++++++++++--------------- + po/cs.po | 85 +++++++-------- + po/da.po | 6 +- + po/de.po | 6 +- + po/el.po | 6 +- + po/en_GB.po | 6 +- + po/eo.po | 6 +- + po/es.po | 12 +-- + po/fi.po | 6 +- + po/fr.po | 6 +- + po/fur.po | 343 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/gl.po | 6 +- + po/hr.po | 79 +++++++------- + po/hu.po | 6 +- + po/id.po | 6 +- + po/it.po | 6 +- + po/ja.po | 10 +- + po/ka.po | 6 +- + po/kk.po | 6 +- + po/ko.po | 6 +- + po/lv.po | 6 +- + po/nl.po | 6 +- + po/oc.po | 171 +++++++++++++++--------------- + po/pa.po | 8 +- + po/pl.po | 28 ++--- + po/pt.po | 171 +++++++++++++++--------------- + po/pt_BR.po | 6 +- + po/ru.po | 6 +- + po/sk.po | 6 +- + po/sl.po | 6 +- + po/sr.po | 6 +- + po/sv.po | 6 +- + po/tr.po | 6 +- + po/uk.po | 6 +- + po/zh_CN.po | 8 +- + po/zh_TW.po | 6 +- + 38 files changed, 1139 insertions(+), 447 deletions(-) + +commit f7387ddea8a5fe609f052a9a40691ebb3ae86372 +Author: Daiki Ueno +Date: 2018-01-31 + + build: Add more files to .gitignore + + .gitignore | 26 +++++++------------------- + 1 file changed, 7 insertions(+), 19 deletions(-) + +commit bb2b064c9921e7bdcd7335ed3001a5e19512d3e1 +Author: Daiki Ueno +Date: 2018-01-31 + + travis: Exclude generated files from coverage + + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 3a88f2ed573a5bb04d2397c626f6bcf3b1a814da +Author: Daiki Ueno +Date: 2018-01-31 + + build: Split out generated code from p11-kit/virtual.c + + .gitignore | 1 + + Makefile.am | 2 + + configure.ac | 13 ++++ + p11-kit/Makefile.am | 34 +++++++++ + p11-kit/virtual-fixed.h | 3 - + p11-kit/virtual.c | 197 +----------------------------------------------- + 6 files changed, 51 insertions(+), 199 deletions(-) + +commit 57697eda68a3343c2e54e5f8f3f4ce65a99383f5 +Author: Daiki Ueno +Date: 2018-01-31 + + trust: Filter out duplicate extensions + + The trust policy module keeps all the objects in the database, while + PKIX doesn't allow multiple extensions identified by the same OID can + be attached to a certificate. Add a check to C_FindObjects to exclude + any duplicates and only return the first matching object. + + It would be better if the module rejects such duplicates when loading, + but it would make startup slower. + + https://bugzilla.redhat.com/show_bug.cgi?id=1141241 + + trust/input/extensions.p11-kit | 23 +++++++++++++++++++++ + trust/input/extensions.pem | 13 ++++++++++++ + trust/module.c | 42 ++++++++++++++++++++++++++++++++++++--- + trust/test-module.c | 45 +++++++++++++++++++++++++++++++++++++++++- + trust/test-token.c | 2 +- + 5 files changed, 120 insertions(+), 5 deletions(-) + +commit 14853b1d8466d4e3b5aa23ff14f2abacd4e7e8ef +Author: Daiki Ueno +Date: 2018-01-25 + + build: Delay compilation of test-related stuff + + Makefile.am | 9 ++++++--- + common/Makefile.am | 9 ++++++--- + p11-kit/Makefile.am | 15 +++++++++------ + trust/Makefile.am | 12 ++++++++---- + 4 files changed, 29 insertions(+), 16 deletions(-) + +commit 05b67a36e2118b4485da7bd26ed3ba85efdeddb4 +Author: Daiki Ueno +Date: 2018-01-25 + + proxy: Remove dead code + + Since the libffi became optional (commit 9f632bed), the fallback code + path in proxy.c has never taken. + + p11-kit/proxy.c | 708 -------------------------------------------------------- + 1 file changed, 708 deletions(-) + +commit 3eed501fab5e2a2b19115f4840709c34e9b8ac55 +Author: Daiki Ueno +Date: 2018-01-16 + + proxy: Reuse the existing slot ID mapping after fork + + While the proxy module reassigns slot IDs in C_Initialize(), some + applications assume that valid slot IDs should never change across + multiple calls to C_Initialize(). This patch mitigates this by + preserving the slot IDs, if they are known to the proxy module. + + p11-kit/Makefile.am | 7 +++ + p11-kit/fixtures/package-modules/six.module | 7 +++ + p11-kit/mock-module-ep4.c | 69 +++++++++++++++++++++++++++++ + p11-kit/proxy.c | 25 +++++++++-- + p11-kit/test-proxy.c | 18 ++++++++ + 5 files changed, 122 insertions(+), 4 deletions(-) + +commit 031d3c74c0ff5da8e9650da0615bbb8107ab1fde +Author: Daiki Ueno +Date: 2018-01-17 + + server: Avoid null-dereference of timespec value on timeout + + Spotted by clang-analyzer. + + p11-kit/server.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 50b752e081e1ca8b674d05e8ddeaf04451065629 +Author: Nikos Mavrogiannopoulos +Date: 2017-12-22 + + Added p11-kit remoting page in manual + + doc/manual/Makefile.am | 1 + + doc/manual/p11-kit-docs.xml | 1 + + doc/manual/p11-kit-remoting.xml | 253 ++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 255 insertions(+) + +commit 2c84475ca612c33351d9f311ef24b3b89a7c856c +Author: Daiki Ueno +Date: 2017-11-29 + + build: Add README.md to display build status + + README.md | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +commit 3b137039f5c222dbc6688bd6c9aec01a6dbeeece +Author: Daiki Ueno +Date: 2017-11-28 + + travis: Exclude test programs from coveralls + + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 1163e7e1cd3d8b5b42a1d2b463536a36fa0e77af +Author: Daiki Ueno +Date: 2017-11-27 + + travis: Supply necessary envvars to container for coveralls + + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit fda7c32b5796be7cee6a457940110effcd80d7f9 +Author: Daiki Ueno +Date: 2017-11-15 + + travis: Use in-tree build for coverage + + The coverage tools (gcov, cpp-coveralls, etc) cannot detect source + files if the project is built out-of-tree. Use the same directory for + $srcdir and $builddir for the build with --enable-coverage. + + .travis.yml | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +commit b889dec9e3493efb72c9903bb4d6007ec00e1c89 +Author: Daiki Ueno +Date: 2017-10-02 + + test: Improve code coverage of filter.c + + p11-kit/test-filter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 67 insertions(+) + +commit 64b96efca97479a67e2ac1fcbf1492fceab64ba8 +Author: Daiki Ueno +Date: 2017-10-02 + + travis: Use coveralls for measuring coverage + + .travis.yml | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +commit d40d6ca27850a95c4c9df8b66f8a47d80bb1d18a +Author: Nikos Mavrogiannopoulos +Date: 2017-10-30 + + p11_kit_override_system_files: introduced new function + + That allows overriding the default module and configuration + locations, for use in test suites, etc. + + Signed-off-by: Nikos Mavrogiannopoulos + + p11-kit/modules.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/p11-kit.h | 5 +++++ + p11-kit/test-transport.c | 13 ++++++++----- + 3 files changed, 59 insertions(+), 5 deletions(-) + +commit 7f919fc1fd8684000d456ead2e65b3fa19ac0adc +Author: Nikos Mavrogiannopoulos +Date: 2017-10-30 + + p11_kit_modules_load*: enhanced documentation on flags + + Signed-off-by: Nikos Mavrogiannopoulos + + p11-kit/modules.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit 29b8197e879dc8be8e356f57e6a3a501cdf657f9 +Author: Daiki Ueno +Date: 2017-10-06 + + build: Take advantage of parallel-tests + + .travis.yml | 5 ++++- + Makefile.am | 1 + + configure.ac | 2 +- + 3 files changed, 6 insertions(+), 2 deletions(-) + +commit 96a3d3e6371785f846bc72c2a701a1eb67c89b77 +Author: Daiki Ueno +Date: 2017-10-06 + + server: Better shell integration + + This adds -k, -c, and -s options to the "p11-kit server" command, + which allows you to terminate the server process, select which C-shell + or Bourne shell command line is printed on startup, respectively. + + Makefile.am | 6 ++- + p11-kit/Makefile.am | 5 ++ + p11-kit/server.c | 122 +++++++++++++++++++++++++++++++++++++++++-------- + p11-kit/test-server.sh | 39 ++++++++++++++++ + 4 files changed, 152 insertions(+), 20 deletions(-) + +commit 031912fa844c4f3da327c8b2578d9d9ce2a6473e +Author: Daiki Ueno +Date: 2017-10-05 + + server: Make it possible to eval envvar settings + + Previously, calling "eval $(p11-kit server)" from shell hung because + the program didn't properly close stdout before forking. + + p11-kit/server.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +commit bda61680218a4ff5a9f05b5592bb282cbedfd936 +Author: Daiki Ueno +Date: 2017-10-02 + + Release 0.23.9 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit 00b829d50389c6a8dd25145355a8e6599a7c378a +Author: Daiki Ueno +Date: 2017-08-18 + + trust: Respect anyExtendedKeyUsage in CA certificates + + trust/enumerate.c | 5 +++++ + trust/oid.h | 9 +++++++++ + trust/test-enumerate.c | 31 +++++++++++++++++++++++++++++++ + 3 files changed, 45 insertions(+) + +commit f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e +Author: Daiki Ueno +Date: 2017-09-27 + + rpc: Fix crash when retrieving attribute length + + It is possible that NULL is given to the serializers, when + C_GetAttributeValue() just wants to know the size of an attribute. + Previously, this resulted in giving NULL to memcpy(). + + p11-kit/rpc-message.c | 10 ++++++---- + p11-kit/test-rpc.c | 28 ++++++++++++++++++++++++++++ + 2 files changed, 34 insertions(+), 4 deletions(-) + +commit dcd932786c970fc50922ec4f19786b177481570a +Author: Daiki Ueno +Date: 2017-09-26 + + server: Make it work only when token URI is provided + + Previously, when "p11-kit server" started only with a token URI, it + couldn't properly find and initialize the module which provides the + token. This was because of the wrong order of cleanup of the modules. + + p11-kit/rpc-server.c | 88 ++++++++++++++++++++++++---------------------------- + 1 file changed, 41 insertions(+), 47 deletions(-) + +commit 26312a8774b5d113f6e7f904f7b6654449ab7b2e +Author: Daiki Ueno +Date: 2017-08-18 + + common: Re-add placeholder definition of p11_debug + + This was mistakenly removed in commit efe6dc56c. + Pointed by Lars Wendler in issue #97. + + common/debug.h | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 61acf20f26b07e2f3eb253cbfee4c473544df9a7 +Author: Daiki Ueno +Date: 2017-08-16 + + build: Include for SIZE_MAX + + Fixes issue #95. + + common/compat.c | 1 + + 1 file changed, 1 insertion(+) + +commit 32d6f9d2468ea2851d16ad0e1a2046dfd8cd7fa5 +Author: Daiki Ueno +Date: 2017-08-14 + + Release 0.23.8 + + NEWS | 7 +++++++ + configure.ac | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +commit 6a137c035c2db373b9171cd7e0569edbe9700f9c +Author: Daiki Ueno +Date: 2017-08-15 + + build: Include for SIZE_MAX + + common/array.c | 1 + + 1 file changed, 1 insertion(+) + +commit 5f0a948ebcf659a1f2c3d5fb30991ebdf73b5976 +Author: Daiki Ueno +Date: 2017-08-11 + + client: Fix order of cleanup + + In C_GetFunctionList, state->virt is wrapped with a destroyer function + free(). Thus p11_rpc_transport_free must be called before + p11_virtual_unwrap. + + p11-kit/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 04da143dce2d430dcc14e8a45c31177a23d7e301 +Author: Daiki Ueno +Date: 2017-08-08 + + test: Add checks for duplicate vendor attributes + + p11-kit/test-uri.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +commit 992b6000459b9eb5159cb6826b40d7cdb6c4c412 +Author: Daiki Ueno +Date: 2017-08-08 + + uri: Make vendor query attribute handling reliable + + Previously we used p11_dict to keep track of vendor query attributes. + This had a couple of limitations: duplicate attributes are not allowed + while they are actually allowed in RFC 7512, and the order of + attributes is unpredictable. + + This patch switches to using an array instead of p11_dict and ensures + that the attributes are sorted in alphabetical order. + + Fixes #88. + + p11-kit/uri.c | 104 ++++++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 80 insertions(+), 24 deletions(-) + +commit c29f51ad8ef97a1fae356dd7660e41d81cde0d09 +Author: Daiki Ueno +Date: 2017-08-08 + + common: New p11_array_insert function + + common/array.c | 16 ++++++++++++++++ + common/array.h | 4 ++++ + 2 files changed, 20 insertions(+) + +commit a860db364521ca6e9046bbf60fbbb1ca2bc08711 +Author: Daiki Ueno +Date: 2017-08-08 + + common: Use reallocarray instead of realloc as appropriate + + reallocarray is a new POSIX function added in glibc 2.26, with + built-in overflow checks. Take advantage of that function for + internal array allocation. + + common/array.c | 9 ++++++--- + common/attrs.c | 5 ++++- + common/compat.c | 17 +++++++++++++++++ + common/compat.h | 8 ++++++++ + configure.ac | 1 + + 5 files changed, 36 insertions(+), 4 deletions(-) + +commit 53402f9e5296718d22ddf1a77658067c2751f068 +Author: Nikos Mavrogiannopoulos +Date: 2017-08-01 + + pkcs11.h: updated information + + The scute project no longer exists, and the PKCS#11 standard is + from OASIS group. + + common/pkcs11.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit 2e5f24b195f11b88825ccdd97af4b8456a2c2a88 +Author: Nikos Mavrogiannopoulos +Date: 2017-08-01 + + pkcs11.h: added OTP-related mechanisms + + common/pkcs11.h | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 97 insertions(+) + +commit febad3a45082167a0b882e9b36dc4915d2e0e02c +Author: Nikos Mavrogiannopoulos +Date: 2017-08-01 + + pkcs11.h: added definitions of GOST CKA attributes + + common/pkcs11.h | 3 +++ + 1 file changed, 3 insertions(+) + +commit 2915740f447d0c17f8bcf5fdf4eccd82f2d9fd50 +Author: Nikos Mavrogiannopoulos +Date: 2017-07-31 + + pkcs11.h: added definitions of GOST mechanisms + + This follows the definitions in PKCS#11 v2.40: + http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html + + common/pkcs11.h | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +commit db1c3cd7eade9ec30163c394b37a4048d2e359af +Author: Daiki Ueno +Date: 2017-07-03 + + test: Fix failure on 32-bit big endian platform + + The value given to p11_rpc_buffer_add_ulong_value() must be a pointer + of CK_ULONG. Similarly, the value returned from + p11_rpc_buffer_get_ulong_value() must be converted to CK_ULONG before + comparison. + + Reported by Andreas Metzler in: + https://lists.freedesktop.org/archives/p11-glue/2017-July/000665.html + + p11-kit/test-rpc.c | 29 +++++++++++++++-------------- + 1 file changed, 15 insertions(+), 14 deletions(-) + +commit bc1f7570968043ba732922f633c24474565d66c0 +Author: Daiki Ueno +Date: 2017-07-14 + + trust: Fix build error with -Werror=return-type + + trust/save.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bc2f4c69bd319313dab9d85a6f8d622501593b0a +Author: Colin Walters +Date: 2017-07-07 + + conf: Introduce P11_KIT_NO_USER_CONFIG + + Currently `ca-certificates.spec` in Fedora ends up doing in `%post`: + ``` + /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt + ``` + etc. + + And due to this bit of code in p11-kit, we end up looking for the home + directory for configuration. In this case, `/root`. + + It's categorically wrong to do this; the root user is distinct from + "the system". This issue is equivalent to one I fixed in Pango: + https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c + + Fast forward to today, and the reason I'm making this change is I'm working on + `rpm-ostree ex container`, which builds containers as *non-root* (like + gnome-continuous does, but now with RPMs), keeping the invoking uid. And this + bug causes the `ca-certificates` `%post` to fail because it's trying to look for + my uid 1000 which doesn't exist in the target rootfs' password database. + + Again, there's no reason to be looking for a home directory for system triggers, + regadless of UID, so once this patch lands, I'll update `ca-certificates` to use + it, and traditional RPM `%post` will stop looking in `/root` too. + + p11-kit/conf.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +commit 9dd50249b597109c5956a531e44d46dc344daea5 +Author: Fabian Groffen +Date: 2017-06-07 + + common: always use p11_dl_close wrapper + + Solaris doesn't like it when dlclose is referenced using a define, + resulting in a linker error looking for a symbol version. Simply + calling the function in a normal way (instead of storing its address) + solves this linking error. + The error message seen by GNU ld is: + dlclose: invalid version 7 (max 0) + + common/compat.c | 17 +++++++++++------ + common/compat.h | 6 ++---- + 2 files changed, 13 insertions(+), 10 deletions(-) + +commit 20b9df53cf07c0693257f5f01fa1ff945b4cae4a +Author: Fabian Groffen +Date: 2017-06-07 + + p11_get_upeer_id: implement case using ucred.h + + Solaris can retrieve this information via getpeerucred(). + + common/unix-peer.c | 19 +++++++++++++++++++ + configure.ac | 3 ++- + 2 files changed, 21 insertions(+), 1 deletion(-) + +commit ca9648c7c1cd38e306d7b3194900e4120eb179a0 +Author: Fabian Groffen +Date: 2017-06-07 + + configure: pull in -lnsl -lsocket for socket functions + + Solaris has socket() etc. in these two libs. + + configure.ac | 7 +++++++ + 1 file changed, 7 insertions(+) + +commit f992eb64e8cd2925a37ec09d0f5dbd00b5fbb234 +Author: Nikos Mavrogiannopoulos +Date: 2017-06-23 + + Be silent by default and do not print messages on stderr + + As p11-kit is a library there are cases where it is not desirable + to log on stderr by default. See for example this report + https://bugzilla.redhat.com/show_bug.cgi?id=1464490 + where wget prints an error due to an unconfigured pkcs11 module. + + Signed-off-by: Nikos Mavrogiannopoulos + + common/message.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit af2050a585ee3f242230f69de22b643f6ad2200c +Author: Daiki Ueno +Date: 2017-06-12 + + doc: Use correct PKCS#11 URI syntax + + doc/manual/trust.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b309aea5174d6d3af569c2c54632a35825734579 +Author: Daiki Ueno +Date: 2017-06-09 + + build: Allow use of _GNU_SOURCE + + This reverts commit 6b457ffc, which forbids the use of GNU extension + for the incompatibility of strerror_r. However, now that strerror_l + is used instead on glibc systems, it has no point to do that. + + common/compat.h | 4 ---- + common/unix-peer.c | 5 ----- + configure.ac | 3 +++ + 3 files changed, 3 insertions(+), 9 deletions(-) + +commit efe6dc56c3951c301dda1b548d4cbcd02e074462 +Author: Daiki Ueno +Date: 2017-06-12 + + debug: Add p11_debug_err to prevent use of strerror + + common/debug.c | 35 +++++++++++++++++++++++++++++++++++ + common/debug.h | 15 +++++++++++++-- + p11-kit/rpc-transport.c | 2 +- + 3 files changed, 49 insertions(+), 3 deletions(-) + +commit bf3c1a9d8e4ace4c3a92b4af56e4b62657907522 +Author: Daiki Ueno +Date: 2017-06-09 + + compat: Prefer strerror_l to strerror_r + + strerror_r is being obsolete in the next POSIX specification: + http://austingroupbugs.net/view.php?id=655 + + common/message.c | 15 ++++++++++++++- + configure.ac | 4 ++-- + 2 files changed, 16 insertions(+), 3 deletions(-) + +commit bf168f00e64a0291f5a718eb451915768659c160 +Author: Daiki Ueno +Date: 2017-05-29 + + Release 0.23.7 + + NEWS | 4 ++++ + configure.ac | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit fe1faa9d814a180d432e4ee97fa5b097cfb2d294 +Author: Daiki Ueno +Date: 2017-05-29 + + trust: Suppress dead-assignment warnings from clang-analyzer + + trust/digest.c | 1 + + trust/extract-openssl.c | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +commit b7ba8c625637f3a161cafd81c4a8a30b1f3971b3 +Author: Daiki Ueno +Date: 2017-05-29 + + rpc: Avoid use-after-free when creating socket base directory + + Spotted by clang-analyzer. + + p11-kit/server.c | 1 - + 1 file changed, 1 deletion(-) + +commit a2a2108fce9a5cebaee17f29bda8d9edf6a0fbc8 +Author: Daiki Ueno +Date: 2017-05-29 + + rpc: Avoid calling memcmp() on NULL buffer + + Spotted by clang-analyzer. + + p11-kit/rpc-message.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 3e65d8a23b1f0e1a4d132cf04fdbc9d588cbe02f +Author: Daiki Ueno +Date: 2017-05-29 + + proxy: Don't call realloc() with size 0 + + Spotted by clang-analyzer. + + p11-kit/proxy.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +commit 350bd148d3181c564eeb884dadc37aaed7d3fb9b +Author: Daiki Ueno +Date: 2017-05-29 + + build: Delay building test programs until "make check" + + This is to disable clang-analyzer against test programs, which can + contain several false-positives. + + Makefile.am | 7 +++---- + common/Makefile.am | 2 +- + p11-kit/Makefile.am | 4 ++-- + trust/Makefile.am | 2 +- + 4 files changed, 7 insertions(+), 8 deletions(-) + +commit 6738ade89f10516b589441282e95d5f13f6c1bdd +Author: Daiki Ueno +Date: 2017-05-29 + + travis: Enable clang-analyzer + + .travis.yml | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit cd64b9a7cb4b9f0030d17917370f50753671b93a +Author: Daiki Ueno +Date: 2017-05-29 + + server: Avoid use-after-free + + Reported by Mantas Mikulėnas in: + https://bugs.freedesktop.org/show_bug.cgi?id=101212 + + p11-kit/server.c | 1 - + 1 file changed, 1 deletion(-) + +commit 9cbf590b468f9596284c5bc34be8add09f3f5bee +Author: Daiki Ueno +Date: 2017-05-26 + + Release 0.23.6 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 80e3ce9eff5094c2c40905e2cb8b86c4aaf2329b +Author: Daiki Ueno +Date: 2017-05-26 + + test: Check the size of unsigned long + + configure.ac | 2 ++ + p11-kit/test-rpc.c | 18 +++++++++--------- + 2 files changed, 11 insertions(+), 9 deletions(-) + +commit 4de8f7a9c4f8010069402ce943e5d777cd1f3c28 +Author: Daiki Ueno +Date: 2017-05-26 + + rpc: Load advapi32.dll on the fly + + p11-kit/Makefile.am | 7 ----- + p11-kit/server.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 91 insertions(+), 7 deletions(-) + +commit 95b67e71e19a8415808b5ddf14f253561f11466f +Author: Daiki Ueno +Date: 2017-05-26 + + remote: Remove unnecessary declaration + + p11-kit/remote.h | 4 ---- + 1 file changed, 4 deletions(-) + +commit 036c8fc6492b13eacca7433ca44b91b83abeb961 +Author: Daiki Ueno +Date: 2017-05-26 + + doc: Clarify p11-kit server documentation + + doc/manual/p11-kit.xml | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +commit dd673f20e1ab4916f7565fe055b09433aa88a9b0 +Author: Daiki Ueno +Date: 2017-03-09 + + server: Port to Windows + + Instead of a Unix domain socket on Unix, use a named pipe on Windows. + + p11-kit/Makefile.am | 9 +- + p11-kit/server.c | 541 ++++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 511 insertions(+), 39 deletions(-) + +commit da7f0d65355089f4919bcdffca98bd833258db04 +Author: Daiki Ueno +Date: 2017-03-10 + + rpc: New p11_kit_remote_serve_tokens function + + doc/manual/p11-kit-sections.txt | 1 + + p11-kit/remote.c | 118 +++++++++++++-------------------- + p11-kit/remote.h | 14 ++++ + p11-kit/rpc-server.c | 142 ++++++++++++++++++++++++++++++++++++++++ + p11-kit/server.c | 74 +++++++++++++-------- + 5 files changed, 248 insertions(+), 101 deletions(-) + +commit 7310d92af3b0291ab627fcf3e07800cd5b2983c8 +Author: Daiki Ueno +Date: 2017-03-10 + + remote: Name command line options consistently + + p11-kit/remote.c | 4 +- + p11-kit/server.c | 183 ++++++++++++++++++++++++++++++++++--------------------- + 2 files changed, 116 insertions(+), 71 deletions(-) + +commit dfe606d40c33a6213b89b310df0964392fd6d64d +Author: Daiki Ueno +Date: 2017-05-23 + + rpc: Convert mechanism parameters for portability + + This is similar to commit ba49b85e, but for mechanism parameters. + + p11-kit/rpc-client.c | 153 +--------------------- + p11-kit/rpc-message.c | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/rpc-message.h | 31 +++++ + p11-kit/rpc-server.c | 33 +++-- + p11-kit/test-rpc.c | 66 ++++++++++ + 5 files changed, 467 insertions(+), 158 deletions(-) + +commit 3b484b87e13e52873ea48f920132ecd96cb79cbc +Author: Daiki Ueno +Date: 2017-05-23 + + pkcs11: Define RSA-PSS mechanism parameter + + common/pkcs11.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit c11a951a24b91f80e109951b0fe2ce418ea70f17 +Author: Daiki Ueno +Date: 2017-05-23 + + pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS useful + + common/pkcs11.h | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +commit 9e4ea3ff80b736bddbca834eef7e7f61f4b15c23 +Author: Daiki Ueno +Date: 2017-05-23 + + rpc: Fix typo in encoding CK_DATE value + + p11-kit/rpc-message.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 41b07cdf4210b299dc6c92352475c7c095f6f915 +Author: Daiki Ueno +Date: 2017-05-23 + + rpc: Factor out attribute value serializer definitions + + p11-kit/rpc-message.c | 51 +++++++++++++++++++++++++-------------------------- + 1 file changed, 25 insertions(+), 26 deletions(-) + +commit f6112aa79a251079aef344d77cbe172031db1e8b +Author: Daiki Ueno +Date: 2017-05-24 + + rpc: Add a comment why we call _get_attribute() twice + + p11-kit/rpc-server.c | 1 + + 1 file changed, 1 insertion(+) + +commit ba49b85ecf280e7fb6eec96c3ef33c50122e75a6 +Author: Daiki Ueno +Date: 2017-05-11 + + rpc: Convert attribute value for portability + + When using the RPC across multiple architectures, where data models + are different, say LP64 vs ILP32, there can be unwanted truncation of + attribute values. + + This patch converts the values into portable format for the known + attributes. + + Co-authored-by: Nikos Mavrogiannopoulos + + p11-kit/rpc-client.c | 63 +++---- + p11-kit/rpc-message.c | 509 ++++++++++++++++++++++++++++++++++++++++++++++++-- + p11-kit/rpc-message.h | 77 ++++++++ + p11-kit/rpc-server.c | 35 ++-- + p11-kit/test-rpc.c | 223 +++++++++++++++++++++- + 5 files changed, 827 insertions(+), 80 deletions(-) + +commit 480337a68446033dc9374e9c4fe4d3cae9d4e972 +Author: Daiki Ueno +Date: 2017-05-22 + + rpc: Return early if call_id of request is ERROR + + Otherwise it will cause assertion failure in a few lines below. + Spotted by amrican fuzzy lop. + + p11-kit/rpc-message.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 8b64577c3bb4d5dd60e4939223550f2f2002284b +Author: Daiki Ueno +Date: 2017-05-22 + + build: Add fuzzer using AFL + + build/fuzz/main.c | 44 ++++++++++++++++++++++++++++++++++++ + build/fuzz/rpc.in/transcript | Bin 0 -> 146 bytes + build/fuzz/rpc_fuzzer.c | 52 +++++++++++++++++++++++++++++++++++++++++++ + build/fuzz/run-afl.sh | 46 ++++++++++++++++++++++++++++++++++++++ + build/fuzz/transcript | Bin 0 -> 5694933 bytes + 5 files changed, 142 insertions(+) + +commit 723dfeb3dd9b8426c4c1d6236f4b22354c122dae +Author: Daiki Ueno +Date: 2017-05-18 + + trust: Simplify the check for the magic + + Instead of reusing the CKA_X_GENERATED attribute, check the file + contents directly in the caller side. + + trust/parser.c | 7 +++---- + trust/persist.c | 19 +++++++++++-------- + trust/persist.h | 3 +++ + 3 files changed, 17 insertions(+), 12 deletions(-) + +commit 66c6a7e912d39d66cd4cc91375ac7be418bf7176 +Author: Daiki Ueno +Date: 2017-05-18 + + trust: Check magic comment in persist file for modifiablity + + A persistent file written by the trust module starts with the line "# + This file has been auto-generated and written by p11-kit". This can + be used as a magic word to determine whether the objects read from a + .p11-kit file are read-only. + + trust/parser.c | 6 +++++- + trust/persist.c | 9 ++++++++- + trust/test-token.c | 1 + + 3 files changed, 14 insertions(+), 2 deletions(-) + +commit acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea +Author: Daiki Ueno +Date: 2017-05-18 + + Revert "trust: Honor "modifiable" setting in persist file" + + This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which + broke "trust anchor --remove". + + trust/input/verisign-v1.p11-kit | 1 - + trust/parser.c | 10 +--------- + trust/test-parser.c | 1 - + 3 files changed, 1 insertion(+), 11 deletions(-) + +commit 5a52fe4fa8dffdaf33cd024e1a4b18c8facb451c +Author: Daiki Ueno +Date: 2017-03-09 + + remote: Fix typo when writing a credential byte + + out_fd is not always 1 when p11_kit_remote_serve_module() is used for + writing a custom server. + + p11-kit/rpc-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 13160c1f95758387dffc41345e20d89ff9b5a5c0 +Author: Daniel Black +Date: 2017-03-06 + + correct text for --user-config option + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 817a1c67c407850ab1756fdacb1c38e4bded5509 +Author: Daiki Ueno +Date: 2017-03-01 + + Release 0.23.5 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit a827b55fed09b72ffd0e176c6630cb7b591c6e04 +Author: Daiki Ueno +Date: 2017-02-28 + + build: Remove systemd unit files for now + + Given that the remote proxy service shall be only used by NetworkManager + and not generally useful, revert commit + a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now. + + Once the necessary command that runs the proxy module is implemented in + p11-kit, maybe NetworkManager itself could install those files. + + p11-kit/Makefile.am | 19 ------------------- + p11-kit/p11-kit-remote.socket | 10 ---------- + p11-kit/p11-kit-remote@.service.in | 10 ---------- + 3 files changed, 39 deletions(-) + +commit 7053ace4ae5b3e2129e5a8ffe482420bfc14f894 +Author: Daiki Ueno +Date: 2017-02-24 + + systemd: Fix location of p11-kit-remote + + The p11-kit-remote executable is now located under $libexecdir, but we + should use the p11-kit command to launch the subcommand. + + Makefile.am | 2 ++ + configure.ac | 1 - + p11-kit/Makefile.am | 8 ++++++++ + p11-kit/p11-kit-remote@.service.in | 2 +- + 4 files changed, 11 insertions(+), 2 deletions(-) + +commit 156b0c9249f6da54195d2a6a817ea92552e78bf8 +Author: Nikos Mavrogiannopoulos +Date: 2017-02-27 + + fixed license in unix peer file + + common/unix-peer.c | 39 +++++++++++++++++++++++++++------------ + 1 file changed, 27 insertions(+), 12 deletions(-) + +commit b674c94029fd2012d8a5cba13a9e7b8dd097ac56 +Author: Roman Bogorodskiy +Date: 2017-02-23 + + build: add missing includes for FreeBSD + + Include signal.h for kill(2) and SIGKILL on FreeBSD. + + p11-kit/test-transport.c | 1 + + 1 file changed, 1 insertion(+) + +commit bc6fec4422ddc84541776b6f0cfca1542e28f350 +Author: Roman Bogorodskiy +Date: 2017-02-23 + + build: check for getpeereid + + In common/unix-peer.c, we are checking if HAVE_GETPEEREID is defined, + however, we never actually check if getpeereid() is available, so + fix that by checking this function using AC_CHECK_FUNCS(). + + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +commit 54d9f0799e32796f8e762d8b58ecd4e3dd3fef82 +Author: Daiki Ueno +Date: 2017-02-17 + + Release 0.23.4 + + NEWS | 17 +++++++++++++++++ + configure.ac | 6 +++--- + 2 files changed, 20 insertions(+), 3 deletions(-) + +commit 1e80b5858a90497879e1e3faee4c7f76d5cbd6f0 +Author: Daiki Ueno +Date: 2017-02-20 + + uri: Support vendor query attributes + + If an unknown attribute is present in the query part of the PKCS#11 URI, + the parser treated it as unrecognized and subsequent matches failed. + + Instead, keep track of such attributes and provide a set of API to deal + with them. + + doc/manual/p11-kit-sections.txt | 2 + + p11-kit/test-uri.c | 40 ++++++++++++++++ + p11-kit/uri.c | 100 +++++++++++++++++++++++++++++++++++++++- + p11-kit/uri.h | 6 +++ + 4 files changed, 146 insertions(+), 2 deletions(-) + +commit eb65a85a4abfbab489f271c9f074409ba46ce8f5 +Author: Daiki Ueno +Date: 2017-02-21 + + rpc: Make it less verbose about connection failure + + The connection failure here is not fatal. Use p11_debug() instead of + p11_message(). + + p11-kit/rpc-transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit c65752d596e69f48ebe67694cfb2a91697a676bf +Author: Mantas Mikulėnas +Date: 2017-02-20 + + rpc: Try $XDG_CACHE_HOME before ~/.cache + + This is unset on most systems, but might as well follow the Base + Directory spec properly. + + p11-kit/client.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit 8eed1e60b0921d05872e2f43eee9088cef038d7e +Author: Daiki Ueno +Date: 2017-02-17 + + trust: Honor "modifiable" setting in persist file + + Previously, all objects read from p11-kit persist files are marked as + modifiable when parsing, regardless of the explicit "modifiable: false" + setting in the file. + + Reported by Kai Engert in: + https://bugs.freedesktop.org/show_bug.cgi?id=99797 + + trust/input/verisign-v1.p11-kit | 1 + + trust/parser.c | 10 +++++++++- + trust/test-parser.c | 1 + + 3 files changed, 11 insertions(+), 1 deletion(-) + +commit 0684cd7b7f815b411ea5041c021f92ca5ef42606 +Author: Daiki Ueno +Date: 2017-01-11 + + rpc: Add PKCS#11 module that connects to socket + + This patch adds a PKCS#11 module that connects to the p11-kit server + exposed on the filesystem. The filename of the socket is determined in + the following order: + + - $P11_KIT_SERVER_ADDRESS, if the envvar is available + - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available + - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists + - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists + - ~/.cache/p11-kit/pkcs11. + + Note that the program loading this module may have called setuid() and + secure_getenv() which we use for fetching envvars could return NULL. + + Makefile.am | 3 + + doc/manual/Makefile.am | 1 + + doc/manual/p11-kit.xml | 17 ++++ + p11-kit/Makefile.am | 58 ++++++++++--- + p11-kit/client-init.c | 109 +++++++++++++++++++++++++ + p11-kit/client.c | 215 +++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/client.h | 41 ++++++++++ + p11-kit/modules.c | 10 +++ + p11-kit/proxy-init.c | 98 ++++++++++++++++++++++ + p11-kit/remote.c | 2 +- + p11-kit/util.c | 57 ------------- + trust/Makefile.am | 3 +- + 12 files changed, 543 insertions(+), 71 deletions(-) + +commit c28ff652e5d6c6ddff513716e22064e0e17a58d3 +Author: Daiki Ueno +Date: 2016-12-25 + + remote: Add API to serve a token + + doc/manual/p11-kit-sections.txt | 1 + + p11-kit/remote.h | 5 +++++ + p11-kit/rpc-server.c | 37 +++++++++++++++++++++++++++++++++++++ + 3 files changed, 43 insertions(+) + +commit 426b693aa7fe2e9750abf8cb39f28251a4b54668 +Author: Daiki Ueno +Date: 2016-12-26 + + remote, server: Recognize PKCS#11 URI + + p11-kit/remote.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 69 insertions(+), 8 deletions(-) + +commit 4bac7e0e95712a4c7bfd03471c973f491ad81df4 +Author: Nikos Mavrogiannopoulos +Date: 2016-08-24 + + p11-kit: Add 'p11-kit server' command + + This adds a new tool to the p11-kit command called 'server', which + allows us to access a PKCS#11 module over a Unix domain socket. + + Internally, it is implemented as a wrapper around 'p11-kit remote'. + Upon connection it executes 'p11-kit remote' in a forked process. + + configure.ac | 3 + + p11-kit/Makefile.am | 14 ++ + p11-kit/server.c | 578 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 595 insertions(+) + +commit f2742c72bc29444bcfe63425819506fa42073d64 +Author: Nikos Mavrogiannopoulos +Date: 2016-08-24 + + common: New p11_get_upeer_id() function + + common/Makefile.am | 6 ++++ + common/unix-peer.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/unix-peer.h | 42 +++++++++++++++++++++++++++ + 3 files changed, 132 insertions(+) + +commit 89fa381ce5573a925b90da973cd8956937d79caa +Author: Nikos Mavrogiannopoulos +Date: 2016-08-24 + + rpc: New rpc_unix transport based on Unix socket + + p11-kit/rpc-transport.c | 89 +++++++++++++++++++++++++++++++++++ + p11-kit/test-transport.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 207 insertions(+) + +commit 3bab48000c4e61104b30ac379806cad3e1376ea6 +Author: Daiki Ueno +Date: 2017-01-25 + + common: Add path encoding functions + + This adds p11_path_{encode,decode}(), following the escaping rule + described in: + https://dbus.freedesktop.org/doc/dbus-specification.html#addresses + + Although they are merely a wrapper around p11_url_{decode,encode}(), + having dedicated functions hides the implementation details. + + common/path.c | 33 +++++++++++++++++++++++++++++++++ + common/path.h | 4 ++++ + common/test-path.c | 22 ++++++++++++++++++++++ + 3 files changed, 59 insertions(+) + +commit 5442b1cfa13da9307cc38a8fd289a67a05fe26ad +Author: Daiki Ueno +Date: 2017-02-15 + + travis: Enable mingw64 cross build + + .travis.yml | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +commit 98f02ef5ebf6966af4937dd2f730d808f13d8a1c +Author: Daiki Ueno +Date: 2017-02-16 + + trust: Fix uninitialized value in anchor command + + trust/anchor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6dfa59954d882971e4516192f18319cbc75b5e4b +Author: Daiki Ueno +Date: 2017-02-16 + + library: Initialize p11_virtual_mutex for Windows + + common/library.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 8594841ed349818bb8cb43a57b734a7945427c64 +Author: Daiki Ueno +Date: 2017-02-16 + + test: Fix modules test for Windows + + Synchronize the fixture module to the non-Unix one and enable + "/modules/test_filename". + + p11-kit/fixtures/system-modules/win32/one.module | 4 +++- + p11-kit/test-modules.c | 4 +--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +commit 63b31ebfa1a978789cb31635fd95d00d7e398fa2 +Author: Daiki Ueno +Date: 2017-02-15 + + trust: Fix saving trust file on Windows + + trust/save.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +commit 99aabc614cce4e0a9751d9409546c34abc1fe2db +Author: Daiki Ueno +Date: 2017-02-15 + + test: Fix Windows test case for p11_path_expand + + common/test-path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b534f1801d82c565e38305b2ed73dd00dc165f65 +Author: Daiki Ueno +Date: 2017-02-15 + + rpc: Port exec transport to Windows + + On Windows, use _spawnv() to create a subprocess and two unidirectional + pipe created with _pipe() to communicate with it. If we can assume + WinSock, it might be simpler to use a socketpair() replacement from: + https://github.com/ncm/selectable-socketpair. + + p11-kit/rpc-transport.c | 275 ++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 245 insertions(+), 30 deletions(-) + +commit 46e35810f8e9774bd5984b9fcb6d92450bf6ba0a +Author: Daiki Ueno +Date: 2017-02-15 + + build: Adjust executable/module names for Windows + + Append EXEEXT or SHLEXT to the filename if needed. + + configure.ac | 2 ++ + p11-kit/p11-kit.c | 7 ++++++- + p11-kit/test-transport.c | 4 ++-- + 3 files changed, 10 insertions(+), 3 deletions(-) + +commit 69293e9e894c9a3141f8d59e78a81b3fcf2beb28 +Author: Daiki Ueno +Date: 2017-02-01 + + build: Avoid undefined reference to rpc_exec_init + + p11-kit/rpc-transport.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +commit 7b5ad15a68ab7fc0a0cb051f641120c6301694a7 +Author: Daiki Ueno +Date: 2017-02-01 + + build: Include for execv + + trust/extract.c | 1 + + 1 file changed, 1 insertion(+) + +commit b78bc9304b21da16312473b1f4dc0f8870fb8df9 +Author: Daiki Ueno +Date: 2017-02-01 + + build: Check *asprintf on all platforms + + configure.ac | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +commit b16500f93407aef72445b03c1ee96c6768917906 +Author: Daiki Ueno +Date: 2017-02-15 + + argv: Fix misinterpretation of backslash in quotes + + Don't append the backslash character twice to the output. It is + interpolated a few lines below, if it is really required. + + common/Makefile.am | 4 ++ + common/argv.c | 2 +- + common/test-argv.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 119 insertions(+), 1 deletion(-) + +commit 873d391fa5015e8c5c82457a0641ed5bb1e2b7e3 +Author: Daiki Ueno +Date: 2017-02-16 + + compat: Fix character generation in mk{s,d}temp() + + common/compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b8f1e4febe31f18bf63a3a9ad0e336ede82dd0f1 +Author: Kai Engert +Date: 2017-02-02 + + Fix a typo in "x-cetrificate-value", see also https://bugs.freedesktop.org/show_bug.cgi?id=99600 + + common/constants.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit dbadd5da6ccbb17ec5c4bbb142fdc244b4903bfb +Author: Kai Engert +Date: 2017-02-02 + + Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files. + See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 + and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453 + + common/constants.c | 1 + + common/pkcs11x.h | 1 + + trust/builder.c | 1 + + trust/persist.c | 1 + + 4 files changed, 4 insertions(+) + +commit ee740e904030c3fb2640f524014474a510dda7eb +Author: Daiki Ueno +Date: 2017-02-16 + + library: Deinit p11_virtual_mutex + + Follow-up fix for commit 4d228aa0, which forgot to clear + p11_virtual_mutex on library finalization. + + common/library.c | 1 + + 1 file changed, 1 insertion(+) + +commit 4d228aa0129bcafb97d7196d8c18e379b492406d +Author: Daiki Ueno +Date: 2017-02-14 + + virtual: Move mutex into p11_library_init() + + We used to provide p11_virtual_fixed_{,un}init() to only initialize a + mutex used in virtual.c. That required all the tests calling virtual + functions to call p11_virtual_fixed_{,un}init() in main(). + + For simplicity, move the mutex variable initialization into + p11_library_init(). + + common/library.c | 3 +++ + common/library.h | 3 +++ + p11-kit/util.c | 5 ----- + p11-kit/virtual-fixed.h | 3 --- + p11-kit/virtual.c | 27 +++++---------------------- + 5 files changed, 11 insertions(+), 30 deletions(-) + +commit 1ea08989cecee217befd3b964b5a4f0d584e2a29 +Author: Daiki Ueno +Date: 2017-02-13 + + trust: Revert to the original 'extract' behavior + + Since commit f4384a40, due to a missing ex->flags setting, the 'trust + extract' command didn't retrieve correlation between related objects and + that was causing assertion failure when writing PEM files. + + https://bugs.freedesktop.org/show_bug.cgi?id=99795 + + trust/extract.c | 1 + + 1 file changed, 1 insertion(+) + +commit fd9b5c19485e2b88150696b523d889df2ed41cba +Author: Daiki Ueno +Date: 2016-12-13 + + filter: New virtual wrapper for access control + + doc/manual/Makefile.am | 1 + + p11-kit/Makefile.am | 5 + + p11-kit/filter.c | 420 +++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/filter.h | 55 +++++++ + p11-kit/test-filter.c | 143 +++++++++++++++++ + 5 files changed, 624 insertions(+) + +commit 3d54011b0d0bf1b31fbab8d7025b7201722d61c3 +Author: Daiki Ueno +Date: 2016-12-17 + + iter: Enable iteration over slots/tokens/modules + + While PKCS#11 URI can identify slots/tokens/modules, P11KitIter is only + capable of iterating over objects. + + This patch adds new behaviors to P11KitIter to support iterations over + slots/tokens/modules, using the C coroutine trick as described in: + http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html + + doc/manual/p11-kit-sections.txt | 2 + + p11-kit/iter.c | 149 +++++++++++++++++++++++++++++++------- + p11-kit/iter.h | 16 +++- + p11-kit/test-iter.c | 157 +++++++++++++++++++++++++++++++++++++++- + 4 files changed, 297 insertions(+), 27 deletions(-) + +commit 77913af71be81208b4e9af68cd10bc55669543e1 +Author: Daiki Ueno +Date: 2017-01-23 + + uri: Relax pin-* parsing for compatibility + + While 'pin-source' and 'pin-value' are defined as query atttribute, they + were defined as path attribute in earlier drafts, and some + implementations still stick to it. + + For backward compatibility, accept those in path attributes when + parsing (but not when formatting). + + Reported by Andreas Metzler in: + https://lists.freedesktop.org/archives/p11-glue/2017-January/000637.html + + p11-kit/uri.c | 31 ++++++++++++++++++++++++++----- + 1 file changed, 26 insertions(+), 5 deletions(-) + +commit cfa9fefb2b4c4d8c1d38284817c61dcf5d3f4716 +Author: Stef Walter +Date: 2017-01-29 + + trust: Implement a 'trust dump' command + + This dumps all the PKCS#11 objects in the internal .p11-kit + persistence format. + + This is part of the trust command and tooling, even though + at some point it could go in the p11-kit command. The reason + for this is that the code related to the internal .p11-kit + objects is in the trust code, and consumed solely by the + trust related modules. + + doc/manual/trust.xml | 39 +++++++++++ + trust/Makefile.am | 1 + + trust/dump.c | 191 +++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/dump.h | 43 ++++++++++++ + trust/trust.c | 2 + + 5 files changed, 276 insertions(+) + +commit 2a46d81d84682181e0108ff2e5f973f7a319d25f +Author: Stef Walter +Date: 2017-01-29 + + trust: Don't encode spaces when writing .p11-kit format + + These should not be encoded by default for readability in + strings. + + trust/persist.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6caa48db1cab9a4d680062edcd139d9625c5aa7f +Author: Stef Walter +Date: 2017-01-29 + + trust: Add an "all" filter option for trust commands + + trust/enumerate.c | 3 +++ + 1 file changed, 3 insertions(+) + +commit f4384a40657e6abde6658ac7600abb879818b493 +Author: Stef Walter +Date: 2017-01-29 + + trust: Make extraction and correlation of certificate info optional + + This is so that the code can be shared by the upcoming 'trust dump' + command where correlation between related objects is not desired. + + trust/enumerate.c | 28 +++++++++++++++------------- + trust/enumerate.h | 1 + + trust/list.c | 1 + + trust/test-bundle.c | 1 + + trust/test-cer.c | 1 + + trust/test-enumerate.c | 16 ++++++++++------ + trust/test-openssl.c | 1 + + 7 files changed, 30 insertions(+), 19 deletions(-) + +commit d5a2d993c8e983290aea33fac2a086240af39c6b +Author: Stef Walter +Date: 2017-01-29 + + trust: Load all attributes for each object when enumerating + + We load all known attributes for each object we're enumerating + over in the 'trust list' and 'trust extract' commands. + + trust/enumerate.c | 38 +++++++++++++++++++++----------------- + 1 file changed, 21 insertions(+), 17 deletions(-) + +commit 9bb1613011370b00c7b561d7de30c205a246a586 +Author: Daiki Ueno +Date: 2017-01-25 + + virtual: Make virtual-fixed internal API cleaner + + Add proper inclusion guard to virtual-fixed.h and move the declarations + of the (un)initialization functions there. + + p11-kit/util.c | 10 +++++----- + p11-kit/virtual-fixed.h | 9 +++++++++ + p11-kit/virtual.c | 4 ++-- + p11-kit/virtual.h | 4 ---- + 4 files changed, 16 insertions(+), 11 deletions(-) + +commit 08ecac9deb63904c6482eab64198580aac9e1a4e +Author: Daiki Ueno +Date: 2017-01-25 + + test: Release transport mock module + + To prevent leaks of fixed closures, p11_kit_module_release() needs to be + called on the mock module itself. + + p11-kit/test-transport.c | 1 + + 1 file changed, 1 insertion(+) + +commit c01b59e5594b395cf084068e513a68f63c9b95a4 +Author: Nikos Mavrogiannopoulos +Date: 2016-11-30 + + test: Check exhaustion of fixed closures + + p11-kit/test-managed.c | 49 +++++++++++++++++++++++++++++++++++++++++++++---- + p11-kit/test-modules.c | 38 +++++++++++++++++++++++++++++++++++++- + 2 files changed, 82 insertions(+), 5 deletions(-) + +commit 9f632bed73c8800af16a69c97bd4c315bd350f8b +Author: Daiki Ueno +Date: 2016-08-26 + + build: Make libffi closure optional + + libffi's closure support is not available on all platforms and may fail + at run time if running under a stricter SELinux policy. Fallback to + pre-compiled closures if it is not usable. + + https://bugs.freedesktop.org/show_bug.cgi?id=97611 + + configure.ac | 11 - + doc/manual/Makefile.am | 1 + + p11-kit/Makefile.am | 5 +- + p11-kit/modules.c | 26 +- + p11-kit/proxy.c | 2 +- + p11-kit/test-init.c | 12 +- + p11-kit/test-virtual.c | 1 - + p11-kit/util.c | 5 + + p11-kit/virtual-fixed.h | 1135 +++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/virtual.c | 614 ++++++++++++++++++++----- + p11-kit/virtual.h | 6 +- + 11 files changed, 1662 insertions(+), 156 deletions(-) + +commit 91861f634a1299af28a29de70c45f469562123f6 +Author: Daiki Ueno +Date: 2017-01-23 + + maint: Add .dir-locals.el file for Emacs + + .dir-locals.el | 1 + + 1 file changed, 1 insertion(+) + +commit 7f6488fc95a2cbd3b8012923d6fd522a83ae6bba +Author: Daiki Ueno +Date: 2017-01-23 + + travis: Enable strict code compilation + + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 1e0bc1f164ce73f9feeeb14754d09072b3e9bc68 +Author: Roman Bogorodskiy +Date: 2017-01-21 + + Fix compiler warnings on FreeBSD + + * common/compat.c: Fix "implicit declaration of function 'issetugid'" + warning. On FreeBSD, it's required to define __BSD_VISIBLE to make + issetugid(2) visible + * common/test-message.c: Fix "implicit declaration of function + 'asprintf'" by including + * p11-kit/test-iter.c: Fix "format '%lu' expects argument of + type 'long unsigned int', but argument 3 has type 'int'" by + changing format string to "%d" + + common/compat.c | 4 ++++ + common/test-message.c | 1 + + p11-kit/test-iter.c | 2 +- + 3 files changed, 6 insertions(+), 1 deletion(-) + +commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 +Author: Lubomir Rintel +Date: 2016-12-08 + + systemd: add per-user remoting socket + + This allows daemons outside user's session to use per-user PKCS#11 + modules. Useful for letting VPN daemons or wpa_supplicant use + certificates stored in user's GNOME keyring, etc. + + .gitignore | 1 + + configure.ac | 1 + + p11-kit/Makefile.am | 11 +++++++++++ + p11-kit/p11-kit-remote.socket | 10 ++++++++++ + p11-kit/p11-kit-remote@.service.in | 10 ++++++++++ + 5 files changed, 33 insertions(+) + +commit 563606efe17cbf3b84679f5e54f60b8d68ba9015 +Author: Lubomir Rintel +Date: 2015-11-03 + + common: use recursive pthread mutex for library lock + + This allows us to do nested locking within one thread avoiding a lockup + when remoting the p11-kit-proxy.so module: + + #0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0 + #1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0 + #2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355 + #3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337 + #4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382 + #5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427 + #6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105 + #7 main (argc=1, argv=) at p11-kit/remote.c:169 + + The Windows NT mutex is aready recursive by default. + + common/compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit cfc654b2a532aa1adf3cda4bdee8b1397920f912 +Author: Daiki Ueno +Date: 2017-01-18 + + uri: Support query attributes to specify module + + Accept and produce 'module-name' and 'module-path' query attributes + defined in RFC 7512. + + doc/manual/p11-kit-sections.txt | 4 ++ + p11-kit/test-uri.c | 115 ++++++++++++++++++++++++++++++++++++++ + p11-kit/uri.c | 121 +++++++++++++++++++++++++++++++++++++--- + p11-kit/uri.h | 10 ++++ + 4 files changed, 241 insertions(+), 9 deletions(-) + +commit a126365a49547da6b532210a886bb5d5fc531b77 +Author: Daiki Ueno +Date: 2017-01-16 + + uri: Avoid typecasting confusion on s390x + + Like memcpy(), the 'void *' argument of p11_buffer_add() points to the + memory area ordered in host's endianness. Add typecast of int->char to + avoid the confusion. + + Reported by Andreas Metzler in: + https://lists.freedesktop.org/archives/p11-glue/2017-January/000633.html + + p11-kit/uri.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +commit 726c08847c263af9c9fd8c74aea738612795dbb6 +Author: Lubomir Rintel +Date: 2016-12-28 + + uri: fix producing the query attributes + + Put the pin-* attributes where they belong: to the query part. + + p11-kit/test-uri.c | 2 +- + p11-kit/uri.c | 81 +++++++++++++++++++++++++++++++----------------------- + 2 files changed, 48 insertions(+), 35 deletions(-) + +commit cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea +Author: Lubomir Rintel +Date: 2016-12-28 + + uri: fix the query attribute parsing + + The pin-* attributes belong to the query part. We should not parse them + until we see a '?' and they're separated with a '&'. + + This might be an important thing -- some of the query attributes may + have security implications reaching outside scope of the token itself, to the + host system itself. E.g. a pin-source may cause the consumer to access a file + or module-path (unimplemented) execute code. The user may want to just chop the + attribute part off if they want the consumer access the token and not take the + security considerations into account. + + p11-kit/test-uri.c | 6 +++--- + p11-kit/uri.c | 50 +++++++++++++++++++++++++++++++++++++++----------- + 2 files changed, 42 insertions(+), 14 deletions(-) + +commit 287ae8c14145d9cef55079e4de36b1607176cf89 +Author: Roman Bogorodskiy +Date: 2017-01-07 + + build: improve p11-kit-proxy symlink handling + + - Current command for creation of the p11-kit-proxy symlink + uses shell brace expansion that isn't supported by all + the shells (e.g. FreeBSD's /bin/sh does not support that). + Replace it with the old-fashioned 'for' loop + - Match extension of the source and the target, i.e. so links + to so, dylib links to dylib (previously dylib linked to so) + - Add an uninstall-local target to clean up the symlink + + p11-kit/Makefile.am | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +commit 794385d24fe794455798946ce9de1e2280e78a8c +Author: Daiki Ueno +Date: 2016-12-13 + + Release version 0.23.3 + + NEWS | 10 ++++++++++ + configure.ac | 6 +++--- + 2 files changed, 13 insertions(+), 3 deletions(-) + +commit 62d7cd6a0e1ce76b2dd6c5a44933cee1bac93c19 +Author: Daiki Ueno +Date: 2016-12-19 + + doc: More tweaks for gtk-doc + + doc/manual/p11-kit-sections.txt | 7 +++++++ + 1 file changed, 7 insertions(+) + +commit eb6433f0d1406d3dda42c98fa94060cab5d5d0ac +Author: Daiki Ueno +Date: 2016-12-19 + + doc: Mention new API functions + + doc/manual/p11-kit-sections.txt | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit 4442748b1cbb4da4f355ece6d498a2272e2c7238 +Author: Andreas Metzler +Date: 2016-12-15 + + rpc: Fix typo flagged by lintian + + p11-kit/rpc-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 9773fa8ca877d305a5dea26d07cfcfc445232ae2 +Author: Daiki Ueno +Date: 2016-12-13 + + test: Remove setgid()ed copy of frob-getenv + + Otherwise the file is left in builddir, after make distclean. + + common/test-compat.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +commit 5af8da1f4949807925e23b866f6280dcf7d74f87 +Author: Daiki Ueno +Date: 2016-12-13 + + test: Fix privatedir substitution in test-extract + + Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must + be substituted in the script beforehand. + + trust/test-extract.in | 1 + + 1 file changed, 1 insertion(+) + +commit 352d2090628d6a040846508e51de06318b69a475 +Author: Daiki Ueno +Date: 2016-12-06 + + pkcs11: Update CRYPTOKI_VERSION to 2.40 + + common/pkcs11.h | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +commit 5287a57b9e6d96504af4ad0f989328397f845d55 +Author: Daiki Ueno +Date: 2016-12-06 + + pkcs11: Add CK_RSA_PKCS_OAEP_PARAMS definition + + https://bugzilla.redhat.com/show_bug.cgi?id=1191209 + + common/pkcs11.h | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +commit 15a28b263f37de4796899dff04bcf3886f9d010e +Author: Daiki Ueno +Date: 2016-12-06 + + pkcs11: Add CKA_COPYABLE definition + + https://bugzilla.redhat.com/show_bug.cgi?id=1191231 + + common/pkcs11.h | 1 + + 1 file changed, 1 insertion(+) + +commit ccc81bbfaffb5617a509126b8f882b6c930434e3 +Author: Daiki Ueno +Date: 2016-12-06 + + pkcs11: Add AES key wrap mechanisms + + https://bugzilla.redhat.com/show_bug.cgi?id=1191231 + + common/pkcs11.h | 3 +++ + 1 file changed, 3 insertions(+) + +commit b034e8601036c41acfcbd39f12fcd4bfb75dfd13 +Author: Pankaj +Date: 2016-09-20 + + proxy: Remove redundant NULL check + + https://bugs.freedesktop.org/show_bug.cgi?id=93589 + + p11-kit/proxy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit f8ff3bec65e31dad1cabe0bd3e2f1fae9ef77f40 +Author: Pankaj +Date: 2016-09-20 + + modules: Remove redundant NULL check + + https://bugs.freedesktop.org/show_bug.cgi?id=93588 + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 873e52cc72701f7a5714a5006f15810ba5981d10 +Author: Pankaj +Date: 2016-09-20 + + proxy: Check return value of calloc() + + https://bugs.freedesktop.org/show_bug.cgi?id=92815 + + p11-kit/proxy.c | 1 + + 1 file changed, 1 insertion(+) + +commit 2cf22900bbcb3a0f3d11b56ad262bef33e997a00 +Author: Pankaj +Date: 2016-09-20 + + mock: Check return value of calloc() + + https://bugs.freedesktop.org/show_bug.cgi?id=92813 + + common/mock.c | 1 + + 1 file changed, 1 insertion(+) + +commit 694c95d8da89e2f6aae47c7c379b3c0e2b9adbe8 +Author: Daiki Ueno +Date: 2016-12-06 + + doc: State 'p11-kit trust' is a deprecated form + + https://bugzilla.redhat.com/show_bug.cgi?id=1160783 + + doc/manual/p11-kit.xml | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +commit b3418c2f0d223955723df7d65a31026ad038d943 +Author: Daiki Ueno +Date: 2016-09-23 + + trust: Don't add CKA_TRUSTED to extension object + + While 'trust anchor' command tries to add CKA_TRUSTED attribute to any + object, it is only valid for a certificate object. + + https://bugzilla.redhat.com/show_bug.cgi?id=1158926 + + trust/anchor.c | 35 +++++++++++++++++++++++++++++++++-- + 1 file changed, 33 insertions(+), 2 deletions(-) + +commit 65e8ad30e7832f3a979f88f4308cfa4f9a969829 +Author: Daiki Ueno +Date: 2016-09-22 + + common, trust: Avoid integer overflow + + This fixes issues pointed in: + https://bugzilla.redhat.com/show_bug.cgi?id=985445 + except for p11-kit/conf.c:read_config_file(), which was rewritten using + mmap() and thus length calculation is no longer needed. + + common/compat.c | 8 ++++++-- + common/path.c | 2 ++ + common/url.c | 2 +- + trust/base64.c | 5 +++++ + 4 files changed, 14 insertions(+), 3 deletions(-) + +commit 99c3d823fc96c47af4810a5ee091501721159a48 +Author: Stanislav Brabec +Date: 2016-11-22 + + move privatedir from libdir to libexecdir + + According to the GNU Coding Standards[1], private executables should be + installed to libexecdir, not libdir. + + Move privatedir to libexecdir. + + [1] https://www.gnu.org/prep/standards/ + + https://bugs.freedesktop.org/show_bug.cgi?id=98817 + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit c7d33b9fc54d618feda8960f12c71214dc9ec697 +Author: Daiki Ueno +Date: 2016-09-27 + + trust: Avoid confusion in DER/PEM decoding + + Previously p11-kit-trust.so tried to interpret certificate as PEM format + first. This could cause potential conflict if the certificate were + actually in DER format and contained a PEM marker strings. + + https://bugs.freedesktop.org/show_bug.cgi?id=92063 + + trust/test-token.c | 18 ++++++++++ + trust/test-trust.h | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 2 +- + 3 files changed, 115 insertions(+), 1 deletion(-) + +commit 2b86585f1b1d140b73b693c81aac8b4a9af1cb8d +Author: Stef Walter +Date: 2016-11-29 + + doc: Update documentation to point towards GitHub + + The p11-kit code has moved to GitHub. The documentation needs + an update. + + HACKING | 5 ++++- + doc/manual/p11-kit-devel.xml | 2 +- + 2 files changed, 5 insertions(+), 2 deletions(-) + +commit 8046370a9d0c8333d84a1294c302d21634729cc8 +Author: Lubomir Rintel +Date: 2016-11-28 + + test-conf: don't create the setuid copy in /tmp + + The temporary directory is often mounted with nosuid, thus whatever runs + from there doesn't get AT_SECURE in auxv. + + common/test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 9cb55d7357db929960dca26b9f22f488b756bac2 +Author: Daiki Ueno +Date: 2016-09-27 + + trust: Clarify the error message of 'extract' + + https://bugzilla.redhat.com/show_bug.cgi?id=1154693 + + trust/extract.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +commit d6d0dfd10e360fdcb974e74abe92bb0910bdf172 +Author: Daiki Ueno +Date: 2016-09-23 + + trust: Mention anchor --remove option in help + + https://bugzilla.redhat.com/show_bug.cgi?id=1158467 + + trust/anchor.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 1d2276dc20153eb513d67aeb3464cf0c1edf6d38 +Author: Daiki Ueno +Date: 2016-09-22 + + trust: Reject invalid UTF-8 input + + Merge changes from utf8.c in FreeBSD's libc: + https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196 + + https://bugzilla.redhat.com/show_bug.cgi?id=985449 + + trust/test-utf8.c | 2 ++ + trust/utf8.c | 6 ++++++ + 2 files changed, 8 insertions(+) + +commit 3846526ee94f6b4bbc0ea07d9d3cb72ed9f92707 +Author: Daiki Ueno +Date: 2016-09-22 + + pkg-config: Expose p11_trust_paths variable + + The variable is mentioned in the manual but wasn't exposed from the + pkg-config. + + p11-kit/p11-kit-1.pc.in | 1 + + 1 file changed, 1 insertion(+) + +commit c32a16ce821cf37307e53139027c5939c0b1925b +Author: Daiki Ueno +Date: 2016-09-22 + + build: Remove *.in files from EXTRA_DIST + + The files created with AC_CONFIG_FILES are automatically added to the + distribution. + + p11-kit/Makefile.am | 2 -- + 1 file changed, 2 deletions(-) + +commit 4965a8b2f150ea6c8dadd7dd22aab718f2814591 +Author: Daiki Ueno +Date: 2016-10-21 + + build: Don't update po files on every make run + + Update po/Makevars to the latest template and take advantage of + PO_DEPENDS_ON_POT = no. + + po/Makevars | 37 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) + +commit de5f2e5c59a8811aaea0c19a4a8899e370413851 +Author: Daiki Ueno +Date: 2016-10-31 + + travis: Enable GCC sanitizers + + .travis.yml | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +commit 09f584cbef43cac2a071b54f0fc97dd318fe88ea +Author: Daiki Ueno +Date: 2016-10-31 + + travis: Disable silent rules + + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b6305c66bfb607f49c99f820e7123c753364e894 +Author: Daiki Ueno +Date: 2016-09-21 + + test: Remove /proxy/deinit-after-fork test + + This test hasn't been working since the removal of the pthread_atfork() + deinit code. To properly clean up, the child process needs to call + C_Initialize() and C_Finalize(), and it is already tested by + /proxy/initialize-child. + + p11-kit/test-proxy.c | 37 ------------------------------------- + 1 file changed, 37 deletions(-) + +commit bc6469c4fd576c698bab9c8b620de00d7ba1fe1a +Author: Daiki Ueno +Date: 2016-09-20 + + test: Fix memleak in test-token cleanup + + GCC's asan spotted this: + Direct leak of 338 byte(s) in 13 object(s) allocated from: + #0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20) + #1 0x445e8c in p11_path_build ../common/path.c:222 + #2 0x4385bd in expand_tempdir ../common/test.c:334 + #3 0x43869c in p11_test_directory ../common/test.c:361 + #4 0x4033e3 in setup_temp ../trust/test-token.c:79 + + trust/test-token.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit ecaf79c6a0b35e55b27f465c6d6628f165874b78 +Author: Daiki Ueno +Date: 2016-09-22 + + modules: Reset the init count on fork() + + Reset mod->init_count when forkid has changed. Otherwise C_Finalize + does not get called. + + GCC's asan spotted this: + Direct leak of 48 byte(s) in 1 object(s) allocated from: + #0 0x7f89bc7bfe20 in malloc (/lib64/libasan.so.3+0xc6e20) + #1 0x7f89bc47a1f1 in p11_dict_new ../common/dict.c:278 + #2 0x7f89bc42143d in managed_C_Initialize ../p11-kit/modules.c:1477 + #3 0x7f89bc464c72 in binding_C_Initialize ../p11-kit/virtual.c:121 + #4 0x7f89bc1b0a51 in ffi_closure_unix64_inner (/lib64/libffi.so.6+0x5a51) + #5 0x7f89bc1b0dbf in ffi_closure_unix64 (/lib64/libffi.so.6+0x5dbf) + #6 0x7f89bc44f9e8 in rpc_C_Initialize ../p11-kit/rpc-server.c:691 + + p11-kit/modules.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit ae0527969dbb2dea5bf97257c92a65b72ba71db5 +Author: Daiki Ueno +Date: 2016-09-21 + + modules: Fix memleak when loading remote module + + Make sure to call p11_virtual_uninit() on managed module. Otherwise the + associated lower_module will not be released. + + GCC's asan spotted this: + Direct leak of 56 byte(s) in 1 object(s) allocated from: + #0 0x7f6c5368dfe0 in calloc (/lib64/libasan.so.3+0xc6fe0) + #1 0x4436ba in p11_rpc_client_init ../p11-kit/rpc-client.c:2082 + #2 0x42c147 in p11_rpc_transport_new ../p11-kit/rpc-transport.c:850 + #3 0x415d95 in setup_module_for_remote_inlock ../p11-kit/modules.c:411 + + p11-kit/modules.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 7e94bcac88e16c22b8258bcdcb4b2165b198679a +Author: Daiki Ueno +Date: 2016-09-21 + + rpc: Fix memleak in rpc_socket cleanup + + GCC's asan spotted this: + Direct leak of 120 byte(s) in 1 object(s) allocated from: + #0 0x7f8d4f221fe0 in calloc (/lib64/libasan.so.3+0xc6fe0) + #1 0x427f55 in rpc_socket_new ../p11-kit/rpc-transport.c:100 + #2 0x42bc1b in rpc_exec_connect ../p11-kit/rpc-transport.c:767 + + p11-kit/rpc-transport.c | 1 + + 1 file changed, 1 insertion(+) + +commit 07cadc6fd3716f1b2a8265c40b59426847042967 +Author: Daiki Ueno +Date: 2016-09-23 + + uri: Port to PKCS#11 GNU calling convention + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/uri.h | 2 ++ + 1 file changed, 2 insertions(+) + +commit c30353ec1869024de672731236d9a4acd2f7dd28 +Author: Daiki Ueno +Date: 2016-09-20 + + uri: Fix buffer overflow in memcmp() + + The commit 63644dc introduced several memcmp() calls without checking + the length of the first argument. + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/uri.c | 57 ++++++++++++++++++++++++++++++++------------------------- + 1 file changed, 32 insertions(+), 25 deletions(-) + +commit dd514f46c880c508f69412850286d70ec8967758 +Author: Daiki Ueno +Date: 2016-10-06 + + travis: Enable build on the CI + + .travis.yml | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +commit a96f354c3068edb6c8ac80ae6d9a6611651145d7 +Author: Daiki Ueno +Date: 2016-09-19 + + rpc: Send x-init-reserved to remote module + + Signed-off-by: Stef Walter + * Fixed up indentation + + https://bugs.freedesktop.org/show_bug.cgi?id=80519 + + p11-kit/Makefile.am | 7 ++++- + p11-kit/mock-module-ep3.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/modules.c | 30 ++++++++++++--------- + p11-kit/rpc-client.c | 16 ++++++++++- + p11-kit/rpc-message.h | 2 +- + p11-kit/rpc-server.c | 13 +++++++++ + p11-kit/test-transport.c | 24 +++++++++++++++++ + 7 files changed, 144 insertions(+), 16 deletions(-) + +commit 2fe688e8bd360ce2f364bfb6ef80e07712c9bb86 +Author: Daiki Ueno +Date: 2016-09-20 + + test: Fix p11_virtual_init() usage + + p11_virtual_init() should take a CK_FUNCTION_LIST as the 3rd argument, + if the 2nd argument is &p11_virtual_base. + + https://bugs.freedesktop.org/show_bug.cgi?id=87192 + + p11-kit/test-virtual.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6923e8fb56692b20d24398d4746d2399490acdc1 +Author: Leonardo Brondani Schenkel +Date: 2016-10-03 + + Fix link of p11-kit-proxy.dylib on Mac OS X + + However, on Mac OS X the library is named libp11-kit.dylib so + in the above command the source of the link resolves to nothing, + the destination becomes the source and the link to a non-existent + file is created in the working directory. + + https://bugs.freedesktop.org/show_bug.cgi?id=98022 + + p11-kit/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit d74e29cf9733a405a0ea254a2d1edf236ae8735e +Author: Daiki Ueno +Date: 2016-08-12 + + test: Make test-module work --without-trust-module + + The test-module program currently depends on TRUST_PATHS, which is + determined by the configure script and normally points to a resource + outside of the build tree. To make the test system-independent, use + a crafted path for testing. + + https://bugs.freedesktop.org/show_bug.cgi?id=89027 + + trust/test-module.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 927c8e98f159607acf7fa8b0f5bcf9a4d0497742 +Author: Daiki Ueno +Date: 2016-08-10 + + iter: Utilize 'slot-id' URI path attribute + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/iter.c | 8 +++++- + p11-kit/test-iter.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 83 insertions(+), 1 deletion(-) + +commit e0c5d429df6ebe2cb88425edf42f65bfb33f0b77 +Author: Daiki Ueno +Date: 2016-08-10 + + iter: Utilize slot info URI path attributes + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/iter.c | 27 ++++++++++++++ + p11-kit/iter.h | 2 + + p11-kit/test-iter.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 134 insertions(+) + +commit 31fbc32c41518b93a7b9903d7840378bab55370c +Author: Daiki Ueno +Date: 2016-08-08 + + uri: Support 'slot-id' path attribute + + Accept 'slot-id' path attribute defined in RFC 7512. + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/test-uri.c | 47 ++++++++++++++++++++++++++++++++ + p11-kit/uri.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++--- + p11-kit/uri.h | 4 +++ + 3 files changed, 126 insertions(+), 3 deletions(-) + +commit 8577e4dc23349ae8d04708190de6d1ae469ab460 +Author: Daiki Ueno +Date: 2016-08-08 + + uri: Support slot info path attributes + + Accept 'slot-description' and 'slot-manifacturer' path attributes + defined in RFC 7512. + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/private.h | 3 ++ + p11-kit/test-uri.c | 70 +++++++++++++++++++++++++++++++++++++ + p11-kit/uri.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/uri.h | 6 ++++ + 4 files changed, 180 insertions(+) + +commit 63644dcb6ccf52508f41633945fce9c3a8e46d3d +Author: Daiki Ueno +Date: 2016-08-08 + + uri: Remove whitespace early when parsing + + For every path/query component, p11_kit_uri_parse() allocates a small + buffer to strip whitespace out. This patch removes any whitespace in + the URI at the entry of the function to simplify the code. + + Note that RFC 7512 actually suggests to ignore whitespace at the + extracting phase rather than the parsing phase. + + https://bugs.freedesktop.org/show_bug.cgi?id=97245 + + p11-kit/uri.c | 144 +++++++++++++++++++++++++++++++--------------------------- + 1 file changed, 78 insertions(+), 66 deletions(-) + +commit d8f90d300eb76e04dec2caba99f78e7f8a99b215 +Author: Daiki Ueno +Date: 2016-08-12 + + Fix leak when C_Initialize() is called from child + + The test case added for bug 90289 (commit c73edd00) revealed that some + of the C_Initialize() implementations do not consider the case where it + is called from the parent process and then from the child process, + without calling C_Finalize() in between. + + common/mock.c | 3 +++ + p11-kit/modules.c | 2 ++ + 2 files changed, 5 insertions(+) + +commit 8afd8d92771d279b38acc098c84027b2cf0dd168 +Author: Daiki Ueno +Date: 2016-08-18 + + configure: Remove redundant AM_GNU_GETTEXT + + There is the same line a few lines below. + + configure.ac | 1 - + 1 file changed, 1 deletion(-) + +commit 8c8c81942038e0068472dd9bab8d57c00b2acee4 +Author: Daiki Ueno +Date: 2016-08-12 + + Fix typos flagged by codespell + + p11-kit/fixtures/test-system-none.conf | 2 +- + p11-kit/iter.c | 8 ++++---- + p11-kit/modules.c | 4 ++-- + p11-kit/rpc-server.c | 2 +- + p11-kit/util.c | 2 +- + trust/builder.c | 2 +- + trust/p11-kit-trust.module | 2 +- + trust/parser.c | 2 +- + 8 files changed, 12 insertions(+), 12 deletions(-) + +commit fb73b3a908d8fa21b0e7f6461fc9e77c1e15f4b3 +Author: Stef Walter +Date: 2016-08-09 + + Fix typo in pkcs11.conf + + Pointed out by David Woodhouse + + doc/manual/pkcs11.conf.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit fedcaf873e4d08741407c7be1db8c2d73dcc1241 +Author: Stef Walter +Date: 2016-08-09 + + doc: Fix interpolation of p11-kit configuration paths in documentation + + Previously these were expanded based on the home directory of the + one building the documentation (me). + + doc/manual/Makefile.am | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +commit 77d0791d0d6baf6fcc7578e0d170d754850c4068 +Author: Andreas Metzler +Date: 2016-02-23 + + Doc: p11_kit_module_load accepts a filename arg. + + p11_kit_module_load() hands on the module_path argument to + load_module_from_file_inlock() which accepts relative paths, prepending + P11_MODULE_PATH. Update API documentation accordingly. + + https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html + + p11-kit/modules.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +commit 6c4ef3f492d88acca931174519b7aa1215cc1a18 +Author: Pankaj +Date: 2016-01-05 + + Avoiding redundant check + + https://bugs.freedesktop.org/show_bug.cgi?id=93587 + + p11-kit/modules.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +commit 5f6cc6c4c66050069d0db93006299cde44920559 +Author: Stef Walter +Date: 2015-12-07 + + Fix distcheck by removing some linguas that don't build + + po/LINGUAS | 2 -- + 1 file changed, 2 deletions(-) + +commit 8ccd99b26d5fb2e19ec45ce3dca28bf53b73c70d +Author: Stef Walter +Date: 2015-12-07 + + Bump version number + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit d0b59f5b155369dd2b933c359c1f81e6199e2c3f +Author: Gustavo Zacarias +Date: 2015-12-02 + + rpc-transport.c: include sys/select.h for fd_set + + fd_set and friends, according to POSIX.1-2001, needs sys/select.h, so + include it otherwise the build fails for uClibc: + + p11-kit/rpc-transport.c: In function ‘rpc_socket_read’: + p11-kit/rpc-transport.c:350:2: error: unknown type name ‘fd_set’ + p11-kit/rpc-transport.c:416:4: warning: implicit declaration of function + ‘FD_ZERO’ [-Wimplicit-function-declaration] + + Signed-off-by: Gustavo Zacarias + + https://bugs.freedesktop.org/show_bug.cgi?id=93211 + + p11-kit/rpc-transport.c | 1 + + 1 file changed, 1 insertion(+) + +commit 981f5358988a4c7044aeddd5bd783c28b2665410 +Author: Pankaj +Date: 2015-11-04 + + p11-kit: Fix redundant check for 'signature' is always 'true' + + https://bugs.freedesktop.org/show_bug.cgi?id=92807 + + common/mock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 957c6d8c610b71665573564f2299d9aca86d2483 +Author: Pankaj +Date: 2015-11-06 + + common: Fix warning about dereferencing NULL pointer + + https://bugs.freedesktop.org/show_bug.cgi?id=92842 + + common/mock.c | 1 + + 1 file changed, 1 insertion(+) + +commit 4e22ebfda7b51ec978eacf0c3653bb534de97fe3 +Author: Pankaj +Date: 2015-11-06 + + common: Fix in test-code for file descriptor validity check + + https://bugs.freedesktop.org/show_bug.cgi?id=92843 + + common/test-compat.c | 1 + + 1 file changed, 1 insertion(+) + +commit a512a01e4c2700a6454d024150aa222f64885d59 +Author: Stef Walter +Date: 2015-11-09 + + trust: Fix always false comparison of EAGAIN and EINTR + + https://bugs.freedesktop.org/show_bug.cgi?id=92864 + + trust/save.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6558c7174bc6778f13347fc1a356ed6773cef830 +Author: Pankaj +Date: 2015-10-21 + + p11-kit: Remove unused pointer + + https://bugs.freedesktop.org/show_bug.cgi?id=92532 + + p11-kit/modules.c | 2 -- + 1 file changed, 2 deletions(-) + +commit 478f1065fb6d92fbd4bdf8b0a513f32cf48af170 +Author: Stef Walter +Date: 2015-10-20 + + po: Update translations from transifex + + build/tx-update | 6 +- + po/ar.po | 4 +- + po/as.po | 4 +- + po/az.po | 6 +- + po/bg.po | 16 ++- + po/bn_IN.po | 4 +- + po/ca.po | 4 +- + po/ca@valencia.po | 4 +- + po/cs.po | 152 ++++++++++++------------ + po/cy.po | 4 +- + po/da.po | 4 +- + po/de.po | 30 ++--- + po/el.po | 179 ++++++++++++++-------------- + po/en_GB.po | 179 ++++++++++++++-------------- + po/eo.po | 18 ++- + po/es.po | 21 ++-- + po/es_CL.po | 342 ------------------------------------------------------ + po/et.po | 2 +- + po/eu.po | 16 ++- + po/fa.po | 16 ++- + po/fi.po | 25 ++-- + po/fo.po | 4 +- + po/fr.po | 179 ++++++++++++++-------------- + po/ga.po | 4 +- + po/gl.po | 30 +++-- + po/gu.po | 4 +- + po/he.po | 4 +- + po/hi.po | 4 +- + po/hr.po | 23 ++-- + po/hu.po | 21 ++-- + po/ia.po | 16 ++- + po/id.po | 19 ++- + po/it.po | 24 ++-- + po/it_IT.po | 342 ------------------------------------------------------ + po/ja.po | 19 ++- + po/ka.po | 21 ++-- + po/kk.po | 17 +-- + po/kn.po | 4 +- + po/ko.po | 23 ++-- + po/lt.po | 4 +- + po/lv.po | 24 ++-- + po/ml.po | 4 +- + po/mr.po | 4 +- + po/ms.po | 4 +- + po/nb.po | 4 +- + po/nl.po | 21 ++-- + po/nn.po | 4 +- + po/oc.po | 6 +- + po/or.po | 4 +- + po/pa.po | 18 ++- + po/pl.po | 22 ++-- + po/pt.po | 4 +- + po/pt_BR.po | 21 ++-- + po/ro.po | 4 +- + po/ru.po | 184 ++++++++++++++--------------- + po/sk.po | 180 ++++++++++++++-------------- + po/sl.po | 21 ++-- + po/sq.po | 16 ++- + po/sr.po | 24 ++-- + po/sr@latin.po | 4 +- + po/sv.po | 171 +++++++++++++-------------- + po/ta.po | 4 +- + po/te.po | 16 ++- + po/th.po | 4 +- + po/tr.po | 144 ++++++++++++----------- + po/uk.po | 21 ++-- + po/vi.po | 4 +- + po/wa.po | 4 +- + po/zh_CN.po | 179 ++++++++++++++-------------- + po/zh_HK.po | 16 ++- + po/zh_TW.po | 19 ++- + 71 files changed, 1097 insertions(+), 1856 deletions(-) + +commit 5e6336ba0393c9d69be843c432e4c4927caea245 +Author: Stef Walter +Date: 2015-10-20 + + Add estonian translation from Transifex + + po/LINGUAS | 1 + + po/et.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 343 insertions(+) + +commit 98dbc98709bb9a5fe1d6e7beea585c39073e528c +Author: Pankaj +Date: 2015-10-20 + + p11-kit: Fix warnings related to use dangling pointer + + https://bugs.freedesktop.org/show_bug.cgi?id=92551 + + p11-kit/modules.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +commit 29014eab3caf4f70fcd94c8198ca24992b1e5ec6 +Author: Stef Walter +Date: 2015-10-19 + + common: Remove compat timegm() implementation + + We no longer use timegm() + + common/compat.c | 31 ------------------------------- + configure.ac | 1 - + 2 files changed, 32 deletions(-) + +commit 3be562d4d386eddc79489715507d979135d4b74a +Author: Pankaj +Date: 2015-10-19 + + p11-kit: 'int' comparison with 'unsigned int' in for() for the array index + + https://bugs.freedesktop.org/show_bug.cgi?id=92443 + + common/array.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 2db405ff7781ec43b77bd2592c41eff22e2b362a +Author: Pankaj +Date: 2015-10-19 + + p11-kit: 'int' comparison with 'unsigned int' in for() for array index + + common/dict.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit c57c1d592c82da7f444cde440c5f32930542b43a +Author: Pankaj +Date: 2015-10-19 + + p11-kit: 'int' comparison with 'unsigned int' in for() for array index + + https://bugs.freedesktop.org/show_bug.cgi?id=92445 + + p11-kit/proxy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 4286fd792b869e27cc362a8de9334d4686aed539 +Author: Ludovic Rousseau +Date: 2015-10-19 + + manual: Fix typos in documentation + + https://bugs.freedesktop.org/show_bug.cgi?id=92520 + + doc/manual/p11-kit-sharing.xml | 4 ++-- + doc/manual/pkcs11.conf.xml | 8 ++++---- + 2 files changed, 6 insertions(+), 6 deletions(-) + +commit ee1d48020b24164b5547de2affd0f38dafab8949 +Author: Pankaj +Date: 2015-10-12 + + p11-kit: Fix expression 'call_id < 0' is always false + + https://bugs.freedesktop.org/show_bug.cgi?id=92434 + + p11-kit/rpc-message.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 3a005e75a4e1b63db8e19ea0e73479588ab345a6 +Author: Robert Milasan +Date: 2015-07-30 + + Fix trust command segfaults in expand_homedir() when no matching password record was found + + Hello, it looks like under some conditions, command trust segfaults in + expand_homedir() due to no matching password record was found: + + Signed-off-by: Robert Milasan + Signed-off-by: Stef Walter + * Updated path so message is printed and errno is not overwritten + + https://bugs.freedesktop.org/show_bug.cgi?id=91506 + + common/path.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +commit ac151af6e41242eb46689f326311195b5f7b65fc +Author: Lew Palm +Date: 2015-07-14 + + Fix build on Mingw due to missing EWOULDBLOCK + + https://bugs.freedesktop.org/show_bug.cgi?id=89081 + + p11-kit/rpc-transport.c | 3 +++ + 1 file changed, 3 insertions(+) + +commit 406803044f61fcbd491749a5530b39beed270dd2 +Author: Nikos Mavrogiannopoulos +Date: 2015-07-10 + + Added p11_kit_module_get_filename() + + That function allows to obtain the filename used by the PKCS #11 + module. That is the filename used by dlopen(). + + Note that we don't provide p11_kit_module_for_filename() because + it would have to deal with filename equivalences. + + Signed-off-by: Stef Walter + * Fixed up whitespace + + p11-kit/modules.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/p11-kit.h | 1 + + p11-kit/test-modules.c | 40 +++++++++++++++++++++++++++++++++++++++- + 3 files changed, 85 insertions(+), 1 deletion(-) + +commit cacaf8cd0b0a4f2cd61b61b012cd5cbf715fe38f +Author: Nikos Mavrogiannopoulos +Date: 2015-06-24 + + In proxy module don't call C_Finalize on a forked process. + + This corrects a deadlock on the forked process. The deadlock + happened because the proxy called C_Finalize prior to a C_Initialize + which is wrong according to PKCS #11 (2.40). This patch eliminates + the C_Finalize call in that case. + + This resolves #90289 + https://bugs.freedesktop.org/show_bug.cgi?id=90289 + + Reviewed-by: Stef Walter + + p11-kit/proxy.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +commit c73edd002462ca1185de1e9e72d9f68f01c93f32 +Author: David Woodhouse +Date: 2015-06-03 + + Add test case for bug 90289 (deadlock on C_Initialize() in child after fork) + + Reviewed-by: Stef Walter + + p11-kit/test-proxy.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 57 insertions(+) + +commit ec8a291efb87f1751a18c7e023a67232c15a4ef2 +Author: Nikos Mavrogiannopoulos +Date: 2015-06-24 + + Do not deinitialize libffi's wrapper functions + + Libffi uses shared memory to store them, and a deallocation + in a child will cause issues for the parent or vice versa. + + Signed-off-by: Stef Walter + * Use #if to comment out code, avoid compiler warnings + + p11-kit/virtual.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit c9095cb154cfd9937332b1a980316d10a9655d51 +Author: Nikos Mavrogiannopoulos +Date: 2015-06-23 + + Added test case for crash after a fork in proxy module + + Reviewed-by: Stef Walter + + p11-kit/test-proxy.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 45 insertions(+), 1 deletion(-) + +commit c562aff333bd73a3fe5c15d2969a4ea70300a426 +Author: Pankaj +Date: 2015-06-03 + + p11-kit: Missing unlock in function rpc_socket_read() + + https://bugs.freedesktop.org/show_bug.cgi?id=90827 + + p11-kit/rpc-transport.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 8768b4611d3268d6fca7fc214ce0a5c7ec7fc332 +Author: Pankaj +Date: 2015-06-01 + + trust: Fix double close() + + trust/save.c | 1 - + 1 file changed, 1 deletion(-) + +commit 6712b49861e3e59534c5e4b6d75146a01b939aff +Author: Stef Walter +Date: 2015-04-17 + + Fix some compiler warnings from GCC 5.x + + trust/test-persist.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit ec9e2450bafa1cda47525b38a28c8f981f43c1e1 +Author: Stef Walter +Date: 2015-02-20 + + Release version 0.23.1 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit e49fba71493408305b297df7eb4e64d882b778ee +Author: Nikos Mavrogiannopoulos +Date: 2014-12-23 + + Generate URIs compliant to the PKCS#11 URI draft in LC + + We continue to accept both the older style 'object-type' field + in addition to the new 'type' field. However we start generating + URIs in the new form. + + In other words we have backwards compatibility, but not forwards + compatibility. Given the fact that PKCS#11 URIs are now standardizing + this is an acceptable compromise. + + https://bugs.freedesktop.org/show_bug.cgi?id=86474 + + p11-kit/test-uri.c | 26 +++++++++++++------------- + p11-kit/uri.c | 2 +- + 2 files changed, 14 insertions(+), 14 deletions(-) + +commit 6fb74150b8c8f957e96fd423beeccd36cf04e1bc +Author: Nikos Mavrogiannopoulos +Date: 2014-12-23 + + Added test for pin-value + + https://bugs.freedesktop.org/show_bug.cgi?id=87582 + + Signed-off-by: Stef Walter + * Added test for bad encoded pin-value in uri + + p11-kit/test-uri.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 54 insertions(+) + +commit d1122aa7587c445b3d03f35258ea46038807bf69 +Author: Nikos Mavrogiannopoulos +Date: 2014-12-23 + + Added support for pin-value PKCS#11 URI element + + https://bugs.freedesktop.org/show_bug.cgi?id=87582 + + p11-kit/uri.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/uri.h | 5 +++++ + 2 files changed, 57 insertions(+) + +commit 890d69d7fde23ea15a082026a4d1c01aba805569 +Author: Stef Walter +Date: 2015-02-20 + + p11-kit: Remove duplicate WHITESPACE define + + p11-kit/uri.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +commit a6df1f21e42a3b57448eb6897b976ac8883908eb +Author: Adam Williamson +Date: 2015-01-13 + + trust: Add pem-directory-hash extract format + + This allows extraction of a directory of standard PEM files + with the OpenSSL hash symlinks; this is a format used by + some popular platforms (Debian's /etc/ssl/certs is in this + form, and OpenSUSE provides it for compatibility). + + Initially by: Ludwig Nussel + + Signed-off-by: Stef Walter + * Added header, fixed compiler warnings + + doc/manual/trust.xml | 6 +++- + trust/extract-openssl.c | 76 ++++++++++++++++++++++++++----------------------- + trust/extract-pem.c | 49 +++++++++++++++++++++++++------ + trust/extract.c | 17 ++++++----- + trust/extract.h | 8 ++++++ + trust/test-bundle.c | 35 +++++++++++++++++++++++ + 6 files changed, 139 insertions(+), 52 deletions(-) + +commit b65e3148a8ea2d54b17a8be617bbdcb026c49fcd +Author: Stef Walter +Date: 2014-11-14 + + uri: Accept 'type' in additon to 'object-type' in PKCS#11 URIs + + This was a later change to the PKCS#11 specification drafts + + p11-kit/test-uri.c | 27 +++++++++++++++++++++++++++ + p11-kit/uri.c | 5 +++-- + 2 files changed, 30 insertions(+), 2 deletions(-) + +commit 7c2270eaaaf0e60e204cb81dd017bc89394f4f59 +Author: Michael Cronenworth +Date: 2014-11-11 + + compat: Add definition for setenv for Win32 + + Signed-off-by: Michael Cronenworth + + common/compat.h | 4 ++++ + configure.ac | 1 + + 2 files changed, 5 insertions(+) + +commit bfb3bd47aa48983f5349479bca598403097ff81c +Author: Stef Walter +Date: 2014-10-09 + + Release version 0.22.1 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 03d280df9a73aca5cb6eabbcb97ef3ca4e1ae0e5 +Author: Stef Walter +Date: 2014-10-09 + + trust: Certificate CKA_ID is SubjectKeyIdentifier if possible + + The PKCS#11 spec states that the CKA_ID should match the + SubjectKeyIdentifier if such an extension is present. + + We delay the filling of CKA_ID until the builder phase of populating + attributes which allows us to have more control over how this works. + + Note that we don't make CKA_ID reflect SubjectKeyIdentifier *attached* + extensions. The CKA_ID isn't supposed to change after object creation. + Making it dependent on attached extensions would be making promises + we cannot keep, since attached extensions can be added/removed at any + time. + + This also means the CKA_ID of attached extensions and certificates + won't necessarily match up, but that was never promised, and not how + attached extensions should be matched to their certificate anyway. + + Based on a patch and research done by David Woodhouse. + + https://bugs.freedesktop.org/show_bug.cgi?id=84761 + + trust/builder.c | 55 ++++++++++++++++++++++++++++++++++++++++++---------- + trust/parser.c | 37 ++++++++++------------------------- + trust/test-builder.c | 2 +- + trust/test-parser.c | 2 -- + trust/test-trust.c | 2 ++ + trust/x509.c | 32 +++++++++++++++++++++++++----- + trust/x509.h | 7 ++++++- + 7 files changed, 91 insertions(+), 46 deletions(-) + +commit b3579cb54bd5cd16e9740404408b2505b4b1e26b +Author: Stef Walter +Date: 2014-09-12 + + trust: Allow 'BEGIN PUBLIC KEY' PEM blocks in .p11-kit files + + These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object + being read/written. + + https://bugs.freedesktop.org/show_bug.cgi?id=83799 + + doc/internal/persist-format.txt | 13 +++++++++---- + trust/persist.c | 24 ++++++++++++++++++++++++ + trust/test-persist.c | 27 +++++++++++++++++++++++++++ + trust/test-trust.h | 22 ++++++++++++++++++++++ + 4 files changed, 82 insertions(+), 4 deletions(-) + +commit c1dd399d265f20bd3df4dc76dcf735aba1ffa515 +Author: Roman Bogorodskiy +Date: 2014-10-06 + + trust: add missing libtasn1 cflags + + Add a number of missing LIBTASN1_CFLAGS where it's required + + trust/Makefile.am | 39 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +commit af8fba2fa90c6d9b98750f7e33c3b0df9f698cfc +Author: Stef Walter +Date: 2014-10-06 + + Bump libtool versioning for added APIs + + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit ab778cc54c8671ba79cf4baca7be2608c7cce886 +Author: Antoine Jacoutot +Date: 2014-10-05 + + Unbreak build on OpenBSD + + Add missing header for strdup(3). + When EPROTO is not available, fallback to EIO. + + https://bugs.freedesktop.org/show_bug.cgi?id=84665 + + p11-kit/rpc-transport.c | 5 +++++ + 1 file changed, 5 insertions(+) + +commit 80e4f6a6e04582fe11c98e6133e3e306e5556d8d +Author: Michael Cronenworth +Date: 2014-10-04 + + makefile: Rename DATADIR to not conflict with Win32 define + + Signed-off-by: Michael Cronenworth + + Makefile.am | 2 +- + trust/module.c | 2 +- + trust/test-module.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +commit b785f39384af08c35b08ab74671443234260cccc +Author: Stef Walter +Date: 2014-10-02 + + Release version 0.22.0 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 16e25b2890927108ec15297aabb1d86a49792741 +Author: Stef Walter +Date: 2014-10-03 + + p11-kit: Use pthread_atfork() in a safe manner + + Instead of trying to perform actions in pthread_atfork() which + are not async-signal-safe, just increment a counter so we can + later tell if the process has forked. + + Note this does not make it safe to mix threads and forking without + immediately execing. This is a far broader problem that p11-kit, + however we now do the right thing when fork+exec is used from a + thread. + + https://bugs.freedesktop.org/show_bug.cgi?id=84567 + + common/library.c | 11 ++++++++++ + common/library.h | 2 ++ + common/mock.c | 1 + + p11-kit/modules.c | 55 ++++++++++------------------------------------ + p11-kit/proxy.c | 62 ++++++++++++++++------------------------------------ + p11-kit/proxy.h | 2 -- + p11-kit/rpc-client.c | 20 ++++++++--------- + p11-kit/test-proxy.c | 2 +- + p11-kit/test-rpc.c | 25 +++++++-------------- + 9 files changed, 63 insertions(+), 117 deletions(-) + +commit a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908 +Author: Stef Walter +Date: 2014-10-01 + + remote: Run separate executable binary for 'p11-kit remote' + + This allows security frameworks like SELinux or AppArmor to target + it specifically. + + Makefile.am | 1 + + p11-kit/Makefile.am | 13 ++++- + p11-kit/p11-kit.c | 69 +------------------------- + p11-kit/remote.c | 137 ++++++++++++++++++--------------------------------- + p11-kit/rpc-server.c | 101 +++++++++++++++++++++++++++++++++++++ + 5 files changed, 164 insertions(+), 157 deletions(-) + +commit 76f230ced6e9ca2a598988bc00b7b971208e8f64 +Author: Stef Walter +Date: 2014-10-02 + + p11-kit: P11_KIT_PRIVATEDIR env var overrides private binary dir + + External binaries are searched for in $(libdir)/p11-kit. The + P11_KIT_PRIVATEDIR can be used to override that, for example during + 'make check' + + p11-kit/p11-kit.c | 7 ++++++- + p11-kit/test-transport.c | 1 + + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 960cb9a7db1950ad1414f70b0e3ec240542601ac +Author: Stef Walter +Date: 2014-10-02 + + common: Use secure_getenv() implementation when setuid + + In anything security sensitive, use secure_getenv() implementation + for retrieving environment variables. + + common/Makefile.am | 8 ++++++- + common/compat.c | 8 +++++++ + common/compat.h | 2 ++ + common/debug.c | 3 ++- + common/frob-getenv.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/test-compat.c | 27 ++++++++++++++++++++++ + common/test.c | 2 +- + configure.ac | 2 +- + 8 files changed, 113 insertions(+), 4 deletions(-) + +commit c9474683dd3db5ad87227dd3c3734ab31bfc01e9 +Author: Stef Walter +Date: 2014-10-02 + + common: In tests preserve parent environment for children + + common/test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit d3505c2b556b859e1a14062579fd67ec2ab25435 +Author: Stef Walter +Date: 2014-10-01 + + p11-kit: Remove the 'isolated' option for now + + This option was not completed in time, and as implemented suffers + from limitations that the module is not really completely isolated + as it still runs under the same user id as the calling process. + + doc/manual/p11-kit-sharing.xml | 5 +++-- + doc/manual/pkcs11.conf.xml | 11 ++--------- + p11-kit/modules.c | 13 ------------- + 3 files changed, 5 insertions(+), 24 deletions(-) + +commit c41e0e1d9a4a9a4533bc6f370e5eebe1d6b9752c +Author: Michael Cronenworth +Date: 2014-09-12 + + common: Move unistd include to define getopt and friends + + Needed to fix MinGW builds. + + Signed-off-by: Michael Cronenworth + + common/test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit eeca6f88e1c59543b09df3f9a45224e32d531ef7 +Author: Stef Walter +Date: 2014-09-17 + + Release version 2.21.3 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +commit 800f310dd3f2fcbf3852a42c67b5dd37e4ef4415 +Author: Stef Walter +Date: 2014-09-10 + + trust: Use term 'attached extensions' instead of 'stapled' + + The term 'stapled extensions' is confusing because it overloads + terminology used with OSCP stapling. + + Suggested by Daniel Kahn Gillmor. + + trust/builder.c | 4 ++-- + trust/enumerate.c | 48 ++++++++++++++++++++++++------------------------ + trust/enumerate.h | 2 +- + trust/extract-openssl.c | 8 ++++---- + trust/parser.c | 46 +++++++++++++++++++++++----------------------- + trust/test-builder.c | 30 +++++++++++++++--------------- + trust/test-enumerate.c | 2 +- + trust/test-parser.c | 4 ++-- + 8 files changed, 72 insertions(+), 72 deletions(-) + +commit eccbcc298f59eb9518b07baf840930cec54c7655 +Author: Stef Walter +Date: 2014-09-04 + + common: New public pkcs11x.h header containing extensions + + Move our internal stuff to pkcs11i.h, and install the pkcs11x.h + header containing extensions. + + https://bugs.freedesktop.org/show_bug.cgi?id=83495 + + common/Makefile.am | 3 +- + common/attrs.c | 1 + + common/constants.c | 1 + + common/mock.h | 2 +- + common/pkcs11i.h | 505 +++++++++++++++++++++++++++++++++++++++++++++++++ + common/pkcs11x.h | 458 +------------------------------------------- + doc/manual/Makefile.am | 1 + + p11-kit/virtual.h | 2 +- + trust/builder.c | 1 + + trust/persist.c | 1 + + trust/test-builder.c | 1 + + trust/test-persist.c | 1 + + 12 files changed, 520 insertions(+), 457 deletions(-) + +commit b1cd802e4241aa81c12ba4ecccdb17404799ff03 +Author: Stef Walter +Date: 2014-09-04 + + common: Change the CKA_X_PUBLIC_KEY_INFO constant to CKA_PUBLIC_KEY_INFO + + CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that + rather than defining our own. + + * Fixed up by Nikos Mavrogiannopoulos + + https://bugs.freedesktop.org/show_bug.cgi?id=83495 + + common/attrs.c | 2 +- + common/constants.c | 2 +- + common/pkcs11x.h | 6 +++++- + trust/builder.c | 14 +++++++------- + trust/enumerate.c | 16 ++++++++-------- + trust/list.c | 2 +- + trust/parser.c | 2 +- + trust/test-builder.c | 28 ++++++++++++++-------------- + trust/test-enumerate.c | 8 ++++---- + trust/test-openssl.c | 12 ++++++------ + trust/test-parser.c | 8 ++++---- + 11 files changed, 52 insertions(+), 48 deletions(-) + +commit 9ba2165ef75c63960ce95c9b1b085a0a630cfb14 +Author: Stef Walter +Date: 2014-09-04 + + common: Add support for multiple field names (ie: nicks) per constant + + This allows us to have old/new names for a given constant. + + https://bugs.freedesktop.org/show_bug.cgi?id=83495 + + common/constants.c | 31 ++++++++++++++++--------------- + common/constants.h | 2 +- + common/test-constants.c | 10 +++++----- + 3 files changed, 22 insertions(+), 21 deletions(-) + +commit 1ede9a957c5a4f2c44b6bc88ba380a41c145a81b +Author: Michael Cronenworth +Date: 2014-09-09 + + p11-kit: Fix tests when building with MinGW + + Signed-off-by: Michael Cronenworth + + p11-kit/test-managed.c | 9 +++++++++ + p11-kit/test-rpc.c | 9 +++++++++ + p11-kit/test-transport.c | 12 ++++++++++++ + 3 files changed, 30 insertions(+) + +commit 086c08ceef86825b7b738c2da016915e91896a20 +Author: Michael Cronenworth +Date: 2014-08-17 + + trust: Fix token test when building with MinGW + + Signed-off-by: Michael Cronenworth + + trust/test-token.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 92ad58dec9a170a128734ea99e532e8a6a7d5499 +Author: Roman Bogorodskiy +Date: 2014-09-09 + + configure: Check for pthread_create() in pthread library + + Check for pthread_create() in pthread library instaed of + pthread_mutexattr_init(). This fixes a linking error on FreeBSD. + + https://bugs.freedesktop.org/show_bug.cgi?id=75674 + + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit 4dd71231c7b425c44ca231c6c7b1df97545d1501 +Author: Stef Walter +Date: 2014-09-09 + + p11-kit: Compilation fixes for previous commit + + Pushed the wrong version + + p11-kit/proxy.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +commit 50e4702e6c94aeb3c9096661a78f59db96c86226 +Author: Stef Walter +Date: 2014-09-09 + + p11-kit: Make proxy module respect critical = no + + The p11-kit-proxy.so module would not respect the critical = no setting + in module configuration, and fail if any module failed to initialize. + + https://bugs.freedesktop.org/show_bug.cgi?id=83651 + + p11-kit/proxy.c | 84 ++++++++++++++++++++++++++++++++------------------------- + 1 file changed, 47 insertions(+), 37 deletions(-) + +commit aff7ac7ef469f96a55063ba423af66fca17c29c7 +Author: Roman Bogorodskiy +Date: 2014-08-18 + + Fix build without debug + + When building without debug build fails with: + + CCLD p11-kit/p11-kit + ./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS' + cc: error: linker command failed with exit code 1 (use -v to see + invocation) + gmake[2]: *** [p11-kit/p11-kit] Error 1 + + This happens because P11_RPC_CHECK_CALLS is not defined when + debugging is enabled, so provide a noop macro for that case. + + p11-kit/rpc-message.h | 2 ++ + 1 file changed, 2 insertions(+) + +commit c3fc7b49890bef7c28c1315476c6270d8ed1a492 +Author: Stef Walter +Date: 2014-09-05 + + trust: Show public-key-info in 'trust list --details' + + Since the public-key-info is an important part of the way we + represent trust, show it in 'trust list' if --details is present. + + trust/list.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +commit d715fe5312f7b7c1b881cc49847cc15347e286fc +Author: Stef Walter +Date: 2014-09-05 + + Release version 0.21.2 + + NEWS | 10 ++++++++++ + configure.ac | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +commit dc55d9d5fc5d904f0bc3c06ba3caf64483b18fa9 +Author: Stef Walter +Date: 2014-09-05 + + trust: Produce a proper message for an invalid stapled extension + + Previously we would output a line like this: + + p11-kit: 'node != NULL' not true at lookup_extension + + trust/builder.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +commit 677dee1a04058aefe8c7689f88da52afe3b4b4bb +Author: Stef Walter +Date: 2014-08-15 + + Move to non-recursive Makefile for building bins and libs + + Still use recursive for documentation and translation. + + Makefile.am | 66 +++-- + build/Makefile.decl | 16 -- + build/Makefile.tests | 21 -- + build/certs/Makefile | 38 +-- + common/Makefile.am | 113 ++++++--- + common/{tests => }/frob-getauxval.c | 0 + common/{tests => }/test-array.c | 0 + common/{tests => }/test-attrs.c | 0 + common/{tests => }/test-buffer.c | 0 + common/{tests => }/test-compat.c | 0 + common/{tests => }/test-constants.c | 0 + common/{tests => }/test-dict.c | 0 + common/{tests => }/test-hash.c | 0 + common/{tests => }/test-lexer.c | 0 + common/{tests => }/test-message.c | 0 + common/{tests => }/test-path.c | 0 + common/{tests => }/test-tests.c | 0 + common/{tests => }/test-url.c | 0 + common/tests/Makefile.am | 39 --- + configure.ac | 8 +- + doc/manual/Makefile.am | 8 +- + p11-kit/Makefile.am | 244 ++++++++++++------ + .../files => fixtures}/package-modules/four.module | 0 + .../package-modules/win32/four.module | 0 + .../files => fixtures}/system-modules/one.module | 0 + .../system-modules/two-duplicate.module | 0 + .../files => fixtures}/system-modules/two.badname | 0 + .../system-modules/win32/one.module | 0 + .../system-modules/win32/two-duplicate.module | 0 + .../system-modules/win32/two.badname | 0 + .../{tests/files => fixtures}/system-pkcs11.conf | 0 + p11-kit/{tests/files => fixtures}/test-1.conf | 0 + p11-kit/{tests/files => fixtures}/test-pinfile | 0 + .../{tests/files => fixtures}/test-pinfile-large | 0 + .../files => fixtures}/test-system-invalid.conf | 0 + .../files => fixtures}/test-system-merge.conf | 0 + .../files => fixtures}/test-system-none.conf | 0 + .../files => fixtures}/test-system-only.conf | 0 + .../files => fixtures}/test-user-invalid.conf | 0 + .../{tests/files => fixtures}/test-user-only.conf | 0 + p11-kit/{tests/files => fixtures}/test-user.conf | 0 + .../files => fixtures}/user-modules/one.module | 0 + .../files => fixtures}/user-modules/three.module | 0 + .../user-modules/win32/one.module | 0 + .../user-modules/win32/three.module | 0 + p11-kit/{tests => }/frob-setuid.c | 0 + p11-kit/{tests => }/mock-module-ep.c | 0 + p11-kit/{tests => }/mock-module-ep2.c | 0 + p11-kit/{tests => }/print-messages.c | 0 + p11-kit/{tests => }/test-conf.c | 54 ++-- + p11-kit/{tests => }/test-deprecated.c | 0 + p11-kit/{tests => }/test-init.c | 0 + p11-kit/{tests => }/test-iter.c | 0 + p11-kit/{tests => }/test-log.c | 0 + p11-kit/{tests => }/test-managed.c | 0 + p11-kit/{tests => }/test-mock.c | 0 + p11-kit/{tests => }/test-modules.c | 0 + p11-kit/{tests => }/test-pin.c | 6 +- + p11-kit/{tests => }/test-progname.c | 0 + p11-kit/{tests => }/test-proxy.c | 0 + p11-kit/{tests => }/test-rpc.c | 0 + p11-kit/{tests => }/test-transport.c | 2 +- + p11-kit/{tests => }/test-uri.c | 0 + p11-kit/{tests => }/test-util.c | 0 + p11-kit/{tests => }/test-virtual.c | 0 + p11-kit/tests/Makefile.am | 91 ------- + trust/Makefile.am | 273 +++++++++++++++------ + trust/anchor.c | 5 +- + trust/enumerate.h | 5 +- + trust/extract.c | 5 +- + trust/{tests/files => fixtures}/cacert-ca.der | Bin + .../files => fixtures}/cacert3-distrust-all.pem | 0 + .../files => fixtures}/cacert3-distrusted-all.pem | 0 + .../files => fixtures}/cacert3-not-trusted.pem | 0 + .../files => fixtures}/cacert3-trusted-alias.pem | 0 + .../files => fixtures}/cacert3-trusted-keyid.pem | 0 + .../cacert3-trusted-server-alias.pem | 0 + .../{tests/files => fixtures}/cacert3-trusted.pem | 0 + trust/{tests/files => fixtures}/cacert3-twice.pem | 0 + trust/{tests/files => fixtures}/cacert3.der | Bin + trust/{tests/files => fixtures}/cacert3.pem | 0 + trust/{tests/files => fixtures}/distrusted.pem | 0 + trust/{tests/files => fixtures}/empty-file | 0 + trust/{tests/files => fixtures}/multiple.pem | 0 + .../files => fixtures}/openssl-trust-no-trust.pem | 0 + trust/{tests/files => fixtures}/redhat-ca.der | Bin + .../files => fixtures}/self-signed-with-eku.der | Bin + .../files => fixtures}/self-signed-with-ku.der | Bin + trust/{tests/files => fixtures}/simple-string | 0 + trust/{tests/files => fixtures}/testing-server.der | Bin + trust/{tests/files => fixtures}/thawte.pem | 0 + .../files => fixtures}/unrecognized-file.txt | 0 + trust/{tests/files => fixtures}/verisign-v1.der | Bin + trust/{tests/files => fixtures}/verisign-v1.pem | 0 + trust/{tests => }/frob-bc.c | 0 + trust/{tests => }/frob-cert.c | 0 + trust/{tests => }/frob-eku.c | 0 + trust/{tests => }/frob-ext.c | 0 + trust/{tests => }/frob-ku.c | 0 + trust/{tests => }/frob-multi-init.c | 0 + trust/{tests => }/frob-nss-trust.c | 0 + trust/{tests => }/frob-oid.c | 0 + trust/{tests => }/frob-pow.c | 0 + trust/{tests => }/frob-token.c | 0 + trust/{tests => }/input/anchors/cacert3.der | Bin + trust/{tests => }/input/anchors/testing-ca.der | Bin + trust/{tests => }/input/blacklist/self-server.der | Bin + trust/{tests => }/input/cacert-ca.der | Bin + trust/{tests => }/input/distrusted.pem | 0 + trust/{tests => }/input/verisign-v1.p11-kit | 0 + trust/list.c | 5 +- + trust/{tests => }/test-asn1.c | 0 + trust/{tests => }/test-base64.c | 0 + trust/{tests => }/test-builder.c | 0 + trust/{tests => }/test-bundle.c | 12 +- + trust/{tests => }/test-cer.c | 12 +- + trust/{tests => }/test-digest.c | 0 + trust/{tests => }/test-enumerate.c | 2 + + trust/{tests => }/test-extract.in | 0 + trust/{tests => }/test-index.c | 0 + trust/{tests => }/test-module.c | 16 +- + trust/{tests => }/test-oid.c | 0 + trust/{tests => }/test-openssl.c | 20 +- + trust/{tests => }/test-parser.c | 20 +- + trust/{tests => }/test-pem.c | 0 + trust/{tests => }/test-persist.c | 0 + trust/{tests => }/test-save.c | 14 +- + trust/{tests => }/test-token.c | 4 +- + trust/{tests => }/test-trust.c | 0 + trust/{tests => }/test-trust.h | 0 + trust/{tests => }/test-utf8.c | 0 + trust/{tests => }/test-x509.c | 0 + trust/tests/Makefile.am | 122 --------- + 133 files changed, 632 insertions(+), 589 deletions(-) + +commit 2a35a67923c26cd38839197aee51c274e5c2550e +Author: Stef Walter +Date: 2014-08-15 + + common: Fix regression introduced by last commit + + The last commit caused dirfd() to become undefined. + + https://bugs.freedesktop.org/show_bug.cgi?id=82617 + + common/compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bf8dfa9f33c1aa8d76f8d1ae6cf79afb90497cd4 +Author: Baruch Siach +Date: 2014-05-05 + + Fix build against older pthreads implementations + + Older pthreads implementations like glibc NPTL prior to version 2.12, and + uClibc linuxthreads (both), need _XOPEN_SOURCE to expose + pthread_mutexattr_settype() and THREAD_MUTEX_DEFAULT. The value 600 (SuSv3, + POSIX.1-2001) is equivalent to _POSIX_C_SOURCE 200112L. + + Fixes the following build error: + + CC compat.lo + compat.c: In function 'p11_mutex_init': + compat.c:164:2: warning: implicit declaration of function 'pthread_mutexattr_settype' [-Wimplicit-function-declaration] + compat.c:164:2: warning: nested extern declaration of 'pthread_mutexattr_settype' [-Wnested-externs] + compat.c:164:36: error: 'PTHREAD_MUTEX_DEFAULT' undeclared (first use in this function) + + https://bugs.freedesktop.org/show_bug.cgi?id=82617 + + common/compat.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit ea10b26125eff14d5b138ceb0e55994bd38f7381 +Author: Stef Walter +Date: 2014-08-14 + + Fix 'make upload-release' target + + Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 6333aedd27b1a9cb81ac2d0556c1a97f726bdb33 +Author: Stef Walter +Date: 2014-08-11 + + doc: Fix missing tag in p11-kit-sharing.xml + + doc/manual/p11-kit-sharing.xml | 1 + + 1 file changed, 1 insertion(+) + +commit ea39cf40a881fd28f86e2625dff80fde58f2e08a +Author: Stef Walter +Date: 2014-08-11 + + p11-kit: Fix various noise/issues highlighted by clang + + p11-kit/modules.c | 1 - + p11-kit/remote.c | 3 +-- + p11-kit/rpc-client.c | 4 ++-- + p11-kit/rpc-server.c | 18 ++++++++++-------- + 4 files changed, 13 insertions(+), 13 deletions(-) + +commit a7b012fcfa4fd0c1c53de3006a63a8bad4a08041 +Author: Stef Walter +Date: 2014-08-08 + + Ignore clang scanner litter + + .gitignore | 1 + + 1 file changed, 1 insertion(+) + +commit c62ce78b8ae6961c9d1dda092781b6988488a135 +Author: Stef Walter +Date: 2014-08-08 + + trust: Don't use invalid public keys for looking up stapled extensions + + https://bugs.freedesktop.org/show_bug.cgi?id=82328 + + trust/builder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 1576ac9495333d0f285e0ab69f444d3ae0630859 +Author: Stef Walter +Date: 2014-08-08 + + trust: Print label of certificate when complaining about basic constraints + + https://bugs.freedesktop.org/show_bug.cgi?id=82328 + + trust/builder.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +commit d9df354fffbbfa42aac796235cf446c63ad2eef8 +Author: Stef Walter +Date: 2014-08-08 + + trust: Double check that index bucket is valid before access + + trust/index.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 3748527ed4deb980a2aa0a74893ccb4384951015 +Author: Stef Walter +Date: 2014-08-08 + + p11-kit: Remove use after free in debug output code path + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit f1d563400c9747d6c470cba7abfa9a31d92349d3 +Author: Stef Walter +Date: 2014-08-08 + + Quiten down scanner warnings about unused variables + + p11-kit/lists.c | 5 +---- + trust/list.c | 5 +---- + 2 files changed, 2 insertions(+), 8 deletions(-) + +commit 26b3e98f7934bd47ab3d387124135f254bd6f8ba +Author: Stef Walter +Date: 2014-08-08 + + common: Quiet down clang scanner with assertions + + Quieten down the clang scanner by telling it to expect + that our test assertions fail + + common/test.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 9cd9153a4d4cf78011d2a8f8c7a69aa8f3eda9f3 +Author: Stef Walter +Date: 2014-08-08 + + Fix mostly erroneous scanner warnings in tests + + common/tests/test-array.c | 1 + + common/tests/test-dict.c | 3 +++ + common/tests/test-tests.c | 2 ++ + p11-kit/tests/test-deprecated.c | 6 +++++- + p11-kit/tests/test-uri.c | 3 +++ + trust/tests/frob-bc.c | 1 + + trust/tests/frob-eku.c | 1 + + trust/tests/frob-ext.c | 1 + + trust/tests/frob-ku.c | 2 ++ + trust/tests/frob-oid.c | 2 ++ + trust/tests/test-token.c | 2 +- + 11 files changed, 22 insertions(+), 2 deletions(-) + +commit eb9d1fcc8e0adc38ff494af619db37013ff17cb9 +Author: Stef Walter +Date: 2014-08-08 + + trust: Fix leak in token loading error path + + trust/token.c | 1 + + 1 file changed, 1 insertion(+) + +commit 4750c617829b666dd1acb2a12ca61419fa12bc26 +Author: Stef Walter +Date: 2014-08-08 + + trust: Fix unlikely use of uninitialized memory in token loading + + trust/token.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit a35cc9be7a34e4fd012b0fa25a7091acf044a038 +Author: Stef Walter +Date: 2014-08-08 + + trust: Fix leak in trust list command + + trust/list.c | 1 + + 1 file changed, 1 insertion(+) + +commit cdf540cefd7e106bc4607584dfa153d847f1a2a9 +Author: Stef Walter +Date: 2014-08-08 + + trust: Fix use after free and double free in extract command + + trust/extract.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +commit 29325102bb93239313f4b2928f18a589731bd125 +Author: Stef Walter +Date: 2014-08-08 + + trust: Remove dead while condition in anchor commond + + trust/anchor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 2663c834561207b947f6a8e98a7661644b6c9630 +Author: Stef Walter +Date: 2014-08-08 + + p11-kit: Fix integer overflow in memset() argument + + p11-kit/virtual.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit f8c7ed390672d0749aaf0bbbad2c2af7145ebc01 +Author: Stef Walter +Date: 2014-08-08 + + p11-kit: Fix bad check of asprintf() return value + + p11-kit/p11-kit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 3a21a0bc541348803f7da01ef6c5b4baf6bc221a +Author: Stef Walter +Date: 2014-08-08 + + configure.ac: Add subdir-objects to satisfy newer automakes + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 92523973caae8b195c4d39b6cf872ea09d72d497 +Author: Stef Walter +Date: 2014-08-08 + + trust: Fix use of invalid memory in PEM parser + + trust/pem.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +commit c22e37091278ffb339c692f5c994c3393b12a254 +Author: Stef Walter +Date: 2014-08-08 + + trust: Parse TRUSTED CERTIFICATE openssl format even without CertAux + + openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the + additional CertAux (ie: trust fields) information. It simply leaves + that block out. This happens with a command like: + + $ openssl x509 -in my-cert.pem -out output -trustout + + trust/parser.c | 32 ++++---- + trust/tests/files/openssl-trust-no-trust.pem | 27 +++++++ + trust/tests/test-parser.c | 105 +++++++++++++++++++++++++++ + 3 files changed, 151 insertions(+), 13 deletions(-) + +commit 2e503dccd889a3f83951830fda18c9357377693d +Author: Stef Walter +Date: 2014-08-08 + + common: Allow specifying which tests to run on command line + + This modifies our common unit test code so we can specify full + test paths on the command line, and restrict the run tests to + the ones specified. Order is not respected at this time. + + common/test.c | 34 +++++++++++++++++++++++++++++++++- + 1 file changed, 33 insertions(+), 1 deletion(-) + +commit 6a8843b3c5f6d44eb280a54653388a3de316f638 +Author: Stef Walter +Date: 2014-08-07 + + Release version 0.21.1 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 3cbe204722e2d5dfa8e8756e0b57b44c67fdd2c4 +Author: Stef Walter +Date: 2014-08-07 + + po: Add new translations: oc + + Makefile.am | 2 +- + po/LINGUAS | 1 + + po/oc.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 344 insertions(+), 1 deletion(-) + +commit 4f2cc97a95733e9ea8f85510b0f1e5c99053ae5e +Author: Stef Walter +Date: 2014-08-07 + + common: Don't do repeated linear reallocation of array memory + + Some mallocs (notably on Windows) have really poor behavior when + called repeatedly with a linearly growing buffer. + + https://bugzilla.redhat.com/show_bug.cgi?id=985419 + + common/array.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +commit 08a017dbae88f6e57eee387b5984d0494e62d976 +Author: Stef Walter +Date: 2014-08-07 + + p11-kit: Tweak last commit, handle the not-forked case + + When we hadn't forked, but were just not initialized, still return + CKR_CRYPTOKI_NOT_INITIALIZED from managed modules. + + p11-kit/modules.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +commit c61187f879395bb334edba39ee6dfb91f1a9e59b +Author: Stef Walter +Date: 2014-08-07 + + p11-kit: Don't complain about C_Finalize called in wrong process + + When C_Finalize is called in the wrong process, it's often because + of a caller unaware of forking. This is a painful area of PKCS#11, + but at least for C_Finalize, lets not complain loudly about it. + + p11-kit/modules.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +commit 8e132ab21378fb5fa1f44afb38c23f44b1277f7d +Author: Stef Walter +Date: 2014-06-24 + + p11-kit: Add a new 'isolate' pkcs11 config option + + This sets 'remote' appropriately to run the module in a separate + process. + + https://bugs.freedesktop.org/show_bug.cgi?id=80472 + + doc/manual/p11-kit-sharing.xml | 4 ++++ + doc/manual/pkcs11.conf.xml | 8 ++++++++ + p11-kit/modules.c | 44 ++++++++++++++++++++++++++++++------------ + 3 files changed, 44 insertions(+), 12 deletions(-) + +commit 17ea60eaf9d1b4eab9546d6dfc7e7afe83779f91 +Author: Stef Walter +Date: 2014-06-24 + + p11-kit: Cleanup and add documentation for 'remote' option + + https://bugs.freedesktop.org/show_bug.cgi?id=54105 + + doc/manual/p11-kit.xml | 15 +++++++++++ + doc/manual/pkcs11.conf.xml | 13 ++++++++++ + p11-kit/rpc-transport.c | 57 ++++++++++++++++++++++-------------------- + p11-kit/tests/test-transport.c | 2 +- + 4 files changed, 59 insertions(+), 28 deletions(-) + +commit d4289fbe420e19882d94827bd82a667a0132fccf +Author: Stef Walter +Date: 2014-06-24 + + p11-kit: Add 'p11-kit remote' command for isolating modules + + This adds a new tool to the p11-kit command called 'remote'. This + is the server side of remoting a PKCS#11 module. + + doc/manual/p11-kit-sections.txt | 1 + + p11-kit/Makefile.am | 2 + + p11-kit/p11-kit.c | 69 +++++++++++++++++++++++++ + p11-kit/{tests/frob-server.c => remote.c} | 86 ++++++++++++------------------- + p11-kit/remote.h | 56 ++++++++++++++++++++ + p11-kit/tests/Makefile.am | 3 -- + p11-kit/tests/test-transport.c | 2 +- + 7 files changed, 161 insertions(+), 58 deletions(-) + +commit 7ec80ff13adb167705a999b7d082c76219adc909 +Author: Stef Walter +Date: 2013-02-20 + + rpc: Implement execution of another tool to transport PKCS#11 RPC + + p11-kit/Makefile.am | 3 +- + p11-kit/modules.c | 70 +++- + p11-kit/rpc-transport.c | 850 ++++++++++++++++++++++++++++++++++++++++ + p11-kit/rpc.h | 36 +- + p11-kit/tests/Makefile.am | 19 +- + p11-kit/tests/frob-server.c | 173 ++++++++ + p11-kit/tests/mock-module-ep2.c | 56 +++ + p11-kit/tests/test-rpc.c | 156 +++++++- + p11-kit/tests/test-transport.c | 281 +++++++++++++ + 9 files changed, 1600 insertions(+), 44 deletions(-) + +commit 5ecfe2c8aa58a170aac2d9a9c22d7ffb3cc9442a +Author: Stef Walter +Date: 2013-10-09 + + mock: Minor testing tweaks to mock testing + + p11-kit/tests/test-mock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 989eab4f5886c7455242c04bf359619ac148d5ff +Author: Stef Walter +Date: 2013-10-09 + + modules: Make config file and module configs overridable by tests + + p11-kit/modules.c | 15 +++++++++++---- + p11-kit/private.h | 7 +++++++ + 2 files changed, 18 insertions(+), 4 deletions(-) + +commit 895f0416448c297a3d06160d748cd0e94eadb366 +Author: Stef Walter +Date: 2013-10-09 + + test: Move some file and directory code into general test stuff + + common/test.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++ + common/test.h | 10 ++++++ + trust/tests/test-token.c | 52 +++++++++++++++--------------- + trust/tests/test-trust.c | 75 ------------------------------------------- + trust/tests/test-trust.h | 28 ---------------- + 5 files changed, 119 insertions(+), 129 deletions(-) + +commit ccc5e1569b360b54962e7f4cfaded8ab466b021d +Author: Stef Walter +Date: 2013-02-20 + + Add compatibility fdwalk() function + + This is used when execing another process to close all open + file descriptors that we don't wish to be inherited. + + common/compat.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/compat.h | 7 ++++++ + configure.ac | 3 +++ + 3 files changed, 83 insertions(+) + +commit c785ab66890ad7b73c556d6afdf2bb8a32dd50e2 +Author: Stef Walter +Date: 2012-08-23 + + rpc: Implement PKCS#11 messages/client/server code + + * This enables passing around bytes which represent PKCS#11 RPC calls. + * Caller is responsible for connecting/disconnecting and so on. + * Client side caller gets a mixin from p11_rpc_client_init() to call + into, which generates callbacks with byte arrays to be transported. + * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR + on which relevant methods get called. + * Doesn't yet implement the actual daemon or clients etc... + + https://bugs.freedesktop.org/show_bug.cgi?id=54105 + + common/debug.c | 1 + + common/debug.h | 1 + + common/mock.c | 7 + + common/mock.h | 3 + + doc/manual/Makefile.am | 2 + + p11-kit/Makefile.am | 2 + + p11-kit/rpc-client.c | 2092 +++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/rpc-message.c | 769 +++++++++++++++++ + p11-kit/rpc-message.h | 368 ++++++++ + p11-kit/rpc-server.c | 1901 ++++++++++++++++++++++++++++++++++++++++ + p11-kit/rpc.h | 69 ++ + p11-kit/tests/Makefile.am | 1 + + p11-kit/tests/test-mock.c | 10 +- + p11-kit/tests/test-rpc.c | 939 ++++++++++++++++++++ + 14 files changed, 6163 insertions(+), 2 deletions(-) + +commit 469e75bb8184392cb47b3cb4897589caabe56e70 +Author: Andreas Metzler +Date: 2014-01-19 + + Fix typo: supress - > suppress + + p11-kit/lists.c | 2 +- + trust/anchor.c | 2 +- + trust/extract.c | 2 +- + trust/list.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +commit 08e4fcd2c7a9b9ea7a46bff5809a7c383f6063a9 +Author: Stef Walter +Date: 2014-07-04 + + Release version 0.20.3 + + NEWS | 10 ++++++++++ + configure.ac | 2 +- + 2 files changed, 11 insertions(+), 1 deletion(-) + +commit 840ec0f54daeb7c3bc37e22b6ec09ea7cfede868 +Author: Nikos Mavrogiannopoulos +Date: 2014-07-04 + + Added test for non-null values in empty ID and label URI parts + + p11-kit/tests/test-uri.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 66 insertions(+) + +commit d8c064dff11af8537d1c228927c9da82cb6b60e4 +Author: Stef Walter +Date: 2014-07-04 + + p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stable + + These are useful functions for callers who want to supress all output + from p11-kit library. + + doc/manual/p11-kit-sections.txt | 4 ++-- + p11-kit/p11-kit.h | 8 ++++---- + 2 files changed, 6 insertions(+), 6 deletions(-) + +commit 25e8999fd11d0b2c156f3bdd8597142dedd042cb +Author: Stef Walter +Date: 2014-07-03 + + p11-kit: Handle managed modules correctly when forking + + Correctly allow reinitialization when a process forks. + + We don't yet implement checks on all entry points of a managed + module, but this allows callers to call C_Initialize again + after forking, as outlined by the PKCS#11 v2 spec. + + p11-kit/modules.c | 14 ++++++++----- + p11-kit/tests/test-managed.c | 47 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 56 insertions(+), 5 deletions(-) + +commit a2bd1a8c5ba3c611899f7dfc27d553010899eeec +Author: Pavel A +Date: 2014-07-01 + + common: Fixed implementation of strerror_r for WinXP + + ie: when streror_s is missing in msvcrt.dll + + https://bugs.freedesktop.org/show_bug.cgi?id=76594 + + common/compat.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +commit 6527f5d3b24a96369a24281db7593d5c4fc73408 +Author: Stef Walter +Date: 2014-06-25 + + p11-kit: Fix corrupted list when initialization of modules fail + + This fixes the function call p11_kit_module_initialize() to + correctly rearrange the modules array when initializing a module + fails. + + Also fixes p11_kit_modules_load_and_initialize() + + p11-kit/modules.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit d21967cdcd18c8fcb749f874c492b7f6c4965817 +Author: Milan Crha +Date: 2014-06-20 + + Don't try to symlink p11-proxy.so on windows + + https://bugs.freedesktop.org/show_bug.cgi?id=76594 + + p11-kit/Makefile.am | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +commit ead043f7f29d7d724f559fc4caab17edd8206d78 +Author: Stef Walter +Date: 2014-06-20 + + configure: Require automake 1.12 or later + + We can't use automake 1.10 as serial-tests is not supported + there. + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 4faa892e97e59dd6ab01b4cae3e2534663e18ba7 +Author: Pavel A +Date: 2014-06-20 + + Proposed fix for compiler warnings in common/compat.c + when buliding for Windows (mingw). + This issue has been reported in bug #76594 + + a. Moved vasprintf before asprintf + b. Added prototypes for each of them + + Thanks, + pa + + Signed-off-by: Pavel A + + common/compat.c | 42 +++++++++++++++++++++++------------------- + 1 file changed, 23 insertions(+), 19 deletions(-) + +commit 98292d6bbc21168b517cdfca2635d35f2b47740d +Author: Stef Walter +Date: 2014-02-13 + + proxy: Fix cases where modules are unloaded while in use + + The proxy module would unload the PKCS#11 modules it was proxying + when C_Finalize() was called. However if a caller in another thread + was inside of a PKCS#11 function at the time, this would cause + a crash. + + Change things around so that underlying modules are finalized during + the proxy C_Finalize() but not released/unloaded until the proxy + module itself is unloaded. + + https://bugs.freedesktop.org/show_bug.cgi?id=74919 + + p11-kit/proxy.c | 53 +++++++++++++++++++++++++++++++---------------------- + 1 file changed, 31 insertions(+), 22 deletions(-) + +commit deca4955a6cce1dd77bbd45b9524b0f7b0825169 +Author: Stef Walter +Date: 2014-02-13 + + proxy: Remove assertions when module is not initialized + + We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than + assert() when proxy PKCS#11 functions are called before the + module is initialized. + + https://bugs.freedesktop.org/show_bug.cgi?id=74919 + + p11-kit/proxy.c | 2 -- + 1 file changed, 2 deletions(-) + +commit 44beedb8c2b4e30b421b604fb1b044402a1d1ff6 +Author: Pascal Terjan +Date: 2014-02-09 + + Fix handling of mmap failure and mapping empty files + + Check the return value of mmap() correctly. + + Empty files cannot be mmap'd so we implement some + work around code for that. + + https://bugs.freedesktop.org/show_bug.cgi?id=74773 + + Signed-off-by: Stef Walter + + common/compat.c | 11 +++++++++-- + common/tests/test-compat.c | 17 +++++++++++++++++ + 2 files changed, 26 insertions(+), 2 deletions(-) + +commit c59a6b577b7ba1990a7dc04a894c3bc4f4671471 +Author: Stef Walter +Date: 2014-01-29 + + Support running autogen.sh from srcdir != builddir + + autogen.sh | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +commit 73aab81e55a2c2d0161484de756317ad32c80ddc +Author: Stef Walter +Date: 2014-01-29 + + Don't use 'aux' directory name + + Because Windows is really properly screwed up. + + https://bugs.freedesktop.org/show_bug.cgi?id=74149 + + build/{aux => litter}/.empty | 0 + configure.ac | 2 +- + 2 files changed, 1 insertion(+), 1 deletion(-) + +commit 43c54570e97c60457ed09ffb18ad8416b640e51d +Author: Stef Walter +Date: 2014-01-14 + + Release version 0.20.2 + + NEWS | 7 +++++++ + configure.ac | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +commit 90479889d9ee0c6f64067cb762286e6d25dca4b3 +Author: Stef Walter +Date: 2014-01-14 + + distcheck: Build with optimizations so we get proper warnings + + Makefile.am | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 426db01ae6c793d59b055e2ff7b14eeb14a48e68 +Author: Stef Walter +Date: 2014-01-14 + + test-iter: Fix use of uninitialized variable + + p11-kit/tests/test-iter.c | 1 + + 1 file changed, 1 insertion(+) + +commit 99904e84d9f8f0637f66107807ac4ac9e3339e4a +Author: Stef Walter +Date: 2014-01-14 + + trust: Add installcheck target for testing extract + + This is an integration test that the extract and blacklist + functionality basics work. + + More integration tests should follow, at which point we should + place the various generic testing bits into their own file. + + .gitignore | 2 + + configure.ac | 1 + + trust/tests/Makefile.am | 6 ++ + trust/tests/test-extract.in | 189 ++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 198 insertions(+) + +commit 1f4f072346e388d7b6b6cf79b111952069c4e95c +Author: Stef Walter +Date: 2014-01-14 + + Build in srcdir != builddir fashion by default + + Naturally this doesn't apply to tarballs + + .gitignore | 7 +++++++ + Makefile.am | 4 ++-- + autogen.sh | 3 ++- + automaint.sh | 6 +++--- + build/Makefile.am | 9 --------- + build/certs/{Makefile.am => Makefile} | 2 +- + configure.ac | 2 -- + doc/manual/Makefile.am | 3 ++- + 8 files changed, 17 insertions(+), 19 deletions(-) + +commit 9afb6eff85489614d0bc56a3a661473c25f9d892 +Author: Stef Walter +Date: 2014-01-14 + + Move gtk-doc.make into build directory + + gtk-doc.make => build/gtk-doc.make | 0 + doc/manual/Makefile.am | 2 +- + 2 files changed, 1 insertion(+), 1 deletion(-) + +commit 635c22f4518200c7e106cdf507a4c89072f8b6ca +Author: Stef Walter +Date: 2014-01-13 + + enumerate: Preload and respect blacklist across all tokens + + This fixes an issue where a blacklist in one token wasn't properly + skipping anchors being extracted with extract-compat + + https://bugs.freedesktop.org/show_bug.cgi?id=73558 + + trust/enumerate.c | 196 ++++++++++++++++++++++++++++++++----------- + trust/enumerate.h | 3 + + trust/tests/test-enumerate.c | 39 ++++++++- + 3 files changed, 186 insertions(+), 52 deletions(-) + +commit 6bc661e907f5382dbd9a76fb47a3b554c2ea0028 +Author: Stef Walter +Date: 2014-01-13 + + attrs: Allow NULL attribute to be passed to p11_attr_hash() + + This allows simpler lookups. + + https://bugs.freedesktop.org/show_bug.cgi?id=73558 + + common/attrs.c | 12 +++++++----- + common/tests/test-attrs.c | 3 +++ + 2 files changed, 10 insertions(+), 5 deletions(-) + +commit 8d5bff64a7050e983c688bb5612bf4046fe96393 +Author: Stef Walter +Date: 2014-01-13 + + enumerate: Use p11_enumerate_ready() from tests + + This gives a little broader testing of the enumerator + + https://bugs.freedesktop.org/show_bug.cgi?id=73558 + + trust/enumerate.c | 5 +++-- + trust/tests/test-enumerate.c | 31 ++++++++++++++++++++----------- + 2 files changed, 23 insertions(+), 13 deletions(-) + +commit f875bda849626cb5b894fe56985408ab7ee8f9a3 +Author: Stef Walter +Date: 2014-01-13 + + iter: Fix return value in rare memory allocation case + + p11-kit/iter.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bc60631d3e327fd97f53c68c5b3134e4cefad7e1 +Author: Stef Walter +Date: 2014-01-13 + + iter: Add p11_kit_iter_get_attributes() function + + A simple wrapper for C_GetAttributeValue() + + p11-kit/iter.c | 35 +++++++++++++++++++++++++ + p11-kit/iter.h | 4 +++ + p11-kit/tests/test-iter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 106 insertions(+) + +commit f864a68195a9b8fb25c529f539077691fff924a5 +Author: Stef Walter +Date: 2014-01-08 + + Remove straggler file in the tools directory + + tools/tests/test.c | 266 ----------------------------------------------------- + 1 file changed, 266 deletions(-) + +commit e96bc57639a8837e5900a85e282dc0d8bd487fc3 +Author: Stef Walter +Date: 2014-01-08 + + Update translations from transifex + + po/da.po | 169 ++++++++++++++++++++++++++++++++------------------------------- + 1 file changed, 85 insertions(+), 84 deletions(-) + +commit ae7c79d466deff4c37587f11531327c8fa5f534c +Author: Stef Walter +Date: 2014-01-08 + + Fix typo in mock.c + + Reported-by: Tijl Coosemans + + common/mock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 157941cbd75492b0c74ff21f95de3093cf6d4aca +Author: Nikos Mavrogiannopoulos +Date: 2013-11-26 + + Check if pthread and nanosleep() are in libc before linking other libs + + In recent versions of glibc this is true and prevents linking with + pthreads when it is not necessary. + + Tweaked by Stef Walter + + Signed-off-by: Stef Walter + + configure.ac | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +commit ec02489eca1b7b57c35db71bce5a6f7b876e535e +Author: Roman Bogorodskiy +Date: 2013-11-08 + + Drop unused libtasn1.h include + + It's not only unsed, but also causes build fail because CFLAGS + for tests does not contain LIBTASN1_CFLAGS. + + Signed-off-by: Stef Walter + + https://bugs.freedesktop.org/show_bug.cgi?id=71379 + + common/tests/frob-getauxval.c | 2 -- + 1 file changed, 2 deletions(-) + +commit 5ed8c3d3ede6ef30e4b5a40db1438dd6231d5088 +Author: Stef Walter +Date: 2013-09-13 + + trust: Check for race in BasicConstraints stapled extension + + Related to the following bug: + + https://bugs.freedesktop.org/show_bug.cgi?id=69314 + + trust/tests/test-builder.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +commit beb377f7479e834366be60dc6c1da2e53278e091 +Author: Andreas Metzler +Date: 2013-10-01 + + Disable tests with setgid binaries when running in fakeroot + + We use the FAKED_MODE environment variable as a way to detect + fakeroot. + + common/tests/test-compat.c | 5 ++++- + p11-kit/tests/test-conf.c | 5 ++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +commit 895327695f141d5bce5e260b80b5ec01796b214a +Author: Stef Walter +Date: 2013-09-08 + + Fix documentation build + + doc/manual/Makefile.am | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +commit b5f7f7023365c31d0d26ce91e29c801fe9bec1ed +Author: Stef Walter +Date: 2013-09-09 + + Update from transifex and string changes + + po/LINGUAS | 36 +++++- + po/ar.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/as.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/az.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/bg.po | 4 +- + po/bn_IN.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ca.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ca@valencia.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/cs.po | 4 +- + po/cy.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/da.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/de.po | 5 +- + po/el.po | 4 +- + po/en_GB.po | 4 +- + po/eo.po | 4 +- + po/es.po | 5 +- + po/es_CL.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/eu.po | 4 +- + po/fa.po | 4 +- + po/fi.po | 5 +- + po/fo.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/fr.po | 4 +- + po/ga.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/gl.po | 5 +- + po/gu.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/he.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/hi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/hr.po | 5 +- + po/hu.po | 5 +- + po/ia.po | 4 +- + po/id.po | 5 +- + po/it.po | 5 +- + po/it_IT.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ja.po | 5 +- + po/ka.po | 5 +- + po/kk.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/kn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ko.po | 5 +- + po/lt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/lv.po | 5 +- + po/ml.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/mr.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ms.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/nb.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/nl.po | 5 +- + po/nn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/or.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/pa.po | 4 +- + po/pl.po | 5 +- + po/pt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/pt_BR.po | 5 +- + po/ro.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ru.po | 4 +- + po/sk.po | 4 +- + po/sl.po | 5 +- + po/sq.po | 4 +- + po/sr.po | 5 +- + po/sr@latin.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/sv.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ta.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/te.po | 4 +- + po/th.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/tr.po | 4 +- + po/uk.po | 5 +- + po/vi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/wa.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/zh_CN.po | 4 +- + po/zh_HK.po | 4 +- + po/zh_TW.po | 4 +- + 69 files changed, 11068 insertions(+), 74 deletions(-) + +commit 247e31c94666fbeab08a5dc67b0b8f7a3edbef27 +Author: Stef Walter +Date: 2013-09-09 + + Release version 0.20.1 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 88ac590d2e9786d5b364aac7a23b2b0567e87020 +Author: Stef Walter +Date: 2013-09-09 + + Remove unused make variables + + common/tests/Makefile.am | 6 ++---- + p11-kit/tests/Makefile.am | 1 - + 2 files changed, 2 insertions(+), 5 deletions(-) + +commit 8d834060b5af54dcc9581840dfb6452a17a7a7d3 +Author: Stef Walter +Date: 2013-09-05 + + extract-compat: Skip extraction if running as non-root + + trust/trust-extract-compat.in | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit a5713df2c05debd269615226b41e1e0b83de2ba3 +Author: Stef Walter +Date: 2013-09-05 + + anchor: Run extract-compat after we've changed something + + When the 'trust anchor' tool changes something, run + 'trust extract-compat' after that point + + trust/anchor.c | 44 +++++++++++++++++++++++++++++++++----------- + 1 file changed, 33 insertions(+), 11 deletions(-) + +commit 00dc2340eab9f9504ef78006686802eb8e3542ad +Author: Stef Walter +Date: 2013-09-05 + + trust: More appropriate rv when non-modifiable object deleted + + This will change once the spec has a specific attribute and code + to signify deletability. + + trust/anchor.c | 1 + + trust/module.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +commit 3c7553a1fd47671a98a6d496ac7eeedb1b43df7c +Author: Stef Walter +Date: 2013-09-05 + + anchor: Better failure messages when removing anchors + + trust/anchor.c | 29 ++++++++++++++++++++++++++--- + 1 file changed, 26 insertions(+), 3 deletions(-) + +commit 2476ecb35e175a45ba72101ddfa38b2d048323bb +Author: Stef Walter +Date: 2013-09-05 + + messages: Better message for CKR_FUNCTION_REJECTED + + p11-kit/messages.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 40631193e4979426f10e5244f477d3c411f8e6c3 +Author: Stef Walter +Date: 2013-09-04 + + Release version 0.20.0 + + NEWS | 3 +++ + configure.ac | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +commit 11619d1ddb682ad8f42676732e2179fdcd810566 +Author: Stef Walter +Date: 2013-09-04 + + Documentation tweaks + + doc/manual/p11-kit-config.xml | 2 +- + doc/manual/p11-kit-sections.txt | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +commit b4faa7f7e17dea909cd4393d27adbc21b2dea9fb +Author: Stef Walter +Date: 2013-08-29 + + Release version 0.19.4 + + NEWS | 10 ++++++++++ + configure.ac | 2 +- + doc/manual/Makefile.am | 3 +++ + trust/Makefile.am | 2 +- + trust/anchor.c | 2 +- + trust/extract.c | 4 ++-- + 6 files changed, 18 insertions(+), 5 deletions(-) + +commit c980eb29619edc28610a03ccb62514683604257c +Author: Stef Walter +Date: 2013-08-29 + + Route 'p11-kit extract-trust' over to trust tool + + The actual command is 'trust extract-compat'. Make installed placeholder + script reflect this. We still support the old placeholder script + if it is present. + + .gitignore | 1 + + configure.ac | 2 +- + p11-kit/p11-kit.c | 58 +++++++++++----------- + trust/Makefile.am | 3 +- + trust/extract.c | 38 ++++++++++++++ + trust/extract.h | 3 ++ + ...it-extract-trust.in => trust-extract-compat.in} | 10 ++-- + trust/trust.c | 1 + + 8 files changed, 81 insertions(+), 35 deletions(-) + +commit f2beacb7c59b9c4b41b00da993c747fd814882a8 +Author: Stef Walter +Date: 2013-08-29 + + trust: Document the new command line trust tool + + .gitignore | 1 + + doc/manual/Makefile.am | 4 + + doc/manual/p11-kit-docs.xml | 1 + + doc/manual/p11-kit-trust.xml | 5 +- + doc/manual/p11-kit.xml | 145 +---------------- + doc/manual/trust.xml | 368 +++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 385 insertions(+), 139 deletions(-) + +commit 5c19a0e8f5d07a4defb3239a89c224c5f5f9eef4 +Author: Stef Walter +Date: 2013-08-28 + + trust: Add 'trust anchor --remove' command + + Also prevent --store from storing an anchor multiple times + + trust/anchor.c | 417 ++++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 365 insertions(+), 52 deletions(-) + +commit 2e6d7d3a1e03dc2dbcd98c995bd2d6e5906680d9 +Author: Stef Walter +Date: 2013-08-28 + + trust: Add a list command to the trust tool + + Lists with PKCS#11 URI's and some basic fields. + + trust/Makefile.am | 1 + + trust/list.c | 247 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/list.h | 43 ++++++++++ + trust/trust.c | 4 +- + 4 files changed, 294 insertions(+), 1 deletion(-) + +commit dee46ac0c6287fbd57ec9b57ddeade27933fea05 +Author: Stef Walter +Date: 2013-08-28 + + trust: Add support for removing trust token objects + + trust/tests/test-token.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 87 +++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 185 insertions(+), 1 deletion(-) + +commit b693517966b1cbe5b81e39aeefad7b52b6f10492 +Author: Stef Walter +Date: 2013-08-28 + + trust: Refactor enumeration of certificates to extract + + Because we want to use this same logic for listing trust + + trust/Makefile.am | 2 +- + trust/{extract-info.c => enumerate.c} | 228 ++++++++++++++++++----- + trust/enumerate.h | 103 ++++++++++ + trust/extract-cer.c | 18 +- + trust/extract-jks.c | 13 +- + trust/extract-openssl.c | 36 ++-- + trust/extract-pem.c | 20 +- + trust/extract.c | 180 ++---------------- + trust/extract.h | 84 ++------- + trust/tests/Makefile.am | 14 +- + trust/tests/test-bundle.c | 62 +++--- + trust/tests/test-cer.c | 62 +++--- + trust/tests/{test-extract.c => test-enumerate.c} | 151 +++++++-------- + trust/tests/test-openssl.c | 111 ++++++----- + 14 files changed, 541 insertions(+), 543 deletions(-) + +commit 714e4a22a82295c41360fbfa6019a31b1e2a0f30 +Author: Stef Walter +Date: 2013-08-27 + + trust: Do reload object removals inside a loading block + + So that validation/storage logic doesn't kick in if a file was + removed outside of p11-kit trust module. + + trust/token.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 570403f3421b222167196d380c60eb8430eb4cd7 +Author: Stef Walter +Date: 2013-08-28 + + trust: Add index callback for when an object is removed + + This allows a token to remove the file if desired + + trust/index.c | 25 ++++++++++++ + trust/index.h | 5 +++ + trust/session.c | 2 +- + trust/tests/test-builder.c | 2 +- + trust/tests/test-index.c | 99 ++++++++++++++++++++++++++++++++++++++++++---- + trust/token.c | 1 + + 6 files changed, 125 insertions(+), 9 deletions(-) + +commit 58466648aa84ea10c20213d4665c5c93dbf285e9 +Author: Stef Walter +Date: 2013-08-27 + + trust: Prefer parsing the persist format to PEM + + This is because the persist format contains PEM, and if the PEM + parser gets it first, then it'll ignore the other non PEM data. + + trust/token.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 619e81b5ffe0677d1d511ef60b8451434c2a32a0 +Author: Stef Walter +Date: 2013-08-27 + + trust: Correctly rewrite other objects in a modifiable persist file + + There was a bug where we were rewriting the modified object + multiple times. + + trust/tests/test-token.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 2 +- + 2 files changed, 75 insertions(+), 1 deletion(-) + +commit 8a9a90e197d67c58898e959358b9a13482732d3d +Author: Stef Walter +Date: 2013-08-27 + + Add p11-kit style typedefs for iter and uri + + In general we're slowly migrating towards the lower case style + for stuctures/objects. + + p11-kit/iter.h | 1 + + p11-kit/uri.h | 1 + + 2 files changed, 2 insertions(+) + +commit 1fac2b92d6c53655086a2cc3a653b8e78d92a043 +Author: Stef Walter +Date: 2013-08-27 + + iter: Add a p11_kit_iter_destroy_object() function + + Handy function since this is a common need. + + doc/manual/p11-kit-sections.txt | 1 + + p11-kit/iter.c | 18 ++++++++++++++++++ + p11-kit/iter.h | 1 + + p11-kit/tests/test-iter.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 60 insertions(+) + +commit dec3efbaf4a6550bc45d1b9926e4d66b93306802 +Author: Stef Walter +Date: 2013-08-27 + + iter: Add p11_kit_iter_set_uri() function + + This is so we can set a filtering uri on the iterator after construction + + doc/manual/p11-kit-sections.txt | 3 ++- + p11-kit/iter.c | 41 ++++++++++++++++++++++++++++++++++------- + p11-kit/iter.h | 3 +++ + p11-kit/tests/test-iter.c | 28 ++++++++++++++++++++++++++++ + 4 files changed, 67 insertions(+), 8 deletions(-) + +commit c15dca006ca69c26ec083a4f2d4aac76b9f30d52 +Author: Stef Walter +Date: 2013-08-27 + + iter: Add p11_kit_iter_get_token() call + + To get the already loaded CK_TOKEN_INFO during iteration for the + token that the current object is on. + + doc/manual/p11-kit-sections.txt | 1 + + p11-kit/iter.c | 25 +++++++++++++++++++++---- + p11-kit/iter.h | 2 ++ + p11-kit/tests/test-iter.c | 32 ++++++++++++++++++++++++++++++++ + 4 files changed, 56 insertions(+), 4 deletions(-) + +commit 3f357776c15255710997e61ca305aa5a2ce5cf02 +Author: Stef Walter +Date: 2013-08-27 + + iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behavior + + This allows us to try to get a RW session, but if not fallback + to a read-only session. + + doc/manual/p11-kit-sections.txt | 1 - + p11-kit/iter.c | 36 ++++++++++++++---------------------- + p11-kit/iter.h | 4 +--- + p11-kit/tests/test-iter.c | 4 +--- + 4 files changed, 16 insertions(+), 29 deletions(-) + +commit 22220bda09585239533b6a9fef6de51c1ddc2ae6 +Author: Stef Walter +Date: 2013-08-27 + + tool: Only include debug lines marked 'tool' when --verbose + + Otherwise we get all sorts of overwhelming internal debugging + when someone specifies --verbose argument to a tool. + + common/tool.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 7f6fd42ea33e09687487e8981e02080c8a6c7b40 +Author: Stef Walter +Date: 2013-08-27 + + debug: Allow debug lines longer than 512 characters + + Since fprintf (stderr, ...) already doesn't print atomically, we don't + lose any atomicity here. If we want to print atomically this will need + some further reworking anyway. + + common/debug.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +commit 095a385ead70651536d29c7ddab53f42592a3ef5 +Author: Stef Walter +Date: 2013-08-27 + + debug: Add missing 'tool' flag to debug flags + + common/debug.c | 1 + + 1 file changed, 1 insertion(+) + +commit e835d0f6eae21e1b6f13b8ad585c179bbf1eb946 +Author: Stef Walter +Date: 2013-08-27 + + p11-kit: Rename list.c to lists.c to simplify debugging + + p11-kit/Makefile.am | 2 +- + p11-kit/{list.c => lists.c} | 0 + 2 files changed, 1 insertion(+), 1 deletion(-) + +commit cdad5bceee79afbf8b3440b39c72890d2e67448d +Author: Stef Walter +Date: 2013-08-26 + + Avoid multiple stat() calls for same file + + As a side effect we can also not use the dirent.d_type field + + https://bugs.freedesktop.org/show_bug.cgi?id=68525 + + common/compat.c | 39 ++++++++++++++++++++++++++++----------- + common/compat.h | 3 +++ + common/test.c | 2 +- + configure.ac | 1 - + p11-kit/conf.c | 35 ++++++++++++++++------------------- + p11-kit/conf.h | 3 ++- + p11-kit/tests/test-conf.c | 6 +++--- + trust/anchor.c | 2 +- + trust/parser.c | 3 ++- + trust/parser.h | 1 + + trust/save.c | 14 ++------------ + trust/tests/frob-cert.c | 2 +- + trust/tests/test-module.c | 4 ++-- + trust/tests/test-parser.c | 20 ++++++++++---------- + trust/tests/test-token.c | 12 +++++++----- + trust/token.c | 2 +- + 16 files changed, 80 insertions(+), 69 deletions(-) + +commit e1042e93488f2b38abeea58b65440111df69afdc +Author: Stef Walter +Date: 2013-08-26 + + compat: Check return value of mmap() properly + + https://bugs.freedesktop.org/show_bug.cgi?id=68525 + + common/compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 2978f8fb27681e9f40575ae2be26012e8a54fc71 +Author: Pascal Ernster +Date: 2013-08-16 + + Add --with-module-config parameter to the configure script + + https://bugs.freedesktop.org/show_bug.cgi?id=68122 + + configure.ac | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +commit c777194f0a8d00bcb4e1dc89beebcadf2249ddc0 +Author: Stef Walter +Date: 2013-08-12 + + trust: Add test tool for creating BasicConstraints + + trust/tests/Makefile.am | 1 + + trust/tests/frob-bc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 102 insertions(+) + +commit 4b1d38759c8cdc85b9ab9ce3a8a24a0dc28f2aa6 +Author: Michael Cronenworth +Date: 2013-07-30 + + test-compat calls test_getauxval which is in a UNIX defined block + + MinGW builds fail due to this. + + https://bugs.freedesktop.org/show_bug.cgi?id=67518 + + common/tests/test-compat.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit cdb1a88ba117d92991298445e5db51b6e1f5ce3c +Author: Alon Bar-Lev +Date: 2013-07-27 + + do not assume dead code existence in autoconf checks + + when compiler optimize source, it removes dead code so a linkage error + in these cases are not visisble. + + Signed-off-by: Alon Bar-Lev + + https://bugs.freedesktop.org/show_bug.cgi?id=67413 + + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 68beea0bca786730019df002fa625986a4d65d91 +Author: Stef Walter +Date: 2013-07-23 + + Release version 0.19.3 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 2e7952e62ef205c67175e3e717526e4375ca8325 +Author: Stef Walter +Date: 2013-07-23 + + Make tests work on file systems with block size directories + + On certain file systems the size of the directory does not + change when adding a file. This caused the tests to fail. Make + the tests wait more than a second in certain tests to get the + mtime to change. + + https://bugs.freedesktop.org/show_bug.cgi?id=65249 + + trust/tests/test-token.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +commit 02a3bbd560bdb56501fea1b46c5583582832b008 +Author: Stef Walter +Date: 2013-07-23 + + Fix uninitialized variables + + trust/anchor.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 6b457ffc260100e0e3e6b2143b00e34bb419665e +Author: Stef Walter +Date: 2013-07-23 + + Don't use _GNU_SOURCE and fix strerror_r usage + + glibc declares strerror_r completely different if in POSIX or GNU + mode. Nastiness. Stop using _GNU_SOURCE all together. + + common/compat.h | 10 ++++--- + common/message.c | 6 +++++ + common/test.c | 1 + + common/tests/Makefile.am | 1 + + common/tests/test-message.c | 65 +++++++++++++++++++++++++++++++++++++++++++++ + configure.ac | 4 +-- + trust/token.c | 2 +- + 7 files changed, 83 insertions(+), 6 deletions(-) + +commit b14fc0351c4dd71c5ca71df77e325d2b2a4c0583 +Author: Stef Walter +Date: 2013-07-23 + + Fix various memory leaks exposed by 'make leakcheck' + + common/tests/test-path.c | 90 ++++++++++++++++++++++++---------------------- + p11-kit/modules.c | 2 ++ + trust/asn1.c | 4 ++- + trust/builder.c | 6 ++-- + trust/extract-openssl.c | 1 + + trust/index.c | 2 +- + trust/parser.c | 1 + + trust/tests/Makefile.am | 12 +++---- + trust/tests/test-asn1.c | 3 +- + trust/tests/test-builder.c | 4 +++ + trust/token.c | 10 ++++-- + 11 files changed, 79 insertions(+), 56 deletions(-) + +commit b7cc29a78c3c705374ff25223fe14749ddb076b9 +Author: Stef Walter +Date: 2013-07-23 + + Use simple serial automake test harness + + * Add a testing sanity check to see if we're catching errors + * Fix a few other testing issues + + build/Makefile.tests | 2 +- + common/test.c | 2 +- + common/tests/Makefile.am | 1 + + common/tests/test-compat.c | 4 +- + common/tests/test-tests.c | 93 +++++++++++++++++++++++++++++++++++++++++ + configure.ac | 2 +- + p11-kit/conf.c | 2 +- + p11-kit/tests/test-deprecated.c | 1 + + p11-kit/tests/test-init.c | 1 + + trust/builder.c | 2 +- + trust/tests/test-builder.c | 12 ++++-- + trust/token.c | 3 +- + 12 files changed, 113 insertions(+), 12 deletions(-) + +commit 4d04cfdf2ac078cc4a95ff9a145f0045e074470b +Author: Stef Walter +Date: 2013-07-23 + + Use an automake aux directory for storing litter + + build/aux/.empty | 1 + + configure.ac | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +commit 884819d4028faa77d38a99d3f63376b2f4fdfcd4 +Author: Stef Walter +Date: 2013-07-18 + + doc: Add identifiers to doc sections so gtk-doc doesn't autogen them + + doc/manual/p11-kit-config.xml | 2 +- + doc/manual/p11-kit.xml | 12 ++++++------ + doc/manual/pkcs11.conf.xml | 6 +++--- + 3 files changed, 10 insertions(+), 10 deletions(-) + +commit 86060d6b17fa3848e60aaff9be7768a761c7c428 +Author: Stef Walter +Date: 2013-07-18 + + Add appropriate const qualifiers + + p11-kit/conf.c | 2 +- + trust/extract-openssl.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +commit 263a83278bd305eb2951907faa3fe08a79fcdeec +Author: Stef Walter +Date: 2013-07-18 + + Release version 0.19.2 + + NEWS | 20 +++++++++++++++++++- + configure.ac | 2 +- + 2 files changed, 20 insertions(+), 2 deletions(-) + +commit d8532de9570fd7501b8b25ff10ab05392f3a1d42 +Author: Stef Walter +Date: 2013-07-18 + + Fix extract example in documentation + + doc/manual/p11-kit.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 91bbe5ad80a760a58d5eba48f65ddd07fa56a953 +Author: Stef Walter +Date: 2013-07-18 + + Use $XDG_CONFIG_HOME/pkcs11 as default user config directory + + By default this evaluates to ~/.config/pkcs11. This is a somewhat + backwards incompatible change. However so far only advanced users + have been exposed to the user p11-kit configuration. + + Distributors are able to revert this if necessary with a + --with-user-config='~/.pkcs11' ./configure option. + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit a1a398ae150cee642efaa03f28e8457c75185d55 +Author: Stef Walter +Date: 2013-07-18 + + Use getpwuid_r() instead of the non-thread-sofe getpwuid() + + common/path.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +commit b03be8429847451ddf25508b3dc3c520e96a2cc3 +Author: Stef Walter +Date: 2013-07-18 + + Fix p11_kit_space_strlen() result when empty string + + https://bugzilla.redhat.com/show_bug.cgi?id=985416 + + p11-kit/tests/Makefile.am | 1 + + p11-kit/tests/test-util.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/util.c | 6 ++--- + 3 files changed, 63 insertions(+), 3 deletions(-) + +commit 2a69ff5691e114362564a2ab572cd4b3b20dcc27 +Author: Stef Walter +Date: 2013-07-17 + + Always pass size_t varargs to p11_hash_xxx() functions + + https://bugzilla.redhat.com/show_bug.cgi?id=985421 + + trust/extract-jks.c | 4 ++-- + trust/extract-openssl.c | 2 +- + trust/x509.c | 4 +++- + 3 files changed, 6 insertions(+), 4 deletions(-) + +commit 1548d82560b242579f5ba216b66bd59ccd0f3fd0 +Author: Stef Walter +Date: 2013-07-17 + + Don't call memdup with zero length or NULL pointer + + https://bugzilla.redhat.com/show_bug.cgi?id=985433 + + common/attrs.c | 9 +++++++-- + p11-kit/pin.c | 2 +- + 2 files changed, 8 insertions(+), 3 deletions(-) + +commit 29a5df009656dc09be781c4939cec3613a0a12cb +Author: Stef Walter +Date: 2013-07-17 + + attrs: Check printf formatting in buffer_append_printf() + + https://bugzilla.redhat.com/show_bug.cgi?id=985497 + + common/attrs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +commit 9a1fe66f08149596567fedb4e2338ae786a19ab9 +Author: Stef Walter +Date: 2013-07-17 + + Avoid using the non-thread-safe strerror() function + + https://bugzilla.redhat.com/show_bug.cgi?id=985481 + + common/compat.c | 16 ++++ + common/compat.h | 8 ++ + common/message.c | 26 ++++++ + common/message.h | 4 + + common/path.c | 3 +- + configure.ac | 2 +- + p11-kit/conf.c | 6 +- + tools/tests/test.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/parser.c | 2 +- + trust/save.c | 47 ++++------ + trust/token.c | 19 ++-- + 11 files changed, 348 insertions(+), 51 deletions(-) + +commit e403f7b33ac35e961c72ed1b6335bbe3084e4642 +Author: Stef Walter +Date: 2013-07-17 + + Declare static variables const where it makes sense + + https://bugzilla.redhat.com/show_bug.cgi?id=985337 + + common/path.c | 8 ++++---- + p11-kit/conf.c | 4 ++-- + p11-kit/uri.c | 4 ++-- + trust/builder.c | 38 +++++++++++++++++++------------------- + trust/extract-info.c | 2 +- + trust/extract-openssl.c | 2 +- + trust/module.c | 4 ++-- + 7 files changed, 31 insertions(+), 31 deletions(-) + +commit 52a84b84a924a9f1cd8090b0a47b9f7d00ca69f3 +Author: Stef Walter +Date: 2013-07-17 + + Support expanding $XDG_CONFIG_HOME in user config paths + + If ~/.config is specified as a prefix to a configured path, + then it is expanded to the $XDG_CONFIG_HOME if that exists + + Add --with-user-config ./configure option to configure a + different user config directory. + + Interpolate the right directories into documentation. + + .gitignore | 2 ++ + common/path.c | 37 ++++++++++++++++++++++++------------- + common/tests/test-path.c | 6 ++++++ + configure.ac | 8 ++++++-- + doc/manual/Makefile.am | 17 +++++++++++++++-- + doc/manual/p11-kit-config.xml | 18 +++++++++++------- + doc/manual/p11-kit-devel.xml | 10 ++++++++++ + doc/manual/p11-kit-trust.xml | 10 +++++++--- + doc/manual/pkcs11.conf.xml | 14 +++++++++----- + doc/manual/version.xml.in | 1 - + p11-kit/pkcs11.conf.example.in | 2 +- + 11 files changed, 91 insertions(+), 34 deletions(-) + +commit 936e4c229a4ed205e9981fc4f31acea063701b69 +Author: Stef Walter +Date: 2013-07-17 + + Don't load configs from user directory when setuid + + When running as setuid() or setgid() don't access the user's home + directory, or use $HOME environment variables. + + https://bugzilla.redhat.com/show_bug.cgi?id=985014 + + common/compat.c | 48 +++++++++++++ + common/compat.h | 12 ++++ + common/path.c | 5 ++ + common/test.c | 99 +++++++++++++++++++++++++++ + common/test.h | 9 +++ + common/tests/Makefile.am | 5 +- + common/tests/frob-getauxval.c | 63 +++++++++++++++++ + common/tests/test-compat.c | 30 ++++++++ + configure.ac | 3 + + doc/manual/p11-kit-config.xml | 3 + + doc/manual/pkcs11.conf.xml | 3 + + p11-kit/conf.c | 5 ++ + p11-kit/tests/Makefile.am | 1 + + p11-kit/tests/files/system-modules/one.module | 3 +- + p11-kit/tests/files/user-modules/one.module | 3 +- + p11-kit/tests/frob-setuid.c | 95 +++++++++++++++++++++++++ + p11-kit/tests/test-conf.c | 39 +++++++++++ + 17 files changed, 423 insertions(+), 3 deletions(-) + +commit 81a6e16539e5e4a27c55194ae095cc4a75d08ade +Author: Stef Walter +Date: 2013-07-17 + + tools: Use $TMPDIR instead of $TEMP + + TMPDIR is a more standard environment variable for locating the + temp directory on Unix. In addition since this is only used in + tests, remove the code from the generic p11_path_expand() func. + + In general remove the possibility for forks to put $HOME or $TEMP + environment variables in configured paths. This was possible + due to code in p11_path_expand() but not something we supported. + + https://bugzilla.redhat.com/show_bug.cgi?id=985017 + + common/path.c | 44 ----------------------------------- + common/test.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++ + common/test.h | 2 ++ + common/tests/test-path.c | 31 +------------------------ + trust/tests/test-bundle.c | 4 +--- + trust/tests/test-cer.c | 4 +--- + trust/tests/test-module.c | 4 +--- + trust/tests/test-openssl.c | 4 +--- + trust/tests/test-save.c | 4 +--- + trust/tests/test-token.c | 9 ++------ + trust/tests/test-trust.c | 6 +++++ + 11 files changed, 73 insertions(+), 96 deletions(-) + +commit eb8f5859b1349f8147ba47a1da8032df192f2370 +Author: Stef Walter +Date: 2013-07-17 + + Fix various issues highlighted by coverity scanner + + Among others fix possible usage of large stack allocation. + + common/hash.c | 1 + + common/lexer.c | 3 ++- + p11-kit/iter.c | 12 ++++++------ + p11-kit/p11-kit.c | 6 ++++++ + p11-kit/tests/test-init.c | 3 +++ + trust/extract.c | 20 ++++++++++---------- + trust/index.c | 18 +++++++++--------- + trust/parser.c | 2 +- + trust/tests/frob-nss-trust.c | 1 + + trust/tests/test-index.c | 7 ++++--- + 10 files changed, 43 insertions(+), 30 deletions(-) + +commit ab1caffd9e09fd4d6ab92713de29436db0da6dea +Author: Stef Walter +Date: 2013-07-16 + + open files with O_CLOEXEC when possible + + This helps prevent leaked file descriptors when the library is + used in a process which exec's. + + opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC + so we don't need to make changes there. + + In addition read config files using p11_mmap_open() so that we get + the simple benefits of O_CLOEXEC with the open() call there. + + https://bugzilla.redhat.com/show_bug.cgi?id=984986 + + common/compat.c | 18 ++++++++-- + common/compat.h | 4 +++ + p11-kit/conf.c | 101 +++++++++++++++----------------------------------------- + p11-kit/pin.c | 2 +- + 4 files changed, 46 insertions(+), 79 deletions(-) + +commit 9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361 +Author: Stef Walter +Date: 2013-07-16 + + buffer: Check for unlikely integer overflow + + If we see an integer overflow here something has gone horribly wrong + (or malicious code is present). So treat this as unrecoverable, and + fail if we're going to overflow. + + https://bugzilla.redhat.com/show_bug.cgi?id=985019 + + common/buffer.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit 0ddd67184b65dfde0e5d05a957f01eeca161e384 +Author: Stef Walter +Date: 2013-07-16 + + Make preconditions abort unconditionally when scanning with coverity + + This reflects that preconditions are invalid/unreachable on a + functioning system and with valid input. We do not try to recover + from such conditions. + + In addition teach coverity about how our test suite fails + + See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html + + https://bugzilla.redhat.com/show_bug.cgi?id=985005 + + common/debug.c | 4 ++++ + common/test.c | 5 +++++ + 2 files changed, 9 insertions(+) + +commit b2e6bc0ea2b2d2b90f6a159a23a4e676b1f302e4 +Author: Stef Walter +Date: 2013-07-16 + + iter: Document guarantees for filter matches argumet + + The matches argument is always initialized to CK_TRUE when a filter + is called, and it's up to filters to set it to CK_FALSE. Filters + don't need to set to CK_TRUE. + + https://bugzilla.redhat.com/show_bug.cgi?id=985009 + + p11-kit/iter.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit 3f9da410144fd45ee6250dda28cae49300077e29 +Author: Stef Walter +Date: 2013-07-17 + + Fixes for some recent win32 regressions + + common/path.c | 21 ++++++++++++++++++--- + trust/save.c | 22 ++++++++++------------ + trust/token.c | 10 +++++++++- + 3 files changed, 37 insertions(+), 16 deletions(-) + +commit 82738fe7d6143cb25fc1cb201a75b8a071043be8 +Author: Stef Walter +Date: 2013-07-16 + + Remove erroneous comments about readdir() and thread-safety + + https://bugzilla.redhat.com/show_bug.cgi?id=984989 + + p11-kit/conf.c | 1 - + trust/save.c | 1 - + trust/token.c | 1 - + 3 files changed, 3 deletions(-) + +commit d00f6b24e5349d8d37868b8f4451b1dc9b38767e +Author: Stef Walter +Date: 2013-07-10 + + Build with -fno-common to catch definition problems + + Fix some global variables not declared as extern + + https://bugs.freedesktop.org/show_bug.cgi?id=66015 + + configure.ac | 2 +- + p11-kit/virtual.h | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +commit fb039d0c292c3cd339179bdc98a09d4103fb9c5f +Author: Stef Walter +Date: 2013-07-10 + + Various documentation tweaks and fixes for warnings + + doc/manual/p11-kit-devel.xml | 2 +- + doc/manual/p11-kit-sections.txt | 4 ++++ + p11-kit/iter.c | 8 ++++++++ + 3 files changed, 13 insertions(+), 1 deletion(-) + +commit edd04b610c1c83f26ed036569ad95b89a41fc558 +Author: Stef Walter +Date: 2013-07-10 + + Add support for using freebl3 for SHA1 and MD5 hashing + + Since we don't want to link freebl3 to libp11-kit.so where it isn't + needed, move the SHA-1 and MD5 digest functionality to the trust/ + directory. + + common/hash.c | 502 ---------------------------------- + common/hash.h | 20 -- + common/tests/test-hash.c | 92 ------- + configure.ac | 33 +++ + doc/manual/p11-kit-devel.xml | 11 + + trust/Makefile.am | 4 + + trust/builder.c | 16 +- + trust/digest.c | 632 +++++++++++++++++++++++++++++++++++++++++++ + trust/digest.h | 60 ++++ + trust/extract-jks.c | 14 +- + trust/extract-openssl.c | 10 +- + trust/parser.c | 4 +- + trust/tests/Makefile.am | 9 +- + trust/tests/test-builder.c | 6 +- + trust/tests/test-digest.c | 143 ++++++++++ + trust/tests/test-module.c | 10 +- + trust/x509.c | 4 +- + 17 files changed, 922 insertions(+), 648 deletions(-) + +commit eca5a6e491f5f85ba1f06afcea3177c3442ae557 +Author: Stef Walter +Date: 2013-07-09 + + trust: Fix the 'p11-kit extract' command + + This is supposed to call over to 'trust extract' and wasn't + working correctly. + + p11-kit/Makefile.am | 1 + + p11-kit/p11-kit.c | 22 ++++++++++++++++++++-- + trust/extract.c | 2 +- + 3 files changed, 22 insertions(+), 3 deletions(-) + +commit a314ab2aa9dbfcbc8d2d9a84554265e498520a20 +Author: Stef Walter +Date: 2013-07-08 + + trust: Fix bug with load validation failures + + trust/index.c | 5 +++-- + trust/tests/test-index.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 53 insertions(+), 2 deletions(-) + +commit 3c36c7a68dfefdf75f7239dd7e006e7eb1366620 +Author: Stef Walter +Date: 2013-07-08 + + trust: Add a basic 'anchor' command to store a new anchor + + trust/Makefile.am | 3 + + trust/anchor.c | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/anchor.h | 43 ++++++++ + trust/trust.c | 2 + + 4 files changed, 348 insertions(+) + +commit dcca67d72544e394f43a8c62840692c85d5b5b29 +Author: Stef Walter +Date: 2013-07-08 + + trust: Fix various issues writing objects in trust token + + * Create directory before trying to write files to it + * Handle write failures appropriately + + Refactor how we build and store objects in the index to handle + the above cases properly. + + trust/builder.c | 152 +++++++++-------------------- + trust/builder.h | 5 +- + trust/index.c | 129 ++++++++++++++++++++++-- + trust/index.h | 11 ++- + trust/session.c | 2 +- + trust/tests/test-builder.c | 238 ++++++++++++++++++++++++++++++++------------- + trust/tests/test-index.c | 32 +++--- + trust/token.c | 166 +++++++++++++++++++++---------- + 8 files changed, 483 insertions(+), 252 deletions(-) + +commit 3318c443b7a3660f0aee80cfa0d5e915d3a21734 +Author: Stef Walter +Date: 2013-07-08 + + trust: Mark CKA_X_DISTRUSTED as a boolean attribute + + trust/persist.c | 1 + + 1 file changed, 1 insertion(+) + +commit c0a2fe9c974b51e7495d0598a925c07744d895de +Author: Stef Walter +Date: 2013-07-08 + + trust: Support token directory paths in user's home directory + + trust/module.c | 1 + + trust/token.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +commit 2c4f5ed657976d868c33f0ddf430477ee2bf0191 +Author: Stef Walter +Date: 2013-07-08 + + trust: Explicitly specify which formats parser should parse + + trust/parser.c | 69 +++++++++++++++++++++++++++++------------------ + trust/parser.h | 18 +++++++++++-- + trust/tests/test-module.c | 2 ++ + trust/tests/test-parser.c | 10 +++++++ + trust/token.c | 2 ++ + 5 files changed, 73 insertions(+), 28 deletions(-) + +commit 03787ae83b1911118a7a689c4817bbce1e74dabd +Author: Stef Walter +Date: 2013-07-08 + + trust: Support using the parser without an asn1_cache + + trust/asn1.c | 11 ++++++++--- + trust/parser.c | 15 +++++++++++---- + trust/tests/test-parser.c | 22 ++++++++++++++++++++++ + 3 files changed, 41 insertions(+), 7 deletions(-) + +commit 9f7c426d5a6bfb0e60895a690ed835c47e04cb4e +Author: Stef Walter +Date: 2013-07-08 + + asn1: In p11_asn1_read() allocate an extra null terminator + + As a courtesy for callers. + + trust/asn1.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +commit 09ece36663a3672dfa2db97029cfd5f5360188e8 +Author: Stef Walter +Date: 2013-07-08 + + common: Fix typo, and don't escape '6' in URL encoding + + common/url.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 75e2cb73df51a2688ecd2f4b4e3b490ae7b9f5a7 +Author: Stef Walter +Date: 2013-07-04 + + p11-kit: Add P11_KIT_MODULE_TRUSTED flag + + A new flag to pass to p11_kit_modules_load() and related functions + which limits loaded modules to ones with "trust-policy: yes". + + p11-kit/modules.c | 48 +++++++++++++++--------- + p11-kit/p11-kit.h | 1 + + p11-kit/tests/files/package-modules/four.module | 3 +- + p11-kit/tests/files/system-modules/one.module | 3 +- + p11-kit/tests/test-modules.c | 50 +++++++++++++++++++++++++ + trust/extract.c | 49 ++++++------------------ + 6 files changed, 98 insertions(+), 56 deletions(-) + +commit 7d4941715b5afc2ef8ea18716990d28965737c70 +Author: Stef Walter +Date: 2013-07-04 + + trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec + + * Use the concepts and PKCS#11 objects described in the + recently updated (still work in progress) storing trust spec. + * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the + the CKA_PUBLIC_KEY_INFO isn't defined yet. + * Most notably, the association between certificates and stapled + extensions is by public key. + * Rework some of the tests to take into account the above. + + build/certs/Makefile.am | 19 ++-- + common/attrs.c | 1 + + common/constants.c | 1 + + common/pkcs11x.h | 1 + + trust/builder.c | 118 +++++++++++++-------- + trust/extract-info.c | 112 ++++++++++++------- + trust/extract-openssl.c | 37 ++++--- + trust/parser.c | 109 +++++++++++++------ + trust/tests/Makefile.am | 1 + + .../{cacert3-trusted-multiple.pem => multiple.pem} | 53 +++------ + trust/tests/files/verisign-v1.pem | 15 +++ + trust/tests/frob-eku.c | 1 + + trust/tests/frob-ext.c | 118 +++++++++++++++++++++ + trust/tests/test-builder.c | 59 ++++++++--- + trust/tests/test-extract.c | 7 +- + trust/tests/test-openssl.c | 33 ++++-- + trust/tests/test-parser.c | 30 ++++-- + trust/tests/test-trust.h | 62 +++++++++++ + 18 files changed, 561 insertions(+), 216 deletions(-) + +commit 2be55821c1ffab99b91c76c43c91dd95db1c21c7 +Author: Stef Walter +Date: 2013-07-04 + + trust: Add p11_oid_hash() and various oid strings + + trust/oid.c | 13 +++++++++++++ + trust/oid.h | 7 +++++++ + trust/tests/test-oid.c | 19 ++++++++++++++----- + 3 files changed, 34 insertions(+), 5 deletions(-) + +commit ec7c2ff2011d774217c1e35d664072d0487853c7 +Author: Stef Walter +Date: 2013-07-04 + + trust: Add p11_asn1_read() and p11_asn1_free() functions + + Some helpers for commonly used ASN.1 related stuff. + + trust/asn1.c | 38 ++++++++++++++++++++++++++++++++++++++ + trust/asn1.h | 6 ++++++ + trust/parser.c | 16 +++------------- + trust/persist.c | 11 ++--------- + trust/tests/test-asn1.c | 19 +++++++++++++++++++ + trust/x509.c | 42 ++++++------------------------------------ + 6 files changed, 74 insertions(+), 58 deletions(-) + +commit a2165fe35e336fd807af053a21a396b020f90a23 +Author: Stef Walter +Date: 2013-07-03 + + trust: Initial support for writing out token objects + + * The objects are written out in the p11-kit persist format + * Parser marks files in p11-kit persist format as modifiable + + trust/Makefile.am | 1 + + trust/module.c | 18 ++-- + trust/parser.c | 2 +- + trust/tests/test-module.c | 126 +++++++++++++++++++++++++-- + trust/tests/test-parser.c | 1 - + trust/tests/test-token.c | 110 ++++++++++++++++++++++- + trust/tests/test-trust.c | 1 - + trust/token.c | 218 +++++++++++++++++++++++++++++++++++++++++----- + trust/token.h | 5 +- + 9 files changed, 443 insertions(+), 39 deletions(-) + +commit 269c4c2e82543de273fa9415dec1b9b6e00c51af +Author: Stef Walter +Date: 2013-07-03 + + trust: If token path is a file, don't try loading subdirectories + + trust/token.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +commit 4bbb7038816d3664c92cb442e3d1ccac8f92f83c +Author: Stef Walter +Date: 2013-07-03 + + trust: Correctly handle persisting OIDs with zero length + + trust/persist.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +commit 6f212d25c6e03705d58137a2ffa0ccb59bf944ff +Author: Stef Walter +Date: 2013-07-03 + + trust: Don't write out internal attributes when persisting + + trust/Makefile.am | 1 + + trust/index.h | 16 +--------------- + trust/persist.c | 7 +++++++ + trust/types.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 63 insertions(+), 15 deletions(-) + +commit e355c6724c6fb8cd604763ad2518751056512b2b +Author: Stef Walter +Date: 2013-07-03 + + trust: Add support for saving files with unique file names + + trust/extract-cer.c | 4 +- + trust/extract-jks.c | 2 +- + trust/extract-openssl.c | 52 ++++++++------ + trust/extract-pem.c | 8 ++- + trust/save.c | 171 +++++++++++++++++++++++++++++++++------------ + trust/save.h | 6 +- + trust/tests/test-openssl.c | 1 - + trust/tests/test-save.c | 168 +++++++++++++++++++++++++++++++++----------- + 8 files changed, 298 insertions(+), 114 deletions(-) + +commit 81431ffd8cbf55175b1b9a9ed130fc67d0d4000b +Author: Stef Walter +Date: 2013-07-03 + + path: Add p11_path_canon() function + + Cleans up a filename with readable characters. + + common/path.c | 15 +++++++++++++++ + common/path.h | 2 ++ + common/tests/test-path.c | 17 +++++++++++++++++ + trust/extract-info.c | 11 ++--------- + 4 files changed, 36 insertions(+), 9 deletions(-) + +commit 1c4522e5df79bd197feab8448008fc2bf6b4ea2e +Author: Stef Walter +Date: 2013-06-28 + + trust: Rename p11_index_batch() to p11_index_load() + + The name makes it clearer what's going on. This is only used + during loading, so we can track whether a change has resulted + from the trust module or from the file storage. + + trust/builder.c | 4 ++-- + trust/index.c | 4 ++-- + trust/index.h | 4 ++-- + trust/tests/test-builder.c | 16 ++++++++-------- + trust/tests/test-index.c | 12 ++++++------ + trust/token.c | 4 ++-- + 6 files changed, 22 insertions(+), 22 deletions(-) + +commit 17bc43cb82320f2aba4ccb804bd8599232524c6a +Author: Stef Walter +Date: 2013-06-28 + + trust: Implement reloading of token data + + * Reload token data whenever a new session is opened. + * Only reload files/directories that have changed. + * Move duplicate anchor/blacklist detection logic into + the extract code. This is in line with the approach + being discussed on the mailing lists and spec document. + * New internal attribute CKA_X_ORIGIN set on all objects + so we can track where an object came from, and replace + it when reloaded. + + In general this is a prerequisite for modification of objects + reload before modify is necessary to prevent multiple callers + clobbering each other's changes. + + trust/builder.c | 3 +- + trust/extract-info.c | 86 ++++++++---- + trust/index.c | 18 ++- + trust/index.h | 6 + + trust/module.c | 5 +- + trust/parser.c | 124 +++-------------- + trust/parser.h | 7 +- + trust/tests/test-extract.c | 28 ++-- + trust/tests/test-parser.c | 184 +++++-------------------- + trust/tests/test-token.c | 255 ++++++++++++++++++++++++++++++---- + trust/tests/test-trust.c | 75 ++++++++++ + trust/tests/test-trust.h | 28 ++++ + trust/token.c | 331 +++++++++++++++++++++++++++++++++++---------- + trust/token.h | 3 + + 14 files changed, 746 insertions(+), 407 deletions(-) + +commit 7bb9ad33da0154c9a4317f0123046eee85738349 +Author: Stef Walter +Date: 2013-06-28 + + iter: Add iteration mode where session is not busy + + In order to use the session we are iterating on for other tasks + such as other C_FindObject() calls, we need to make sure that + it's not in the middle of a find operation. Finish up the + complete find operation in advance of returning objects from + a session. + + Make this the default mode. The previous behavior remains + as an option. Add tests. + + p11-kit/iter.c | 59 +++++++++++++++-------- + p11-kit/iter.h | 7 ++- + p11-kit/tests/test-iter.c | 111 +++++++++++++++++++++++++++++++++---------- + trust/extract-info.c | 8 ++-- + trust/extract.c | 2 +- + trust/tests/frob-nss-trust.c | 6 +-- + trust/tests/test-bundle.c | 2 +- + trust/tests/test-cer.c | 2 +- + trust/tests/test-extract.c | 2 +- + trust/tests/test-openssl.c | 2 +- + 10 files changed, 144 insertions(+), 57 deletions(-) + +commit 7eabbee227f09cc4ff9e472520f03bba1e35596b +Author: Stef Walter +Date: 2013-06-28 + + path: Add p11_path_prefix() function + + Checks if a wellformed path is identical to or a prefix + of another path. + + common/path.c | 17 +++++++++++++++++ + common/path.h | 3 +++ + common/tests/test-path.c | 13 +++++++++++++ + 3 files changed, 33 insertions(+) + +commit 1e777512e554db76ba2f1aba800ee09a9fa074f0 +Author: Stef Walter +Date: 2013-06-26 + + trust: Implement validation for creating/modifying objects + + trust/builder.c | 277 ++++++++++++++++++++++++----- + trust/tests/test-builder.c | 427 +++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 661 insertions(+), 43 deletions(-) + +commit c807b2432bb954caf89f3092b65ea61a1bc6942e +Author: Stef Walter +Date: 2013-06-25 + + Fix dependency between p11-kit command and library + + p11-kit/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6daeaa08d0e7c7f49392cd9e419c74b6c8721811 +Author: Stef Walter +Date: 2013-06-25 + + Fix running trust module tests under distcheck + + trust/tests/test-module.c | 22 ++++++++++++---------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +commit 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4 +Author: Stef Walter +Date: 2013-06-24 + + Reorganize various components + + * p11-kit library and tool in the p11-kit/ subdirectory + * trust module and new trust tool in trust/ subdirectory + * No more tools/ subdirectory + * Lots less in the common/ subdirectory + + .gitignore | 2 + + Makefile.am | 1 - + common/Makefile.am | 31 +-- + common/tests/Makefile.am | 32 +-- + common/tests/test-lexer.c | 35 +-- + {tools => common}/tool.c | 76 +++--- + {tools => common}/tool.h | 18 +- + configure.ac | 2 - + doc/manual/Makefile.am | 1 - + gtk-doc.make | 2 +- + p11-kit/Makefile.am | 20 ++ + {tools => p11-kit}/list.c | 15 +- + p11-kit/p11-kit.c | 102 ++++++++ + tools/Makefile.am | 53 ----- + tools/tests/Makefile.am | 84 ------- + tools/tests/files/cacert3.der | Bin 1885 -> 0 bytes + tools/tests/files/cacert3.pem | 42 ---- + tools/tests/test-tools.c | 216 ----------------- + tools/tests/test-tools.h | 260 --------------------- + trust/Makefile.am | 56 ++++- + {common => trust}/asn1.c | 0 + {common => trust}/asn1.h | 0 + {common => trust}/base64.c | 0 + {common => trust}/base64.h | 0 + {common => trust}/basic.asn | 0 + {common => trust}/basic.asn.h | 0 + tools/extract-x509.c => trust/extract-cer.c | 0 + {tools => trust}/extract-info.c | 0 + {tools => trust}/extract-jks.c | 0 + {tools => trust}/extract-openssl.c | 0 + {tools => trust}/extract-pem.c | 0 + {tools => trust}/extract.c | 4 +- + {tools => trust}/extract.h | 3 + + {common => trust}/oid.c | 0 + {common => trust}/oid.h | 0 + {common => trust}/openssl.asn | 0 + {common => trust}/openssl.asn.h | 0 + {common => trust}/pem.c | 0 + {common => trust}/pem.h | 0 + {common => trust}/pkix.asn | 0 + {common => trust}/pkix.asn.h | 0 + {tools => trust}/save.c | 0 + {tools => trust}/save.h | 0 + trust/tests/Makefile.am | 70 +++++- + .../tests/files/cacert3-distrust-all.pem | 0 + .../tests/files/cacert3-distrusted-all.pem | 0 + .../tests/files/cacert3-not-trusted.pem | 0 + .../tests/files/cacert3-trusted-alias.pem | 0 + .../tests/files/cacert3-trusted-keyid.pem | 0 + .../tests/files/cacert3-trusted-multiple.pem | 0 + .../tests/files/cacert3-trusted-server-alias.pem | 0 + {tools => trust}/tests/files/cacert3-twice.pem | 0 + {tools => trust}/tests/files/empty-file | 0 + {tools => trust}/tests/files/simple-string | 0 + {common => trust}/tests/frob-cert.c | 0 + {common => trust}/tests/frob-eku.c | 0 + {common => trust}/tests/frob-ku.c | 0 + {common => trust}/tests/frob-oid.c | 0 + {common => trust}/tests/test-asn1.c | 0 + {common => trust}/tests/test-base64.c | 0 + .../tests/test-pem.c => trust/tests/test-bundle.c | 5 +- + tools/tests/test-x509.c => trust/tests/test-cer.c | 5 +- + {tools => trust}/tests/test-extract.c | 5 +- + {common => trust}/tests/test-oid.c | 0 + {tools => trust}/tests/test-openssl.c | 5 +- + {common => trust}/tests/test-pem.c | 0 + {tools => trust}/tests/test-save.c | 5 +- + trust/tests/test-trust.c | 176 +++++++++++++- + trust/tests/test-trust.h | 74 ++++++ + {common => trust}/tests/test-utf8.c | 0 + {common => trust}/tests/test-x509.c | 0 + trust/trust.c | 64 +++++ + {common => trust}/utf8.c | 0 + {common => trust}/utf8.h | 0 + {common => trust}/x509.c | 0 + {common => trust}/x509.h | 0 + 76 files changed, 638 insertions(+), 826 deletions(-) + +commit 5489a1456c5a6f320bd2b3aa849f36f10d538e81 +Merge: 1caa880 93f1977 +Author: Stef Walter +Date: 2013-06-17 + + Merge branch 'stable' + +commit 1caa8801f6d888befb3515d24171bf77a172a93c +Author: Stef Walter +Date: 2013-06-14 + + trust: Writable module PKCS#11 token functions + + Although we don't actually write anything out yet, make the + various PKCS#11 functions behave properly when faced with + requests to write to token objects + + common/test.c | 14 ++++++-- + trust/module.c | 88 ++++++++++++++++++++++++++++++++++++----------- + trust/session.h | 1 + + trust/tests/test-module.c | 38 ++++++++++++++++---- + 4 files changed, 111 insertions(+), 30 deletions(-) + +commit 93f197792150ae2e2e3ffafb903dfab6854915cb +Author: Stef Walter +Date: 2013-06-17 + + trust: Move the extract-trust external placeholder command into trust/ + + .gitignore | 3 ++- + configure.ac | 2 +- + tools/Makefile.am | 4 ---- + trust/Makefile.am | 4 ++++ + {tools => trust}/p11-kit-extract-trust.in | 0 + 5 files changed, 7 insertions(+), 6 deletions(-) + +commit 41d2a28b89af41799d01d5973d026712d9174f31 +Author: Stef Walter +Date: 2013-06-17 + + trust: Print out usage when extract-trust run incorrectly + + Also sorta covers --help and -h usage + + tools/p11-kit-extract-trust.in | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +commit e32481727387460d5900d0bbb495d3694facf64b +Author: Stef Walter +Date: 2013-06-17 + + tools: Fix passing args to external commands + + There were various bugs passing arguments, with duplicates being + passed, as well as certain arguments being skipped.t + + tools/tool.c | 4 ++++ + 1 file changed, 4 insertions(+) + +commit b6e065cda1db37a6c8ed52dac3432468e1277323 +Author: Stef Walter +Date: 2013-06-17 + + tools: Only use our private path when looking for external commands + + Instead of looking for external commands in the path, just look + for them in our private directory. + + We want to be conservative early on, and limit what sorta things + we have to maintain later. We can later remove this restriction + if a real use case presents itself. + + tools/tool.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +commit bfe10cd0660fd81d78c8c5ce3eaa7d1f046859e1 +Author: Stef Walter +Date: 2013-06-14 + + trust: Correctly reflect the CK_TOKEN_INFO writability flags + + Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths + which we will be able to write to. + + common/compat.h | 3 ++ + trust/module.c | 5 +++- + trust/tests/test-module.c | 57 +++++++++++++++++++++++++++++++++-- + trust/tests/test-token.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 47 +++++++++++++++++++++++++++++ + trust/token.h | 2 ++ + 6 files changed, 187 insertions(+), 3 deletions(-) + +commit 045df29606ea9853b4fc8bdba062a5e4a7a5be95 +Author: Stef Walter +Date: 2013-06-14 + + path: Add p11_path_parent() function + + Gets the parent element of the path, removing the last component. + Handles trailing and duplicate path separators correctly. + + common/path.c | 36 ++++++++++++++++++++++++++++++++++++ + common/path.h | 2 ++ + common/tests/test-path.c | 17 +++++++++++++++++ + 3 files changed, 55 insertions(+) + +commit 8c6dd48789bdaf2a3dc800df7ed3416ddc3b7e1f +Author: Stef Walter +Date: 2013-06-14 + + path: Fix expanding of paths and tests + + common/path.c | 16 +++++++++++----- + common/tests/test-path.c | 46 ++++++++++++++++++++++++++-------------------- + 2 files changed, 37 insertions(+), 25 deletions(-) + +commit 9e03e9950d78b58a91454b494513d1fc0872dcf2 +Author: Stef Walter +Date: 2013-06-13 + + common: Abort test cases when one fails + + common/test.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 125aa8b136fa950172c3946ca4768cf4750b697a +Merge: f48e1a2 49e344c +Author: Stef Walter +Date: 2013-06-05 + + Merge branch 'stable' + +commit 49e344cfa48d765ccc83a7313b1ba1c30252b84e +Author: Stef Walter +Date: 2013-06-05 + + Release version 0.18.3 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit 1b61494bb10866841e52956a2b65b75259f64e3c +Author: Stef Walter +Date: 2013-06-05 + + trust: Fix crash when C_Initialize args are NULL + + https://bugs.freedesktop.org/show_bug.cgi?id=65401 + + trust/module.c | 5 ++++- + trust/tests/test-module.c | 18 ++++++++++++++++++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +commit 3dc38f294af5bbe1939d38ec9b3fcd699f97c8ce +Author: Stef Walter +Date: 2013-06-05 + + trust: Fix reinitialization of trust module + + Track number of C_Initialize calls, and require similar number + of C_Finalize calls to finalize. + + This fixes leaks/disappearing sessions in the trust module. + + https://bugs.freedesktop.org/show_bug.cgi?id=65401 + + trust/module.c | 25 +++++++++++++--- + trust/tests/frob-multi-init.c | 69 +++++++++++++++++++++++++++++++++++++++++++ + trust/tests/test-module.c | 49 ++++++++++++++++++++++++++++++ + 3 files changed, 139 insertions(+), 4 deletions(-) + +commit f48e1a2a496604a835d0f9230113218951a1ced2 +Author: manphiz@gmail.com +Date: 2013-04-24 + + Fix uninitialized p11_library_once + + https://bugs.freedesktop.org/show_bug.cgi?id=57714 + + common/library.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6132376b31f6d8c27fa63b219e7330f4489de6cc +Author: Stef Walter +Date: 2013-04-05 + + Force Mac OS shared library extension to .so + + Darwin and libtool seem confused about what shared library + extension they actually use. + + https://bugs.freedesktop.org/show_bug.cgi?id=57714 + + configure.ac | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +commit cf91dc6975424e3ba3971e4496e91036e97419e5 +Author: manphiz@gmail.com +Date: 2013-04-24 + + Fix uninitialized p11_library_once + + https://bugs.freedesktop.org/show_bug.cgi?id=57714 + + common/library.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit f358242f0068b280c1478075617288095dd95adc +Author: Stef Walter +Date: 2013-04-05 + + Force Mac OS shared library extension to .so + + Darwin and libtool seem confused about what shared library + extension they actually use. + + https://bugs.freedesktop.org/show_bug.cgi?id=57714 + + configure.ac | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +commit 96771f49dc945800ae28c77ff407753cbb995c7f +Author: Stef Walter +Date: 2013-05-21 + + persist: Support for writing out p11-kit persist files + + trust/parser.c | 10 +- + trust/persist.c | 458 +++++++++++++++++++++++++++++++++++++++------ + trust/persist.h | 4 + + trust/tests/test-persist.c | 203 +++++++++++++++++--- + trust/tests/test-trust.c | 2 +- + 5 files changed, 587 insertions(+), 90 deletions(-) + +commit daf63f2cf66669b3555f2f15498a0aa2db234b2f +Author: Stef Walter +Date: 2013-05-21 + + constants: Tweaks and add mechanisms + + common/constants.c | 428 +++++++++++++++++++++--------------------- + common/tests/test-constants.c | 70 +++---- + 2 files changed, 245 insertions(+), 253 deletions(-) + +commit 56fec770071713bf800e7e9f3905973703105ec5 +Author: Stef Walter +Date: 2013-05-21 + + pem: Write PEM data directly to a buffer + + common/pem.c | 38 +++++++++++++++++--------------------- + common/pem.h | 7 +++++-- + common/tests/test-pem.c | 21 ++++++++++++--------- + tools/extract-openssl.c | 29 +++++++++++++++++------------ + tools/extract-pem.c | 32 ++++++++++++++++++++------------ + 5 files changed, 71 insertions(+), 56 deletions(-) + +commit cb8f2e3a04d9365121ffea0d76d8b3d47e2cc1ec +Author: Stef Walter +Date: 2013-05-21 + + url: Encode directly to a buffer + + common/tests/test-url.c | 30 ++++++++++++++++++------------ + common/url.c | 29 ++++++++++------------------- + common/url.h | 5 +++-- + p11-kit/uri.c | 32 +++++++++++++++++++------------- + 4 files changed, 50 insertions(+), 46 deletions(-) + +commit 4fd057258177f4f14bbe78c2d02d5a65eaf3f3dc +Author: Stef Walter +Date: 2013-05-27 + + Release version 0.19.1 + + NEWS | 11 +++++++++++ + configure.ac | 2 +- + 2 files changed, 12 insertions(+), 1 deletion(-) + +commit e98522ba9e92be79526eba9daee9f60aa30ad942 +Author: Stef Walter +Date: 2013-05-21 + + Mark p11_kit_message() as a stable function + + doc/manual/p11-kit-sections.txt | 2 +- + p11-kit/p11-kit.h | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +commit 61a9cfa62972678f1cbbad7f4d1a814e9b7f05e2 +Author: Stef Walter +Date: 2013-05-21 + + Fix building of applications using CRYPTOKI_GNU style + + p11-kit/p11-kit.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 435843812ab7b85f97cfdc32ae9412f78242b950 +Author: Stef Walter +Date: 2013-05-21 + + Bump the version for deprecated function documentation + + p11-kit/modules.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +commit 30830eb693ac2e89f28bb34459db6837031ca795 +Author: Stef Walter +Date: 2013-04-09 + + Fix up Makefile.am files for automake 1.13 warnings + + common/tests/Makefile.am | 4 ++-- + p11-kit/Makefile.am | 2 +- + p11-kit/tests/Makefile.am | 2 +- + tools/Makefile.am | 2 +- + tools/tests/Makefile.am | 2 +- + trust/Makefile.am | 2 +- + trust/tests/Makefile.am | 2 +- + 7 files changed, 8 insertions(+), 8 deletions(-) + +commit dcabaf1d56d410ba7ddb3dfbab9011bbbea5e6bc +Author: Stef Walter +Date: 2013-04-05 + + Our own unit testing framework + + * Support the TAP protocol + * Much cleaner without having to carry around state + * First class support for setup/teardown + * Port the common tests + * Wait on porting other tests until we've merged outstanding code + + build/Makefile.am | 8 - + build/Makefile.tests | 5 +- + build/cutest/CuTest.c | 329 ------- + build/cutest/CuTest.h | 111 --- + build/cutest/README.txt | 211 ---- + build/cutest/license.txt | 38 - + common/Makefile.am | 5 +- + common/debug.h | 2 + + common/test.c | 261 +++++ + common/test.h | 131 +++ + common/tests/Makefile.am | 3 +- + common/tests/test-array.c | 101 +- + common/tests/test-asn1.c | 53 +- + common/tests/test-attrs.c | 461 +++++---- + common/tests/test-base64.c | 67 +- + common/tests/test-buffer.c | 113 +-- + common/tests/test-compat.c | 28 +- + common/tests/test-constants.c | 45 +- + common/tests/test-dict.c | 250 +++-- + common/tests/test-hash.c | 74 +- + common/tests/test-lexer.c | 126 ++- + common/tests/test-oid.c | 45 +- + common/tests/test-path.c | 68 +- + common/tests/test-pem.c | 76 +- + common/tests/test-url.c | 93 +- + common/tests/test-utf8.c | 60 +- + common/tests/test-x509.c | 106 +- + p11-kit/tests/Makefile.am | 14 +- + p11-kit/tests/{conf-test.c => test-conf.c} | 252 +++-- + p11-kit/tests/test-deprecated.c | 187 ++-- + p11-kit/tests/test-init.c | 144 ++- + p11-kit/tests/test-iter.c | 481 +++++----- + p11-kit/tests/test-log.c | 41 +- + p11-kit/tests/test-managed.c | 97 +- + p11-kit/tests/test-mock.c | 1012 ++++++++++---------- + p11-kit/tests/test-modules.c | 157 ++- + p11-kit/tests/{pin-test.c => test-pin.c} | 104 +- + p11-kit/tests/{progname-test.c => test-progname.c} | 34 +- + p11-kit/tests/test-proxy.c | 75 +- + p11-kit/tests/{uri-test.c => test-uri.c} | 633 ++++++------ + p11-kit/tests/test-virtual.c | 70 +- + tools/tests/Makefile.am | 6 +- + tools/tests/test-extract.c | 221 ++--- + tools/tests/test-openssl.c | 186 ++-- + tools/tests/test-pem.c | 96 +- + tools/tests/test-save.c | 329 +++---- + tools/tests/{test.c => test-tools.c} | 65 +- + tools/tests/{test.h => test-tools.h} | 34 +- + tools/tests/test-x509.c | 102 +- + trust/tests/Makefile.am | 5 +- + trust/tests/test-builder.c | 446 +++------ + trust/tests/test-index.c | 395 ++++---- + trust/tests/test-module.c | 470 ++++----- + trust/tests/test-parser.c | 219 ++--- + trust/tests/test-persist.c | 155 ++- + trust/tests/test-token.c | 93 +- + trust/tests/{test-data.c => test-trust.c} | 56 +- + trust/tests/{test-data.h => test-trust.h} | 40 +- + 58 files changed, 3901 insertions(+), 5188 deletions(-) + +commit 7fd6d89d92b6f1b543bf2aa4b2e578201dad7147 +Author: Stef Walter +Date: 2013-04-06 + + Further reorganization of the core module tracking + + * Keep the module ownership apart from the tracking of module + function pointers, since these are only relevant for unmanaged + modules. + * Less assumptions that each module has a raw unmanaged module + function pointer. + * More clarity in the naming of dictionaries tracking the modules. + + p11-kit/modules.c | 349 +++++++++++++++++++++++++----------------------------- + 1 file changed, 161 insertions(+), 188 deletions(-) + +commit eb88be6c0b7ea39a74cd2aa8af33371de4aeb74c +Author: Stef Walter +Date: 2013-04-07 + + Pull the argv parsing code into its own file + + So it can be used from multiple code paths + + common/Makefile.am | 1 + + common/argv.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/argv.h | 44 ++++++++++++++++++++ + trust/module.c | 78 ++---------------------------------- + 4 files changed, 164 insertions(+), 74 deletions(-) + +commit 7b848defc704cc1fbb47a16b23727583c14b804d +Author: Stef Walter +Date: 2013-04-06 + + Support /xxx/yyy as an absolute path with Win32 + + Because win32 code doesn't just run on windows, wine runs + with unix style paths. + + common/path.c | 8 ++++---- + common/tests/test-path.c | 2 +- + 2 files changed, 5 insertions(+), 5 deletions(-) + +commit 10d26767fa39f43b0aabb82d73ed88b2c2522397 +Author: Stef Walter +Date: 2013-05-21 + + Bump the version number to unstable + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b73f4ef126bdead47262e29e47d159a89984d65f +Author: Stef Walter +Date: 2013-02-19 + + Add the log-calls module config option + + If 'log-calls = yes' is set then all the PKCS#11 modules are logged + to stderr. + + common/attrs.c | 22 +- + common/attrs.h | 9 + + common/constants.c | 350 ++++++- + common/constants.h | 8 + + common/tests/test-constants.c | 18 +- + doc/manual/Makefile.am | 1 + + doc/manual/p11-kit-sharing.xml | 5 + + doc/manual/pkcs11.conf.xml | 19 + + p11-kit/Makefile.am | 1 + + p11-kit/log.c | 2022 ++++++++++++++++++++++++++++++++++++++++ + p11-kit/log.h | 53 ++ + p11-kit/modules.c | 44 +- + p11-kit/tests/Makefile.am | 1 + + p11-kit/tests/test-log.c | 125 +++ + p11-kit/tests/test-mock.c | 4 +- + 15 files changed, 2646 insertions(+), 36 deletions(-) + +commit a14ff781ebf231daa99990fd65c2312f26db93a8 +Author: Stef Walter +Date: 2013-02-19 + + Manage C_CloseAllSessions function for multiple callers + + Make C_CloseAllSessions work for different callers. Track the sessions + that each caller opens and close just those when C_CloseAllSessiosn is + called. + + common/mock.c | 2 +- + doc/manual/p11-kit-sharing.xml | 6 ++ + p11-kit/modules.c | 202 ++++++++++++++++++++++++++++++++++++++++- + p11-kit/tests/test-init.c | 9 +- + p11-kit/tests/test-managed.c | 64 ++++++++++++- + 5 files changed, 275 insertions(+), 8 deletions(-) + +commit 0cb1132469c1e13be64f85cd6566e6617bfe32cc +Author: Stef Walter +Date: 2013-02-15 + + Update the proxy module to use managed PKCS#11 modules + + Each time C_GetFunctionList is called on the proxy module, a new + managed PKCS#11 set of functions is returned. These are all cleaned + up when the module is unloaded. + + We want the proxy module to continue to work even without the highly + recommended libffi. For that reason we still keep the old behavior of + sharing state in the proxy module. + + common/mock.c | 9 - + common/mock.h | 11 + + doc/manual/Makefile.am | 1 + + p11-kit/Makefile.am | 2 +- + p11-kit/modules.c | 5 +- + p11-kit/private.h | 4 - + p11-kit/proxy.c | 1465 +++++++++++++++++++++++++++++++++++++------- + p11-kit/proxy.h | 45 ++ + p11-kit/tests/test-mock.c | 26 +- + p11-kit/tests/test-proxy.c | 116 +++- + p11-kit/util.c | 3 + + 11 files changed, 1422 insertions(+), 265 deletions(-) + +commit 5c19f0cf66495f00ccf69eba1d0915f862a88c8d +Author: Stef Walter +Date: 2013-02-06 + + p11-kit: Managed PKCS#11 module loading + + Support a new managed style module loading for PKCS#11 modules. This + allows us to better coordinate between multiple callers of the same + PKCS#11 modules and provide hooks into their behavior. + + This meant redoing the public facing API. The old methods are now + deprecated, marked and documented as such. + + common/compat.c | 6 + + common/compat.h | 4 +- + common/mock.c | 63 +- + common/mock.h | 6 +- + doc/manual/Makefile.am | 2 + + doc/manual/p11-kit-docs.xml | 2 + + doc/manual/p11-kit-proxy.xml | 29 + + doc/manual/p11-kit-sections.txt | 39 +- + doc/manual/p11-kit-sharing.xml | 94 +- + doc/manual/pkcs11.conf.xml | 24 + + gtk-doc.make | 2 +- + p11-kit/Makefile.am | 7 +- + p11-kit/deprecated.h | 97 ++ + p11-kit/docs.h | 38 + + p11-kit/modules.c | 1498 ++++++++++++++++++++---- + p11-kit/modules.h | 51 + + p11-kit/p11-kit.h | 63 +- + p11-kit/private.h | 6 - + p11-kit/proxy.c | 231 ++-- + p11-kit/tests/Makefile.am | 10 +- + p11-kit/tests/files/system-pkcs11.conf | 5 +- + p11-kit/tests/files/user-modules/one.module | 3 +- + p11-kit/tests/test-deprecated.c | 521 +++++++++ + p11-kit/tests/test-init.c | 176 ++- + p11-kit/tests/test-iter.c | 72 +- + p11-kit/tests/test-managed.c | 168 +++ + p11-kit/tests/test-mock.c | 1687 +++++++++++++++++++++++++++ + p11-kit/tests/test-modules.c | 124 +- + p11-kit/tests/test-proxy.c | 94 ++ + tools/extract.c | 15 +- + tools/list.c | 16 +- + tools/tests/test-extract.c | 7 +- + tools/tests/test-openssl.c | 9 +- + tools/tests/test-pem.c | 9 +- + tools/tests/test-x509.c | 9 +- + trust/tests/frob-nss-trust.c | 25 +- + 36 files changed, 4660 insertions(+), 552 deletions(-) + +commit ff853bd7902e271256cada4a1b20a3d46b519b69 +Author: Stef Walter +Date: 2013-01-10 + + Use libffi to implement mixins for managed code + + * This allows us to call into subclassed PKCS#11 modules as if + they were plain old PKCS#11 modules + * libffi is an optional dependency + + configure.ac | 31 + + doc/manual/Makefile.am | 5 +- + doc/manual/p11-kit-devel.xml | 3 + + p11-kit/Makefile.am | 7 +- + p11-kit/tests/Makefile.am | 7 + + p11-kit/tests/test-virtual.c | 183 +++ + p11-kit/virtual.c | 2964 ++++++++++++++++++++++++++++++++++++++++++ + p11-kit/virtual.h | 68 + + 8 files changed, 3265 insertions(+), 3 deletions(-) + +commit a7af75a31010109529a9edddc825538884f326ca +Author: Stef Walter +Date: 2013-02-14 + + Add subclassable CK_X_FUNCTION_LIST + + One of the flaws in PKCS#11 for our usage is that each PKCS#11 module + is not passed the pointer to the function list, ie: the vtable + + Here we define a new function list vtable, where each PKCS#11 function + takes the vtable itself as the first argument. We use this new + list internally to represent subclassable PKCS#11 modules for + various features. + + common/mock.c | 757 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- + common/mock.h | 370 ++++++++++++++++++++++++++- + common/pkcs11x.h | 438 ++++++++++++++++++++++++++++++++ + 3 files changed, 1561 insertions(+), 4 deletions(-) + +commit 06a84bafc7c5f0ac92883e9219a7c00f456df39c +Author: Stef Walter +Date: 2013-05-15 + + Fail early when running automaint.sh + + automaint.sh | 2 ++ + 1 file changed, 2 insertions(+) + +commit de8b99e2f04f94313a7748adedf7535603013951 +Author: Stef Walter +Date: 2013-05-15 + + Implement valgrind's hellgrind checks for threading problems + + And cleanup our locks/locking model. There's no need to use + recursive locks, especially since we can't use them on all + platforms. In addition adjust taking of locks during initialization + so that there's no chance of deadlocking here. + + automaint.sh | 2 +- + build/Makefile.decl | 5 +++++ + build/Makefile.tests | 5 +++++ + common/compat.c | 2 +- + p11-kit/modules.c | 2 +- + 5 files changed, 13 insertions(+), 3 deletions(-) + +commit 4bd7eda265b94dfcb9a1db4aba756e1e05dd4f87 +Author: Stef Walter +Date: 2013-05-14 + + Release version 0.18.2 + + NEWS | 3 +++ + configure.ac | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +commit c6793097e6f0d82cfca07aaeb55c7e9b742d2fdf +Author: manphiz@gmail.com +Date: 2013-05-09 + + Patch to make test-lexer depend on ASN.1 + + https://bugs.freedesktop.org/show_bug.cgi?id=64378 + + common/tests/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit e72df3c2546a79f51e7c203bc5735494d45c5c26 +Author: Stef Walter +Date: 2013-05-03 + + Reduce libtasn1 dependency to 2.3 + + * This passes all checks and is compatible + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 32e26b5c1852fd7b0261929e3a9b39c473621fd2 +Author: Stef Walter +Date: 2013-04-15 + + Release version 0.18.1 + + NEWS | 4 ++++ + configure.ac | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit d4392aef7fa3a3b2c308ad3d05c691569361ee49 +Author: Stef Walter +Date: 2013-04-04 + + doc: Use gtk-doc in the no-tmpl flavor + + doc/manual/Makefile.am | 6 ++++++ + gtk-doc.make | 39 +++++++++------------------------------ + 2 files changed, 15 insertions(+), 30 deletions(-) + +commit 153dc7a750a11d7940f4e4e6e718939d23ee4541 +Author: Stef Walter +Date: 2013-04-04 + + manual: Use a consistent docbook version + + doc/manual/p11-kit-config.xml | 5 +++-- + doc/manual/p11-kit-devel.xml | 5 +++-- + doc/manual/p11-kit-sharing.xml | 5 +++-- + doc/manual/p11-kit-trust.xml | 5 +++-- + doc/manual/p11-kit.xml | 4 ++-- + doc/manual/pkcs11.conf.xml | 4 ++-- + 6 files changed, 16 insertions(+), 12 deletions(-) + +commit 3e5916530b995bda1a5deea7ecf9c185a402d463 +Author: Stef Walter +Date: 2013-04-04 + + Put the external tools in $libdir/p11-kit + + These are possibly architecture specific binaries, so they should be + in $libdir/p11-kit and not in $datadir/p11-kit + + configure.ac | 3 +++ + tools/Makefile.am | 4 ++-- + tools/tool.c | 2 +- + 3 files changed, 6 insertions(+), 3 deletions(-) + +commit 941ff24161e040fca7382e3f98b0c1b51da21dac +Author: Stef Walter +Date: 2013-04-04 + + Release version 0.18.0 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +commit 32b0b448d0ac4f1fa5f9143f0c4385066a9b4a76 +Author: Stef Walter +Date: 2013-04-04 + + Fix off by one in date parsing code + + We didn't treat the two digit year 00 as a valid year, whereas it + actually represents the year 2000. This is in a non-critical code path. + + trust/builder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit d6e0982658acb231333ebfbfb7efff8b762231d0 +Author: Stef Walter +Date: 2013-04-04 + + Don't print erroneous debug messages when skipping files + + The parser automatically skips over files that it cannot parse. Don't + print confusing debug messages about DER parse failures when it does so. + + common/asn1.c | 12 ++++++------ + trust/parser.c | 8 +++++--- + 2 files changed, 11 insertions(+), 9 deletions(-) + +commit 032fbd8806333bdaf0201cfd9d7bcaac8ec75184 +Author: Stef Walter +Date: 2013-04-02 + + Update to MurmurHash3 + + This should also fix problems with accessing memory in a non-aligned + fashion on platforms where this causes problems. + + https://bugs.freedesktop.org/show_bug.cgi?id=62819 + + common/attrs.c | 2 +- + common/dict.c | 2 +- + common/hash.c | 149 +++++++++++++++++++++++++---------------------- + common/hash.h | 4 +- + common/tests/test-hash.c | 18 +++--- + 5 files changed, 91 insertions(+), 84 deletions(-) + +commit 8c69e467527c5ee484c9a921e9b5fd18c0c49b12 +Author: Stef Walter +Date: 2013-03-29 + + Don't respect timezones for CKA_START_DATE or CKA_END_DATE + + The PKCS#11 specification does not note what timezone these dates + are in. In addition the time values are not represented in PKCS#11. + + So don't reinterpret certificate dates, other than filling in the + century for dates that have a two digit year. + + Lastly, these are low resolution optional fields so not being all + strict about timezones here is appropriate. + + https://bugs.freedesktop.org/show_bug.cgi?id=62825 + + common/asn1.c | 332 --------------------------------------------- + common/asn1.h | 6 - + trust/builder.c | 100 +++++++++++--- + trust/tests/test-builder.c | 14 +- + 4 files changed, 81 insertions(+), 371 deletions(-) + +commit 91aa0f9623e232fa253308c4f7464dab8902dfea +Author: Stef Walter +Date: 2013-03-29 + + trust: Fix logic for matching invalid NSS serial numbers + + Sometimes NSS queries for trust objects using invalid serial numbers + that do not have their DER decoding. We fixed this earlier, but want + to make sure there are no corner cases, accidentally not matching + serial numbers that happen to start with the same bytes as a DER + TLV would. + + trust/module.c | 120 ++++++++++++++++++++++++++++------------------ + trust/tests/test-module.c | 107 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 180 insertions(+), 47 deletions(-) + +commit a63311a0f3f2669138d09ff8f618fd4d12fa0c3d +Author: Stef Walter +Date: 2013-04-03 + + More compatible path munging and handling code + + Centralize the path handling code, so we can remove unixy assumptions + and have a chance of running on Windows. The current goal is to run + all the tests on Windows. + + Includes some code from LRN + + https://bugs.freedesktop.org/show_bug.cgi?id=63062 + + common/Makefile.am | 1 + + common/compat.c | 34 ------ + common/compat.h | 9 +- + common/path.c | 258 +++++++++++++++++++++++++++++++++++++++++++++ + common/path.h | 62 +++++++++++ + common/tests/Makefile.am | 1 + + common/tests/test-compat.c | 32 ------ + common/tests/test-path.c | 202 +++++++++++++++++++++++++++++++++++ + p11-kit/conf.c | 60 +---------- + p11-kit/modules.c | 38 +------ + tools/tests/test-openssl.c | 3 +- + tools/tests/test-pem.c | 3 +- + tools/tests/test-save.c | 3 +- + tools/tests/test-x509.c | 3 +- + tools/tool.c | 3 +- + trust/module.c | 5 +- + trust/parser.c | 3 +- + trust/tests/test-module.c | 10 +- + trust/token.c | 3 +- + 19 files changed, 558 insertions(+), 175 deletions(-) + +commit c3f1b0a45eb1c28b6f025f8ae56c3b020801b6aa +Author: Stef Walter +Date: 2013-04-03 + + Don't use free() on memory allocated by LocalFree() + + ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046 + + common/library.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit fcc3a83cc4d540bc2c4096524b5e8003046ba561 +Author: Stef Walter +Date: 2013-04-02 + + Separate library init from message code + + Put library init/uninit code its into their own statically + linked library so that they don't get linked into the p11-kit + executable. + + Refactor the message code so that the library initialization can + plug in its per thread message buffer. + + https://bugs.freedesktop.org/show_bug.cgi?id=63046 + + common/Makefile.am | 15 ++--- + common/lexer.c | 2 +- + common/library.c | 85 +++++--------------------- + common/library.h | 14 ----- + common/message.c | 140 +++++++++++++++++++++++++++++++++++++++++++ + common/message.h | 62 +++++++++++++++++++ + common/mock.c | 2 +- + common/tests/Makefile.am | 3 +- + common/tests/test-base64.c | 5 +- + common/tests/test-lexer.c | 3 +- + common/tests/test-url.c | 5 +- + p11-kit/Makefile.am | 2 +- + p11-kit/conf.c | 2 +- + p11-kit/modules.c | 1 + + p11-kit/pin.c | 1 + + p11-kit/proxy.c | 1 + + p11-kit/tests/Makefile.am | 6 +- + p11-kit/tests/conf-test.c | 31 +++++----- + p11-kit/tests/test-iter.c | 1 + + p11-kit/tests/test-modules.c | 1 + + p11-kit/tests/uri-test.c | 5 +- + p11-kit/uri.c | 2 +- + p11-kit/util.c | 1 + + tools/Makefile.am | 3 +- + tools/extract-info.c | 2 +- + tools/extract-jks.c | 2 +- + tools/extract-openssl.c | 2 +- + tools/extract-pem.c | 2 +- + tools/extract-x509.c | 2 +- + tools/extract.c | 2 +- + tools/list.c | 2 +- + tools/save.c | 2 +- + tools/tests/Makefile.am | 3 +- + tools/tests/test-extract.c | 3 +- + tools/tests/test-openssl.c | 3 +- + tools/tests/test-pem.c | 3 +- + tools/tests/test-save.c | 5 +- + tools/tests/test-x509.c | 3 +- + tools/tool.c | 2 +- + trust/Makefile.am | 2 +- + trust/builder.c | 2 +- + trust/module.c | 1 + + trust/parser.c | 2 +- + trust/session.c | 2 +- + trust/tests/Makefile.am | 5 +- + trust/tests/test-builder.c | 3 +- + trust/tests/test-index.c | 3 +- + trust/tests/test-module.c | 2 - + trust/tests/test-parser.c | 3 +- + trust/tests/test-persist.c | 3 +- + trust/tests/test-token.c | 3 +- + trust/token.c | 2 +- + 52 files changed, 294 insertions(+), 170 deletions(-) + +commit ae7dd1be6d431f25b101bc7e2b3fa373a8cbb47b +Author: Stef Walter +Date: 2013-04-02 + + Don't use library locks from p11-kit tool + + The global library p11_library_mutex is for libraries to use, so don't + use it from any code in common/, which is also used by the p11-kit tool + + https://bugs.freedesktop.org/show_bug.cgi?id=63046 + + common/library.c | 4 ---- + p11-kit/util.c | 4 ++++ + 2 files changed, 4 insertions(+), 4 deletions(-) + +commit 2e8f586cd5a0c4cf2471c085e9e0e4fdcc04d996 +Author: Stef Walter +Date: 2013-04-03 + + Add new script for setting up p11-kit for a maintainer + + Add win32 cross build, and build out of tree + + .gitignore | 6 ++++++ + automaint.sh | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 56 insertions(+) + +commit b7ccd06e1f969a6b86285360234582fe01d3aeaf +Author: Stef Walter +Date: 2013-04-03 + + Fix build on Win32 + + Don't reference an undefined macro + + https://bugs.freedesktop.org/show_bug.cgi?id=63046 + + tools/tests/test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bd6e31c485cd84746f474a64a63c15a7ea87d650 +Author: Stef Walter +Date: 2013-04-03 + + Fix documentation so it builds out of tree + + doc/manual/Makefile.am | 7 +- + doc/manual/{p11-kit-docs.sgml => p11-kit-docs.xml} | 0 + gtk-doc.make | 189 +++++++++++++-------- + 3 files changed, 123 insertions(+), 73 deletions(-) + +commit e67c0e4465607560e0f6af9e9b0395a9ee78adbc +Author: Stef Walter +Date: 2013-04-02 + + Fix build with automake 1.13 + + Also remove some generated files from the po/ directory. + + .gitignore | 5 + + common/tests/Makefile.am | 4 +- + p11-kit/tests/Makefile.am | 2 +- + po/Makefile.in.in | 444 ---------------------------------------------- + po/Rules-quot | 47 ----- + tools/tests/Makefile.am | 2 +- + trust/tests/Makefile.am | 2 +- + 7 files changed, 10 insertions(+), 496 deletions(-) + +commit c3c18a1ea9cd84ee35783809c059d1b9c80c5cbe +Author: Stef Walter +Date: 2013-03-29 + + Use CKA_X_CERTIFICATE_VALUE for trust assertions + + These don't contain the CKA_VALUE attribute for certificate data + but rather the CKA_X_CERTIFICATE_VALUE attribute. + + https://bugs.freedesktop.org/show_bug.cgi?id=62896 + + trust/builder.c | 15 ++++++++++----- + trust/tests/test-builder.c | 6 +++--- + 2 files changed, 13 insertions(+), 8 deletions(-) + +commit 4560373c254473990306c13178b959ccc5d338e4 +Author: Stef Walter +Date: 2013-03-28 + + Don't complain when applications call C_Logout or C_Login + + Some callers erroneously call our C_Logout function, like NSS. + So return appropriate error codes in these cases. + + https://bugs.freedesktop.org/show_bug.cgi?id=62874 + + trust/module.c | 32 ++++++++++++++++++++++++++++++-- + trust/tests/test-module.c | 23 +++++++++++++++++++++++ + 2 files changed, 53 insertions(+), 2 deletions(-) + +commit 10d8e6d1836701e311d2b55e116909198932915b +Author: Stef Walter +Date: 2013-03-28 + + Release version 0.17.5 + + NEWS | 4 ++++ + configure.ac | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit 87a0afed5db7e916a6ad6715e14996b2e25641d7 +Author: Stef Walter +Date: 2013-03-27 + + Don't try to guess at overflowing time values on 32-bit systems + + Since CKA_START_DATE and CKA_END_DATE are the only places + where we want to parse out times, and these are optional, just + leave blank if the time overflows what libc can handle on + a 32-bit system. + + https://bugs.freedesktop.org/show_bug.cgi?id=62825 + + build/certs/Makefile.am | 3 ++ + build/certs/distant-end-date.der | Bin 0 -> 366 bytes + common/asn1.c | 6 ++-- + trust/builder.c | 5 +-- + trust/tests/test-builder.c | 71 +++++++++++++++++++++++++++++++++++++++ + 5 files changed, 80 insertions(+), 5 deletions(-) + +commit b0e44f8e1e589726c95506da5121e95a54269fd7 +Author: Stef Walter +Date: 2013-03-25 + + Fix testing of murmur hash on bigendian systems + + The murmur hash produces different output depending on the architecture + + https://bugzilla.redhat.com/show_bug.cgi?id=927394 + + common/tests/test-hash.c | 60 +++++++++++++++++++----------------------------- + 1 file changed, 23 insertions(+), 37 deletions(-) + +commit 3f74a3b32ce42cc7e38bdbf8349f976000c3af4c +Author: Stef Walter +Date: 2013-03-20 + + Release 0.17.4 + + NEWS | 4 ++++ + configure.ac | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit 4b09d2b4d3958b58b020c1ae21fcd932e1eb6c37 +Author: Stef Walter +Date: 2013-03-20 + + Fix memory leaks reported by 'make leakcheck' + + common/mock.c | 4 +++- + common/pem.c | 1 + + common/tests/test-hash.c | 2 ++ + common/tests/test-utf8.c | 4 ++++ + common/tests/test-x509.c | 1 + + p11-kit/iter.c | 3 +++ + p11-kit/tests/pin-test.c | 1 - + p11-kit/tests/test-iter.c | 1 + + p11-kit/tests/test-modules.c | 2 ++ + p11-kit/uri.c | 5 +---- + tools/extract-openssl.c | 3 --- + tools/tests/test-openssl.c | 7 ++++++ + tools/tests/test-pem.c | 6 +++--- + tools/tests/test-save.c | 2 ++ + tools/tests/test-x509.c | 3 +++ + trust/builder.c | 2 ++ + trust/index.c | 7 +++--- + trust/module.c | 5 +++-- + trust/session.c | 1 + + trust/tests/test-builder.c | 51 +++++++++++++++++++++++++++++++++++--------- + trust/tests/test-index.c | 5 +++++ + trust/tests/test-module.c | 2 ++ + 22 files changed, 91 insertions(+), 27 deletions(-) + +commit 57d8f36a6cfbde5a9a783f11f2b75f19005c23e1 +Author: Stef Walter +Date: 2013-03-20 + + Fix invalid memory accesses reported by 'make memcheck' + + These are things that showed up in valgrind while running the tests. + + common/compat.c | 11 ++++------- + common/tests/test-compat.c | 16 ++++++++++++++++ + common/tests/test-hash.c | 22 +++++++++++----------- + trust/index.c | 2 +- + trust/tests/test-index.c | 2 ++ + 5 files changed, 34 insertions(+), 19 deletions(-) + +commit 9cf89e4b43e5e018bb3103be1873a3993769ce4a +Author: Stef Walter +Date: 2013-03-20 + + Add a bit of infrastructure for running valgrind + + * make memcheck: Runs basic memory checking + * make leakcheck: Also runs leak checking + + Makefile.am | 2 ++ + build/Makefile.am | 4 ++++ + build/Makefile.decl | 11 +++++++++++ + build/Makefile.tests | 11 +++++++++++ + common/Makefile.am | 3 ++- + common/tests/Makefile.am | 2 -- + doc/Makefile.am | 4 ++++ + doc/manual/p11-kit-devel.xml | 4 ++++ + p11-kit/Makefile.am | 3 ++- + tools/Makefile.am | 3 ++- + tools/tests/Makefile.am | 4 ++-- + trust/Makefile.am | 3 ++- + trust/tests/Makefile.am | 2 -- + 13 files changed, 46 insertions(+), 10 deletions(-) + +commit 0ecabc858dd6c1c2055f53202a01251e2ad7d2c2 +Author: Stef Walter +Date: 2013-03-20 + + trust: Predictable behavior with duplicate certificates in token + + If duplicate certificates are present in a token, we warn about this, + and don't really recommend it. However we have predictable behavior + where blacklist is prefered to anchor is preferred to unknown trust. + + https://bugs.freedesktop.org/show_bug.cgi?id=62548 + + trust/parser.c | 94 +++++++++++++++++++++++++++++++++- + trust/tests/test-parser.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++ + trust/token.c | 19 ++----- + 3 files changed, 224 insertions(+), 16 deletions(-) + +commit e075585ef1cffc988894b4efbf3d14d5e55dcdcc +Author: Stef Walter +Date: 2013-03-20 + + trust: Rework index to be faster and more usable + + The index now uses a sort of cross between a hash table and a bloom + filter internally to select matching items. This is needed for the + massive amount of lookups we want to do during loading. + + In addition make p11_index_find() and p11_index_replace() easier + to use. + + trust/builder.c | 14 +- + trust/index.c | 439 ++++++++++++++++++++++++++++++++------------- + trust/index.h | 15 +- + trust/tests/Makefile.am | 3 +- + trust/tests/frob-pow.c | 57 ++++++ + trust/tests/test-builder.c | 44 ++--- + trust/tests/test-index.c | 36 ++-- + trust/tests/test-parser.c | 6 +- + trust/tests/test-token.c | 2 +- + 9 files changed, 437 insertions(+), 179 deletions(-) + +commit fc562261c6bbb35dfed585a78fdec9a408b981c7 +Author: Stef Walter +Date: 2013-03-20 + + attrs: Print out the CKA_VALUE for certificates when debugging + + While it's true that we shouldn't be pritning out CKA_VALUE in + certain cases, like for keys, we obviously can do so for certificates. + + We don't have keys anyway, but in the interest of being general + purpose use the class to determine whether CKA_VALUE can be printed + + common/attrs.c | 49 ++++++++++++++++++++++++++++++++++++++--------- + common/attrs.h | 14 ++++++++++---- + common/tests/test-attrs.c | 2 +- + trust/tests/test-data.c | 15 ++++++++++----- + trust/tests/test-data.h | 3 ++- + 5 files changed, 63 insertions(+), 20 deletions(-) + +commit f45942a4fc3e1c5219e9b5201b82203337ee7280 +Author: Stef Walter +Date: 2013-03-20 + + hash: Add the murmur2 hash and start using it + + Add implementation of the murmur2 hash function, and start using + it for our dictionaries. Our implementation is incremental + like our other hash functions. + + Also remove p11_oid_hash() which wasn't being used. + + In addition fix several tests whose success was based on the + way that the dictionary hashed. This was a hidden testing bug. + + build/certs/Makefile.am | 6 +- + common/attrs.c | 11 +- + common/dict.c | 11 +- + common/hash.c | 126 +++++++++++++++++++++ + common/hash.h | 7 ++ + common/oid.c | 17 --- + common/oid.h | 2 - + common/tests/test-hash.c | 71 ++++++++++++ + tools/tests/files/cacert3-trusted-multiple.pem | 4 +- + ...-alias.pem => cacert3-trusted-server-alias.pem} | 4 +- + tools/tests/test-openssl.c | 14 +-- + tools/tests/test.h | 5 +- + trust/tests/files/cacert3-trusted.pem | 4 +- + trust/tests/test-parser.c | 3 +- + 14 files changed, 234 insertions(+), 51 deletions(-) + +commit 1dc227b4fce16fcc721276925492f4ba4db00b4f +Author: Stef Walter +Date: 2013-03-20 + + hash: Rename file and functions for hashes + + We're going to be adding other hashes. Also build as part of a + different common library. + + common/Makefile.am | 2 +- + common/{checksum.c => hash.c} | 22 ++++++++++----------- + common/{checksum.h => hash.h} | 26 ++++++++++++------------- + common/tests/Makefile.am | 2 +- + common/tests/{test-checksum.c => test-hash.c} | 28 +++++++++++++-------------- + common/x509.c | 4 ++-- + tools/extract-jks.c | 14 +++++++------- + tools/extract-openssl.c | 10 +++++----- + trust/builder.c | 16 +++++++-------- + trust/parser.c | 4 ++-- + trust/tests/test-builder.c | 6 +++--- + trust/tests/test-module.c | 10 +++++----- + 12 files changed, 72 insertions(+), 72 deletions(-) + +commit ef8c54a355d3f9814cc53a0aad72d61247b169a0 +Author: Stef Walter +Date: 2013-03-19 + + Release version 0.17.3 + + NEWS | 7 +++++++ + configure.ac | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +commit 80303340701c2cba78937193084f3d716b883b55 +Author: Stef Walter +Date: 2013-03-19 + + trust: Use descriptive labels for tokens + + Try to determine which one is the system trust input token, + and which one is the default token by using datadir and sysconfdir + respectively. + + https://bugs.freedesktop.org/show_bug.cgi?id=62534 + + trust/Makefile.am | 2 ++ + trust/module.c | 63 +++++++++++++++++++++++++++++++++++++---------- + trust/tests/Makefile.am | 2 ++ + trust/tests/frob-token.c | 2 +- + trust/tests/test-module.c | 30 +++++++++++++++------- + trust/tests/test-token.c | 13 +++++++++- + trust/token.c | 22 +++++++++++++++-- + trust/token.h | 5 +++- + 8 files changed, 112 insertions(+), 27 deletions(-) + +commit 832015f1fd91a9e94478514d7fe9b21e050f121a +Author: Stef Walter +Date: 2013-03-19 + + trust: Remove the temporary built in distrust objects + + These should now be loaded from the .p11-kit persist format. + + trust/token.c | 148 ---------------------------------------------------------- + 1 file changed, 148 deletions(-) + +commit b6295dd63a8028ae0b239859406c477d779f4d5e +Author: Stef Walter +Date: 2013-03-19 + + extract: Make extracted output directories read-only + + This is not a security feature or anything like that, but a hint + that the files are managed by the extract tool and should not be + modified manually. + + tools/save.c | 60 ++++++++++++++++++++++++++++++++++++------------- + tools/tests/test-save.c | 25 +++++++++------------ + tools/tests/test.c | 8 +++++-- + 3 files changed, 61 insertions(+), 32 deletions(-) + +commit 7c27e9fbbe86b3268065f248eab2d6964983a715 +Author: Stef Walter +Date: 2013-03-19 + + trust: Don't use POSIX or GNU basename() + + Both are nasty. Do our own, and test it a bit + + https://bugs.freedesktop.org/show_bug.cgi?id=62479 + + common/compat.c | 44 +++++++++++++--------- + common/compat.h | 17 ++++++--- + common/tests/Makefile.am | 1 + + common/tests/test-compat.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++ + trust/module.c | 5 ++- + trust/parser.c | 4 +- + 6 files changed, 137 insertions(+), 27 deletions(-) + +commit 535475c238c427cb685b4282997f7bce0876bfdf +Author: Andreas Metzler +Date: 2013-03-19 + + Do not export (de)constructor + + Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini + respectively to stop them from being exported in the ABI. It does not seem + to be necessary. + + p11-kit/util.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit 1d60d5a6b8c5784b7ac10098c3d9b513094f49a8 +Author: Stef Walter +Date: 2013-03-18 + + Release version 0.17.2 + + NEWS | 4 ++++ + configure.ac | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit 4ad4d5742037f156e07a4e28b202e49984e27a89 +Author: Stef Walter +Date: 2013-03-18 + + trust: Fix trust tests on 32-bit builds + + trust/tests/test-persist.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit ba67d1214f6d9254546997ceec310fce2f675679 +Author: Stef Walter +Date: 2013-03-18 + + trust: Fix invalid varargs call in the builder + + trust/builder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit caaeaffb86c572f996bec31f67443da2219def84 +Author: Stef Walter +Date: 2013-03-18 + + Release version 0.17.1 + + * Fix distcheck bugs surrounding the strndup() workaround + + NEWS | 16 ++++++++++++++++ + common/compat.c | 22 +++++++++++++++++++++- + configure.ac | 9 ++------- + 3 files changed, 39 insertions(+), 8 deletions(-) + +commit 6c47831b3bfc66e1e995fb27e80c23085bb41e08 +Author: Stef Walter +Date: 2013-03-18 + + trust: Provide better debugging of trust module functions + + Make C_FindObjects() and C_GetAttributeValue() functions dump the + attributes that they're dealing with when in debug mode. + + trust/module.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +commit 128239732a5b7e184d5d9c505402630ee9215080 +Author: Stef Walter +Date: 2013-03-18 + + attrs: Change p11_attrs_to_string() to allow static templates + + Allow passing the number of attributes to print, which lets us use + this directly on templates passed in by callers of the PKCS#11 API. + + common/attrs.c | 13 ++++++++----- + common/attrs.h | 3 ++- + common/tests/test-attrs.c | 6 +++++- + trust/tests/frob-nss-trust.c | 2 +- + 4 files changed, 16 insertions(+), 8 deletions(-) + +commit 1ad9f98b11f3f0d411bf9517f1dc8985ea3dbe2a +Author: Stef Walter +Date: 2013-03-18 + + trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookups + + Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER + attributes without appropriate DER encoding. + + In addition allow creation of NSS trust objects as PKCS#11 session + objects, so that we can test this behavior. + + trust/builder.c | 2 +- + trust/module.c | 47 +++++++++++++++++++++++++++++++++ + trust/tests/test-module.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 114 insertions(+), 1 deletion(-) + +commit f40e5f7129ece4b74aa2cb23b28b24b381bbe223 +Author: Stef Walter +Date: 2013-03-18 + + Add workaround for broken strndup() in firefox + + Unconditionally use our own strndup() until this issue is resolved + and in the stable versions of various distros. + + See: https://bugzilla.mozilla.org/show_bug.cgi?id=826171 + + configure.ac | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +commit 749c0cdfeb3b7cc86165deb1cc51c32c0768a149 +Author: Stef Walter +Date: 2013-03-18 + + compat: Fix trivial comment + + common/compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 64aa734f484f81ac97914b2ddecf68ff76b317c0 +Author: Stef Walter +Date: 2013-03-18 + + Use the nickname x-distrusted for CKA_X_DISTRUSTED + + This is a non-standard PKCS#11 attribute, so has the X prefix + like the other ones we've added. + + common/constants.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6c574777f6ab5996a9ba3bea493e96e4ad53dc69 +Author: Stef Walter +Date: 2013-03-18 + + trust: Better generation of nss objects and assertions for serial+issuer + + In many cases certficates are distrusted by serial+issuer. Make sure + this works, and fix various cases where we weren't generating + compat NSS objects and compat trust assertions for these types + of input. + + trust/builder.c | 267 ++++++++++++++++++++++------------------ + trust/index.c | 3 +- + trust/tests/test-builder.c | 296 ++++++++++++++++++++++++++++----------------- + 3 files changed, 341 insertions(+), 225 deletions(-) + +commit a904e98b78b55e7a6213356225e45a04fdc457e1 +Author: Stef Walter +Date: 2013-03-18 + + Refine looking up of attributes in arrays + + There was a class of bugs for looking up invalid or empty + attributes in the internal PKCS#11 attribute arrays. + + * Refine what p11_attrs_find_valid() treats as valid + * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity + + common/attrs.c | 62 ++++++++++++------------------ + common/attrs.h | 11 ++---- + common/mock.c | 44 +++++++-------------- + common/tests/test-attrs.c | 54 ++++++++++++++++++++++++-- + tools/extract-info.c | 21 +++------- + tools/extract-jks.c | 2 +- + tools/extract-openssl.c | 8 ++-- + tools/tests/test-extract.c | 7 ++-- + trust/builder.c | 96 +++++++++++++++++++++------------------------- + trust/index.c | 2 +- + trust/parser.c | 8 ++-- + trust/tests/test-data.c | 2 +- + trust/tests/test-module.c | 4 +- + 13 files changed, 158 insertions(+), 163 deletions(-) + +commit f71baf6adf00626e73326149d55183bc62f827ae +Author: Stef Walter +Date: 2013-03-17 + + trust: Remove file that's no longer used + + trust/mozilla.c | 301 -------------------------------------------------------- + 1 file changed, 301 deletions(-) + +commit d5b9e3915d75c04c547a0db7fe0c92839a0e78a5 +Author: Stef Walter +Date: 2013-03-15 + + Bump version number + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 062c09fbcad6945d6c40c5f2ce47894abdf87b07 +Author: Stef Walter +Date: 2013-03-15 + + Fix distcheck and documentation + + common/tests/test-dict.c | 16 ++++++++-------- + doc/manual/p11-kit-devel.xml | 15 +++++---------- + trust/tests/Makefile.am | 3 +-- + trust/tests/test-module.c | 7 +++++-- + 4 files changed, 19 insertions(+), 22 deletions(-) + +commit 57e835d55f6eae39c25b97e35efe0cb58e46b897 +Author: Stef Walter +Date: 2013-03-15 + + trust: Update frob-nss-tool so it can compare modules for trust info + + Can run with two modules now so that it can compare tokens NSS + trust info. + + common/attrs.c | 23 ++++++ + common/attrs.h | 2 + + trust/tests/frob-nss-trust.c | 174 ++++++++++++++++++++++++++++++++++--------- + 3 files changed, 164 insertions(+), 35 deletions(-) + +commit 7fd74a78fcad81227be3650239669bca5851a1db +Author: Stef Walter +Date: 2013-03-15 + + trust: Support a p11-kit specific serialization format + + This is documented in doc/internals/ subdirectory + Add tests for the format as well. + + https://bugs.freedesktop.org/show_bug.cgi?id=62156 + + common/Makefile.am | 2 + + common/basic.asn | 12 + + common/basic.asn.h | 13 + + doc/internal/persist-format.txt | 54 ++++ + trust/Makefile.am | 1 + + trust/parser.c | 35 +++ + trust/persist.c | 401 +++++++++++++++++++++++++++++ + trust/persist.h | 59 +++++ + trust/tests/Makefile.am | 1 + + trust/tests/input/verisign-v1.p11-kit | 17 ++ + trust/tests/test-builder.c | 39 --- + trust/tests/test-data.h | 39 +++ + trust/tests/test-module.c | 2 +- + trust/tests/test-parser.c | 32 +++ + trust/tests/test-persist.c | 472 ++++++++++++++++++++++++++++++++++ + trust/tests/test-token.c | 2 +- + 16 files changed, 1140 insertions(+), 41 deletions(-) + +commit 48004b92d4c65080ac71f6a48297abd4d83dfdcb +Author: Stef Walter +Date: 2013-03-11 + + url: Split out the URL encoding and decoding functions + + We want to use these as the format for encoding binary data + in our PKCS#11 attribute persistence + + https://bugs.freedesktop.org/show_bug.cgi?id=62156 + + common/Makefile.am | 1 + + common/tests/Makefile.am | 1 + + common/tests/test-url.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++ + common/url.c | 142 ++++++++++++++++++++++++++++++++++++++++ + common/url.h | 59 +++++++++++++++++ + p11-kit/uri.c | 120 ++++------------------------------ + 6 files changed, 381 insertions(+), 108 deletions(-) + +commit 06bf3da80eb780621e0f1eb0ab8d4716ed7b3478 +Author: Stef Walter +Date: 2013-03-11 + + lexer: Make a lexer for our config file format + + This lexer will be used in our PKCS#11 persistence format as well. + + https://bugs.freedesktop.org/show_bug.cgi?id=62156 + + common/Makefile.am | 1 + + common/lexer.c | 238 +++++++++++++++++++++++++++++++++++++++ + common/lexer.h | 84 ++++++++++++++ + common/tests/Makefile.am | 1 + + common/tests/test-lexer.c | 281 ++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/conf.c | 131 +++++++-------------- + 6 files changed, 644 insertions(+), 92 deletions(-) + +commit 29af2c1eeca2fb0257e1172753b129d638472f0f +Author: Stef Walter +Date: 2013-03-15 + + trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default + + This is what's recommended by the spec, and allows stapled extensions + to hang off a predictable CKA_ID. + + https://bugs.freedesktop.org/show_bug.cgi?id=62329 + + common/x509.c | 22 +++++++++++++++++ + common/x509.h | 5 ++++ + trust/builder.c | 20 +++++++++++----- + trust/parser.c | 48 +++++++++++++++++--------------------- + trust/tests/files/verisign-v1.der | Bin 0 -> 576 bytes + trust/tests/test-builder.c | 18 +++++++++++++- + trust/tests/test-module.c | 10 ++++---- + trust/tests/test-parser.c | 31 ++++++++++++++++++++++++ + 8 files changed, 115 insertions(+), 39 deletions(-) + +commit 2d75eb32793a569dc3de359bb623713c80393d24 +Author: Stef Walter +Date: 2013-03-14 + + trust: Add a builder which builds objects out of parsed data + + The builder completes the objects from the parsed data and takes + over the responsibilities that the parser and adapter previously + shared. + + This is necessary to prepare for arbitrary data coming from + the p11-kit specific input files. + + https://bugs.freedesktop.org/show_bug.cgi?id=62329 + + build/certs/entrust-invalid.der | Bin 0 -> 1120 bytes + build/certs/verisign-v1.der | Bin 0 -> 576 bytes + trust/Makefile.am | 2 +- + trust/adapter.c | 472 ------------ + trust/builder.c | 1556 +++++++++++++++++++++++++++++++++++++ + trust/{adapter.h => builder.h} | 36 +- + trust/parser.c | 836 +++++--------------- + trust/parser.h | 45 +- + trust/session.c | 7 +- + trust/session.h | 2 + + trust/tests/Makefile.am | 1 + + trust/tests/test-builder.c | 1611 +++++++++++++++++++++++++++++++++++++++ + trust/tests/test-data.c | 2 - + trust/tests/test-module.c | 28 +- + trust/tests/test-parser.c | 666 +++------------- + trust/tests/test-token.c | 58 +- + trust/token.c | 21 +- + 17 files changed, 3593 insertions(+), 1750 deletions(-) + +commit d7d68de6c9de9190c85da36b731e61ae3421a811 +Author: Stef Walter +Date: 2013-03-14 + + attrs: Add info functions for constant names and values + + * For retrieving the name and/or nick of constants + * The nick is what we'll use in the file format + + https://bugs.freedesktop.org/show_bug.cgi?id=62329 + + common/Makefile.am | 1 + + common/attrs.c | 242 ++-------------------------- + common/constants.c | 363 ++++++++++++++++++++++++++++++++++++++++++ + common/constants.h | 74 +++++++++ + common/tests/Makefile.am | 1 + + common/tests/test-constants.c | 117 ++++++++++++++ + 6 files changed, 566 insertions(+), 232 deletions(-) + +commit ff009f8a671e6ddd02a684bb1707a2a797fe4600 +Author: Stef Walter +Date: 2013-03-12 + + trust: Refactor to include concept of the index + + * The index holds PKCS#11 objects whether for the token or for the session. + * The index provides hook for a builder to expand or validate objects + being added to the index. + * In addition theres a change hook so that a builder can maintain state + between objects, such as the compat NSS trust objects. + + https://bugs.freedesktop.org/show_bug.cgi?id=62329 + + trust/Makefile.am | 1 + + trust/index.c | 566 +++++++++++++++++++++++ + trust/index.h | 126 ++++++ + trust/module.c | 111 ++--- + trust/session.c | 121 +---- + trust/session.h | 19 +- + trust/tests/Makefile.am | 2 +- + trust/tests/frob-token.c | 6 +- + trust/tests/test-index.c | 1063 ++++++++++++++++++++++++++++++++++++++++++++ + trust/tests/test-module.c | 238 ++++++++++ + trust/tests/test-session.c | 161 ------- + trust/tests/test-token.c | 32 +- + trust/token.c | 32 +- + trust/token.h | 3 +- + 14 files changed, 2097 insertions(+), 384 deletions(-) + +commit 3fc6365093ad07b2eb5ef859093c5c5eb56ee700 +Author: Stef Walter +Date: 2013-03-14 + + attrs: New p11_attrs_merge() function + + This takes one set of attributes and merges them into + another, without copying memory needlessly. + + https://bugs.freedesktop.org/show_bug.cgi?id=62329 + + common/attrs.c | 52 ++++++++++++++++++++--- + common/attrs.h | 4 ++ + common/tests/test-attrs.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 153 insertions(+), 6 deletions(-) + +commit 5208fc8539aabc626c1699f181e1191d6bb1c787 +Author: Stef Walter +Date: 2013-03-14 + + asn1: Implement a parsed ASN.1 tree cache + + In order to unmarry the parser from the future builder, but still retain + efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1 + cache provides this. In addition it carries around the loaded ASN.1 + definitions. + + https://bugs.freedesktop.org/show_bug.cgi?id=62329 + + common/asn1.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++ + common/asn1.h | 21 +++++++++ + common/tests/test-asn1.c | 46 ++++++++++++++++++++ + 3 files changed, 177 insertions(+) + +commit 07a53cecc3220b3811f9db7514e49235fff32b94 +Author: Stef Walter +Date: 2013-03-15 + + extract: Combine trust policy when extracting + + * Collapse multiple identical certificates coming from different + tokens. Note that if a certificate should not be placed multiple + times on a token. We cannot know which one to respect. + * Add a new extract filter: --trust-policy + This extracts all anchor and blacklist information + + https://bugs.freedesktop.org/show_bug.cgi?id=61497 + + doc/manual/p11-kit.xml | 19 ++++- + tools/extract-info.c | 80 ++++++++++++++++++++- + tools/extract.c | 82 ++++++++++++++-------- + tools/extract.h | 4 ++ + tools/tests/test-extract.c | 171 +++++++++++++++++++++++++++++++++++++++++++-- + 5 files changed, 313 insertions(+), 43 deletions(-) + +commit 7fc0ecd1ca7840e71958e62163b27d645c936c25 +Author: Stef Walter +Date: 2013-03-15 + + extract: --comment option adds comments to PEM bundles + + * Placed before the certificate, simple one liner + * No need to put comments in PEM files extracted into + directories, as the file names are already descriptive. + + https://bugs.freedesktop.org/show_bug.cgi?id=62029 + + doc/manual/p11-kit.xml | 5 +++++ + tools/extract-info.c | 20 ++++++++++++++++++++ + tools/extract-openssl.c | 11 ++++++++++- + tools/extract-pem.c | 11 +++++++++-- + tools/extract.c | 6 ++++++ + tools/extract.h | 8 ++++++++ + tools/tests/test-extract.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ + 7 files changed, 103 insertions(+), 3 deletions(-) + +commit 58e1e3764250fbda96c5ef7244e891a6be04d4cb +Author: Stef Walter +Date: 2013-03-15 + + extract: Allow p11_save_write() to automatically calculate length + + Also if automatically calculating length, then ignore input + that is NULL, as something that shouldn't be written out. + + This allows easier chaining of optional output, such as comments. + + https://bugs.freedesktop.org/show_bug.cgi?id=62029 + + tools/save.c | 11 +++++++-- + tools/save.h | 4 ++-- + tools/tests/files/empty-file | 0 + tools/tests/files/simple-string | 1 + + tools/tests/test-save.c | 50 +++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 62 insertions(+), 4 deletions(-) + +commit 8fd55c8089c90b52f00e4ffad572d1b9da72e6ba +Author: Stef Walter +Date: 2013-03-07 + + p11-kit: New priority option and change trust-policy option + + * Sort loaded modules appropriately using the 'priority' option. This + allows us to have a predictable order for callers, when callers + iterate through modules. + * Modules default to having an 'priority' option of '0'. + * If modules have the same order value, then sort by name. + * The above assumes the role of ordering trust-policy sources. + * Change the trust-policy option to a boolean + * Some of this code will be rearranged when the managed branch + is merged. + + https://bugs.freedesktop.org/show_bug.cgi?id=61978 + + doc/manual/p11-kit-trust.xml | 5 ++- + doc/manual/pkcs11.conf.xml | 20 ++++++--- + p11-kit/modules.c | 47 ++++++++++++++++++++++ + p11-kit/tests/files/package-modules/four.module | 1 + + .../tests/files/package-modules/win32/four.module | 1 + + .../files/system-modules/two-duplicate.module | 1 + + p11-kit/tests/files/system-modules/two.badname | 1 + + .../tests/files/system-modules/win32/one.module | 3 +- + .../system-modules/win32/two-duplicate.module | 1 + + .../tests/files/system-modules/win32/two.badname | 1 + + p11-kit/tests/files/user-modules/three.module | 3 +- + .../tests/files/user-modules/win32/three.module | 3 +- + p11-kit/tests/test-modules.c | 42 +++++++++++++++++++ + tools/extract.c | 47 +++------------------- + trust/p11-kit-trust.module | 14 +++++-- + 15 files changed, 136 insertions(+), 54 deletions(-) + +commit 0e75a5ba8261955d4d75a38a528f79ff4edd5c21 +Author: Stef Walter +Date: 2013-03-06 + + trust: Make each configured path its own token + + * Each source directory or file configured into the module or passed + in as an initialization argument becomes its own token. + Previously there was one token that contained certificates from + all the configured paths. + * These tokens are clearly labeled in the token info as + to the directory or file that they represent. + * Update PKCS#11 module logic to deal with multiple tokens, validate + the slot ids and so on. + * The order in which the paths are configured will become the + order of trust priority. This is the same order in which they + are listed through 'p11-kit list-modules' and C_GetSlotList. + * Update the frob-token internal tool to only play with one path + * Adjust tests where necessary to reflect the new state of things + and add tests for modified trust module code + + https://bugs.freedesktop.org/show_bug.cgi?id=61499 + + trust/module.c | 202 +++++++++++++++++++++++--------- + trust/tests/frob-token.c | 4 +- + trust/tests/test-module.c | 283 +++++++++++++++++++++++++++++++++++++++------ + trust/tests/test-session.c | 2 +- + trust/tests/test-token.c | 33 +++++- + trust/token.c | 64 ++++------ + trust/token.h | 8 +- + 7 files changed, 460 insertions(+), 136 deletions(-) + +commit d2128c263ea77e4f99bccc6ac46964ad419ec2d1 +Author: Stef Walter +Date: 2013-03-06 + + dict: Allow removal of current item in a p11_dict iteration + + * This was already possible to do safely before + * Document and test this behavior + + https://bugs.freedesktop.org/show_bug.cgi?id=61499 + + common/dict.h | 2 ++ + common/tests/test-dict.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 62 insertions(+) + +commit 86e60637394340ef2fa3b3db6b451dac1d73052b +Author: Stef Walter +Date: 2013-03-14 + + trust: Rework input path treatment + + * Accept a single --with-trust-paths argument to ./configure + which cotnains all the input paths. + * The --with-system-anchors and --with-system-certificates + ./configure arguments are no longer supported. Since they were + only present briefly, no provision is made for backwards + compatibility. + * Each input file is treated as containing anchors by default + unless an input certificate contains detailed trust information. + * The files in each input directory are not automatically treated + as anchors unless a certificate contains detailed trust information. + * The files in anchors/ subdirectory of each input directory are + automatically marked as anchors. + * The files in the blacklist/ subdirectory of each input directory + are automatically marked as blacklisted. + * Update tests and move around test certificates so we can + test these changes. + + https://bugs.freedesktop.org/show_bug.cgi?id=62327 + + build/certs/Makefile.am | 13 ++- + build/certs/self-signed-with-ku.der | Bin 501 -> 478 bytes + configure.ac | 74 ++++--------- + doc/manual/p11-kit-trust.xml | 61 +++++----- + p11-kit/p11-kit-1.pc.in | 3 - + trust/module.c | 21 ++-- + trust/parser.c | 47 +++++++- + trust/tests/certificates/self-signed-with-ku.der | Bin 501 -> 0 bytes + .../self-signed-with-eku.der | Bin + trust/tests/frob-token.c | 2 +- + trust/tests/{ => input}/anchors/cacert3.der | Bin + trust/tests/{ => input}/anchors/testing-ca.der | Bin + .../{files => input/blacklist}/self-server.der | Bin + trust/tests/{certificates => input}/cacert-ca.der | Bin + trust/tests/input/distrusted.pem | 23 ++++ + trust/tests/test-module.c | 8 +- + trust/tests/test-session.c | 2 +- + trust/tests/test-token.c | 123 ++++++++++++++++++++- + trust/token.c | 78 ++++++++----- + trust/token.h | 3 +- + 20 files changed, 318 insertions(+), 140 deletions(-) + +commit bf63f009cd4a1147a3e0684d898f140f46666b0e +Author: Stef Walter +Date: 2013-03-15 + + pem: Fix a bug decoding some PEM files + + When bringing over the BSD base64 code, there was a regression. + In addition add some tests for the base64 stuff. + + common/base64.c | 19 ++-- + common/tests/Makefile.am | 1 + + common/tests/test-base64.c | 212 +++++++++++++++++++++++++++++++++++++++++++ + trust/tests/files/thawte.pem | 25 +++++ + 4 files changed, 246 insertions(+), 11 deletions(-) + +commit 08f11e4c8fb173ed1341e6e0cf0cb0403df7e547 +Author: Stef Walter +Date: 2013-03-10 + + Don't overwrite the build directory when uploading documentation + + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 3177cbccb237bfef66721eeb773b574f1d8ba076 +Author: Stef Walter +Date: 2013-03-10 + + Fix up the system anchors/certificates configure arguments + + Double check various combinations, and make sure we don't fail + needlessly when --disable-trust-module. Also check that actual + paths are passed into the arguments. + + configure.ac | 35 ++++++++++++++++++++--------------- + 1 file changed, 20 insertions(+), 15 deletions(-) + +commit df29c0dcb6cce6a215dee9dc4e17aff59ae67c5b +Author: Stef Walter +Date: 2013-03-11 + + doc: Move manual into doc/manual subdirectory + + .gitignore | 34 ++++---- + Makefile.am | 2 +- + configure.ac | 7 +- + doc/Makefile.am | 132 +------------------------------ + doc/manual/Makefile.am | 132 +++++++++++++++++++++++++++++++ + doc/{ => manual}/annotation-glossary.xml | 0 + doc/{ => manual}/docbook-params.xsl | 0 + doc/{ => manual}/p11-kit-config.xml | 0 + doc/{ => manual}/p11-kit-devel.xml | 0 + doc/{ => manual}/p11-kit-docs.sgml | 0 + doc/{ => manual}/p11-kit-overrides.txt | 0 + doc/{ => manual}/p11-kit-sections.txt | 0 + doc/{ => manual}/p11-kit-sharing.xml | 0 + doc/{ => manual}/p11-kit-trust.xml | 6 +- + doc/{ => manual}/p11-kit.xml | 2 +- + doc/{ => manual}/pkcs11.conf.xml | 0 + doc/{ => manual}/style.css | 0 + doc/{ => manual}/version.xml.in | 0 + 18 files changed, 159 insertions(+), 156 deletions(-) + +commit 0a6bf1bfad01aae0b707b9e13e6d14deade9cecf +Author: Stef Walter +Date: 2013-03-12 + + Release version 0.16.4 + + NEWS | 4 ++++ + configure.ac | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +commit 22993290d75bacb33c177be8ee2bc78ea0687ac8 +Author: Stef Walter +Date: 2013-03-11 + + tools: Display per-command help appropriately + + * Fixes a regression + * In addition allows --help to be specified before the command. If + a command is present, command help will be shown + + https://bugs.freedesktop.org/show_bug.cgi?id=62153 + + tools/tool.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +commit c80956aef3abaa90fa9ab7c2873a45adbe127dc4 +Author: Stef Walter +Date: 2013-03-11 + + tools: Initialize local debug code correctly + + Unless initialized according to the environment all debug output + is printed. + + https://bugs.freedesktop.org/show_bug.cgi?id=62152 + + tools/tool.c | 3 +++ + 1 file changed, 3 insertions(+) + +commit ee632a4a904f9f16c66a24c97f5724f0c3150b10 +Author: Stef Walter +Date: 2013-03-08 + + Release version 0.16.3 + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit b5660380769aa5b1c9b51af7e0fd2f18ed463a7e +Author: Stef Walter +Date: 2013-03-08 + + iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZED + + This flag is not required to be set unless C_InitToken has been + called. Many modules, like libnssckbi.so, do not set this flag. + + p11-kit/iter.c | 4 ---- + p11-kit/tests/test-iter.c | 33 --------------------------------- + 2 files changed, 37 deletions(-) + +commit ab14d9291df41b27f70ec3158d94f50f68ed80e1 +Author: Stef Walter +Date: 2013-03-08 + + trust: add a simple frob-nss-token tool to dump distrust + + Add a simple tool to dump NSS style distrust attributes from + a module. + + trust/tests/Makefile.am | 6 +++ + trust/tests/frob-nss-trust.c | 103 +++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 109 insertions(+) + +commit 6ecf586a1e31f2874c7b185f4f2061aa9e83c08a +Author: Stef Walter +Date: 2013-03-08 + + trust: Use the new NSS PKCS#11 extension codes + + NSS had subtly changed the values of the distrust CK_TRUST codes + so update them to stay in sync. + + common/attrs.c | 76 +++++++++++++++++++++++------------------------ + common/pkcs11x.h | 59 ++++++++++++++++++------------------ + trust/adapter.c | 22 +++++++------- + trust/tests/test-module.c | 4 +-- + trust/tests/test-parser.c | 22 +++++++------- + trust/token.c | 6 ++-- + 6 files changed, 95 insertions(+), 94 deletions(-) + +commit 66fbcf7b6aac7fb808d3146335625cc15d4d2959 +Author: Stef Walter +Date: 2013-03-08 + + Hard code distrust temporarily. + + This is because we have no way to load this data into the trust module. + Working on a real solution. + + trust/token.c | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 149 insertions(+), 1 deletion(-) + +commit b96095115a17818d3e6107e10bad0fef757611d7 +Author: Stef Walter +Date: 2013-03-08 + + tools: Parse global options appropriately, even if after command + + tools/tool.c | 31 ++++++++++++++++++------------- + 1 file changed, 18 insertions(+), 13 deletions(-) + +commit 2ce1b21109c90b7dab240806686829e498875d74 +Author: Stef Walter +Date: 2013-03-08 + + trust: Refactor how we load builtin objects + + trust/token.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +commit b06b58b275ebccf6d7360083708b2614dd75e1b5 +Author: Stef Walter +Date: 2013-03-08 + + Don't shove messages into debug output if they're already displayed + + common/library.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 347ac14998835ee18e5958a8b7c9aa1afec8eaa2 +Author: Stef Walter +Date: 2013-03-08 + + Release 0.16.2 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit ba9cb5cab824fa4180355def6bc2e464b4e24ab0 +Author: Stef Walter +Date: 2013-03-08 + + extract: Use bool instead of int where appropriate + + tools/extract-info.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +commit d7aee0a1ab76fb1299db5cf398088ebec1fe98be +Author: Stef Walter +Date: 2013-03-08 + + tools: Add a bit of debugging to the PEM extract handler + + common/debug.h | 1 + + tools/extract-pem.c | 3 +++ + 2 files changed, 4 insertions(+) + +commit 082bc5773abe1c003bf34bbb3bf6a6b5282a212c +Author: Stef Walter +Date: 2013-03-08 + + extract: Fix regression in --purpose option + + The --purpose option would only match certificates that had no + purposes marked on them. Fix it so that it correctly matches + certificates with the given purpose. + + https://bugs.freedesktop.org/show_bug.cgi?id=62009 + + tools/extract-info.c | 13 ++++++++++-- + tools/tests/test-extract.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 61 insertions(+), 2 deletions(-) + +commit fc383e025f09af70d3eb52fcd7e03c02733b14b0 +Author: Stef Walter +Date: 2013-03-08 + + Document and put code coverage online + + * Document our testing practices + * Put lcov code coverage output online + + Makefile.am | 16 ++++++++++++---- + doc/p11-kit-devel.xml | 22 ++++++++++++++++++++++ + 2 files changed, 34 insertions(+), 4 deletions(-) + +commit 945585b698b08b6f349e2e104862589b5acce0aa +Author: Stef Walter +Date: 2013-03-08 + + Properly detect the stdbool.h header + + https://bugs.freedesktop.org/show_bug.cgi?id=62001 + + configure.ac | 2 ++ + 1 file changed, 2 insertions(+) + +commit cc6189fc4051be33c6f5c86ab767e614633bf831 +Author: Stef Walter +Date: 2013-03-07 + + Release version 0.16.1 + + NEWS | 5 +++++ + configure.ac | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit 85eaff1aebb0e6625382fba179164490b6ebb538 +Author: Stef Walter +Date: 2013-03-07 + + doc: Fix external URLs in documentation + + doc/p11-kit-devel.xml | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +commit ae05057c69a6ef9ed49b47db6e9ba2b8acdcfe23 +Author: Stef Walter +Date: 2013-03-07 + + doc: Add P11_KIT_STRICT=yes debugging tip + + doc/p11-kit-devel.xml | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit 220d7b027871f79f446c7b3c2db9ef43f24c19cc +Author: Stef Walter +Date: 2013-03-07 + + x509: Don't break when cA field of BasicConstraints is missing + + The field defaults to FALSE. It sucks that libtasn1 doesn't + fill this in for us. + + https://bugs.freedesktop.org/show_bug.cgi?id=61975 + + common/x509.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +commit 3e532011ac100391315ffa13f537ed130cc45b2e +Author: Stef Walter +Date: 2013-03-07 + + tools: Remove extra debugging statement when running external commands + + tools/tool.c | 1 - + 1 file changed, 1 deletion(-) + +commit be5d505fe840836561488bba3d11d8584ca9cb97 +Author: Stef Walter +Date: 2013-03-07 + + extract-trust: Turn into a placeholder script that does nothing + + If the 'p11-kit extract-trust' command is to be used by + distributions, make them customize it appropriately. + + tools/p11-kit-extract-trust.in | 36 +++++++++++++++--------------------- + 1 file changed, 15 insertions(+), 21 deletions(-) + +commit 0644bfd4c09c710fec1ed424779919fea7c06fca +Author: Stef Walter +Date: 2013-03-07 + + doc: Don't wrap the options in the pkcs11.conf manual page + + doc/pkcs11.conf.xml | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +commit 7b3da7d5bdaa97488668a16fcf1ea04b3d9de64e +Author: Stef Walter +Date: 2013-03-04 + + Release version 0.16.0 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +commit 3f13da890649b8cb88e8e2e39872831c13567a1e +Author: Stef Walter +Date: 2013-03-04 + + Build with the libtasn1 CFLAGS properly + + Tweaks by: Roman Bogorodskiy + + https://bugs.freedesktop.org/show_bug.cgi?id=61739 + + common/Makefile.am | 3 +++ + common/tests/Makefile.am | 4 ++++ + tools/Makefile.am | 4 +++- + tools/tests/Makefile.am | 4 +++- + trust/Makefile.am | 1 + + 5 files changed, 14 insertions(+), 2 deletions(-) + +commit 14b3b3d158bdd874f5bbd626f948d20e78b38f01 +Author: Stef Walter +Date: 2013-03-04 + + Redo mock.h header in order to relicense + + Rewrite the mock.h header to relicense it. It is based on the BSD + licensed mock.c file, so this isn't a big issue. + + common/mock.h | 1353 +++++++++++++++++++++++++++++---------------------------- + 1 file changed, 686 insertions(+), 667 deletions(-) + +commit a90cb3cc21fc479434165c8c531e1e49a6de6dd4 +Author: Stef Walter +Date: 2013-03-04 + + Remove duplicate typedef + + https://bugs.freedesktop.org/show_bug.cgi?id=60894 + + p11-kit/iter.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 3ccec864bfc57ebdd524a0c9603aca829c64e3dc +Author: Roman Bogorodskiy +Date: 2013-03-03 + + Fix missing bracket in trust module check + + This fixes building --without-libtasn1 + + https://bugs.freedesktop.org/show_bug.cgi?id=61740 + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 205ed0e0e26010150950e9e963a9a36693b5f71e +Author: Stef Walter +Date: 2013-03-03 + + Initialize modules correctly in tests + + This fixes hangs when running tests on windows + + tools/tests/test-extract.c | 2 ++ + tools/tests/test-openssl.c | 2 ++ + tools/tests/test-pem.c | 2 ++ + tools/tests/test-save.c | 2 ++ + tools/tests/test-x509.c | 2 ++ + trust/tests/test-module.c | 2 +- + trust/tests/test-parser.c | 1 + + trust/tests/test-session.c | 1 + + trust/tests/test-token.c | 1 + + 9 files changed, 14 insertions(+), 1 deletion(-) + +commit 6c55425a7de23a71d0abc3137f0015e878188bae +Author: Stef Walter +Date: 2013-03-03 + + Windows doesn't support symlinks, chmod, or atomic renames + + * Don't create symlinks on windows + * No atomic renames, so delete and then rename + * Make sure to close files before unlinking on windows + * No chmod permissions on windows + + tools/extract-openssl.c | 14 +++++++++++++- + tools/save.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- + tools/save.h | 4 ++++ + tools/tests/test-openssl.c | 7 ++++++- + tools/tests/test-save.c | 26 ++++++++++++++++++++++++-- + tools/tests/test.c | 4 ++++ + tools/tests/test.h | 8 ++++++++ + 7 files changed, 101 insertions(+), 6 deletions(-) + +commit 3acf285916968a05ea42b3ef0f9654a33e308da7 +Author: Stef Walter +Date: 2013-03-03 + + Use mingw compatible coverage flags + + The way that coverage is built and linked is different with mingw + so just use the --coverage flag to represent the correct behavior + when cross compiling. + + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 5868e4aba23b211d8dd35af5061939ee72fe9c41 +Author: Stef Walter +Date: 2013-03-03 + + Don't use wchar_t for storing unicode characters + + On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion + functions. + + common/utf8.c | 71 ++++++++++++++++++++++++++++++----------------------------- + 1 file changed, 36 insertions(+), 35 deletions(-) + +commit bee435e09111f43dcc406160e9c9bdd8645fc86c +Author: Stef Walter +Date: 2013-03-03 + + Fix syntax errors in OS_WIN32 ifdefs + + common/compat.h | 4 ++-- + common/library.c | 6 +++--- + p11-kit/conf.c | 2 +- + p11-kit/util.c | 4 ++-- + trust/module.c | 6 ++++-- + trust/tests/test-module.c | 2 ++ + 6 files changed, 14 insertions(+), 10 deletions(-) + +commit 61e0cb5dddb89ddab1d68791eb28d892c114622f +Author: Stef Walter +Date: 2013-03-03 + + Open files in binary mode on windows + + So that the Windows' C library doesn't munge line endings + + common/compat.h | 4 ++++ + p11-kit/conf.c | 2 +- + p11-kit/pin.c | 2 +- + tools/tests/test.c | 11 +++++------ + 4 files changed, 11 insertions(+), 8 deletions(-) + +commit d9076a99c59bb0132b25277a2340f428c9b6c98e +Author: Stef Walter +Date: 2013-03-03 + + Add compat gmtime_r() and timegm() functions + + Not available on Win32 or ancient unixes + + common/compat.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/compat.h | 15 +++++++++++++++ + configure.ac | 6 ++++++ + 3 files changed, 76 insertions(+) + +commit 2737be8914270275d07ccf4526a4ba8b781c195e +Author: Stef Walter +Date: 2013-03-03 + + Add compat mkstemp() and mkdtemp() functions + + Not available on Win32 or ancient unixes + + common/compat.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/compat.h | 12 +++++ + 2 files changed, 156 insertions(+) + +commit 193f0043a546e0ef186addb2a0487d09e690d5b1 +Author: Stef Walter +Date: 2013-03-03 + + Add compat vasprintf() and asprintf() functions + + These are not available on Win32 and ancient unixes + + common/compat.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/compat.h | 17 +++++++++++++++ + configure.ac | 1 + + 3 files changed, 84 insertions(+) + +commit 66ee55e5947682d10eed7a36b9da72a8cf6a40f2 +Author: Stef Walter +Date: 2013-03-03 + + Add compat strndup() function + + Not available on Win32 and ancient unixes + + common/compat.c | 22 ++++++++++++++++++++++ + common/compat.h | 7 +++++++ + configure.ac | 1 + + 3 files changed, 30 insertions(+) + +commit ae76545a0094114ef29dba52df97e69ab28b3dbc +Author: Stef Walter +Date: 2013-03-03 + + Abstract mmap() into a compat API + + The Win32 for mmap() is very different from Unix, so abstract + this into our own p11_mmap_xxx() functions. + + common/compat.c | 158 +++++++++++++++++++++++++++++++++++++---------- + common/compat.h | 16 +++++ + common/tests/frob-cert.c | 35 ++++------- + tools/tests/test.c | 2 + + trust/parser.c | 28 +++------ + 5 files changed, 160 insertions(+), 79 deletions(-) + +commit 38acf11889c1e1da2610c8e05f1f380f2a2a1ae6 +Author: Stef Walter +Date: 2013-03-03 + + Use putenv() instead of setenv() + + Since older operating systems don't support setenv() + + common/tests/test-asn1.c | 2 +- + common/tests/test-attrs.c | 2 +- + common/tests/test-buffer.c | 2 +- + common/tests/test-oid.c | 2 +- + common/tests/test-x509.c | 2 +- + p11-kit/tests/conf-test.c | 2 +- + p11-kit/tests/pin-test.c | 2 +- + p11-kit/tests/progname-test.c | 2 +- + p11-kit/tests/test-init.c | 2 +- + p11-kit/tests/test-iter.c | 2 +- + p11-kit/tests/test-modules.c | 2 +- + p11-kit/tests/uri-test.c | 2 +- + trust/tests/test-module.c | 2 +- + trust/tests/test-parser.c | 2 +- + trust/tests/test-session.c | 2 +- + trust/tests/test-token.c | 2 +- + 16 files changed, 16 insertions(+), 16 deletions(-) + +commit 7823c9ddcb18b5155b3cc0e9d9f57ad0333d5eba +Author: Stef Walter +Date: 2013-03-03 + + Add compat implementation of basename() + + For Win32 and older unixes + + common/compat.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/compat.h | 6 ++++++ + configure.ac | 5 +++-- + 3 files changed, 71 insertions(+), 2 deletions(-) + +commit 02d7da2ba2247d017f248dd48e4365bd0a219bff +Author: Stef Walter +Date: 2013-02-24 + + tools: Update comments for cacerts jks format + + tools/extract-jks.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit b06bee023df6f4f2b004030e86e8ee90579681f5 +Author: Stef Walter +Date: 2013-02-20 + + Rename p11_module_xxx() compat functions to p11_dl_xxx() + + For clarity. In addition, make p11_dl_close() able to be used + as a destroyer callback. + + Also make p11_dl_error() return an allocated string + + common/compat.c | 18 +++++++++--------- + common/compat.h | 20 ++++++++++---------- + p11-kit/modules.c | 15 ++++++++++----- + 3 files changed, 29 insertions(+), 24 deletions(-) + +commit 6521cccc021530f59f2f5e60a9cbf0c5b458360d +Author: Stef Walter +Date: 2013-02-15 + + Update the pkcs11.h header for missing mechanisms + + common/attrs.c | 2 +- + common/pkcs11.h | 25 +++++++++++++++++++++++++ + 2 files changed, 26 insertions(+), 1 deletion(-) + +commit 95ec58961a480c15fe780bbce6d6cd974f478407 +Author: Stef Walter +Date: 2013-02-06 + + Only do shared object and DLL initialization in libraries + + Don't do library initialization on shared object load when not running + in a library. We'll want to plug into this and do different things + per library in the future. + + common/library.c | 60 +++++++++++--------------------------------------------- + common/library.h | 2 ++ + p11-kit/util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ + trust/module.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 122 insertions(+), 49 deletions(-) + +commit c6ebe7eb68e07e4f22c7b7ede14a1e4f04e893b7 +Author: Stef Walter +Date: 2013-02-15 + + Move pkcs11.conf and module documentation to a manual page + + .gitignore | 1 + + doc/Makefile.am | 19 ++++- + doc/p11-kit-config.xml | 166 +++------------------------------------ + doc/p11-kit-docs.sgml | 3 +- + doc/p11-kit.xml | 5 +- + doc/pkcs11.conf.xml | 207 +++++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 239 insertions(+), 162 deletions(-) + +commit 726e98ed071601770c2724f358eabbbc682f1fdc +Author: Stef Walter +Date: 2013-02-13 + + Pull translations from transifex + + * Build a script to help with this + + https://bugs.freedesktop.org/show_bug.cgi?id=60792 + + .gitignore | 1 + + Makefile.am | 3 + + build/tx-update | 68 +++++++++++ + po/LINGUAS | 34 ++++++ + po/bg.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/cs.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/de.po | 24 ++-- + po/el.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/en_GB.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/eo.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/es.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/eu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/fa.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/fi.po | 20 ++-- + po/fr.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/gl.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/hr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/hu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ia.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/id.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/it.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ja.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ka.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ko.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/lv.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/nl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/pa.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/pl.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/pt_BR.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/ru.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/sk.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/sl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/sq.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/sr.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/te.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/tr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/uk.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/zh_CN.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/zh_HK.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + po/zh_TW.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 40 files changed, 11845 insertions(+), 21 deletions(-) + +commit 380f457ce458e32f1ccc15acfa664df82629981f +Author: Stef Walter +Date: 2013-02-12 + + Relicense the buffer code appropriate for inclusion in p11-kit + + * All original lines in this file upon arrival in the p11-kit + project were written by me, and copyright held by me. + + common/buffer.c | 57 ++++++++++++++++++++++++++++++++++----------------------- + common/buffer.h | 57 ++++++++++++++++++++++++++++++++++----------------------- + 2 files changed, 68 insertions(+), 46 deletions(-) + +commit 65e68c88d85d8b6896afe9f9e101aefb618ce6be +Author: Stef Walter +Date: 2013-02-12 + + Release version 0.15.2 + + * This is an unstable release + + NEWS | 6 ++++++ + configure.ac | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit efef089a772f4f05caefebf2a6466b4225dc9b00 +Author: Timo Jyrinki +Date: 2013-02-12 + + Add finish translation + + po/LINGUAS | 1 + + po/fi.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 344 insertions(+) + +commit 41b3f707906a4f6273f7fdb1174be3343bbf1ea7 +Author: Andreas Metzler +Date: 2011-09-24 + + Add and enable German gettext translation + + Enable installation of gettext translations and add German translation + by Chris Leick. + + .gitignore | 3 + + configure.ac | 3 + + po/LINGUAS | 4 + + po/de.po | 351 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 361 insertions(+) + +commit b90410f7c6ef5e1bb73837d7ddbda855a91ac79f +Author: Andreas Metzler +Date: 2013-02-12 + + Respect destdir when creating package module config directory + + p11-kit/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 04781672277a537551c369ae71ecdc8410e31dc3 +Author: Stef Walter +Date: 2013-02-11 + + Fix dereference of varargs in p11_attrs_build() + + https://bugs.freedesktop.org/show_bug.cgi?id=60473 + + common/attrs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 077fd91bed34bb6226e0a43a26f9e546372db54a +Author: Stef Walter +Date: 2013-02-11 + + Remove unnecessary code to be more compatible with various libtasn1 versions + + https://bugs.freedesktop.org/show_bug.cgi?id=60434 + + common/asn1.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +commit 828df42b98fa0ffc1695db8af9bd0bd03f2583bc +Author: Andreas Metzler +Date: 2013-02-07 + + Don't require explictly disabling trust module if --without-libtasn1 + + And provide more intelligent error messages about why to build + with libtasn1 + + Tweaked by Stef Walter + + configure.ac | 28 ++++++++++++++++------------ + 1 file changed, 16 insertions(+), 12 deletions(-) + +commit 2e8ce8c5ecb6d1f1c8f0af244d9f9b75dc6050ea +Author: Stef Walter +Date: 2013-02-06 + + Fix various clang analyzer warnings + + * Add annotations to our precondition functions so that they + don't make the analyzer complain + + common/compat.h | 13 +++++++++++++ + common/debug.h | 3 ++- + p11-kit/conf.c | 2 +- + p11-kit/pin.c | 3 ++- + p11-kit/uri.c | 1 - + tools/extract-openssl.c | 9 +++++++-- + tools/extract.c | 3 +++ + tools/tool.c | 3 +-- + 8 files changed, 29 insertions(+), 8 deletions(-) + +commit 0c6517104d1306228c31e596b0df6a4fb5af4dd1 +Author: Stef Walter +Date: 2013-02-05 + + Our minimum version of libtasn1 is 2.14 + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit e7fe6fd2cdde5e15a14abca39303c5049174f4f9 +Author: Stef Walter +Date: 2013-02-05 + + Release version 0.15.1 + + * This is an unstable release + + NEWS | 14 ++++++++++++++ + configure.ac | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +commit f3a3e1e6a413dc93d0a1eb330a32404d803f5307 +Author: Stef Walter +Date: 2013-02-03 + + Add a placeholder external 'extract-trust' command + + .gitignore | 1 + + configure.ac | 1 + + doc/p11-kit-devel.xml | 23 +++++++++++++++++++++++ + doc/p11-kit.xml | 19 +++++++++++++++++++ + tools/Makefile.am | 4 ++++ + tools/p11-kit-extract-trust.in | 27 +++++++++++++++++++++++++++ + 6 files changed, 75 insertions(+) + +commit 08f1a7f3cfe87bc19ecd564711b4d2beaa603924 +Author: Stef Walter +Date: 2013-02-01 + + Implement support for java JKS keystore format + + * All aliases must be lower case in order to work with the + default keystore implementation. + + doc/p11-kit.xml | 4 + + tools/Makefile.am | 2 +- + tools/extract-jks.c | 331 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + tools/extract.c | 4 +- + 4 files changed, 339 insertions(+), 2 deletions(-) + +commit 32ca4f6d3167d08fc985d66fe48f453954596f87 +Author: Stef Walter +Date: 2013-02-03 + + Use the CN, OU or O of certificates to generate a label + + * This is in cases where the certificate information does not + already have a friendly name or alias. + + common/Makefile.am | 1 + + common/oid.h | 18 +++++ + common/tests/Makefile.am | 1 + + {tools => common}/tests/test-utf8.c | 0 + common/tests/test-x509.c | 81 +++++++++++++++++++++ + {tools => common}/utf8.c | 0 + {tools => common}/utf8.h | 0 + common/x509.c | 136 ++++++++++++++++++++++++++++++++++++ + common/x509.h | 16 +++++ + tools/extract-openssl.c | 70 ++++--------------- + tools/tests/Makefile.am | 7 -- + tools/tests/test-openssl.c | 16 +++-- + trust/parser.c | 51 ++++++++------ + trust/tests/test-parser.c | 22 +++--- + 14 files changed, 318 insertions(+), 101 deletions(-) + +commit 39e9f190416ecb4260a3b079e1d79fc2e55f5a33 +Author: Stef Walter +Date: 2013-01-30 + + Add support for exporting OpenSSL's TRUSTED CERTIFICATE format + + build/certs/Makefile.am | 9 + + doc/p11-kit.xml | 8 + + tools/Makefile.am | 2 + + tools/extract-openssl.c | 686 +++++++++++++++++++++ + tools/extract.c | 4 + + tools/tests/Makefile.am | 15 + + tools/tests/files/cacert3-distrust-all.pem | 44 ++ + tools/tests/files/cacert3-distrusted-all.pem | 43 ++ + tools/tests/files/cacert3-not-trusted.pem | 42 ++ + tools/tests/files/cacert3-trusted-alias.pem | 42 ++ + .../files/cacert3-trusted-client-server-alias.pem | 43 ++ + tools/tests/files/cacert3-trusted-keyid.pem | 42 ++ + tools/tests/files/cacert3-trusted-multiple.pem | 85 +++ + tools/tests/test-openssl.c | 671 ++++++++++++++++++++ + tools/tests/test-utf8.c | 252 ++++++++ + tools/tests/test.h | 9 + + tools/utf8.c | 328 ++++++++++ + tools/utf8.h | 53 ++ + 18 files changed, 2378 insertions(+) + +commit dbcf3c049f4aadc1d25eb952b4feabdec14cf35d +Author: Stef Walter +Date: 2013-01-30 + + Add support for extracting to pem-bundle and pem-directory formats + + build/certs/Makefile.am | 2 + + doc/p11-kit.xml | 8 ++ + tools/Makefile.am | 1 + + tools/extract-pem.c | 125 +++++++++++++++++ + tools/extract.c | 2 + + tools/tests/Makefile.am | 8 ++ + tools/tests/files/cacert3-twice.pem | 84 +++++++++++ + tools/tests/files/cacert3.pem | 42 ++++++ + tools/tests/test-pem.c | 269 ++++++++++++++++++++++++++++++++++++ + 9 files changed, 541 insertions(+) + +commit 5df24bf0fb8532e0ebdf5f2366834848fdf6097d +Author: Stef Walter +Date: 2013-01-23 + + Implement code for writing PEM + + * Based on the gcr code + * Bring in base64 output code from BSD + * Make sure to output base64 lines of 64 character length since + this is what OpenSSL expects + + common/base64.c | 62 ++++++++++++++++++++++++++ + common/base64.h | 6 +++ + common/pem.c | 54 ++++++++++++++++++++++- + common/pem.h | 5 +++ + common/tests/test-pem.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++-- + 5 files changed, 237 insertions(+), 4 deletions(-) + +commit 722efb88cf12261d705e2a6dfb4aceab9ff7b76f +Author: Stef Walter +Date: 2013-01-30 + + Implement basic extract support + + * The only formats supported are x509-file and x509-directory + + Allow tool to build without extract + + configure.ac | 1 + + doc/Makefile.am | 1 - + doc/p11-kit.xml | 95 ++++++++++ + doc/style.css | 4 + + tools/Makefile.am | 20 +- + tools/extract-info.c | 359 +++++++++++++++++++++++++++++++++++ + tools/extract-x509.c | 116 ++++++++++++ + tools/extract.c | 461 +++++++++++++++++++++++++++++++++++++++++++++ + tools/extract.h | 110 +++++++++++ + tools/tests/Makefile.am | 15 ++ + tools/tests/test-extract.c | 301 +++++++++++++++++++++++++++++ + tools/tests/test-x509.c | 276 +++++++++++++++++++++++++++ + tools/tests/test.h | 33 ++++ + tools/tool.c | 3 + + tools/tool.h | 3 + + 15 files changed, 1796 insertions(+), 2 deletions(-) + +commit 9a21e6ddf9eb7bb0f13f01cddba9dedd7a6e43b3 +Author: Stef Walter +Date: 2013-01-23 + + Support for sane writing to files extracted + + * Implement atomic writes of files + * Writing with checks that not overwriting anything unless desired + * Writing and overwriting of directory contents in a robust way + + build/certs/Makefile.am | 2 + + configure.ac | 1 + + tools/Makefile.am | 3 + + tools/save.c | 462 +++++++++++++++++++++++++++++++++++++++ + tools/save.h | 79 +++++++ + tools/tests/Makefile.am | 52 +++++ + tools/tests/files/cacert3.der | Bin 0 -> 1885 bytes + tools/tests/test-save.c | 494 ++++++++++++++++++++++++++++++++++++++++++ + tools/tests/test.c | 200 +++++++++++++++++ + tools/tests/test.h | 211 ++++++++++++++++++ + 10 files changed, 1504 insertions(+) + +commit 3e70ecbab850bcc08ee89e1256d82cca70d80ee7 +Author: Stef Walter +Date: 2013-01-21 + + Add public iterator API to p11-kit + + common/mock.c | 113 +++- + common/mock.h | 37 ++ + doc/Makefile.am | 1 + + doc/annotation-glossary.xml | 67 +++ + doc/p11-kit-docs.sgml | 3 + + doc/p11-kit-sections.txt | 17 + + p11-kit/Makefile.am | 2 + + p11-kit/iter.c | 829 +++++++++++++++++++++++++++++ + p11-kit/iter.h | 101 ++++ + p11-kit/p11-kit.h | 2 + + p11-kit/tests/Makefile.am | 4 +- + p11-kit/tests/mock-module-ep.c | 2 +- + p11-kit/tests/test-iter.c | 1140 ++++++++++++++++++++++++++++++++++++++++ + 13 files changed, 2308 insertions(+), 10 deletions(-) + +commit e5816187231ce27e5f634995e62c1d3ae5c5b2f1 +Author: Stef Walter +Date: 2013-01-21 + + Allow internal use of token and module info matching + + p11-kit/private.h | 6 ++++++ + p11-kit/uri.c | 55 +++++++++++++++++++++++++++++++++++-------------------- + 2 files changed, 41 insertions(+), 20 deletions(-) + +commit 67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5 +Author: Stef Walter +Date: 2013-01-21 + + Move the X.509 extension parsing code in common/ + + * So it can be used by other code, in addition to the trust stuff + + common/tests/test-x509.c | 191 +++++++++++++++++++++++++++++++++++++++++++++-- + common/x509.c | 67 ++++++++++++++++- + common/x509.h | 9 ++- + trust/adapter.c | 132 ++++++++++++++++++-------------- + trust/parser.c | 69 ++--------------- + 5 files changed, 335 insertions(+), 133 deletions(-) + +commit 5e4a3ea9b8f254d99544490eed8e17e88c81f975 +Author: Stef Walter +Date: 2013-01-18 + + Add p11_array_clear() function + + * Clears an array without freeing the array itself + + common/array.c | 21 ++++++++++++++------- + common/array.h | 2 ++ + common/tests/test-array.c | 27 +++++++++++++++++++++++++++ + 3 files changed, 43 insertions(+), 7 deletions(-) + +commit 4400d8ecc4525cfc848937dc562c542fc58a533a +Author: Stef Walter +Date: 2013-01-04 + + Implement trust assertion PKCS#11 objects + + * Implement trust assertions for anchored and distrusted certs + * Pinned certificate trust assertions are not implemented yet + * Add an internal tool for pulling apart bits of certificates + + common/oid.h | 1 - + common/tests/Makefile.am | 1 + + common/tests/test-oid.c | 18 +- + doc/p11-kit-trust.xml | 11 + + trust/Makefile.am | 2 +- + trust/adapter.c | 456 ++++++++++++++++++++++++++++++++++++++++ + trust/{mozilla.h => adapter.h} | 8 +- + trust/p11-kit-trust.module | 3 + + trust/parser.c | 5 +- + trust/tests/files/redhat-ca.der | Bin 0 -> 948 bytes + trust/tests/test-parser.c | 352 ++++++++++++++++++++++++++++--- + 11 files changed, 804 insertions(+), 53 deletions(-) + +commit 7e61265ced3f33685b68bb6e2c7505485cfe0177 +Author: Stef Walter +Date: 2013-01-04 + + Refactor how parsing of ASN.1 data and certificate extensions work + + common/Makefile.am | 2 + + common/asn1.c | 551 ++++++++++++++++++++++++++++++++++++++++++++++ + common/asn1.h | 65 ++++++ + common/oid.h | 12 +- + common/tests/Makefile.am | 2 + + common/tests/test-asn1.c | 113 ++++++++++ + common/tests/test-x509.c | 185 ++++++++++++++++ + common/x509.c | 152 +++++++++++++ + common/x509.h | 56 +++++ + trust/mozilla.c | 31 ++- + trust/parser.c | 546 +++------------------------------------------ + trust/parser.h | 14 +- + trust/tests/test-data.h | 28 +-- + trust/tests/test-parser.c | 103 --------- + 14 files changed, 1193 insertions(+), 667 deletions(-) + +commit 8b02ff64b30311a4730b60dd72590435f56fb3a2 +Author: Stef Walter +Date: 2013-01-03 + + Fill in certificate authority and trust data correctly + + * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities + based on the presence of BasicConstraints and/or v1 certificates + * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the + parser is running for anchors or blacklist + * In addition support the concept of blacklisted certificates mixed + in with the anchors (without any purposes) since that's what exists + in the real world. + * We do this after the various hooks have had a chance to mess + with the certificate extensions and such. + + common/oid.h | 9 +- + trust/mozilla.c | 74 +++++----- + trust/parser.c | 351 ++++++++++++++++++++++++++++++++++++---------- + trust/parser.h | 11 +- + trust/tests/test-data.c | 18 ++- + trust/tests/test-data.h | 9 ++ + trust/tests/test-parser.c | 246 ++++++++++++++++++++++++-------- + trust/tests/test-token.c | 2 +- + 8 files changed, 552 insertions(+), 168 deletions(-) + +commit 18bb2582c32f4373f7ed85894fb490f2733cb03b +Author: Stef Walter +Date: 2013-01-02 + + Implement stapled certificate extensions internally + + * Use stapled certificate extensions to represent loaded trust policy + * Build NSS trust objects from stapled certificate extensions + * Add further attribute debugging for NSS trust objects + * Use a custom certificate extension for the OpenSSL reject purpose data + * Use SubjectKeyIdentifier for OpenSSL keyid data + * Use ExtendedKeyUsage for OpenSSL trust purpose data + * Implement simple way to handle binary DER OIDs, using the DER TLV + length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. + * Split out the building of NSS trust objects from the main parser + + common/Makefile.am | 1 + + common/compat.c | 2 +- + common/compat.h | 2 +- + common/oid.c | 100 +++++ + common/oid.h | 209 +++++++++ + common/tests/Makefile.am | 2 + + common/tests/frob-ku.c | 28 +- + common/tests/frob-oid.c | 100 +++++ + common/tests/test-oid.c | 133 ++++++ + trust/Makefile.am | 1 + + trust/mozilla.c | 284 ++++++++++++ + trust/mozilla.h | 44 ++ + trust/parser.c | 724 +++++++++++++++++------------- + trust/parser.h | 39 +- + trust/tests/files/self-signed-with-ku.der | Bin 0 -> 478 bytes + trust/tests/test-data.c | 9 +- + trust/tests/test-parser.c | 159 +++++-- + 17 files changed, 1450 insertions(+), 387 deletions(-) + +commit 3b482acc47ba971406db526ebddf589ad1a8f16e +Author: Stef Walter +Date: 2013-01-02 + + Better debugging and checks for attribute values + + trust/tests/test-data.c | 154 ++++++++++++++++++++++++---------------------- + trust/tests/test-data.h | 32 +++++++++- + trust/tests/test-module.c | 13 ++-- + trust/tests/test-parser.c | 11 ++-- + 4 files changed, 124 insertions(+), 86 deletions(-) + +commit e46c74aef6eee7da3cdfb17077905811b9e04a61 +Author: Stef Walter +Date: 2012-12-19 + + Add tool for testing how fast the token loads + + trust/tests/Makefile.am | 1 + + trust/tests/frob-token.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 65 insertions(+) + +commit 83af40091fdc50a1da21d6cd2582ecef759bfb7c +Author: Stef Walter +Date: 2012-12-17 + + Some debug info about which files are being loaded + + trust/token.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +commit 1f47fbffe1befb30a1bd3dfcec079a8a9f2fd957 +Author: Stef Walter +Date: 2012-12-17 + + Test a TRUSTED CERTIFICATE without any trust OIDs + + build/certs/Makefile.am | 2 ++ + build/certs/redhat-newca.der | Bin 0 -> 948 bytes + trust/tests/files/distrusted.pem | 23 +++++++++++++++++++++++ + trust/tests/test-parser.c | 15 +++++++++++++++ + 4 files changed, 40 insertions(+) + +commit 75654253498993ff1638e0e64440c335b54df1db +Author: Stef Walter +Date: 2012-12-17 + + Add the builtin roots NSS specific object + + This tells NSS that this is a source of anchors. + + doc/p11-kit-trust.xml | 5 ++++- + trust/tests/test-module.c | 27 +++++++++++++++++++++++++++ + trust/tests/test-token.c | 6 +++--- + trust/token.c | 28 +++++++++++++++++++++++++++- + 4 files changed, 61 insertions(+), 5 deletions(-) + +commit c2dcd0b3cb1ccac4eff98044d43d3f8696094644 +Author: Stef Walter +Date: 2012-12-17 + + Add support for openssl TRUSTED CERTIFICATE PEM files + + build/certs/Makefile.am | 3 + + common/Makefile.am | 2 + + common/openssl.asn | 28 ++++ + common/openssl.asn.h | 28 ++++ + doc/p11-kit-trust.xml | 8 ++ + trust/parser.c | 244 ++++++++++++++++++++++++++++------ + trust/tests/files/cacert3-trusted.pem | 43 ++++++ + trust/tests/test-parser.c | 52 ++++++++ + 8 files changed, 368 insertions(+), 40 deletions(-) + +commit a286df75050db8b306685cb22e491d11be842584 +Author: Stef Walter +Date: 2012-12-17 + + Add support for parsing PEM files + + build/certs/Makefile.am | 1 + + common/Makefile.am | 2 + + common/base64.c | 192 +++++++++++++++++++++++++++++++ + common/base64.h | 53 +++++++++ + common/pem.c | 241 +++++++++++++++++++++++++++++++++++++++ + common/pem.h | 50 +++++++++ + common/tests/Makefile.am | 14 ++- + common/tests/test-pem.c | 254 ++++++++++++++++++++++++++++++++++++++++++ + trust/Makefile.am | 3 +- + trust/parser.c | 38 +++++++ + trust/tests/files/cacert3.pem | 42 +++++++ + trust/tests/test-parser.c | 26 +++++ + 12 files changed, 910 insertions(+), 6 deletions(-) + +commit 5147d71466455b3d087b3f3a7472a35e8216c55a +Author: Stef Walter +Date: 2013-01-24 + + Add basic trust module + + This is based off the roots-store from gnome-keyring and loads + certificates from a root directory and exposes them as PKCS#11 + objects. + + Makefile.am | 7 + + build/Makefile.am | 2 + + build/certs/Makefile.am | 27 + + build/certs/cacert-ca.der | Bin 0 -> 1857 bytes + build/certs/cacert3.der | Bin 0 -> 1885 bytes + build/certs/self-server.der | Bin 0 -> 396 bytes + build/certs/self-signed-with-eku.der | Bin 0 -> 480 bytes + build/certs/self-signed-with-ku.der | Bin 0 -> 501 bytes + build/certs/testing-ca.der | Bin 0 -> 970 bytes + build/certs/testing-server.der | Bin 0 -> 554 bytes + build/certs/with-eku.conf | 19 + + build/certs/with-ku.conf | 19 + + common/Makefile.am | 15 +- + common/compat.c | 107 ++ + common/compat.h | 17 +- + common/debug.c | 1 + + common/debug.h | 11 + + common/pkix.asn | 566 ++++++++ + common/pkix.asn.h | 408 ++++++ + common/tests/Makefile.am | 20 +- + common/tests/frob-cert.c | 147 ++ + common/tests/frob-eku.c | 101 ++ + common/tests/frob-ku.c | 134 ++ + configure.ac | 128 +- + doc/Makefile.am | 2 + + doc/p11-kit-config.xml | 10 + + doc/p11-kit-devel.xml | 24 + + doc/p11-kit-docs.sgml | 1 + + doc/p11-kit-trust.xml | 90 ++ + doc/style.css | 6 +- + p11-kit/Makefile.am | 1 + + p11-kit/conf.c | 37 - + p11-kit/p11-kit-1.pc.in | 3 + + trust/Makefile.am | 52 + + trust/module.c | 1517 +++++++++++++++++++++ + trust/module.h | 42 + + trust/p11-kit-trust.module | 6 + + trust/parser.c | 1103 +++++++++++++++ + trust/parser.h | 108 ++ + trust/session.c | 206 +++ + trust/session.h | 78 ++ + trust/tests/Makefile.am | 44 + + trust/tests/anchors/cacert3.der | Bin 0 -> 1885 bytes + trust/tests/anchors/testing-ca.der | Bin 0 -> 970 bytes + trust/tests/certificates/cacert-ca.der | Bin 0 -> 1857 bytes + trust/tests/certificates/self-signed-with-eku.der | Bin 0 -> 480 bytes + trust/tests/certificates/self-signed-with-ku.der | Bin 0 -> 501 bytes + trust/tests/files/cacert-ca.der | Bin 0 -> 1857 bytes + trust/tests/files/cacert3.der | Bin 0 -> 1885 bytes + trust/tests/files/self-server.der | Bin 0 -> 396 bytes + trust/tests/files/testing-server.der | Bin 0 -> 554 bytes + trust/tests/files/unrecognized-file.txt | 1 + + trust/tests/test-data.c | 128 ++ + trust/tests/test-data.h | 220 +++ + trust/tests/test-module.c | 331 +++++ + trust/tests/test-parser.c | 315 +++++ + trust/tests/test-session.c | 160 +++ + trust/tests/test-token.c | 106 ++ + trust/token.c | 256 ++++ + trust/token.h | 51 + + 60 files changed, 6580 insertions(+), 47 deletions(-) + +commit 603c7d4eb996f51178ccc9d235597497bbb2c7a4 +Author: Stef Walter +Date: 2013-01-24 + + Add basic checksum algorithms + + The SHA-1 and MD5 digests here are used for checksums in legacy + protocols. We don't use them in cryptographic contexts at all. + These particular algorithms would be poor choices for that. + + .gitignore | 4 +- + common/Makefile.am | 9 + + common/checksum.c | 542 +++++++++++++++++++++++++++++++++++++++++++ + common/checksum.h | 60 +++++ + common/tests/Makefile.am | 2 + + common/tests/test-checksum.c | 151 ++++++++++++ + 6 files changed, 766 insertions(+), 2 deletions(-) + +commit f6db686846480e0611879c5f4751955a53859808 +Author: Stef Walter +Date: 2013-02-05 + + Remove the unused err() function and friends + + We want to use p11_message in our commands anyway, since that + allows us control with --verbose and --quiet. + + common/compat.c | 164 -------------------------------------------------------- + common/compat.h | 23 -------- + 2 files changed, 187 deletions(-) + +commit 1ac3edf711b1cdb5e7fb8b1d6321fa855e07c1da +Author: Stef Walter +Date: 2013-02-05 + + Tweak style of the manual + + * Unindent the main headings + * Don't wrap options + * Better spacing in table of contents + * Don't have line numbers on code examples + + doc/Makefile.am | 5 ++++- + doc/p11-kit-devel.xml | 4 ---- + doc/p11-kit.xml | 2 -- + doc/style.css | 23 +++++++++++++++++++++++ + 4 files changed, 27 insertions(+), 7 deletions(-) + +commit 866e3204cee593817850f5e5c23a0bcf7af9c591 +Author: Stef Walter +Date: 2013-02-05 + + Add documentation about contributing to p11-kit + + HACKING | 34 ++------ + doc/Makefile.am | 2 +- + doc/p11-kit-config.xml | 4 +- + doc/p11-kit-devel.xml | 223 +++++++++++++++++++++++++++++++++++++++++++++++++ + doc/p11-kit-docs.sgml | 13 +-- + doc/p11-kit-notes.xml | 48 ----------- + 6 files changed, 241 insertions(+), 83 deletions(-) + +commit 28777eeebf38c13a43d0118a86391d2a487ad15b +Author: Stef Walter +Date: 2013-02-05 + + Add a p11-kit tool manual page + + .gitignore | 1 + + configure.ac | 4 ++ + doc/Makefile.am | 33 +++++++++++++- + doc/p11-kit-docs.sgml | 5 +++ + doc/p11-kit.xml | 122 ++++++++++++++++++++++++++++++++++++-------------- + 5 files changed, 130 insertions(+), 35 deletions(-) + +commit 23b18cb345afe061274ff73cd66fe8e6672fbcd4 +Author: Stef Walter +Date: 2013-02-05 + + Change the documentation configure arg to --enable-doc + + * We're building more than just the gtk-doc reference + + Makefile.am | 2 +- + configure.ac | 41 +++++++++++++++++++++++------------------ + 2 files changed, 24 insertions(+), 19 deletions(-) + +commit 85751aa21dd9b93d8eb51e36767b5564ce6ce005 +Author: Stef Walter +Date: 2013-01-29 + + Add a /usr/share/p11-kit/modules directory for package module configs + + * Try to make /etc/pkcs11/modules for administrator use + * Override the old pkg-config variables to help packages start + using the new location + + configure.ac | 3 +++ + doc/p11-kit-notes.xml | 4 ++-- + p11-kit/Makefile.am | 4 ++++ + p11-kit/conf.c | 8 ++++++-- + p11-kit/conf.h | 3 ++- + p11-kit/modules.c | 4 +++- + p11-kit/p11-kit-1.pc.in | 13 +++++++------ + p11-kit/tests/conf-test.c | 4 ++++ + .../files/{system-modules => package-modules}/four.module | 0 + .../{system-modules => package-modules}/win32/four.module | 0 + 10 files changed, 31 insertions(+), 12 deletions(-) + +commit a9790a21302f47016a88ba9a2c904bed11efb388 +Author: Stef Walter +Date: 2013-01-29 + + Make the p11-kit tool have distinct commands + + * Change the -l argument into the list-modules command. + * Add proper functions for printing usage + * Support for external commands in the path or /usr/share/p11-kit + + tools/Makefile.am | 9 +- + tools/{p11-kit.c => list.c} | 99 +++++++------ + tools/tool.c | 337 ++++++++++++++++++++++++++++++++++++++++++++ + tools/tool.h | 56 ++++++++ + 4 files changed, 459 insertions(+), 42 deletions(-) + +commit 15163fb9b7b03543da02d74d75d0f49c314f1c33 +Author: Stef Walter +Date: 2013-01-29 + + Add p11_kit_be_loud() function for use in tests and tools + + This does the opposite of p11_kit_be_quiet(). + + doc/p11-kit-sections.txt | 1 + + p11-kit/p11-kit.h | 2 ++ + p11-kit/util.c | 14 ++++++++++++++ + 3 files changed, 17 insertions(+) + +commit cba41e5a46893b16cfbd845d55285894f4a43408 +Author: Stef Walter +Date: 2012-08-23 + + Add internal function for turning on messages + + To be used from tests + + common/library.c | 8 ++++++++ + common/library.h | 2 ++ + 2 files changed, 10 insertions(+) + +commit 43a3f5df8124bb85567feb18975d19fa1b639b9f +Author: Stef Walter +Date: 2013-01-24 + + Add more mock-module implementation + + * Move mock code into the common/ directory to be used by multiple + components of p11-kit + + common/Makefile.am | 5 + + common/mock.c | 3117 ++++++++++++++++++++++++++++++++++++++++ + common/mock.h | 696 +++++++++ + doc/Makefile.am | 3 + + p11-kit/tests/Makefile.am | 14 +- + p11-kit/tests/mock-module-ep.c | 4 +- + p11-kit/tests/mock-module.c | 898 ------------ + p11-kit/tests/mock-module.h | 337 ----- + p11-kit/tests/test-init.c | 4 +- + 9 files changed, 3835 insertions(+), 1243 deletions(-) + +commit 7ddff6795830deff6ec5fb1b8b0c704fbdea2c97 +Author: Stef Walter +Date: 2013-01-24 + + Further tweaks and cleanup for functions dealing with PKCS#11 attributes + + * Check that the size is correct when looking for a boolean + or a ulong. + * Make sure that the length is not the invalid negative ulong. + * Functions for dumping out attribute contents + * Make it possible to use attributes in hash tables + + common/attrs.c | 795 +++++++++++++++++++++++++++++++++++++++++++--- + common/attrs.h | 59 +++- + common/tests/test-attrs.c | 126 +++++++- + 3 files changed, 910 insertions(+), 70 deletions(-) + +commit 322b4739cb51aa45568d9479224f2b07ac82a35f +Author: Stef Walter +Date: 2013-01-24 + + Add generic buffer code + + Represents a block of memory that can be added to, parsed and so on + + common/Makefile.am | 1 + + common/buffer.c | 180 ++++++++++++++++++++++++++++++++++++++ + common/buffer.h | 82 +++++++++++++++++ + common/tests/Makefile.am | 1 + + common/tests/test-buffer.c | 214 +++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/uri.c | 93 ++++++++------------ + 6 files changed, 515 insertions(+), 56 deletions(-) + +commit b28c936bd281c4b7ff9ed0f621b840f6d5a4b328 +Author: Stef Walter +Date: 2013-01-23 + + Use the stdbool.h C99 bool type + + It was getting really wild knowing whether a function returning + an int would return -1 on failure or 0 or whether the int return + value was actually a number etc.. + + common/array.c | 16 +++--- + common/array.h | 4 +- + common/attrs.c | 12 ++--- + common/compat.h | 8 +++ + common/debug.c | 8 +-- + common/debug.h | 14 +++--- + common/dict.c | 41 +++++++-------- + common/dict.h | 26 +++++----- + common/library.c | 4 +- + common/tests/test-dict.c | 90 +++++++++++++++++---------------- + configure.ac | 2 +- + p11-kit/conf.c | 58 +++++++++++----------- + p11-kit/conf.h | 6 +-- + p11-kit/modules.c | 32 ++++++------ + p11-kit/pin.c | 22 ++++----- + p11-kit/tests/conf-test.c | 19 +++++-- + p11-kit/tests/mock-module.c | 14 +++--- + p11-kit/tests/uri-test.c | 41 +++++++++++++-- + p11-kit/uri.c | 118 ++++++++++++++++++++++++++------------------ + tools/p11-kit.c | 10 ++-- + 20 files changed, 311 insertions(+), 234 deletions(-) + +commit 4671352fe2a4f56c6707322dcab0015e2e8600c4 +Author: Stef Walter +Date: 2012-12-17 + + Only initialize p11-kit libraries once + + * Make the gcc constructor call p11_library_init_once() + + common/library.c | 14 ++++++++++---- + common/library.h | 6 ++++-- + 2 files changed, 14 insertions(+), 6 deletions(-) + +commit b39c9a7792824dfa8a05926261315356d9007098 +Author: Stef Walter +Date: 2012-12-10 + + Set strict debug preconditions during testing + + common/tests/test-attrs.c | 4 ++++ + p11-kit/tests/conf-test.c | 1 + + p11-kit/tests/pin-test.c | 1 + + p11-kit/tests/progname-test.c | 1 + + p11-kit/tests/test-init.c | 1 + + p11-kit/tests/test-modules.c | 1 + + p11-kit/tests/uri-test.c | 1 + + 7 files changed, 10 insertions(+) + +commit 3ebc9a78d4bca0b630a8b887ab93d6cc654f2cb2 +Author: Stef Walter +Date: 2013-01-07 + + Add common functions for manipulating CK_ATTRIBUTE arrays + + common/Makefile.am | 1 + + common/attrs.c | 310 +++++++++++++++++++++++++++ + common/attrs.h | 86 ++++++++ + common/tests/Makefile.am | 1 + + common/tests/test-attrs.c | 518 ++++++++++++++++++++++++++++++++++++++++++++++ + configure.ac | 2 +- + p11-kit/tests/uri-test.c | 6 +- + p11-kit/uri.c | 207 +++++------------- + 8 files changed, 977 insertions(+), 154 deletions(-) + +commit 4a0bd25fcafae57ef2ae0cfe8676eee2332d5951 +Author: Stef Walter +Date: 2013-01-02 + + Move the pkcs11.h header files into common directory + + * Allows use of them across the whole project + * Put a stub file in the p11-kit/ directory, so we can still refer + to the headers using that path, which is what it will be at + when in the installed includes directory. + + common/Makefile.am | 7 + + common/pkcs11.h | 1373 +++++++++++++++++++++++++++++++++++++++++++++++++ + common/pkcs11x.h | 155 ++++++ + p11-kit/Makefile.am | 3 +- + p11-kit/pkcs11.h | 1413 ++------------------------------------------------- + 5 files changed, 1577 insertions(+), 1374 deletions(-) + +commit 8fb222266c5bf9181cd934c27528507d45476dad +Author: Stef Walter +Date: 2013-01-08 + + Build common code into noinst libraries + + * This is cleaner than building the same source files all over + the place over and over. + * Works better with code coverage. + + common/Makefile.am | 12 ++++++++++-- + common/tests/Makefile.am | 14 +++++--------- + p11-kit/Makefile.am | 34 ++++++++-------------------------- + p11-kit/tests/Makefile.am | 8 ++++++-- + tools/Makefile.am | 12 ++++++++---- + 5 files changed, 37 insertions(+), 43 deletions(-) + +commit 3d503948450d69293a3fdfec096e398fedf714f2 +Author: Stef Walter +Date: 2012-12-06 + + Move debug and library code into the common/ subdirectory + + Start using p11_ as our internal prefix rather than _p11_. We explicitly + export p11_kit_ so this is fine as far as visibility. + + Move the threading, mutex, and module compat, dict, and array code + into the common directory too. + + Take this opportunity to clean up a bit of internal API as well, + since so many lines are being touched internally. + + .gitignore | 32 ++- + Makefile.am | 13 +- + build/Makefile.am | 11 + + build/Makefile.tests | 8 + + {tests => build}/cutest/CuTest.c | 0 + {tests => build}/cutest/CuTest.h | 0 + {tests => build}/cutest/README.txt | 0 + {tests => build}/cutest/license.txt | 0 + {m4 => build/m4}/.empty | 0 + common/Makefile.am | 11 + + p11-kit/ptr-array.c => common/array.c | 89 ++---- + p11-kit/ptr-array.h => common/array.h | 35 ++- + common/compat.c | 95 ++++++ + common/compat.h | 123 ++++++++ + {p11-kit => common}/debug.c | 20 +- + {p11-kit => common}/debug.h | 74 ++--- + p11-kit/hashmap.c => common/dict.c | 244 ++++++++-------- + p11-kit/hashmap.h => common/dict.h | 101 +++---- + common/library.c | 286 ++++++++++++++++++ + common/library.h | 80 ++++++ + common/tests/Makefile.am | 32 +++ + common/tests/test-array.c | 194 +++++++++++++ + tests/hash-test.c => common/tests/test-dict.c | 158 +++++----- + configure.ac | 7 +- + doc/Makefile.am | 11 +- + p11-kit/Makefile.am | 54 ++-- + p11-kit/conf.c | 116 ++++---- + p11-kit/conf.h | 14 +- + p11-kit/modules.c | 318 +++++++++++---------- + p11-kit/pin.c | 78 ++--- + p11-kit/private.h | 41 --- + p11-kit/proxy.c | 86 +++--- + {tests => p11-kit/tests}/Makefile.am | 25 +- + {tests => p11-kit/tests}/conf-test.c | 201 ++++++------- + .../tests}/files/system-modules/four.module | 0 + .../tests}/files/system-modules/one.module | 0 + .../files/system-modules/two-duplicate.module | 0 + .../tests}/files/system-modules/two.badname | 0 + .../tests}/files/system-modules/win32/four.module | 0 + .../tests}/files/system-modules/win32/one.module | 0 + .../system-modules/win32/two-duplicate.module | 0 + .../tests}/files/system-modules/win32/two.badname | 0 + {tests => p11-kit/tests}/files/system-pkcs11.conf | 0 + {tests => p11-kit/tests}/files/test-1.conf | 0 + {tests => p11-kit/tests}/files/test-pinfile | 0 + {tests => p11-kit/tests}/files/test-pinfile-large | 0 + .../tests}/files/test-system-invalid.conf | 0 + .../tests}/files/test-system-merge.conf | 0 + .../tests}/files/test-system-none.conf | 0 + .../tests}/files/test-system-only.conf | 0 + .../tests}/files/test-user-invalid.conf | 0 + {tests => p11-kit/tests}/files/test-user-only.conf | 0 + {tests => p11-kit/tests}/files/test-user.conf | 0 + .../tests}/files/user-modules/one.module | 0 + .../tests}/files/user-modules/three.module | 0 + .../tests}/files/user-modules/win32/one.module | 0 + .../tests}/files/user-modules/win32/three.module | 0 + {tests => p11-kit/tests}/mock-module-ep.c | 0 + {tests => p11-kit/tests}/mock-module.c | 16 +- + {tests => p11-kit/tests}/mock-module.h | 0 + {tests => p11-kit/tests}/pin-test.c | 4 +- + {tests => p11-kit/tests}/print-messages.c | 0 + {tests => p11-kit/tests}/progname-test.c | 21 +- + {tests => p11-kit/tests}/test-init.c | 31 +- + {tests => p11-kit/tests}/test-modules.c | 25 +- + {tests => p11-kit/tests}/uri-test.c | 4 +- + p11-kit/uri.c | 6 +- + p11-kit/util.c | 318 ++------------------- + p11-kit/util.h | 158 ---------- + tests/ptr-array-test.c | 257 ----------------- + 70 files changed, 1746 insertions(+), 1651 deletions(-) + +commit c343f355b6abfe65adc696b57b18dc57c834acbc +Author: Pankaj Sharma +Date: 2012-12-24 + + Fix leak when initializing the proxy module + + https://bugs.freedesktop.org/show_bug.cgi?id=58704 + + p11-kit/proxy.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 8b4c3561d9681096d588d599d049a77bea68470b +Author: Stef Walter +Date: 2013-01-09 + + Documentation fixes for PIN functions + + p11-kit/pin.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +commit e8aa2fa8f3a085ca514e7b305ff91e2c77e5e6f4 +Author: Pankaj Sharma +Date: 2012-12-24 + + Fix file descriptor leak in p11_kit_pin_file_callback() + + * Close the file descriptor used to read the the pin file + + https://bugs.freedesktop.org/show_bug.cgi?id=58706 + + p11-kit/pin.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 488a466935d7995c803880ed258792f8a99095c0 +Author: Stef Walter +Date: 2013-01-08 + + Distribute HACKING in the tarball + + Makefile.am | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +commit 6ac5af8deece74c383c912f2003b9650c87317b8 +Author: Stef Walter +Date: 2013-01-07 + + Fix documentation warnings. + + * P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably + never actually be returned. But kept for API compatibility. + * make distcheck doc fix + + doc/Makefile.am | 2 +- + doc/p11-kit-sections.txt | 3 ++- + p11-kit/uri.c | 9 ++++++--- + 3 files changed, 9 insertions(+), 5 deletions(-) + +commit e2b5bba185c96bf4ecddfe22d34ace02706122b4 +Author: Stef Walter +Date: 2013-01-07 + + Guarantee that the key is freed when replaced + + * When setting a key in a map that already exists, then free + the old key and replace with the new one. + * Fix related bug where key was not properly allocated + * Add tests for this + + https://bugs.freedesktop.org/show_bug.cgi?id=59087 + + p11-kit/hashmap.c | 7 ++- + p11-kit/modules.c | 6 ++- + tests/hash-test.c | 124 +++++++++++++++++++++++++++++++++++++++--------------- + 3 files changed, 102 insertions(+), 35 deletions(-) + +commit 1559a3e43637406c8b56e880ba00c96bdd16462c +Author: Stef Walter +Date: 2012-11-14 + + Don't complain if we cannot access ~/.pkcs11/pkcs11.conf + + * If a process is running under selinux it may not be able + to access the home directory of the uid that it is running as. + + https://bugs.freedesktop.org/show_bug.cgi?id=57115 + + p11-kit/conf.c | 42 +++++++++++++++++++++++++++++++++--------- + p11-kit/conf.h | 1 + + 2 files changed, 34 insertions(+), 9 deletions(-) + +commit b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea +Author: Stef Walter +Date: 2012-09-18 + + Refuse to load the p11-kit-proxy.so as a registered module + + * Since p11-kit-proxy.so is a symlink to the libp11-kit.so library + we check that we are not calling into our known CK_FUNCTION_LIST + for the proxy code. + * Although such a configuration is invalid, detecting this directly + prevents strange initialization loop issues that are hard to debug. + + https://bugs.freedesktop.org/show_bug.cgi?id=55052 + + p11-kit/modules.c | 14 ++++++++++---- + p11-kit/private.h | 1 + + p11-kit/proxy.c | 7 ++----- + 3 files changed, 13 insertions(+), 9 deletions(-) + +commit 3e82c6182d913a3fd5cf904342a9a6fa44aef0d6 +Author: Stef Walter +Date: 2012-09-18 + + Don't fail initialization if last initialized module fails + + * We weren't resetting the result code after a failure, + so even though failures for critical modules didn't interrupt + the initialization loop, the result still leaked to callers. + * Also print an error message clearly indicating that a module + failed to initialize, regardless of whether critical or not. + + https://bugs.freedesktop.org/show_bug.cgi?id=55051 + + p11-kit/modules.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +commit 37889e5f7ca5e2e45442f98dc84efb70d2acf907 +Author: Stef Walter +Date: 2012-09-06 + + Release version 0.14 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +commit bb6949da2fd071d879a13f8e24389fef697b451a +Author: Stef Walter +Date: 2012-09-06 + + Change the default of 'user-config' to merge. + + * This allows user configured PKCS#11 modules by default. + * Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf + to go back to the previous behavior. + * Posted to the mailing list. + + doc/p11-kit-config.xml | 4 ++-- + p11-kit/conf.c | 2 +- + p11-kit/pkcs11.conf.example.in | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +commit 56860b7f72c444eed5923e11d735b85b630a171d +Author: Antoine Jacoutot +Date: 2012-08-23 + + configure.ac: Fix bogus comma, and fix up spacing + + * Fixes a mistake in the previous commit + + https://bugs.freedesktop.org/show_bug.cgi?id=53706 + + configure.ac | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +commit 359bb15bc83484e4de69fa8dbc9113d97817d01e +Author: Antoine Jacoutot +Date: 2012-08-21 + + Use AC_LANG_PROGRAM to detect program_invocation_short_name functionality + + Were erroneusly detecting program_invocation_short_name on OpenBSD + + https://bugs.freedesktop.org/show_bug.cgi?id=53706 + + configure.ac | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +commit 61abcb61e8b8e988dd03cfd4553f29132a8ca38a +Author: Rob McMahon +Date: 2012-07-31 + + Fix build on solaris + + * Conditional inclusion of the errno.h header + * Link librt when appropriate for nanosleep + + https://bugs.freedesktop.org/show_bug.cgi?id=52261 + + common/compat.h | 4 ++++ + configure.ac | 4 +++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +commit 76180db6b326f8c87aef5b3eded9463432ce8d82 +Author: Dan Winship +Date: 2012-07-27 + + Always encode the "id" attribute in URIs + + Per recommendation of the spec. + + https://bugs.freedesktop.org/show_bug.cgi?id=52606 + + p11-kit/uri.c | 24 ++++++++++++++---------- + tests/uri-test.c | 2 +- + 2 files changed, 15 insertions(+), 11 deletions(-) + +commit c6fc7b3ac4c6d4595f17989cff220d6d6dafe620 +Author: Stef Walter +Date: 2012-07-17 + + Initialize mutexes correctly in mock module + + https://bugzilla.gnome.org/show_bug.cgi?id=44740 + + tests/mock-module-ep.c | 1 + + tests/mock-module.c | 6 +++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit 1f428d62a13e481aa51d1fcee0c4652dc9ef7a72 +Author: Stef Walter +Date: 2012-07-17 + + Fix warning on windows + + https://bugzilla.gnome.org/show_bug.cgi?id=44740 + + tests/conf-test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 542cb48951b7c4c21ca3669d07bf936b0fa58b42 +Author: Stef Walter +Date: 2012-07-17 + + Don't rely on loading order for duplicate modules + + * We had relied on module 'two' loading before 'two-duplicate' + in the conf tests. However this isn't always the case, and the + name of the module can end up as 'two-duplicate' + + https://bugzilla.gnome.org/show_bug.cgi?id=44740 + + tests/Makefile.am | 7 ++++++- + tests/files/system-modules/four.module | 3 +++ + tests/files/system-modules/two.badname | 2 -- + tests/files/system-modules/win32/four.module | 3 +++ + tests/test-modules.c | 6 +++--- + 5 files changed, 15 insertions(+), 6 deletions(-) + +commit 06595e93ff57e97adbb313aebc50a2e32acd6039 +Author: Stef Walter +Date: 2012-07-17 + + Use Windows thread ids instead of handles for comparisons + + * It seems that the HANDLE's returned from GetCurrentThread + are often equal for two threads. GetCurrentThreadID doesn't + have this problem. + * Separate our cross platform thread_t and thread_id_t types + even though on unix they're the same thing. + + https://bugzilla.gnome.org/show_bug.cgi?id=44740 + + p11-kit/modules.c | 6 +++--- + p11-kit/util.h | 11 ++++++++--- + 2 files changed, 11 insertions(+), 6 deletions(-) + +commit 356377709cd1de1308d9d8cf15f528578a360cf3 +Author: Stef Walter +Date: 2012-07-17 + + Use correct shared library extension on windows + + * The windows shared libraries have the .dll extension + * This means we also need separate directories for the test module + configs on win32 + + https://bugzilla.gnome.org/show_bug.cgi?id=44740 + + configure.ac | 4 ++++ + p11-kit/Makefile.am | 14 ++++++++++++++ + tests/files/system-modules/win32/one.module | 3 +++ + tests/files/system-modules/win32/two-duplicate.module | 3 +++ + tests/files/system-modules/win32/two.badname | 5 +++++ + tests/files/user-modules/win32/one.module | 2 ++ + tests/files/user-modules/win32/three.module | 5 +++++ + tests/test-init.c | 2 +- + 8 files changed, 37 insertions(+), 1 deletion(-) + +commit f10d361a5b523ce7f9289ba8d45ccd847510d619 +Author: Stef Walter +Date: 2012-07-16 + + Use '.module' extension on module configs + + * And want alphanumeric/_.- filenames + * Currently this is just a warning, soon it will be enforced + * The name of a module does not include the extension + + Andreas Metzler and Ubuntu both worked on this patch, and I've made + some more changes. + + See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436 + + https://bugs.freedesktop.org/show_bug.cgi?id=52158 + + doc/p11-kit-config.xml | 7 ++- + p11-kit/conf.c | 56 ++++++++++++++++++++-- + tests/conf-test.c | 23 ++++++--- + tests/files/system-modules/{one => one.module} | 0 + tests/files/system-modules/two | 5 -- + .../{two-duplicate => two-duplicate.module} | 0 + tests/files/system-modules/two.badname | 7 +++ + tests/files/user-modules/{one => one.module} | 0 + tests/files/user-modules/{three => three.module} | 0 + tests/test-modules.c | 4 +- + 10 files changed, 82 insertions(+), 20 deletions(-) + +commit c0251b132cad98318be0565f676b9fa92dd1b8b4 +Author: Stef Walter +Date: 2012-07-24 + + Fix compiler warning about uninitialized variable + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 45c4936ba0d5e3de7813c47811b277bed1c71576 +Author: Stef Walter +Date: 2012-07-24 + + Don't use strict aliasing during compilation + + * Due to the way in which we pass pointers of different types + to _p11_hash_iter_next() + + configure.ac | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 5cd198107374ff1879767679d29df0ce78f9427f +Author: Stef Walter +Date: 2012-07-17 + + Fix getprogname() running under wine + + * Wine uses normal slashes instead of backslashes on windows + + common/compat.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +commit d51914b6483b7ddc806ee3861084aa98ee97a7fb +Author: Stef Walter +Date: 2012-07-17 + + Use EFBIG as the error code when pin file is too large + + * The previous EOVERFLOW was not supported on mingw + + p11-kit/pin.c | 2 +- + tests/pin-test.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +commit 4a6a685c03bd92566c1656f1af3662ca7deecefa +Author: Stef Walter +Date: 2012-07-16 + + Don't define duplicate symbols + + * clang was giving a build failure here. + + tests/mock-module.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 023efacf30a7ae4ee5a76f909f973fa5058bb7b9 +Author: Stef Walter +Date: 2012-07-16 + + Release version 0.13 + + NEWS | 14 ++++++++++++++ + configure.ac | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +commit 413ca6be40a4f9351f12030c791544edd5a52e16 +Author: Stef Walter +Date: 2012-06-29 + + Don't allow reading of pin files larger than 4096 bytes + + * p11_kit_pin_file_callback() only returns pins up to 4096 bytes now + + p11-kit/pin.c | 19 +++++++++------ + tests/files/test-pinfile-large | 53 ++++++++++++++++++++++++++++++++++++++++++ + tests/pin-test.c | 26 +++++++++++++++++++++ + 3 files changed, 91 insertions(+), 7 deletions(-) + +commit da2606bfbbdbd36d5e42bf2acf614735dfc515d2 +Author: Stef Walter +Date: 2012-06-29 + + Win32 build fixes + + * Remove unused functions + * Use getprogname() instead of calc_progname() which no longer exists + * Fix up exporting of functions in the mock module + + common/compat.c | 11 +++++++---- + configure.ac | 2 ++ + p11-kit/util.c | 26 -------------------------- + tests/mock-module-ep.c | 1 + + 4 files changed, 10 insertions(+), 30 deletions(-) + +commit 89602ce99feb7e8c5a37634c3f577532f82eddbd +Author: Stef Walter +Date: 2012-06-27 + + tools: Don't barf when p11-kit -h + + tools/p11-kit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 483db3ee5d0c0e92dd8ecd8bf0cbefaa6254b6eb +Author: Stef Walter +Date: 2012-06-27 + + If a module is not marked 'critical' then ignore failure + + * Ignore failure when initializing registered modules when + 'critical' is not set on a module. + + p11-kit/modules.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +commit 59774b11eb478cc714a6c5da937e89c6089fd833 +Author: Stef Walter +Date: 2012-06-08 + + Fix the flags in pin.h + + * Due to a brain fart the P11_KIT_PIN_* flags were not + bit flags but decimal numbers. + * This necessarily breaks API/ABI for users of the + P11_KIT_PIN_FLAGS_RETRY, P11_KIT_PIN_FLAGS_MANY_TRIES and + P11_KIT_PIN_FLAGS_FINAL_TRY flags. But those wouldn't have + worked anyway. + + p11-kit/pin.h | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +commit caa953cba4d2d0cdd4823eb2f1c4f24bbf18a231 +Author: Stef Walter +Date: 2012-05-13 + + Preconditions to check for input probs and out of memory + + * We don't try to guarantee completely robust and problem + free behavior in cases where the caller or process isn't + behaving. We consider these to be outside of our control. + + HACKING | 31 ++++++++++++ + p11-kit/conf.c | 76 +++++++++--------------------- + p11-kit/debug.c | 19 ++++++++ + p11-kit/debug.h | 30 ++++++++++++ + p11-kit/modules.c | 85 +++++++++++++++++---------------- + p11-kit/pin.c | 138 ++++++++++++++++++++++++++---------------------------- + p11-kit/proxy.c | 27 ++++------- + p11-kit/uri.c | 112 ++++++++++++++++++++------------------------ + p11-kit/uri.h | 4 +- + p11-kit/util.c | 9 ---- + p11-kit/util.h | 2 - + tests/Makefile.am | 3 +- + tests/test-init.c | 68 ++++++++++++++++++++++++++- + tests/uri-test.c | 12 ++++- + 14 files changed, 352 insertions(+), 264 deletions(-) + +commit 7bd4114182fcc86cd2515708fdf4d76622e0237d +Author: Stef Walter +Date: 2012-05-13 + + Use gcc extensions to check varargs during compile + + * Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check + correct printf and NULL terminated style varargs + + common/compat.h | 24 ++++++++++++++++++------ + p11-kit/conf.c | 11 ++++++++--- + p11-kit/debug.h | 4 +++- + p11-kit/modules.c | 7 +++++-- + p11-kit/private.h | 4 +++- + tests/Makefile.am | 1 + + 6 files changed, 38 insertions(+), 13 deletions(-) + +commit 14b0be4353e5c4464cb9f61e419a2f8caf8757d0 +Author: Stef Walter +Date: 2012-05-01 + + Fix test modules linking errors + + * And display warning messages in the debug output + + p11-kit/Makefile.am | 2 ++ + p11-kit/util.c | 1 + + 2 files changed, 3 insertions(+) + +commit fed549ee2049a318081cfce3fde01ae625263d98 +Author: Stef Walter +Date: 2012-05-01 + + Provide compat getprogname() implementations on other OS's + + * And use them in our replacement err() and p11_kit_set_progname() + + common/compat.c | 87 +++++++++++++++++++++++++++++++++++++++-------------- + common/compat.h | 10 ++++-- + p11-kit/Makefile.am | 7 ++++- + p11-kit/util.c | 38 ++--------------------- + tools/Makefile.am | 1 + + tools/p11-kit.c | 2 +- + 6 files changed, 81 insertions(+), 64 deletions(-) + +commit a3bcb9037ddf6657f79f0aae42aa83dd2b8f6b14 +Author: Stef Walter +Date: 2012-04-30 + + Move the compat.[ch] headers into common directory/ + + * And the compat stuff in the p11-kit directory merged + into util.c and util.h + + {tools => common}/compat.c | 0 + {tools => common}/compat.h | 0 + p11-kit/Makefile.am | 3 +- + p11-kit/compat.c | 114 ---------------------------------- + p11-kit/compat.h | 149 --------------------------------------------- + p11-kit/conf.c | 2 +- + p11-kit/debug.c | 1 - + p11-kit/private.h | 2 +- + p11-kit/util.c | 66 ++++++++++++++++++++ + p11-kit/util.h | 111 +++++++++++++++++++++++++++++++++ + tests/mock-module.c | 2 +- + tests/test-init.c | 2 +- + tools/Makefile.am | 3 +- + tools/p11-kit.c | 4 +- + 14 files changed, 186 insertions(+), 273 deletions(-) + +commit eeb40dccb63682367e03f52750355bf5951edff7 +Author: Stef Walter +Date: 2012-04-16 + + Doc tweaks for PIN functionality + + p11-kit/pin.c | 47 ++++++++++++++++++++++++++++------------------- + 1 file changed, 28 insertions(+), 19 deletions(-) + +commit 85f9d306832964f6d6412392f335e1fa3f3efd8b +Author: Stef Walter +Date: 2012-04-02 + + Add tests for enable-in and disable-in + + p11-kit/Makefile.am | 8 +-- + p11-kit/modules.c | 4 +- + tests/Makefile.am | 4 +- + tests/conf-test.c | 16 ++--- + tests/files/system-modules/two | 4 +- + tests/files/system-pkcs11.conf | 3 + + tests/files/user-modules/three | 4 +- + tests/test-modules.c | 156 ++++++++++++++++++++++++++++++++++++++--- + 8 files changed, 171 insertions(+), 28 deletions(-) + +commit d4c5661a695b5fc4a0126a4583e30ef70aea54ac +Author: Stef Walter +Date: 2012-04-02 + + Build some test modules for testing main p11-kit functionality + + * And put together a test for duplicate modules + + p11-kit/Makefile.am | 29 ++++++-- + tests/Makefile.am | 32 +++++++-- + tests/conf-test.c | 16 ++--- + tests/files/system-modules/one | 2 +- + tests/files/system-modules/two | 2 +- + tests/files/system-modules/two-duplicate | 3 + + tests/files/user-modules/three | 2 +- + tests/mock-module-ep.c | 50 ++++++++++++++ + tests/test-modules.c | 111 +++++++++++++++++++++++++++++++ + 9 files changed, 225 insertions(+), 22 deletions(-) + +commit c43038d82edcfd878ff66e3aa7fe247f53876f9b +Author: Stef Walter +Date: 2012-02-27 + + Add more p11-kit cleanup to fix valgrind leak reports + + * per-thread memory isn't actually a real memory leak, but was + still reachable after exit, so clean this up. + + p11-kit/util.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit ff9926b8dcead91e7fc6d08d0ca1d2d8cc982308 +Author: Stef Walter +Date: 2012-04-01 + + Fix crasher when a duplicate module is present + + p11-kit/modules.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +commit a899d9be0cab72dcfe00f100527c52ea598fed70 +Author: Stef Walter +Date: 2012-04-01 + + Add enable-in and disable-in options to module config + + * These can be used to load certain modules in certain + programs, or prevent loading in others. + * Useful for a key manager like seahorse, so we can load + extra modules (think NSS) that other modules shouldn't + load. + + .gitignore | 2 + + configure.ac | 12 ++++- + doc/p11-kit-config.xml | 27 +++++++++++ + doc/p11-kit-sections.txt | 1 + + p11-kit/modules.c | 75 ++++++++++++++++++++++++++++++- + p11-kit/p11-kit.h | 2 + + p11-kit/private.h | 4 ++ + p11-kit/util.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++- + tests/Makefile.am | 2 + + tests/progname-test.c | 110 +++++++++++++++++++++++++++++++++++++++++++++ + 10 files changed, 346 insertions(+), 4 deletions(-) + +commit af8d28014f97ab0d9e4d00961e72aefd7adb470b +Author: Stef Walter +Date: 2012-03-27 + + Fix broken hashmap behavior + + * We were relying on undefined gcc behavior related to the & + operator. + * This would show up as a test failure when running with -O2 on + certain GCC versions, as well as failure on clang 3.1 + + p11-kit/hashmap.c | 12 +++++------- + tests/hash-test.c | 2 -- + 2 files changed, 5 insertions(+), 9 deletions(-) + +commit f40f63c2b608a399df431df366bf681e6b2bb20e +Author: Stef Walter +Date: 2012-03-19 + + Remove p11-kit.pot file from git + + * Generated automatically + + .gitignore | 1 + + po/p11-kit.pot | 343 --------------------------------------------------------- + 2 files changed, 1 insertion(+), 343 deletions(-) + +commit bbd0c4dcde10197df1473ffc5641cafe2173a676 +Author: Stef Walter +Date: 2012-03-09 + + Release version 0.12 + + NEWS | 3 +++ + configure.ac | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +commit 300c84133390363a543854e5cd0ac3dd9018544e +Author: Simon Josefsson +Date: 2012-03-08 + + Fix build problem due to pthread extensions usage + + See: http://ipozgaj.blogspot.com/2006/08/posix-threads-and-manual-pages-rant.htm + + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +commit 632e268fa86ad8ba55d34044ccc325c20c8fc0c7 +Author: Stef Walter +Date: 2012-02-07 + + Release 0.11 + + NEWS | 3 +++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 6 insertions(+), 3 deletions(-) + +commit 53c34e8ff80500d6ef9366453e88c27a3a52ee46 +Author: Stef Walter +Date: 2012-01-23 + + Remove automatic reinitialization of PKCS#11 after fork + + * First of all one should only call async-signal-safe functions + from the callbacks of pthread_atfork(), and so we cannot + reinitialize directly. + * Some modules use pthread_atfork() to detect forking and setup + their internal state. If we call into them in our pthread_atfork() + callback then this is inherently racy. + * There was danger of endless loops and deadlocks which are caused + by handlers which fork in their C_Initialize + * Many processes do fork/exec, reinitializing PKCS#11 for these + forks is quite resourc intensive when the child process won't use + PKCS#11 at all. + + p11-kit/modules.c | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +commit 001d59596a37369d094edcace455f611d9f55908 +Author: Stef Walter +Date: 2012-01-03 + + Release version 0.10 + + NEWS | 3 +++ + configure.ac | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +commit 049e556d043aa6ecfbf32a70dae6e7e5e8eb69d3 +Author: Stef Walter +Date: 2012-01-02 + + Fix build warning on mingw64 + + p11-kit/hashmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 83dcc15d1d97218004137769ff68e2e8119f1d80 +Author: Andreas Metzler +Date: 2011-12-23 + + Compile CuTest.c separately. + + Use regular compile and link instead of having #include "CuTest.c" in + every test. Works around gcc optimization issue. + + tests/Makefile.am | 10 +++++++++- + tests/conf-test.c | 2 -- + tests/hash-test.c | 2 -- + tests/pin-test.c | 2 -- + tests/ptr-array-test.c | 2 -- + tests/test-init.c | 2 -- + tests/uri-test.c | 2 -- + 7 files changed, 9 insertions(+), 13 deletions(-) + +commit 2da833b0ca9539c12745d2f9fef1e7be7c7792dc +Author: Stef Walter +Date: 2011-12-20 + + Reorganize tests, work around optimization bug + + * Encountered a gcc optimization bug in gcc 4.6.1 which seems to + be reordering related function calls eroneously. This bug seems + to be fixed in 4.6.2. + * Reorganize test code to get around this bug building on mingw, + and ubuntu 11.10, both of which use gcc 4.6.1 + + tests/hash-test.c | 45 ++++++++++++++++++++++----------------------- + 1 file changed, 22 insertions(+), 23 deletions(-) + +commit 9328bb7f0aed047dea47e8674e19865d90d423a5 +Author: Andreas Metzler +Date: 2011-12-09 + + Run tests correctly in automake + + * This allows failing tests to stop the build + + tests/Makefile.am | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +commit 336d8af58ea3d00a20a56937b11236a6bf2679dd +Author: Michael Cronenworth +Date: 2011-11-25 + + Build fix for MinGW w64 + + p11-kit/compat.h | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +commit e18725f71e0f070a54d763cbba7797031828dd95 +Author: Stef Walter +Date: 2011-11-14 + + Release version 0.9 + + NEWS | 6 ++++++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 9 insertions(+), 3 deletions(-) + +commit d3dfc6968e54b919c90967a486d20066b0f5bf57 +Author: Stef Walter +Date: 2011-11-02 + + Reduce autofoo dependencies + + * automake 1.10 (although can benefit from some 1.11 features) + * autoconf 2.61 + + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 9ccc74f384ee100ec522e012ea543437b1df123c +Author: Stef Walter +Date: 2011-11-01 + + An intelligent error message when gettextize is not around + + autogen.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 7370d64c18b795a63eda40efcc9e786b821cb7f7 +Author: Stef Walter +Date: 2011-10-30 + + p11-kit can't be used as a static library + + * It just doesn't make sense. + * The initialization refcounting in particular can only work as + a shared library. + + configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +commit df0ed92f44fa168c0d02866796f3707687f43214 +Author: Stef Walter +Date: 2011-10-29 + + Fix problems crashing when freeing TLS on windows + + p11-kit/util.c | 2 ++ + 1 file changed, 2 insertions(+) + +commit 922d53016955c0ff2d6d830d726f0d1ea3a5804b +Author: Stef Walter +Date: 2011-10-29 + + Add debug output to windows init and uninit of library + + p11-kit/util.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +commit c940667c434fe64cf4d01cec0873044c54e7f174 +Author: Stef Walter +Date: 2011-10-29 + + Make build not depend on gtk-doc or pkg-config + + * If enabled, gtk-doc can be used, but we no longer expect the + gtkdoc autoconf/automake macro files to be installed. + * pkg-config is no longer used for checks. + * We still do install pkg-config files, and this is the preferred + way to build against and link to p11-kit. + + configure.ac | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 51 insertions(+), 2 deletions(-) + +commit 0792fefb2bc9d5db038b48855f0b1bb138653332 +Author: Stef Walter +Date: 2011-10-29 + + Handle build case when gettextize is not available or not installed + + autogen.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +commit 969bcab592878322e410f4342a61fccc06b9addd +Author: Stef Walter +Date: 2011-10-27 + + Fix build with clang + + * Just removed some unused functions that used GNUC extensions + + tests/cutest/CuTest.c | 10 ---------- + tests/cutest/CuTest.h | 5 ----- + 2 files changed, 15 deletions(-) + +commit 77bab108dd2a7d1c55468cc991c22397fb5f8ba5 +Author: Dr. Volker Zell +Date: 2011-10-25 + + Fix broken build on cygwin and mingw + + * Add correct linking options for libintl + + p11-kit/Makefile.am | 2 ++ + 1 file changed, 2 insertions(+) + +commit 69f7eaa0508326f07832b91557f9e1ad8e6864c6 +Author: Michael Cronenworth +Date: 2011-10-25 + + Fix broken build on windows + + * The debug_init() call needed a rename to _p11_debug_init() to match + the non-Win32 code. + + p11-kit/util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 190aee9cdf44d257333d7ef9e29113a07f1516c9 +Author: Stef Walter +Date: 2011-10-24 + + Release version 0.8 + + NEWS | 7 +++++++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 10 insertions(+), 3 deletions(-) + +commit 138c046a5ff1b0e532896b4d640c0cba6ead4027 +Author: Stef Walter +Date: 2011-10-24 + + More fixes for non-static function names + + * See previous commit + * Initialize library before debug statements + + p11-kit/conf.c | 8 +++---- + p11-kit/debug.c | 7 ------- + p11-kit/debug.h | 16 +++++++------- + p11-kit/modules.c | 62 +++++++++++++++++++++++++++---------------------------- + p11-kit/proxy.c | 14 ++++++++----- + p11-kit/uri.c | 2 +- + 6 files changed, 53 insertions(+), 56 deletions(-) + +commit 5507dc4946f0a68cece5ec9e7096e0f9b8c55984 +Author: Stef Walter +Date: 2011-10-24 + + Rename non-static functions to have a _p11_xxx prefix. + + * Work around issues with brain-dead linkers not respecting + the libtool -export-symbol-regex argument + + https://bugs.freedesktop.org/show_bug.cgi?id=42020 + + p11-kit/compat.c | 8 +-- + p11-kit/compat.h | 48 +++++++-------- + p11-kit/conf.c | 36 +++++------ + p11-kit/debug.c | 17 +++--- + p11-kit/debug.h | 12 ++-- + p11-kit/hashmap.c | 68 +++++++++++++-------- + p11-kit/hashmap.h | 63 +++++++++---------- + p11-kit/modules.c | 110 ++++++++++++++++----------------- + p11-kit/pin.c | 40 ++++++------ + p11-kit/private.h | 4 +- + p11-kit/proxy.c | 18 +++--- + p11-kit/ptr-array.c | 28 +++++---- + p11-kit/ptr-array.h | 14 ++--- + p11-kit/uri.c | 2 +- + p11-kit/util.c | 12 ++-- + p11-kit/util.h | 2 +- + tests/conf-test.c | 140 +++++++++++++++++++++--------------------- + tests/hash-test.c | 162 ++++++++++++++++++++++++------------------------- + tests/mock-module.c | 10 +-- + tests/ptr-array-test.c | 122 ++++++++++++++++++------------------- + tests/test-init.c | 22 +++---- + tests/uri-test.c | 5 +- + 22 files changed, 484 insertions(+), 459 deletions(-) + +commit db92b76e3acb11e330309ebce071ec2e61400a71 +Author: Stef Walter +Date: 2011-10-17 + + Initial port to win32 + + * Tests do not all yet pass, at least not on wine + * Added abstraction of some non-portable functions in compat.h/c + * Build with an argument like this for win32 support: + ./autogen.sh --host=i586-mingw32msvc + * This win32 port needs more work from interested parties + + .gitignore | 3 + + configure.ac | 35 ++++++-- + doc/Makefile.am | 2 +- + p11-kit/Makefile.am | 1 + + p11-kit/compat.c | 114 ++++++++++++++++++++++++++ + p11-kit/compat.h | 143 ++++++++++++++++++++++++++++++++ + p11-kit/conf.c | 64 ++++++++++----- + p11-kit/debug.c | 31 +++---- + p11-kit/debug.h | 2 + + p11-kit/modules.c | 104 +++++++++++------------- + p11-kit/private.h | 40 +++++++-- + p11-kit/proxy.c | 7 +- + p11-kit/util.c | 188 +++++++++++++++++++++++++++++++++++-------- + tests/Makefile.am | 16 ++-- + tests/conf-test.c | 2 + + tests/mock-module.c | 20 +++-- + tests/mock-module.h | 1 + + tests/pin-test.c | 3 + + tests/test-init.c | 56 +++++++------ + tools/Makefile.am | 4 + + tools/compat.c | 228 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + tools/compat.h | 63 +++++++++++++++ + tools/p11-kit.c | 5 +- + 23 files changed, 952 insertions(+), 180 deletions(-) + +commit b1d9fd5f88ade222fbd2206c7e11c5514c8b5634 +Author: Stef Walter +Date: 2011-10-10 + + Fix up the build options. + + * --enable-debug turns off optimization + * --disable-debug turns off debugging output, debug symbols + * --enable-strict turns on -Werror + + configure.ac | 123 ++++++++++++++++++++++++++++++++--------------------------- + 1 file changed, 66 insertions(+), 57 deletions(-) + +commit 73880f950a7dadf712730222ac1b6ea11400746f +Author: Stef Walter +Date: 2011-10-10 + + Only call C_Initialize and C_Finalize once per module + + * Do not concurretnly call C_Initialize or C_Finalize in a module + * The PKCS#11 spec indicates that mone thread should call those functions. + * It's reasonable for a module to expect to only be initialized or + finalized in one thread. + * In particular NSS does not lock its C_Initialize or C_Finalize. + + p11-kit/modules.c | 117 ++++++++++++++++++++++++++++------------------------ + tests/mock-module.c | 4 +- + tests/test-init.c | 105 +++++++++++++++++++++++++++++++++++++++++++++- + 3 files changed, 168 insertions(+), 58 deletions(-) + +commit 630ce95d7b9ec3ac3cbe71f75910711369274314 +Author: Stef Walter +Date: 2011-10-10 + + Combine initialization tests + + tests/Makefile.am | 14 ++---- + tests/{test-fork.c => test-init.c} | 34 ++++++++++++- + tests/test-recursive.c | 98 -------------------------------------- + 3 files changed, 36 insertions(+), 110 deletions(-) + +commit d5a004ded8a0acdb7aa2100b8e116f19d0d9e402 +Author: Stef Walter +Date: 2011-10-10 + + Don't allow recursive calling of C_Initialize on a given module. + + p11-kit/modules.c | 9 ++++- + tests/Makefile.am | 10 ++++-- + tests/test-recursive.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 114 insertions(+), 3 deletions(-) + +commit 591c1c14f2ebbcbc3f621456e31e2af1d26820b8 +Author: Stef Walter +Date: 2011-10-10 + + Rename p11-kit test + + .gitignore | 2 ++ + tests/Makefile.am | 6 +++--- + tests/{p11-test.c => test-fork.c} | 0 + 3 files changed, 5 insertions(+), 3 deletions(-) + +commit 85d9078be0456de8014a6f186f3916ddb01792d2 +Author: Pino Toscano +Date: 2011-09-30 + + Don't use PATH_MAX unless its defined + + * Fixes build on GNU/Hurd + + https://bugs.freedesktop.org/show_bug.cgi?id=41303 + + p11-kit/modules.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +commit 639aa9e38692ba5001987bb496e10cca14880807 +Author: Stef Walter +Date: 2011-09-28 + + Print more information in 'p11-kit -l' + + tools/p11-kit.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 92 insertions(+) + +commit 67b52ed7d7f298f64be5ead41deeeebab1238d47 +Author: Stef Walter +Date: 2011-09-27 + + Release 0.7 + + NEWS | 5 +++++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 8 insertions(+), 3 deletions(-) + +commit d3e245f579d917d1393624b6ecf3ae0c3748bbb3 +Author: Stef Walter +Date: 2011-09-27 + + Don't expand p11-kit config variables in configure. + + * Expand them later in Makefile and pkg-config file + + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit fcb71c3962314b48e9f8bd7f82673fa4e065607d +Author: Stef Walter +Date: 2011-09-26 + + Add test tool to print out error messages + + * Allows checking of translations + + .gitignore | 1 + + tests/Makefile.am | 3 +- + tests/print-messages.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 140 insertions(+), 1 deletion(-) + +commit a1cc80045864777db8c77e711f0a8efaad949c3e +Author: Andreas Metzler +Date: 2011-09-26 + + Fix quoting of build variables + + https://bugs.freedesktop.org/show_bug.cgi?id=40985 + + p11-kit/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit a081b6652acc9d9a9af22a266f9175f689b8c5d1 +Author: Stef Walter +Date: 2011-09-19 + + Expand the libdir path correctly + + https://bugs.freedesktop.org/show_bug.cgi?id=40985 + + configure.ac | 6 ------ + p11-kit/Makefile.am | 9 ++++++++- + 2 files changed, 8 insertions(+), 7 deletions(-) + +commit 8054865325fdb2221f3e425d04d9e03f6475553e +Author: Roman Bogorodskiy +Date: 2011-09-15 + + Add #include for PATH_MAX to fix compilation on FreeBSD. + + https://bugs.freedesktop.org/show_bug.cgi?id=40923 + + p11-kit/modules.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 67dc760cec1653e9571b7c4e2bada3992c2b8361 +Author: Stef Walter +Date: 2011-09-14 + + Release version 0.6 + + NEWS | 5 +++++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 8 insertions(+), 3 deletions(-) + +commit 11f3f0effb14be788e320d2f75b0d2d769058966 +Author: Stef Walter +Date: 2011-09-14 + + Add documentation about the configuration paths + + * Default module path + * How to lookup paths using pkg-config + + doc/p11-kit-config.xml | 37 ++++++++++++++++++++++--------------- + doc/p11-kit-docs.sgml | 1 + + doc/p11-kit-notes.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + doc/p11-kit.xml | 3 +++ + doc/style.css | 2 ++ + 5 files changed, 76 insertions(+), 15 deletions(-) + +commit 927d2e5927ddad1eafe94c0bcadd76cd73d6297a +Author: Kalev Lember +Date: 2011-09-14 + + When a module has a relative path, load it from $libdir/pkcs11 + + So far we have only supported full paths to the pkcs11 modules in config + files. This change adds relative path support, so that for modules + installed under the standard $libdir/pkcs11, the config file won't have + to spell out the full path. + + configure.ac | 9 ++++++++ + p11-kit/modules.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++--- + p11-kit/p11-kit-1.pc.in | 1 + + 3 files changed, 68 insertions(+), 3 deletions(-) + +commit 138c1efa9af4893536fb7c3a90d3cb1ac24cea89 +Author: Kalev Lember +Date: 2011-09-14 + + Rename pkgconfig configuration directory variables + + Renamed them to reduce ambiguity and to pave the way for exposing + some additional parameters. + + p11_system_modules -> p11_system_config_modules + p11_user_modules -> p11_user_config_modules + + configure --with-pkcs11-dir + => + configure --with-system-config + + configure.ac | 50 ++++++++++++++++++++++-------------------- + p11-kit/Makefile.am | 2 +- + p11-kit/modules.c | 5 +++-- + p11-kit/p11-kit-1.pc.in | 10 +++++---- + p11-kit/pkcs11.conf.example.in | 2 +- + 5 files changed, 37 insertions(+), 32 deletions(-) + +commit 1cecad87a968ab6441b020fafb95f991b97e84b3 +Author: Stef Walter +Date: 2011-08-31 + + Release version 0.5 + + NEWS | 5 +++++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 8 insertions(+), 3 deletions(-) + +commit e06009c33616d07a0687d0adbb5c59ec1c8965af +Author: Stef Walter +Date: 2011-08-30 + + Don't crash if p11_kit_registered_modules() called after failed init + + p11-kit/modules.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +commit fbdb10edfa39ada801af187dd3abaa5c8bf2ae6b +Author: Stef Walter +Date: 2011-08-30 + + Remove useless typedef + + p11-kit/conf.h | 2 -- + 1 file changed, 2 deletions(-) + +commit 21b64c68e6a5ffcae50f3561f6dec6ee943a006f +Author: Stef Walter +Date: 2011-08-30 + + Add 'critical' setting for modules + + * When a module has critical set to 'yes', and that module fails to init + then it aborts the entire init process. + * Defaults to 'no' + + doc/p11-kit-config.xml | 24 ++++++++++++++++++++++-- + p11-kit/conf.c | 18 ++++++++++++++++++ + p11-kit/conf.h | 3 +++ + p11-kit/modules.c | 7 ++++++- + 4 files changed, 49 insertions(+), 3 deletions(-) + +commit 25512ca5a03d723a84d6de67a7036188d08ec21b +Author: Stef Walter +Date: 2011-08-24 + + Fix bugs in the p11-kit proxy module. + + * Initialize the mappings properly + * Lookup session handles correctly + * Debug initialization and finalization + + p11-kit/debug.c | 1 + + p11-kit/debug.h | 3 ++- + p11-kit/proxy.c | 42 ++++++++++++++++++++++++++++-------------- + 3 files changed, 31 insertions(+), 15 deletions(-) + +commit 61c925fda7385392b3961f0b44049b9ff7a68093 +Author: Stef Walter +Date: 2011-08-19 + + Release version 0.4 + + NEWS | 8 ++++++++ + configure.ac | 2 +- + po/p11-kit.pot | 4 ++-- + 3 files changed, 11 insertions(+), 3 deletions(-) + +commit ae95625311e98caa3cccf82d24a3b612df11b26d +Author: Stef Walter +Date: 2011-08-19 + + Ignore spaces in PKCS#11 URIs + + * These should be able to occur anywhere and should be ignored + according to RFC 3986. This is documented in the PKCS#11 URI + specification. + + p11-kit/uri.c | 85 ++++++++++++++++++++++++++++++++++++++++++-------------- + p11-kit/uri.h | 4 +-- + tests/uri-test.c | 24 ++++++++++++++++ + 3 files changed, 90 insertions(+), 23 deletions(-) + +commit d4abb441450deceff760086dcdf9d493b258074a +Author: Stef Walter +Date: 2011-08-14 + + Fix endless loop if module forks during initialization. + + * If a module forks during its C_Initialize, previously our + fork handler would try to initialize it again, ad nauseum. + + Reported by Nikos on the mailing list. + + .gitignore | 1 + + p11-kit/modules.c | 12 +- + tests/Makefile.am | 30 +- + tests/mock-module.c | 886 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + tests/mock-module.h | 336 ++++++++++++++++++++ + tests/p11-test.c | 114 +++++++ + 6 files changed, 1354 insertions(+), 25 deletions(-) + +commit 43169c520292397439bd70fb74e9505d371f7c72 +Author: Stef Walter +Date: 2011-08-14 + + Safer initialization of individually initialized module. + + * More checks for out of memory. + * Take more of the same code paths when initializing a single + module as when initializing registered, or loading from file. + * Cleanup halfway initialized globals if fail during init. + + p11-kit/modules.c | 36 ++++++++++++++++++++++++++++++------ + 1 file changed, 30 insertions(+), 6 deletions(-) + +commit 1e2011a308500632a9fbfb541dafcd73d796f3d5 +Author: Stef Walter +Date: 2011-08-05 + + Update PKCS#11 URI code for new draft of spec + + * pinfile attribute was renamed to pin-source + * objecttype attribute was renamed to object-type + * secretkey value was renamed to secret-key + + We continue to support parsing the old attribute names and values but + generate URIs with the new ones. + + doc/Makefile.am | 2 +- + doc/p11-kit-sections.txt | 2 + + p11-kit/pin.c | 126 +++++++++++++++++++++++------------------------ + p11-kit/pin.h | 10 ++-- + p11-kit/uri.c | 83 +++++++++++++++++++++---------- + p11-kit/uri.h | 9 ++++ + tests/pin-test.c | 38 +++++++------- + tests/uri-test.c | 60 +++++++++++----------- + 8 files changed, 185 insertions(+), 145 deletions(-) + +commit 0a2fd044770d645b7707d2b4926a3214147973a8 +Author: Stef Walter +Date: 2011-08-03 + + Don't fail when duplicate modules are configured. + + * Duplicate modules may be caused by editor backups, misconfigurations + or a multitude of other sources. Failing dead is a bit harsh. + * After discussing gnutls needs with Nikos + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 3b78f626872c637339a3302b8f0607c778aef92c +Author: Stef Walter +Date: 2011-08-03 + + Better debug output for initialization and loading modules. + + p11-kit/modules.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +commit ca48cb81f8e1465fdc4e4b504ea9da0324b30658 +Author: Stef Walter +Date: 2011-08-03 + + Fix broken debug arguments + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit e938d137fee800605b5c11d0c2aa6eae90e205eb +Author: Stef Walter +Date: 2011-08-01 + + Add example configuration documentation. + + * And also install example pkcs11.conf file. + + .gitignore | 1 + + configure.ac | 7 ++++-- + doc/p11-kit-config.xml | 48 ++++++++++++++++++++++++++++++++++++++++++ + p11-kit/Makefile.am | 6 +++++- + p11-kit/pkcs11.conf.example.in | 9 ++++++++ + 5 files changed, 68 insertions(+), 3 deletions(-) + +commit dd6b2c11794a74a33bfa53fec9892cb0c7007e80 +Author: Stef Walter +Date: 2011-07-29 + + Release version 0.3 + + NEWS | 5 +++++ + README | 9 ++++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +commit 24d5da1bfa82e296872ae1ef62dbc073780edf20 +Author: Roman Bogorodskiy +Date: 2011-07-28 + + Fix building with NLS enabled. + + https://bugs.freedesktop.org/show_bug.cgi?id=39622 + + tests/Makefile.am | 17 +++++++++++------ + tools/Makefile.am | 3 ++- + 2 files changed, 13 insertions(+), 7 deletions(-) + +commit 8f4923bcaa66809aa247859b48f2d67d8950097e +Author: Roman Bogorodskiy +Date: 2011-07-28 + + Use AC_SEARCH_LIBS instead of AC_CHECK_LIB for dlopen() to fix on *BSD. + + https://bugs.freedesktop.org/show_bug.cgi?id=39622 + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b1b63063e0da8518e89b485bc4d2827ba2e3fdcf +Author: Stef Walter +Date: 2011-07-28 + + Make p11-kit-proxy.so link point to libp11-kit.so.0.0.0 + + * The link now points to the actual library, rather than to + another link. + + https://bugzilla.redhat.com/show_bug.cgi?id=725905 + + p11-kit/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit daec3faa85c4f463e3b13688f2bc2bbd1b2ae106 +Author: Stef Walter +Date: 2011-07-27 + + Add libtool style versioning variables to p11-kit + + configure.ac | 16 ++++++++++++++++ + p11-kit/Makefile.am | 4 +++- + po/p11-kit.pot | 4 ++-- + 3 files changed, 21 insertions(+), 3 deletions(-) + +commit fb0952dbeb607542b7feab80b1bbd2b1258cd15f +Author: Stef Walter +Date: 2011-07-27 + + Fix bug in hashtable rewrite. + + * Initialization mixup. + + p11-kit/hashmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 9add486d5bbb2ac6a3566e21d729107c26de77a3 +Author: Stef Walter +Date: 2011-07-27 + + Cleanup documentation warnings + + * After recent hash table rewrite we should be ignoring the new + file. + + doc/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 4454fc36a0dd9b6e99e302769084b2964eef34c1 +Author: Stef Walter +Date: 2011-07-27 + + Create a link for the proxy module. + + * Install proxy module at its own path which is not prefixed by 'lib' + * Since the proxy module is the same as the library, and actually + needs to be loaded as the same library in memory (due to resource + tracking per process), use a symlink for proxy. + * Add a variable to the pkg-config file which shows the path + to the proxy module. ie: + $ pkg-config --variable=proxy_module p11-kit-1 + + https://bugzilla.redhat.com/show_bug.cgi?id=725905 + + p11-kit/Makefile.am | 6 +++++- + p11-kit/p11-kit-1.pc.in | 1 + + 2 files changed, 6 insertions(+), 1 deletion(-) + +commit 308a776372eb1560480fbfcb5ef9d918a7a1454f +Author: Stef Walter +Date: 2011-07-27 + + Reimplement and remove apache licensed bits of code. + + * Reimplement the various bits of the hash table that were + still based on the apache apr code. Use different algorithms + for hashing, lookup and other stuff. + * Use this as an opportunity to cleanup that code and make + it more legible. + + https://bugzilla.redhat.com/show_bug.cgi?id=725905 + + COPYING | 22 +- + p11-kit/Makefile.am | 2 +- + p11-kit/conf.c | 50 ++--- + p11-kit/conf.h | 12 +- + p11-kit/hash.c | 473 ------------------------------------------ + p11-kit/hashmap.c | 372 +++++++++++++++++++++++++++++++++ + p11-kit/{hash.h => hashmap.h} | 71 +++---- + p11-kit/modules.c | 62 +++--- + p11-kit/pin.c | 6 +- + p11-kit/proxy.c | 8 +- + tests/conf-test.c | 64 +++--- + tests/hash-test.c | 158 +++++++------- + 12 files changed, 578 insertions(+), 722 deletions(-) + +commit 3bb86b72ca5882b1e5684db837c75df810f283c3 +Author: Stef Walter +Date: 2011-07-21 + + Expand the various pkcs11 config paths properly. + + * Without this the ${prefix} part of the variable wasn't being + expanded and was making it into the #define. + + configure.ac | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +commit 4a3a1e0b8ad676f057e4fb141b4692987e8ce558 +Author: Colin Walters +Date: 2011-07-18 + + configure: Use $sysconfdir for p11_system_conf dir, not hardcoded /etc + + If the user specified sysconfdir, we should respect it. Don't + hardcode /etc. This is important for jhbuild, which uses + /path/to/builddir/etc. + + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 43cf13e1a25da76297cd3397569031d7c3fd3a09 +Author: Stef Walter +Date: 2011-07-19 + + Ignore some built files after recent changes. + + .gitignore | 2 ++ + m4/{empty => .empty} | 0 + 2 files changed, 2 insertions(+) + +commit b59ab92e640e13d10484fffc74ed6a218930c6ab +Author: Colin Walters +Date: 2011-07-18 + + build: Make autogen.sh work + + * We were missing a call to gettextize, which is what copies in config.rpath + * Delete ABOUT-NLS, it is copied in by gettextize + * While we're here, take a page from gtk+'s autogen.sh and just use autoreconf, + instead of specifying everything. + * We need to always have an m4/ directory, so that gettextize works, + so we make a dummy empty file + * Apparently gettextize is totally insane, requiring user input etc. Copy + in some hacks from Avahi's autogen.sh to work around this. + + .gitignore | 1 - + ABOUT-NLS | 1281 ------------------------------------------------------------ + autogen.sh | 17 +- + m4/empty | 1 + + 4 files changed, 12 insertions(+), 1288 deletions(-) + +commit 69dd8b722bcb1a76ff586e71c580f6844412abb9 +Author: Stef Walter +Date: 2011-07-12 + + pin: Fix uninitialized variable + + p11-kit/pin.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 087a815b2b9cd5e0ec44866be1ddddb948583e88 +Author: Stef Walter +Date: 2011-07-07 + + Bump version number, and tweak upload procedure + + .gitignore | 1 + + Makefile.am | 3 ++- + configure.ac | 2 +- + 3 files changed, 4 insertions(+), 2 deletions(-) + +commit e27e943b83401515b8b6acc1da705df6c56416e1 +Author: Stef Walter +Date: 2011-07-07 + + Release version 0.2 + + NEWS | 6 ++++++ + configure.ac | 2 +- + po/p11-kit.pot | 2 +- + 3 files changed, 8 insertions(+), 2 deletions(-) + +commit 98ba6f9ffb95c5473e5e32d296956e91c4fc2715 +Author: Stef Walter +Date: 2011-07-06 + + List labels of all tokens in 'p11-kit -l' + + tools/p11-kit.c | 34 ++++++++++++++++++++++++++++++++-- + 1 file changed, 32 insertions(+), 2 deletions(-) + +commit 883b3ee76c686d14bbc1f20b0805d733a0c227ad +Author: Stef Walter +Date: 2011-07-06 + + More fine tuning of the pin APIs. + + doc/p11-kit-sections.txt | 1 + + p11-kit/pin.c | 18 ++++++++++++++++-- + p11-kit/pin.h | 4 +++- + 3 files changed, 20 insertions(+), 3 deletions(-) + +commit 1ff1a4895b2d5ff5fe559b96034fb1c3855d4b45 +Author: Stef Walter +Date: 2011-06-24 + + Add documentation for PIN callbacks. + + doc/Makefile.am | 2 +- + doc/p11-kit-docs.sgml | 1 + + doc/p11-kit-sections.txt | 19 +++ + p11-kit/pin.c | 328 +++++++++++++++++++++++++++++++++++++---------- + p11-kit/pin.h | 4 +- + tests/pin-test.c | 18 +-- + 6 files changed, 295 insertions(+), 77 deletions(-) + +commit fd7dee836d0b14efc48bf59955c8a12a72561043 +Author: Stef Walter +Date: 2011-06-24 + + Add P11KitPin structure, which encapsulates a returned pin. + + * Lets us use variable size buffers. + * Helps minimize copying. + + p11-kit/pin.c | 171 +++++++++++++++++++++++++++++++++++++++++++---- + p11-kit/pin.h | 44 ++++++++---- + tests/files/test-pinfile | 1 + + tests/pin-test.c | 161 ++++++++++++++++++++++++++++++-------------- + 4 files changed, 302 insertions(+), 75 deletions(-) + +commit 2cc2ab90a6b96ea75dfe4d6413e41539075e8f8a +Author: Stef Walter +Date: 2011-06-21 + + Rename p11_kit_pin_read_pinfile to p11_kit_pin_retrieve + + * Fix up duplicate register logic as well. + + p11-kit/pin.c | 13 +++++++------ + p11-kit/pin.h | 4 ++-- + tests/pin-test.c | 38 +++++++++++++++++++------------------- + 3 files changed, 28 insertions(+), 27 deletions(-) + +commit f1ca5d5b57909534d8b21f9be455c94ca57e6636 +Author: Stef Walter +Date: 2011-06-20 + + Implement support for registering and calling pinfile callbacks + + * These are callbacks that hanlde the pinfile part of a PKCS#11 URI. + * One library can register a callback that another can then call + in a thread-safe and simple fashion. + + .gitignore | 2 + + p11-kit/Makefile.am | 3 + + p11-kit/pin.c | 332 +++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/pin.h | 85 +++++++++++++ + p11-kit/ptr-array.c | 150 ++++++++++++++++++++++ + p11-kit/ptr-array.h | 61 +++++++++ + tests/Makefile.am | 12 +- + tests/pin-test.c | 237 +++++++++++++++++++++++++++++++++++ + tests/ptr-array-test.c | 259 ++++++++++++++++++++++++++++++++++++++ + 9 files changed, 1140 insertions(+), 1 deletion(-) + +commit 0a793a9e462727f434f6283a712b37ab30df5e95 +Author: Stef Walter +Date: 2011-06-16 + + Fix logic error loading registered modules. + + Thanks to Richard Bellgrim. + + p11-kit/modules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit b1b62f1b0856821d046ed92be076f9b9f8c664a9 +Author: Stef Walter +Date: 2011-06-09 + + Update pkcs11.h with PKCS#11 2.20 ammendments. + + p11-kit/pkcs11.h | 22 +++++++++++++++++++--- + 1 file changed, 19 insertions(+), 3 deletions(-) + +commit 6d36c108a0f00f7485967b528b2a9f7c22173a5b +Author: Stef Walter +Date: 2011-06-09 + + Fixed typos and made options clearer. + + doc/p11-kit-config.xml | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +commit d941244aaf0cf142fee986eb914c2767f564dc14 +Author: Stef Walter +Date: 2011-06-09 + + By default use /etc/pkcs11 for system configs and not ${prefix} + + * Packagers can override this with the --with-pkcs11-dir configure arg. + + configure.ac | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +commit 4bb63ced295ddd64a019ae49cfae191524a34f07 +Author: Stef Walter +Date: 2011-06-09 + + Complete documentation for message functionality. + + doc/p11-kit-docs.sgml | 1 + + doc/p11-kit-sections.txt | 6 ++++++ + p11-kit/modules.c | 15 +++++++++++++++ + p11-kit/util.c | 29 +++++++++++++++++++++++++++++ + 4 files changed, 51 insertions(+) + +commit d6463e70eeb0ad3d93788a3e0f13e2007be54c50 +Author: Stef Walter +Date: 2011-06-09 + + Complete testing of global config files and directories. + + tests/conf-test.c | 262 +++++++++++++++++++++++++++++++++++ + tests/files/system-modules/one | 3 + + tests/files/system-modules/two | 3 + + tests/files/test-system-invalid.conf | 3 + + tests/files/test-system-merge.conf | 7 + + tests/files/test-system-none.conf | 8 ++ + tests/files/test-system-only.conf | 8 ++ + tests/files/test-user-invalid.conf | 3 + + tests/files/test-user-only.conf | 4 + + tests/files/test-user.conf | 3 + + tests/files/user-modules/one | 2 + + tests/files/user-modules/three | 3 + + 12 files changed, 309 insertions(+) + +commit 48a08272bfcc0153887b850b4ea82e8fb7d8f1ae +Author: Stef Walter +Date: 2011-06-09 + + Store last failure message per thread. + + * Add p11_kit_message() function to get last message. + + doc/p11-kit-config.xml | 2 +- + p11-kit/Makefile.am | 3 +- + p11-kit/conf.c | 22 +++++++------ + p11-kit/modules.c | 46 +++++++++++++++++++------- + p11-kit/p11-kit.h | 8 +++++ + p11-kit/private.h | 6 ++-- + p11-kit/util.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++--- + tests/Makefile.am | 3 +- + tests/conf-test.c | 13 ++++---- + 9 files changed, 151 insertions(+), 39 deletions(-) + +commit 21333019a5afceb5f07637fb50b784a4ecd9f9ff +Author: Stef Walter +Date: 2011-06-08 + + Refactor configuration + + * Move configuration loading into conf.c + * Have user modules with same name merge/override modules in system. + + p11-kit/Makefile.am | 2 +- + p11-kit/conf.c | 429 +++++++++++++++++++++++++++++++++++++++++++++++----- + p11-kit/conf.h | 24 ++- + p11-kit/hash.c | 117 ++++++++------ + p11-kit/hash.h | 10 +- + p11-kit/modules.c | 366 ++++++++------------------------------------ + p11-kit/private.h | 11 ++ + p11-kit/util.c | 17 +++ + tests/conf-test.c | 40 +++-- + 9 files changed, 610 insertions(+), 406 deletions(-) + +commit 7c1edab7e6c1c6939ecdeaefc5f006772298f9eb +Author: Stef Walter +Date: 2011-06-08 + + Ignore files without a 'module' value. + + * Just skip loading these. + + p11-kit/modules.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +commit d6b8300fe9bae0595aaf894c5d98aa7c72209e38 +Author: Stef Walter +Date: 2011-06-07 + + Bump version number. + + configure.ac | 6 +++++- + po/p11-kit.pot | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +commit 5b77fb058c43e6b0b631e1c7df41994cc41cd2ac +Author: Stef Walter +Date: 2011-06-07 + + Make target for uploading release. + + Makefile.am | 3 +++ + 1 file changed, 3 insertions(+) + +commit bfac05a80d66668a617386e7fdf569b5eb381a93 +Author: Stef Walter +Date: 2011-06-07 + + Release version 0.1 + + p11-kit/Makefile.am | 3 +++ + po/p11-kit.pot | 5 +++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +commit cab38f1cb262e7922098fdb03c2c5828f5f003a1 +Author: Stef Walter +Date: 2011-06-07 + + Fix up documentation + + doc/p11-kit-sections.txt | 5 ++++- + p11-kit/util.c | 41 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 45 insertions(+), 1 deletion(-) + +commit b9a8a140cf09780671402e872130a51ec4f4b014 +Author: Stef Walter +Date: 2011-06-07 + + Add p11_kit_space_strdup() function, and rename p11_kit_space_strlen() + + * Print out module info in p11-kit tool. + + p11-kit/p11-kit.h | 6 ++++++ + p11-kit/uri.c | 15 ++------------- + p11-kit/uri.h | 3 --- + p11-kit/util.c | 34 ++++++++++++++++++++++++++++++++++ + tools/p11-kit.c | 28 +++++++++++++++++++++++++++- + 5 files changed, 69 insertions(+), 17 deletions(-) + +commit b315f99c90d01104d6baa91ca0f2cfb32c920abd +Author: Stef Walter +Date: 2011-06-07 + + Fix more memory errors and leaks in module code. + + p11-kit/modules.c | 16 ++++++++++++---- + tools/p11-kit.c | 3 +++ + 2 files changed, 15 insertions(+), 4 deletions(-) + +commit 7f5d2e9471872d8c1cf7181ba647c1dc74e2c6dd +Author: Stef Walter +Date: 2011-06-07 + + Free string output of conf-test + + tests/conf-test.c | 1 + + 1 file changed, 1 insertion(+) + +commit fb8b8cada7bad73acf936c1dee2e7b1be64e3513 +Author: Stef Walter +Date: 2011-06-07 + + Fix URI parsing memory leaks. + + p11-kit/uri.c | 1 + + tests/uri-test.c | 1 + + 2 files changed, 2 insertions(+) + +commit 7c410200143b72a5976d228d75aab59f8b965fe9 +Author: Stef Walter +Date: 2011-06-07 + + Fix some hash leaks and bugs. + + p11-kit/hash.c | 20 ++++++++++++-------- + tests/hash-test.c | 39 +++++++++++++++++++++++++++++++++++++-- + 2 files changed, 49 insertions(+), 10 deletions(-) + +commit 0f09803ba95bcdfebf4bde509b43b3ca52cd9d3f +Author: Stef Walter +Date: 2011-06-07 + + Fix compiler warnings. + + p11-kit/hash.c | 2 +- + tests/uri-test.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +commit a5d3e34397d847a0c9b2e3aab7bd9f0b1080af05 +Author: Stef Walter +Date: 2011-06-07 + + Remove unstable API markers. + + p11-kit/Makefile.am | 3 --- + p11-kit/p11-kit.h | 9 --------- + p11-kit/uri.h | 9 --------- + tests/Makefile.am | 3 +-- + tools/Makefile.am | 3 +-- + 5 files changed, 2 insertions(+), 25 deletions(-) + +commit edf0b9584f1038797758b4ed878e1d9f48beda9f +Author: Stef Walter +Date: 2011-06-06 + + Modernize autotools setup. + + .gitignore | 1 + + configure.ac | 13 ++++++------- + 2 files changed, 7 insertions(+), 7 deletions(-) + +commit 0bd6cf376133f300edff57835eb95f7577d68792 +Author: Stef Walter +Date: 2011-05-30 + + Clear correct block of memory in p11_kit_uri_parse(). + + p11-kit/uri.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 6f1e963901ca7aff7af6bec376af00f892cbb9ca +Author: Stef Walter +Date: 2011-05-30 + + GNU style definitions in uri.h as well as normal. + + p11-kit/uri.h | 26 ++++++++++++++------------ + 1 file changed, 14 insertions(+), 12 deletions(-) + +commit 82ca953733a651216125608d5ca7f9aa8005095e +Author: Stef Walter +Date: 2011-05-30 + + Cleanup URI types + + * Support with/without library version. + * Make names of types clearer. + + p11-kit/uri.c | 63 ++++++++++++++++++++++++++++++------------ + p11-kit/uri.h | 18 +++++++++--- + tests/uri-test.c | 84 ++++++++++++++++++++++++++++---------------------------- + 3 files changed, 101 insertions(+), 64 deletions(-) + +commit e19300129d3fe21c9e3af1a7f95ccf3eb5315199 +Author: Stef Walter +Date: 2011-05-30 + + Set the return value properly in p11_kit_load_initialize_module() + + p11-kit/modules.c | 3 +++ + 1 file changed, 3 insertions(+) + +commit b3b68fcb1d3fc4958acc6f6528fb88e7c87b7512 +Author: Stef Walter +Date: 2011-05-30 + + Add function p11_kit_uri_space_strlen() for figuring out the length + of space terminated strings. + + doc/p11-kit-sections.txt | 1 + + p11-kit/uri.c | 6 +++--- + p11-kit/uri.h | 3 +++ + 3 files changed, 7 insertions(+), 3 deletions(-) + +commit 2aa964160a1615077db18b03a6c72c286c27791f +Author: Stef Walter +Date: 2011-05-30 + + Allow use with CRYPTOKI_GNU style use of PKCS#11 + + doc/p11-kit-sections.txt | 10 +++++++++- + p11-kit/p11-kit.h | 11 ++++++++++- + p11-kit/uri.c | 2 +- + p11-kit/uri.h | 14 +++++++++++++- + 4 files changed, 33 insertions(+), 4 deletions(-) + +commit cfeaf3de3d745d457feaba48c532d7a384d67341 +Author: Stef Walter +Date: 2011-05-27 + + Add p11_kit_load_initialize_module() function. + + * This function will load a module from a file path, and then + initialize it. + + doc/p11-kit-sections.txt | 1 + + p11-kit/modules.c | 167 ++++++++++++++++++++++++++++++++++++++++------- + p11-kit/p11-kit.h | 3 + + 3 files changed, 147 insertions(+), 24 deletions(-) + +commit f03252bf032b04ed7a5b98ea52e3c75d84dc0812 +Author: Stef Walter +Date: 2011-05-27 + + Rename module arguments from 'funcs' to 'module' + + p11-kit/modules.c | 244 +++++++++++++++++++++++++++--------------------------- + p11-kit/p11-kit.h | 8 +- + 2 files changed, 126 insertions(+), 126 deletions(-) + +commit 5d697e5ff8e3222bdb67d0ce8444b0323eeaba69 +Author: Stef Walter +Date: 2011-05-27 + + Fix up documentation + + doc/p11-kit-sections.txt | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +commit a2fbdb1a3cd9d137010182be43fdf4ff8491dd9f +Author: Stef Walter +Date: 2011-05-27 + + Fix problems with 'make distcheck' + + Makefile.am | 4 ++++ + doc/Makefile.am | 3 ++- + gtk-doc.make | 9 +++++---- + tests/Makefile.am | 8 ++++++-- + 4 files changed, 17 insertions(+), 7 deletions(-) + +commit ad14c9c4c1345fe01336fc0d5bfccd3fca248ce1 +Author: Stef Walter +Date: 2011-05-27 + + Fix uninitialized variable problem. + + p11-kit/proxy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit bdd6188e299405e16179906bc79f9fef2605176a +Author: Stef Walter +Date: 2011-05-27 + + Change around installation of headers, pkg-config, and file names + + * Install headers to ${prefix}/include/p11-kit-1/p11-kit/ + * This solves problems with other projects that have their own + pkcs11.h files. + * Change the pkg-config file name to p11-kit-1.pc + * Change the source file names. + + .gitignore | 6 +- + configure.ac | 4 +- + doc/Makefile.am | 4 +- + p11-kit/Makefile.am | 18 ++-- + p11-kit/debug.h | 4 +- + p11-kit/{p11-kit-messages.c => messages.c} | 0 + p11-kit/{p11-kit-lib.c => modules.c} | 2 +- + p11-kit/{p11-kit.pc.in => p11-kit-1.pc.in} | 2 +- + p11-kit/p11-kit.h | 2 +- + p11-kit/p11-kit.pc | 17 --- + p11-kit/{p11-kit-private.h => private.h} | 0 + p11-kit/{p11-kit-proxy.c => proxy.c} | 2 +- + p11-kit/{p11-kit-uri.c => uri.c} | 2 +- + p11-kit/{p11-kit-uri.h => uri.h} | 2 +- + po/POTFILES.in | 2 +- + po/p11-kit.pot | 164 ++++++++++++++--------------- + tests/uri-test.c | 2 +- + 17 files changed, 110 insertions(+), 123 deletions(-) + +commit 92f821b6883e700a97a18d244104dea1031f2dce +Author: Stef Walter +Date: 2011-05-26 + + Add functions for clearing and setting multiple attributes on URI. + + p11-kit/p11-kit-uri.c | 75 ++++++++++++++++++++++++++++++++++++--------------- + p11-kit/p11-kit-uri.h | 12 ++++++--- + tests/uri-test.c | 41 +++++++++++++++++++++++++--- + 3 files changed, 100 insertions(+), 28 deletions(-) + +commit c37d5dfaf0c2a5e70066fd1c9606b00329c3622a +Author: Stef Walter +Date: 2011-05-26 + + Return proper errors when NULL is passed to mutex functions. + + p11-kit/p11-kit-lib.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +commit 0542a87afdacd2c53da5d453b1d23e8a0dd91ea4 +Author: Stef Walter +Date: 2011-05-26 + + URI API fine tuning + + * Rework API for getting all the attributes, to match usage in PKCS#11 + * Add support for pinfile argument in URIs. + * Complete tests. + + p11-kit/p11-kit-uri.c | 365 ++++++++++++++++++++++++++++++-------------------- + p11-kit/p11-kit-uri.h | 9 +- + tests/uri-test.c | 103 ++++++++++++++ + 3 files changed, 328 insertions(+), 149 deletions(-) + +commit 7c2a8a5b3ad134b6e3093761d617936dcbd21adf +Author: Stef Walter +Date: 2011-05-25 + + Add p11_kit_uri_message() function. + + Gets messages for p11-kit error codes. + + p11-kit/debug.c | 1 + + p11-kit/debug.h | 3 ++- + p11-kit/p11-kit-uri.c | 38 ++++++++++++++++++++++++++++++++++++++ + p11-kit/p11-kit-uri.h | 2 ++ + 4 files changed, 43 insertions(+), 1 deletion(-) + +commit a01f4351e34fee946d1ffb81baa31a756e2851be +Author: Stef Walter +Date: 2011-05-24 + + Fix null pointer dereference. + + p11-kit/p11-kit-lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit e16a0a7183bd7c400ea3df12ad6ee1155a17634c +Author: Stef Walter +Date: 2011-04-05 + + Fix lots of bugs and add more debugging statements. + + p11-kit/conf.c | 3 ++- + p11-kit/p11-kit-lib.c | 51 +++++++++++++++++++++++++++++++++++++++++---------- + 2 files changed, 43 insertions(+), 11 deletions(-) + +commit 4d7cf526a352d7c9a02d05a308eef937b1a8987d +Author: Stef Walter +Date: 2011-04-05 + + Add basic tool for p11-kit. + + List modules: + $ p11-kit -l + + .gitignore | 2 + + Makefile.am | 1 + + configure.ac | 1 + + tools/Makefile.am | 12 ++++++ + tools/p11-kit.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 137 insertions(+) + +commit 6078d6d73bc2eb1dbf2283b37d9507297fefba9d +Author: Stef Walter +Date: 2011-04-05 + + Add support for debug tracing. + + Use P11_KIT_DEBUG=xxx environment variable to enable tracing. Must + have been built without --disable-debug option. + + P11_KIT_DEBUG can (at this point) be one of these values: + all + help + conf + lib + + .gitignore | 1 + + configure.ac | 23 ++++++--- + doc/Makefile.am | 2 +- + p11-kit/Makefile.am | 1 + + p11-kit/conf.c | 7 +++ + p11-kit/debug.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++ + p11-kit/debug.h | 93 ++++++++++++++++++++++++++++++++++ + p11-kit/p11-kit-lib.c | 17 ++++++- + 8 files changed, 272 insertions(+), 8 deletions(-) + +commit aada8e3d41c3be7cdc7e0994c7dff7c307fbbe7f +Author: Stef Walter +Date: 2011-04-01 + + Fix up copyright lines. + + p11-kit/conf.c | 4 ++-- + p11-kit/conf.h | 4 ++-- + p11-kit/hash.c | 4 ++-- + p11-kit/hash.h | 4 ++-- + p11-kit/p11-kit-lib.c | 2 +- + p11-kit/p11-kit-private.h | 2 +- + p11-kit/p11-kit-proxy.c | 2 +- + p11-kit/p11-kit-uri.h | 2 +- + p11-kit/p11-kit.h | 2 +- + p11-kit/util.c | 1 - + p11-kit/util.h | 1 - + 11 files changed, 13 insertions(+), 15 deletions(-) + +commit 579d40eff31c7a17cc4e4f07d26c6189619fee31 +Author: Stef Walter +Date: 2011-03-31 + + Add C++ header guards, and require API instability acknowledgement. + + p11-kit/Makefile.am | 3 +++ + p11-kit/p11-kit-uri.h | 23 ++++++++++++++++++++--- + p11-kit/p11-kit.h | 17 +++++++++++++++++ + tests/Makefile.am | 3 ++- + 4 files changed, 42 insertions(+), 4 deletions(-) + +commit cf988aa7858d249887ea0818301c7211bb3cab38 +Author: Stef Walter +Date: 2011-03-31 + + Support setting of CK_C_INITIALIZE_ARGS.pReserved to string. + + This is a naughty little thing that a lot of PKCS#11 modules require + to be properly initialized. So we support setting pReserved to a string + that is in the config under the 'x-init-reserved' parameter. + + p11-kit/p11-kit-lib.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +commit 540a00501ba682b420b143480d5864335cad6c71 +Author: Stef Walter +Date: 2011-03-31 + + Give reference chapter an explicit id. + + doc/p11-kit-docs.sgml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 52dab5cd52b19352e9f29b16c686fc545d2aadf1 +Author: Stef Walter +Date: 2011-03-31 + + Add make target for uploading docs. + + Makefile.am | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit a0ef9771b882bf2dc5bd56fcc6bcfdf47ed90feb +Author: Stef Walter +Date: 2011-03-31 + + Mix in other documentation. + + doc/Makefile.am | 2 +- + doc/p11-kit-config.xml | 10 ++++++---- + doc/p11-kit-docs.sgml | 12 ++++++++---- + ...p11-kit-multiple-problem.xml => p11-kit-sharing.xml} | 0 + doc/style.css | 17 ++++++++++------- + 5 files changed, 25 insertions(+), 16 deletions(-) + +commit ca1d8a09e05444de07a1ad722b57f5dcae042892 +Author: Stef Walter +Date: 2011-03-31 + + Fix up styling and tweaks. + + doc/style.css | 24 +++++++++++++++++------- + p11-kit/p11-kit-messages.c | 4 ++-- + 2 files changed, 19 insertions(+), 9 deletions(-) + +commit 17ebc007ed0376bdea50294201a637be982d68b7 +Author: Stef Walter +Date: 2011-03-31 + + Fix up styling of documentation. + + doc/p11-kit-docs.sgml | 2 +- + doc/style.css | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++ + gtk-doc.make | 4 ++- + 3 files changed, 74 insertions(+), 2 deletions(-) + +commit 479cbd55ee5739d3cd2566379575451dbecf4c54 +Author: Stef Walter +Date: 2011-03-31 + + Documentation and API cleanup. + + * Rename source directory + * More consistent with return values from URI functions. + * Allow formatting URI to take a uri type. + + .gitignore | 17 ++ + Makefile.am | 6 +- + configure.ac | 17 +- + doc/Makefile.am | 80 ++++++-- + doc/p11-kit-docs.sgml | 24 +++ + doc/p11-kit-overrides.txt | 0 + doc/p11-kit-sections.txt | 40 ++++ + doc/version.xml.in | 1 + + gtk-doc.make | 230 +++++++++++++++++++++ + {module => p11-kit}/Makefile.am | 1 - + {module => p11-kit}/conf.c | 0 + {module => p11-kit}/conf.h | 0 + {module => p11-kit}/hash.c | 1 - + {module => p11-kit}/hash.h | 0 + {module => p11-kit}/p11-kit-lib.c | 103 +++++++--- + {module => p11-kit}/p11-kit-messages.c | 16 +- + {module => p11-kit}/p11-kit-private.h | 0 + {module => p11-kit}/p11-kit-proxy.c | 0 + {module => p11-kit}/p11-kit-uri.c | 360 +++++++++++++++++++++++++++------ + {module => p11-kit}/p11-kit-uri.h | 25 +-- + {module => p11-kit}/p11-kit.h | 0 + p11-kit/p11-kit.pc | 17 ++ + {module => p11-kit}/p11-kit.pc.in | 0 + {module => p11-kit}/pkcs11.h | 0 + {module => p11-kit}/util.c | 0 + {module => p11-kit}/util.h | 0 + tests/Makefile.am | 8 +- + tests/uri-test.c | 82 ++++---- + 28 files changed, 857 insertions(+), 171 deletions(-) + +commit 6132cd99c39739ef5360e41e92f22d287007577e +Author: Stef Walter +Date: 2011-03-31 + + WIP + + module/p11-kit-lib.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++ + module/p11-kit-uri.c | 43 +++++++++++++++++++ + 2 files changed, 162 insertions(+) + +commit c45d9df39035dee8a3fff610d98ac3b4c245f1dc +Author: Stef Walter +Date: 2011-03-31 + + Fix for previous commit. + + Actually use the alloc_module_unlocked() function. + + module/p11-kit-lib.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +commit 9985957799fd7142125f1d2dd0fae4366ec83f32 +Author: Stef Walter +Date: 2011-03-31 + + Custom initialization and finalization arguments cannot be supported. + + When multiple consumers are using a PKCS#11 module, initialization + (and finalization) arguments cannot be supported. The first one calling + would win out, and the others would get unexpected behavior. + + module/p11-kit-lib.c | 193 ++++++++++++++++++++++++----------------------- + module/p11-kit-private.h | 4 +- + module/p11-kit-proxy.c | 4 +- + module/p11-kit.h | 6 +- + 4 files changed, 104 insertions(+), 103 deletions(-) + +commit 1104f03d9b34cc659838124e00ac864c35af4f82 +Author: Stef Walter +Date: 2011-03-03 + + Add info and copyright. + + doc/p11-kit.xml | 42 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 34 insertions(+), 8 deletions(-) + +commit d05a04968e07f6a2084ceb747938dc7cc049cb5f +Author: Stef Walter +Date: 2011-03-03 + + The start of some documentation. + + .gitignore | 2 + + Makefile.am | 2 +- + configure.ac | 1 + + doc/Makefile.am | 22 ++++++++ + doc/docbook-params.xsl | 39 +++++++++++++ + doc/p11-kit-config.xml | 119 +++++++++++++++++++++++++++++++++++++++ + doc/p11-kit-multiple-problem.xml | 92 ++++++++++++++++++++++++++++++ + doc/p11-kit.xml | 11 ++++ + 8 files changed, 287 insertions(+), 1 deletion(-) + +commit 25cbc9b3293f2c6df38bd0528b89101e5e547321 +Author: Stef Walter +Date: 2011-02-21 + + Add uri function for listing which attribute types are present. + + module/p11-kit-uri.c | 24 +++++++++++++++++++++++- + module/p11-kit-uri.h | 3 +++ + 2 files changed, 26 insertions(+), 1 deletion(-) + +commit ff7db14f0acae463165377f2d4b999e566298b40 +Author: Stef Walter +Date: 2011-02-21 + + Fix bug where we try to dlclose() modules we didn't load. + + module/p11-kit-lib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +commit 1d9ca2ddb4df85b7235ec78e4996cf2d1fd775a2 +Author: Stef Walter +Date: 2011-02-19 + + Reference implementation of PKCS#11 URIs + + .gitignore | 1 + + module/Makefile.am | 3 + + module/p11-kit-proxy.c | 14 +- + module/p11-kit-uri.c | 886 ++++++++++++++++++++++++++++++++++++++++ + module/p11-kit-uri.h | 101 +++++ + module/p11-kit.h | 2 + + module/util.c | 51 +++ + module/util.h | 45 +++ + tests/Makefile.am | 7 +- + tests/uri-test.c | 1050 ++++++++++++++++++++++++++++++++++++++++++++++++ + 10 files changed, 2146 insertions(+), 14 deletions(-) + +commit 65509aa3a7c35d8bd5a947ca87c14d4de11deb21 +Author: Stef Walter +Date: 2011-02-18 + + Add p11_kit_strerror() method and internationalization. + + .gitignore | 5 + + ABOUT-NLS | 1281 +++++++++++++++++++++++++++++++++++++++++++++ + Makefile.am | 4 +- + configure.ac | 4 + + module/Makefile.am | 14 +- + module/p11-kit-lib.c | 4 +- + module/p11-kit-messages.c | 234 +++++++++ + module/p11-kit.h | 2 + + po/Makefile.in.in | 444 ++++++++++++++++ + po/Makevars | 41 ++ + po/POTFILES.in | 2 + + po/Rules-quot | 47 ++ + po/boldquot.sed | 10 + + po/en@boldquot.header | 25 + + po/en@quot.header | 22 + + po/insert-header.sin | 23 + + po/p11-kit.pot | 342 ++++++++++++ + po/quot.sed | 6 + + po/remove-potcdate.sin | 19 + + 19 files changed, 2523 insertions(+), 6 deletions(-) + +commit 5cc83571c3e0e212f4d84b05bb15088409d9c752 +Author: Stef Walter +Date: 2011-02-17 + + Properly read user-config setting. + + * Unless the system 'user-config' setting is 'none' we allow + the user to override or merge all settings, including the + 'user-config' setting. + + module/p11-kit-lib.c | 187 ++++++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 146 insertions(+), 41 deletions(-) + +commit 80fe1806941d555433f3a1c97ab116dd281041e0 +Author: Stef Walter +Date: 2011-02-17 + + Add a proper pkg-config file. + + .gitignore | 2 ++ + configure.ac | 25 ++++++++++++++----------- + module/Makefile.am | 10 +++++----- + module/p11-kit.pc.in | 17 +++++++++++++++++ + 4 files changed, 38 insertions(+), 16 deletions(-) + +commit c03b1023835887569315fbec6295be3cc0f4cf42 +Author: Stef Walter +Date: 2011-02-17 + + Only allow colon between name and value. + + module/conf.c | 4 ++-- + tests/files/test-1.conf | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +commit 14dfb79ca65dd80e117103c4f8852ae2b4a419a0 +Author: Stef Walter +Date: 2011-01-30 + + Configuration tests. + + .gitignore | 1 + + module/conf.c | 25 ++++++---- + module/conf.h | 6 +-- + module/p11-kit-lib.c | 8 ++-- + tests/Makefile.am | 13 ++++-- + tests/conf-test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++ + tests/files/test-1.conf | 6 +++ + 7 files changed, 158 insertions(+), 22 deletions(-) + +commit 4375e297b19bc2177e17cc5616e75d96be053328 +Author: Stef Walter +Date: 2011-01-26 + + Add testing and start testing hash table functionality. + + .gitignore | 8 + + Makefile.am | 12 +- + configure.ac | 42 ++++++ + module/Makefile.am | 16 +- + module/hash.c | 15 ++ + module/hash.h | 5 + + tests/Makefile.am | 17 +++ + tests/cutest/CuTest.c | 339 ++++++++++++++++++++++++++++++++++++++++++ + tests/cutest/CuTest.h | 116 +++++++++++++++ + tests/cutest/README.txt | 211 ++++++++++++++++++++++++++ + tests/cutest/license.txt | 38 +++++ + tests/hash-test.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++ + 12 files changed, 1191 insertions(+), 5 deletions(-) + +commit f8009b4d504de0ed752b867893acd263108409e0 +Author: Stef Walter +Date: 2011-01-24 + + Reinitialize modules after fork(). + + module/p11-kit-lib.c | 51 ++++++++++++++++++++++++++++++++++++++++++++---- + module/p11-kit-private.h | 1 + + module/p11-kit-proxy.c | 18 +++++++++++++++++ + 3 files changed, 66 insertions(+), 4 deletions(-) + +commit b2b0acbc5789823a33de9eabec10e2b8656f3632 +Author: Stef Walter +Date: 2011-01-24 + + Initial implementation with new config system. + + configure.ac | 3 +- + module/Makefile.am | 10 +- + module/conf.c | 240 ++++++++++ + module/conf.h | 51 +++ + module/hash.c | 512 +++++++++++---------- + module/hash.h | 110 +++-- + module/p11-kit-lib.c | 810 ++++++++++++++++++++++++++++++++++ + module/p11-kit-private.h | 51 +++ + module/{p11-kit.c => p11-kit-proxy.c} | 696 ++--------------------------- + module/p11-kit.h | 12 +- + 10 files changed, 1558 insertions(+), 937 deletions(-) + +commit 5a53e44a73d4fb62483e890fe348ea40d27ef573 +Author: Stef Walter +Date: 2011-01-24 + + Rename to p11-kit. + + A less pretentios, better description of what's going on. + + ChangeLog | 2 +- + configure.ac | 4 +- + module/Makefile.am | 8 +- + module/{p11-unity.c => p11-kit.c} | 312 +++++++++++++++++++------------------- + module/{p11-unity.h => p11-kit.h} | 28 ++-- + 5 files changed, 177 insertions(+), 177 deletions(-) + +commit 492c2ff7c191e5df75140a47e4e43fa25fd16023 +Author: Stef Walter +Date: 2011-01-22 + + Rework public library API so that we can initialize arbitrary + modules. + + module/p11-unity.c | 752 ++++++++++++++++++++++++++++++++++------------------- + module/p11-unity.h | 21 +- + 2 files changed, 502 insertions(+), 271 deletions(-) + +commit c2a5aaf7baf4bcc006674a1938205f93028b8ab0 +Author: Stef Walter +Date: 2011-01-22 + + Rough idea of possible library functions. + + configure.ac | 5 +- + module/p11-unity.c | 307 ++++++++++++++++++++++++++++++++++++++++++++--------- + module/p11-unity.h | 56 ++++++++++ + 3 files changed, 314 insertions(+), 54 deletions(-) + +commit a50ba779ff3e0a5d4f35fb2b6ab525a423575cc4 +Author: Stef Walter +Date: 2011-01-20 + + Initial implementation of p11-unity + + .gitignore | 31 ++ + AUTHORS | 1 + + COPYING | 47 ++ + ChangeLog | 31 ++ + Makefile.am | 18 + + NEWS | 2 + + README | 1 + + autogen.sh | 21 + + configure.ac | 90 +++ + module/Makefile.am | 18 + + module/hash.c | 400 ++++++++++++++ + module/hash.h | 158 ++++++ + module/p11-unity.c | 1543 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + module/pkcs11.h | 1357 +++++++++++++++++++++++++++++++++++++++++++++ + 14 files changed, 3718 insertions(+) diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..e0fa26f --- /dev/null +++ b/Makefile.am @@ -0,0 +1,122 @@ + +NULL = + +AM_CPPFLAGS = \ + -I$(top_srcdir) \ + -I$(top_srcdir)/common \ + -DBINDIR=\"$(bindir)\" \ + -DBUILDDIR=\"$(abs_builddir)\" \ + -DDATA_DIR=\"$(datadir)\" \ + -DPRIVATEDIR=\"$(privatedir)\" \ + -DSRCDIR=\"$(abs_srcdir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DP11_KIT_FUTURE_UNSTABLE_API + +bin_PROGRAMS = +private_PROGRAMS = +check_PROGRAMS = $(c_tests) +check_SCRIPTS = $(sh_tests) +check_LTLIBRARIES = + +SUFFIXES = + +BUILT_SOURCES = + +CLEANFILES = + +EXTRA_DIST = CONTRIBUTING.md meson.build meson_options.txt po/meson.build \ + doc/manual/meson.build doc/manual/userdir.xml.in \ + doc/manual/sysdir.xml.in doc/manual/version.xml.in \ + bash-completion + +incdir = $(includedir)/p11-kit-1/p11-kit +inc_HEADERS = + +lib_LTLIBRARIES = + +noinst_LTLIBRARIES = +noinst_PROGRAMS = +noinst_SCRIPTS = + +c_tests = +sh_tests = +TESTS = $(c_tests) $(sh_tests) + +moduledir = $(p11_module_path) +module_LTLIBRARIES = + +bashcomp_DATA = + +include common/Makefile.am +include p11-kit/Makefile.am + +if WITH_TRUST_MODULE +include trust/Makefile.am +endif + +SUBDIRS = . doc po + +ACLOCAL_AMFLAGS = -I build/m4 + +DISTCHECK_CONFIGURE_FLAGS = \ + --enable-doc \ + --without-systemd \ + --without-bash-completion \ + --disable-coverage \ + --enable-strict \ + CFLAGS='-O2' + +AM_TESTS_ENVIRONMENT = \ + abs_top_builddir="$(abs_top_builddir)"; \ + export abs_top_builddir; \ + P11_MODULE_PATH="$(abs_top_builddir)/.libs"; \ + export P11_MODULE_PATH; +AM_TESTS_FD_REDIRECT = 9>&2; + +LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \ + $(top_srcdir)/build/litter/tap-driver.sh +LOG_DRIVER_FLAGS = --comments --ignore-exit + +MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet + +LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes + +HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind + +memcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS + +leakcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS + +hellcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS + +dist-hook: + @if test -d "$(srcdir)/.git"; \ + then \ + echo Creating ChangeLog && \ + ( cd "$(top_srcdir)" && \ + echo '# Generate automatically. Do not edit.'; echo; \ + $(top_srcdir)/build/litter/missing --run git log --stat --date=short ) > ChangeLog.tmp \ + && mv -f ChangeLog.tmp $(top_distdir)/ChangeLog \ + || ( rm -f ChangeLog.tmp ; \ + echo Failed to generate ChangeLog >&2 ); \ + else \ + echo A git clone is required to generate a ChangeLog >&2; \ + fi + +if WITH_COVERAGE +coverage: + mkdir -p build/coverage + $(LCOV) --directory . --zerocounters + $(MAKE) check + $(LCOV) --directory . --capture --output-file build/coverage.info + $(GENHTML) --output-directory build/coverage \ + --title "p11-kit $(PACKAGE_VERSION)" \ + build/coverage.info + @echo "file://$(abs_top_builddir)/build/coverage/index.html" +endif + +transifex: + cd $(srcdir) && sh build/tx-update diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..119722d --- /dev/null +++ b/Makefile.in @@ -0,0 +1,6272 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + + + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = p11-kit/p11-kit$(EXEEXT) $(am__EXEEXT_1) +private_PROGRAMS = p11-kit/p11-kit-remote$(EXEEXT) \ + p11-kit/p11-kit-server$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_5) common/frob-getauxval$(EXEEXT) \ + common/frob-getenv$(EXEEXT) $(am__EXEEXT_2) $(am__EXEEXT_6) \ + p11-kit/p11-kit-remote-testable$(EXEEXT) \ + p11-kit/p11-kit-server-testable$(EXEEXT) \ + p11-kit/print-messages$(EXEEXT) p11-kit/frob-setuid$(EXEEXT) \ + $(am__EXEEXT_7) +noinst_PROGRAMS = +TESTS = $(am__EXEEXT_5) $(sh_tests) +@OS_WIN32_FALSE@am__append_1 = \ +@OS_WIN32_FALSE@ common/unix-peer.c common/unix-peer.h \ +@OS_WIN32_FALSE@ $(NULL) + +@OS_WIN32_FALSE@am__append_2 = common/frob-getprogname +@HAVE_LD_VERSION_SCRIPT_TRUE@am__append_3 = -Wl,--version-script=$(srcdir)/p11-kit/libp11-kit.map +@HAVE_LD_VERSION_SCRIPT_FALSE@am__append_4 = -export-symbols-regex '^C_GetFunctionList|^p11_kit_' +@OS_WIN32_FALSE@am__append_5 = \ +@OS_WIN32_FALSE@ p11-kit-client.la + +@WITH_BASH_COMPLETION_TRUE@am__append_6 = bash-completion/p11-kit +@WITH_SYSTEMD_TRUE@am__append_7 = p11-kit/p11-kit-server.service +@OS_WIN32_FALSE@am__append_8 = test-server +@OS_WIN32_FALSE@am__append_9 = p11-kit/test-server.sh +@OS_WIN32_FALSE@am__append_10 = mock-six.la +@WITH_TRUST_MODULE_TRUE@am__append_11 = \ +@WITH_TRUST_MODULE_TRUE@ libtrust-data.la \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@am__append_12 = libtrust-testable.la $(NULL) \ +@WITH_TRUST_MODULE_TRUE@ libtrust-test.la +@WITH_TRUST_MODULE_TRUE@am__append_13 = \ +@WITH_TRUST_MODULE_TRUE@ p11-kit-trust.la + +@WITH_TRUST_MODULE_TRUE@am__append_14 = trust/trust +@WITH_BASH_COMPLETION_TRUE@@WITH_TRUST_MODULE_TRUE@am__append_15 = bash-completion/trust +@WITH_TRUST_MODULE_TRUE@am__append_16 = trust/p11-kit-trust.module \ +@WITH_TRUST_MODULE_TRUE@ trust/meson.build trust/basic.asn \ +@WITH_TRUST_MODULE_TRUE@ trust/openssl.asn trust/pkix.asn \ +@WITH_TRUST_MODULE_TRUE@ trust/input trust/fixtures \ +@WITH_TRUST_MODULE_TRUE@ trust/test-extract.sh \ +@WITH_TRUST_MODULE_TRUE@ trust/test-trust.sh $(NULL) +@WITH_TRUST_MODULE_TRUE@am__append_17 = .asn .asn.h +@WITH_TRUST_MODULE_TRUE@am__append_18 = $(asn_h) +@WITH_TRUST_MODULE_TRUE@am__append_19 = \ +@WITH_TRUST_MODULE_TRUE@ test-digest \ +@WITH_TRUST_MODULE_TRUE@ test-asn1 \ +@WITH_TRUST_MODULE_TRUE@ test-base64 \ +@WITH_TRUST_MODULE_TRUE@ test-pem \ +@WITH_TRUST_MODULE_TRUE@ test-oid \ +@WITH_TRUST_MODULE_TRUE@ test-utf8 \ +@WITH_TRUST_MODULE_TRUE@ test-x509 \ +@WITH_TRUST_MODULE_TRUE@ test-persist \ +@WITH_TRUST_MODULE_TRUE@ test-index \ +@WITH_TRUST_MODULE_TRUE@ test-parser \ +@WITH_TRUST_MODULE_TRUE@ test-builder \ +@WITH_TRUST_MODULE_TRUE@ test-token \ +@WITH_TRUST_MODULE_TRUE@ test-module \ +@WITH_TRUST_MODULE_TRUE@ test-save \ +@WITH_TRUST_MODULE_TRUE@ test-enumerate \ +@WITH_TRUST_MODULE_TRUE@ test-cer \ +@WITH_TRUST_MODULE_TRUE@ test-bundle \ +@WITH_TRUST_MODULE_TRUE@ test-openssl \ +@WITH_TRUST_MODULE_TRUE@ test-edk2 \ +@WITH_TRUST_MODULE_TRUE@ test-jks \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@am__append_20 = \ +@WITH_TRUST_MODULE_TRUE@ frob-pow \ +@WITH_TRUST_MODULE_TRUE@ frob-token \ +@WITH_TRUST_MODULE_TRUE@ frob-nss-trust \ +@WITH_TRUST_MODULE_TRUE@ frob-cert \ +@WITH_TRUST_MODULE_TRUE@ frob-bc \ +@WITH_TRUST_MODULE_TRUE@ frob-ku \ +@WITH_TRUST_MODULE_TRUE@ frob-eku \ +@WITH_TRUST_MODULE_TRUE@ frob-ext \ +@WITH_TRUST_MODULE_TRUE@ frob-oid \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@am__append_21 = trust/test-extract.sh trust/test-trust.sh +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \ + $(top_srcdir)/build/m4/host-cpu-c-abi.m4 \ + $(top_srcdir)/build/m4/iconv.m4 \ + $(top_srcdir)/build/m4/intlmacosx.m4 \ + $(top_srcdir)/build/m4/ld-version-script.m4 \ + $(top_srcdir)/build/m4/lib-ld.m4 \ + $(top_srcdir)/build/m4/lib-link.m4 \ + $(top_srcdir)/build/m4/lib-prefix.m4 \ + $(top_srcdir)/build/m4/libtool.m4 \ + $(top_srcdir)/build/m4/ltoptions.m4 \ + $(top_srcdir)/build/m4/ltsugar.m4 \ + $(top_srcdir)/build/m4/ltversion.m4 \ + $(top_srcdir)/build/m4/lt~obsolete.m4 \ + $(top_srcdir)/build/m4/nls.m4 $(top_srcdir)/build/m4/po.m4 \ + $(top_srcdir)/build/m4/progtest.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(inc_HEADERS) $(am__DIST_COMMON) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example \ + trust/trust-extract-compat trust/test-init.sh +CONFIG_CLEAN_VPATH_FILES = +@WITH_TRUST_MODULE_TRUE@am__EXEEXT_1 = trust/trust$(EXEEXT) +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(privatedir)" \ + "$(DESTDIR)$(libdir)" "$(DESTDIR)$(moduledir)" \ + "$(DESTDIR)$(externaldir)" "$(DESTDIR)$(bashcompdir)" \ + "$(DESTDIR)$(configdir)" "$(DESTDIR)$(exampledir)" \ + "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(systemduserunitdir)" \ + "$(DESTDIR)$(incdir)" +am__EXEEXT_2 = +@OS_WIN32_FALSE@am__EXEEXT_3 = test-server$(EXEEXT) +@WITH_TRUST_MODULE_TRUE@am__EXEEXT_4 = test-digest$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-asn1$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-base64$(EXEEXT) test-pem$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-oid$(EXEEXT) test-utf8$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-x509$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-persist$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-index$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-parser$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-builder$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-token$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-module$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-save$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-enumerate$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-cer$(EXEEXT) test-bundle$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-openssl$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ test-edk2$(EXEEXT) test-jks$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ $(am__EXEEXT_2) +am__EXEEXT_5 = test-tests$(EXEEXT) test-compat$(EXEEXT) \ + test-hash$(EXEEXT) test-dict$(EXEEXT) test-array$(EXEEXT) \ + test-constants$(EXEEXT) test-attrs$(EXEEXT) \ + test-buffer$(EXEEXT) test-url$(EXEEXT) test-path$(EXEEXT) \ + test-lexer$(EXEEXT) test-message$(EXEEXT) test-argv$(EXEEXT) \ + test-runtime$(EXEEXT) $(am__EXEEXT_2) test-progname$(EXEEXT) \ + test-util$(EXEEXT) test-conf$(EXEEXT) test-uri$(EXEEXT) \ + test-pin$(EXEEXT) test-init$(EXEEXT) test-modules$(EXEEXT) \ + test-deprecated$(EXEEXT) test-proxy$(EXEEXT) \ + test-iter$(EXEEXT) test-rpc$(EXEEXT) $(am__EXEEXT_2) \ + $(am__EXEEXT_3) test-virtual$(EXEEXT) test-managed$(EXEEXT) \ + test-log$(EXEEXT) test-filter$(EXEEXT) test-transport$(EXEEXT) \ + $(am__EXEEXT_2) $(am__EXEEXT_4) +@OS_WIN32_FALSE@am__EXEEXT_6 = common/frob-getprogname$(EXEEXT) +@WITH_TRUST_MODULE_TRUE@am__EXEEXT_7 = frob-pow$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ frob-token$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ frob-nss-trust$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ frob-cert$(EXEEXT) frob-bc$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ frob-ku$(EXEEXT) frob-eku$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ frob-ext$(EXEEXT) frob-oid$(EXEEXT) \ +@WITH_TRUST_MODULE_TRUE@ $(am__EXEEXT_2) +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) $(private_PROGRAMS) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +LTLIBRARIES = $(lib_LTLIBRARIES) $(module_LTLIBRARIES) \ + $(noinst_LTLIBRARIES) +libp11_common_la_LIBADD = +am__dirstamp = $(am__leading_dot)dirstamp +am__objects_1 = +am_libp11_common_la_OBJECTS = common/argv.lo common/attrs.lo \ + common/array.lo common/buffer.lo common/compat.lo \ + common/constants.lo common/debug.lo common/dict.lo \ + common/hash.lo common/lexer.lo common/message.lo \ + common/path.lo common/runtime.lo common/url.lo common/vsock.lo \ + $(am__objects_1) +libp11_common_la_OBJECTS = $(am_libp11_common_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libp11_kit_internal_la_LIBADD = +am__objects_2 = $(am__objects_1) $(am__objects_1) +am__objects_3 = p11-kit/libp11_kit_internal_la-util.lo \ + p11-kit/libp11_kit_internal_la-conf.lo \ + p11-kit/libp11_kit_internal_la-iter.lo \ + p11-kit/libp11_kit_internal_la-log.lo \ + p11-kit/libp11_kit_internal_la-filter.lo \ + p11-kit/libp11_kit_internal_la-modules.lo \ + p11-kit/libp11_kit_internal_la-pin.lo \ + p11-kit/libp11_kit_internal_la-messages.lo \ + p11-kit/libp11_kit_internal_la-rpc-transport.lo \ + p11-kit/libp11_kit_internal_la-rpc-message.lo \ + p11-kit/libp11_kit_internal_la-rpc-client.lo \ + p11-kit/libp11_kit_internal_la-uri.lo \ + p11-kit/libp11_kit_internal_la-virtual.lo $(am__objects_2) +am_libp11_kit_internal_la_OBJECTS = $(am__objects_3) +libp11_kit_internal_la_OBJECTS = $(am_libp11_kit_internal_la_OBJECTS) +libp11_kit_internal_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) \ + $(libp11_kit_internal_la_LDFLAGS) $(LDFLAGS) -o $@ +libp11_kit_pkcs11_gnu_la_LIBADD = +am__objects_4 = p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo \ + p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo \ + p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo $(am__objects_1) +am_libp11_kit_pkcs11_gnu_la_OBJECTS = $(am__objects_4) +libp11_kit_pkcs11_gnu_la_OBJECTS = \ + $(am_libp11_kit_pkcs11_gnu_la_OBJECTS) +libp11_kit_pkcs11_gnu_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) \ + $(libp11_kit_pkcs11_gnu_la_LDFLAGS) $(LDFLAGS) -o $@ +am__DEPENDENCIES_1 = +am__DEPENDENCIES_2 = libp11-common.la libp11-library.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +libp11_kit_testable_la_DEPENDENCIES = $(am__DEPENDENCIES_2) +am__objects_5 = p11-kit/libp11_kit_testable_la-util.lo \ + p11-kit/libp11_kit_testable_la-conf.lo \ + p11-kit/libp11_kit_testable_la-iter.lo \ + p11-kit/libp11_kit_testable_la-log.lo \ + p11-kit/libp11_kit_testable_la-filter.lo \ + p11-kit/libp11_kit_testable_la-modules.lo \ + p11-kit/libp11_kit_testable_la-pin.lo \ + p11-kit/libp11_kit_testable_la-messages.lo \ + p11-kit/libp11_kit_testable_la-rpc-transport.lo \ + p11-kit/libp11_kit_testable_la-rpc-message.lo \ + p11-kit/libp11_kit_testable_la-rpc-client.lo \ + p11-kit/libp11_kit_testable_la-uri.lo \ + p11-kit/libp11_kit_testable_la-virtual.lo $(am__objects_2) +am__objects_6 = $(am__objects_5) +am__objects_7 = p11-kit/libp11_kit_testable_la-proxy.lo \ + p11-kit/libp11_kit_testable_la-proxy-init.lo \ + p11-kit/libp11_kit_testable_la-rpc-server.lo $(am__objects_1) +am_libp11_kit_testable_la_OBJECTS = $(am__objects_6) $(am__objects_7) \ + $(am__objects_1) +libp11_kit_testable_la_OBJECTS = $(am_libp11_kit_testable_la_OBJECTS) +libp11_kit_testable_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) \ + $(libp11_kit_testable_la_LDFLAGS) $(LDFLAGS) -o $@ +libp11_kit_la_DEPENDENCIES = libp11-kit-internal.la \ + $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +am_libp11_kit_la_OBJECTS = p11-kit/libp11_kit_la-proxy.lo \ + p11-kit/libp11_kit_la-proxy-init.lo \ + p11-kit/libp11_kit_la-rpc-server.lo $(am__objects_1) +libp11_kit_la_OBJECTS = $(am_libp11_kit_la_OBJECTS) +libp11_kit_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libp11_kit_la_CFLAGS) \ + $(CFLAGS) $(libp11_kit_la_LDFLAGS) $(LDFLAGS) -o $@ +libp11_library_la_LIBADD = +am_libp11_library_la_OBJECTS = common/library.lo $(am__objects_1) +libp11_library_la_OBJECTS = $(am_libp11_library_la_OBJECTS) +libp11_test_la_LIBADD = +am_libp11_test_la_OBJECTS = common/mock.lo common/test.lo \ + $(am__objects_1) +libp11_test_la_OBJECTS = $(am_libp11_test_la_OBJECTS) +libp11_tool_la_LIBADD = +am__libp11_tool_la_SOURCES_DIST = common/tool.c common/tool.h \ + common/unix-peer.c common/unix-peer.h +@OS_WIN32_FALSE@am__objects_8 = common/unix-peer.lo $(am__objects_1) +am_libp11_tool_la_OBJECTS = common/tool.lo $(am__objects_1) \ + $(am__objects_8) +libp11_tool_la_OBJECTS = $(am_libp11_tool_la_OBJECTS) +@WITH_TRUST_MODULE_TRUE@libtrust_data_la_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) +am__libtrust_data_la_SOURCES_DIST = trust/asn1.c trust/asn1.h \ + trust/base64.c trust/base64.h trust/pem.c trust/pem.h \ + trust/oid.c trust/oid.h trust/utf8.c trust/utf8.h trust/x509.c \ + trust/x509.h trust/basic.asn.h trust/openssl.asn.h \ + trust/pkix.asn.h +@WITH_TRUST_MODULE_TRUE@am_libtrust_data_la_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_data_la-asn1.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_data_la-base64.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_data_la-pem.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_data_la-oid.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_data_la-utf8.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_data_la-x509.lo \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_1) $(am__objects_1) +libtrust_data_la_OBJECTS = $(am_libtrust_data_la_OBJECTS) +libtrust_data_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libtrust_data_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +@WITH_TRUST_MODULE_TRUE@am_libtrust_data_la_rpath = +libtrust_test_la_LIBADD = +am__libtrust_test_la_SOURCES_DIST = trust/test-trust.c \ + trust/test-trust.h trust/digest.c +@WITH_TRUST_MODULE_TRUE@am_libtrust_test_la_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test-trust.lo trust/digest.lo \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_1) +libtrust_test_la_OBJECTS = $(am_libtrust_test_la_OBJECTS) +@WITH_TRUST_MODULE_TRUE@am_libtrust_test_la_rpath = +@WITH_TRUST_MODULE_TRUE@libtrust_testable_la_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) +am__libtrust_testable_la_SOURCES_DIST = trust/builder.c \ + trust/builder.h trust/digest.c trust/digest.h trust/index.c \ + trust/index.h trust/parser.c trust/parser.h trust/persist.c \ + trust/persist.h trust/module.c trust/module.h trust/save.c \ + trust/save.h trust/session.c trust/session.h trust/token.c \ + trust/token.h trust/types.h +@WITH_TRUST_MODULE_TRUE@am__objects_9 = \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-builder.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-digest.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-index.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-parser.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-persist.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-module.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-save.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-session.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/libtrust_testable_la-token.lo \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_1) +@WITH_TRUST_MODULE_TRUE@am_libtrust_testable_la_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_9) +libtrust_testable_la_OBJECTS = $(am_libtrust_testable_la_OBJECTS) +libtrust_testable_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libtrust_testable_la_CFLAGS) $(CFLAGS) \ + $(libtrust_testable_la_LDFLAGS) $(LDFLAGS) -o $@ +@WITH_TRUST_MODULE_TRUE@am_libtrust_testable_la_rpath = +mock_eight_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_eight_la_OBJECTS = p11-kit/mock-module-ep6.lo +mock_eight_la_OBJECTS = $(am_mock_eight_la_OBJECTS) +mock_eight_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_eight_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_five_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_five_la_OBJECTS = p11-kit/mock-module-ep3.lo +mock_five_la_OBJECTS = $(am_mock_five_la_OBJECTS) +mock_five_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_five_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_four_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am__objects_10 = p11-kit/mock-module-ep.lo +am_mock_four_la_OBJECTS = $(am__objects_10) +mock_four_la_OBJECTS = $(am_mock_four_la_OBJECTS) +mock_four_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_four_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_nine_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_nine_la_OBJECTS = p11-kit/mock-module-ep7.lo +mock_nine_la_OBJECTS = $(am_mock_nine_la_OBJECTS) +mock_nine_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_nine_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_one_la_DEPENDENCIES = libp11-test.la libp11-common.la +am_mock_one_la_OBJECTS = p11-kit/mock-module-ep.lo +mock_one_la_OBJECTS = $(am_mock_one_la_OBJECTS) +mock_one_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_one_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_seven_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_seven_la_OBJECTS = p11-kit/mock-module-ep5.lo +mock_seven_la_OBJECTS = $(am_mock_seven_la_OBJECTS) +mock_seven_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_seven_la_LDFLAGS) $(LDFLAGS) -o $@ +@OS_WIN32_FALSE@mock_six_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am__mock_six_la_SOURCES_DIST = p11-kit/mock-module-ep4.c +@OS_WIN32_FALSE@am_mock_six_la_OBJECTS = p11-kit/mock-module-ep4.lo +mock_six_la_OBJECTS = $(am_mock_six_la_OBJECTS) +mock_six_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_six_la_LDFLAGS) $(LDFLAGS) -o $@ +@OS_WIN32_FALSE@am_mock_six_la_rpath = +mock_ten_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_ten_la_OBJECTS = p11-kit/mock-module-ep8.lo +mock_ten_la_OBJECTS = $(am_mock_ten_la_OBJECTS) +mock_ten_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_ten_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_three_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_three_la_OBJECTS = $(am__objects_10) +mock_three_la_OBJECTS = $(am_mock_three_la_OBJECTS) +mock_three_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_three_la_LDFLAGS) $(LDFLAGS) -o $@ +mock_two_la_DEPENDENCIES = $(mock_one_la_LIBADD) +am_mock_two_la_OBJECTS = p11-kit/mock-module-ep2.lo +mock_two_la_OBJECTS = $(am_mock_two_la_OBJECTS) +mock_two_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(mock_two_la_LDFLAGS) $(LDFLAGS) -o $@ +am__DEPENDENCIES_3 = libp11-kit-internal.la $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) +@OS_WIN32_FALSE@p11_kit_client_la_DEPENDENCIES = \ +@OS_WIN32_FALSE@ $(am__DEPENDENCIES_3) +am__p11_kit_client_la_SOURCES_DIST = p11-kit/client.c p11-kit/client.h \ + p11-kit/client-init.c +@OS_WIN32_FALSE@am_p11_kit_client_la_OBJECTS = \ +@OS_WIN32_FALSE@ p11-kit/client_la-client.lo \ +@OS_WIN32_FALSE@ p11-kit/client_la-client-init.lo \ +@OS_WIN32_FALSE@ $(am__objects_1) +p11_kit_client_la_OBJECTS = $(am_p11_kit_client_la_OBJECTS) +p11_kit_client_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(p11_kit_client_la_CFLAGS) $(CFLAGS) \ + $(p11_kit_client_la_LDFLAGS) $(LDFLAGS) -o $@ +@OS_WIN32_FALSE@am_p11_kit_client_la_rpath = -rpath $(moduledir) +@WITH_TRUST_MODULE_TRUE@p11_kit_trust_la_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ libtrust-data.la libp11-library.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-common.la $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) +am__p11_kit_trust_la_SOURCES_DIST = trust/builder.c trust/builder.h \ + trust/digest.c trust/digest.h trust/index.c trust/index.h \ + trust/parser.c trust/parser.h trust/persist.c trust/persist.h \ + trust/module.c trust/module.h trust/save.c trust/save.h \ + trust/session.c trust/session.h trust/token.c trust/token.h \ + trust/types.h trust/module-init.c +@WITH_TRUST_MODULE_TRUE@am__objects_11 = \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-builder.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-digest.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-index.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-parser.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-persist.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-module.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-save.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-session.lo \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-token.lo \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_1) +@WITH_TRUST_MODULE_TRUE@am_p11_kit_trust_la_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_11) \ +@WITH_TRUST_MODULE_TRUE@ trust/p11_kit_trust_la-module-init.lo +p11_kit_trust_la_OBJECTS = $(am_p11_kit_trust_la_OBJECTS) +p11_kit_trust_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(p11_kit_trust_la_CFLAGS) $(CFLAGS) \ + $(p11_kit_trust_la_LDFLAGS) $(LDFLAGS) -o $@ +@WITH_TRUST_MODULE_TRUE@am_p11_kit_trust_la_rpath = -rpath \ +@WITH_TRUST_MODULE_TRUE@ $(moduledir) +am_common_frob_getauxval_OBJECTS = common/frob-getauxval.$(OBJEXT) +common_frob_getauxval_OBJECTS = $(am_common_frob_getauxval_OBJECTS) +am__DEPENDENCIES_4 = libp11-test.la libp11-common.la \ + $(am__DEPENDENCIES_1) +common_frob_getauxval_DEPENDENCIES = $(am__DEPENDENCIES_4) +am_common_frob_getenv_OBJECTS = common/frob-getenv.$(OBJEXT) +common_frob_getenv_OBJECTS = $(am_common_frob_getenv_OBJECTS) +common_frob_getenv_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__common_frob_getprogname_SOURCES_DIST = common/frob-getprogname.c +@OS_WIN32_FALSE@am_common_frob_getprogname_OBJECTS = \ +@OS_WIN32_FALSE@ common/frob-getprogname.$(OBJEXT) +common_frob_getprogname_OBJECTS = \ + $(am_common_frob_getprogname_OBJECTS) +@OS_WIN32_FALSE@common_frob_getprogname_DEPENDENCIES = \ +@OS_WIN32_FALSE@ $(am__DEPENDENCIES_4) +am__frob_bc_SOURCES_DIST = trust/frob-bc.c +@WITH_TRUST_MODULE_TRUE@am_frob_bc_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_bc-frob-bc.$(OBJEXT) +frob_bc_OBJECTS = $(am_frob_bc_OBJECTS) +@WITH_TRUST_MODULE_TRUE@am__DEPENDENCIES_5 = libtrust-testable.la \ +@WITH_TRUST_MODULE_TRUE@ libtrust-data.la libtrust-test.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-kit.la libp11-library.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-test.la libp11-common.la \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) +@WITH_TRUST_MODULE_TRUE@frob_bc_DEPENDENCIES = $(am__DEPENDENCIES_5) +frob_bc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_bc_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_cert_SOURCES_DIST = trust/frob-cert.c +@WITH_TRUST_MODULE_TRUE@am_frob_cert_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_cert-frob-cert.$(OBJEXT) +frob_cert_OBJECTS = $(am_frob_cert_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_cert_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +frob_cert_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_cert_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_eku_SOURCES_DIST = trust/frob-eku.c +@WITH_TRUST_MODULE_TRUE@am_frob_eku_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_eku-frob-eku.$(OBJEXT) +frob_eku_OBJECTS = $(am_frob_eku_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_eku_DEPENDENCIES = $(am__DEPENDENCIES_5) +frob_eku_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_eku_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_ext_SOURCES_DIST = trust/frob-ext.c +@WITH_TRUST_MODULE_TRUE@am_frob_ext_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_ext-frob-ext.$(OBJEXT) +frob_ext_OBJECTS = $(am_frob_ext_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_ext_DEPENDENCIES = $(am__DEPENDENCIES_5) +frob_ext_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_ext_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_ku_SOURCES_DIST = trust/frob-ku.c +@WITH_TRUST_MODULE_TRUE@am_frob_ku_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_ku-frob-ku.$(OBJEXT) +frob_ku_OBJECTS = $(am_frob_ku_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_ku_DEPENDENCIES = $(am__DEPENDENCIES_5) +frob_ku_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_ku_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_nss_trust_SOURCES_DIST = trust/frob-nss-trust.c +@WITH_TRUST_MODULE_TRUE@am_frob_nss_trust_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob-nss-trust.$(OBJEXT) +frob_nss_trust_OBJECTS = $(am_frob_nss_trust_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_nss_trust_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ libp11-common.la libp11-kit.la \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) +am__frob_oid_SOURCES_DIST = trust/frob-oid.c +@WITH_TRUST_MODULE_TRUE@am_frob_oid_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_oid-frob-oid.$(OBJEXT) +frob_oid_OBJECTS = $(am_frob_oid_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_oid_DEPENDENCIES = $(am__DEPENDENCIES_5) +frob_oid_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_oid_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_pow_SOURCES_DIST = trust/frob-pow.c +@WITH_TRUST_MODULE_TRUE@am_frob_pow_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_pow-frob-pow.$(OBJEXT) +frob_pow_OBJECTS = $(am_frob_pow_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_pow_DEPENDENCIES = $(am__DEPENDENCIES_5) +frob_pow_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_pow_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__frob_token_SOURCES_DIST = trust/frob-token.c +@WITH_TRUST_MODULE_TRUE@am_frob_token_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/frob_token-frob-token.$(OBJEXT) +frob_token_OBJECTS = $(am_frob_token_OBJECTS) +@WITH_TRUST_MODULE_TRUE@frob_token_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +frob_token_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(frob_token_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_p11_kit_frob_setuid_OBJECTS = p11-kit/frob-setuid.$(OBJEXT) +p11_kit_frob_setuid_OBJECTS = $(am_p11_kit_frob_setuid_OBJECTS) +am__DEPENDENCIES_6 = libp11-kit-testable.la libp11-test.la \ + libp11-common.la $(am__DEPENDENCIES_1) +p11_kit_frob_setuid_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_p11_kit_p11_kit_OBJECTS = p11-kit/lists.$(OBJEXT) \ + p11-kit/p11-kit.$(OBJEXT) $(am__objects_1) +p11_kit_p11_kit_OBJECTS = $(am_p11_kit_p11_kit_OBJECTS) +p11_kit_p11_kit_DEPENDENCIES = libp11-kit.la libp11-tool.la \ + libp11-common.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am_p11_kit_p11_kit_remote_OBJECTS = p11-kit/remote.$(OBJEXT) \ + $(am__objects_1) +p11_kit_p11_kit_remote_OBJECTS = $(am_p11_kit_p11_kit_remote_OBJECTS) +p11_kit_p11_kit_remote_DEPENDENCIES = libp11-tool.la libp11-common.la \ + libp11-kit.la $(am__DEPENDENCIES_1) +am__objects_12 = p11-kit/remote.$(OBJEXT) $(am__objects_1) +am_p11_kit_p11_kit_remote_testable_OBJECTS = $(am__objects_12) +p11_kit_p11_kit_remote_testable_OBJECTS = \ + $(am_p11_kit_p11_kit_remote_testable_OBJECTS) +p11_kit_p11_kit_remote_testable_DEPENDENCIES = libp11-tool.la \ + libp11-common.la libp11-kit-testable.la $(am__DEPENDENCIES_1) +am_p11_kit_p11_kit_server_OBJECTS = \ + p11-kit/p11_kit_server-server.$(OBJEXT) $(am__objects_1) +p11_kit_p11_kit_server_OBJECTS = $(am_p11_kit_p11_kit_server_OBJECTS) +p11_kit_p11_kit_server_DEPENDENCIES = libp11-tool.la libp11-common.la \ + libp11-kit.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +p11_kit_p11_kit_server_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(p11_kit_p11_kit_server_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__objects_13 = p11-kit/p11_kit_server_testable-server.$(OBJEXT) \ + $(am__objects_1) +am_p11_kit_p11_kit_server_testable_OBJECTS = $(am__objects_13) +p11_kit_p11_kit_server_testable_OBJECTS = \ + $(am_p11_kit_p11_kit_server_testable_OBJECTS) +p11_kit_p11_kit_server_testable_DEPENDENCIES = libp11-tool.la \ + libp11-common.la libp11-kit-testable.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +p11_kit_p11_kit_server_testable_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(p11_kit_p11_kit_server_testable_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_p11_kit_print_messages_OBJECTS = p11-kit/print-messages.$(OBJEXT) +p11_kit_print_messages_OBJECTS = $(am_p11_kit_print_messages_OBJECTS) +p11_kit_print_messages_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_argv_OBJECTS = common/test-argv.$(OBJEXT) +test_argv_OBJECTS = $(am_test_argv_OBJECTS) +test_argv_DEPENDENCIES = $(am__DEPENDENCIES_4) +am_test_array_OBJECTS = common/test-array.$(OBJEXT) +test_array_OBJECTS = $(am_test_array_OBJECTS) +test_array_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_asn1_SOURCES_DIST = trust/test-asn1.c +@WITH_TRUST_MODULE_TRUE@am_test_asn1_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_asn1-test-asn1.$(OBJEXT) +test_asn1_OBJECTS = $(am_test_asn1_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_asn1_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_asn1_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_asn1_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_attrs_OBJECTS = common/test-attrs.$(OBJEXT) +test_attrs_OBJECTS = $(am_test_attrs_OBJECTS) +test_attrs_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_base64_SOURCES_DIST = trust/test-base64.c +@WITH_TRUST_MODULE_TRUE@am_test_base64_OBJECTS = trust/test_base64-test-base64.$(OBJEXT) +test_base64_OBJECTS = $(am_test_base64_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_base64_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_base64_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_base64_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_buffer_OBJECTS = common/test-buffer.$(OBJEXT) +test_buffer_OBJECTS = $(am_test_buffer_OBJECTS) +test_buffer_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_builder_SOURCES_DIST = trust/test-builder.c +@WITH_TRUST_MODULE_TRUE@am_test_builder_OBJECTS = trust/test_builder-test-builder.$(OBJEXT) +test_builder_OBJECTS = $(am_test_builder_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_builder_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_builder_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_builder_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__test_bundle_SOURCES_DIST = trust/test-bundle.c +@WITH_TRUST_MODULE_TRUE@am_test_bundle_OBJECTS = trust/test_bundle-test-bundle.$(OBJEXT) +test_bundle_OBJECTS = $(am_test_bundle_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_bundle_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_bundle_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_bundle_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__test_cer_SOURCES_DIST = trust/test-cer.c +@WITH_TRUST_MODULE_TRUE@am_test_cer_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_cer-test-cer.$(OBJEXT) +test_cer_OBJECTS = $(am_test_cer_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_cer_DEPENDENCIES = $(am__DEPENDENCIES_5) +test_cer_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_cer_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_compat_OBJECTS = common/test-compat.$(OBJEXT) +test_compat_OBJECTS = $(am_test_compat_OBJECTS) +test_compat_DEPENDENCIES = $(am__DEPENDENCIES_4) +am_test_conf_OBJECTS = p11-kit/test-conf.$(OBJEXT) +test_conf_OBJECTS = $(am_test_conf_OBJECTS) +test_conf_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_constants_OBJECTS = common/test-constants.$(OBJEXT) +test_constants_OBJECTS = $(am_test_constants_OBJECTS) +test_constants_DEPENDENCIES = $(am__DEPENDENCIES_4) +am_test_deprecated_OBJECTS = \ + p11-kit/test_deprecated-test-deprecated.$(OBJEXT) +test_deprecated_OBJECTS = $(am_test_deprecated_OBJECTS) +test_deprecated_DEPENDENCIES = $(am__DEPENDENCIES_6) +test_deprecated_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(test_deprecated_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +am_test_dict_OBJECTS = common/test-dict.$(OBJEXT) +test_dict_OBJECTS = $(am_test_dict_OBJECTS) +test_dict_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_digest_SOURCES_DIST = trust/test-digest.c +@WITH_TRUST_MODULE_TRUE@am_test_digest_OBJECTS = trust/test_digest-test-digest.$(OBJEXT) +test_digest_OBJECTS = $(am_test_digest_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_digest_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_digest_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_digest_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__test_edk2_SOURCES_DIST = trust/test-edk2.c +@WITH_TRUST_MODULE_TRUE@am_test_edk2_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_edk2-test-edk2.$(OBJEXT) +test_edk2_OBJECTS = $(am_test_edk2_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_edk2_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_edk2_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_edk2_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__test_enumerate_SOURCES_DIST = trust/test-enumerate.c +@WITH_TRUST_MODULE_TRUE@am_test_enumerate_OBJECTS = trust/test_enumerate-test-enumerate.$(OBJEXT) +test_enumerate_OBJECTS = $(am_test_enumerate_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_enumerate_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_enumerate_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(test_enumerate_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ + $@ +am_test_filter_OBJECTS = p11-kit/test-filter.$(OBJEXT) +test_filter_OBJECTS = $(am_test_filter_OBJECTS) +test_filter_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_hash_OBJECTS = common/test-hash.$(OBJEXT) +test_hash_OBJECTS = $(am_test_hash_OBJECTS) +test_hash_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_index_SOURCES_DIST = trust/test-index.c +@WITH_TRUST_MODULE_TRUE@am_test_index_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_index-test-index.$(OBJEXT) +test_index_OBJECTS = $(am_test_index_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_index_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_index_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_index_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_init_OBJECTS = p11-kit/test_init-test-init.$(OBJEXT) +test_init_OBJECTS = $(am_test_init_OBJECTS) +test_init_DEPENDENCIES = $(am__DEPENDENCIES_6) +test_init_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_init_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_iter_OBJECTS = p11-kit/test-iter.$(OBJEXT) +test_iter_OBJECTS = $(am_test_iter_OBJECTS) +test_iter_DEPENDENCIES = $(am__DEPENDENCIES_6) +am__test_jks_SOURCES_DIST = trust/test-jks.c +@WITH_TRUST_MODULE_TRUE@am_test_jks_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_jks-test-jks.$(OBJEXT) +test_jks_OBJECTS = $(am_test_jks_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_jks_DEPENDENCIES = $(am__DEPENDENCIES_5) +test_jks_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_jks_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_lexer_OBJECTS = common/test-lexer.$(OBJEXT) +test_lexer_OBJECTS = $(am_test_lexer_OBJECTS) +test_lexer_DEPENDENCIES = $(am__DEPENDENCIES_4) +am_test_log_OBJECTS = p11-kit/test-log.$(OBJEXT) +test_log_OBJECTS = $(am_test_log_OBJECTS) +test_log_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_managed_OBJECTS = p11-kit/test-managed.$(OBJEXT) +test_managed_OBJECTS = $(am_test_managed_OBJECTS) +test_managed_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_message_OBJECTS = common/test-message.$(OBJEXT) +test_message_OBJECTS = $(am_test_message_OBJECTS) +test_message_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_module_SOURCES_DIST = trust/test-module.c +@WITH_TRUST_MODULE_TRUE@am_test_module_OBJECTS = trust/test_module-test-module.$(OBJEXT) +test_module_OBJECTS = $(am_test_module_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_module_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_module_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_module_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_modules_OBJECTS = p11-kit/test-modules.$(OBJEXT) +test_modules_OBJECTS = $(am_test_modules_OBJECTS) +test_modules_DEPENDENCIES = $(am__DEPENDENCIES_6) +am__test_oid_SOURCES_DIST = trust/test-oid.c +@WITH_TRUST_MODULE_TRUE@am_test_oid_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_oid-test-oid.$(OBJEXT) +test_oid_OBJECTS = $(am_test_oid_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_oid_DEPENDENCIES = $(am__DEPENDENCIES_5) +test_oid_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_oid_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__test_openssl_SOURCES_DIST = trust/test-openssl.c +@WITH_TRUST_MODULE_TRUE@am_test_openssl_OBJECTS = trust/test_openssl-test-openssl.$(OBJEXT) +test_openssl_OBJECTS = $(am_test_openssl_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_openssl_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_openssl_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_openssl_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__test_parser_SOURCES_DIST = trust/test-parser.c +@WITH_TRUST_MODULE_TRUE@am_test_parser_OBJECTS = trust/test_parser-test-parser.$(OBJEXT) +test_parser_OBJECTS = $(am_test_parser_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_parser_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_parser_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_parser_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_path_OBJECTS = common/test-path.$(OBJEXT) +test_path_OBJECTS = $(am_test_path_OBJECTS) +test_path_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_pem_SOURCES_DIST = trust/test-pem.c +@WITH_TRUST_MODULE_TRUE@am_test_pem_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test-pem.$(OBJEXT) +test_pem_OBJECTS = $(am_test_pem_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_pem_DEPENDENCIES = $(am__DEPENDENCIES_5) +am__test_persist_SOURCES_DIST = trust/test-persist.c +@WITH_TRUST_MODULE_TRUE@am_test_persist_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test-persist.$(OBJEXT) +test_persist_OBJECTS = $(am_test_persist_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_persist_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +am_test_pin_OBJECTS = p11-kit/test-pin.$(OBJEXT) +test_pin_OBJECTS = $(am_test_pin_OBJECTS) +test_pin_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_progname_OBJECTS = p11-kit/test-progname.$(OBJEXT) +test_progname_OBJECTS = $(am_test_progname_OBJECTS) +test_progname_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_proxy_OBJECTS = p11-kit/test-proxy.$(OBJEXT) +test_proxy_OBJECTS = $(am_test_proxy_OBJECTS) +test_proxy_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_rpc_OBJECTS = p11-kit/test-rpc.$(OBJEXT) +test_rpc_OBJECTS = $(am_test_rpc_OBJECTS) +test_rpc_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_runtime_OBJECTS = common/test-runtime.$(OBJEXT) +test_runtime_OBJECTS = $(am_test_runtime_OBJECTS) +test_runtime_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_save_SOURCES_DIST = trust/test-save.c +@WITH_TRUST_MODULE_TRUE@am_test_save_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test-save.$(OBJEXT) +test_save_OBJECTS = $(am_test_save_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_save_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +am_test_server_OBJECTS = p11-kit/test_server-test-server.$(OBJEXT) +test_server_OBJECTS = $(am_test_server_OBJECTS) +test_server_DEPENDENCIES = $(am__DEPENDENCIES_6) +test_server_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_server_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_tests_OBJECTS = common/test-tests.$(OBJEXT) +test_tests_OBJECTS = $(am_test_tests_OBJECTS) +test_tests_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_token_SOURCES_DIST = trust/test-token.c +@WITH_TRUST_MODULE_TRUE@am_test_token_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_token-test-token.$(OBJEXT) +test_token_OBJECTS = $(am_test_token_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_token_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_token_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_token_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_test_transport_OBJECTS = \ + p11-kit/test_transport-test-transport.$(OBJEXT) +test_transport_OBJECTS = $(am_test_transport_OBJECTS) +test_transport_DEPENDENCIES = $(am__DEPENDENCIES_6) +test_transport_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(test_transport_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ + $@ +am_test_uri_OBJECTS = p11-kit/test-uri.$(OBJEXT) +test_uri_OBJECTS = $(am_test_uri_OBJECTS) +test_uri_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_url_OBJECTS = common/test-url.$(OBJEXT) +test_url_OBJECTS = $(am_test_url_OBJECTS) +test_url_DEPENDENCIES = $(am__DEPENDENCIES_4) +am__test_utf8_SOURCES_DIST = trust/test-utf8.c +@WITH_TRUST_MODULE_TRUE@am_test_utf8_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test-utf8.$(OBJEXT) +test_utf8_OBJECTS = $(am_test_utf8_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_utf8_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +am_test_util_OBJECTS = p11-kit/test-util.$(OBJEXT) +test_util_OBJECTS = $(am_test_util_OBJECTS) +test_util_DEPENDENCIES = $(am__DEPENDENCIES_6) +am_test_virtual_OBJECTS = p11-kit/test-virtual.$(OBJEXT) +test_virtual_OBJECTS = $(am_test_virtual_OBJECTS) +test_virtual_DEPENDENCIES = $(am__DEPENDENCIES_6) +am__test_x509_SOURCES_DIST = trust/test-x509.c +@WITH_TRUST_MODULE_TRUE@am_test_x509_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/test_x509-test-x509.$(OBJEXT) +test_x509_OBJECTS = $(am_test_x509_OBJECTS) +@WITH_TRUST_MODULE_TRUE@test_x509_DEPENDENCIES = \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_5) +test_x509_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_x509_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__trust_trust_SOURCES_DIST = trust/anchor.c trust/anchor.h \ + trust/parser.c trust/parser.h trust/persist.c trust/persist.h \ + trust/digest.c trust/digest.h trust/dump.c trust/dump.h \ + trust/enumerate.c trust/enumerate.h trust/extract.c \ + trust/extract.h trust/extract-jks.c trust/extract-edk2.c \ + trust/extract-openssl.c trust/extract-pem.c \ + trust/extract-cer.c trust/list.c trust/list.h trust/save.c \ + trust/save.h trust/trust.c trust/basic.asn.h \ + trust/openssl.asn.h trust/pkix.asn.h +@WITH_TRUST_MODULE_TRUE@am_trust_trust_OBJECTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-anchor.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-parser.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-persist.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-digest.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-dump.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-enumerate.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract-jks.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract-edk2.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract-openssl.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract-pem.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract-cer.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-list.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-save.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-trust.$(OBJEXT) \ +@WITH_TRUST_MODULE_TRUE@ $(am__objects_1) $(am__objects_1) +trust_trust_OBJECTS = $(am_trust_trust_OBJECTS) +@WITH_TRUST_MODULE_TRUE@trust_trust_DEPENDENCIES = libtrust-data.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-kit.la libp11-common.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-tool.la $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) \ +@WITH_TRUST_MODULE_TRUE@ $(am__DEPENDENCIES_1) +trust_trust_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(trust_trust_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +SCRIPTS = $(external_SCRIPTS) $(noinst_SCRIPTS) +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/build/litter/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = common/$(DEPDIR)/argv.Plo \ + common/$(DEPDIR)/array.Plo common/$(DEPDIR)/attrs.Plo \ + common/$(DEPDIR)/buffer.Plo common/$(DEPDIR)/compat.Plo \ + common/$(DEPDIR)/constants.Plo common/$(DEPDIR)/debug.Plo \ + common/$(DEPDIR)/dict.Plo common/$(DEPDIR)/frob-getauxval.Po \ + common/$(DEPDIR)/frob-getenv.Po \ + common/$(DEPDIR)/frob-getprogname.Po common/$(DEPDIR)/hash.Plo \ + common/$(DEPDIR)/lexer.Plo common/$(DEPDIR)/library.Plo \ + common/$(DEPDIR)/message.Plo common/$(DEPDIR)/mock.Plo \ + common/$(DEPDIR)/path.Plo common/$(DEPDIR)/runtime.Plo \ + common/$(DEPDIR)/test-argv.Po common/$(DEPDIR)/test-array.Po \ + common/$(DEPDIR)/test-attrs.Po common/$(DEPDIR)/test-buffer.Po \ + common/$(DEPDIR)/test-compat.Po \ + common/$(DEPDIR)/test-constants.Po \ + common/$(DEPDIR)/test-dict.Po common/$(DEPDIR)/test-hash.Po \ + common/$(DEPDIR)/test-lexer.Po \ + common/$(DEPDIR)/test-message.Po common/$(DEPDIR)/test-path.Po \ + common/$(DEPDIR)/test-runtime.Po \ + common/$(DEPDIR)/test-tests.Po common/$(DEPDIR)/test-url.Po \ + common/$(DEPDIR)/test.Plo common/$(DEPDIR)/tool.Plo \ + common/$(DEPDIR)/unix-peer.Plo common/$(DEPDIR)/url.Plo \ + common/$(DEPDIR)/vsock.Plo \ + p11-kit/$(DEPDIR)/client_la-client-init.Plo \ + p11-kit/$(DEPDIR)/client_la-client.Plo \ + p11-kit/$(DEPDIR)/frob-setuid.Po \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Plo \ + p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Plo \ + p11-kit/$(DEPDIR)/lists.Po \ + p11-kit/$(DEPDIR)/mock-module-ep.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep2.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep3.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep4.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep5.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep6.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep7.Plo \ + p11-kit/$(DEPDIR)/mock-module-ep8.Plo \ + p11-kit/$(DEPDIR)/p11-kit.Po \ + p11-kit/$(DEPDIR)/p11_kit_server-server.Po \ + p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Po \ + p11-kit/$(DEPDIR)/print-messages.Po \ + p11-kit/$(DEPDIR)/remote.Po p11-kit/$(DEPDIR)/test-conf.Po \ + p11-kit/$(DEPDIR)/test-filter.Po \ + p11-kit/$(DEPDIR)/test-iter.Po p11-kit/$(DEPDIR)/test-log.Po \ + p11-kit/$(DEPDIR)/test-managed.Po \ + p11-kit/$(DEPDIR)/test-modules.Po \ + p11-kit/$(DEPDIR)/test-pin.Po \ + p11-kit/$(DEPDIR)/test-progname.Po \ + p11-kit/$(DEPDIR)/test-proxy.Po p11-kit/$(DEPDIR)/test-rpc.Po \ + p11-kit/$(DEPDIR)/test-uri.Po p11-kit/$(DEPDIR)/test-util.Po \ + p11-kit/$(DEPDIR)/test-virtual.Po \ + p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Po \ + p11-kit/$(DEPDIR)/test_init-test-init.Po \ + p11-kit/$(DEPDIR)/test_server-test-server.Po \ + p11-kit/$(DEPDIR)/test_transport-test-transport.Po \ + trust/$(DEPDIR)/digest.Plo trust/$(DEPDIR)/frob-nss-trust.Po \ + trust/$(DEPDIR)/frob_bc-frob-bc.Po \ + trust/$(DEPDIR)/frob_cert-frob-cert.Po \ + trust/$(DEPDIR)/frob_eku-frob-eku.Po \ + trust/$(DEPDIR)/frob_ext-frob-ext.Po \ + trust/$(DEPDIR)/frob_ku-frob-ku.Po \ + trust/$(DEPDIR)/frob_oid-frob-oid.Po \ + trust/$(DEPDIR)/frob_pow-frob-pow.Po \ + trust/$(DEPDIR)/frob_token-frob-token.Po \ + trust/$(DEPDIR)/libtrust_data_la-asn1.Plo \ + trust/$(DEPDIR)/libtrust_data_la-base64.Plo \ + trust/$(DEPDIR)/libtrust_data_la-oid.Plo \ + trust/$(DEPDIR)/libtrust_data_la-pem.Plo \ + trust/$(DEPDIR)/libtrust_data_la-utf8.Plo \ + trust/$(DEPDIR)/libtrust_data_la-x509.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-builder.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-digest.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-index.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-module.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-parser.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-persist.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-save.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-session.Plo \ + trust/$(DEPDIR)/libtrust_testable_la-token.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-builder.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-digest.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-index.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-module-init.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-module.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-parser.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-persist.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-save.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-session.Plo \ + trust/$(DEPDIR)/p11_kit_trust_la-token.Plo \ + trust/$(DEPDIR)/test-pem.Po trust/$(DEPDIR)/test-persist.Po \ + trust/$(DEPDIR)/test-save.Po trust/$(DEPDIR)/test-trust.Plo \ + trust/$(DEPDIR)/test-utf8.Po \ + trust/$(DEPDIR)/test_asn1-test-asn1.Po \ + trust/$(DEPDIR)/test_base64-test-base64.Po \ + trust/$(DEPDIR)/test_builder-test-builder.Po \ + trust/$(DEPDIR)/test_bundle-test-bundle.Po \ + trust/$(DEPDIR)/test_cer-test-cer.Po \ + trust/$(DEPDIR)/test_digest-test-digest.Po \ + trust/$(DEPDIR)/test_edk2-test-edk2.Po \ + trust/$(DEPDIR)/test_enumerate-test-enumerate.Po \ + trust/$(DEPDIR)/test_index-test-index.Po \ + trust/$(DEPDIR)/test_jks-test-jks.Po \ + trust/$(DEPDIR)/test_module-test-module.Po \ + trust/$(DEPDIR)/test_oid-test-oid.Po \ + trust/$(DEPDIR)/test_openssl-test-openssl.Po \ + trust/$(DEPDIR)/test_parser-test-parser.Po \ + trust/$(DEPDIR)/test_token-test-token.Po \ + trust/$(DEPDIR)/test_x509-test-x509.Po \ + trust/$(DEPDIR)/trust-anchor.Po \ + trust/$(DEPDIR)/trust-digest.Po trust/$(DEPDIR)/trust-dump.Po \ + trust/$(DEPDIR)/trust-enumerate.Po \ + trust/$(DEPDIR)/trust-extract-cer.Po \ + trust/$(DEPDIR)/trust-extract-edk2.Po \ + trust/$(DEPDIR)/trust-extract-jks.Po \ + trust/$(DEPDIR)/trust-extract-openssl.Po \ + trust/$(DEPDIR)/trust-extract-pem.Po \ + trust/$(DEPDIR)/trust-extract.Po trust/$(DEPDIR)/trust-list.Po \ + trust/$(DEPDIR)/trust-parser.Po \ + trust/$(DEPDIR)/trust-persist.Po trust/$(DEPDIR)/trust-save.Po \ + trust/$(DEPDIR)/trust-trust.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libp11_common_la_SOURCES) \ + $(libp11_kit_internal_la_SOURCES) \ + $(libp11_kit_pkcs11_gnu_la_SOURCES) \ + $(libp11_kit_testable_la_SOURCES) $(libp11_kit_la_SOURCES) \ + $(libp11_library_la_SOURCES) $(libp11_test_la_SOURCES) \ + $(libp11_tool_la_SOURCES) $(libtrust_data_la_SOURCES) \ + $(libtrust_test_la_SOURCES) $(libtrust_testable_la_SOURCES) \ + $(mock_eight_la_SOURCES) $(mock_five_la_SOURCES) \ + $(mock_four_la_SOURCES) $(mock_nine_la_SOURCES) \ + $(mock_one_la_SOURCES) $(mock_seven_la_SOURCES) \ + $(mock_six_la_SOURCES) $(mock_ten_la_SOURCES) \ + $(mock_three_la_SOURCES) $(mock_two_la_SOURCES) \ + $(p11_kit_client_la_SOURCES) $(p11_kit_trust_la_SOURCES) \ + $(common_frob_getauxval_SOURCES) $(common_frob_getenv_SOURCES) \ + $(common_frob_getprogname_SOURCES) $(frob_bc_SOURCES) \ + $(frob_cert_SOURCES) $(frob_eku_SOURCES) $(frob_ext_SOURCES) \ + $(frob_ku_SOURCES) $(frob_nss_trust_SOURCES) \ + $(frob_oid_SOURCES) $(frob_pow_SOURCES) $(frob_token_SOURCES) \ + $(p11_kit_frob_setuid_SOURCES) $(p11_kit_p11_kit_SOURCES) \ + $(p11_kit_p11_kit_remote_SOURCES) \ + $(p11_kit_p11_kit_remote_testable_SOURCES) \ + $(p11_kit_p11_kit_server_SOURCES) \ + $(p11_kit_p11_kit_server_testable_SOURCES) \ + $(p11_kit_print_messages_SOURCES) $(test_argv_SOURCES) \ + $(test_array_SOURCES) $(test_asn1_SOURCES) \ + $(test_attrs_SOURCES) $(test_base64_SOURCES) \ + $(test_buffer_SOURCES) $(test_builder_SOURCES) \ + $(test_bundle_SOURCES) $(test_cer_SOURCES) \ + $(test_compat_SOURCES) $(test_conf_SOURCES) \ + $(test_constants_SOURCES) $(test_deprecated_SOURCES) \ + $(test_dict_SOURCES) $(test_digest_SOURCES) \ + $(test_edk2_SOURCES) $(test_enumerate_SOURCES) \ + $(test_filter_SOURCES) $(test_hash_SOURCES) \ + $(test_index_SOURCES) $(test_init_SOURCES) \ + $(test_iter_SOURCES) $(test_jks_SOURCES) $(test_lexer_SOURCES) \ + $(test_log_SOURCES) $(test_managed_SOURCES) \ + $(test_message_SOURCES) $(test_module_SOURCES) \ + $(test_modules_SOURCES) $(test_oid_SOURCES) \ + $(test_openssl_SOURCES) $(test_parser_SOURCES) \ + $(test_path_SOURCES) $(test_pem_SOURCES) \ + $(test_persist_SOURCES) $(test_pin_SOURCES) \ + $(test_progname_SOURCES) $(test_proxy_SOURCES) \ + $(test_rpc_SOURCES) $(test_runtime_SOURCES) \ + $(test_save_SOURCES) $(test_server_SOURCES) \ + $(test_tests_SOURCES) $(test_token_SOURCES) \ + $(test_transport_SOURCES) $(test_uri_SOURCES) \ + $(test_url_SOURCES) $(test_utf8_SOURCES) $(test_util_SOURCES) \ + $(test_virtual_SOURCES) $(test_x509_SOURCES) \ + $(trust_trust_SOURCES) +DIST_SOURCES = $(libp11_common_la_SOURCES) \ + $(libp11_kit_internal_la_SOURCES) \ + $(libp11_kit_pkcs11_gnu_la_SOURCES) \ + $(libp11_kit_testable_la_SOURCES) $(libp11_kit_la_SOURCES) \ + $(libp11_library_la_SOURCES) $(libp11_test_la_SOURCES) \ + $(am__libp11_tool_la_SOURCES_DIST) \ + $(am__libtrust_data_la_SOURCES_DIST) \ + $(am__libtrust_test_la_SOURCES_DIST) \ + $(am__libtrust_testable_la_SOURCES_DIST) \ + $(mock_eight_la_SOURCES) $(mock_five_la_SOURCES) \ + $(mock_four_la_SOURCES) $(mock_nine_la_SOURCES) \ + $(mock_one_la_SOURCES) $(mock_seven_la_SOURCES) \ + $(am__mock_six_la_SOURCES_DIST) $(mock_ten_la_SOURCES) \ + $(mock_three_la_SOURCES) $(mock_two_la_SOURCES) \ + $(am__p11_kit_client_la_SOURCES_DIST) \ + $(am__p11_kit_trust_la_SOURCES_DIST) \ + $(common_frob_getauxval_SOURCES) $(common_frob_getenv_SOURCES) \ + $(am__common_frob_getprogname_SOURCES_DIST) \ + $(am__frob_bc_SOURCES_DIST) $(am__frob_cert_SOURCES_DIST) \ + $(am__frob_eku_SOURCES_DIST) $(am__frob_ext_SOURCES_DIST) \ + $(am__frob_ku_SOURCES_DIST) $(am__frob_nss_trust_SOURCES_DIST) \ + $(am__frob_oid_SOURCES_DIST) $(am__frob_pow_SOURCES_DIST) \ + $(am__frob_token_SOURCES_DIST) $(p11_kit_frob_setuid_SOURCES) \ + $(p11_kit_p11_kit_SOURCES) $(p11_kit_p11_kit_remote_SOURCES) \ + $(p11_kit_p11_kit_remote_testable_SOURCES) \ + $(p11_kit_p11_kit_server_SOURCES) \ + $(p11_kit_p11_kit_server_testable_SOURCES) \ + $(p11_kit_print_messages_SOURCES) $(test_argv_SOURCES) \ + $(test_array_SOURCES) $(am__test_asn1_SOURCES_DIST) \ + $(test_attrs_SOURCES) $(am__test_base64_SOURCES_DIST) \ + $(test_buffer_SOURCES) $(am__test_builder_SOURCES_DIST) \ + $(am__test_bundle_SOURCES_DIST) $(am__test_cer_SOURCES_DIST) \ + $(test_compat_SOURCES) $(test_conf_SOURCES) \ + $(test_constants_SOURCES) $(test_deprecated_SOURCES) \ + $(test_dict_SOURCES) $(am__test_digest_SOURCES_DIST) \ + $(am__test_edk2_SOURCES_DIST) \ + $(am__test_enumerate_SOURCES_DIST) $(test_filter_SOURCES) \ + $(test_hash_SOURCES) $(am__test_index_SOURCES_DIST) \ + $(test_init_SOURCES) $(test_iter_SOURCES) \ + $(am__test_jks_SOURCES_DIST) $(test_lexer_SOURCES) \ + $(test_log_SOURCES) $(test_managed_SOURCES) \ + $(test_message_SOURCES) $(am__test_module_SOURCES_DIST) \ + $(test_modules_SOURCES) $(am__test_oid_SOURCES_DIST) \ + $(am__test_openssl_SOURCES_DIST) \ + $(am__test_parser_SOURCES_DIST) $(test_path_SOURCES) \ + $(am__test_pem_SOURCES_DIST) $(am__test_persist_SOURCES_DIST) \ + $(test_pin_SOURCES) $(test_progname_SOURCES) \ + $(test_proxy_SOURCES) $(test_rpc_SOURCES) \ + $(test_runtime_SOURCES) $(am__test_save_SOURCES_DIST) \ + $(test_server_SOURCES) $(test_tests_SOURCES) \ + $(am__test_token_SOURCES_DIST) $(test_transport_SOURCES) \ + $(test_uri_SOURCES) $(test_url_SOURCES) \ + $(am__test_utf8_SOURCES_DIST) $(test_util_SOURCES) \ + $(test_virtual_SOURCES) $(am__test_x509_SOURCES_DIST) \ + $(am__trust_trust_SOURCES_DIST) +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +DATA = $(bashcomp_DATA) $(config_DATA) $(example_DATA) \ + $(pkgconfig_DATA) $(systemduserunit_DATA) +HEADERS = $(inc_HEADERS) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope check recheck distdir distdir-am dist dist-all \ + distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ + $(LISP)config.h.in +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +CSCOPE = cscope +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +RECHECK_LOGS = $(TEST_LOGS) +TEST_SUITE_LOG = test-suite.log +TEST_EXTENSIONS = @EXEEXT@ .test +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.test.log=.log) +TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build/litter/test-driver +TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ + $(TEST_LOG_FLAGS) +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/common/Makefile.am \ + $(srcdir)/config.h.in $(srcdir)/p11-kit/Makefile.am \ + $(srcdir)/trust/Makefile.am $(top_srcdir)/build/litter/compile \ + $(top_srcdir)/build/litter/config.guess \ + $(top_srcdir)/build/litter/config.rpath \ + $(top_srcdir)/build/litter/config.sub \ + $(top_srcdir)/build/litter/depcomp \ + $(top_srcdir)/build/litter/install-sh \ + $(top_srcdir)/build/litter/ltmain.sh \ + $(top_srcdir)/build/litter/missing \ + $(top_srcdir)/build/litter/tap-driver.sh \ + $(top_srcdir)/build/litter/test-driver \ + $(top_srcdir)/p11-kit/p11-kit-1.pc.in \ + $(top_srcdir)/p11-kit/pkcs11.conf.example.in \ + $(top_srcdir)/trust/test-init.sh.in \ + $(top_srcdir)/trust/trust-extract-compat.in ABOUT-NLS AUTHORS \ + COPYING ChangeLog NEWS README build/litter/compile \ + build/litter/config.guess build/litter/config.rpath \ + build/litter/config.sub build/litter/depcomp \ + build/litter/install-sh build/litter/ltmain.sh \ + build/litter/missing +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +GZIP_ENV = --best +DIST_ARCHIVES = $(distdir).tar.xz +DIST_TARGETS = dist-xz +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GTKDOC_SCAN = @GTKDOC_SCAN@ +HASH_LIBS = @HASH_LIBS@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@ +LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11KIT_LT_RELEASE = @P11KIT_LT_RELEASE@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SHLEXT = @SHLEXT@ +STRIP = @STRIP@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bashcompdir = @bashcompdir@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +closures = @closures@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +p11_module_path = @p11_module_path@ +p11_package_config_modules = @p11_package_config_modules@ +p11_system_config = @p11_system_config@ +p11_system_config_file = @p11_system_config_file@ +p11_system_config_modules = @p11_system_config_modules@ +p11_user_config = @p11_user_config@ +p11_user_config_file = @p11_user_config_file@ +p11_user_config_modules = @p11_user_config_modules@ +pdfdir = @pdfdir@ +prefix = @prefix@ +privatedir = @privatedir@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +systemduserunitdir = @systemduserunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +with_trust_paths = @with_trust_paths@ +NULL = +AM_CPPFLAGS = \ + -I$(top_srcdir) \ + -I$(top_srcdir)/common \ + -DBINDIR=\"$(bindir)\" \ + -DBUILDDIR=\"$(abs_builddir)\" \ + -DDATA_DIR=\"$(datadir)\" \ + -DPRIVATEDIR=\"$(privatedir)\" \ + -DSRCDIR=\"$(abs_srcdir)\" \ + -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DP11_KIT_FUTURE_UNSTABLE_API + +check_SCRIPTS = $(sh_tests) +check_LTLIBRARIES = libp11-test.la $(NULL) libp11-kit-testable.la \ + libp11-kit-pkcs11-gnu.la $(NULL) mock-one.la mock-two.la \ + mock-three.la mock-four.la mock-five.la mock-seven.la \ + mock-eight.la mock-nine.la mock-ten.la $(am__append_10) \ + $(am__append_12) +SUFFIXES = .h .gnu.c $(am__append_17) +BUILT_SOURCES = p11-kit/virtual-fixed-generated.h $(NULL) \ + $(pkcs11_gnu_sources) $(am__append_18) +CLEANFILES = p11-kit/virtual-fixed-generated.h $(NULL) \ + $(pkcs11_gnu_sources) $(am__append_7) +EXTRA_DIST = CONTRIBUTING.md meson.build meson_options.txt \ + po/meson.build doc/manual/meson.build \ + doc/manual/userdir.xml.in doc/manual/sysdir.xml.in \ + doc/manual/version.xml.in bash-completion common/meson.build \ + p11-kit/docs.h p11-kit/gen-pkcs11-gnu.sh \ + p11-kit/gen-virtual-fixed.sh p11-kit/meson.build \ + p11-kit/meson_post_install.sh p11-kit/libp11-kit.map \ + p11-kit/libp11-kit-0.dll.def p11-kit/p11-module.map \ + p11-kit/p11-module.def p11-kit/pkcs11-gnu.c $(NULL) \ + p11-kit/p11-kit-server.socket \ + p11-kit/p11-kit-server.service.in p11-kit/fixtures \ + p11-kit/test-mock.c p11-kit/test-messages.sh \ + p11-kit/test-server.sh $(NULL) $(am__append_16) +incdir = $(includedir)/p11-kit-1/p11-kit +inc_HEADERS = common/pkcs11.h common/pkcs11x.h $(NULL) \ + p11-kit/deprecated.h p11-kit/iter.h p11-kit/p11-kit.h \ + p11-kit/pin.h p11-kit/remote.h p11-kit/uri.h $(NULL) +lib_LTLIBRARIES = libp11-kit.la +noinst_LTLIBRARIES = libp11-common.la libp11-library.la libp11-tool.la \ + $(NULL) libp11-kit-internal.la $(NULL) $(am__append_11) +noinst_SCRIPTS = $(am__append_21) +c_tests = test-tests test-compat test-hash test-dict test-array \ + test-constants test-attrs test-buffer test-url test-path \ + test-lexer test-message test-argv test-runtime $(NULL) \ + test-progname test-util test-conf test-uri test-pin test-init \ + test-modules test-deprecated test-proxy test-iter test-rpc \ + $(NULL) $(am__append_8) test-virtual test-managed test-log \ + test-filter test-transport $(NULL) $(am__append_19) +sh_tests = $(am__append_9) p11-kit/test-messages.sh +moduledir = $(p11_module_path) +module_LTLIBRARIES = $(am__append_5) $(am__append_13) +bashcomp_DATA = $(am__append_6) $(am__append_15) +libp11_common_la_SOURCES = \ + common/argv.c common/argv.h \ + common/attrs.c common/attrs.h \ + common/array.c common/array.h \ + common/buffer.c common/buffer.h \ + common/compat.c common/compat.h \ + common/constants.c common/constants.h \ + common/debug.c common/debug.h \ + common/dict.c common/dict.h \ + common/hash.c common/hash.h \ + common/lexer.c common/lexer.h \ + common/message.c common/message.h \ + common/path.c common/path.h \ + common/pkcs11.h common/pkcs11x.h common/pkcs11i.h \ + common/runtime.c common/runtime.h \ + common/url.c common/url.h \ + common/vsock.c common/vsock.h \ + common/init.h \ + $(NULL) + +libp11_library_la_SOURCES = \ + common/library.c common/library.h \ + $(NULL) + +libp11_test_la_SOURCES = \ + common/mock.c common/mock.h \ + common/test.c common/test.h \ + $(NULL) + +libp11_tool_la_SOURCES = common/tool.c common/tool.h $(NULL) \ + $(am__append_1) + +# Tests ---------------------------------------------------------------- +common_LIBS = \ + libp11-test.la \ + libp11-common.la \ + $(NULL) + +test_argv_SOURCES = common/test-argv.c +test_argv_LDADD = $(common_LIBS) +test_array_SOURCES = common/test-array.c +test_array_LDADD = $(common_LIBS) +test_attrs_SOURCES = common/test-attrs.c +test_attrs_LDADD = $(common_LIBS) +test_buffer_SOURCES = common/test-buffer.c +test_buffer_LDADD = $(common_LIBS) +test_compat_SOURCES = common/test-compat.c +test_compat_LDADD = $(common_LIBS) +test_constants_SOURCES = common/test-constants.c +test_constants_LDADD = $(common_LIBS) +test_dict_SOURCES = common/test-dict.c +test_dict_LDADD = $(common_LIBS) +test_hash_SOURCES = common/test-hash.c +test_hash_LDADD = $(common_LIBS) +test_lexer_SOURCES = common/test-lexer.c +test_lexer_LDADD = $(common_LIBS) +test_message_SOURCES = common/test-message.c +test_message_LDADD = $(common_LIBS) +test_path_SOURCES = common/test-path.c +test_path_LDADD = $(common_LIBS) +test_tests_SOURCES = common/test-tests.c +test_tests_LDADD = $(common_LIBS) +test_url_SOURCES = common/test-url.c +test_url_LDADD = $(common_LIBS) +test_runtime_SOURCES = common/test-runtime.c +test_runtime_LDADD = $(common_LIBS) +common_frob_getauxval_SOURCES = common/frob-getauxval.c +common_frob_getauxval_LDADD = $(common_LIBS) +common_frob_getenv_SOURCES = common/frob-getenv.c +common_frob_getenv_LDADD = $(common_LIBS) +@OS_WIN32_FALSE@common_frob_getprogname_SOURCES = common/frob-getprogname.c +@OS_WIN32_FALSE@common_frob_getprogname_LDADD = $(common_LIBS) +COMMON_SRCS = \ + p11-kit/util.c \ + p11-kit/conf.c p11-kit/conf.h \ + p11-kit/iter.c \ + p11-kit/log.c p11-kit/log.h \ + p11-kit/filter.c p11-kit/filter.h \ + p11-kit/modules.c p11-kit/modules.h \ + p11-kit/pkcs11.h \ + p11-kit/pin.c \ + p11-kit/pkcs11.h \ + p11-kit/private.h \ + p11-kit/messages.c \ + p11-kit/rpc-transport.c p11-kit/rpc.h \ + p11-kit/rpc-message.c p11-kit/rpc-message.h \ + p11-kit/rpc-client.c \ + p11-kit/uri.c \ + p11-kit/virtual.c p11-kit/virtual.h \ + p11-kit/virtual-fixed.h \ + $(inc_HEADERS) + +COMMON_CFLAGS = \ + -DP11_SYSTEM_CONFIG_FILE=\""$(p11_system_config_file)"\" \ + -DP11_SYSTEM_CONFIG_MODULES=\""$(p11_system_config_modules)"\" \ + -DP11_PACKAGE_CONFIG_MODULES=\""$(p11_package_config_modules)"\" \ + -DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \ + -DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \ + -DP11_MODULE_PATH=\""$(p11_module_path)"\" \ + $(LIBFFI_CFLAGS) \ + $(NULL) + +COMMON_LIBS = \ + libp11-common.la \ + libp11-library.la \ + $(LIBFFI_LIBS) \ + $(LTLIBINTL) \ + $(NULL) + +libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) +libp11_kit_la_LDFLAGS = -no-undefined -version-info \ + $(P11KIT_LT_RELEASE) $(am__append_3) $(am__append_4) +libp11_kit_la_SOURCES = \ + p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c \ + p11-kit/rpc-server.c \ + $(NULL) + +libp11_kit_la_LIBADD = \ + libp11-kit-internal.la \ + $(COMMON_LIBS) \ + $(NULL) + +libp11_kit_internal_la_LDFLAGS = -no-undefined +libp11_kit_internal_la_CFLAGS = $(COMMON_CFLAGS) +libp11_kit_internal_la_SOURCES = $(COMMON_SRCS) +libp11_kit_testable_la_LDFLAGS = -no-undefined +libp11_kit_testable_la_SOURCES = \ + $(libp11_kit_internal_la_SOURCES) \ + $(libp11_kit_la_SOURCES) \ + $(NULL) + +libp11_kit_testable_la_LIBADD = $(COMMON_LIBS) +pkcs11_gnu_sources = \ + p11-kit/uri.gnu.c \ + p11-kit/iter.gnu.c \ + p11-kit/pin.gnu.c \ + $(NULL) + +libp11_kit_pkcs11_gnu_la_LDFLAGS = -no-undefined +libp11_kit_pkcs11_gnu_la_SOURCES = $(pkcs11_gnu_sources) +libp11_kit_pkcs11_gnu_la_CFLAGS = -DCRYPTOKI_GNU=1 -DP11_KIT_FUTURE_UNSTABLE_API=1 +@OS_WIN32_FALSE@libp11_kit_testable_la_CFLAGS = \ +@OS_WIN32_FALSE@ -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ +@OS_WIN32_FALSE@ -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules"\" \ +@OS_WIN32_FALSE@ -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules"\" \ +@OS_WIN32_FALSE@ -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ +@OS_WIN32_FALSE@ -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules"\" \ +@OS_WIN32_FALSE@ -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ +@OS_WIN32_FALSE@ $(LIBFFI_CFLAGS) \ +@OS_WIN32_FALSE@ $(NULL) + +@OS_WIN32_TRUE@libp11_kit_testable_la_CFLAGS = \ +@OS_WIN32_TRUE@ -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ +@OS_WIN32_TRUE@ -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules/win32"\" \ +@OS_WIN32_TRUE@ -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules/win32"\" \ +@OS_WIN32_TRUE@ -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ +@OS_WIN32_TRUE@ -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules/win32"\" \ +@OS_WIN32_TRUE@ -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ +@OS_WIN32_TRUE@ $(LIBFFI_CFLAGS) \ +@OS_WIN32_TRUE@ $(NULL) + +@OS_WIN32_FALSE@p11_kit_client_la_LDFLAGS = \ +@OS_WIN32_FALSE@ -no-undefined -module -avoid-version \ +@OS_WIN32_FALSE@ -version-info $(P11KIT_LT_RELEASE) \ +@OS_WIN32_FALSE@ -export-symbols-regex '^C_GetFunctionList' \ +@OS_WIN32_FALSE@ $(NULL) + +@OS_WIN32_FALSE@p11_kit_client_la_CFLAGS = $(COMMON_CFLAGS) +@OS_WIN32_FALSE@p11_kit_client_la_SOURCES = \ +@OS_WIN32_FALSE@ p11-kit/client.c p11-kit/client.h p11-kit/client-init.c \ +@OS_WIN32_FALSE@ $(NULL) + +@OS_WIN32_FALSE@p11_kit_client_la_LIBADD = $(libp11_kit_la_LIBADD) +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = p11-kit/p11-kit-1.pc +exampledir = $(p11_system_config) +example_DATA = p11-kit/pkcs11.conf.example +p11_kit_p11_kit_SOURCES = \ + p11-kit/lists.c \ + p11-kit/p11-kit.c \ + $(NULL) + +p11_kit_p11_kit_LDADD = \ + libp11-kit.la \ + libp11-tool.la \ + libp11-common.la \ + $(LTLIBINTL) \ + $(NULL) + +p11_kit_p11_kit_remote_SOURCES = \ + p11-kit/remote.c \ + $(NULL) + +p11_kit_p11_kit_remote_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit.la \ + $(NULL) + +p11_kit_p11_kit_remote_testable_SOURCES = $(p11_kit_p11_kit_remote_SOURCES) +p11_kit_p11_kit_remote_testable_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit-testable.la \ + $(NULL) + +p11_kit_p11_kit_server_SOURCES = \ + p11-kit/server.c \ + $(NULL) + +p11_kit_p11_kit_server_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit.la \ + $(LIBSYSTEMD_LIBS) \ + $(NULL) + +p11_kit_p11_kit_server_CFLAGS = \ + -DP11_KIT_REMOTE=\"p11-kit-remote\" \ + $(COMMON_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS) \ + $(NULL) + +p11_kit_p11_kit_server_testable_SOURCES = $(p11_kit_p11_kit_server_SOURCES) +p11_kit_p11_kit_server_testable_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit-testable.la \ + $(LIBSYSTEMD_LIBS) \ + $(NULL) + +p11_kit_p11_kit_server_testable_CFLAGS = \ + -DP11_KIT_REMOTE=\"p11-kit-remote-testable\" \ + $(COMMON_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS) \ + $(NULL) + +@WITH_SYSTEMD_TRUE@systemduserunit_DATA = \ +@WITH_SYSTEMD_TRUE@ p11-kit/p11-kit-server.socket \ +@WITH_SYSTEMD_TRUE@ p11-kit/p11-kit-server.service \ +@WITH_SYSTEMD_TRUE@ $(NULL) + + +# Tests ---------------------------------------------------------------- +p11_kit_LIBS = \ + libp11-kit-testable.la \ + libp11-test.la \ + libp11-common.la \ + $(LTLIBINTL) + +test_conf_SOURCES = p11-kit/test-conf.c +test_conf_LDADD = $(p11_kit_LIBS) +test_deprecated_SOURCES = p11-kit/test-deprecated.c +test_deprecated_LDADD = $(p11_kit_LIBS) +test_deprecated_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) +test_init_SOURCES = p11-kit/test-init.c +test_init_LDADD = $(p11_kit_LIBS) +test_init_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) +test_iter_SOURCES = p11-kit/test-iter.c +test_iter_LDADD = $(p11_kit_LIBS) +test_modules_SOURCES = p11-kit/test-modules.c +test_modules_LDADD = $(p11_kit_LIBS) +test_pin_SOURCES = p11-kit/test-pin.c +test_pin_LDADD = $(p11_kit_LIBS) +test_progname_SOURCES = p11-kit/test-progname.c +test_progname_LDADD = $(p11_kit_LIBS) +test_proxy_SOURCES = p11-kit/test-proxy.c +test_proxy_LDADD = $(p11_kit_LIBS) +test_rpc_SOURCES = p11-kit/test-rpc.c +test_rpc_LDADD = $(p11_kit_LIBS) +test_server_SOURCES = p11-kit/test-server.c +test_server_LDADD = $(p11_kit_LIBS) +test_server_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) +test_uri_SOURCES = p11-kit/test-uri.c +test_uri_LDADD = $(p11_kit_LIBS) +test_util_SOURCES = p11-kit/test-util.c +test_util_LDADD = $(p11_kit_LIBS) +p11_kit_print_messages_SOURCES = p11-kit/print-messages.c +p11_kit_print_messages_LDADD = $(p11_kit_LIBS) +p11_kit_frob_setuid_SOURCES = p11-kit/frob-setuid.c +p11_kit_frob_setuid_LDADD = $(p11_kit_LIBS) +test_log_SOURCES = p11-kit/test-log.c +test_log_LDADD = $(p11_kit_LIBS) +test_filter_SOURCES = p11-kit/test-filter.c +test_filter_LDADD = $(p11_kit_LIBS) +test_managed_SOURCES = p11-kit/test-managed.c +test_managed_LDADD = $(p11_kit_LIBS) +test_transport_SOURCES = p11-kit/test-transport.c +test_transport_LDADD = $(p11_kit_LIBS) +test_transport_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) +test_virtual_SOURCES = p11-kit/test-virtual.c +test_virtual_LDADD = $(p11_kit_LIBS) +mock_one_la_SOURCES = p11-kit/mock-module-ep.c +mock_one_la_LIBADD = libp11-test.la libp11-common.la +mock_one_la_LDFLAGS = \ + -module -avoid-version -rpath /nowhere \ + -no-undefined -export-symbols-regex 'C_GetFunctionList' + +mock_two_la_SOURCES = p11-kit/mock-module-ep2.c +mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_two_la_LIBADD = $(mock_one_la_LIBADD) +mock_three_la_SOURCES = $(mock_one_la_SOURCES) +mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_three_la_LIBADD = $(mock_one_la_LIBADD) +mock_four_la_SOURCES = $(mock_one_la_SOURCES) +mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_four_la_LIBADD = $(mock_one_la_LIBADD) +mock_five_la_SOURCES = p11-kit/mock-module-ep3.c +mock_five_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_five_la_LIBADD = $(mock_one_la_LIBADD) +@OS_WIN32_FALSE@mock_six_la_SOURCES = p11-kit/mock-module-ep4.c +@OS_WIN32_FALSE@mock_six_la_LDFLAGS = $(mock_one_la_LDFLAGS) +@OS_WIN32_FALSE@mock_six_la_LIBADD = $(mock_one_la_LIBADD) +mock_seven_la_SOURCES = p11-kit/mock-module-ep5.c +mock_seven_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_seven_la_LIBADD = $(mock_one_la_LIBADD) +mock_eight_la_SOURCES = p11-kit/mock-module-ep6.c +mock_eight_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_eight_la_LIBADD = $(mock_one_la_LIBADD) +mock_nine_la_SOURCES = p11-kit/mock-module-ep7.c +mock_nine_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_nine_la_LIBADD = $(mock_one_la_LIBADD) +mock_ten_la_SOURCES = p11-kit/mock-module-ep8.c +mock_ten_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_ten_la_LIBADD = $(mock_one_la_LIBADD) +@WITH_TRUST_MODULE_TRUE@libtrust_data_la_SOURCES = \ +@WITH_TRUST_MODULE_TRUE@ trust/asn1.c trust/asn1.h \ +@WITH_TRUST_MODULE_TRUE@ trust/base64.c trust/base64.h \ +@WITH_TRUST_MODULE_TRUE@ trust/pem.c trust/pem.h \ +@WITH_TRUST_MODULE_TRUE@ trust/oid.c trust/oid.h \ +@WITH_TRUST_MODULE_TRUE@ trust/utf8.c trust/utf8.h \ +@WITH_TRUST_MODULE_TRUE@ trust/x509.c trust/x509.h \ +@WITH_TRUST_MODULE_TRUE@ $(asn_h) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@libtrust_data_la_CFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_CFLAGS) + +@WITH_TRUST_MODULE_TRUE@libtrust_data_la_LIBADD = \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@TRUST_SRCS = \ +@WITH_TRUST_MODULE_TRUE@ trust/builder.c trust/builder.h \ +@WITH_TRUST_MODULE_TRUE@ trust/digest.c trust/digest.h \ +@WITH_TRUST_MODULE_TRUE@ trust/index.c trust/index.h \ +@WITH_TRUST_MODULE_TRUE@ trust/parser.c trust/parser.h \ +@WITH_TRUST_MODULE_TRUE@ trust/persist.c trust/persist.h \ +@WITH_TRUST_MODULE_TRUE@ trust/module.c trust/module.h \ +@WITH_TRUST_MODULE_TRUE@ trust/save.c trust/save.h \ +@WITH_TRUST_MODULE_TRUE@ trust/session.c trust/session.h \ +@WITH_TRUST_MODULE_TRUE@ trust/token.c trust/token.h \ +@WITH_TRUST_MODULE_TRUE@ trust/types.h \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@configdir = $(p11_package_config_modules) +@WITH_TRUST_MODULE_TRUE@config_DATA = trust/p11-kit-trust.module +@WITH_TRUST_MODULE_TRUE@p11_kit_trust_la_CFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ -DP11_DEFAULT_TRUST_PREFIX=DATA_DIR \ +@WITH_TRUST_MODULE_TRUE@ -DP11_SYSTEM_TRUST_PREFIX=SYSCONFDIR \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_CFLAGS) + +@WITH_TRUST_MODULE_TRUE@p11_kit_trust_la_LIBADD = \ +@WITH_TRUST_MODULE_TRUE@ libtrust-data.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-library.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-common.la \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(HASH_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@p11_kit_trust_la_LDFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ -no-undefined -module -avoid-version \ +@WITH_TRUST_MODULE_TRUE@ -version-info $(P11KIT_LT_RELEASE) \ +@WITH_TRUST_MODULE_TRUE@ -export-symbols-regex 'C_GetFunctionList' \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c +@WITH_TRUST_MODULE_TRUE@libtrust_testable_la_LDFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ -no-undefined + +@WITH_TRUST_MODULE_TRUE@libtrust_testable_la_SOURCES = $(TRUST_SRCS) +@WITH_TRUST_MODULE_TRUE@libtrust_testable_la_CFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ -DP11_DEFAULT_TRUST_PREFIX=\"$(builddir)/trust/default\" \ +@WITH_TRUST_MODULE_TRUE@ -DP11_SYSTEM_TRUST_PREFIX=\"$(builddir)/trust/system\" \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_CFLAGS) + +@WITH_TRUST_MODULE_TRUE@libtrust_testable_la_LIBADD = \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_LIBS) + +@WITH_TRUST_MODULE_TRUE@trust_trust_LDADD = \ +@WITH_TRUST_MODULE_TRUE@ libtrust-data.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-kit.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-common.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-tool.la \ +@WITH_TRUST_MODULE_TRUE@ $(LTLIBINTL) \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(HASH_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@trust_trust_CFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ -DP11_KIT_FUTURE_UNSTABLE_API \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_CFLAGS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@trust_trust_SOURCES = \ +@WITH_TRUST_MODULE_TRUE@ trust/anchor.c trust/anchor.h \ +@WITH_TRUST_MODULE_TRUE@ trust/parser.c trust/parser.h \ +@WITH_TRUST_MODULE_TRUE@ trust/persist.c trust/persist.h \ +@WITH_TRUST_MODULE_TRUE@ trust/digest.c trust/digest.h \ +@WITH_TRUST_MODULE_TRUE@ trust/dump.c trust/dump.h \ +@WITH_TRUST_MODULE_TRUE@ trust/enumerate.c trust/enumerate.h \ +@WITH_TRUST_MODULE_TRUE@ trust/extract.c trust/extract.h \ +@WITH_TRUST_MODULE_TRUE@ trust/extract-jks.c \ +@WITH_TRUST_MODULE_TRUE@ trust/extract-edk2.c \ +@WITH_TRUST_MODULE_TRUE@ trust/extract-openssl.c \ +@WITH_TRUST_MODULE_TRUE@ trust/extract-pem.c \ +@WITH_TRUST_MODULE_TRUE@ trust/extract-cer.c \ +@WITH_TRUST_MODULE_TRUE@ trust/list.c trust/list.h \ +@WITH_TRUST_MODULE_TRUE@ trust/save.c trust/save.h \ +@WITH_TRUST_MODULE_TRUE@ trust/trust.c \ +@WITH_TRUST_MODULE_TRUE@ $(asn_h) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@externaldir = $(privatedir) +@WITH_TRUST_MODULE_TRUE@external_SCRIPTS = \ +@WITH_TRUST_MODULE_TRUE@ trust/trust-extract-compat + +@WITH_TRUST_MODULE_TRUE@asn_h = \ +@WITH_TRUST_MODULE_TRUE@ trust/basic.asn.h \ +@WITH_TRUST_MODULE_TRUE@ trust/openssl.asn.h \ +@WITH_TRUST_MODULE_TRUE@ trust/pkix.asn.h + + +# Tests ---------------------------------------------------------------- +@WITH_TRUST_MODULE_TRUE@trust_CFLAGS = \ +@WITH_TRUST_MODULE_TRUE@ $(libtrust_testable_la_CFLAGS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@trust_LIBS = \ +@WITH_TRUST_MODULE_TRUE@ libtrust-testable.la \ +@WITH_TRUST_MODULE_TRUE@ libtrust-data.la \ +@WITH_TRUST_MODULE_TRUE@ libtrust-test.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-kit.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-library.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-test.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-common.la \ +@WITH_TRUST_MODULE_TRUE@ $(LIBTASN1_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(HASH_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@libtrust_test_la_SOURCES = \ +@WITH_TRUST_MODULE_TRUE@ trust/test-trust.c trust/test-trust.h \ +@WITH_TRUST_MODULE_TRUE@ trust/digest.c \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@test_asn1_SOURCES = trust/test-asn1.c +@WITH_TRUST_MODULE_TRUE@test_asn1_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_asn1_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_base64_SOURCES = trust/test-base64.c +@WITH_TRUST_MODULE_TRUE@test_base64_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_base64_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_builder_SOURCES = trust/test-builder.c +@WITH_TRUST_MODULE_TRUE@test_builder_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_builder_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_bundle_SOURCES = trust/test-bundle.c +@WITH_TRUST_MODULE_TRUE@test_bundle_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_bundle_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_cer_SOURCES = trust/test-cer.c +@WITH_TRUST_MODULE_TRUE@test_cer_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_cer_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_digest_SOURCES = trust/test-digest.c +@WITH_TRUST_MODULE_TRUE@test_digest_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_digest_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_enumerate_SOURCES = trust/test-enumerate.c +@WITH_TRUST_MODULE_TRUE@test_enumerate_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_enumerate_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_index_SOURCES = trust/test-index.c +@WITH_TRUST_MODULE_TRUE@test_index_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_index_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_module_SOURCES = trust/test-module.c +@WITH_TRUST_MODULE_TRUE@test_module_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_module_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_oid_SOURCES = trust/test-oid.c +@WITH_TRUST_MODULE_TRUE@test_oid_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_oid_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_openssl_SOURCES = trust/test-openssl.c +@WITH_TRUST_MODULE_TRUE@test_openssl_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_openssl_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_edk2_SOURCES = trust/test-edk2.c +@WITH_TRUST_MODULE_TRUE@test_edk2_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_edk2_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_jks_SOURCES = trust/test-jks.c +@WITH_TRUST_MODULE_TRUE@test_jks_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_jks_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_parser_SOURCES = trust/test-parser.c +@WITH_TRUST_MODULE_TRUE@test_parser_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_parser_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_pem_SOURCES = trust/test-pem.c +@WITH_TRUST_MODULE_TRUE@test_pem_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_persist_SOURCES = trust/test-persist.c +@WITH_TRUST_MODULE_TRUE@test_persist_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_save_SOURCES = trust/test-save.c +@WITH_TRUST_MODULE_TRUE@test_save_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_token_SOURCES = trust/test-token.c +@WITH_TRUST_MODULE_TRUE@test_token_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_token_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@test_utf8_SOURCES = trust/test-utf8.c +@WITH_TRUST_MODULE_TRUE@test_utf8_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_x509_SOURCES = trust/test-x509.c +@WITH_TRUST_MODULE_TRUE@test_x509_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@test_x509_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_bc_SOURCES = trust/frob-bc.c +@WITH_TRUST_MODULE_TRUE@frob_bc_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_bc_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_cert_SOURCES = trust/frob-cert.c +@WITH_TRUST_MODULE_TRUE@frob_cert_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_cert_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_eku_SOURCES = trust/frob-eku.c +@WITH_TRUST_MODULE_TRUE@frob_eku_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_eku_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_ext_SOURCES = trust/frob-ext.c +@WITH_TRUST_MODULE_TRUE@frob_ext_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_ext_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_ku_SOURCES = trust/frob-ku.c +@WITH_TRUST_MODULE_TRUE@frob_ku_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_ku_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_nss_trust_SOURCES = trust/frob-nss-trust.c +@WITH_TRUST_MODULE_TRUE@frob_nss_trust_LDADD = \ +@WITH_TRUST_MODULE_TRUE@ libp11-common.la \ +@WITH_TRUST_MODULE_TRUE@ libp11-kit.la \ +@WITH_TRUST_MODULE_TRUE@ $(HASH_LIBS) \ +@WITH_TRUST_MODULE_TRUE@ $(NULL) + +@WITH_TRUST_MODULE_TRUE@frob_oid_SOURCES = trust/frob-oid.c +@WITH_TRUST_MODULE_TRUE@frob_oid_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_oid_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_pow_SOURCES = trust/frob-pow.c +@WITH_TRUST_MODULE_TRUE@frob_pow_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_pow_CFLAGS = $(trust_CFLAGS) +@WITH_TRUST_MODULE_TRUE@frob_token_SOURCES = trust/frob-token.c +@WITH_TRUST_MODULE_TRUE@frob_token_LDADD = $(trust_LIBS) +@WITH_TRUST_MODULE_TRUE@frob_token_CFLAGS = $(trust_CFLAGS) +SUBDIRS = . doc po +ACLOCAL_AMFLAGS = -I build/m4 +DISTCHECK_CONFIGURE_FLAGS = \ + --enable-doc \ + --without-systemd \ + --without-bash-completion \ + --disable-coverage \ + --enable-strict \ + CFLAGS='-O2' + +AM_TESTS_ENVIRONMENT = \ + abs_top_builddir="$(abs_top_builddir)"; \ + export abs_top_builddir; \ + P11_MODULE_PATH="$(abs_top_builddir)/.libs"; \ + export P11_MODULE_PATH; + +AM_TESTS_FD_REDIRECT = 9>&2; +LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \ + $(top_srcdir)/build/litter/tap-driver.sh + +LOG_DRIVER_FLAGS = --comments --ignore-exit +MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet +LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes +HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind +all: $(BUILT_SOURCES) config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +.SUFFIXES: .h .gnu.c .asn .asn.h .c .lo .log .o .obj .test .test$(EXEEXT) .trs +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/common/Makefile.am $(srcdir)/p11-kit/Makefile.am $(srcdir)/trust/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ + esac; +$(srcdir)/common/Makefile.am $(srcdir)/p11-kit/Makefile.am $(srcdir)/trust/Makefile.am $(am__empty): + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @test -f $@ || rm -f stamp-h1 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 +p11-kit/p11-kit-1.pc: $(top_builddir)/config.status $(top_srcdir)/p11-kit/p11-kit-1.pc.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +p11-kit/pkcs11.conf.example: $(top_builddir)/config.status $(top_srcdir)/p11-kit/pkcs11.conf.example.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +trust/trust-extract-compat: $(top_builddir)/config.status $(top_srcdir)/trust/trust-extract-compat.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +trust/test-init.sh: $(top_builddir)/config.status $(top_srcdir)/trust/test-init.sh.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +install-privatePROGRAMS: $(private_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(private_PROGRAMS)'; test -n "$(privatedir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(privatedir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(privatedir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(privatedir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(privatedir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-privatePROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(private_PROGRAMS)'; test -n "$(privatedir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(privatedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(privatedir)" && rm -f $$files + +clean-privatePROGRAMS: + @list='$(private_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-checkLTLIBRARIES: + -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) + @list='$(check_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-moduleLTLIBRARIES: $(module_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(module_LTLIBRARIES)'; test -n "$(moduledir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(moduledir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(moduledir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(moduledir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(moduledir)"; \ + } + +uninstall-moduleLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(module_LTLIBRARIES)'; test -n "$(moduledir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(moduledir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(moduledir)/$$f"; \ + done + +clean-moduleLTLIBRARIES: + -test -z "$(module_LTLIBRARIES)" || rm -f $(module_LTLIBRARIES) + @list='$(module_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +common/$(am__dirstamp): + @$(MKDIR_P) common + @: > common/$(am__dirstamp) +common/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) common/$(DEPDIR) + @: > common/$(DEPDIR)/$(am__dirstamp) +common/argv.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/attrs.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/array.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/buffer.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/compat.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/constants.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/debug.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/dict.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/hash.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/lexer.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/message.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/path.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/runtime.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/url.lo: common/$(am__dirstamp) common/$(DEPDIR)/$(am__dirstamp) +common/vsock.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +libp11-common.la: $(libp11_common_la_OBJECTS) $(libp11_common_la_DEPENDENCIES) $(EXTRA_libp11_common_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libp11_common_la_OBJECTS) $(libp11_common_la_LIBADD) $(LIBS) +p11-kit/$(am__dirstamp): + @$(MKDIR_P) p11-kit + @: > p11-kit/$(am__dirstamp) +p11-kit/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) p11-kit/$(DEPDIR) + @: > p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-util.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-conf.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-iter.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-log.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-filter.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-modules.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-pin.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-messages.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-rpc-transport.lo: \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-rpc-message.lo: \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-rpc-client.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-uri.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_internal_la-virtual.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +libp11-kit-internal.la: $(libp11_kit_internal_la_OBJECTS) $(libp11_kit_internal_la_DEPENDENCIES) $(EXTRA_libp11_kit_internal_la_DEPENDENCIES) + $(AM_V_CCLD)$(libp11_kit_internal_la_LINK) $(libp11_kit_internal_la_OBJECTS) $(libp11_kit_internal_la_LIBADD) $(LIBS) +p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +libp11-kit-pkcs11-gnu.la: $(libp11_kit_pkcs11_gnu_la_OBJECTS) $(libp11_kit_pkcs11_gnu_la_DEPENDENCIES) $(EXTRA_libp11_kit_pkcs11_gnu_la_DEPENDENCIES) + $(AM_V_CCLD)$(libp11_kit_pkcs11_gnu_la_LINK) $(libp11_kit_pkcs11_gnu_la_OBJECTS) $(libp11_kit_pkcs11_gnu_la_LIBADD) $(LIBS) +p11-kit/libp11_kit_testable_la-util.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-conf.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-iter.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-log.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-filter.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-modules.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-pin.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-messages.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-rpc-transport.lo: \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-rpc-message.lo: \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-rpc-client.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-uri.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-virtual.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-proxy.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-proxy-init.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_testable_la-rpc-server.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +libp11-kit-testable.la: $(libp11_kit_testable_la_OBJECTS) $(libp11_kit_testable_la_DEPENDENCIES) $(EXTRA_libp11_kit_testable_la_DEPENDENCIES) + $(AM_V_CCLD)$(libp11_kit_testable_la_LINK) $(libp11_kit_testable_la_OBJECTS) $(libp11_kit_testable_la_LIBADD) $(LIBS) +p11-kit/libp11_kit_la-proxy.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_la-proxy-init.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/libp11_kit_la-rpc-server.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +libp11-kit.la: $(libp11_kit_la_OBJECTS) $(libp11_kit_la_DEPENDENCIES) $(EXTRA_libp11_kit_la_DEPENDENCIES) + $(AM_V_CCLD)$(libp11_kit_la_LINK) -rpath $(libdir) $(libp11_kit_la_OBJECTS) $(libp11_kit_la_LIBADD) $(LIBS) +common/library.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +libp11-library.la: $(libp11_library_la_OBJECTS) $(libp11_library_la_DEPENDENCIES) $(EXTRA_libp11_library_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libp11_library_la_OBJECTS) $(libp11_library_la_LIBADD) $(LIBS) +common/mock.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/test.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +libp11-test.la: $(libp11_test_la_OBJECTS) $(libp11_test_la_DEPENDENCIES) $(EXTRA_libp11_test_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libp11_test_la_OBJECTS) $(libp11_test_la_LIBADD) $(LIBS) +common/tool.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) +common/unix-peer.lo: common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +libp11-tool.la: $(libp11_tool_la_OBJECTS) $(libp11_tool_la_DEPENDENCIES) $(EXTRA_libp11_tool_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libp11_tool_la_OBJECTS) $(libp11_tool_la_LIBADD) $(LIBS) +trust/$(am__dirstamp): + @$(MKDIR_P) trust + @: > trust/$(am__dirstamp) +trust/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) trust/$(DEPDIR) + @: > trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_data_la-asn1.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_data_la-base64.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_data_la-pem.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_data_la-oid.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_data_la-utf8.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_data_la-x509.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +libtrust-data.la: $(libtrust_data_la_OBJECTS) $(libtrust_data_la_DEPENDENCIES) $(EXTRA_libtrust_data_la_DEPENDENCIES) + $(AM_V_CCLD)$(libtrust_data_la_LINK) $(am_libtrust_data_la_rpath) $(libtrust_data_la_OBJECTS) $(libtrust_data_la_LIBADD) $(LIBS) +trust/test-trust.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/digest.lo: trust/$(am__dirstamp) trust/$(DEPDIR)/$(am__dirstamp) + +libtrust-test.la: $(libtrust_test_la_OBJECTS) $(libtrust_test_la_DEPENDENCIES) $(EXTRA_libtrust_test_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(am_libtrust_test_la_rpath) $(libtrust_test_la_OBJECTS) $(libtrust_test_la_LIBADD) $(LIBS) +trust/libtrust_testable_la-builder.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-digest.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-index.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-parser.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-persist.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-module.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-save.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-session.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/libtrust_testable_la-token.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +libtrust-testable.la: $(libtrust_testable_la_OBJECTS) $(libtrust_testable_la_DEPENDENCIES) $(EXTRA_libtrust_testable_la_DEPENDENCIES) + $(AM_V_CCLD)$(libtrust_testable_la_LINK) $(am_libtrust_testable_la_rpath) $(libtrust_testable_la_OBJECTS) $(libtrust_testable_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep6.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-eight.la: $(mock_eight_la_OBJECTS) $(mock_eight_la_DEPENDENCIES) $(EXTRA_mock_eight_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_eight_la_LINK) $(mock_eight_la_OBJECTS) $(mock_eight_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep3.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-five.la: $(mock_five_la_OBJECTS) $(mock_five_la_DEPENDENCIES) $(EXTRA_mock_five_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_five_la_LINK) $(mock_five_la_OBJECTS) $(mock_five_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-four.la: $(mock_four_la_OBJECTS) $(mock_four_la_DEPENDENCIES) $(EXTRA_mock_four_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_four_la_LINK) $(mock_four_la_OBJECTS) $(mock_four_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep7.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-nine.la: $(mock_nine_la_OBJECTS) $(mock_nine_la_DEPENDENCIES) $(EXTRA_mock_nine_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_nine_la_LINK) $(mock_nine_la_OBJECTS) $(mock_nine_la_LIBADD) $(LIBS) + +mock-one.la: $(mock_one_la_OBJECTS) $(mock_one_la_DEPENDENCIES) $(EXTRA_mock_one_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_one_la_LINK) $(mock_one_la_OBJECTS) $(mock_one_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep5.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-seven.la: $(mock_seven_la_OBJECTS) $(mock_seven_la_DEPENDENCIES) $(EXTRA_mock_seven_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_seven_la_LINK) $(mock_seven_la_OBJECTS) $(mock_seven_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep4.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-six.la: $(mock_six_la_OBJECTS) $(mock_six_la_DEPENDENCIES) $(EXTRA_mock_six_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_six_la_LINK) $(am_mock_six_la_rpath) $(mock_six_la_OBJECTS) $(mock_six_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep8.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-ten.la: $(mock_ten_la_OBJECTS) $(mock_ten_la_DEPENDENCIES) $(EXTRA_mock_ten_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_ten_la_LINK) $(mock_ten_la_OBJECTS) $(mock_ten_la_LIBADD) $(LIBS) + +mock-three.la: $(mock_three_la_OBJECTS) $(mock_three_la_DEPENDENCIES) $(EXTRA_mock_three_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_three_la_LINK) $(mock_three_la_OBJECTS) $(mock_three_la_LIBADD) $(LIBS) +p11-kit/mock-module-ep2.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +mock-two.la: $(mock_two_la_OBJECTS) $(mock_two_la_DEPENDENCIES) $(EXTRA_mock_two_la_DEPENDENCIES) + $(AM_V_CCLD)$(mock_two_la_LINK) $(mock_two_la_OBJECTS) $(mock_two_la_LIBADD) $(LIBS) +p11-kit/client_la-client.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/client_la-client-init.lo: p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit-client.la: $(p11_kit_client_la_OBJECTS) $(p11_kit_client_la_DEPENDENCIES) $(EXTRA_p11_kit_client_la_DEPENDENCIES) + $(AM_V_CCLD)$(p11_kit_client_la_LINK) $(am_p11_kit_client_la_rpath) $(p11_kit_client_la_OBJECTS) $(p11_kit_client_la_LIBADD) $(LIBS) +trust/p11_kit_trust_la-builder.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-digest.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-index.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-parser.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-persist.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-module.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-save.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-session.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-token.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/p11_kit_trust_la-module-init.lo: trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +p11-kit-trust.la: $(p11_kit_trust_la_OBJECTS) $(p11_kit_trust_la_DEPENDENCIES) $(EXTRA_p11_kit_trust_la_DEPENDENCIES) + $(AM_V_CCLD)$(p11_kit_trust_la_LINK) $(am_p11_kit_trust_la_rpath) $(p11_kit_trust_la_OBJECTS) $(p11_kit_trust_la_LIBADD) $(LIBS) +common/frob-getauxval.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +common/frob-getauxval$(EXEEXT): $(common_frob_getauxval_OBJECTS) $(common_frob_getauxval_DEPENDENCIES) $(EXTRA_common_frob_getauxval_DEPENDENCIES) common/$(am__dirstamp) + @rm -f common/frob-getauxval$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(common_frob_getauxval_OBJECTS) $(common_frob_getauxval_LDADD) $(LIBS) +common/frob-getenv.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +common/frob-getenv$(EXEEXT): $(common_frob_getenv_OBJECTS) $(common_frob_getenv_DEPENDENCIES) $(EXTRA_common_frob_getenv_DEPENDENCIES) common/$(am__dirstamp) + @rm -f common/frob-getenv$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(common_frob_getenv_OBJECTS) $(common_frob_getenv_LDADD) $(LIBS) +common/frob-getprogname.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +common/frob-getprogname$(EXEEXT): $(common_frob_getprogname_OBJECTS) $(common_frob_getprogname_DEPENDENCIES) $(EXTRA_common_frob_getprogname_DEPENDENCIES) common/$(am__dirstamp) + @rm -f common/frob-getprogname$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(common_frob_getprogname_OBJECTS) $(common_frob_getprogname_LDADD) $(LIBS) +trust/frob_bc-frob-bc.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-bc$(EXEEXT): $(frob_bc_OBJECTS) $(frob_bc_DEPENDENCIES) $(EXTRA_frob_bc_DEPENDENCIES) + @rm -f frob-bc$(EXEEXT) + $(AM_V_CCLD)$(frob_bc_LINK) $(frob_bc_OBJECTS) $(frob_bc_LDADD) $(LIBS) +trust/frob_cert-frob-cert.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-cert$(EXEEXT): $(frob_cert_OBJECTS) $(frob_cert_DEPENDENCIES) $(EXTRA_frob_cert_DEPENDENCIES) + @rm -f frob-cert$(EXEEXT) + $(AM_V_CCLD)$(frob_cert_LINK) $(frob_cert_OBJECTS) $(frob_cert_LDADD) $(LIBS) +trust/frob_eku-frob-eku.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-eku$(EXEEXT): $(frob_eku_OBJECTS) $(frob_eku_DEPENDENCIES) $(EXTRA_frob_eku_DEPENDENCIES) + @rm -f frob-eku$(EXEEXT) + $(AM_V_CCLD)$(frob_eku_LINK) $(frob_eku_OBJECTS) $(frob_eku_LDADD) $(LIBS) +trust/frob_ext-frob-ext.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-ext$(EXEEXT): $(frob_ext_OBJECTS) $(frob_ext_DEPENDENCIES) $(EXTRA_frob_ext_DEPENDENCIES) + @rm -f frob-ext$(EXEEXT) + $(AM_V_CCLD)$(frob_ext_LINK) $(frob_ext_OBJECTS) $(frob_ext_LDADD) $(LIBS) +trust/frob_ku-frob-ku.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-ku$(EXEEXT): $(frob_ku_OBJECTS) $(frob_ku_DEPENDENCIES) $(EXTRA_frob_ku_DEPENDENCIES) + @rm -f frob-ku$(EXEEXT) + $(AM_V_CCLD)$(frob_ku_LINK) $(frob_ku_OBJECTS) $(frob_ku_LDADD) $(LIBS) +trust/frob-nss-trust.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-nss-trust$(EXEEXT): $(frob_nss_trust_OBJECTS) $(frob_nss_trust_DEPENDENCIES) $(EXTRA_frob_nss_trust_DEPENDENCIES) + @rm -f frob-nss-trust$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(frob_nss_trust_OBJECTS) $(frob_nss_trust_LDADD) $(LIBS) +trust/frob_oid-frob-oid.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-oid$(EXEEXT): $(frob_oid_OBJECTS) $(frob_oid_DEPENDENCIES) $(EXTRA_frob_oid_DEPENDENCIES) + @rm -f frob-oid$(EXEEXT) + $(AM_V_CCLD)$(frob_oid_LINK) $(frob_oid_OBJECTS) $(frob_oid_LDADD) $(LIBS) +trust/frob_pow-frob-pow.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-pow$(EXEEXT): $(frob_pow_OBJECTS) $(frob_pow_DEPENDENCIES) $(EXTRA_frob_pow_DEPENDENCIES) + @rm -f frob-pow$(EXEEXT) + $(AM_V_CCLD)$(frob_pow_LINK) $(frob_pow_OBJECTS) $(frob_pow_LDADD) $(LIBS) +trust/frob_token-frob-token.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +frob-token$(EXEEXT): $(frob_token_OBJECTS) $(frob_token_DEPENDENCIES) $(EXTRA_frob_token_DEPENDENCIES) + @rm -f frob-token$(EXEEXT) + $(AM_V_CCLD)$(frob_token_LINK) $(frob_token_OBJECTS) $(frob_token_LDADD) $(LIBS) +p11-kit/frob-setuid.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit/frob-setuid$(EXEEXT): $(p11_kit_frob_setuid_OBJECTS) $(p11_kit_frob_setuid_DEPENDENCIES) $(EXTRA_p11_kit_frob_setuid_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/frob-setuid$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(p11_kit_frob_setuid_OBJECTS) $(p11_kit_frob_setuid_LDADD) $(LIBS) +p11-kit/lists.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) +p11-kit/p11-kit.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit/p11-kit$(EXEEXT): $(p11_kit_p11_kit_OBJECTS) $(p11_kit_p11_kit_DEPENDENCIES) $(EXTRA_p11_kit_p11_kit_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/p11-kit$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(p11_kit_p11_kit_OBJECTS) $(p11_kit_p11_kit_LDADD) $(LIBS) +p11-kit/remote.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit/p11-kit-remote$(EXEEXT): $(p11_kit_p11_kit_remote_OBJECTS) $(p11_kit_p11_kit_remote_DEPENDENCIES) $(EXTRA_p11_kit_p11_kit_remote_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/p11-kit-remote$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(p11_kit_p11_kit_remote_OBJECTS) $(p11_kit_p11_kit_remote_LDADD) $(LIBS) + +p11-kit/p11-kit-remote-testable$(EXEEXT): $(p11_kit_p11_kit_remote_testable_OBJECTS) $(p11_kit_p11_kit_remote_testable_DEPENDENCIES) $(EXTRA_p11_kit_p11_kit_remote_testable_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/p11-kit-remote-testable$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(p11_kit_p11_kit_remote_testable_OBJECTS) $(p11_kit_p11_kit_remote_testable_LDADD) $(LIBS) +p11-kit/p11_kit_server-server.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit/p11-kit-server$(EXEEXT): $(p11_kit_p11_kit_server_OBJECTS) $(p11_kit_p11_kit_server_DEPENDENCIES) $(EXTRA_p11_kit_p11_kit_server_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/p11-kit-server$(EXEEXT) + $(AM_V_CCLD)$(p11_kit_p11_kit_server_LINK) $(p11_kit_p11_kit_server_OBJECTS) $(p11_kit_p11_kit_server_LDADD) $(LIBS) +p11-kit/p11_kit_server_testable-server.$(OBJEXT): \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit/p11-kit-server-testable$(EXEEXT): $(p11_kit_p11_kit_server_testable_OBJECTS) $(p11_kit_p11_kit_server_testable_DEPENDENCIES) $(EXTRA_p11_kit_p11_kit_server_testable_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/p11-kit-server-testable$(EXEEXT) + $(AM_V_CCLD)$(p11_kit_p11_kit_server_testable_LINK) $(p11_kit_p11_kit_server_testable_OBJECTS) $(p11_kit_p11_kit_server_testable_LDADD) $(LIBS) +p11-kit/print-messages.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +p11-kit/print-messages$(EXEEXT): $(p11_kit_print_messages_OBJECTS) $(p11_kit_print_messages_DEPENDENCIES) $(EXTRA_p11_kit_print_messages_DEPENDENCIES) p11-kit/$(am__dirstamp) + @rm -f p11-kit/print-messages$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(p11_kit_print_messages_OBJECTS) $(p11_kit_print_messages_LDADD) $(LIBS) +common/test-argv.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-argv$(EXEEXT): $(test_argv_OBJECTS) $(test_argv_DEPENDENCIES) $(EXTRA_test_argv_DEPENDENCIES) + @rm -f test-argv$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_argv_OBJECTS) $(test_argv_LDADD) $(LIBS) +common/test-array.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-array$(EXEEXT): $(test_array_OBJECTS) $(test_array_DEPENDENCIES) $(EXTRA_test_array_DEPENDENCIES) + @rm -f test-array$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_array_OBJECTS) $(test_array_LDADD) $(LIBS) +trust/test_asn1-test-asn1.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-asn1$(EXEEXT): $(test_asn1_OBJECTS) $(test_asn1_DEPENDENCIES) $(EXTRA_test_asn1_DEPENDENCIES) + @rm -f test-asn1$(EXEEXT) + $(AM_V_CCLD)$(test_asn1_LINK) $(test_asn1_OBJECTS) $(test_asn1_LDADD) $(LIBS) +common/test-attrs.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-attrs$(EXEEXT): $(test_attrs_OBJECTS) $(test_attrs_DEPENDENCIES) $(EXTRA_test_attrs_DEPENDENCIES) + @rm -f test-attrs$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_attrs_OBJECTS) $(test_attrs_LDADD) $(LIBS) +trust/test_base64-test-base64.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-base64$(EXEEXT): $(test_base64_OBJECTS) $(test_base64_DEPENDENCIES) $(EXTRA_test_base64_DEPENDENCIES) + @rm -f test-base64$(EXEEXT) + $(AM_V_CCLD)$(test_base64_LINK) $(test_base64_OBJECTS) $(test_base64_LDADD) $(LIBS) +common/test-buffer.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-buffer$(EXEEXT): $(test_buffer_OBJECTS) $(test_buffer_DEPENDENCIES) $(EXTRA_test_buffer_DEPENDENCIES) + @rm -f test-buffer$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_buffer_OBJECTS) $(test_buffer_LDADD) $(LIBS) +trust/test_builder-test-builder.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-builder$(EXEEXT): $(test_builder_OBJECTS) $(test_builder_DEPENDENCIES) $(EXTRA_test_builder_DEPENDENCIES) + @rm -f test-builder$(EXEEXT) + $(AM_V_CCLD)$(test_builder_LINK) $(test_builder_OBJECTS) $(test_builder_LDADD) $(LIBS) +trust/test_bundle-test-bundle.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-bundle$(EXEEXT): $(test_bundle_OBJECTS) $(test_bundle_DEPENDENCIES) $(EXTRA_test_bundle_DEPENDENCIES) + @rm -f test-bundle$(EXEEXT) + $(AM_V_CCLD)$(test_bundle_LINK) $(test_bundle_OBJECTS) $(test_bundle_LDADD) $(LIBS) +trust/test_cer-test-cer.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-cer$(EXEEXT): $(test_cer_OBJECTS) $(test_cer_DEPENDENCIES) $(EXTRA_test_cer_DEPENDENCIES) + @rm -f test-cer$(EXEEXT) + $(AM_V_CCLD)$(test_cer_LINK) $(test_cer_OBJECTS) $(test_cer_LDADD) $(LIBS) +common/test-compat.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-compat$(EXEEXT): $(test_compat_OBJECTS) $(test_compat_DEPENDENCIES) $(EXTRA_test_compat_DEPENDENCIES) + @rm -f test-compat$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_compat_OBJECTS) $(test_compat_LDADD) $(LIBS) +p11-kit/test-conf.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-conf$(EXEEXT): $(test_conf_OBJECTS) $(test_conf_DEPENDENCIES) $(EXTRA_test_conf_DEPENDENCIES) + @rm -f test-conf$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_conf_OBJECTS) $(test_conf_LDADD) $(LIBS) +common/test-constants.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-constants$(EXEEXT): $(test_constants_OBJECTS) $(test_constants_DEPENDENCIES) $(EXTRA_test_constants_DEPENDENCIES) + @rm -f test-constants$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_constants_OBJECTS) $(test_constants_LDADD) $(LIBS) +p11-kit/test_deprecated-test-deprecated.$(OBJEXT): \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-deprecated$(EXEEXT): $(test_deprecated_OBJECTS) $(test_deprecated_DEPENDENCIES) $(EXTRA_test_deprecated_DEPENDENCIES) + @rm -f test-deprecated$(EXEEXT) + $(AM_V_CCLD)$(test_deprecated_LINK) $(test_deprecated_OBJECTS) $(test_deprecated_LDADD) $(LIBS) +common/test-dict.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-dict$(EXEEXT): $(test_dict_OBJECTS) $(test_dict_DEPENDENCIES) $(EXTRA_test_dict_DEPENDENCIES) + @rm -f test-dict$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_dict_OBJECTS) $(test_dict_LDADD) $(LIBS) +trust/test_digest-test-digest.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-digest$(EXEEXT): $(test_digest_OBJECTS) $(test_digest_DEPENDENCIES) $(EXTRA_test_digest_DEPENDENCIES) + @rm -f test-digest$(EXEEXT) + $(AM_V_CCLD)$(test_digest_LINK) $(test_digest_OBJECTS) $(test_digest_LDADD) $(LIBS) +trust/test_edk2-test-edk2.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-edk2$(EXEEXT): $(test_edk2_OBJECTS) $(test_edk2_DEPENDENCIES) $(EXTRA_test_edk2_DEPENDENCIES) + @rm -f test-edk2$(EXEEXT) + $(AM_V_CCLD)$(test_edk2_LINK) $(test_edk2_OBJECTS) $(test_edk2_LDADD) $(LIBS) +trust/test_enumerate-test-enumerate.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-enumerate$(EXEEXT): $(test_enumerate_OBJECTS) $(test_enumerate_DEPENDENCIES) $(EXTRA_test_enumerate_DEPENDENCIES) + @rm -f test-enumerate$(EXEEXT) + $(AM_V_CCLD)$(test_enumerate_LINK) $(test_enumerate_OBJECTS) $(test_enumerate_LDADD) $(LIBS) +p11-kit/test-filter.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-filter$(EXEEXT): $(test_filter_OBJECTS) $(test_filter_DEPENDENCIES) $(EXTRA_test_filter_DEPENDENCIES) + @rm -f test-filter$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_filter_OBJECTS) $(test_filter_LDADD) $(LIBS) +common/test-hash.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-hash$(EXEEXT): $(test_hash_OBJECTS) $(test_hash_DEPENDENCIES) $(EXTRA_test_hash_DEPENDENCIES) + @rm -f test-hash$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_hash_OBJECTS) $(test_hash_LDADD) $(LIBS) +trust/test_index-test-index.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-index$(EXEEXT): $(test_index_OBJECTS) $(test_index_DEPENDENCIES) $(EXTRA_test_index_DEPENDENCIES) + @rm -f test-index$(EXEEXT) + $(AM_V_CCLD)$(test_index_LINK) $(test_index_OBJECTS) $(test_index_LDADD) $(LIBS) +p11-kit/test_init-test-init.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-init$(EXEEXT): $(test_init_OBJECTS) $(test_init_DEPENDENCIES) $(EXTRA_test_init_DEPENDENCIES) + @rm -f test-init$(EXEEXT) + $(AM_V_CCLD)$(test_init_LINK) $(test_init_OBJECTS) $(test_init_LDADD) $(LIBS) +p11-kit/test-iter.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-iter$(EXEEXT): $(test_iter_OBJECTS) $(test_iter_DEPENDENCIES) $(EXTRA_test_iter_DEPENDENCIES) + @rm -f test-iter$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_iter_OBJECTS) $(test_iter_LDADD) $(LIBS) +trust/test_jks-test-jks.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-jks$(EXEEXT): $(test_jks_OBJECTS) $(test_jks_DEPENDENCIES) $(EXTRA_test_jks_DEPENDENCIES) + @rm -f test-jks$(EXEEXT) + $(AM_V_CCLD)$(test_jks_LINK) $(test_jks_OBJECTS) $(test_jks_LDADD) $(LIBS) +common/test-lexer.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-lexer$(EXEEXT): $(test_lexer_OBJECTS) $(test_lexer_DEPENDENCIES) $(EXTRA_test_lexer_DEPENDENCIES) + @rm -f test-lexer$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_lexer_OBJECTS) $(test_lexer_LDADD) $(LIBS) +p11-kit/test-log.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-log$(EXEEXT): $(test_log_OBJECTS) $(test_log_DEPENDENCIES) $(EXTRA_test_log_DEPENDENCIES) + @rm -f test-log$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_log_OBJECTS) $(test_log_LDADD) $(LIBS) +p11-kit/test-managed.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-managed$(EXEEXT): $(test_managed_OBJECTS) $(test_managed_DEPENDENCIES) $(EXTRA_test_managed_DEPENDENCIES) + @rm -f test-managed$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_managed_OBJECTS) $(test_managed_LDADD) $(LIBS) +common/test-message.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-message$(EXEEXT): $(test_message_OBJECTS) $(test_message_DEPENDENCIES) $(EXTRA_test_message_DEPENDENCIES) + @rm -f test-message$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_message_OBJECTS) $(test_message_LDADD) $(LIBS) +trust/test_module-test-module.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-module$(EXEEXT): $(test_module_OBJECTS) $(test_module_DEPENDENCIES) $(EXTRA_test_module_DEPENDENCIES) + @rm -f test-module$(EXEEXT) + $(AM_V_CCLD)$(test_module_LINK) $(test_module_OBJECTS) $(test_module_LDADD) $(LIBS) +p11-kit/test-modules.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-modules$(EXEEXT): $(test_modules_OBJECTS) $(test_modules_DEPENDENCIES) $(EXTRA_test_modules_DEPENDENCIES) + @rm -f test-modules$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_modules_OBJECTS) $(test_modules_LDADD) $(LIBS) +trust/test_oid-test-oid.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES) $(EXTRA_test_oid_DEPENDENCIES) + @rm -f test-oid$(EXEEXT) + $(AM_V_CCLD)$(test_oid_LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS) +trust/test_openssl-test-openssl.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-openssl$(EXEEXT): $(test_openssl_OBJECTS) $(test_openssl_DEPENDENCIES) $(EXTRA_test_openssl_DEPENDENCIES) + @rm -f test-openssl$(EXEEXT) + $(AM_V_CCLD)$(test_openssl_LINK) $(test_openssl_OBJECTS) $(test_openssl_LDADD) $(LIBS) +trust/test_parser-test-parser.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-parser$(EXEEXT): $(test_parser_OBJECTS) $(test_parser_DEPENDENCIES) $(EXTRA_test_parser_DEPENDENCIES) + @rm -f test-parser$(EXEEXT) + $(AM_V_CCLD)$(test_parser_LINK) $(test_parser_OBJECTS) $(test_parser_LDADD) $(LIBS) +common/test-path.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-path$(EXEEXT): $(test_path_OBJECTS) $(test_path_DEPENDENCIES) $(EXTRA_test_path_DEPENDENCIES) + @rm -f test-path$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_path_OBJECTS) $(test_path_LDADD) $(LIBS) +trust/test-pem.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-pem$(EXEEXT): $(test_pem_OBJECTS) $(test_pem_DEPENDENCIES) $(EXTRA_test_pem_DEPENDENCIES) + @rm -f test-pem$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_pem_OBJECTS) $(test_pem_LDADD) $(LIBS) +trust/test-persist.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-persist$(EXEEXT): $(test_persist_OBJECTS) $(test_persist_DEPENDENCIES) $(EXTRA_test_persist_DEPENDENCIES) + @rm -f test-persist$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_persist_OBJECTS) $(test_persist_LDADD) $(LIBS) +p11-kit/test-pin.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-pin$(EXEEXT): $(test_pin_OBJECTS) $(test_pin_DEPENDENCIES) $(EXTRA_test_pin_DEPENDENCIES) + @rm -f test-pin$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_pin_OBJECTS) $(test_pin_LDADD) $(LIBS) +p11-kit/test-progname.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-progname$(EXEEXT): $(test_progname_OBJECTS) $(test_progname_DEPENDENCIES) $(EXTRA_test_progname_DEPENDENCIES) + @rm -f test-progname$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_progname_OBJECTS) $(test_progname_LDADD) $(LIBS) +p11-kit/test-proxy.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-proxy$(EXEEXT): $(test_proxy_OBJECTS) $(test_proxy_DEPENDENCIES) $(EXTRA_test_proxy_DEPENDENCIES) + @rm -f test-proxy$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_proxy_OBJECTS) $(test_proxy_LDADD) $(LIBS) +p11-kit/test-rpc.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-rpc$(EXEEXT): $(test_rpc_OBJECTS) $(test_rpc_DEPENDENCIES) $(EXTRA_test_rpc_DEPENDENCIES) + @rm -f test-rpc$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_rpc_OBJECTS) $(test_rpc_LDADD) $(LIBS) +common/test-runtime.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-runtime$(EXEEXT): $(test_runtime_OBJECTS) $(test_runtime_DEPENDENCIES) $(EXTRA_test_runtime_DEPENDENCIES) + @rm -f test-runtime$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_runtime_OBJECTS) $(test_runtime_LDADD) $(LIBS) +trust/test-save.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-save$(EXEEXT): $(test_save_OBJECTS) $(test_save_DEPENDENCIES) $(EXTRA_test_save_DEPENDENCIES) + @rm -f test-save$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_save_OBJECTS) $(test_save_LDADD) $(LIBS) +p11-kit/test_server-test-server.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-server$(EXEEXT): $(test_server_OBJECTS) $(test_server_DEPENDENCIES) $(EXTRA_test_server_DEPENDENCIES) + @rm -f test-server$(EXEEXT) + $(AM_V_CCLD)$(test_server_LINK) $(test_server_OBJECTS) $(test_server_LDADD) $(LIBS) +common/test-tests.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-tests$(EXEEXT): $(test_tests_OBJECTS) $(test_tests_DEPENDENCIES) $(EXTRA_test_tests_DEPENDENCIES) + @rm -f test-tests$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_tests_OBJECTS) $(test_tests_LDADD) $(LIBS) +trust/test_token-test-token.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-token$(EXEEXT): $(test_token_OBJECTS) $(test_token_DEPENDENCIES) $(EXTRA_test_token_DEPENDENCIES) + @rm -f test-token$(EXEEXT) + $(AM_V_CCLD)$(test_token_LINK) $(test_token_OBJECTS) $(test_token_LDADD) $(LIBS) +p11-kit/test_transport-test-transport.$(OBJEXT): \ + p11-kit/$(am__dirstamp) p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-transport$(EXEEXT): $(test_transport_OBJECTS) $(test_transport_DEPENDENCIES) $(EXTRA_test_transport_DEPENDENCIES) + @rm -f test-transport$(EXEEXT) + $(AM_V_CCLD)$(test_transport_LINK) $(test_transport_OBJECTS) $(test_transport_LDADD) $(LIBS) +p11-kit/test-uri.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-uri$(EXEEXT): $(test_uri_OBJECTS) $(test_uri_DEPENDENCIES) $(EXTRA_test_uri_DEPENDENCIES) + @rm -f test-uri$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_uri_OBJECTS) $(test_uri_LDADD) $(LIBS) +common/test-url.$(OBJEXT): common/$(am__dirstamp) \ + common/$(DEPDIR)/$(am__dirstamp) + +test-url$(EXEEXT): $(test_url_OBJECTS) $(test_url_DEPENDENCIES) $(EXTRA_test_url_DEPENDENCIES) + @rm -f test-url$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_url_OBJECTS) $(test_url_LDADD) $(LIBS) +trust/test-utf8.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-utf8$(EXEEXT): $(test_utf8_OBJECTS) $(test_utf8_DEPENDENCIES) $(EXTRA_test_utf8_DEPENDENCIES) + @rm -f test-utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_utf8_OBJECTS) $(test_utf8_LDADD) $(LIBS) +p11-kit/test-util.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-util$(EXEEXT): $(test_util_OBJECTS) $(test_util_DEPENDENCIES) $(EXTRA_test_util_DEPENDENCIES) + @rm -f test-util$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_util_OBJECTS) $(test_util_LDADD) $(LIBS) +p11-kit/test-virtual.$(OBJEXT): p11-kit/$(am__dirstamp) \ + p11-kit/$(DEPDIR)/$(am__dirstamp) + +test-virtual$(EXEEXT): $(test_virtual_OBJECTS) $(test_virtual_DEPENDENCIES) $(EXTRA_test_virtual_DEPENDENCIES) + @rm -f test-virtual$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_virtual_OBJECTS) $(test_virtual_LDADD) $(LIBS) +trust/test_x509-test-x509.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +test-x509$(EXEEXT): $(test_x509_OBJECTS) $(test_x509_DEPENDENCIES) $(EXTRA_test_x509_DEPENDENCIES) + @rm -f test-x509$(EXEEXT) + $(AM_V_CCLD)$(test_x509_LINK) $(test_x509_OBJECTS) $(test_x509_LDADD) $(LIBS) +trust/trust-anchor.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-parser.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-persist.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-digest.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-dump.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-enumerate.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-extract.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-extract-jks.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-extract-edk2.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-extract-openssl.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-extract-pem.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-extract-cer.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-list.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-save.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) +trust/trust-trust.$(OBJEXT): trust/$(am__dirstamp) \ + trust/$(DEPDIR)/$(am__dirstamp) + +trust/trust$(EXEEXT): $(trust_trust_OBJECTS) $(trust_trust_DEPENDENCIES) $(EXTRA_trust_trust_DEPENDENCIES) trust/$(am__dirstamp) + @rm -f trust/trust$(EXEEXT) + $(AM_V_CCLD)$(trust_trust_LINK) $(trust_trust_OBJECTS) $(trust_trust_LDADD) $(LIBS) +install-externalSCRIPTS: $(external_SCRIPTS) + @$(NORMAL_INSTALL) + @list='$(external_SCRIPTS)'; test -n "$(externaldir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(externaldir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(externaldir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(externaldir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(externaldir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-externalSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(external_SCRIPTS)'; test -n "$(externaldir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + dir='$(DESTDIR)$(externaldir)'; $(am__uninstall_files_from_dir) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f common/*.$(OBJEXT) + -rm -f common/*.lo + -rm -f p11-kit/*.$(OBJEXT) + -rm -f p11-kit/*.lo + -rm -f trust/*.$(OBJEXT) + -rm -f trust/*.lo + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/argv.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/array.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/attrs.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/buffer.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/compat.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/constants.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/debug.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/dict.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/frob-getauxval.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/frob-getenv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/frob-getprogname.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/hash.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/lexer.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/library.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/message.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/mock.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/path.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/runtime.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-argv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-array.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-attrs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-buffer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-compat.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-constants.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-dict.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-hash.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-lexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-message.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-path.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-runtime.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-tests.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test-url.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/test.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/tool.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/unix-peer.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/url.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@common/$(DEPDIR)/vsock.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/client_la-client-init.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/client_la-client.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/frob-setuid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/lists.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep3.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep4.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep5.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep6.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep7.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/mock-module-ep8.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/p11-kit.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/p11_kit_server-server.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/print-messages.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/remote.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-conf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-filter.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-iter.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-log.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-managed.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-modules.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-pin.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-progname.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-proxy.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-rpc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-uri.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-util.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test-virtual.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test_init-test-init.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test_server-test-server.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@p11-kit/$(DEPDIR)/test_transport-test-transport.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/digest.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob-nss-trust.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_bc-frob-bc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_cert-frob-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_eku-frob-eku.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_ext-frob-ext.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_ku-frob-ku.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_oid-frob-oid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_pow-frob-pow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/frob_token-frob-token.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_data_la-asn1.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_data_la-base64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_data_la-oid.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_data_la-pem.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_data_la-utf8.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_data_la-x509.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-builder.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-digest.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-index.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-module.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-parser.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-persist.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-save.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-session.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/libtrust_testable_la-token.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-builder.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-digest.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-index.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-module-init.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-module.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-parser.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-persist.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-save.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-session.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/p11_kit_trust_la-token.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test-pem.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test-persist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test-save.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test-trust.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test-utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_asn1-test-asn1.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_base64-test-base64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_builder-test-builder.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_bundle-test-bundle.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_cer-test-cer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_digest-test-digest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_edk2-test-edk2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_enumerate-test-enumerate.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_index-test-index.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_jks-test-jks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_module-test-module.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_oid-test-oid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_openssl-test-openssl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_parser-test-parser.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_token-test-token.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/test_x509-test-x509.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-anchor.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-digest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-dump.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-enumerate.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-extract-cer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-extract-edk2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-extract-jks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-extract-openssl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-extract-pem.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-extract.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-list.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-parser.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-persist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-save.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@trust/$(DEPDIR)/trust-trust.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +p11-kit/libp11_kit_internal_la-util.lo: p11-kit/util.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-util.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Tpo -c -o p11-kit/libp11_kit_internal_la-util.lo `test -f 'p11-kit/util.c' || echo '$(srcdir)/'`p11-kit/util.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/util.c' object='p11-kit/libp11_kit_internal_la-util.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-util.lo `test -f 'p11-kit/util.c' || echo '$(srcdir)/'`p11-kit/util.c + +p11-kit/libp11_kit_internal_la-conf.lo: p11-kit/conf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-conf.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Tpo -c -o p11-kit/libp11_kit_internal_la-conf.lo `test -f 'p11-kit/conf.c' || echo '$(srcdir)/'`p11-kit/conf.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/conf.c' object='p11-kit/libp11_kit_internal_la-conf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-conf.lo `test -f 'p11-kit/conf.c' || echo '$(srcdir)/'`p11-kit/conf.c + +p11-kit/libp11_kit_internal_la-iter.lo: p11-kit/iter.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-iter.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Tpo -c -o p11-kit/libp11_kit_internal_la-iter.lo `test -f 'p11-kit/iter.c' || echo '$(srcdir)/'`p11-kit/iter.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/iter.c' object='p11-kit/libp11_kit_internal_la-iter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-iter.lo `test -f 'p11-kit/iter.c' || echo '$(srcdir)/'`p11-kit/iter.c + +p11-kit/libp11_kit_internal_la-log.lo: p11-kit/log.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-log.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Tpo -c -o p11-kit/libp11_kit_internal_la-log.lo `test -f 'p11-kit/log.c' || echo '$(srcdir)/'`p11-kit/log.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/log.c' object='p11-kit/libp11_kit_internal_la-log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-log.lo `test -f 'p11-kit/log.c' || echo '$(srcdir)/'`p11-kit/log.c + +p11-kit/libp11_kit_internal_la-filter.lo: p11-kit/filter.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-filter.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Tpo -c -o p11-kit/libp11_kit_internal_la-filter.lo `test -f 'p11-kit/filter.c' || echo '$(srcdir)/'`p11-kit/filter.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/filter.c' object='p11-kit/libp11_kit_internal_la-filter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-filter.lo `test -f 'p11-kit/filter.c' || echo '$(srcdir)/'`p11-kit/filter.c + +p11-kit/libp11_kit_internal_la-modules.lo: p11-kit/modules.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-modules.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Tpo -c -o p11-kit/libp11_kit_internal_la-modules.lo `test -f 'p11-kit/modules.c' || echo '$(srcdir)/'`p11-kit/modules.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/modules.c' object='p11-kit/libp11_kit_internal_la-modules.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-modules.lo `test -f 'p11-kit/modules.c' || echo '$(srcdir)/'`p11-kit/modules.c + +p11-kit/libp11_kit_internal_la-pin.lo: p11-kit/pin.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-pin.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Tpo -c -o p11-kit/libp11_kit_internal_la-pin.lo `test -f 'p11-kit/pin.c' || echo '$(srcdir)/'`p11-kit/pin.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/pin.c' object='p11-kit/libp11_kit_internal_la-pin.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-pin.lo `test -f 'p11-kit/pin.c' || echo '$(srcdir)/'`p11-kit/pin.c + +p11-kit/libp11_kit_internal_la-messages.lo: p11-kit/messages.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-messages.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Tpo -c -o p11-kit/libp11_kit_internal_la-messages.lo `test -f 'p11-kit/messages.c' || echo '$(srcdir)/'`p11-kit/messages.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/messages.c' object='p11-kit/libp11_kit_internal_la-messages.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-messages.lo `test -f 'p11-kit/messages.c' || echo '$(srcdir)/'`p11-kit/messages.c + +p11-kit/libp11_kit_internal_la-rpc-transport.lo: p11-kit/rpc-transport.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-rpc-transport.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Tpo -c -o p11-kit/libp11_kit_internal_la-rpc-transport.lo `test -f 'p11-kit/rpc-transport.c' || echo '$(srcdir)/'`p11-kit/rpc-transport.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-transport.c' object='p11-kit/libp11_kit_internal_la-rpc-transport.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-rpc-transport.lo `test -f 'p11-kit/rpc-transport.c' || echo '$(srcdir)/'`p11-kit/rpc-transport.c + +p11-kit/libp11_kit_internal_la-rpc-message.lo: p11-kit/rpc-message.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-rpc-message.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Tpo -c -o p11-kit/libp11_kit_internal_la-rpc-message.lo `test -f 'p11-kit/rpc-message.c' || echo '$(srcdir)/'`p11-kit/rpc-message.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-message.c' object='p11-kit/libp11_kit_internal_la-rpc-message.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-rpc-message.lo `test -f 'p11-kit/rpc-message.c' || echo '$(srcdir)/'`p11-kit/rpc-message.c + +p11-kit/libp11_kit_internal_la-rpc-client.lo: p11-kit/rpc-client.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-rpc-client.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Tpo -c -o p11-kit/libp11_kit_internal_la-rpc-client.lo `test -f 'p11-kit/rpc-client.c' || echo '$(srcdir)/'`p11-kit/rpc-client.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-client.c' object='p11-kit/libp11_kit_internal_la-rpc-client.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-rpc-client.lo `test -f 'p11-kit/rpc-client.c' || echo '$(srcdir)/'`p11-kit/rpc-client.c + +p11-kit/libp11_kit_internal_la-uri.lo: p11-kit/uri.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-uri.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Tpo -c -o p11-kit/libp11_kit_internal_la-uri.lo `test -f 'p11-kit/uri.c' || echo '$(srcdir)/'`p11-kit/uri.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/uri.c' object='p11-kit/libp11_kit_internal_la-uri.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-uri.lo `test -f 'p11-kit/uri.c' || echo '$(srcdir)/'`p11-kit/uri.c + +p11-kit/libp11_kit_internal_la-virtual.lo: p11-kit/virtual.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_internal_la-virtual.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Tpo -c -o p11-kit/libp11_kit_internal_la-virtual.lo `test -f 'p11-kit/virtual.c' || echo '$(srcdir)/'`p11-kit/virtual.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Tpo p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/virtual.c' object='p11-kit/libp11_kit_internal_la-virtual.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_internal_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_internal_la-virtual.lo `test -f 'p11-kit/virtual.c' || echo '$(srcdir)/'`p11-kit/virtual.c + +p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo: p11-kit/uri.gnu.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Tpo -c -o p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo `test -f 'p11-kit/uri.gnu.c' || echo '$(srcdir)/'`p11-kit/uri.gnu.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Tpo p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/uri.gnu.c' object='p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_pkcs11_gnu_la-uri.gnu.lo `test -f 'p11-kit/uri.gnu.c' || echo '$(srcdir)/'`p11-kit/uri.gnu.c + +p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo: p11-kit/iter.gnu.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Tpo -c -o p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo `test -f 'p11-kit/iter.gnu.c' || echo '$(srcdir)/'`p11-kit/iter.gnu.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Tpo p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/iter.gnu.c' object='p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_pkcs11_gnu_la-iter.gnu.lo `test -f 'p11-kit/iter.gnu.c' || echo '$(srcdir)/'`p11-kit/iter.gnu.c + +p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo: p11-kit/pin.gnu.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Tpo -c -o p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo `test -f 'p11-kit/pin.gnu.c' || echo '$(srcdir)/'`p11-kit/pin.gnu.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Tpo p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/pin.gnu.c' object='p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_pkcs11_gnu_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_pkcs11_gnu_la-pin.gnu.lo `test -f 'p11-kit/pin.gnu.c' || echo '$(srcdir)/'`p11-kit/pin.gnu.c + +p11-kit/libp11_kit_testable_la-util.lo: p11-kit/util.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-util.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Tpo -c -o p11-kit/libp11_kit_testable_la-util.lo `test -f 'p11-kit/util.c' || echo '$(srcdir)/'`p11-kit/util.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/util.c' object='p11-kit/libp11_kit_testable_la-util.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-util.lo `test -f 'p11-kit/util.c' || echo '$(srcdir)/'`p11-kit/util.c + +p11-kit/libp11_kit_testable_la-conf.lo: p11-kit/conf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-conf.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Tpo -c -o p11-kit/libp11_kit_testable_la-conf.lo `test -f 'p11-kit/conf.c' || echo '$(srcdir)/'`p11-kit/conf.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/conf.c' object='p11-kit/libp11_kit_testable_la-conf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-conf.lo `test -f 'p11-kit/conf.c' || echo '$(srcdir)/'`p11-kit/conf.c + +p11-kit/libp11_kit_testable_la-iter.lo: p11-kit/iter.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-iter.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Tpo -c -o p11-kit/libp11_kit_testable_la-iter.lo `test -f 'p11-kit/iter.c' || echo '$(srcdir)/'`p11-kit/iter.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/iter.c' object='p11-kit/libp11_kit_testable_la-iter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-iter.lo `test -f 'p11-kit/iter.c' || echo '$(srcdir)/'`p11-kit/iter.c + +p11-kit/libp11_kit_testable_la-log.lo: p11-kit/log.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-log.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Tpo -c -o p11-kit/libp11_kit_testable_la-log.lo `test -f 'p11-kit/log.c' || echo '$(srcdir)/'`p11-kit/log.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/log.c' object='p11-kit/libp11_kit_testable_la-log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-log.lo `test -f 'p11-kit/log.c' || echo '$(srcdir)/'`p11-kit/log.c + +p11-kit/libp11_kit_testable_la-filter.lo: p11-kit/filter.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-filter.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Tpo -c -o p11-kit/libp11_kit_testable_la-filter.lo `test -f 'p11-kit/filter.c' || echo '$(srcdir)/'`p11-kit/filter.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/filter.c' object='p11-kit/libp11_kit_testable_la-filter.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-filter.lo `test -f 'p11-kit/filter.c' || echo '$(srcdir)/'`p11-kit/filter.c + +p11-kit/libp11_kit_testable_la-modules.lo: p11-kit/modules.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-modules.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Tpo -c -o p11-kit/libp11_kit_testable_la-modules.lo `test -f 'p11-kit/modules.c' || echo '$(srcdir)/'`p11-kit/modules.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/modules.c' object='p11-kit/libp11_kit_testable_la-modules.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-modules.lo `test -f 'p11-kit/modules.c' || echo '$(srcdir)/'`p11-kit/modules.c + +p11-kit/libp11_kit_testable_la-pin.lo: p11-kit/pin.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-pin.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Tpo -c -o p11-kit/libp11_kit_testable_la-pin.lo `test -f 'p11-kit/pin.c' || echo '$(srcdir)/'`p11-kit/pin.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/pin.c' object='p11-kit/libp11_kit_testable_la-pin.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-pin.lo `test -f 'p11-kit/pin.c' || echo '$(srcdir)/'`p11-kit/pin.c + +p11-kit/libp11_kit_testable_la-messages.lo: p11-kit/messages.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-messages.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Tpo -c -o p11-kit/libp11_kit_testable_la-messages.lo `test -f 'p11-kit/messages.c' || echo '$(srcdir)/'`p11-kit/messages.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/messages.c' object='p11-kit/libp11_kit_testable_la-messages.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-messages.lo `test -f 'p11-kit/messages.c' || echo '$(srcdir)/'`p11-kit/messages.c + +p11-kit/libp11_kit_testable_la-rpc-transport.lo: p11-kit/rpc-transport.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-rpc-transport.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Tpo -c -o p11-kit/libp11_kit_testable_la-rpc-transport.lo `test -f 'p11-kit/rpc-transport.c' || echo '$(srcdir)/'`p11-kit/rpc-transport.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-transport.c' object='p11-kit/libp11_kit_testable_la-rpc-transport.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-rpc-transport.lo `test -f 'p11-kit/rpc-transport.c' || echo '$(srcdir)/'`p11-kit/rpc-transport.c + +p11-kit/libp11_kit_testable_la-rpc-message.lo: p11-kit/rpc-message.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-rpc-message.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Tpo -c -o p11-kit/libp11_kit_testable_la-rpc-message.lo `test -f 'p11-kit/rpc-message.c' || echo '$(srcdir)/'`p11-kit/rpc-message.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-message.c' object='p11-kit/libp11_kit_testable_la-rpc-message.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-rpc-message.lo `test -f 'p11-kit/rpc-message.c' || echo '$(srcdir)/'`p11-kit/rpc-message.c + +p11-kit/libp11_kit_testable_la-rpc-client.lo: p11-kit/rpc-client.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-rpc-client.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Tpo -c -o p11-kit/libp11_kit_testable_la-rpc-client.lo `test -f 'p11-kit/rpc-client.c' || echo '$(srcdir)/'`p11-kit/rpc-client.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-client.c' object='p11-kit/libp11_kit_testable_la-rpc-client.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-rpc-client.lo `test -f 'p11-kit/rpc-client.c' || echo '$(srcdir)/'`p11-kit/rpc-client.c + +p11-kit/libp11_kit_testable_la-uri.lo: p11-kit/uri.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-uri.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Tpo -c -o p11-kit/libp11_kit_testable_la-uri.lo `test -f 'p11-kit/uri.c' || echo '$(srcdir)/'`p11-kit/uri.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/uri.c' object='p11-kit/libp11_kit_testable_la-uri.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-uri.lo `test -f 'p11-kit/uri.c' || echo '$(srcdir)/'`p11-kit/uri.c + +p11-kit/libp11_kit_testable_la-virtual.lo: p11-kit/virtual.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-virtual.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Tpo -c -o p11-kit/libp11_kit_testable_la-virtual.lo `test -f 'p11-kit/virtual.c' || echo '$(srcdir)/'`p11-kit/virtual.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/virtual.c' object='p11-kit/libp11_kit_testable_la-virtual.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-virtual.lo `test -f 'p11-kit/virtual.c' || echo '$(srcdir)/'`p11-kit/virtual.c + +p11-kit/libp11_kit_testable_la-proxy.lo: p11-kit/proxy.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-proxy.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Tpo -c -o p11-kit/libp11_kit_testable_la-proxy.lo `test -f 'p11-kit/proxy.c' || echo '$(srcdir)/'`p11-kit/proxy.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/proxy.c' object='p11-kit/libp11_kit_testable_la-proxy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-proxy.lo `test -f 'p11-kit/proxy.c' || echo '$(srcdir)/'`p11-kit/proxy.c + +p11-kit/libp11_kit_testable_la-proxy-init.lo: p11-kit/proxy-init.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-proxy-init.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Tpo -c -o p11-kit/libp11_kit_testable_la-proxy-init.lo `test -f 'p11-kit/proxy-init.c' || echo '$(srcdir)/'`p11-kit/proxy-init.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/proxy-init.c' object='p11-kit/libp11_kit_testable_la-proxy-init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-proxy-init.lo `test -f 'p11-kit/proxy-init.c' || echo '$(srcdir)/'`p11-kit/proxy-init.c + +p11-kit/libp11_kit_testable_la-rpc-server.lo: p11-kit/rpc-server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_testable_la-rpc-server.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Tpo -c -o p11-kit/libp11_kit_testable_la-rpc-server.lo `test -f 'p11-kit/rpc-server.c' || echo '$(srcdir)/'`p11-kit/rpc-server.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Tpo p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-server.c' object='p11-kit/libp11_kit_testable_la-rpc-server.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_testable_la-rpc-server.lo `test -f 'p11-kit/rpc-server.c' || echo '$(srcdir)/'`p11-kit/rpc-server.c + +p11-kit/libp11_kit_la-proxy.lo: p11-kit/proxy.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_la-proxy.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Tpo -c -o p11-kit/libp11_kit_la-proxy.lo `test -f 'p11-kit/proxy.c' || echo '$(srcdir)/'`p11-kit/proxy.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Tpo p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/proxy.c' object='p11-kit/libp11_kit_la-proxy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_la-proxy.lo `test -f 'p11-kit/proxy.c' || echo '$(srcdir)/'`p11-kit/proxy.c + +p11-kit/libp11_kit_la-proxy-init.lo: p11-kit/proxy-init.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_la-proxy-init.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Tpo -c -o p11-kit/libp11_kit_la-proxy-init.lo `test -f 'p11-kit/proxy-init.c' || echo '$(srcdir)/'`p11-kit/proxy-init.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Tpo p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/proxy-init.c' object='p11-kit/libp11_kit_la-proxy-init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_la-proxy-init.lo `test -f 'p11-kit/proxy-init.c' || echo '$(srcdir)/'`p11-kit/proxy-init.c + +p11-kit/libp11_kit_la-rpc-server.lo: p11-kit/rpc-server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT p11-kit/libp11_kit_la-rpc-server.lo -MD -MP -MF p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Tpo -c -o p11-kit/libp11_kit_la-rpc-server.lo `test -f 'p11-kit/rpc-server.c' || echo '$(srcdir)/'`p11-kit/rpc-server.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Tpo p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/rpc-server.c' object='p11-kit/libp11_kit_la-rpc-server.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o p11-kit/libp11_kit_la-rpc-server.lo `test -f 'p11-kit/rpc-server.c' || echo '$(srcdir)/'`p11-kit/rpc-server.c + +trust/libtrust_data_la-asn1.lo: trust/asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_data_la-asn1.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_data_la-asn1.Tpo -c -o trust/libtrust_data_la-asn1.lo `test -f 'trust/asn1.c' || echo '$(srcdir)/'`trust/asn1.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_data_la-asn1.Tpo trust/$(DEPDIR)/libtrust_data_la-asn1.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/asn1.c' object='trust/libtrust_data_la-asn1.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_data_la-asn1.lo `test -f 'trust/asn1.c' || echo '$(srcdir)/'`trust/asn1.c + +trust/libtrust_data_la-base64.lo: trust/base64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_data_la-base64.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_data_la-base64.Tpo -c -o trust/libtrust_data_la-base64.lo `test -f 'trust/base64.c' || echo '$(srcdir)/'`trust/base64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_data_la-base64.Tpo trust/$(DEPDIR)/libtrust_data_la-base64.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/base64.c' object='trust/libtrust_data_la-base64.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_data_la-base64.lo `test -f 'trust/base64.c' || echo '$(srcdir)/'`trust/base64.c + +trust/libtrust_data_la-pem.lo: trust/pem.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_data_la-pem.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_data_la-pem.Tpo -c -o trust/libtrust_data_la-pem.lo `test -f 'trust/pem.c' || echo '$(srcdir)/'`trust/pem.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_data_la-pem.Tpo trust/$(DEPDIR)/libtrust_data_la-pem.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/pem.c' object='trust/libtrust_data_la-pem.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_data_la-pem.lo `test -f 'trust/pem.c' || echo '$(srcdir)/'`trust/pem.c + +trust/libtrust_data_la-oid.lo: trust/oid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_data_la-oid.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_data_la-oid.Tpo -c -o trust/libtrust_data_la-oid.lo `test -f 'trust/oid.c' || echo '$(srcdir)/'`trust/oid.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_data_la-oid.Tpo trust/$(DEPDIR)/libtrust_data_la-oid.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/oid.c' object='trust/libtrust_data_la-oid.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_data_la-oid.lo `test -f 'trust/oid.c' || echo '$(srcdir)/'`trust/oid.c + +trust/libtrust_data_la-utf8.lo: trust/utf8.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_data_la-utf8.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_data_la-utf8.Tpo -c -o trust/libtrust_data_la-utf8.lo `test -f 'trust/utf8.c' || echo '$(srcdir)/'`trust/utf8.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_data_la-utf8.Tpo trust/$(DEPDIR)/libtrust_data_la-utf8.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/utf8.c' object='trust/libtrust_data_la-utf8.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_data_la-utf8.lo `test -f 'trust/utf8.c' || echo '$(srcdir)/'`trust/utf8.c + +trust/libtrust_data_la-x509.lo: trust/x509.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_data_la-x509.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_data_la-x509.Tpo -c -o trust/libtrust_data_la-x509.lo `test -f 'trust/x509.c' || echo '$(srcdir)/'`trust/x509.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_data_la-x509.Tpo trust/$(DEPDIR)/libtrust_data_la-x509.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/x509.c' object='trust/libtrust_data_la-x509.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_data_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_data_la-x509.lo `test -f 'trust/x509.c' || echo '$(srcdir)/'`trust/x509.c + +trust/libtrust_testable_la-builder.lo: trust/builder.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-builder.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-builder.Tpo -c -o trust/libtrust_testable_la-builder.lo `test -f 'trust/builder.c' || echo '$(srcdir)/'`trust/builder.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-builder.Tpo trust/$(DEPDIR)/libtrust_testable_la-builder.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/builder.c' object='trust/libtrust_testable_la-builder.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-builder.lo `test -f 'trust/builder.c' || echo '$(srcdir)/'`trust/builder.c + +trust/libtrust_testable_la-digest.lo: trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-digest.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-digest.Tpo -c -o trust/libtrust_testable_la-digest.lo `test -f 'trust/digest.c' || echo '$(srcdir)/'`trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-digest.Tpo trust/$(DEPDIR)/libtrust_testable_la-digest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/digest.c' object='trust/libtrust_testable_la-digest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-digest.lo `test -f 'trust/digest.c' || echo '$(srcdir)/'`trust/digest.c + +trust/libtrust_testable_la-index.lo: trust/index.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-index.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-index.Tpo -c -o trust/libtrust_testable_la-index.lo `test -f 'trust/index.c' || echo '$(srcdir)/'`trust/index.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-index.Tpo trust/$(DEPDIR)/libtrust_testable_la-index.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/index.c' object='trust/libtrust_testable_la-index.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-index.lo `test -f 'trust/index.c' || echo '$(srcdir)/'`trust/index.c + +trust/libtrust_testable_la-parser.lo: trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-parser.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-parser.Tpo -c -o trust/libtrust_testable_la-parser.lo `test -f 'trust/parser.c' || echo '$(srcdir)/'`trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-parser.Tpo trust/$(DEPDIR)/libtrust_testable_la-parser.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/parser.c' object='trust/libtrust_testable_la-parser.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-parser.lo `test -f 'trust/parser.c' || echo '$(srcdir)/'`trust/parser.c + +trust/libtrust_testable_la-persist.lo: trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-persist.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-persist.Tpo -c -o trust/libtrust_testable_la-persist.lo `test -f 'trust/persist.c' || echo '$(srcdir)/'`trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-persist.Tpo trust/$(DEPDIR)/libtrust_testable_la-persist.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/persist.c' object='trust/libtrust_testable_la-persist.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-persist.lo `test -f 'trust/persist.c' || echo '$(srcdir)/'`trust/persist.c + +trust/libtrust_testable_la-module.lo: trust/module.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-module.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-module.Tpo -c -o trust/libtrust_testable_la-module.lo `test -f 'trust/module.c' || echo '$(srcdir)/'`trust/module.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-module.Tpo trust/$(DEPDIR)/libtrust_testable_la-module.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/module.c' object='trust/libtrust_testable_la-module.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-module.lo `test -f 'trust/module.c' || echo '$(srcdir)/'`trust/module.c + +trust/libtrust_testable_la-save.lo: trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-save.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-save.Tpo -c -o trust/libtrust_testable_la-save.lo `test -f 'trust/save.c' || echo '$(srcdir)/'`trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-save.Tpo trust/$(DEPDIR)/libtrust_testable_la-save.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/save.c' object='trust/libtrust_testable_la-save.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-save.lo `test -f 'trust/save.c' || echo '$(srcdir)/'`trust/save.c + +trust/libtrust_testable_la-session.lo: trust/session.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-session.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-session.Tpo -c -o trust/libtrust_testable_la-session.lo `test -f 'trust/session.c' || echo '$(srcdir)/'`trust/session.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-session.Tpo trust/$(DEPDIR)/libtrust_testable_la-session.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/session.c' object='trust/libtrust_testable_la-session.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-session.lo `test -f 'trust/session.c' || echo '$(srcdir)/'`trust/session.c + +trust/libtrust_testable_la-token.lo: trust/token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -MT trust/libtrust_testable_la-token.lo -MD -MP -MF trust/$(DEPDIR)/libtrust_testable_la-token.Tpo -c -o trust/libtrust_testable_la-token.lo `test -f 'trust/token.c' || echo '$(srcdir)/'`trust/token.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/libtrust_testable_la-token.Tpo trust/$(DEPDIR)/libtrust_testable_la-token.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/token.c' object='trust/libtrust_testable_la-token.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtrust_testable_la_CFLAGS) $(CFLAGS) -c -o trust/libtrust_testable_la-token.lo `test -f 'trust/token.c' || echo '$(srcdir)/'`trust/token.c + +p11-kit/client_la-client.lo: p11-kit/client.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_client_la_CFLAGS) $(CFLAGS) -MT p11-kit/client_la-client.lo -MD -MP -MF p11-kit/$(DEPDIR)/client_la-client.Tpo -c -o p11-kit/client_la-client.lo `test -f 'p11-kit/client.c' || echo '$(srcdir)/'`p11-kit/client.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/client_la-client.Tpo p11-kit/$(DEPDIR)/client_la-client.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/client.c' object='p11-kit/client_la-client.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_client_la_CFLAGS) $(CFLAGS) -c -o p11-kit/client_la-client.lo `test -f 'p11-kit/client.c' || echo '$(srcdir)/'`p11-kit/client.c + +p11-kit/client_la-client-init.lo: p11-kit/client-init.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_client_la_CFLAGS) $(CFLAGS) -MT p11-kit/client_la-client-init.lo -MD -MP -MF p11-kit/$(DEPDIR)/client_la-client-init.Tpo -c -o p11-kit/client_la-client-init.lo `test -f 'p11-kit/client-init.c' || echo '$(srcdir)/'`p11-kit/client-init.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/client_la-client-init.Tpo p11-kit/$(DEPDIR)/client_la-client-init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/client-init.c' object='p11-kit/client_la-client-init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_client_la_CFLAGS) $(CFLAGS) -c -o p11-kit/client_la-client-init.lo `test -f 'p11-kit/client-init.c' || echo '$(srcdir)/'`p11-kit/client-init.c + +trust/p11_kit_trust_la-builder.lo: trust/builder.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-builder.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-builder.Tpo -c -o trust/p11_kit_trust_la-builder.lo `test -f 'trust/builder.c' || echo '$(srcdir)/'`trust/builder.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-builder.Tpo trust/$(DEPDIR)/p11_kit_trust_la-builder.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/builder.c' object='trust/p11_kit_trust_la-builder.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-builder.lo `test -f 'trust/builder.c' || echo '$(srcdir)/'`trust/builder.c + +trust/p11_kit_trust_la-digest.lo: trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-digest.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-digest.Tpo -c -o trust/p11_kit_trust_la-digest.lo `test -f 'trust/digest.c' || echo '$(srcdir)/'`trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-digest.Tpo trust/$(DEPDIR)/p11_kit_trust_la-digest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/digest.c' object='trust/p11_kit_trust_la-digest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-digest.lo `test -f 'trust/digest.c' || echo '$(srcdir)/'`trust/digest.c + +trust/p11_kit_trust_la-index.lo: trust/index.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-index.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-index.Tpo -c -o trust/p11_kit_trust_la-index.lo `test -f 'trust/index.c' || echo '$(srcdir)/'`trust/index.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-index.Tpo trust/$(DEPDIR)/p11_kit_trust_la-index.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/index.c' object='trust/p11_kit_trust_la-index.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-index.lo `test -f 'trust/index.c' || echo '$(srcdir)/'`trust/index.c + +trust/p11_kit_trust_la-parser.lo: trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-parser.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-parser.Tpo -c -o trust/p11_kit_trust_la-parser.lo `test -f 'trust/parser.c' || echo '$(srcdir)/'`trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-parser.Tpo trust/$(DEPDIR)/p11_kit_trust_la-parser.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/parser.c' object='trust/p11_kit_trust_la-parser.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-parser.lo `test -f 'trust/parser.c' || echo '$(srcdir)/'`trust/parser.c + +trust/p11_kit_trust_la-persist.lo: trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-persist.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-persist.Tpo -c -o trust/p11_kit_trust_la-persist.lo `test -f 'trust/persist.c' || echo '$(srcdir)/'`trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-persist.Tpo trust/$(DEPDIR)/p11_kit_trust_la-persist.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/persist.c' object='trust/p11_kit_trust_la-persist.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-persist.lo `test -f 'trust/persist.c' || echo '$(srcdir)/'`trust/persist.c + +trust/p11_kit_trust_la-module.lo: trust/module.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-module.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-module.Tpo -c -o trust/p11_kit_trust_la-module.lo `test -f 'trust/module.c' || echo '$(srcdir)/'`trust/module.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-module.Tpo trust/$(DEPDIR)/p11_kit_trust_la-module.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/module.c' object='trust/p11_kit_trust_la-module.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-module.lo `test -f 'trust/module.c' || echo '$(srcdir)/'`trust/module.c + +trust/p11_kit_trust_la-save.lo: trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-save.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-save.Tpo -c -o trust/p11_kit_trust_la-save.lo `test -f 'trust/save.c' || echo '$(srcdir)/'`trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-save.Tpo trust/$(DEPDIR)/p11_kit_trust_la-save.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/save.c' object='trust/p11_kit_trust_la-save.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-save.lo `test -f 'trust/save.c' || echo '$(srcdir)/'`trust/save.c + +trust/p11_kit_trust_la-session.lo: trust/session.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-session.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-session.Tpo -c -o trust/p11_kit_trust_la-session.lo `test -f 'trust/session.c' || echo '$(srcdir)/'`trust/session.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-session.Tpo trust/$(DEPDIR)/p11_kit_trust_la-session.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/session.c' object='trust/p11_kit_trust_la-session.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-session.lo `test -f 'trust/session.c' || echo '$(srcdir)/'`trust/session.c + +trust/p11_kit_trust_la-token.lo: trust/token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-token.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-token.Tpo -c -o trust/p11_kit_trust_la-token.lo `test -f 'trust/token.c' || echo '$(srcdir)/'`trust/token.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-token.Tpo trust/$(DEPDIR)/p11_kit_trust_la-token.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/token.c' object='trust/p11_kit_trust_la-token.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-token.lo `test -f 'trust/token.c' || echo '$(srcdir)/'`trust/token.c + +trust/p11_kit_trust_la-module-init.lo: trust/module-init.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -MT trust/p11_kit_trust_la-module-init.lo -MD -MP -MF trust/$(DEPDIR)/p11_kit_trust_la-module-init.Tpo -c -o trust/p11_kit_trust_la-module-init.lo `test -f 'trust/module-init.c' || echo '$(srcdir)/'`trust/module-init.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/p11_kit_trust_la-module-init.Tpo trust/$(DEPDIR)/p11_kit_trust_la-module-init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/module-init.c' object='trust/p11_kit_trust_la-module-init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_trust_la_CFLAGS) $(CFLAGS) -c -o trust/p11_kit_trust_la-module-init.lo `test -f 'trust/module-init.c' || echo '$(srcdir)/'`trust/module-init.c + +trust/frob_bc-frob-bc.o: trust/frob-bc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_bc_CFLAGS) $(CFLAGS) -MT trust/frob_bc-frob-bc.o -MD -MP -MF trust/$(DEPDIR)/frob_bc-frob-bc.Tpo -c -o trust/frob_bc-frob-bc.o `test -f 'trust/frob-bc.c' || echo '$(srcdir)/'`trust/frob-bc.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_bc-frob-bc.Tpo trust/$(DEPDIR)/frob_bc-frob-bc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-bc.c' object='trust/frob_bc-frob-bc.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_bc_CFLAGS) $(CFLAGS) -c -o trust/frob_bc-frob-bc.o `test -f 'trust/frob-bc.c' || echo '$(srcdir)/'`trust/frob-bc.c + +trust/frob_bc-frob-bc.obj: trust/frob-bc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_bc_CFLAGS) $(CFLAGS) -MT trust/frob_bc-frob-bc.obj -MD -MP -MF trust/$(DEPDIR)/frob_bc-frob-bc.Tpo -c -o trust/frob_bc-frob-bc.obj `if test -f 'trust/frob-bc.c'; then $(CYGPATH_W) 'trust/frob-bc.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-bc.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_bc-frob-bc.Tpo trust/$(DEPDIR)/frob_bc-frob-bc.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-bc.c' object='trust/frob_bc-frob-bc.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_bc_CFLAGS) $(CFLAGS) -c -o trust/frob_bc-frob-bc.obj `if test -f 'trust/frob-bc.c'; then $(CYGPATH_W) 'trust/frob-bc.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-bc.c'; fi` + +trust/frob_cert-frob-cert.o: trust/frob-cert.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_cert_CFLAGS) $(CFLAGS) -MT trust/frob_cert-frob-cert.o -MD -MP -MF trust/$(DEPDIR)/frob_cert-frob-cert.Tpo -c -o trust/frob_cert-frob-cert.o `test -f 'trust/frob-cert.c' || echo '$(srcdir)/'`trust/frob-cert.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_cert-frob-cert.Tpo trust/$(DEPDIR)/frob_cert-frob-cert.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-cert.c' object='trust/frob_cert-frob-cert.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_cert_CFLAGS) $(CFLAGS) -c -o trust/frob_cert-frob-cert.o `test -f 'trust/frob-cert.c' || echo '$(srcdir)/'`trust/frob-cert.c + +trust/frob_cert-frob-cert.obj: trust/frob-cert.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_cert_CFLAGS) $(CFLAGS) -MT trust/frob_cert-frob-cert.obj -MD -MP -MF trust/$(DEPDIR)/frob_cert-frob-cert.Tpo -c -o trust/frob_cert-frob-cert.obj `if test -f 'trust/frob-cert.c'; then $(CYGPATH_W) 'trust/frob-cert.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-cert.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_cert-frob-cert.Tpo trust/$(DEPDIR)/frob_cert-frob-cert.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-cert.c' object='trust/frob_cert-frob-cert.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_cert_CFLAGS) $(CFLAGS) -c -o trust/frob_cert-frob-cert.obj `if test -f 'trust/frob-cert.c'; then $(CYGPATH_W) 'trust/frob-cert.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-cert.c'; fi` + +trust/frob_eku-frob-eku.o: trust/frob-eku.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_eku_CFLAGS) $(CFLAGS) -MT trust/frob_eku-frob-eku.o -MD -MP -MF trust/$(DEPDIR)/frob_eku-frob-eku.Tpo -c -o trust/frob_eku-frob-eku.o `test -f 'trust/frob-eku.c' || echo '$(srcdir)/'`trust/frob-eku.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_eku-frob-eku.Tpo trust/$(DEPDIR)/frob_eku-frob-eku.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-eku.c' object='trust/frob_eku-frob-eku.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_eku_CFLAGS) $(CFLAGS) -c -o trust/frob_eku-frob-eku.o `test -f 'trust/frob-eku.c' || echo '$(srcdir)/'`trust/frob-eku.c + +trust/frob_eku-frob-eku.obj: trust/frob-eku.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_eku_CFLAGS) $(CFLAGS) -MT trust/frob_eku-frob-eku.obj -MD -MP -MF trust/$(DEPDIR)/frob_eku-frob-eku.Tpo -c -o trust/frob_eku-frob-eku.obj `if test -f 'trust/frob-eku.c'; then $(CYGPATH_W) 'trust/frob-eku.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-eku.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_eku-frob-eku.Tpo trust/$(DEPDIR)/frob_eku-frob-eku.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-eku.c' object='trust/frob_eku-frob-eku.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_eku_CFLAGS) $(CFLAGS) -c -o trust/frob_eku-frob-eku.obj `if test -f 'trust/frob-eku.c'; then $(CYGPATH_W) 'trust/frob-eku.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-eku.c'; fi` + +trust/frob_ext-frob-ext.o: trust/frob-ext.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ext_CFLAGS) $(CFLAGS) -MT trust/frob_ext-frob-ext.o -MD -MP -MF trust/$(DEPDIR)/frob_ext-frob-ext.Tpo -c -o trust/frob_ext-frob-ext.o `test -f 'trust/frob-ext.c' || echo '$(srcdir)/'`trust/frob-ext.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_ext-frob-ext.Tpo trust/$(DEPDIR)/frob_ext-frob-ext.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-ext.c' object='trust/frob_ext-frob-ext.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ext_CFLAGS) $(CFLAGS) -c -o trust/frob_ext-frob-ext.o `test -f 'trust/frob-ext.c' || echo '$(srcdir)/'`trust/frob-ext.c + +trust/frob_ext-frob-ext.obj: trust/frob-ext.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ext_CFLAGS) $(CFLAGS) -MT trust/frob_ext-frob-ext.obj -MD -MP -MF trust/$(DEPDIR)/frob_ext-frob-ext.Tpo -c -o trust/frob_ext-frob-ext.obj `if test -f 'trust/frob-ext.c'; then $(CYGPATH_W) 'trust/frob-ext.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-ext.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_ext-frob-ext.Tpo trust/$(DEPDIR)/frob_ext-frob-ext.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-ext.c' object='trust/frob_ext-frob-ext.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ext_CFLAGS) $(CFLAGS) -c -o trust/frob_ext-frob-ext.obj `if test -f 'trust/frob-ext.c'; then $(CYGPATH_W) 'trust/frob-ext.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-ext.c'; fi` + +trust/frob_ku-frob-ku.o: trust/frob-ku.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ku_CFLAGS) $(CFLAGS) -MT trust/frob_ku-frob-ku.o -MD -MP -MF trust/$(DEPDIR)/frob_ku-frob-ku.Tpo -c -o trust/frob_ku-frob-ku.o `test -f 'trust/frob-ku.c' || echo '$(srcdir)/'`trust/frob-ku.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_ku-frob-ku.Tpo trust/$(DEPDIR)/frob_ku-frob-ku.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-ku.c' object='trust/frob_ku-frob-ku.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ku_CFLAGS) $(CFLAGS) -c -o trust/frob_ku-frob-ku.o `test -f 'trust/frob-ku.c' || echo '$(srcdir)/'`trust/frob-ku.c + +trust/frob_ku-frob-ku.obj: trust/frob-ku.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ku_CFLAGS) $(CFLAGS) -MT trust/frob_ku-frob-ku.obj -MD -MP -MF trust/$(DEPDIR)/frob_ku-frob-ku.Tpo -c -o trust/frob_ku-frob-ku.obj `if test -f 'trust/frob-ku.c'; then $(CYGPATH_W) 'trust/frob-ku.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-ku.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_ku-frob-ku.Tpo trust/$(DEPDIR)/frob_ku-frob-ku.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-ku.c' object='trust/frob_ku-frob-ku.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_ku_CFLAGS) $(CFLAGS) -c -o trust/frob_ku-frob-ku.obj `if test -f 'trust/frob-ku.c'; then $(CYGPATH_W) 'trust/frob-ku.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-ku.c'; fi` + +trust/frob_oid-frob-oid.o: trust/frob-oid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_oid_CFLAGS) $(CFLAGS) -MT trust/frob_oid-frob-oid.o -MD -MP -MF trust/$(DEPDIR)/frob_oid-frob-oid.Tpo -c -o trust/frob_oid-frob-oid.o `test -f 'trust/frob-oid.c' || echo '$(srcdir)/'`trust/frob-oid.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_oid-frob-oid.Tpo trust/$(DEPDIR)/frob_oid-frob-oid.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-oid.c' object='trust/frob_oid-frob-oid.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_oid_CFLAGS) $(CFLAGS) -c -o trust/frob_oid-frob-oid.o `test -f 'trust/frob-oid.c' || echo '$(srcdir)/'`trust/frob-oid.c + +trust/frob_oid-frob-oid.obj: trust/frob-oid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_oid_CFLAGS) $(CFLAGS) -MT trust/frob_oid-frob-oid.obj -MD -MP -MF trust/$(DEPDIR)/frob_oid-frob-oid.Tpo -c -o trust/frob_oid-frob-oid.obj `if test -f 'trust/frob-oid.c'; then $(CYGPATH_W) 'trust/frob-oid.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-oid.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_oid-frob-oid.Tpo trust/$(DEPDIR)/frob_oid-frob-oid.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-oid.c' object='trust/frob_oid-frob-oid.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_oid_CFLAGS) $(CFLAGS) -c -o trust/frob_oid-frob-oid.obj `if test -f 'trust/frob-oid.c'; then $(CYGPATH_W) 'trust/frob-oid.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-oid.c'; fi` + +trust/frob_pow-frob-pow.o: trust/frob-pow.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_pow_CFLAGS) $(CFLAGS) -MT trust/frob_pow-frob-pow.o -MD -MP -MF trust/$(DEPDIR)/frob_pow-frob-pow.Tpo -c -o trust/frob_pow-frob-pow.o `test -f 'trust/frob-pow.c' || echo '$(srcdir)/'`trust/frob-pow.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_pow-frob-pow.Tpo trust/$(DEPDIR)/frob_pow-frob-pow.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-pow.c' object='trust/frob_pow-frob-pow.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_pow_CFLAGS) $(CFLAGS) -c -o trust/frob_pow-frob-pow.o `test -f 'trust/frob-pow.c' || echo '$(srcdir)/'`trust/frob-pow.c + +trust/frob_pow-frob-pow.obj: trust/frob-pow.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_pow_CFLAGS) $(CFLAGS) -MT trust/frob_pow-frob-pow.obj -MD -MP -MF trust/$(DEPDIR)/frob_pow-frob-pow.Tpo -c -o trust/frob_pow-frob-pow.obj `if test -f 'trust/frob-pow.c'; then $(CYGPATH_W) 'trust/frob-pow.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-pow.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_pow-frob-pow.Tpo trust/$(DEPDIR)/frob_pow-frob-pow.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-pow.c' object='trust/frob_pow-frob-pow.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_pow_CFLAGS) $(CFLAGS) -c -o trust/frob_pow-frob-pow.obj `if test -f 'trust/frob-pow.c'; then $(CYGPATH_W) 'trust/frob-pow.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-pow.c'; fi` + +trust/frob_token-frob-token.o: trust/frob-token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_token_CFLAGS) $(CFLAGS) -MT trust/frob_token-frob-token.o -MD -MP -MF trust/$(DEPDIR)/frob_token-frob-token.Tpo -c -o trust/frob_token-frob-token.o `test -f 'trust/frob-token.c' || echo '$(srcdir)/'`trust/frob-token.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_token-frob-token.Tpo trust/$(DEPDIR)/frob_token-frob-token.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-token.c' object='trust/frob_token-frob-token.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_token_CFLAGS) $(CFLAGS) -c -o trust/frob_token-frob-token.o `test -f 'trust/frob-token.c' || echo '$(srcdir)/'`trust/frob-token.c + +trust/frob_token-frob-token.obj: trust/frob-token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_token_CFLAGS) $(CFLAGS) -MT trust/frob_token-frob-token.obj -MD -MP -MF trust/$(DEPDIR)/frob_token-frob-token.Tpo -c -o trust/frob_token-frob-token.obj `if test -f 'trust/frob-token.c'; then $(CYGPATH_W) 'trust/frob-token.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-token.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/frob_token-frob-token.Tpo trust/$(DEPDIR)/frob_token-frob-token.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/frob-token.c' object='trust/frob_token-frob-token.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(frob_token_CFLAGS) $(CFLAGS) -c -o trust/frob_token-frob-token.obj `if test -f 'trust/frob-token.c'; then $(CYGPATH_W) 'trust/frob-token.c'; else $(CYGPATH_W) '$(srcdir)/trust/frob-token.c'; fi` + +p11-kit/p11_kit_server-server.o: p11-kit/server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_CFLAGS) $(CFLAGS) -MT p11-kit/p11_kit_server-server.o -MD -MP -MF p11-kit/$(DEPDIR)/p11_kit_server-server.Tpo -c -o p11-kit/p11_kit_server-server.o `test -f 'p11-kit/server.c' || echo '$(srcdir)/'`p11-kit/server.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/p11_kit_server-server.Tpo p11-kit/$(DEPDIR)/p11_kit_server-server.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/server.c' object='p11-kit/p11_kit_server-server.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_CFLAGS) $(CFLAGS) -c -o p11-kit/p11_kit_server-server.o `test -f 'p11-kit/server.c' || echo '$(srcdir)/'`p11-kit/server.c + +p11-kit/p11_kit_server-server.obj: p11-kit/server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_CFLAGS) $(CFLAGS) -MT p11-kit/p11_kit_server-server.obj -MD -MP -MF p11-kit/$(DEPDIR)/p11_kit_server-server.Tpo -c -o p11-kit/p11_kit_server-server.obj `if test -f 'p11-kit/server.c'; then $(CYGPATH_W) 'p11-kit/server.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/server.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/p11_kit_server-server.Tpo p11-kit/$(DEPDIR)/p11_kit_server-server.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/server.c' object='p11-kit/p11_kit_server-server.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_CFLAGS) $(CFLAGS) -c -o p11-kit/p11_kit_server-server.obj `if test -f 'p11-kit/server.c'; then $(CYGPATH_W) 'p11-kit/server.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/server.c'; fi` + +p11-kit/p11_kit_server_testable-server.o: p11-kit/server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_testable_CFLAGS) $(CFLAGS) -MT p11-kit/p11_kit_server_testable-server.o -MD -MP -MF p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Tpo -c -o p11-kit/p11_kit_server_testable-server.o `test -f 'p11-kit/server.c' || echo '$(srcdir)/'`p11-kit/server.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Tpo p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/server.c' object='p11-kit/p11_kit_server_testable-server.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_testable_CFLAGS) $(CFLAGS) -c -o p11-kit/p11_kit_server_testable-server.o `test -f 'p11-kit/server.c' || echo '$(srcdir)/'`p11-kit/server.c + +p11-kit/p11_kit_server_testable-server.obj: p11-kit/server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_testable_CFLAGS) $(CFLAGS) -MT p11-kit/p11_kit_server_testable-server.obj -MD -MP -MF p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Tpo -c -o p11-kit/p11_kit_server_testable-server.obj `if test -f 'p11-kit/server.c'; then $(CYGPATH_W) 'p11-kit/server.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/server.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Tpo p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/server.c' object='p11-kit/p11_kit_server_testable-server.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(p11_kit_p11_kit_server_testable_CFLAGS) $(CFLAGS) -c -o p11-kit/p11_kit_server_testable-server.obj `if test -f 'p11-kit/server.c'; then $(CYGPATH_W) 'p11-kit/server.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/server.c'; fi` + +trust/test_asn1-test-asn1.o: trust/test-asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_asn1_CFLAGS) $(CFLAGS) -MT trust/test_asn1-test-asn1.o -MD -MP -MF trust/$(DEPDIR)/test_asn1-test-asn1.Tpo -c -o trust/test_asn1-test-asn1.o `test -f 'trust/test-asn1.c' || echo '$(srcdir)/'`trust/test-asn1.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_asn1-test-asn1.Tpo trust/$(DEPDIR)/test_asn1-test-asn1.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-asn1.c' object='trust/test_asn1-test-asn1.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_asn1_CFLAGS) $(CFLAGS) -c -o trust/test_asn1-test-asn1.o `test -f 'trust/test-asn1.c' || echo '$(srcdir)/'`trust/test-asn1.c + +trust/test_asn1-test-asn1.obj: trust/test-asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_asn1_CFLAGS) $(CFLAGS) -MT trust/test_asn1-test-asn1.obj -MD -MP -MF trust/$(DEPDIR)/test_asn1-test-asn1.Tpo -c -o trust/test_asn1-test-asn1.obj `if test -f 'trust/test-asn1.c'; then $(CYGPATH_W) 'trust/test-asn1.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-asn1.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_asn1-test-asn1.Tpo trust/$(DEPDIR)/test_asn1-test-asn1.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-asn1.c' object='trust/test_asn1-test-asn1.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_asn1_CFLAGS) $(CFLAGS) -c -o trust/test_asn1-test-asn1.obj `if test -f 'trust/test-asn1.c'; then $(CYGPATH_W) 'trust/test-asn1.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-asn1.c'; fi` + +trust/test_base64-test-base64.o: trust/test-base64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_base64_CFLAGS) $(CFLAGS) -MT trust/test_base64-test-base64.o -MD -MP -MF trust/$(DEPDIR)/test_base64-test-base64.Tpo -c -o trust/test_base64-test-base64.o `test -f 'trust/test-base64.c' || echo '$(srcdir)/'`trust/test-base64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_base64-test-base64.Tpo trust/$(DEPDIR)/test_base64-test-base64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-base64.c' object='trust/test_base64-test-base64.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_base64_CFLAGS) $(CFLAGS) -c -o trust/test_base64-test-base64.o `test -f 'trust/test-base64.c' || echo '$(srcdir)/'`trust/test-base64.c + +trust/test_base64-test-base64.obj: trust/test-base64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_base64_CFLAGS) $(CFLAGS) -MT trust/test_base64-test-base64.obj -MD -MP -MF trust/$(DEPDIR)/test_base64-test-base64.Tpo -c -o trust/test_base64-test-base64.obj `if test -f 'trust/test-base64.c'; then $(CYGPATH_W) 'trust/test-base64.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-base64.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_base64-test-base64.Tpo trust/$(DEPDIR)/test_base64-test-base64.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-base64.c' object='trust/test_base64-test-base64.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_base64_CFLAGS) $(CFLAGS) -c -o trust/test_base64-test-base64.obj `if test -f 'trust/test-base64.c'; then $(CYGPATH_W) 'trust/test-base64.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-base64.c'; fi` + +trust/test_builder-test-builder.o: trust/test-builder.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_builder_CFLAGS) $(CFLAGS) -MT trust/test_builder-test-builder.o -MD -MP -MF trust/$(DEPDIR)/test_builder-test-builder.Tpo -c -o trust/test_builder-test-builder.o `test -f 'trust/test-builder.c' || echo '$(srcdir)/'`trust/test-builder.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_builder-test-builder.Tpo trust/$(DEPDIR)/test_builder-test-builder.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-builder.c' object='trust/test_builder-test-builder.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_builder_CFLAGS) $(CFLAGS) -c -o trust/test_builder-test-builder.o `test -f 'trust/test-builder.c' || echo '$(srcdir)/'`trust/test-builder.c + +trust/test_builder-test-builder.obj: trust/test-builder.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_builder_CFLAGS) $(CFLAGS) -MT trust/test_builder-test-builder.obj -MD -MP -MF trust/$(DEPDIR)/test_builder-test-builder.Tpo -c -o trust/test_builder-test-builder.obj `if test -f 'trust/test-builder.c'; then $(CYGPATH_W) 'trust/test-builder.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-builder.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_builder-test-builder.Tpo trust/$(DEPDIR)/test_builder-test-builder.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-builder.c' object='trust/test_builder-test-builder.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_builder_CFLAGS) $(CFLAGS) -c -o trust/test_builder-test-builder.obj `if test -f 'trust/test-builder.c'; then $(CYGPATH_W) 'trust/test-builder.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-builder.c'; fi` + +trust/test_bundle-test-bundle.o: trust/test-bundle.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_bundle_CFLAGS) $(CFLAGS) -MT trust/test_bundle-test-bundle.o -MD -MP -MF trust/$(DEPDIR)/test_bundle-test-bundle.Tpo -c -o trust/test_bundle-test-bundle.o `test -f 'trust/test-bundle.c' || echo '$(srcdir)/'`trust/test-bundle.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_bundle-test-bundle.Tpo trust/$(DEPDIR)/test_bundle-test-bundle.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-bundle.c' object='trust/test_bundle-test-bundle.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_bundle_CFLAGS) $(CFLAGS) -c -o trust/test_bundle-test-bundle.o `test -f 'trust/test-bundle.c' || echo '$(srcdir)/'`trust/test-bundle.c + +trust/test_bundle-test-bundle.obj: trust/test-bundle.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_bundle_CFLAGS) $(CFLAGS) -MT trust/test_bundle-test-bundle.obj -MD -MP -MF trust/$(DEPDIR)/test_bundle-test-bundle.Tpo -c -o trust/test_bundle-test-bundle.obj `if test -f 'trust/test-bundle.c'; then $(CYGPATH_W) 'trust/test-bundle.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-bundle.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_bundle-test-bundle.Tpo trust/$(DEPDIR)/test_bundle-test-bundle.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-bundle.c' object='trust/test_bundle-test-bundle.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_bundle_CFLAGS) $(CFLAGS) -c -o trust/test_bundle-test-bundle.obj `if test -f 'trust/test-bundle.c'; then $(CYGPATH_W) 'trust/test-bundle.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-bundle.c'; fi` + +trust/test_cer-test-cer.o: trust/test-cer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_cer_CFLAGS) $(CFLAGS) -MT trust/test_cer-test-cer.o -MD -MP -MF trust/$(DEPDIR)/test_cer-test-cer.Tpo -c -o trust/test_cer-test-cer.o `test -f 'trust/test-cer.c' || echo '$(srcdir)/'`trust/test-cer.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_cer-test-cer.Tpo trust/$(DEPDIR)/test_cer-test-cer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-cer.c' object='trust/test_cer-test-cer.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_cer_CFLAGS) $(CFLAGS) -c -o trust/test_cer-test-cer.o `test -f 'trust/test-cer.c' || echo '$(srcdir)/'`trust/test-cer.c + +trust/test_cer-test-cer.obj: trust/test-cer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_cer_CFLAGS) $(CFLAGS) -MT trust/test_cer-test-cer.obj -MD -MP -MF trust/$(DEPDIR)/test_cer-test-cer.Tpo -c -o trust/test_cer-test-cer.obj `if test -f 'trust/test-cer.c'; then $(CYGPATH_W) 'trust/test-cer.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-cer.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_cer-test-cer.Tpo trust/$(DEPDIR)/test_cer-test-cer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-cer.c' object='trust/test_cer-test-cer.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_cer_CFLAGS) $(CFLAGS) -c -o trust/test_cer-test-cer.obj `if test -f 'trust/test-cer.c'; then $(CYGPATH_W) 'trust/test-cer.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-cer.c'; fi` + +p11-kit/test_deprecated-test-deprecated.o: p11-kit/test-deprecated.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_deprecated_CFLAGS) $(CFLAGS) -MT p11-kit/test_deprecated-test-deprecated.o -MD -MP -MF p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Tpo -c -o p11-kit/test_deprecated-test-deprecated.o `test -f 'p11-kit/test-deprecated.c' || echo '$(srcdir)/'`p11-kit/test-deprecated.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Tpo p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-deprecated.c' object='p11-kit/test_deprecated-test-deprecated.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_deprecated_CFLAGS) $(CFLAGS) -c -o p11-kit/test_deprecated-test-deprecated.o `test -f 'p11-kit/test-deprecated.c' || echo '$(srcdir)/'`p11-kit/test-deprecated.c + +p11-kit/test_deprecated-test-deprecated.obj: p11-kit/test-deprecated.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_deprecated_CFLAGS) $(CFLAGS) -MT p11-kit/test_deprecated-test-deprecated.obj -MD -MP -MF p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Tpo -c -o p11-kit/test_deprecated-test-deprecated.obj `if test -f 'p11-kit/test-deprecated.c'; then $(CYGPATH_W) 'p11-kit/test-deprecated.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-deprecated.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Tpo p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-deprecated.c' object='p11-kit/test_deprecated-test-deprecated.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_deprecated_CFLAGS) $(CFLAGS) -c -o p11-kit/test_deprecated-test-deprecated.obj `if test -f 'p11-kit/test-deprecated.c'; then $(CYGPATH_W) 'p11-kit/test-deprecated.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-deprecated.c'; fi` + +trust/test_digest-test-digest.o: trust/test-digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_digest_CFLAGS) $(CFLAGS) -MT trust/test_digest-test-digest.o -MD -MP -MF trust/$(DEPDIR)/test_digest-test-digest.Tpo -c -o trust/test_digest-test-digest.o `test -f 'trust/test-digest.c' || echo '$(srcdir)/'`trust/test-digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_digest-test-digest.Tpo trust/$(DEPDIR)/test_digest-test-digest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-digest.c' object='trust/test_digest-test-digest.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_digest_CFLAGS) $(CFLAGS) -c -o trust/test_digest-test-digest.o `test -f 'trust/test-digest.c' || echo '$(srcdir)/'`trust/test-digest.c + +trust/test_digest-test-digest.obj: trust/test-digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_digest_CFLAGS) $(CFLAGS) -MT trust/test_digest-test-digest.obj -MD -MP -MF trust/$(DEPDIR)/test_digest-test-digest.Tpo -c -o trust/test_digest-test-digest.obj `if test -f 'trust/test-digest.c'; then $(CYGPATH_W) 'trust/test-digest.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-digest.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_digest-test-digest.Tpo trust/$(DEPDIR)/test_digest-test-digest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-digest.c' object='trust/test_digest-test-digest.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_digest_CFLAGS) $(CFLAGS) -c -o trust/test_digest-test-digest.obj `if test -f 'trust/test-digest.c'; then $(CYGPATH_W) 'trust/test-digest.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-digest.c'; fi` + +trust/test_edk2-test-edk2.o: trust/test-edk2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_edk2_CFLAGS) $(CFLAGS) -MT trust/test_edk2-test-edk2.o -MD -MP -MF trust/$(DEPDIR)/test_edk2-test-edk2.Tpo -c -o trust/test_edk2-test-edk2.o `test -f 'trust/test-edk2.c' || echo '$(srcdir)/'`trust/test-edk2.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_edk2-test-edk2.Tpo trust/$(DEPDIR)/test_edk2-test-edk2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-edk2.c' object='trust/test_edk2-test-edk2.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_edk2_CFLAGS) $(CFLAGS) -c -o trust/test_edk2-test-edk2.o `test -f 'trust/test-edk2.c' || echo '$(srcdir)/'`trust/test-edk2.c + +trust/test_edk2-test-edk2.obj: trust/test-edk2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_edk2_CFLAGS) $(CFLAGS) -MT trust/test_edk2-test-edk2.obj -MD -MP -MF trust/$(DEPDIR)/test_edk2-test-edk2.Tpo -c -o trust/test_edk2-test-edk2.obj `if test -f 'trust/test-edk2.c'; then $(CYGPATH_W) 'trust/test-edk2.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-edk2.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_edk2-test-edk2.Tpo trust/$(DEPDIR)/test_edk2-test-edk2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-edk2.c' object='trust/test_edk2-test-edk2.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_edk2_CFLAGS) $(CFLAGS) -c -o trust/test_edk2-test-edk2.obj `if test -f 'trust/test-edk2.c'; then $(CYGPATH_W) 'trust/test-edk2.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-edk2.c'; fi` + +trust/test_enumerate-test-enumerate.o: trust/test-enumerate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_enumerate_CFLAGS) $(CFLAGS) -MT trust/test_enumerate-test-enumerate.o -MD -MP -MF trust/$(DEPDIR)/test_enumerate-test-enumerate.Tpo -c -o trust/test_enumerate-test-enumerate.o `test -f 'trust/test-enumerate.c' || echo '$(srcdir)/'`trust/test-enumerate.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_enumerate-test-enumerate.Tpo trust/$(DEPDIR)/test_enumerate-test-enumerate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-enumerate.c' object='trust/test_enumerate-test-enumerate.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_enumerate_CFLAGS) $(CFLAGS) -c -o trust/test_enumerate-test-enumerate.o `test -f 'trust/test-enumerate.c' || echo '$(srcdir)/'`trust/test-enumerate.c + +trust/test_enumerate-test-enumerate.obj: trust/test-enumerate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_enumerate_CFLAGS) $(CFLAGS) -MT trust/test_enumerate-test-enumerate.obj -MD -MP -MF trust/$(DEPDIR)/test_enumerate-test-enumerate.Tpo -c -o trust/test_enumerate-test-enumerate.obj `if test -f 'trust/test-enumerate.c'; then $(CYGPATH_W) 'trust/test-enumerate.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-enumerate.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_enumerate-test-enumerate.Tpo trust/$(DEPDIR)/test_enumerate-test-enumerate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-enumerate.c' object='trust/test_enumerate-test-enumerate.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_enumerate_CFLAGS) $(CFLAGS) -c -o trust/test_enumerate-test-enumerate.obj `if test -f 'trust/test-enumerate.c'; then $(CYGPATH_W) 'trust/test-enumerate.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-enumerate.c'; fi` + +trust/test_index-test-index.o: trust/test-index.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_index_CFLAGS) $(CFLAGS) -MT trust/test_index-test-index.o -MD -MP -MF trust/$(DEPDIR)/test_index-test-index.Tpo -c -o trust/test_index-test-index.o `test -f 'trust/test-index.c' || echo '$(srcdir)/'`trust/test-index.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_index-test-index.Tpo trust/$(DEPDIR)/test_index-test-index.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-index.c' object='trust/test_index-test-index.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_index_CFLAGS) $(CFLAGS) -c -o trust/test_index-test-index.o `test -f 'trust/test-index.c' || echo '$(srcdir)/'`trust/test-index.c + +trust/test_index-test-index.obj: trust/test-index.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_index_CFLAGS) $(CFLAGS) -MT trust/test_index-test-index.obj -MD -MP -MF trust/$(DEPDIR)/test_index-test-index.Tpo -c -o trust/test_index-test-index.obj `if test -f 'trust/test-index.c'; then $(CYGPATH_W) 'trust/test-index.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-index.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_index-test-index.Tpo trust/$(DEPDIR)/test_index-test-index.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-index.c' object='trust/test_index-test-index.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_index_CFLAGS) $(CFLAGS) -c -o trust/test_index-test-index.obj `if test -f 'trust/test-index.c'; then $(CYGPATH_W) 'trust/test-index.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-index.c'; fi` + +p11-kit/test_init-test-init.o: p11-kit/test-init.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_init_CFLAGS) $(CFLAGS) -MT p11-kit/test_init-test-init.o -MD -MP -MF p11-kit/$(DEPDIR)/test_init-test-init.Tpo -c -o p11-kit/test_init-test-init.o `test -f 'p11-kit/test-init.c' || echo '$(srcdir)/'`p11-kit/test-init.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_init-test-init.Tpo p11-kit/$(DEPDIR)/test_init-test-init.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-init.c' object='p11-kit/test_init-test-init.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_init_CFLAGS) $(CFLAGS) -c -o p11-kit/test_init-test-init.o `test -f 'p11-kit/test-init.c' || echo '$(srcdir)/'`p11-kit/test-init.c + +p11-kit/test_init-test-init.obj: p11-kit/test-init.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_init_CFLAGS) $(CFLAGS) -MT p11-kit/test_init-test-init.obj -MD -MP -MF p11-kit/$(DEPDIR)/test_init-test-init.Tpo -c -o p11-kit/test_init-test-init.obj `if test -f 'p11-kit/test-init.c'; then $(CYGPATH_W) 'p11-kit/test-init.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-init.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_init-test-init.Tpo p11-kit/$(DEPDIR)/test_init-test-init.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-init.c' object='p11-kit/test_init-test-init.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_init_CFLAGS) $(CFLAGS) -c -o p11-kit/test_init-test-init.obj `if test -f 'p11-kit/test-init.c'; then $(CYGPATH_W) 'p11-kit/test-init.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-init.c'; fi` + +trust/test_jks-test-jks.o: trust/test-jks.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_jks_CFLAGS) $(CFLAGS) -MT trust/test_jks-test-jks.o -MD -MP -MF trust/$(DEPDIR)/test_jks-test-jks.Tpo -c -o trust/test_jks-test-jks.o `test -f 'trust/test-jks.c' || echo '$(srcdir)/'`trust/test-jks.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_jks-test-jks.Tpo trust/$(DEPDIR)/test_jks-test-jks.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-jks.c' object='trust/test_jks-test-jks.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_jks_CFLAGS) $(CFLAGS) -c -o trust/test_jks-test-jks.o `test -f 'trust/test-jks.c' || echo '$(srcdir)/'`trust/test-jks.c + +trust/test_jks-test-jks.obj: trust/test-jks.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_jks_CFLAGS) $(CFLAGS) -MT trust/test_jks-test-jks.obj -MD -MP -MF trust/$(DEPDIR)/test_jks-test-jks.Tpo -c -o trust/test_jks-test-jks.obj `if test -f 'trust/test-jks.c'; then $(CYGPATH_W) 'trust/test-jks.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-jks.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_jks-test-jks.Tpo trust/$(DEPDIR)/test_jks-test-jks.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-jks.c' object='trust/test_jks-test-jks.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_jks_CFLAGS) $(CFLAGS) -c -o trust/test_jks-test-jks.obj `if test -f 'trust/test-jks.c'; then $(CYGPATH_W) 'trust/test-jks.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-jks.c'; fi` + +trust/test_module-test-module.o: trust/test-module.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_module_CFLAGS) $(CFLAGS) -MT trust/test_module-test-module.o -MD -MP -MF trust/$(DEPDIR)/test_module-test-module.Tpo -c -o trust/test_module-test-module.o `test -f 'trust/test-module.c' || echo '$(srcdir)/'`trust/test-module.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_module-test-module.Tpo trust/$(DEPDIR)/test_module-test-module.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-module.c' object='trust/test_module-test-module.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_module_CFLAGS) $(CFLAGS) -c -o trust/test_module-test-module.o `test -f 'trust/test-module.c' || echo '$(srcdir)/'`trust/test-module.c + +trust/test_module-test-module.obj: trust/test-module.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_module_CFLAGS) $(CFLAGS) -MT trust/test_module-test-module.obj -MD -MP -MF trust/$(DEPDIR)/test_module-test-module.Tpo -c -o trust/test_module-test-module.obj `if test -f 'trust/test-module.c'; then $(CYGPATH_W) 'trust/test-module.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-module.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_module-test-module.Tpo trust/$(DEPDIR)/test_module-test-module.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-module.c' object='trust/test_module-test-module.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_module_CFLAGS) $(CFLAGS) -c -o trust/test_module-test-module.obj `if test -f 'trust/test-module.c'; then $(CYGPATH_W) 'trust/test-module.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-module.c'; fi` + +trust/test_oid-test-oid.o: trust/test-oid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_oid_CFLAGS) $(CFLAGS) -MT trust/test_oid-test-oid.o -MD -MP -MF trust/$(DEPDIR)/test_oid-test-oid.Tpo -c -o trust/test_oid-test-oid.o `test -f 'trust/test-oid.c' || echo '$(srcdir)/'`trust/test-oid.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_oid-test-oid.Tpo trust/$(DEPDIR)/test_oid-test-oid.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-oid.c' object='trust/test_oid-test-oid.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_oid_CFLAGS) $(CFLAGS) -c -o trust/test_oid-test-oid.o `test -f 'trust/test-oid.c' || echo '$(srcdir)/'`trust/test-oid.c + +trust/test_oid-test-oid.obj: trust/test-oid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_oid_CFLAGS) $(CFLAGS) -MT trust/test_oid-test-oid.obj -MD -MP -MF trust/$(DEPDIR)/test_oid-test-oid.Tpo -c -o trust/test_oid-test-oid.obj `if test -f 'trust/test-oid.c'; then $(CYGPATH_W) 'trust/test-oid.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-oid.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_oid-test-oid.Tpo trust/$(DEPDIR)/test_oid-test-oid.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-oid.c' object='trust/test_oid-test-oid.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_oid_CFLAGS) $(CFLAGS) -c -o trust/test_oid-test-oid.obj `if test -f 'trust/test-oid.c'; then $(CYGPATH_W) 'trust/test-oid.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-oid.c'; fi` + +trust/test_openssl-test-openssl.o: trust/test-openssl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_openssl_CFLAGS) $(CFLAGS) -MT trust/test_openssl-test-openssl.o -MD -MP -MF trust/$(DEPDIR)/test_openssl-test-openssl.Tpo -c -o trust/test_openssl-test-openssl.o `test -f 'trust/test-openssl.c' || echo '$(srcdir)/'`trust/test-openssl.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_openssl-test-openssl.Tpo trust/$(DEPDIR)/test_openssl-test-openssl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-openssl.c' object='trust/test_openssl-test-openssl.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_openssl_CFLAGS) $(CFLAGS) -c -o trust/test_openssl-test-openssl.o `test -f 'trust/test-openssl.c' || echo '$(srcdir)/'`trust/test-openssl.c + +trust/test_openssl-test-openssl.obj: trust/test-openssl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_openssl_CFLAGS) $(CFLAGS) -MT trust/test_openssl-test-openssl.obj -MD -MP -MF trust/$(DEPDIR)/test_openssl-test-openssl.Tpo -c -o trust/test_openssl-test-openssl.obj `if test -f 'trust/test-openssl.c'; then $(CYGPATH_W) 'trust/test-openssl.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-openssl.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_openssl-test-openssl.Tpo trust/$(DEPDIR)/test_openssl-test-openssl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-openssl.c' object='trust/test_openssl-test-openssl.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_openssl_CFLAGS) $(CFLAGS) -c -o trust/test_openssl-test-openssl.obj `if test -f 'trust/test-openssl.c'; then $(CYGPATH_W) 'trust/test-openssl.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-openssl.c'; fi` + +trust/test_parser-test-parser.o: trust/test-parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_parser_CFLAGS) $(CFLAGS) -MT trust/test_parser-test-parser.o -MD -MP -MF trust/$(DEPDIR)/test_parser-test-parser.Tpo -c -o trust/test_parser-test-parser.o `test -f 'trust/test-parser.c' || echo '$(srcdir)/'`trust/test-parser.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_parser-test-parser.Tpo trust/$(DEPDIR)/test_parser-test-parser.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-parser.c' object='trust/test_parser-test-parser.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_parser_CFLAGS) $(CFLAGS) -c -o trust/test_parser-test-parser.o `test -f 'trust/test-parser.c' || echo '$(srcdir)/'`trust/test-parser.c + +trust/test_parser-test-parser.obj: trust/test-parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_parser_CFLAGS) $(CFLAGS) -MT trust/test_parser-test-parser.obj -MD -MP -MF trust/$(DEPDIR)/test_parser-test-parser.Tpo -c -o trust/test_parser-test-parser.obj `if test -f 'trust/test-parser.c'; then $(CYGPATH_W) 'trust/test-parser.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-parser.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_parser-test-parser.Tpo trust/$(DEPDIR)/test_parser-test-parser.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-parser.c' object='trust/test_parser-test-parser.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_parser_CFLAGS) $(CFLAGS) -c -o trust/test_parser-test-parser.obj `if test -f 'trust/test-parser.c'; then $(CYGPATH_W) 'trust/test-parser.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-parser.c'; fi` + +p11-kit/test_server-test-server.o: p11-kit/test-server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_server_CFLAGS) $(CFLAGS) -MT p11-kit/test_server-test-server.o -MD -MP -MF p11-kit/$(DEPDIR)/test_server-test-server.Tpo -c -o p11-kit/test_server-test-server.o `test -f 'p11-kit/test-server.c' || echo '$(srcdir)/'`p11-kit/test-server.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_server-test-server.Tpo p11-kit/$(DEPDIR)/test_server-test-server.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-server.c' object='p11-kit/test_server-test-server.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_server_CFLAGS) $(CFLAGS) -c -o p11-kit/test_server-test-server.o `test -f 'p11-kit/test-server.c' || echo '$(srcdir)/'`p11-kit/test-server.c + +p11-kit/test_server-test-server.obj: p11-kit/test-server.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_server_CFLAGS) $(CFLAGS) -MT p11-kit/test_server-test-server.obj -MD -MP -MF p11-kit/$(DEPDIR)/test_server-test-server.Tpo -c -o p11-kit/test_server-test-server.obj `if test -f 'p11-kit/test-server.c'; then $(CYGPATH_W) 'p11-kit/test-server.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-server.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_server-test-server.Tpo p11-kit/$(DEPDIR)/test_server-test-server.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-server.c' object='p11-kit/test_server-test-server.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_server_CFLAGS) $(CFLAGS) -c -o p11-kit/test_server-test-server.obj `if test -f 'p11-kit/test-server.c'; then $(CYGPATH_W) 'p11-kit/test-server.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-server.c'; fi` + +trust/test_token-test-token.o: trust/test-token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_token_CFLAGS) $(CFLAGS) -MT trust/test_token-test-token.o -MD -MP -MF trust/$(DEPDIR)/test_token-test-token.Tpo -c -o trust/test_token-test-token.o `test -f 'trust/test-token.c' || echo '$(srcdir)/'`trust/test-token.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_token-test-token.Tpo trust/$(DEPDIR)/test_token-test-token.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-token.c' object='trust/test_token-test-token.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_token_CFLAGS) $(CFLAGS) -c -o trust/test_token-test-token.o `test -f 'trust/test-token.c' || echo '$(srcdir)/'`trust/test-token.c + +trust/test_token-test-token.obj: trust/test-token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_token_CFLAGS) $(CFLAGS) -MT trust/test_token-test-token.obj -MD -MP -MF trust/$(DEPDIR)/test_token-test-token.Tpo -c -o trust/test_token-test-token.obj `if test -f 'trust/test-token.c'; then $(CYGPATH_W) 'trust/test-token.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-token.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_token-test-token.Tpo trust/$(DEPDIR)/test_token-test-token.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-token.c' object='trust/test_token-test-token.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_token_CFLAGS) $(CFLAGS) -c -o trust/test_token-test-token.obj `if test -f 'trust/test-token.c'; then $(CYGPATH_W) 'trust/test-token.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-token.c'; fi` + +p11-kit/test_transport-test-transport.o: p11-kit/test-transport.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_transport_CFLAGS) $(CFLAGS) -MT p11-kit/test_transport-test-transport.o -MD -MP -MF p11-kit/$(DEPDIR)/test_transport-test-transport.Tpo -c -o p11-kit/test_transport-test-transport.o `test -f 'p11-kit/test-transport.c' || echo '$(srcdir)/'`p11-kit/test-transport.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_transport-test-transport.Tpo p11-kit/$(DEPDIR)/test_transport-test-transport.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-transport.c' object='p11-kit/test_transport-test-transport.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_transport_CFLAGS) $(CFLAGS) -c -o p11-kit/test_transport-test-transport.o `test -f 'p11-kit/test-transport.c' || echo '$(srcdir)/'`p11-kit/test-transport.c + +p11-kit/test_transport-test-transport.obj: p11-kit/test-transport.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_transport_CFLAGS) $(CFLAGS) -MT p11-kit/test_transport-test-transport.obj -MD -MP -MF p11-kit/$(DEPDIR)/test_transport-test-transport.Tpo -c -o p11-kit/test_transport-test-transport.obj `if test -f 'p11-kit/test-transport.c'; then $(CYGPATH_W) 'p11-kit/test-transport.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-transport.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) p11-kit/$(DEPDIR)/test_transport-test-transport.Tpo p11-kit/$(DEPDIR)/test_transport-test-transport.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='p11-kit/test-transport.c' object='p11-kit/test_transport-test-transport.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_transport_CFLAGS) $(CFLAGS) -c -o p11-kit/test_transport-test-transport.obj `if test -f 'p11-kit/test-transport.c'; then $(CYGPATH_W) 'p11-kit/test-transport.c'; else $(CYGPATH_W) '$(srcdir)/p11-kit/test-transport.c'; fi` + +trust/test_x509-test-x509.o: trust/test-x509.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_x509_CFLAGS) $(CFLAGS) -MT trust/test_x509-test-x509.o -MD -MP -MF trust/$(DEPDIR)/test_x509-test-x509.Tpo -c -o trust/test_x509-test-x509.o `test -f 'trust/test-x509.c' || echo '$(srcdir)/'`trust/test-x509.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_x509-test-x509.Tpo trust/$(DEPDIR)/test_x509-test-x509.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-x509.c' object='trust/test_x509-test-x509.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_x509_CFLAGS) $(CFLAGS) -c -o trust/test_x509-test-x509.o `test -f 'trust/test-x509.c' || echo '$(srcdir)/'`trust/test-x509.c + +trust/test_x509-test-x509.obj: trust/test-x509.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_x509_CFLAGS) $(CFLAGS) -MT trust/test_x509-test-x509.obj -MD -MP -MF trust/$(DEPDIR)/test_x509-test-x509.Tpo -c -o trust/test_x509-test-x509.obj `if test -f 'trust/test-x509.c'; then $(CYGPATH_W) 'trust/test-x509.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-x509.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/test_x509-test-x509.Tpo trust/$(DEPDIR)/test_x509-test-x509.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/test-x509.c' object='trust/test_x509-test-x509.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_x509_CFLAGS) $(CFLAGS) -c -o trust/test_x509-test-x509.obj `if test -f 'trust/test-x509.c'; then $(CYGPATH_W) 'trust/test-x509.c'; else $(CYGPATH_W) '$(srcdir)/trust/test-x509.c'; fi` + +trust/trust-anchor.o: trust/anchor.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-anchor.o -MD -MP -MF trust/$(DEPDIR)/trust-anchor.Tpo -c -o trust/trust-anchor.o `test -f 'trust/anchor.c' || echo '$(srcdir)/'`trust/anchor.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-anchor.Tpo trust/$(DEPDIR)/trust-anchor.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/anchor.c' object='trust/trust-anchor.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-anchor.o `test -f 'trust/anchor.c' || echo '$(srcdir)/'`trust/anchor.c + +trust/trust-anchor.obj: trust/anchor.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-anchor.obj -MD -MP -MF trust/$(DEPDIR)/trust-anchor.Tpo -c -o trust/trust-anchor.obj `if test -f 'trust/anchor.c'; then $(CYGPATH_W) 'trust/anchor.c'; else $(CYGPATH_W) '$(srcdir)/trust/anchor.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-anchor.Tpo trust/$(DEPDIR)/trust-anchor.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/anchor.c' object='trust/trust-anchor.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-anchor.obj `if test -f 'trust/anchor.c'; then $(CYGPATH_W) 'trust/anchor.c'; else $(CYGPATH_W) '$(srcdir)/trust/anchor.c'; fi` + +trust/trust-parser.o: trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-parser.o -MD -MP -MF trust/$(DEPDIR)/trust-parser.Tpo -c -o trust/trust-parser.o `test -f 'trust/parser.c' || echo '$(srcdir)/'`trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-parser.Tpo trust/$(DEPDIR)/trust-parser.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/parser.c' object='trust/trust-parser.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-parser.o `test -f 'trust/parser.c' || echo '$(srcdir)/'`trust/parser.c + +trust/trust-parser.obj: trust/parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-parser.obj -MD -MP -MF trust/$(DEPDIR)/trust-parser.Tpo -c -o trust/trust-parser.obj `if test -f 'trust/parser.c'; then $(CYGPATH_W) 'trust/parser.c'; else $(CYGPATH_W) '$(srcdir)/trust/parser.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-parser.Tpo trust/$(DEPDIR)/trust-parser.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/parser.c' object='trust/trust-parser.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-parser.obj `if test -f 'trust/parser.c'; then $(CYGPATH_W) 'trust/parser.c'; else $(CYGPATH_W) '$(srcdir)/trust/parser.c'; fi` + +trust/trust-persist.o: trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-persist.o -MD -MP -MF trust/$(DEPDIR)/trust-persist.Tpo -c -o trust/trust-persist.o `test -f 'trust/persist.c' || echo '$(srcdir)/'`trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-persist.Tpo trust/$(DEPDIR)/trust-persist.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/persist.c' object='trust/trust-persist.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-persist.o `test -f 'trust/persist.c' || echo '$(srcdir)/'`trust/persist.c + +trust/trust-persist.obj: trust/persist.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-persist.obj -MD -MP -MF trust/$(DEPDIR)/trust-persist.Tpo -c -o trust/trust-persist.obj `if test -f 'trust/persist.c'; then $(CYGPATH_W) 'trust/persist.c'; else $(CYGPATH_W) '$(srcdir)/trust/persist.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-persist.Tpo trust/$(DEPDIR)/trust-persist.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/persist.c' object='trust/trust-persist.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-persist.obj `if test -f 'trust/persist.c'; then $(CYGPATH_W) 'trust/persist.c'; else $(CYGPATH_W) '$(srcdir)/trust/persist.c'; fi` + +trust/trust-digest.o: trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-digest.o -MD -MP -MF trust/$(DEPDIR)/trust-digest.Tpo -c -o trust/trust-digest.o `test -f 'trust/digest.c' || echo '$(srcdir)/'`trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-digest.Tpo trust/$(DEPDIR)/trust-digest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/digest.c' object='trust/trust-digest.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-digest.o `test -f 'trust/digest.c' || echo '$(srcdir)/'`trust/digest.c + +trust/trust-digest.obj: trust/digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-digest.obj -MD -MP -MF trust/$(DEPDIR)/trust-digest.Tpo -c -o trust/trust-digest.obj `if test -f 'trust/digest.c'; then $(CYGPATH_W) 'trust/digest.c'; else $(CYGPATH_W) '$(srcdir)/trust/digest.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-digest.Tpo trust/$(DEPDIR)/trust-digest.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/digest.c' object='trust/trust-digest.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-digest.obj `if test -f 'trust/digest.c'; then $(CYGPATH_W) 'trust/digest.c'; else $(CYGPATH_W) '$(srcdir)/trust/digest.c'; fi` + +trust/trust-dump.o: trust/dump.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-dump.o -MD -MP -MF trust/$(DEPDIR)/trust-dump.Tpo -c -o trust/trust-dump.o `test -f 'trust/dump.c' || echo '$(srcdir)/'`trust/dump.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-dump.Tpo trust/$(DEPDIR)/trust-dump.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/dump.c' object='trust/trust-dump.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-dump.o `test -f 'trust/dump.c' || echo '$(srcdir)/'`trust/dump.c + +trust/trust-dump.obj: trust/dump.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-dump.obj -MD -MP -MF trust/$(DEPDIR)/trust-dump.Tpo -c -o trust/trust-dump.obj `if test -f 'trust/dump.c'; then $(CYGPATH_W) 'trust/dump.c'; else $(CYGPATH_W) '$(srcdir)/trust/dump.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-dump.Tpo trust/$(DEPDIR)/trust-dump.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/dump.c' object='trust/trust-dump.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-dump.obj `if test -f 'trust/dump.c'; then $(CYGPATH_W) 'trust/dump.c'; else $(CYGPATH_W) '$(srcdir)/trust/dump.c'; fi` + +trust/trust-enumerate.o: trust/enumerate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-enumerate.o -MD -MP -MF trust/$(DEPDIR)/trust-enumerate.Tpo -c -o trust/trust-enumerate.o `test -f 'trust/enumerate.c' || echo '$(srcdir)/'`trust/enumerate.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-enumerate.Tpo trust/$(DEPDIR)/trust-enumerate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/enumerate.c' object='trust/trust-enumerate.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-enumerate.o `test -f 'trust/enumerate.c' || echo '$(srcdir)/'`trust/enumerate.c + +trust/trust-enumerate.obj: trust/enumerate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-enumerate.obj -MD -MP -MF trust/$(DEPDIR)/trust-enumerate.Tpo -c -o trust/trust-enumerate.obj `if test -f 'trust/enumerate.c'; then $(CYGPATH_W) 'trust/enumerate.c'; else $(CYGPATH_W) '$(srcdir)/trust/enumerate.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-enumerate.Tpo trust/$(DEPDIR)/trust-enumerate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/enumerate.c' object='trust/trust-enumerate.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-enumerate.obj `if test -f 'trust/enumerate.c'; then $(CYGPATH_W) 'trust/enumerate.c'; else $(CYGPATH_W) '$(srcdir)/trust/enumerate.c'; fi` + +trust/trust-extract.o: trust/extract.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract.o -MD -MP -MF trust/$(DEPDIR)/trust-extract.Tpo -c -o trust/trust-extract.o `test -f 'trust/extract.c' || echo '$(srcdir)/'`trust/extract.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract.Tpo trust/$(DEPDIR)/trust-extract.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract.c' object='trust/trust-extract.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract.o `test -f 'trust/extract.c' || echo '$(srcdir)/'`trust/extract.c + +trust/trust-extract.obj: trust/extract.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract.obj -MD -MP -MF trust/$(DEPDIR)/trust-extract.Tpo -c -o trust/trust-extract.obj `if test -f 'trust/extract.c'; then $(CYGPATH_W) 'trust/extract.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract.Tpo trust/$(DEPDIR)/trust-extract.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract.c' object='trust/trust-extract.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract.obj `if test -f 'trust/extract.c'; then $(CYGPATH_W) 'trust/extract.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract.c'; fi` + +trust/trust-extract-jks.o: trust/extract-jks.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-jks.o -MD -MP -MF trust/$(DEPDIR)/trust-extract-jks.Tpo -c -o trust/trust-extract-jks.o `test -f 'trust/extract-jks.c' || echo '$(srcdir)/'`trust/extract-jks.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-jks.Tpo trust/$(DEPDIR)/trust-extract-jks.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-jks.c' object='trust/trust-extract-jks.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-jks.o `test -f 'trust/extract-jks.c' || echo '$(srcdir)/'`trust/extract-jks.c + +trust/trust-extract-jks.obj: trust/extract-jks.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-jks.obj -MD -MP -MF trust/$(DEPDIR)/trust-extract-jks.Tpo -c -o trust/trust-extract-jks.obj `if test -f 'trust/extract-jks.c'; then $(CYGPATH_W) 'trust/extract-jks.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-jks.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-jks.Tpo trust/$(DEPDIR)/trust-extract-jks.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-jks.c' object='trust/trust-extract-jks.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-jks.obj `if test -f 'trust/extract-jks.c'; then $(CYGPATH_W) 'trust/extract-jks.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-jks.c'; fi` + +trust/trust-extract-edk2.o: trust/extract-edk2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-edk2.o -MD -MP -MF trust/$(DEPDIR)/trust-extract-edk2.Tpo -c -o trust/trust-extract-edk2.o `test -f 'trust/extract-edk2.c' || echo '$(srcdir)/'`trust/extract-edk2.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-edk2.Tpo trust/$(DEPDIR)/trust-extract-edk2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-edk2.c' object='trust/trust-extract-edk2.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-edk2.o `test -f 'trust/extract-edk2.c' || echo '$(srcdir)/'`trust/extract-edk2.c + +trust/trust-extract-edk2.obj: trust/extract-edk2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-edk2.obj -MD -MP -MF trust/$(DEPDIR)/trust-extract-edk2.Tpo -c -o trust/trust-extract-edk2.obj `if test -f 'trust/extract-edk2.c'; then $(CYGPATH_W) 'trust/extract-edk2.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-edk2.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-edk2.Tpo trust/$(DEPDIR)/trust-extract-edk2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-edk2.c' object='trust/trust-extract-edk2.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-edk2.obj `if test -f 'trust/extract-edk2.c'; then $(CYGPATH_W) 'trust/extract-edk2.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-edk2.c'; fi` + +trust/trust-extract-openssl.o: trust/extract-openssl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-openssl.o -MD -MP -MF trust/$(DEPDIR)/trust-extract-openssl.Tpo -c -o trust/trust-extract-openssl.o `test -f 'trust/extract-openssl.c' || echo '$(srcdir)/'`trust/extract-openssl.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-openssl.Tpo trust/$(DEPDIR)/trust-extract-openssl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-openssl.c' object='trust/trust-extract-openssl.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-openssl.o `test -f 'trust/extract-openssl.c' || echo '$(srcdir)/'`trust/extract-openssl.c + +trust/trust-extract-openssl.obj: trust/extract-openssl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-openssl.obj -MD -MP -MF trust/$(DEPDIR)/trust-extract-openssl.Tpo -c -o trust/trust-extract-openssl.obj `if test -f 'trust/extract-openssl.c'; then $(CYGPATH_W) 'trust/extract-openssl.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-openssl.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-openssl.Tpo trust/$(DEPDIR)/trust-extract-openssl.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-openssl.c' object='trust/trust-extract-openssl.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-openssl.obj `if test -f 'trust/extract-openssl.c'; then $(CYGPATH_W) 'trust/extract-openssl.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-openssl.c'; fi` + +trust/trust-extract-pem.o: trust/extract-pem.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-pem.o -MD -MP -MF trust/$(DEPDIR)/trust-extract-pem.Tpo -c -o trust/trust-extract-pem.o `test -f 'trust/extract-pem.c' || echo '$(srcdir)/'`trust/extract-pem.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-pem.Tpo trust/$(DEPDIR)/trust-extract-pem.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-pem.c' object='trust/trust-extract-pem.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-pem.o `test -f 'trust/extract-pem.c' || echo '$(srcdir)/'`trust/extract-pem.c + +trust/trust-extract-pem.obj: trust/extract-pem.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-pem.obj -MD -MP -MF trust/$(DEPDIR)/trust-extract-pem.Tpo -c -o trust/trust-extract-pem.obj `if test -f 'trust/extract-pem.c'; then $(CYGPATH_W) 'trust/extract-pem.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-pem.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-pem.Tpo trust/$(DEPDIR)/trust-extract-pem.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-pem.c' object='trust/trust-extract-pem.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-pem.obj `if test -f 'trust/extract-pem.c'; then $(CYGPATH_W) 'trust/extract-pem.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-pem.c'; fi` + +trust/trust-extract-cer.o: trust/extract-cer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-cer.o -MD -MP -MF trust/$(DEPDIR)/trust-extract-cer.Tpo -c -o trust/trust-extract-cer.o `test -f 'trust/extract-cer.c' || echo '$(srcdir)/'`trust/extract-cer.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-cer.Tpo trust/$(DEPDIR)/trust-extract-cer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-cer.c' object='trust/trust-extract-cer.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-cer.o `test -f 'trust/extract-cer.c' || echo '$(srcdir)/'`trust/extract-cer.c + +trust/trust-extract-cer.obj: trust/extract-cer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-extract-cer.obj -MD -MP -MF trust/$(DEPDIR)/trust-extract-cer.Tpo -c -o trust/trust-extract-cer.obj `if test -f 'trust/extract-cer.c'; then $(CYGPATH_W) 'trust/extract-cer.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-cer.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-extract-cer.Tpo trust/$(DEPDIR)/trust-extract-cer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/extract-cer.c' object='trust/trust-extract-cer.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-extract-cer.obj `if test -f 'trust/extract-cer.c'; then $(CYGPATH_W) 'trust/extract-cer.c'; else $(CYGPATH_W) '$(srcdir)/trust/extract-cer.c'; fi` + +trust/trust-list.o: trust/list.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-list.o -MD -MP -MF trust/$(DEPDIR)/trust-list.Tpo -c -o trust/trust-list.o `test -f 'trust/list.c' || echo '$(srcdir)/'`trust/list.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-list.Tpo trust/$(DEPDIR)/trust-list.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/list.c' object='trust/trust-list.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-list.o `test -f 'trust/list.c' || echo '$(srcdir)/'`trust/list.c + +trust/trust-list.obj: trust/list.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-list.obj -MD -MP -MF trust/$(DEPDIR)/trust-list.Tpo -c -o trust/trust-list.obj `if test -f 'trust/list.c'; then $(CYGPATH_W) 'trust/list.c'; else $(CYGPATH_W) '$(srcdir)/trust/list.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-list.Tpo trust/$(DEPDIR)/trust-list.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/list.c' object='trust/trust-list.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-list.obj `if test -f 'trust/list.c'; then $(CYGPATH_W) 'trust/list.c'; else $(CYGPATH_W) '$(srcdir)/trust/list.c'; fi` + +trust/trust-save.o: trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-save.o -MD -MP -MF trust/$(DEPDIR)/trust-save.Tpo -c -o trust/trust-save.o `test -f 'trust/save.c' || echo '$(srcdir)/'`trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-save.Tpo trust/$(DEPDIR)/trust-save.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/save.c' object='trust/trust-save.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-save.o `test -f 'trust/save.c' || echo '$(srcdir)/'`trust/save.c + +trust/trust-save.obj: trust/save.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-save.obj -MD -MP -MF trust/$(DEPDIR)/trust-save.Tpo -c -o trust/trust-save.obj `if test -f 'trust/save.c'; then $(CYGPATH_W) 'trust/save.c'; else $(CYGPATH_W) '$(srcdir)/trust/save.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-save.Tpo trust/$(DEPDIR)/trust-save.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/save.c' object='trust/trust-save.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-save.obj `if test -f 'trust/save.c'; then $(CYGPATH_W) 'trust/save.c'; else $(CYGPATH_W) '$(srcdir)/trust/save.c'; fi` + +trust/trust-trust.o: trust/trust.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-trust.o -MD -MP -MF trust/$(DEPDIR)/trust-trust.Tpo -c -o trust/trust-trust.o `test -f 'trust/trust.c' || echo '$(srcdir)/'`trust/trust.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-trust.Tpo trust/$(DEPDIR)/trust-trust.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/trust.c' object='trust/trust-trust.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-trust.o `test -f 'trust/trust.c' || echo '$(srcdir)/'`trust/trust.c + +trust/trust-trust.obj: trust/trust.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -MT trust/trust-trust.obj -MD -MP -MF trust/$(DEPDIR)/trust-trust.Tpo -c -o trust/trust-trust.obj `if test -f 'trust/trust.c'; then $(CYGPATH_W) 'trust/trust.c'; else $(CYGPATH_W) '$(srcdir)/trust/trust.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) trust/$(DEPDIR)/trust-trust.Tpo trust/$(DEPDIR)/trust-trust.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='trust/trust.c' object='trust/trust-trust.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(trust_trust_CFLAGS) $(CFLAGS) -c -o trust/trust-trust.obj `if test -f 'trust/trust.c'; then $(CYGPATH_W) 'trust/trust.c'; else $(CYGPATH_W) '$(srcdir)/trust/trust.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + -rm -rf common/.libs common/_libs + -rm -rf p11-kit/.libs p11-kit/_libs + -rm -rf trust/.libs trust/_libs + +distclean-libtool: + -rm -f libtool config.lt +install-bashcompDATA: $(bashcomp_DATA) + @$(NORMAL_INSTALL) + @list='$(bashcomp_DATA)'; test -n "$(bashcompdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bashcompdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bashcompdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(bashcompdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(bashcompdir)" || exit $$?; \ + done + +uninstall-bashcompDATA: + @$(NORMAL_UNINSTALL) + @list='$(bashcomp_DATA)'; test -n "$(bashcompdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(bashcompdir)'; $(am__uninstall_files_from_dir) +install-configDATA: $(config_DATA) + @$(NORMAL_INSTALL) + @list='$(config_DATA)'; test -n "$(configdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(configdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(configdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(configdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(configdir)" || exit $$?; \ + done + +uninstall-configDATA: + @$(NORMAL_UNINSTALL) + @list='$(config_DATA)'; test -n "$(configdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(configdir)'; $(am__uninstall_files_from_dir) +install-exampleDATA: $(example_DATA) + @$(NORMAL_INSTALL) + @list='$(example_DATA)'; test -n "$(exampledir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(exampledir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(exampledir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(exampledir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(exampledir)" || exit $$?; \ + done + +uninstall-exampleDATA: + @$(NORMAL_UNINSTALL) + @list='$(example_DATA)'; test -n "$(exampledir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(exampledir)'; $(am__uninstall_files_from_dir) +install-pkgconfigDATA: $(pkgconfig_DATA) + @$(NORMAL_INSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ + done + +uninstall-pkgconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) +install-systemduserunitDATA: $(systemduserunit_DATA) + @$(NORMAL_INSTALL) + @list='$(systemduserunit_DATA)'; test -n "$(systemduserunitdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(systemduserunitdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(systemduserunitdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(systemduserunitdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(systemduserunitdir)" || exit $$?; \ + done + +uninstall-systemduserunitDATA: + @$(NORMAL_UNINSTALL) + @list='$(systemduserunit_DATA)'; test -n "$(systemduserunitdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(systemduserunitdir)'; $(am__uninstall_files_from_dir) +install-incHEADERS: $(inc_HEADERS) + @$(NORMAL_INSTALL) + @list='$(inc_HEADERS)'; test -n "$(incdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(incdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(incdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(incdir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(incdir)" || exit $$?; \ + done + +uninstall-incHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(inc_HEADERS)'; test -n "$(incdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(incdir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(check_PROGRAMS) $(check_LTLIBRARIES) $(check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(check_PROGRAMS) $(check_LTLIBRARIES) $(check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +test-tests.log: test-tests$(EXEEXT) + @p='test-tests$(EXEEXT)'; \ + b='test-tests'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-compat.log: test-compat$(EXEEXT) + @p='test-compat$(EXEEXT)'; \ + b='test-compat'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-hash.log: test-hash$(EXEEXT) + @p='test-hash$(EXEEXT)'; \ + b='test-hash'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-dict.log: test-dict$(EXEEXT) + @p='test-dict$(EXEEXT)'; \ + b='test-dict'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-array.log: test-array$(EXEEXT) + @p='test-array$(EXEEXT)'; \ + b='test-array'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-constants.log: test-constants$(EXEEXT) + @p='test-constants$(EXEEXT)'; \ + b='test-constants'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-attrs.log: test-attrs$(EXEEXT) + @p='test-attrs$(EXEEXT)'; \ + b='test-attrs'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-buffer.log: test-buffer$(EXEEXT) + @p='test-buffer$(EXEEXT)'; \ + b='test-buffer'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-url.log: test-url$(EXEEXT) + @p='test-url$(EXEEXT)'; \ + b='test-url'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-path.log: test-path$(EXEEXT) + @p='test-path$(EXEEXT)'; \ + b='test-path'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-lexer.log: test-lexer$(EXEEXT) + @p='test-lexer$(EXEEXT)'; \ + b='test-lexer'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-message.log: test-message$(EXEEXT) + @p='test-message$(EXEEXT)'; \ + b='test-message'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-argv.log: test-argv$(EXEEXT) + @p='test-argv$(EXEEXT)'; \ + b='test-argv'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-runtime.log: test-runtime$(EXEEXT) + @p='test-runtime$(EXEEXT)'; \ + b='test-runtime'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-progname.log: test-progname$(EXEEXT) + @p='test-progname$(EXEEXT)'; \ + b='test-progname'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-util.log: test-util$(EXEEXT) + @p='test-util$(EXEEXT)'; \ + b='test-util'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-conf.log: test-conf$(EXEEXT) + @p='test-conf$(EXEEXT)'; \ + b='test-conf'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-uri.log: test-uri$(EXEEXT) + @p='test-uri$(EXEEXT)'; \ + b='test-uri'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-pin.log: test-pin$(EXEEXT) + @p='test-pin$(EXEEXT)'; \ + b='test-pin'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-init.log: test-init$(EXEEXT) + @p='test-init$(EXEEXT)'; \ + b='test-init'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-modules.log: test-modules$(EXEEXT) + @p='test-modules$(EXEEXT)'; \ + b='test-modules'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-deprecated.log: test-deprecated$(EXEEXT) + @p='test-deprecated$(EXEEXT)'; \ + b='test-deprecated'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-proxy.log: test-proxy$(EXEEXT) + @p='test-proxy$(EXEEXT)'; \ + b='test-proxy'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-iter.log: test-iter$(EXEEXT) + @p='test-iter$(EXEEXT)'; \ + b='test-iter'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-rpc.log: test-rpc$(EXEEXT) + @p='test-rpc$(EXEEXT)'; \ + b='test-rpc'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-server.log: test-server$(EXEEXT) + @p='test-server$(EXEEXT)'; \ + b='test-server'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-virtual.log: test-virtual$(EXEEXT) + @p='test-virtual$(EXEEXT)'; \ + b='test-virtual'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-managed.log: test-managed$(EXEEXT) + @p='test-managed$(EXEEXT)'; \ + b='test-managed'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-log.log: test-log$(EXEEXT) + @p='test-log$(EXEEXT)'; \ + b='test-log'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-filter.log: test-filter$(EXEEXT) + @p='test-filter$(EXEEXT)'; \ + b='test-filter'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-transport.log: test-transport$(EXEEXT) + @p='test-transport$(EXEEXT)'; \ + b='test-transport'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-digest.log: test-digest$(EXEEXT) + @p='test-digest$(EXEEXT)'; \ + b='test-digest'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-asn1.log: test-asn1$(EXEEXT) + @p='test-asn1$(EXEEXT)'; \ + b='test-asn1'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-base64.log: test-base64$(EXEEXT) + @p='test-base64$(EXEEXT)'; \ + b='test-base64'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-pem.log: test-pem$(EXEEXT) + @p='test-pem$(EXEEXT)'; \ + b='test-pem'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-oid.log: test-oid$(EXEEXT) + @p='test-oid$(EXEEXT)'; \ + b='test-oid'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-utf8.log: test-utf8$(EXEEXT) + @p='test-utf8$(EXEEXT)'; \ + b='test-utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-x509.log: test-x509$(EXEEXT) + @p='test-x509$(EXEEXT)'; \ + b='test-x509'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-persist.log: test-persist$(EXEEXT) + @p='test-persist$(EXEEXT)'; \ + b='test-persist'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-index.log: test-index$(EXEEXT) + @p='test-index$(EXEEXT)'; \ + b='test-index'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-parser.log: test-parser$(EXEEXT) + @p='test-parser$(EXEEXT)'; \ + b='test-parser'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-builder.log: test-builder$(EXEEXT) + @p='test-builder$(EXEEXT)'; \ + b='test-builder'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-token.log: test-token$(EXEEXT) + @p='test-token$(EXEEXT)'; \ + b='test-token'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-module.log: test-module$(EXEEXT) + @p='test-module$(EXEEXT)'; \ + b='test-module'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-save.log: test-save$(EXEEXT) + @p='test-save$(EXEEXT)'; \ + b='test-save'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-enumerate.log: test-enumerate$(EXEEXT) + @p='test-enumerate$(EXEEXT)'; \ + b='test-enumerate'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-cer.log: test-cer$(EXEEXT) + @p='test-cer$(EXEEXT)'; \ + b='test-cer'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-bundle.log: test-bundle$(EXEEXT) + @p='test-bundle$(EXEEXT)'; \ + b='test-bundle'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-openssl.log: test-openssl$(EXEEXT) + @p='test-openssl$(EXEEXT)'; \ + b='test-openssl'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-edk2.log: test-edk2$(EXEEXT) + @p='test-edk2$(EXEEXT)'; \ + b='test-edk2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-jks.log: test-jks$(EXEEXT) + @p='test-jks$(EXEEXT)'; \ + b='test-jks'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +p11-kit/test-server.sh.log: p11-kit/test-server.sh + @p='p11-kit/test-server.sh'; \ + b='p11-kit/test-server.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +p11-kit/test-messages.sh.log: p11-kit/test-messages.sh + @p='p11-kit/test-messages.sh'; \ + b='p11-kit/test-messages.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.test.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.test$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz + $(am__post_remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + +dist-tarZ: distdir + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__post_remove_distdir) + +dist-shar: distdir + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz + $(am__post_remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__post_remove_distdir) + +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + --srcdir=../.. --prefix="$$dc_install_base" \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__post_remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_LTLIBRARIES) \ + $(check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \ + $(HEADERS) config.h +install-binPROGRAMS: install-libLTLIBRARIES + +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(privatedir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(moduledir)" "$(DESTDIR)$(externaldir)" "$(DESTDIR)$(bashcompdir)" "$(DESTDIR)$(configdir)" "$(DESTDIR)$(exampledir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(systemduserunitdir)" "$(DESTDIR)$(incdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f common/$(DEPDIR)/$(am__dirstamp) + -rm -f common/$(am__dirstamp) + -rm -f p11-kit/$(DEPDIR)/$(am__dirstamp) + -rm -f p11-kit/$(am__dirstamp) + -rm -f trust/$(DEPDIR)/$(am__dirstamp) + -rm -f trust/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +@OS_WIN32_TRUE@installcheck-local: +@WITH_TRUST_MODULE_FALSE@installcheck-local: +@OS_WIN32_TRUE@uninstall-local: +@OS_WIN32_TRUE@install-exec-hook: +clean: clean-recursive + +clean-am: clean-binPROGRAMS clean-checkLTLIBRARIES clean-checkPROGRAMS \ + clean-generic clean-libLTLIBRARIES clean-libtool \ + clean-moduleLTLIBRARIES clean-noinstLTLIBRARIES \ + clean-noinstPROGRAMS clean-privatePROGRAMS mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f common/$(DEPDIR)/argv.Plo + -rm -f common/$(DEPDIR)/array.Plo + -rm -f common/$(DEPDIR)/attrs.Plo + -rm -f common/$(DEPDIR)/buffer.Plo + -rm -f common/$(DEPDIR)/compat.Plo + -rm -f common/$(DEPDIR)/constants.Plo + -rm -f common/$(DEPDIR)/debug.Plo + -rm -f common/$(DEPDIR)/dict.Plo + -rm -f common/$(DEPDIR)/frob-getauxval.Po + -rm -f common/$(DEPDIR)/frob-getenv.Po + -rm -f common/$(DEPDIR)/frob-getprogname.Po + -rm -f common/$(DEPDIR)/hash.Plo + -rm -f common/$(DEPDIR)/lexer.Plo + -rm -f common/$(DEPDIR)/library.Plo + -rm -f common/$(DEPDIR)/message.Plo + -rm -f common/$(DEPDIR)/mock.Plo + -rm -f common/$(DEPDIR)/path.Plo + -rm -f common/$(DEPDIR)/runtime.Plo + -rm -f common/$(DEPDIR)/test-argv.Po + -rm -f common/$(DEPDIR)/test-array.Po + -rm -f common/$(DEPDIR)/test-attrs.Po + -rm -f common/$(DEPDIR)/test-buffer.Po + -rm -f common/$(DEPDIR)/test-compat.Po + -rm -f common/$(DEPDIR)/test-constants.Po + -rm -f common/$(DEPDIR)/test-dict.Po + -rm -f common/$(DEPDIR)/test-hash.Po + -rm -f common/$(DEPDIR)/test-lexer.Po + -rm -f common/$(DEPDIR)/test-message.Po + -rm -f common/$(DEPDIR)/test-path.Po + -rm -f common/$(DEPDIR)/test-runtime.Po + -rm -f common/$(DEPDIR)/test-tests.Po + -rm -f common/$(DEPDIR)/test-url.Po + -rm -f common/$(DEPDIR)/test.Plo + -rm -f common/$(DEPDIR)/tool.Plo + -rm -f common/$(DEPDIR)/unix-peer.Plo + -rm -f common/$(DEPDIR)/url.Plo + -rm -f common/$(DEPDIR)/vsock.Plo + -rm -f p11-kit/$(DEPDIR)/client_la-client-init.Plo + -rm -f p11-kit/$(DEPDIR)/client_la-client.Plo + -rm -f p11-kit/$(DEPDIR)/frob-setuid.Po + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Plo + -rm -f p11-kit/$(DEPDIR)/lists.Po + -rm -f p11-kit/$(DEPDIR)/mock-module-ep.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep2.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep3.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep4.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep5.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep6.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep7.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep8.Plo + -rm -f p11-kit/$(DEPDIR)/p11-kit.Po + -rm -f p11-kit/$(DEPDIR)/p11_kit_server-server.Po + -rm -f p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Po + -rm -f p11-kit/$(DEPDIR)/print-messages.Po + -rm -f p11-kit/$(DEPDIR)/remote.Po + -rm -f p11-kit/$(DEPDIR)/test-conf.Po + -rm -f p11-kit/$(DEPDIR)/test-filter.Po + -rm -f p11-kit/$(DEPDIR)/test-iter.Po + -rm -f p11-kit/$(DEPDIR)/test-log.Po + -rm -f p11-kit/$(DEPDIR)/test-managed.Po + -rm -f p11-kit/$(DEPDIR)/test-modules.Po + -rm -f p11-kit/$(DEPDIR)/test-pin.Po + -rm -f p11-kit/$(DEPDIR)/test-progname.Po + -rm -f p11-kit/$(DEPDIR)/test-proxy.Po + -rm -f p11-kit/$(DEPDIR)/test-rpc.Po + -rm -f p11-kit/$(DEPDIR)/test-uri.Po + -rm -f p11-kit/$(DEPDIR)/test-util.Po + -rm -f p11-kit/$(DEPDIR)/test-virtual.Po + -rm -f p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Po + -rm -f p11-kit/$(DEPDIR)/test_init-test-init.Po + -rm -f p11-kit/$(DEPDIR)/test_server-test-server.Po + -rm -f p11-kit/$(DEPDIR)/test_transport-test-transport.Po + -rm -f trust/$(DEPDIR)/digest.Plo + -rm -f trust/$(DEPDIR)/frob-nss-trust.Po + -rm -f trust/$(DEPDIR)/frob_bc-frob-bc.Po + -rm -f trust/$(DEPDIR)/frob_cert-frob-cert.Po + -rm -f trust/$(DEPDIR)/frob_eku-frob-eku.Po + -rm -f trust/$(DEPDIR)/frob_ext-frob-ext.Po + -rm -f trust/$(DEPDIR)/frob_ku-frob-ku.Po + -rm -f trust/$(DEPDIR)/frob_oid-frob-oid.Po + -rm -f trust/$(DEPDIR)/frob_pow-frob-pow.Po + -rm -f trust/$(DEPDIR)/frob_token-frob-token.Po + -rm -f trust/$(DEPDIR)/libtrust_data_la-asn1.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-base64.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-oid.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-pem.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-utf8.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-x509.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-builder.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-digest.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-index.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-module.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-parser.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-persist.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-save.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-session.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-token.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-builder.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-digest.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-index.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-module-init.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-module.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-parser.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-persist.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-save.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-session.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-token.Plo + -rm -f trust/$(DEPDIR)/test-pem.Po + -rm -f trust/$(DEPDIR)/test-persist.Po + -rm -f trust/$(DEPDIR)/test-save.Po + -rm -f trust/$(DEPDIR)/test-trust.Plo + -rm -f trust/$(DEPDIR)/test-utf8.Po + -rm -f trust/$(DEPDIR)/test_asn1-test-asn1.Po + -rm -f trust/$(DEPDIR)/test_base64-test-base64.Po + -rm -f trust/$(DEPDIR)/test_builder-test-builder.Po + -rm -f trust/$(DEPDIR)/test_bundle-test-bundle.Po + -rm -f trust/$(DEPDIR)/test_cer-test-cer.Po + -rm -f trust/$(DEPDIR)/test_digest-test-digest.Po + -rm -f trust/$(DEPDIR)/test_edk2-test-edk2.Po + -rm -f trust/$(DEPDIR)/test_enumerate-test-enumerate.Po + -rm -f trust/$(DEPDIR)/test_index-test-index.Po + -rm -f trust/$(DEPDIR)/test_jks-test-jks.Po + -rm -f trust/$(DEPDIR)/test_module-test-module.Po + -rm -f trust/$(DEPDIR)/test_oid-test-oid.Po + -rm -f trust/$(DEPDIR)/test_openssl-test-openssl.Po + -rm -f trust/$(DEPDIR)/test_parser-test-parser.Po + -rm -f trust/$(DEPDIR)/test_token-test-token.Po + -rm -f trust/$(DEPDIR)/test_x509-test-x509.Po + -rm -f trust/$(DEPDIR)/trust-anchor.Po + -rm -f trust/$(DEPDIR)/trust-digest.Po + -rm -f trust/$(DEPDIR)/trust-dump.Po + -rm -f trust/$(DEPDIR)/trust-enumerate.Po + -rm -f trust/$(DEPDIR)/trust-extract-cer.Po + -rm -f trust/$(DEPDIR)/trust-extract-edk2.Po + -rm -f trust/$(DEPDIR)/trust-extract-jks.Po + -rm -f trust/$(DEPDIR)/trust-extract-openssl.Po + -rm -f trust/$(DEPDIR)/trust-extract-pem.Po + -rm -f trust/$(DEPDIR)/trust-extract.Po + -rm -f trust/$(DEPDIR)/trust-list.Po + -rm -f trust/$(DEPDIR)/trust-parser.Po + -rm -f trust/$(DEPDIR)/trust-persist.Po + -rm -f trust/$(DEPDIR)/trust-save.Po + -rm -f trust/$(DEPDIR)/trust-trust.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-hdr distclean-libtool distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: install-bashcompDATA install-configDATA \ + install-exampleDATA install-externalSCRIPTS install-incHEADERS \ + install-moduleLTLIBRARIES install-pkgconfigDATA \ + install-privatePROGRAMS install-systemduserunitDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: install-binPROGRAMS install-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: installcheck-local + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f common/$(DEPDIR)/argv.Plo + -rm -f common/$(DEPDIR)/array.Plo + -rm -f common/$(DEPDIR)/attrs.Plo + -rm -f common/$(DEPDIR)/buffer.Plo + -rm -f common/$(DEPDIR)/compat.Plo + -rm -f common/$(DEPDIR)/constants.Plo + -rm -f common/$(DEPDIR)/debug.Plo + -rm -f common/$(DEPDIR)/dict.Plo + -rm -f common/$(DEPDIR)/frob-getauxval.Po + -rm -f common/$(DEPDIR)/frob-getenv.Po + -rm -f common/$(DEPDIR)/frob-getprogname.Po + -rm -f common/$(DEPDIR)/hash.Plo + -rm -f common/$(DEPDIR)/lexer.Plo + -rm -f common/$(DEPDIR)/library.Plo + -rm -f common/$(DEPDIR)/message.Plo + -rm -f common/$(DEPDIR)/mock.Plo + -rm -f common/$(DEPDIR)/path.Plo + -rm -f common/$(DEPDIR)/runtime.Plo + -rm -f common/$(DEPDIR)/test-argv.Po + -rm -f common/$(DEPDIR)/test-array.Po + -rm -f common/$(DEPDIR)/test-attrs.Po + -rm -f common/$(DEPDIR)/test-buffer.Po + -rm -f common/$(DEPDIR)/test-compat.Po + -rm -f common/$(DEPDIR)/test-constants.Po + -rm -f common/$(DEPDIR)/test-dict.Po + -rm -f common/$(DEPDIR)/test-hash.Po + -rm -f common/$(DEPDIR)/test-lexer.Po + -rm -f common/$(DEPDIR)/test-message.Po + -rm -f common/$(DEPDIR)/test-path.Po + -rm -f common/$(DEPDIR)/test-runtime.Po + -rm -f common/$(DEPDIR)/test-tests.Po + -rm -f common/$(DEPDIR)/test-url.Po + -rm -f common/$(DEPDIR)/test.Plo + -rm -f common/$(DEPDIR)/tool.Plo + -rm -f common/$(DEPDIR)/unix-peer.Plo + -rm -f common/$(DEPDIR)/url.Plo + -rm -f common/$(DEPDIR)/vsock.Plo + -rm -f p11-kit/$(DEPDIR)/client_la-client-init.Plo + -rm -f p11-kit/$(DEPDIR)/client_la-client.Plo + -rm -f p11-kit/$(DEPDIR)/frob-setuid.Po + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-conf.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-filter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-iter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-log.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-messages.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-modules.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-pin.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-client.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-message.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-rpc-transport.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-uri.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-util.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_internal_la-virtual.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_la-proxy-init.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_la-proxy.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_la-rpc-server.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-iter.gnu.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-pin.gnu.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_pkcs11_gnu_la-uri.gnu.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-conf.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-filter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-iter.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-log.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-messages.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-modules.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-pin.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy-init.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-proxy.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-client.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-message.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-server.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-rpc-transport.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-uri.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-util.Plo + -rm -f p11-kit/$(DEPDIR)/libp11_kit_testable_la-virtual.Plo + -rm -f p11-kit/$(DEPDIR)/lists.Po + -rm -f p11-kit/$(DEPDIR)/mock-module-ep.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep2.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep3.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep4.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep5.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep6.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep7.Plo + -rm -f p11-kit/$(DEPDIR)/mock-module-ep8.Plo + -rm -f p11-kit/$(DEPDIR)/p11-kit.Po + -rm -f p11-kit/$(DEPDIR)/p11_kit_server-server.Po + -rm -f p11-kit/$(DEPDIR)/p11_kit_server_testable-server.Po + -rm -f p11-kit/$(DEPDIR)/print-messages.Po + -rm -f p11-kit/$(DEPDIR)/remote.Po + -rm -f p11-kit/$(DEPDIR)/test-conf.Po + -rm -f p11-kit/$(DEPDIR)/test-filter.Po + -rm -f p11-kit/$(DEPDIR)/test-iter.Po + -rm -f p11-kit/$(DEPDIR)/test-log.Po + -rm -f p11-kit/$(DEPDIR)/test-managed.Po + -rm -f p11-kit/$(DEPDIR)/test-modules.Po + -rm -f p11-kit/$(DEPDIR)/test-pin.Po + -rm -f p11-kit/$(DEPDIR)/test-progname.Po + -rm -f p11-kit/$(DEPDIR)/test-proxy.Po + -rm -f p11-kit/$(DEPDIR)/test-rpc.Po + -rm -f p11-kit/$(DEPDIR)/test-uri.Po + -rm -f p11-kit/$(DEPDIR)/test-util.Po + -rm -f p11-kit/$(DEPDIR)/test-virtual.Po + -rm -f p11-kit/$(DEPDIR)/test_deprecated-test-deprecated.Po + -rm -f p11-kit/$(DEPDIR)/test_init-test-init.Po + -rm -f p11-kit/$(DEPDIR)/test_server-test-server.Po + -rm -f p11-kit/$(DEPDIR)/test_transport-test-transport.Po + -rm -f trust/$(DEPDIR)/digest.Plo + -rm -f trust/$(DEPDIR)/frob-nss-trust.Po + -rm -f trust/$(DEPDIR)/frob_bc-frob-bc.Po + -rm -f trust/$(DEPDIR)/frob_cert-frob-cert.Po + -rm -f trust/$(DEPDIR)/frob_eku-frob-eku.Po + -rm -f trust/$(DEPDIR)/frob_ext-frob-ext.Po + -rm -f trust/$(DEPDIR)/frob_ku-frob-ku.Po + -rm -f trust/$(DEPDIR)/frob_oid-frob-oid.Po + -rm -f trust/$(DEPDIR)/frob_pow-frob-pow.Po + -rm -f trust/$(DEPDIR)/frob_token-frob-token.Po + -rm -f trust/$(DEPDIR)/libtrust_data_la-asn1.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-base64.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-oid.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-pem.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-utf8.Plo + -rm -f trust/$(DEPDIR)/libtrust_data_la-x509.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-builder.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-digest.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-index.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-module.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-parser.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-persist.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-save.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-session.Plo + -rm -f trust/$(DEPDIR)/libtrust_testable_la-token.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-builder.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-digest.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-index.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-module-init.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-module.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-parser.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-persist.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-save.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-session.Plo + -rm -f trust/$(DEPDIR)/p11_kit_trust_la-token.Plo + -rm -f trust/$(DEPDIR)/test-pem.Po + -rm -f trust/$(DEPDIR)/test-persist.Po + -rm -f trust/$(DEPDIR)/test-save.Po + -rm -f trust/$(DEPDIR)/test-trust.Plo + -rm -f trust/$(DEPDIR)/test-utf8.Po + -rm -f trust/$(DEPDIR)/test_asn1-test-asn1.Po + -rm -f trust/$(DEPDIR)/test_base64-test-base64.Po + -rm -f trust/$(DEPDIR)/test_builder-test-builder.Po + -rm -f trust/$(DEPDIR)/test_bundle-test-bundle.Po + -rm -f trust/$(DEPDIR)/test_cer-test-cer.Po + -rm -f trust/$(DEPDIR)/test_digest-test-digest.Po + -rm -f trust/$(DEPDIR)/test_edk2-test-edk2.Po + -rm -f trust/$(DEPDIR)/test_enumerate-test-enumerate.Po + -rm -f trust/$(DEPDIR)/test_index-test-index.Po + -rm -f trust/$(DEPDIR)/test_jks-test-jks.Po + -rm -f trust/$(DEPDIR)/test_module-test-module.Po + -rm -f trust/$(DEPDIR)/test_oid-test-oid.Po + -rm -f trust/$(DEPDIR)/test_openssl-test-openssl.Po + -rm -f trust/$(DEPDIR)/test_parser-test-parser.Po + -rm -f trust/$(DEPDIR)/test_token-test-token.Po + -rm -f trust/$(DEPDIR)/test_x509-test-x509.Po + -rm -f trust/$(DEPDIR)/trust-anchor.Po + -rm -f trust/$(DEPDIR)/trust-digest.Po + -rm -f trust/$(DEPDIR)/trust-dump.Po + -rm -f trust/$(DEPDIR)/trust-enumerate.Po + -rm -f trust/$(DEPDIR)/trust-extract-cer.Po + -rm -f trust/$(DEPDIR)/trust-extract-edk2.Po + -rm -f trust/$(DEPDIR)/trust-extract-jks.Po + -rm -f trust/$(DEPDIR)/trust-extract-openssl.Po + -rm -f trust/$(DEPDIR)/trust-extract-pem.Po + -rm -f trust/$(DEPDIR)/trust-extract.Po + -rm -f trust/$(DEPDIR)/trust-list.Po + -rm -f trust/$(DEPDIR)/trust-parser.Po + -rm -f trust/$(DEPDIR)/trust-persist.Po + -rm -f trust/$(DEPDIR)/trust-save.Po + -rm -f trust/$(DEPDIR)/trust-trust.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-bashcompDATA uninstall-binPROGRAMS \ + uninstall-configDATA uninstall-exampleDATA \ + uninstall-externalSCRIPTS uninstall-incHEADERS \ + uninstall-libLTLIBRARIES uninstall-local \ + uninstall-moduleLTLIBRARIES uninstall-pkgconfigDATA \ + uninstall-privatePROGRAMS uninstall-systemduserunitDATA + +.MAKE: $(am__recursive_targets) all check check-am install install-am \ + install-exec-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--depfiles am--refresh check check-TESTS check-am clean \ + clean-binPROGRAMS clean-checkLTLIBRARIES clean-checkPROGRAMS \ + clean-cscope clean-generic clean-libLTLIBRARIES clean-libtool \ + clean-moduleLTLIBRARIES clean-noinstLTLIBRARIES \ + clean-noinstPROGRAMS clean-privatePROGRAMS cscope \ + cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ + dist-gzip dist-hook dist-lzip dist-shar dist-tarZ dist-xz \ + dist-zip distcheck distclean distclean-compile \ + distclean-generic distclean-hdr distclean-libtool \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-bashcompDATA install-binPROGRAMS install-configDATA \ + install-data install-data-am install-dvi install-dvi-am \ + install-exampleDATA install-exec install-exec-am \ + install-exec-hook install-externalSCRIPTS install-html \ + install-html-am install-incHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man \ + install-moduleLTLIBRARIES install-pdf install-pdf-am \ + install-pkgconfigDATA install-privatePROGRAMS install-ps \ + install-ps-am install-strip install-systemduserunitDATA \ + installcheck installcheck-am installcheck-local installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am recheck tags tags-am \ + uninstall uninstall-am uninstall-bashcompDATA \ + uninstall-binPROGRAMS uninstall-configDATA \ + uninstall-exampleDATA uninstall-externalSCRIPTS \ + uninstall-incHEADERS uninstall-libLTLIBRARIES uninstall-local \ + uninstall-moduleLTLIBRARIES uninstall-pkgconfigDATA \ + uninstall-privatePROGRAMS uninstall-systemduserunitDATA + +.PRECIOUS: Makefile + + +p11-kit/virtual-fixed-generated.h: Makefile + $(AM_V_GEN)rm -f $@-t $@ && \ + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + echo; \ + counter=0; \ + while test $$counter -lt $(closures); do \ + echo "P11_VIRTUAL_FIXED_FUNCTIONS($$counter)"; \ + counter=`expr $$counter + 1`; \ + done; \ + echo; \ + echo "CK_FUNCTION_LIST p11_virtual_fixed[P11_VIRTUAL_MAX_FIXED] = {"; \ + counter=0; \ + while test $$counter -lt $(closures); do \ + echo " P11_VIRTUAL_FIXED_INITIALIZER($$counter),"; \ + counter=`expr $$counter + 1`; \ + done; \ + echo '};'; \ + echo; \ + counter=0; \ + while test $$counter -lt $(closures); do \ + echo "P11_VIRTUAL_FIXED_GET_FUNCTION_LIST($$counter)"; \ + counter=`expr $$counter + 1`; \ + done; \ + } > $@-t && \ + mv -f $@-t $@ + +p11-kit/uri.gnu.c: p11-kit/uri.h +p11-kit/iter.gnu.c: p11-kit/iter.h +p11-kit/pin.gnu.c: p11-kit/pin.h +.h.gnu.c: + $(AM_V_GEN) src=$<; dst=$@; rm -f $@-t $@ && \ + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + echo; \ + echo '#include '; \ + echo '#include "p11-kit/p11-kit.h"'; \ + cat $$src; \ + echo "void *$${dst}_funcs[] = {" | sed 's/[^][ *a-z0-9_={]/_/g'; \ + sed -n -e '/^typedef/d' -e 's/.* \(p11_kit_[^ ]*\) *(.*/ \1,/p' $<; \ + echo '};'; \ + } > $@-t && \ + mv -f $@-t $@ + +# Proxy module is actually same as library, so install a link +@OS_WIN32_FALSE@install-exec-hook: +@OS_WIN32_FALSE@ for i in so dylib; do \ +@OS_WIN32_FALSE@ test -f $(DESTDIR)$(libdir)/libp11-kit.$$i && \ +@OS_WIN32_FALSE@ $(LN_S) -f `readlink $(DESTDIR)$(libdir)/libp11-kit.$$i` $(DESTDIR)$(libdir)/p11-kit-proxy.$$i || true; \ +@OS_WIN32_FALSE@ done +@OS_WIN32_FALSE@ $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) + +@OS_WIN32_FALSE@uninstall-local: +@OS_WIN32_FALSE@ for i in so dylib; do \ +@OS_WIN32_FALSE@ rm -f $(DESTDIR)$(libdir)/p11-kit-proxy.$$i; \ +@OS_WIN32_FALSE@ done + +@WITH_SYSTEMD_TRUE@p11-kit/p11-kit-server.service: p11-kit/p11-kit-server.service.in +@WITH_SYSTEMD_TRUE@ $(AM_V_GEN)rm -f $@-t $@ && \ +@WITH_SYSTEMD_TRUE@ sed 's|@bindir[@]|$(bindir)|g' $< > $@-t && \ +@WITH_SYSTEMD_TRUE@ mv -f $@-t $@ +@WITH_TRUST_MODULE_TRUE@.asn.asn.h: +@WITH_TRUST_MODULE_TRUE@ $(AM_V_GEN)$(ASN1PARSER) -o $@ $< + +@OS_WIN32_FALSE@@WITH_TRUST_MODULE_TRUE@installcheck-local: +@OS_WIN32_FALSE@@WITH_TRUST_MODULE_TRUE@ builddir="$(abs_top_builddir)/trust" $(SHELL) $(srcdir)/trust/test-extract.sh +@OS_WIN32_FALSE@@WITH_TRUST_MODULE_TRUE@ builddir="$(abs_top_builddir)/trust" $(SHELL) $(srcdir)/trust/test-trust.sh + +memcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS + +leakcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS + +hellcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS + +dist-hook: + @if test -d "$(srcdir)/.git"; \ + then \ + echo Creating ChangeLog && \ + ( cd "$(top_srcdir)" && \ + echo '# Generate automatically. Do not edit.'; echo; \ + $(top_srcdir)/build/litter/missing --run git log --stat --date=short ) > ChangeLog.tmp \ + && mv -f ChangeLog.tmp $(top_distdir)/ChangeLog \ + || ( rm -f ChangeLog.tmp ; \ + echo Failed to generate ChangeLog >&2 ); \ + else \ + echo A git clone is required to generate a ChangeLog >&2; \ + fi + +@WITH_COVERAGE_TRUE@coverage: +@WITH_COVERAGE_TRUE@ mkdir -p build/coverage +@WITH_COVERAGE_TRUE@ $(LCOV) --directory . --zerocounters +@WITH_COVERAGE_TRUE@ $(MAKE) check +@WITH_COVERAGE_TRUE@ $(LCOV) --directory . --capture --output-file build/coverage.info +@WITH_COVERAGE_TRUE@ $(GENHTML) --output-directory build/coverage \ +@WITH_COVERAGE_TRUE@ --title "p11-kit $(PACKAGE_VERSION)" \ +@WITH_COVERAGE_TRUE@ build/coverage.info +@WITH_COVERAGE_TRUE@ @echo "file://$(abs_top_builddir)/build/coverage/index.html" + +transifex: + cd $(srcdir) && sh build/tx-update + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..d4f87cd --- /dev/null +++ b/NEWS @@ -0,0 +1,443 @@ +0.23.21 (stable) + * proxy: Do not assign duplicate slot IDs [PR#282] + * common: Get program name based on executable path if possible [PR#307] + * anchor: Exit with non-zero code, if any error occurs [PR#304] + * Build and test fixes [PR#283, PR#290, PR#291, PR#292, PR#296, PR#299, PR#305, PR#306, PR#309, PR#311] + +0.23.20 (stable) + * Revert "Fix RPC when length-s are 0" changes [PR#276] + +0.23.19 (stable) + * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255] + * Add simple bash completion for provided commands [PR#258] + * Unbreak list matching in enable-in and disable-in [PR#262] + * Fix RPC when length-s are 0 [PR#259] + * rpc: Add vsock transport support [PR#270] + * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265] + * Build fixes [PR#271, PR#272, PR#273, ...] + +0.23.18 (stable) + * rpc: Allow empty CK_DATE value [PR#253] + * build: Meson fixes [PR#245] + * build: Adjust feature parity between meson and autotools [PR#247] + +0.23.17 (stable) + * common: Fix uClibc-ng compilation [PR#237] + * trust: do not allow daylight to invalidate date validation [PR#236] + * build: Port to meson build system [PR#231, PR#234] + * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232] + * doc: Add 'server' command in help [PR#229] + * Build and test fixes [PR#230] + +0.23.16 (stable) + * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225] + * conf: Ignore user configuration if the program is running as root [PR#226] + * proxy: Refresh slot list on every C_GetSlotList call [PR#224] + * modules: Fix index used in call to p11_dict_remove() [PR#219] + * Fix Win32 p11_dl_error crash [PR#218] + * modules: check gl.modules before iterates on it when freeing [PR#217] + * trust: Ignore unreadable content in anchors [PR#215] + * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213] + +0.23.15 (stable) + * trust: Improve error handling if backed trust file is corrupted [PR#206] + * url: Prefer upper-case letters in hex characters when encoding [PR#193] + * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202] + * virtual: Prefer fixed closures to libffi closures [PR#196] + * Fix issues spotted by coverity and cppcheck [PR#194, PR#204] + * Build and test fixes [PR#164, PR#191, PR#199, PR#201] + +0.23.14 (stable) + * proxy: Avoid invalid memory access when unloading proxy module [PR#180] + * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181] + * build: Restore libpthread dependency [PR#183] + * Build fixes [PR#188] + +0.23.13 (stable) + * server: Enable socket activation through systemd [PR#173] + * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174] + * proxy: Fail early if there is no slot mapping [PR#175] + * Remove hard dependency on libpthread [PR#177] + * Build fixes [PR#170, PR#176] + +0.23.12 (stable) + * Fix compile error when PKCS#11 GNU calling convention is enabled [PR#160] + * Fix getauxval() and secure_getenv() emulation on macOS and FreeBSD [PR#167] + * Build and test fixes on macOS [PR#162, PR#168] + +0.23.11 (stable) + * trust: Add extractor for edk2/cacerts.bin [PR#139] + * modules: Add option to control module visibility from proxy [PR#140] + * trust: Prevent trust module being loaded by proxy module [PR#142] + * library: Use dedicated locale object for printing error [PR#148] + * Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly [PR#134] + * Improve const correctness for P11KitUri [PR#152] + * PKCS#11 URI scheme comparison is now case insensitive [PR#156] + * Build and test fixes [PR#151, PR#149, PR#141, PR#138, PR#135] + +0.23.10 (devel) + * filter: Respect "write-protected" vendor-specific attribute in + PKCS#11 URI [PR#129] + * server: Improve shell integration and documentation [PR#107, PR#108] + * proxy: Reuse existing slot ID mapping in after fork() [PR#120] + * trust: Forcibly mark "Default Trust" read-only [PR#123] + * New function p11_kit_override_system_files() which can be used for + testing [PR#110] + * trust: Filter out duplicate extensions [PR#69] + * Update translations [PR#128] + * Bug fixes [PR#125, PR#126] + +0.23.9 (devel) + * Fix p11-kit server regressions [PR#103, PR#104] + * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99] + * Build fixes related to reallocarray [PR#96, PR#98, PR#100] + +0.23.8 (devel) + * Improve vendor query attributes handling in PKCS#11 URI [PR#92] + * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91] + * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user + configurations [PR#87] + * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86] + +0.23.7 (devel) + * Fix memory issues with "p11-kit server" [PR#78] + * Build fixes [PR#77 ...] + +0.23.6 (devel) + * Port "p11-kit server" to Windows and portability fixes of the RPC + protocol [PR#67, PR#72, PR#74] + * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71] + * Build fixes [PR#63 ...] + +0.23.5 (devel) + * Fix license notice of common/unix-peer.c [PR#58] + * Remove systemd unit files for now [PR#60] + * Build fixes for FreeBSD [PR#56] + +0.23.4 (devel) + * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31, + PR#37, PR#52] + * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY + attribute, used by Firefox [#99453, PR#46] + * Add 'trust dump' command to dump all PKCS#11 objects in the + persistence format [PR#44] + * New experimental 'p11-kit server' command that allows PKCS#11 + forwarding through a Unix domain socket. A client-side module + p11-kit-client.so is also provided [PR#15] + * Add systemd unit files for exporting the proxy module through a + Unix domain socket [PR#35] + * New P11KitIter API to iterate over slots, tokens, and modules in + addition to objects [PR#28] + * libffi dependency is now optional [PR#9] + * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45] + +0.23.3 (devel) + * Install private executables in libexecdir [#98817] + * Fix link error of proxy module on macOS [#98022] + * Use new PKCS#11 URI specification for URIs [#97245] + * Support x-init-reserved argument of C_Initialize() in remote modules [#80519] + * Incorporate changes from PKCS#11 2.40 specification + * Bump libtool library version + * Documentation fixes + * Build fixes [#87192 ...] + +0.23.2 (devel) + * Fix forking issues with libffi [#90289 ...] + * Updated translations + * Build fixes [#90827 #89081 #92434 #92520 #92445 #92551 #92843 #92842 #92807 #93211 ...] + +0.23.1 (devel) + * Use new PKCS#11 URI draft fields for URIs [#86474 #87582] + * Add pem-directory-hash extract format + * Build fixes + +0.22.1 (stable) + * Use SubjectKeyIdentifier for CKA_ID when available [#84761] + * Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files + * Bump libtool library version + * Build fixes [#84665 ...] + +0.22.0 (stable) + * Remove the 'isolated = yes' option due to unclear semantics + replacement forth coming in later versions. + * Use secure_getenv() where necessary + * Run separate binary for 'p11-kit remote' command + +0.21.3 (unstable) + * New public pkcs11x.h header containing extensions [#83495] + * Export necessary defines to lookup attached extensions [#83495] + * Use term 'attached extensions' rather than 'stabled extensions' + * Make proxy module respect 'critical = no' [#83651] + * Show public-key-info in 'trust list --details' + * Build fixes [#75674 ...] + +0.21.2 (unstable) + * Don't use invalid keys for looking up stapled extensions [#82328] + * Better error messages when invalid certificate extensions + * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files + * Fix some leaks, and memory issues + * Silence some clang scanner warnings + * Fix build against older pthread implementations [#82617] + * Move to a non-recursive Makefile + * Can now specify which tests to run on command line + +0.21.1 (unstable) + * Add new 'isolate' pkcs11 config option [#80472] + * Add 'p11-kit remote' command for isolating modules [#54105] + * Don't complain about C_Finalize after a fork + * Other minor fixes + +0.20.3 (stable) + * Fix problems reinitializing managed modules after fork + * Fix bad bookkeeping when fail initializing one of the modules + * Fix case where module would be unloaded while in use [#74919] + * Remove assertions when module used before initialized [#74919] + * Fix handling of mmap failure and mapping empty files [#74773] + * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions + * Require automake 1.12 or later + * Build fixes for Windows [#76594 #74149] + +0.20.2 (stable) + * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor + and blacklist were not in the same trust path (regression) [#73558] + * Check for race in BasicConstraints stapled extension [#69314] + * autogen.sh now runs configure as srcdir != builddir by default + * Build fixes and cleanup + +0.20.1 (stable) + * Extract compat trust data after we've changes + * Skip compat extraction if running as non-root + * Better failure messages when removing anchors + * Build cleanup + +0.20.0 (stable) + * Doc fixes + +0.19.4 (unstable) + * 'trust anchor' now adds/removes certificate anchors + * 'trust list' lists trust policy stuff + * 'p11-kit extract' is now 'trust extract' + * 'p11-kit extract-trust' is now 'trust extract-compat' + * Workarounds for working on broken zfsonlinux.org [#68525] + * Add --with-module-config parameter to the configure script [#68122] + * Add support for removing stored PKCS#11 objects in trust module + * Various debugging tweaks + +0.19.3 (unstable) + * Fix up problems with automake testing + * Fix a bunch of memory leaks in newly refactored code + * Don't use _GNU_SOURCE and the unportability it brings + * Testing fixes + +0.19.2 (unstable) + * Add basic 'trust anchor' command to store a new anchor + * Support for writing out trust token objects + * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec + * Add option to use freebl for hashing + * Implement reloading of token data + * Fix warnings and possible minor bugs highlighted by code scanners + * Don't load configs in home directories when running setuid or setgid + * Support treating ~/.config as $XDG_CONFIG_HOME + * Use $XDG_DATA_HOME/pkcs11 as default user config directory + * Use $TMPDIR instead of $TEMP while testing + * Open files and fds with O_CLOEXEC + * Abort initialization if a critical module fails to load + * Don't use thread-unsafe functions: strerror, getpwuid + * Fix p11_kit_space_strlen() result when empty string + * Refactoring of where various components live + * Build fixes + +0.19.1 (unstable) + * Refactor API to be able to handle managed modules + * Deprecate much of old p11-kit API + * Implement concept of managed modules + * Make C_CloseAllSessions function work for multiple callers + * New dependency on libffi + * Fix possible threading problems reported by hellgrind + * Add log-calls option + * Mark p11_kit_message() as a stable function + * Use our own unit testing framework + +0.18.3 (stable) + * Fix reinitialization of trust module [#65401] + * Fix crash in trust module C_Initialize + * Mac OS fixes [#57714] + +0.18.2 (stable) + * Build fixes [#64378 ...] + +0.18.1 (stable) + * Put the external tools in $libdir/p11-kit + * Documentation build fixes + +0.18.0 (stable) + * Fix use of trust module with gcr and empathy [#62896] + * Further tweaks to trust module date parsing + * Fix unaligned memory reads [#62819] + * Win32 fixes [#63062, #63046] + * Debug and logging tweaks [#62874] + * Other build fixes + +0.17.5 (unstable) + * Don't try to guess at overflowing time values on 32-bit systems [#62825] + * Test fixes [#927394] + +0.17.4 (unstable) + * Check for duplicate certificates in a token, warn and discard [#62548] + * Implement a proper index so we have decent load performance + +0.17.3 (unstable) + * Use descriptive labels for the trust module tokens [#62534] + * Remove the temporary built in distrust objects + * Make extracted output directories and files read-only [#61898] + * Don't export unnecessary ABI + * Build fixes [#62479] + +0.17.2 (unstable) + * Fix build on 32-bit linux + * Fix several crashers + +0.17.1 (unstable) + * Support a p11-kit specific PKCS#11 attribute persistence format [#62156] + * Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329] + * Refactor a trust builder which builds objects out of parsed data [#62329] + * Combine trust policy when extracting certificates [#61497] + * The extract --comment option adds comments to PEM bundles [#62029] + * A new 'priority' config option for ordering modules [#61978] + * Make each configured path its own trust module token [#61499] + * Use --with-trust-paths to configure trust module [#62327] + * Fix bug decoding some PEM files + * Better debug output for trust module lookups + * Work around bug in NSS when doing serial number lookups + * Work around broken strndup() function in firefox + * Fix the nickname for the distrusted attribute + * Build fixes + +0.16.4 (stable) + * Display per command help again [#62153] + * Don't always print tools debug output [#62152] + +0.16.3 (stable) + * When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag + * Hardcode some distrust records for NSS temporarily + * Parse global options better in the p11-kit command + * Better debugging + +0.16.2 (stable) + * Fix regression in 'p11-kit extract --purpose' option [#62009] + * Documentation updates + * Build fixes [#62001, ...] + +0.16.1 (stable) + * Don't break when cA field of BasicConstraints is missing [#61975] + * Documentation fixes and updates + * p11-kit extract-trust is a placeholder script now + +0.16.0 (stable) + * Update the pkcs11.h header for new mechanisms + * Fix build and tests on mingw64 (ie: win32) + * Relicense LGPL code to BSD license + * Documentation tweaks + * Pull translations from Transifex [#60792] + * Build fixes [#61739, #60894, #61740] + +0.15.2 (unstable) + * Add German and Finish translations + * Better define the libtasn1 dependency + * Crasher and bug fixes + * Build fixes + +0.15.1 (unstable) + * Fix some memory leaks + * Add a location for packages to drop module configs + * Documentation updates and fixes + * Add command line tool manual page + * Remove unused err() function and friends + * Move more code into common/ directory and refactor + * Add a system trust policy module + * Refactor how the p11-kit command line tool works + * Add p11-kit extract and extract-trust commands + * Don't complain if we cannot access ~/.pkcs11/pkcs11.conf + * Refuse to load the p11-kit-proxy.so as a registered module + * Don't fail initialization if last initialized module fails + +0.14 + * Change default for user-config to merge + * Always URI-encode the 'id' attribute in PKCS#11 URIs + * Expect a .module extension on module configs + * Windows compatibility fixes + * Testing fixes + * Build fixes + +0.13 + * Don't allow reading of PIN files larger than 4096 bytes + * If a module is not marked as critical then ignore init failure + * Use preconditions to check for input problems and out of memory + * Add enable-in and disable-in options to module config + * Fix the flags in pin.h + * Use gcc extensions to check varargs during compile + * Fix crasher when a duplicate module is present + * Fix broken hashmap behavior + * Testing fixes + * Win32 build fixes + * 'p11-kit -h' now works + * Documentation fixes + +0.12 + * Build fix + +0.11 + * Remove automatic reinitialization of PKCS#11 after fork + +0.10 + * Build fixes, for windows, gcc 4.6.1 + +0.9 + * p11-kit can't be used as a static library + * Fix problems crashing when freeing TLS on windows + * Add debug output to windows init and uninit of library + * Build fixes, especially for windows + +0.8 + * Rename non-static functions to have a _p11_xxx prefix + * No concurrent calling of C_Initialize and C_Finalize + * Print more information in 'p11-kit -l' + * Initial port to win32 + * Build, testing fixes + +0.7 + * Expand p11-kit config variables correctly invarious build scenarios + * Add test tool to print out error messages + * Build fix on FreeBSD + +0.6 + * Add concept of a default module directory from which modules with + relative paths are loaded. + * Renamed pkg-config variables to make it clearer what's what. + +0.5 + * Fix crasher in p11_kit_registered_modules() + * Add 'critical' setting for modules, which defaults to 'no' + * Fix initialization issues in the proxy module + +0.4 + * Fix endless loop if module forks during initialization + * Update PKCS#11 URI code for new draft of spec + * Don't fail when duplicate modules are configured + * Better debug output + * Add example configuration documentation + * Support whitespace in PKCS#11 URIs + +0.3 + * Rewrite hash table, and simplify licensing. + * Correct paths for p11-kit config files. + * Many build fixes and tweaks. + +0.2 + * List token labels in 'p11-kit -l' + * Add API's for handing the pinfile part of URIs + * Use /etc/pkcs11 by default instead of ${prefix}/etc/pkcs11 + * Bug fixes + +0.1 + * Initial release diff --git a/README b/README new file mode 100644 index 0000000..50949a8 --- /dev/null +++ b/README @@ -0,0 +1,34 @@ +# p11-kit + +[![Build Status](https://travis-ci.org/p11-glue/p11-kit.svg?branch=master)](https://travis-ci.org/p11-glue/p11-kit) [![Coverage Status](https://img.shields.io/coveralls/p11-glue/p11-kit.svg)](https://coveralls.io/r/p11-glue/p11-kit) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1627/badge)](https://bestpractices.coreinfrastructure.org/en/projects/1627) [![Total alerts](https://img.shields.io/lgtm/alerts/g/p11-glue/p11-kit.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/p11-glue/p11-kit/alerts/) [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/p11-glue/p11-kit.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/p11-glue/p11-kit/context:cpp) + +p11-kit aims to solve problems with coordinating the use of [PKCS #11] +by different components or libraries living in the same process, by +providing a way to load and enumerate PKCS #11 modules, as well as a +standard configuration setup for installing PKCS #11 modules in such a +way that they're discoverable. + +# Documentation + + * [Main site](https://p11-glue.github.io/p11-glue/p11-kit.html) + * [Manual](https://p11-glue.github.io/p11-glue/p11-kit/manual/) + +# Building + +To build and install p11-kit, you can use the following commands: + +```console +$ meson _build +$ ninja -C _build +$ ninja -C _build test +# ninja -C _build install +``` + +If you install it locally for testing purposes, you may want to +specify `-Dsystemd=disabled -Dbash_completion=disabled`. + +# Releases + +Releases are made available via the [primary github site](https://github.com/p11-glue/p11-kit/releases). They are signed with the current maintainer's [OpenPGP key](https://keys.openpgp.org/search?q=462225C3B46F34879FC8496CD605848ED7E69871). + +[PKCS #11]: https://en.wikipedia.org/wiki/PKCS_11 diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 0000000..5106f5b --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,1531 @@ +# generated automatically by aclocal 1.16.1 -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. + +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, +[m4_warning([this file was generated for autoconf 2.69. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically 'autoreconf'.])]) + +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 11 (pkg-config-0.29.1) + +dnl Copyright © 2004 Scott James Remnant . +dnl Copyright © 2012-2015 Dan Nicholson +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29.1]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is +dnl used since that's the first version where most current features of +dnl pkg-config existed. +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) +m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi +fi[]dnl +])dnl PKG_PROG_PKG_CONFIG + +dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular set of modules exists. Similar to +dnl PKG_CHECK_MODULES(), but does not set variables or print errors. +dnl +dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +dnl only at the first occurence in configure.ac, so if the first place +dnl it's called might be skipped (such as if it is within an "if", you +dnl have to call PKG_CHECK_EXISTS manually +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_default([$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + +dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. +m4_define([_PKG_CONFIG], +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes ], + [pkg_failed=yes]) + else + pkg_failed=untried +fi[]dnl +])dnl _PKG_CONFIG + +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])dnl _PKG_SHORT_ERRORS_SUPPORTED + + +dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES might not happen, you should be sure to include an +dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + m4_default([$4], [AC_MSG_ERROR( +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT])[]dnl + ]) +elif test $pkg_failed = untried; then + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see .])[]dnl + ]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + $3 +fi[]dnl +])dnl PKG_CHECK_MODULES + + +dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULES and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to +dnl include an explicit call to PKG_PROG_PKG_CONFIG in your +dnl configure.ac. +AC_DEFUN([PKG_CHECK_MODULES_STATIC], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULES($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULES_STATIC + + +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_INSTALLDIR + + +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_NOARCH_INSTALLDIR + + +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR + +dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES, +dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND], +dnl [DESCRIPTION], [DEFAULT]) +dnl ------------------------------------------ +dnl +dnl Prepare a "--with-" configure option using the lowercase +dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and +dnl PKG_CHECK_MODULES in a single macro. +AC_DEFUN([PKG_WITH_MODULES], +[ +m4_pushdef([with_arg], m4_tolower([$1])) + +m4_pushdef([description], + [m4_default([$5], [build with ]with_arg[ support])]) + +m4_pushdef([def_arg], [m4_default([$6], [auto])]) +m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes]) +m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no]) + +m4_case(def_arg, + [yes],[m4_pushdef([with_without], [--without-]with_arg)], + [m4_pushdef([with_without],[--with-]with_arg)]) + +AC_ARG_WITH(with_arg, + AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),, + [AS_TR_SH([with_]with_arg)=def_arg]) + +AS_CASE([$AS_TR_SH([with_]with_arg)], + [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)], + [auto],[PKG_CHECK_MODULES([$1],[$2], + [m4_n([def_action_if_found]) $3], + [m4_n([def_action_if_not_found]) $4])]) + +m4_popdef([with_arg]) +m4_popdef([description]) +m4_popdef([def_arg]) + +])dnl PKG_WITH_MODULES + +dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES, +dnl [DESCRIPTION], [DEFAULT]) +dnl ----------------------------------------------- +dnl +dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES +dnl check._[VARIABLE-PREFIX] is exported as make variable. +AC_DEFUN([PKG_HAVE_WITH_MODULES], +[ +PKG_WITH_MODULES([$1],[$2],,,[$3],[$4]) + +AM_CONDITIONAL([HAVE_][$1], + [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"]) +])dnl PKG_HAVE_WITH_MODULES + +dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES, +dnl [DESCRIPTION], [DEFAULT]) +dnl ------------------------------------------------------ +dnl +dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after +dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make +dnl and preprocessor variable. +AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES], +[ +PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4]) + +AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"], + [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])]) +])dnl PKG_HAVE_DEFINE_WITH_MODULES + +# Copyright (C) 2002-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +# (This private macro should not be called outside this file.) +AC_DEFUN([AM_AUTOMAKE_VERSION], +[am__api_version='1.16' +dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to +dnl require some minimum version. Point them to the right macro. +m4_if([$1], [1.16.1], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl +]) + +# _AM_AUTOCONF_VERSION(VERSION) +# ----------------------------- +# aclocal traces this macro to find the Autoconf version. +# This is a private macro too. Using m4_define simplifies +# the logic in aclocal, which can simply ignore this definition. +m4_define([_AM_AUTOCONF_VERSION], []) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +[AM_AUTOMAKE_VERSION([1.16.1])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to +# '$srcdir', '$srcdir/..', or '$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is '.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], + [$1], [CXX], [depcc="$CXX" am_compiler_list=], + [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], + [$1], [UPC], [depcc="$UPC" am_compiler_list=], + [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES. +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE([dependency-tracking], [dnl +AS_HELP_STRING( + [--enable-dependency-tracking], + [do not reject slow dependency extractors]) +AS_HELP_STRING( + [--disable-dependency-tracking], + [speeds up one-time build])]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +AC_SUBST([am__nodep])dnl +_AM_SUBST_NOTMAKE([am__nodep])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + AS_CASE([$CONFIG_FILES], + [*\'*], [eval set x "$CONFIG_FILES"], + [*], [set x $CONFIG_FILES]) + shift + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf + do + # Strip MF so we end up with the name of the file. + am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`AS_DIRNAME(["$am_mf"])` + am_filepart=`AS_BASENAME(["$am_mf"])` + AM_RUN_LOG([cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles]) || am_rc=$? + done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi + AS_UNSET([am_dirpart]) + AS_UNSET([am_filepart]) + AS_UNSET([am_mf]) + AS_UNSET([am_rc]) + rm -f conftest-deps.mk +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking is enabled. +# This creates each '.Po' and '.Plo' makefile fragment that we'll need in +# order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. +m4_define([AC_PROG_CC], +m4_defn([AC_PROG_CC]) +[_AM_PROG_CC_C_O +]) + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.65])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[AC_DIAGNOSE([obsolete], + [$0: two- and three-arguments forms are deprecated.]) +m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl +dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. +m4_if( + m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) + AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) +AM_MISSING_PROG([AUTOCONF], [autoconf]) +AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) +AM_MISSING_PROG([AUTOHEADER], [autoheader]) +AM_MISSING_PROG([MAKEINFO], [makeinfo]) +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +AC_SUBST([mkdir_p], ['$(MKDIR_P)']) +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES([CC])], + [m4_define([AC_PROG_CC], + m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES([CXX])], + [m4_define([AC_PROG_CXX], + m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJC], + [_AM_DEPENDENCIES([OBJC])], + [m4_define([AC_PROG_OBJC], + m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [_AM_DEPENDENCIES([OBJCXX])], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl +]) +AC_REQUIRE([AM_SILENT_RULES])dnl +dnl The testsuite driver may need to know about EXEEXT, so add the +dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This +dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) + fi +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. +]) + +dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_arg=$1 +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi +AC_SUBST([install_sh])]) + +# Copyright (C) 2003-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Add --enable-maintainer-mode option to configure. -*- Autoconf -*- +# From Jim Meyering + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MAINTAINER_MODE([DEFAULT-MODE]) +# ---------------------------------- +# Control maintainer-specific portions of Makefiles. +# Default is to disable them, unless 'enable' is passed literally. +# For symmetry, 'disable' may be passed as well. Anyway, the user +# can override the default with the --enable/--disable switch. +AC_DEFUN([AM_MAINTAINER_MODE], +[m4_case(m4_default([$1], [disable]), + [enable], [m4_define([am_maintainer_other], [disable])], + [disable], [m4_define([am_maintainer_other], [enable])], + [m4_define([am_maintainer_other], [enable]) + m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) +AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode's default is 'disable' unless 'enable' is passed + AC_ARG_ENABLE([maintainer-mode], + [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode], + am_maintainer_other[ make rules and dependencies not useful + (and sometimes confusing) to the casual installer])], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) + AC_MSG_RESULT([$USE_MAINTAINER_MODE]) + AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST([MAINT])dnl +] +) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MAKE_INCLUDE() +# ----------------- +# Check whether make has an 'include' directive that can support all +# the idioms we need for our automatic dependency tracking code. +AC_DEFUN([AM_MAKE_INCLUDE], +[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) +cat > confinc.mk << 'END' +am__doit: + @echo this is the am__doit target >confinc.out +.PHONY: am__doit +END +am__include="#" +am__quote= +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) + AS_CASE([$?:`cat confinc.out 2>/dev/null`], + ['0:this is the am__doit target'], + [AS_CASE([$s], + [BSD], [am__include='.include' am__quote='"'], + [am__include='include' am__quote=''])]) + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +AC_MSG_RESULT([${_am_result}]) +AC_SUBST([am__include])]) +AC_SUBST([am__quote])]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it is modern enough. +# If it is, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([missing])dnl +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + AC_MSG_WARN(['missing' script is too old or missing]) +fi +]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# -------------------- +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) + +# _AM_SET_OPTIONS(OPTIONS) +# ------------------------ +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_CC_C_O +# --------------- +# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC +# to automatically call this. +AC_DEFUN([_AM_PROG_CC_C_O], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +AC_LANG_PUSH([C])dnl +AC_CACHE_CHECK( + [whether $CC understands -c and -o together], + [am_cv_prog_cc_c_o], + [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])]) + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i]) +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +AC_LANG_POP([C])]) + +# For backward compatibility. +AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken + alias in your environment]) + fi + if test "$[2]" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT([yes]) +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi +AC_CONFIG_COMMANDS_PRE( + [AC_MSG_CHECKING([that generated files are newer than configure]) + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + AC_MSG_RESULT([done])]) +rm -f conftest.file +]) + +# Copyright (C) 2009-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Enable less verbose build rules; with the default set to DEFAULT +# ("yes" being less verbose, "no" or empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_ARG_ENABLE([silent-rules], [dnl +AS_HELP_STRING( + [--enable-silent-rules], + [less verbose build output (undo: "make V=1")]) +AS_HELP_STRING( + [--disable-silent-rules], + [verbose build output (undo: "make V=0")])dnl +]) +case $enable_silent_rules in @%:@ ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; +esac +dnl +dnl A few 'make' implementations (e.g., NonStop OS and NextStep) +dnl do not support nested variable expansions. +dnl See automake bug#9928 and bug#10237. +am_make=${MAKE-make} +AC_CACHE_CHECK([whether $am_make supports nested variables], + [am_cv_make_support_nested_variables], + [if AS_ECHO([['TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi]) +if test $am_cv_make_support_nested_variables = yes; then + dnl Using '$V' instead of '$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AC_SUBST([AM_V])dnl +AM_SUBST_NOTMAKE([AM_V])dnl +AC_SUBST([AM_DEFAULT_V])dnl +AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl +AC_SUBST([AM_DEFAULT_VERBOSITY])dnl +AM_BACKSLASH='\' +AC_SUBST([AM_BACKSLASH])dnl +_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor 'install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in "make install-strip", and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Copyright (C) 2006-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# -------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of 'v7', 'ustar', or 'pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +# +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AC_SUBST([AMTAR], ['$${TAR-tar}']) + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' + +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + + [m4_case([$1], + [ustar], + [# The POSIX 1988 'ustar' format is defined with fixed-size fields. + # There is notably a 21 bits limit for the UID and the GID. In fact, + # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 + # and bug#13588). + am_max_uid=2097151 # 2^21 - 1 + am_max_gid=$am_max_uid + # The $UID and $GID variables are not portable, so we need to resort + # to the POSIX-mandated id(1) utility. Errors in the 'id' calls + # below are definitely unexpected, so allow the users to see them + # (that is, avoid stderr redirection). + am_uid=`id -u || echo unknown` + am_gid=`id -g || echo unknown` + AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) + if test $am_uid -le $am_max_uid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi + AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) + if test $am_gid -le $am_max_gid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi], + + [pax], + [], + + [m4_fatal([Unknown tar format])]) + + AC_MSG_CHECKING([how to create a $1 tar archive]) + + # Go ahead even if we have the value already cached. We do so because we + # need to set the values for the 'am__tar' and 'am__untar' variables. + _am_tools=${am_cv_prog_tar_$1-$_am_tools} + + for _am_tool in $_am_tools; do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works. + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi + done + rm -rf conftest.dir + + AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) + AC_MSG_RESULT([$am_cv_prog_tar_$1])]) + +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + +m4_include([build/m4/gettext.m4]) +m4_include([build/m4/host-cpu-c-abi.m4]) +m4_include([build/m4/iconv.m4]) +m4_include([build/m4/intlmacosx.m4]) +m4_include([build/m4/ld-version-script.m4]) +m4_include([build/m4/lib-ld.m4]) +m4_include([build/m4/lib-link.m4]) +m4_include([build/m4/lib-prefix.m4]) +m4_include([build/m4/libtool.m4]) +m4_include([build/m4/ltoptions.m4]) +m4_include([build/m4/ltsugar.m4]) +m4_include([build/m4/ltversion.m4]) +m4_include([build/m4/lt~obsolete.m4]) +m4_include([build/m4/nls.m4]) +m4_include([build/m4/po.m4]) +m4_include([build/m4/progtest.m4]) diff --git a/bash-completion/meson.build b/bash-completion/meson.build new file mode 100644 index 0000000..2845dd7 --- /dev/null +++ b/bash-completion/meson.build @@ -0,0 +1,11 @@ +bashcomp = dependency('bash-completion', required: get_option('bash_completion')) + +if bashcomp.found() + bashcompdir = bashcomp.get_pkgconfig_variable('completionsdir') + install_data('p11-kit', install_dir: bashcompdir) + if with_trust_module + install_data('trust', install_dir: bashcompdir) + endif +else + warning('Will not install bash completion due to missing dependencies!') +endif diff --git a/bash-completion/p11-kit b/bash-completion/p11-kit new file mode 100644 index 0000000..2ca9120 --- /dev/null +++ b/bash-completion/p11-kit @@ -0,0 +1,19 @@ +# p11-kit(8) completion -*- shell-script -*- + +_p11-kit() +{ + local cur prev words cword + _init_completion || return + + if [[ $cur == -* ]]; then + local opts="--help --verbose -q --quiet" + COMPREPLY=( $(compgen -W "$opts" -- "$cur") ) + return + elif [[ $cword -eq 1 ]]; then + local commands='list-modules extract server remote' + COMPREPLY=( $(compgen -W "$commands" -- "$cur") ) + fi +} && +complete -F _p11-kit p11-kit + +# ex: filetype=sh diff --git a/bash-completion/trust b/bash-completion/trust new file mode 100644 index 0000000..b182682 --- /dev/null +++ b/bash-completion/trust @@ -0,0 +1,67 @@ +# trust(1) completion -*- shell-script -*- + +_trust() +{ + local cur prev words cword + _init_completion || return + + local commands command + + commands='list extract extract-compat anchor dump' + + if [[ $cword -eq 1 ]]; then + COMPREPLY=( $(compgen -W "$commands" -- "$cur") ) + else + command=${words[1]} + case $prev in + --filter) + list="" + case $command in + extract|list) + list="ca-anchors trust-policy blacklist certificates pkcs11:" + ;; + dump) + list="all pkcs11:" + ;; + esac + COMPREPLY=( $(compgen -W "$list" -- "$cur") ) + return + ;; + --purpose) + COMPREPLY=( $(compgen -W "server-auth client-auth email code-signing" -- "$cur") ) + return + ;; + --format) + options='x509-file x509-directory pem-bundle pem-directory + pem-directory-hash openssl-bundle openssl-directory + java-cacarts' + COMPREPLY=( $(compgen -W "$options" -- "$cur") ) + return + ;; + esac + + if [[ "$cur" == -* ]]; then + # possible options for the command + case $command in + list) + options='--filter --purpose' + ;; + extract) + options='--comment --filter --format --overwrite --purpose' + ;; + anchor) + options='--remove --store' + ;; + dump) + options='--filter' + ;; + esac + COMPREPLY=( $(compgen -W "$options --verbose --help --quiet" -- "$cur") ) + else + _filedir + fi + fi +} && +complete -F _trust trust + +# ex: filetype=sh diff --git a/build/gtk-doc.make b/build/gtk-doc.make new file mode 100644 index 0000000..4709268 --- /dev/null +++ b/build/gtk-doc.make @@ -0,0 +1,259 @@ +# -*- mode: makefile -*- + +#################################### +# Everything below here is generic # +#################################### + +if GTK_DOC_USE_LIBTOOL +GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +GTKDOC_RUN = $(LIBTOOL) --mode=execute +else +GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +GTKDOC_RUN = +endif + +# We set GPATH here; this gives us semantics for GNU make +# which are more like other make's VPATH, when it comes to +# whether a source that is a target of one rule is then +# searched for in VPATH/GPATH. +# +GPATH = $(srcdir) + +TARGET_DIR=$(HTML_DIR)/$(DOC_MODULE) + +SETUP_FILES = \ + $(content_files) \ + $(DOC_MAIN_SGML_FILE) \ + $(DOC_MODULE)-sections.txt \ + $(DOC_MODULE)-overrides.txt \ + style.css + +EXTRA_DIST = \ + $(HTML_IMAGES) \ + $(SETUP_FILES) + +DOC_STAMPS=setup-build.stamp scan-build.stamp sgml-build.stamp \ + html-build.stamp pdf-build.stamp \ + sgml.stamp html.stamp pdf.stamp + +SCANOBJ_FILES = \ + $(DOC_MODULE).args \ + $(DOC_MODULE).hierarchy \ + $(DOC_MODULE).interfaces \ + $(DOC_MODULE).prerequisites \ + $(DOC_MODULE).signals + +REPORT_FILES = \ + $(DOC_MODULE)-undocumented.txt \ + $(DOC_MODULE)-undeclared.txt \ + $(DOC_MODULE)-unused.txt + +CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS) + +if ENABLE_GTK_DOC +if GTK_DOC_BUILD_HTML +HTML_BUILD_STAMP=html-build.stamp +else +HTML_BUILD_STAMP= +endif +if GTK_DOC_BUILD_PDF +PDF_BUILD_STAMP=pdf-build.stamp +else +PDF_BUILD_STAMP= +endif + +all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) +else +all-local: +endif + +docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) + +$(REPORT_FILES): sgml-build.stamp + +#### setup #### + +setup-build.stamp: + -@if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ + echo ' DOC Preparing build'; \ + files=`echo $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types`; \ + if test "x$$files" != "x" ; then \ + for file in $$files ; do \ + test -f $(abs_srcdir)/$$file && \ + cp -pu $(abs_srcdir)/$$file $(abs_builddir)/ || true; \ + done; \ + fi; \ + fi + @touch setup-build.stamp + + +#### scan #### + +scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) + @echo ' DOC Scanning header files' + @_source_dir='' ; \ + for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES) + @if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \ + echo " DOC Introspecting gobjects"; \ + scanobj_options=""; \ + gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + scanobj_options="--verbose"; \ + fi; \ + fi; \ + CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \ + gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE); \ + else \ + for i in $(SCANOBJ_FILES) ; do \ + test -f $$i || touch $$i ; \ + done \ + fi + @touch scan-build.stamp + +$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES): scan-build.stamp + @true + +#### xml #### + +sgml-build.stamp: setup-build.stamp $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt $(expand_content_files) + @echo ' DOC Building XML' + @_source_dir='' ; \ + for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS) + @touch sgml-build.stamp + +sgml.stamp: sgml-build.stamp + @true + +#### html #### + +html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) $(srcdir)/style.css + @echo ' DOC Building HTML' + @rm -rf html + @mkdir html + @mkhtml_options=""; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + mkhtml_options="$$mkhtml_options --verbose"; \ + fi; \ + fi; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \ + if test "$(?)" = "0"; then \ + mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \ + fi; \ + cd html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE) + -@test "x$(HTML_IMAGES)" = "x" || \ + for file in $(HTML_IMAGES) ; do \ + if test -f $(abs_srcdir)/$$file ; then \ + cp $(abs_srcdir)/$$file $(abs_builddir)/html; \ + fi; \ + if test -f $(abs_builddir)/$$file ; then \ + cp $(abs_builddir)/$$file $(abs_builddir)/html; \ + fi; \ + done; + @echo ' DOC Fixing cross-references' + @gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS) + @mv $(builddir)/html/style.css $(builddir)/html/gtk-doc.css + @cp $(srcdir)/style.css $(builddir)/html/style.css + @touch html-build.stamp + +#### pdf #### + +pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) + @echo ' DOC Building PDF' + @rm -f $(DOC_MODULE).pdf + @mkpdf_options=""; \ + gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + mkpdf_options="$$mkpdf_options --verbose"; \ + fi; \ + fi; \ + if test "x$(HTML_IMAGES)" != "x"; then \ + for img in $(HTML_IMAGES); do \ + part=`dirname $$img`; \ + echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \ + if test $$? != 0; then \ + mkpdf_options="$$mkpdf_options --imgdir=$$part"; \ + fi; \ + done; \ + fi; \ + gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_options $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS) + @touch pdf-build.stamp + +############## + +clean-local: + @rm -f *~ *.bak + @rm -rf .libs + +distclean-local: + @rm -rf xml html $(REPORT_FILES) $(DOC_MODULE).pdf \ + $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt + @if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ + rm -f $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types; \ + fi + +maintainer-clean-local: clean + @rm -rf xml html + +install-data-local: + @installfiles=`echo $(builddir)/html/*`; \ + if test "$$installfiles" = '$(builddir)/html/*'; \ + then echo 1>&2 'Nothing to install' ; \ + else \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + $(mkinstalldirs) $${installdir} ; \ + for i in $$installfiles; do \ + echo ' $(INSTALL_DATA) '$$i ; \ + $(INSTALL_DATA) $$i $${installdir}; \ + done; \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + mv -f $${installdir}/$(DOC_MODULE).devhelp2 \ + $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \ + fi; \ + $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \ + fi + +uninstall-local: + @if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + rm -rf $${installdir} + +# +# Require gtk-doc when making dist +# +if ENABLE_GTK_DOC +dist-check-gtkdoc: +else +dist-check-gtkdoc: + @echo "*** gtk-doc must be installed and --enable-doc in order to make dist" + @false +endif + +dist-hook: dist-check-gtkdoc dist-hook-local + @mkdir $(distdir)/html + @cp ./html/* $(distdir)/html + @-cp ./$(DOC_MODULE).pdf $(distdir)/ + @-cp ./$(DOC_MODULE).types $(distdir)/ + @-cp ./$(DOC_MODULE)-sections.txt $(distdir)/ + @cd $(distdir) && rm -f $(DISTCLEANFILES) + @$(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html + +.PHONY : dist-hook-local docs diff --git a/build/litter/compile b/build/litter/compile new file mode 100755 index 0000000..99e5052 --- /dev/null +++ b/build/litter/compile @@ -0,0 +1,348 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build/litter/config.guess b/build/litter/config.guess new file mode 100755 index 0000000..b33c9e8 --- /dev/null +++ b/build/litter/config.guess @@ -0,0 +1,1486 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2018 Free Software Foundation, Inc. + +timestamp='2018-08-29' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. +# +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# +# Please send patches to . + + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2018 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 1 2 13 15 +trap 'exitcode=$?; test -z "$tmp" || rm -fr "$tmp"; exit $exitcode' 0 + +set_cc_for_build() { + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$driver" + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if test -f /.attbin/uname ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +case "$UNAME_SYSTEM" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + set_cc_for_build + cat <<-EOF > "$dummy.c" + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ + echo unknown)` + case "$UNAME_MACHINE_ARCH" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "$UNAME_VERSION" in + Debian*) + release='-gnu' + ;; + *) + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "$machine-${os}${release}${abi-}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" + exit ;; + *:ekkoBSD:*:*) + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" + exit ;; + *:SolidBSD:*:*) + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:MirBSD:*:*) + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE=alpha ;; + "EV4.5 (21064)") + UNAME_MACHINE=alpha ;; + "LCA4 (21066/21068)") + UNAME_MACHINE=alpha ;; + "EV5 (21164)") + UNAME_MACHINE=alphaev5 ;; + "EV5.6 (21164A)") + UNAME_MACHINE=alphaev56 ;; + "EV5.6 (21164PC)") + UNAME_MACHINE=alphapca56 ;; + "EV5.7 (21164PC)") + UNAME_MACHINE=alphapca57 ;; + "EV6 (21264)") + UNAME_MACHINE=alphaev6 ;; + "EV6.7 (21264A)") + UNAME_MACHINE=alphaev67 ;; + "EV6.8CB (21264C)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8AL (21264B)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8CX (21264D)") + UNAME_MACHINE=alphaev68 ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE=alphaev69 ;; + "EV7 (21364)") + UNAME_MACHINE=alphaev7 ;; + "EV7.9 (21364A)") + UNAME_MACHINE=alphaev79 ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix"$UNAME_RELEASE" + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux"$UNAME_RELEASE" + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + UNAME_REL="`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + case `isainfo -b` in + 32) + echo i386-pc-solaris2"$UNAME_REL" + ;; + 64) + echo x86_64-pc-solaris2"$UNAME_REL" + ;; + esac + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos"$UNAME_RELEASE" + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos"$UNAME_RELEASE" + ;; + sun4) + echo sparc-sun-sunos"$UNAME_RELEASE" + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos"$UNAME_RELEASE" + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint"$UNAME_RELEASE" + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint"$UNAME_RELEASE" + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint"$UNAME_RELEASE" + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten"$UNAME_RELEASE" + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten"$UNAME_RELEASE" + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix"$UNAME_RELEASE" + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix"$UNAME_RELEASE" + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix"$UNAME_RELEASE" + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos"$UNAME_RELEASE" + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + then + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] + then + echo m88k-dg-dgux"$UNAME_RELEASE" + else + echo m88k-dg-dguxbcs"$UNAME_RELEASE" + fi + else + echo i586-dg-dgux"$UNAME_RELEASE" + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "$HP_ARCH" = "" ]; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ "$HP_ARCH" = hppa2.0w ] + then + set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH=hppa2.0w + else + HP_ARCH=hppa64 + fi + fi + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" + exit ;; + 3050*:HI-UX:*:*) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo "$UNAME_MACHINE"-unknown-osf1mk + else + echo "$UNAME_MACHINE"-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi"$UNAME_RELEASE" + exit ;; + *:BSD/OS:*:*) + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi + else + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf + fi + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case "$UNAME_PROCESSOR" in + amd64) + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; + esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + i*:CYGWIN*:*) + echo "$UNAME_MACHINE"-pc-cygwin + exit ;; + *:MINGW64*:*) + echo "$UNAME_MACHINE"-pc-mingw64 + exit ;; + *:MINGW*:*) + echo "$UNAME_MACHINE"-pc-mingw32 + exit ;; + *:MSYS*:*) + echo "$UNAME_MACHINE"-pc-msys + exit ;; + i*:PW*:*) + echo "$UNAME_MACHINE"-pc-pw32 + exit ;; + *:Interix*:*) + case "$UNAME_MACHINE" in + x86) + echo i586-pc-interix"$UNAME_RELEASE" + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix"$UNAME_RELEASE" + exit ;; + IA64) + echo ia64-unknown-interix"$UNAME_RELEASE" + exit ;; + esac ;; + i*:UWIN*:*) + echo "$UNAME_MACHINE"-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + *:GNU:*:*) + # the GNU system + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" + exit ;; + *:Minix:*:*) + echo "$UNAME_MACHINE"-unknown-minix + exit ;; + aarch64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arm*:Linux:*:*) + set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + else + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + cris:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + crisv32:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + frv:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + hexagon:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + ia64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m32r*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m68*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" + test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } + ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-"$LIBC" + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-"$LIBC" + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-"$LIBC" + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-"$LIBC" + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-"$LIBC" + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-"$LIBC" + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" + exit ;; + sh64*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sh*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + tile*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + vax:Linux:*:*) + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" + exit ;; + x86_64:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + xtensa*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo "$UNAME_MACHINE"-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo "$UNAME_MACHINE"-unknown-stop + exit ;; + i*86:atheos:*:*) + echo "$UNAME_MACHINE"-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo "$UNAME_MACHINE"-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos"$UNAME_RELEASE" + exit ;; + i*86:*DOS:*:*) + echo "$UNAME_MACHINE"-pc-msdosdjgpp + exit ;; + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configure will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos"$UNAME_RELEASE" + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos"$UNAME_RELEASE" + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv"$UNAME_RELEASE" + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo "$UNAME_MACHINE"-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo "$UNAME_MACHINE"-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux"$UNAME_RELEASE" + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv"$UNAME_RELEASE" + else + echo mips-unknown-sysv"$UNAME_RELEASE" + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux"$UNAME_RELEASE" + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux"$UNAME_RELEASE" + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux"$UNAME_RELEASE" + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Rhapsody:*:*) + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = x86; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + # shellcheck disable=SC2154 + if test "$cputype" = 386; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo "$UNAME_MACHINE"-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux"$UNAME_RELEASE" + exit ;; + *:DragonFly:*:*) + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "$UNAME_MACHINE" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" + exit ;; + i*86:rdos:*:*) + echo "$UNAME_MACHINE"-pc-rdos + exit ;; + i*86:AROS:*:*) + echo "$UNAME_MACHINE"-pc-aros + exit ;; + x86_64:VMkernel:*:*) + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; +esac + +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 </dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/build/litter/config.rpath b/build/litter/config.rpath new file mode 100755 index 0000000..be202c1 --- /dev/null +++ b/build/litter/config.rpath @@ -0,0 +1,684 @@ +#! /bin/sh +# Output a system dependent set of variables, describing how to set the +# run time search path of shared libraries in an executable. +# +# Copyright 1996-2019 Free Software Foundation, Inc. +# Taken from GNU libtool, 2001 +# Originally by Gordon Matzigkeit , 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# The first argument passed to this file is the canonical host specification, +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld +# should be set by the caller. +# +# The set of defined variables is at the end of this script. + +# Known limitations: +# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer +# than 256 bytes, otherwise the compiler driver will dump core. The only +# known workaround is to choose shorter directory names for the build +# directory and/or the installation directory. + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a +shrext=.so + +host="$1" +host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + +# Code taken from libtool.m4's _LT_CC_BASENAME. + +for cc_temp in $CC""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` + +# Code taken from libtool.m4's _LT_COMPILER_PIC. + +wl= +if test "$GCC" = yes; then + wl='-Wl,' +else + case "$host_os" in + aix*) + wl='-Wl,' + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) + ;; + hpux9* | hpux10* | hpux11*) + wl='-Wl,' + ;; + irix5* | irix6* | nonstopux*) + wl='-Wl,' + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + ecc*) + wl='-Wl,' + ;; + icc* | ifort*) + wl='-Wl,' + ;; + lf95*) + wl='-Wl,' + ;; + nagfor*) + wl='-Wl,-Wl,,' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + wl='-Wl,' + ;; + ccc*) + wl='-Wl,' + ;; + xl* | bgxl* | bgf* | mpixl*) + wl='-Wl,' + ;; + como) + wl='-lopt=' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ F* | *Sun*Fortran*) + wl= + ;; + *Sun\ C*) + wl='-Wl,' + ;; + esac + ;; + esac + ;; + newsos6) + ;; + *nto* | *qnx*) + ;; + osf3* | osf4* | osf5*) + wl='-Wl,' + ;; + rdos*) + ;; + solaris*) + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + wl='-Qoption ld ' + ;; + *) + wl='-Wl,' + ;; + esac + ;; + sunos4*) + wl='-Qoption ld ' + ;; + sysv4 | sysv4.2uw2* | sysv4.3*) + wl='-Wl,' + ;; + sysv4*MP*) + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + wl='-Wl,' + ;; + unicos*) + wl='-Wl,' + ;; + uts4*) + ;; + esac +fi + +# Code taken from libtool.m4's _LT_LINKER_SHLIBS. + +hardcode_libdir_flag_spec= +hardcode_libdir_separator= +hardcode_direct=no +hardcode_minus_L=no + +case "$host_os" in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; +esac + +ld_shlibs=yes +if test "$with_gnu_ld" = yes; then + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + # Unlike libtool, we use -rpath here, not --rpath, since the documented + # option of GNU ld is called -rpath, not --rpath. + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + case "$host_os" in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + fi + ;; + amigaos*) + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + cygwin* | mingw* | pw32* | cegcc*) + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + haiku*) + ;; + interix[3-9]*) + hardcode_direct=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + netbsd*) + ;; + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + else + ld_shlibs=no + fi + ;; + esac + ;; + sunos4*) + hardcode_direct=yes + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + esac + if test "$ld_shlibs" = no; then + hardcode_libdir_flag_spec= + fi +else + case "$host_os" in + aix3*) + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + aix[4-9]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + else + aix_use_runtimelinking=no + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + fi + hardcode_direct=yes + hardcode_libdir_separator=':' + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + fi + # Begin _LT_AC_SYS_LIBPATH_AIX. + echo 'int main () { return 0; }' > conftest.c + ${CC} ${LDFLAGS} conftest.c -o conftest + aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` + if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` + fi + if test -z "$aix_libpath"; then + aix_libpath="/usr/lib:/lib" + fi + rm -f conftest.c conftest + # End _LT_AC_SYS_LIBPATH_AIX. + if test "$aix_use_runtimelinking" = yes; then + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + else + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + fi + fi + ;; + amigaos*) + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + bsdi[45]*) + ;; + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec=' ' + libext=lib + ;; + darwin* | rhapsody*) + hardcode_direct=no + if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then + : + else + ld_shlibs=no + fi + ;; + dgux*) + hardcode_libdir_flag_spec='-L$libdir' + ;; + freebsd2.[01]*) + hardcode_direct=yes + hardcode_minus_L=yes + ;; + freebsd* | dragonfly*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + hpux9*) + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + hpux10*) + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + hpux11*) + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + ;; + *) + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + irix5* | irix6* | nonstopux*) + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + netbsd*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + newsos6) + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + *nto* | *qnx*) + ;; + openbsd*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + else + case "$host_os" in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + else + ld_shlibs=no + fi + ;; + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + osf3*) + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + osf4* | osf5*) + if test "$GCC" = yes; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + # Both cc and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + hardcode_libdir_separator=: + ;; + solaris*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + sunos4*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + ;; + sysv4) + case $host_vendor in + sni) + hardcode_direct=yes # is this really true??? + ;; + siemens) + hardcode_direct=no + ;; + motorola) + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + ;; + sysv4.3*) + ;; + sysv4*MP*) + if test -d /usr/nec; then + ld_shlibs=yes + fi + ;; + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + ;; + sysv5* | sco3.2v5* | sco5v6*) + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator=':' + ;; + uts4*) + hardcode_libdir_flag_spec='-L$libdir' + ;; + *) + ld_shlibs=no + ;; + esac +fi + +# Check dynamic linker characteristics +# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER. +# Unlike libtool.m4, here we don't care about _all_ names of the library, but +# only about the one the linker finds when passed -lNAME. This is the last +# element of library_names_spec in libtool.m4, or possibly two of them if the +# linker has special search rules. +library_names_spec= # the last element of library_names_spec in libtool.m4 +libname_spec='lib$name' +case "$host_os" in + aix3*) + library_names_spec='$libname.a' + ;; + aix[4-9]*) + library_names_spec='$libname$shrext' + ;; + amigaos*) + case "$host_cpu" in + powerpc*) + library_names_spec='$libname$shrext' ;; + m68k) + library_names_spec='$libname.a' ;; + esac + ;; + beos*) + library_names_spec='$libname$shrext' + ;; + bsdi[45]*) + library_names_spec='$libname$shrext' + ;; + cygwin* | mingw* | pw32* | cegcc*) + shrext=.dll + library_names_spec='$libname.dll.a $libname.lib' + ;; + darwin* | rhapsody*) + shrext=.dylib + library_names_spec='$libname$shrext' + ;; + dgux*) + library_names_spec='$libname$shrext' + ;; + freebsd[23].*) + library_names_spec='$libname$shrext$versuffix' + ;; + freebsd* | dragonfly*) + library_names_spec='$libname$shrext' + ;; + gnu*) + library_names_spec='$libname$shrext' + ;; + haiku*) + library_names_spec='$libname$shrext' + ;; + hpux9* | hpux10* | hpux11*) + case $host_cpu in + ia64*) + shrext=.so + ;; + hppa*64*) + shrext=.sl + ;; + *) + shrext=.sl + ;; + esac + library_names_spec='$libname$shrext' + ;; + interix[3-9]*) + library_names_spec='$libname$shrext' + ;; + irix5* | irix6* | nonstopux*) + library_names_spec='$libname$shrext' + case "$host_os" in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;; + *) libsuff= shlibsuff= ;; + esac + ;; + esac + ;; + linux*oldld* | linux*aout* | linux*coff*) + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + library_names_spec='$libname$shrext' + ;; + knetbsd*-gnu) + library_names_spec='$libname$shrext' + ;; + netbsd*) + library_names_spec='$libname$shrext' + ;; + newsos6) + library_names_spec='$libname$shrext' + ;; + *nto* | *qnx*) + library_names_spec='$libname$shrext' + ;; + openbsd*) + library_names_spec='$libname$shrext$versuffix' + ;; + os2*) + libname_spec='$name' + shrext=.dll + library_names_spec='$libname.a' + ;; + osf3* | osf4* | osf5*) + library_names_spec='$libname$shrext' + ;; + rdos*) + ;; + solaris*) + library_names_spec='$libname$shrext' + ;; + sunos4*) + library_names_spec='$libname$shrext$versuffix' + ;; + sysv4 | sysv4.3*) + library_names_spec='$libname$shrext' + ;; + sysv4*MP*) + library_names_spec='$libname$shrext' + ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + library_names_spec='$libname$shrext' + ;; + tpf*) + library_names_spec='$libname$shrext' + ;; + uts4*) + library_names_spec='$libname$shrext' + ;; +esac + +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' +escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` +shlibext=`echo "$shrext" | sed -e 's,^\.,,'` +escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` + +LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS + +Canonicalize a configuration name. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2018 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo "$1" + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Split fields of configuration type +IFS="-" read -r field1 field2 field3 field4 <&2 + exit 1 + ;; + *-*-*-*) + basic_machine=$field1-$field2 + os=$field3-$field4 + ;; + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \ + | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + os=linux-android + ;; + *) + basic_machine=$field1-$field2 + os=$field3 + ;; + esac + ;; + *-*) + # A lone config we happen to match not fitting any patern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + os= + ;; + *) + basic_machine=$field1 + os=$field2 + ;; + esac + ;; + esac + ;; + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + os=bsd + ;; + a29khif) + basic_machine=a29k-amd + os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=scout + ;; + alliant) + basic_machine=fx80-alliant + os= + ;; + altos | altos3068) + basic_machine=m68k-altos + os= + ;; + am29k) + basic_machine=a29k-none + os=bsd + ;; + amdahl) + basic_machine=580-amdahl + os=sysv + ;; + amiga) + basic_machine=m68k-unknown + os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=bsd + ;; + aros) + basic_machine=i386-pc + os=aros + ;; + aux) + basic_machine=m68k-apple + os=aux + ;; + balance) + basic_machine=ns32k-sequent + os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=linux + ;; + cegcc) + basic_machine=arm-unknown + os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=bsd + ;; + convex-c2) + basic_machine=c2-convex + os=bsd + ;; + convex-c32) + basic_machine=c32-convex + os=bsd + ;; + convex-c34) + basic_machine=c34-convex + os=bsd + ;; + convex-c38) + basic_machine=c38-convex + os=bsd + ;; + cray) + basic_machine=j90-cray + os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + os= + ;; + da30) + basic_machine=m68k-da30 + os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + os= + ;; + delta88) + basic_machine=m88k-motorola + os=sysv3 + ;; + dicos) + basic_machine=i686-pc + os=dicos + ;; + djgpp) + basic_machine=i586-pc + os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=ose + ;; + gmicro) + basic_machine=tron-gmicro + os=sysv + ;; + go32) + basic_machine=i386-pc + os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=hms + ;; + harris) + basic_machine=m88k-harris + os=sysv3 + ;; + hp300) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=hpux + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=proelf + ;; + i386mach) + basic_machine=i386-mach + os=mach + ;; + vsta) + basic_machine=i386-pc + os=vsta + ;; + isi68 | isi) + basic_machine=m68k-isi + os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + os=sysv + ;; + merlin) + basic_machine=ns32k-utek + os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + os=coff + ;; + morphos) + basic_machine=powerpc-unknown + os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=moxiebox + ;; + msdos) + basic_machine=i386-pc + os=msdos + ;; + msys) + basic_machine=i686-pc + os=msys + ;; + mvs) + basic_machine=i370-ibm + os=mvs + ;; + nacl) + basic_machine=le32-unknown + os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=newsos + ;; + news1000) + basic_machine=m68030-sony + os=newsos + ;; + necv70) + basic_machine=v70-nec + os=sysv + ;; + nh3000) + basic_machine=m68k-harris + os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=cxux + ;; + nindy960) + basic_machine=i960-intel + os=nindy + ;; + mon960) + basic_machine=i960-intel + os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=ose + ;; + os68k) + basic_machine=m68k-none + os=os68k + ;; + paragon) + basic_machine=i860-intel + os=osf + ;; + parisc) + basic_machine=hppa-unknown + os=linux + ;; + pw32) + basic_machine=i586-unknown + os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=rdos + ;; + rdos32) + basic_machine=i386-pc + os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=coff + ;; + sa29200) + basic_machine=a29k-amd + os=udi + ;; + sei) + basic_machine=mips-sei + os=seiux + ;; + sequent) + basic_machine=i386-sequent + os= + ;; + sps7) + basic_machine=m68k-bull + os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + os= + ;; + stratus) + basic_machine=i860-stratus + os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + os= + ;; + sun2os3) + basic_machine=m68000-sun + os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + os= + ;; + sun3os3) + basic_machine=m68k-sun + os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + os= + ;; + sun4os3) + basic_machine=sparc-sun + os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + os= + ;; + sv1) + basic_machine=sv1-cray + os=unicos + ;; + symmetry) + basic_machine=i386-sequent + os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=unicos + ;; + t90) + basic_machine=t90-cray + os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + os=tpf + ;; + udi29k) + basic_machine=a29k-amd + os=udi + ;; + ultra3) + basic_machine=a29k-nyu + os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=none + ;; + vaxv) + basic_machine=vax-dec + os=sysv + ;; + vms) + basic_machine=vax-dec + os=vms + ;; + vxworks960) + basic_machine=i960-wrs + os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=vxworks + ;; + xbox) + basic_machine=i686-pc + os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + os=unicos + ;; + *) + basic_machine=$1 + os= + ;; + esac + ;; +esac + +# Decode 1-component or ad-hoc basic machines +case $basic_machine in + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond + ;; + op50n) + cpu=hppa1.1 + vendor=oki + ;; + op60c) + cpu=hppa1.1 + vendor=oki + ;; + ibm*) + cpu=i370 + vendor=ibm + ;; + orion105) + cpu=clipper + vendor=highlevel + ;; + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple + ;; + pmac | pmac-mpw) + cpu=powerpc + vendor=apple + ;; + + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + cpu=m68000 + vendor=att + ;; + 3b*) + cpu=we32k + vendor=att + ;; + bluegene*) + cpu=powerpc + vendor=ibm + os=cnk + ;; + decsystem10* | dec10*) + cpu=pdp10 + vendor=dec + os=tops10 + ;; + decsystem20* | dec20*) + cpu=pdp10 + vendor=dec + os=tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + cpu=m68k + vendor=motorola + ;; + dpx2*) + cpu=m68k + vendor=bull + os=sysv3 + ;; + encore | umax | mmax) + cpu=ns32k + vendor=encore + ;; + elxsi) + cpu=elxsi + vendor=elxsi + os=${os:-bsd} + ;; + fx2800) + cpu=i860 + vendor=alliant + ;; + genix) + cpu=ns32k + vendor=ns + ;; + h3050r* | hiux*) + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + cpu=m68000 + vendor=hp + ;; + hp9k3[2-9][0-9]) + cpu=m68k + vendor=hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + i*86v32) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv32 + ;; + i*86v4*) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv4 + ;; + i*86v) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv + ;; + i*86sol2) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=solaris2 + ;; + j90 | j90-cray) + cpu=j90 + vendor=cray + os=${os:-unicos} + ;; + iris | iris4d) + cpu=mips + vendor=sgi + case $os in + irix*) + ;; + *) + os=irix4 + ;; + esac + ;; + miniframe) + cpu=m68000 + vendor=convergent + ;; + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + os=mint + ;; + news-3600 | risc-news) + cpu=mips + vendor=sony + os=newsos + ;; + next | m*-next) + cpu=m68k + vendor=next + case $os in + nextstep* ) + ;; + ns2*) + os=nextstep2 + ;; + *) + os=nextstep3 + ;; + esac + ;; + np1) + cpu=np1 + vendor=gould + ;; + op50n-* | op60c-*) + cpu=hppa1.1 + vendor=oki + os=proelf + ;; + pa-hitachi) + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 + ;; + pbd) + cpu=sparc + vendor=tti + ;; + pbb) + cpu=m68k + vendor=tti + ;; + pc532) + cpu=ns32k + vendor=pc532 + ;; + pn) + cpu=pn + vendor=gould + ;; + power) + cpu=power + vendor=ibm + ;; + ps2) + cpu=i386 + vendor=ibm + ;; + rm[46]00) + cpu=mips + vendor=siemens + ;; + rtpc | rtpc-*) + cpu=romp + vendor=ibm + ;; + sde) + cpu=mipsisa32 + vendor=sde + os=${os:-elf} + ;; + simso-wrs) + cpu=sparclite + vendor=wrs + os=vxworks + ;; + tower | tower-32) + cpu=m68k + vendor=ncr + ;; + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu + ;; + w65) + cpu=w65 + vendor=wdc + ;; + w89k-*) + cpu=hppa1.1 + vendor=winbond + os=proelf + ;; + none) + cpu=none + vendor=none + ;; + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine + ;; + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` + ;; + + *-*) + IFS="-" read -r cpu vendor <&2 + exit 1 + ;; + esac + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $vendor in + digital*) + vendor=dec + ;; + commodore*) + vendor=cbm + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x$os != x ] +then +case $os in + # First match some system type aliases that might get confused + # with valid system types. + # solaris* is a basic system type, with this one exception. + auroraux) + os=auroraux + ;; + bluegene*) + os=cnk + ;; + solaris1 | solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + solaris) + os=solaris2 + ;; + unixware*) + os=sysv4.2uw + ;; + gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # es1800 is here to avoid being matched by es* (a different OS) + es1800*) + os=ose + ;; + # Some version numbers need modification + chorusos*) + os=chorusos + ;; + isc) + os=isc2.2 + ;; + sco6) + os=sco5v6 + ;; + sco5) + os=sco3.2v5 + ;; + sco4) + os=sco3.2v4 + ;; + sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + ;; + sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + scout) + # Don't match below + ;; + sco*) + os=sco3.2v2 + ;; + psos*) + os=psos + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + # sysv* is not here because it comes later, after sysvr4. + gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | kopensolaris* | plan9* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | knetbsd* | mirbsd* | netbsd* \ + | bitrig* | openbsd* | solidbsd* | libertybsd* \ + | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \ + | linux-newlib* | linux-musl* | linux-uclibc* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* \ + | morphos* | superux* | rtmk* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + qnx*) + case $cpu in + x86 | i*86) + ;; + *) + os=nto-$os + ;; + esac + ;; + hiux*) + os=hiuxwe2 + ;; + nto-qnx*) + ;; + nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + sim | xray | os68k* | v88r* \ + | windows* | osx | abug | netware* | os9* \ + | macos* | mpw* | magic* | mmixware* | mon960* | lnews*) + ;; + linux-dietlibc) + os=linux-dietlibc + ;; + linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + lynx*178) + os=lynxos178 + ;; + lynx*5) + os=lynxos5 + ;; + lynx*) + os=lynxos + ;; + mac*) + os=`echo "$os" | sed -e 's|mac|macos|'` + ;; + opened*) + os=openedition + ;; + os400*) + os=os400 + ;; + sunos5*) + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` + ;; + sunos6*) + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` + ;; + wince*) + os=wince + ;; + utek*) + os=bsd + ;; + dynix*) + os=bsd + ;; + acis*) + os=aos + ;; + atheos*) + os=atheos + ;; + syllable*) + os=syllable + ;; + 386bsd) + os=bsd + ;; + ctix* | uts*) + os=sysv + ;; + nova*) + os=rtmk-nova + ;; + ns2) + os=nextstep2 + ;; + nsk*) + os=nsk + ;; + # Preserve the version number of sinix5. + sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + sinix*) + os=sysv4 + ;; + tpf*) + os=tpf + ;; + triton*) + os=sysv3 + ;; + oss*) + os=sysv3 + ;; + svr4*) + os=sysv4 + ;; + svr3) + os=sysv3 + ;; + sysvr4) + os=sysv4 + ;; + # This must come after sysvr4. + sysv*) + ;; + ose*) + os=ose + ;; + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + os=mint + ;; + zvmoe) + os=zvmoe + ;; + dicos*) + os=dicos + ;; + pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $cpu in + arm*) + os=eabi + ;; + *) + os=elf + ;; + esac + ;; + nacl*) + ;; + ios) + ;; + none) + ;; + *-eabi) + ;; + *) + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $cpu-$vendor in + score-*) + os=elf + ;; + spu-*) + os=elf + ;; + *-acorn) + os=riscix1.2 + ;; + arm*-rebel) + os=linux + ;; + arm*-semi) + os=aout + ;; + c4x-* | tic4x-*) + os=coff + ;; + c8051-*) + os=elf + ;; + clipper-intergraph) + os=clix + ;; + hexagon-*) + os=elf + ;; + tic54x-*) + os=coff + ;; + tic55x-*) + os=coff + ;; + tic6x-*) + os=coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=tops20 + ;; + pdp11-*) + os=none + ;; + *-dec | vax-*) + os=ultrix4.2 + ;; + m68*-apollo) + os=domain + ;; + i386-sun) + os=sunos4.0.2 + ;; + m68000-sun) + os=sunos3 + ;; + m68*-cisco) + os=aout + ;; + mep-*) + os=elf + ;; + mips*-cisco) + os=elf + ;; + mips*-*) + os=elf + ;; + or32-*) + os=coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=sysv3 + ;; + sparc-* | *-sun) + os=sunos4.1.1 + ;; + pru-*) + os=elf + ;; + *-be) + os=beos + ;; + *-ibm) + os=aix + ;; + *-knuth) + os=mmixware + ;; + *-wec) + os=proelf + ;; + *-winbond) + os=proelf + ;; + *-oki) + os=proelf + ;; + *-hp) + os=hpux + ;; + *-hitachi) + os=hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=sysv + ;; + *-cbm) + os=amigaos + ;; + *-dg) + os=dgux + ;; + *-dolphin) + os=sysv3 + ;; + m68k-ccur) + os=rtu + ;; + m88k-omron*) + os=luna + ;; + *-next) + os=nextstep + ;; + *-sequent) + os=ptx + ;; + *-crds) + os=unos + ;; + *-ns) + os=genix + ;; + i370-*) + os=mvs + ;; + *-gould) + os=sysv + ;; + *-highlevel) + os=bsd + ;; + *-encore) + os=bsd + ;; + *-sgi) + os=irix + ;; + *-siemens) + os=sysv4 + ;; + *-masscomp) + os=rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=uxpv + ;; + *-rom68k) + os=coff + ;; + *-*bug) + os=coff + ;; + *-apple) + os=macos + ;; + *-atari*) + os=mint + ;; + *-wrs) + os=vxworks + ;; + *) + os=none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +case $vendor in + unknown) + case $os in + riscix*) + vendor=acorn + ;; + sunos*) + vendor=sun + ;; + cnk*|-aix*) + vendor=ibm + ;; + beos*) + vendor=be + ;; + hpux*) + vendor=hp + ;; + mpeix*) + vendor=hp + ;; + hiux*) + vendor=hitachi + ;; + unos*) + vendor=crds + ;; + dgux*) + vendor=dg + ;; + luna*) + vendor=omron + ;; + genix*) + vendor=ns + ;; + clix*) + vendor=intergraph + ;; + mvs* | opened*) + vendor=ibm + ;; + os400*) + vendor=ibm + ;; + ptx*) + vendor=sequent + ;; + tpf*) + vendor=ibm + ;; + vxsim* | vxworks* | windiss*) + vendor=wrs + ;; + aux*) + vendor=apple + ;; + hms*) + vendor=hitachi + ;; + mpw* | macos*) + vendor=apple + ;; + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + vendor=atari + ;; + vos*) + vendor=stratus + ;; + esac + ;; +esac + +echo "$cpu-$vendor-$os" +exit + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/build/litter/depcomp b/build/litter/depcomp new file mode 100755 index 0000000..65cbf70 --- /dev/null +++ b/build/litter/depcomp @@ -0,0 +1,791 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Avoid interferences from the environment. +gccflag= dashmflag= + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The second -e expression handles DOS-style file names with drive + # letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the "deleted header file" problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. +## Some versions of gcc put a space before the ':'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts '$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for ':' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + "$@" $dashmflag | + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build/litter/install-sh b/build/litter/install-sh new file mode 100755 index 0000000..8175c64 --- /dev/null +++ b/build/litter/install-sh @@ -0,0 +1,518 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2018-03-11.20; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# 'make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +tab=' ' +nl=' +' +IFS=" $tab$nl" + +# Set DOITPROG to "echo" to test this script. + +doit=${DOITPROG-} +doit_exec=${doit:-exec} + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +is_target_a_directory=possibly + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename. + if test -d "$dst"; then + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dstbase=`basename "$src"` + case $dst in + */) dst=$dst$dstbase;; + *) dst=$dst/$dstbase;; + esac + dstdir_status=0 + else + dstdir=`dirname "$dst"` + test -d "$dstdir" + dstdir_status=$? + fi + fi + + case $dstdir in + */) dstdirslash=$dstdir;; + *) dstdirslash=$dstdir/;; + esac + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # Note that $RANDOM variable is not portable (e.g. dash); Use it + # here however when possible just to lower collision chance. + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # Because "mkdir -p" follows existing symlinks and we likely work + # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directory is successfully created first before we actually test + # 'mkdir -p' feature. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + oIFS=$IFS + IFS=/ + set -f + set fnord $dstdir + shift + set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=${dstdirslash}_inst.$$_ + rmtmp=${dstdirslash}_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + set +f && + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build/litter/ltmain.sh b/build/litter/ltmain.sh new file mode 100644 index 0000000..7f3523d --- /dev/null +++ b/build/litter/ltmain.sh @@ -0,0 +1,11149 @@ +#! /bin/sh +## DO NOT EDIT - This file generated from ./build-aux/ltmain.in +## by inline-source v2014-01-03.01 + +# libtool (GNU libtool) 2.4.6 +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +PROGRAM=libtool +PACKAGE=libtool +VERSION=2.4.6 +package_revision=2.4.6 + + +## ------ ## +## Usage. ## +## ------ ## + +# Run './libtool --help' for help with using this script from the +# command line. + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# After configure completes, it has a better idea of some of the +# shell tools we need than the defaults used by the functions shared +# with bootstrap, so set those here where they can still be over- +# ridden by the user, but otherwise take precedence. + +: ${AUTOCONF="autoconf"} +: ${AUTOMAKE="automake"} + + +## -------------------------- ## +## Source external libraries. ## +## -------------------------- ## + +# Much of our low-level functionality needs to be sourced from external +# libraries, which are installed to $pkgauxdir. + +# Set a version string for this script. +scriptversion=2015-01-20.17; # UTC + +# General shell script boiler plate, and helper functions. +# Written by Gary V. Vaughan, 2004 + +# Copyright (C) 2004-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# As a special exception to the GNU General Public License, if you distribute +# this file as part of a program or library that is built using GNU Libtool, +# you may include this file under the same distribution terms that you use +# for the rest of that program. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# Evaluate this file near the top of your script to gain access to +# the functions and variables defined here: +# +# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh +# +# If you need to override any of the default environment variable +# settings, do that before evaluating this file. + + +## -------------------- ## +## Shell normalisation. ## +## -------------------- ## + +# Some shells need a little help to be as Bourne compatible as possible. +# Before doing anything else, make sure all that help has been provided! + +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac +fi + +# NLS nuisances: We save the old values in case they are required later. +_G_user_locale= +_G_safe_locale= +for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test set = \"\${$_G_var+set}\"; then + save_$_G_var=\$$_G_var + $_G_var=C + export $_G_var + _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" + _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" + fi" +done + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Make sure IFS has a sensible default +sp=' ' +nl=' +' +IFS="$sp $nl" + +# There are apparently some retarded systems that use ';' as a PATH separator! +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + + +## ------------------------- ## +## Locate command utilities. ## +## ------------------------- ## + + +# func_executable_p FILE +# ---------------------- +# Check that FILE is an executable regular file. +func_executable_p () +{ + test -f "$1" && test -x "$1" +} + + +# func_path_progs PROGS_LIST CHECK_FUNC [PATH] +# -------------------------------------------- +# Search for either a program that responds to --version with output +# containing "GNU", or else returned by CHECK_FUNC otherwise, by +# trying all the directories in PATH with each of the elements of +# PROGS_LIST. +# +# CHECK_FUNC should accept the path to a candidate program, and +# set $func_check_prog_result if it truncates its output less than +# $_G_path_prog_max characters. +func_path_progs () +{ + _G_progs_list=$1 + _G_check_func=$2 + _G_PATH=${3-"$PATH"} + + _G_path_prog_max=0 + _G_path_prog_found=false + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} + for _G_dir in $_G_PATH; do + IFS=$_G_save_IFS + test -z "$_G_dir" && _G_dir=. + for _G_prog_name in $_G_progs_list; do + for _exeext in '' .EXE; do + _G_path_prog=$_G_dir/$_G_prog_name$_exeext + func_executable_p "$_G_path_prog" || continue + case `"$_G_path_prog" --version 2>&1` in + *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; + *) $_G_check_func $_G_path_prog + func_path_progs_result=$func_check_prog_result + ;; + esac + $_G_path_prog_found && break 3 + done + done + done + IFS=$_G_save_IFS + test -z "$func_path_progs_result" && { + echo "no acceptable sed could be found in \$PATH" >&2 + exit 1 + } +} + + +# We want to be able to use the functions in this file before configure +# has figured out where the best binaries are kept, which means we have +# to search for them ourselves - except when the results are already set +# where we skip the searches. + +# Unless the user overrides by setting SED, search the path for either GNU +# sed, or the sed that truncates its output the least. +test -z "$SED" && { + _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for _G_i in 1 2 3 4 5 6 7; do + _G_sed_script=$_G_sed_script$nl$_G_sed_script + done + echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed + _G_sed_script= + + func_check_prog_sed () + { + _G_path_prog=$1 + + _G_count=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo '' >> conftest.nl + "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + rm -f conftest.sed + SED=$func_path_progs_result +} + + +# Unless the user overrides by setting GREP, search the path for either GNU +# grep, or the grep that truncates its output the least. +test -z "$GREP" && { + func_check_prog_grep () + { + _G_path_prog=$1 + + _G_count=0 + _G_path_prog_max=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo 'GREP' >> conftest.nl + "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + GREP=$func_path_progs_result +} + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# All uppercase variable names are used for environment variables. These +# variables can be overridden by the user before calling a script that +# uses them if a suitable command of that name is not already available +# in the command search PATH. + +: ${CP="cp -f"} +: ${ECHO="printf %s\n"} +: ${EGREP="$GREP -E"} +: ${FGREP="$GREP -F"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} + + +## -------------------- ## +## Useful sed snippets. ## +## -------------------- ## + +sed_dirname='s|/[^/]*$||' +sed_basename='s|^.*/||' + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s|\([`"$\\]\)|\\\1|g' + +# Same as above, but do not quote variable references. +sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' + +# Sed substitution that converts a w32 file name or path +# that contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-'\' parameter expansions in output of sed_double_quote_subst that +# were '\'-ed in input to the same. If an odd number of '\' preceded a +# '$' in input to sed_double_quote_subst, that '$' was protected from +# expansion. Since each input '\' is now two '\'s, look for any number +# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. +_G_bs='\\' +_G_bs2='\\\\' +_G_bs4='\\\\\\\\' +_G_dollar='\$' +sed_double_backslash="\ + s/$_G_bs4/&\\ +/g + s/^$_G_bs2$_G_dollar/$_G_bs&/ + s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g + s/\n//g" + + +## ----------------- ## +## Global variables. ## +## ----------------- ## + +# Except for the global variables explicitly listed below, the following +# functions in the '^func_' namespace, and the '^require_' namespace +# variables initialised in the 'Resource management' section, sourcing +# this file will not pollute your global namespace with anything +# else. There's no portable way to scope variables in Bourne shell +# though, so actually running these functions will sometimes place +# results into a variable named after the function, and often use +# temporary variables in the '^_G_' namespace. If you are careful to +# avoid using those namespaces casually in your sourcing script, things +# should continue to work as you expect. And, of course, you can freely +# overwrite any of the functions or variables defined here before +# calling anything to customize them. + +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +# Allow overriding, eg assuming that you follow the convention of +# putting '$debug_cmd' at the start of all your functions, you can get +# bash to show function call trace with: +# +# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +debug_cmd=${debug_cmd-":"} +exit_cmd=: + +# By convention, finish your script with: +# +# exit $exit_status +# +# so that you can set exit_status to non-zero if you want to indicate +# something went wrong during execution without actually bailing out at +# the point of failure. +exit_status=$EXIT_SUCCESS + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath=$0 + +# The name of this program. +progname=`$ECHO "$progpath" |$SED "$sed_basename"` + +# Make sure we have an absolute progpath for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` + progdir=`cd "$progdir" && pwd` + progpath=$progdir/$progname + ;; + *) + _G_IFS=$IFS + IFS=${PATH_SEPARATOR-:} + for progdir in $PATH; do + IFS=$_G_IFS + test -x "$progdir/$progname" && break + done + IFS=$_G_IFS + test -n "$progdir" || progdir=`pwd` + progpath=$progdir/$progname + ;; +esac + + +## ----------------- ## +## Standard options. ## +## ----------------- ## + +# The following options affect the operation of the functions defined +# below, and should be set appropriately depending on run-time para- +# meters passed on the command line. + +opt_dry_run=false +opt_quiet=false +opt_verbose=false + +# Categories 'all' and 'none' are always available. Append any others +# you will pass as the first argument to func_warning from your own +# code. +warning_categories= + +# By default, display warnings according to 'opt_warning_types'. Set +# 'warning_func' to ':' to elide all warnings, or func_fatal_error to +# treat the next displayed warning as a fatal error. +warning_func=func_warn_and_continue + +# Set to 'all' to display all warnings, 'none' to suppress all +# warnings, or a space delimited list of some subset of +# 'warning_categories' to display only the listed warnings. +opt_warning_types=all + + +## -------------------- ## +## Resource management. ## +## -------------------- ## + +# This section contains definitions for functions that each ensure a +# particular resource (a file, or a non-empty configuration variable for +# example) is available, and if appropriate to extract default values +# from pertinent package files. Call them using their associated +# 'require_*' variable to ensure that they are executed, at most, once. +# +# It's entirely deliberate that calling these functions can set +# variables that don't obey the namespace limitations obeyed by the rest +# of this file, in order that that they be as useful as possible to +# callers. + + +# require_term_colors +# ------------------- +# Allow display of bold text on terminals that support it. +require_term_colors=func_require_term_colors +func_require_term_colors () +{ + $debug_cmd + + test -t 1 && { + # COLORTERM and USE_ANSI_COLORS environment variables take + # precedence, because most terminfo databases neglect to describe + # whether color sequences are supported. + test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} + + if test 1 = "$USE_ANSI_COLORS"; then + # Standard ANSI escape sequences + tc_reset='' + tc_bold=''; tc_standout='' + tc_red=''; tc_green='' + tc_blue=''; tc_cyan='' + else + # Otherwise trust the terminfo database after all. + test -n "`tput sgr0 2>/dev/null`" && { + tc_reset=`tput sgr0` + test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` + tc_standout=$tc_bold + test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` + test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` + test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` + test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` + test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` + } + fi + } + + require_term_colors=: +} + + +## ----------------- ## +## Function library. ## +## ----------------- ## + +# This section contains a variety of useful functions to call in your +# scripts. Take note of the portable wrappers for features provided by +# some modern shells, which will fall back to slower equivalents on +# less featureful shells. + + +# func_append VAR VALUE +# --------------------- +# Append VALUE onto the existing contents of VAR. + + # We should try to minimise forks, especially on Windows where they are + # unreasonably slow, so skip the feature probes when bash or zsh are + # being used: + if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then + : ${_G_HAVE_ARITH_OP="yes"} + : ${_G_HAVE_XSI_OPS="yes"} + # The += operator was introduced in bash 3.1 + case $BASH_VERSION in + [12].* | 3.0 | 3.0*) ;; + *) + : ${_G_HAVE_PLUSEQ_OP="yes"} + ;; + esac + fi + + # _G_HAVE_PLUSEQ_OP + # Can be empty, in which case the shell is probed, "yes" if += is + # useable or anything else if it does not work. + test -z "$_G_HAVE_PLUSEQ_OP" \ + && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ + && _G_HAVE_PLUSEQ_OP=yes + +if test yes = "$_G_HAVE_PLUSEQ_OP" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_append () + { + $debug_cmd + + eval "$1+=\$2" + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_append () + { + $debug_cmd + + eval "$1=\$$1\$2" + } +fi + + +# func_append_quoted VAR VALUE +# ---------------------------- +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +if test yes = "$_G_HAVE_PLUSEQ_OP"; then + eval 'func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1+=\\ \$func_quote_for_eval_result" + }' +else + func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1=\$$1\\ \$func_quote_for_eval_result" + } +fi + + +# func_append_uniq VAR VALUE +# -------------------------- +# Append unique VALUE onto the existing contents of VAR, assuming +# entries are delimited by the first character of VALUE. For example: +# +# func_append_uniq options " --another-option option-argument" +# +# will only append to $options if " --another-option option-argument " +# is not already present somewhere in $options already (note spaces at +# each end implied by leading space in second argument). +func_append_uniq () +{ + $debug_cmd + + eval _G_current_value='`$ECHO $'$1'`' + _G_delim=`expr "$2" : '\(.\)'` + + case $_G_delim$_G_current_value$_G_delim in + *"$2$_G_delim"*) ;; + *) func_append "$@" ;; + esac +} + + +# func_arith TERM... +# ------------------ +# Set func_arith_result to the result of evaluating TERMs. + test -z "$_G_HAVE_ARITH_OP" \ + && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ + && _G_HAVE_ARITH_OP=yes + +if test yes = "$_G_HAVE_ARITH_OP"; then + eval 'func_arith () + { + $debug_cmd + + func_arith_result=$(( $* )) + }' +else + func_arith () + { + $debug_cmd + + func_arith_result=`expr "$@"` + } +fi + + +# func_basename FILE +# ------------------ +# Set func_basename_result to FILE with everything up to and including +# the last / stripped. +if test yes = "$_G_HAVE_XSI_OPS"; then + # If this shell supports suffix pattern removal, then use it to avoid + # forking. Hide the definitions single quotes in case the shell chokes + # on unsupported syntax... + _b='func_basename_result=${1##*/}' + _d='case $1 in + */*) func_dirname_result=${1%/*}$2 ;; + * ) func_dirname_result=$3 ;; + esac' + +else + # ...otherwise fall back to using sed. + _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' + _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` + if test "X$func_dirname_result" = "X$1"; then + func_dirname_result=$3 + else + func_append func_dirname_result "$2" + fi' +fi + +eval 'func_basename () +{ + $debug_cmd + + '"$_b"' +}' + + +# func_dirname FILE APPEND NONDIR_REPLACEMENT +# ------------------------------------------- +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +eval 'func_dirname () +{ + $debug_cmd + + '"$_d"' +}' + + +# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT +# -------------------------------------------------------- +# Perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# For efficiency, we do not delegate to the functions above but instead +# duplicate the functionality here. +eval 'func_dirname_and_basename () +{ + $debug_cmd + + '"$_b"' + '"$_d"' +}' + + +# func_echo ARG... +# ---------------- +# Echo program name prefixed message. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_echo_all ARG... +# -------------------- +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + + +# func_echo_infix_1 INFIX ARG... +# ------------------------------ +# Echo program name, followed by INFIX on the first line, with any +# additional lines not showing INFIX. +func_echo_infix_1 () +{ + $debug_cmd + + $require_term_colors + + _G_infix=$1; shift + _G_indent=$_G_infix + _G_prefix="$progname: $_G_infix: " + _G_message=$* + + # Strip color escape sequences before counting printable length + for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" + do + test -n "$_G_tc" && { + _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` + _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` + } + done + _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes + + func_echo_infix_1_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_infix_1_IFS + $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 + _G_prefix=$_G_indent + done + IFS=$func_echo_infix_1_IFS +} + + +# func_error ARG... +# ----------------- +# Echo program name prefixed message to standard error. +func_error () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 +} + + +# func_fatal_error ARG... +# ----------------------- +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + $debug_cmd + + func_error "$*" + exit $EXIT_FAILURE +} + + +# func_grep EXPRESSION FILENAME +# ----------------------------- +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $debug_cmd + + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_len STRING +# --------------- +# Set func_len_result to the length of STRING. STRING may not +# start with a hyphen. + test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_len () + { + $debug_cmd + + func_len_result=${#1} + }' +else + func_len () + { + $debug_cmd + + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` + } +fi + + +# func_mkdir_p DIRECTORY-PATH +# --------------------------- +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + $debug_cmd + + _G_directory_path=$1 + _G_dir_list= + + if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then + + # Protect directory names starting with '-' + case $_G_directory_path in + -*) _G_directory_path=./$_G_directory_path ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$_G_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + _G_dir_list=$_G_directory_path:$_G_dir_list + + # If the last portion added has no slash in it, the list is done + case $_G_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` + done + _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` + + func_mkdir_p_IFS=$IFS; IFS=: + for _G_dir in $_G_dir_list; do + IFS=$func_mkdir_p_IFS + # mkdir can fail with a 'File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$_G_dir" 2>/dev/null || : + done + IFS=$func_mkdir_p_IFS + + # Bail out if we (or some other process) failed to create a directory. + test -d "$_G_directory_path" || \ + func_fatal_error "Failed to create '$1'" + fi +} + + +# func_mktempdir [BASENAME] +# ------------------------- +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, BASENAME is the basename for that directory. +func_mktempdir () +{ + $debug_cmd + + _G_template=${TMPDIR-/tmp}/${1-$progname} + + if test : = "$opt_dry_run"; then + # Return a directory name, but don't create it in dry-run mode + _G_tmpdir=$_G_template-$$ + else + + # If mktemp works, use that first and foremost + _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` + + if test ! -d "$_G_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + _G_tmpdir=$_G_template-${RANDOM-0}$$ + + func_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$_G_tmpdir" + umask $func_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$_G_tmpdir" || \ + func_fatal_error "cannot create temporary directory '$_G_tmpdir'" + fi + + $ECHO "$_G_tmpdir" +} + + +# func_normal_abspath PATH +# ------------------------ +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +func_normal_abspath () +{ + $debug_cmd + + # These SED scripts presuppose an absolute path with a trailing slash. + _G_pathcar='s|^/\([^/]*\).*$|\1|' + _G_pathcdr='s|^/[^/]*||' + _G_removedotparts=':dotsl + s|/\./|/|g + t dotsl + s|/\.$|/|' + _G_collapseslashes='s|/\{1,\}|/|g' + _G_finalslash='s|/*$|/|' + + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` + while :; do + # Processed it all yet? + if test / = "$func_normal_abspath_tpath"; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result"; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + + +# func_notquiet ARG... +# -------------------- +# Echo program name prefixed message only when not in quiet mode. +func_notquiet () +{ + $debug_cmd + + $opt_quiet || func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + + +# func_relative_path SRCDIR DSTDIR +# -------------------------------- +# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. +func_relative_path () +{ + $debug_cmd + + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=$func_dirname_result + if test -z "$func_relative_path_tlibdir"; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test -n "$func_stripname_result"; then + func_append func_relative_path_result "/$func_stripname_result" + fi + + # Normalisation. If bindir is libdir, return '.' else relative path. + if test -n "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + fi + + test -n "$func_relative_path_result" || func_relative_path_result=. + + : +} + + +# func_quote_for_eval ARG... +# -------------------------- +# Aesthetically quote ARGs to be evaled later. +# This function returns two values: +# i) func_quote_for_eval_result +# double-quoted, suitable for a subsequent eval +# ii) func_quote_for_eval_unquoted_result +# has all characters that are still active within double +# quotes backslashified. +func_quote_for_eval () +{ + $debug_cmd + + func_quote_for_eval_unquoted_result= + func_quote_for_eval_result= + while test 0 -lt $#; do + case $1 in + *[\\\`\"\$]*) + _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; + *) + _G_unquoted_arg=$1 ;; + esac + if test -n "$func_quote_for_eval_unquoted_result"; then + func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" + else + func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + fi + + case $_G_unquoted_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_quoted_arg=\"$_G_unquoted_arg\" + ;; + *) + _G_quoted_arg=$_G_unquoted_arg + ;; + esac + + if test -n "$func_quote_for_eval_result"; then + func_append func_quote_for_eval_result " $_G_quoted_arg" + else + func_append func_quote_for_eval_result "$_G_quoted_arg" + fi + shift + done +} + + +# func_quote_for_expand ARG +# ------------------------- +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + $debug_cmd + + case $1 in + *[\\\`\"]*) + _G_arg=`$ECHO "$1" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; + *) + _G_arg=$1 ;; + esac + + case $_G_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_arg=\"$_G_arg\" + ;; + esac + + func_quote_for_expand_result=$_G_arg +} + + +# func_stripname PREFIX SUFFIX NAME +# --------------------------------- +# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_stripname () + { + $debug_cmd + + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary variable first. + func_stripname_result=$3 + func_stripname_result=${func_stripname_result#"$1"} + func_stripname_result=${func_stripname_result%"$2"} + }' +else + func_stripname () + { + $debug_cmd + + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; + esac + } +fi + + +# func_show_eval CMD [FAIL_EXP] +# ----------------------------- +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + func_quote_for_expand "$_G_cmd" + eval "func_notquiet $func_quote_for_expand_result" + + $opt_dry_run || { + eval "$_G_cmd" + _G_status=$? + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_show_eval_locale CMD [FAIL_EXP] +# ------------------------------------ +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + $opt_quiet || { + func_quote_for_expand "$_G_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + $opt_dry_run || { + eval "$_G_user_locale + $_G_cmd" + _G_status=$? + eval "$_G_safe_locale" + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_tr_sh +# ---------- +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + $debug_cmd + + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_verbose ARG... +# ------------------- +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $debug_cmd + + $opt_verbose && func_echo "$*" + + : +} + + +# func_warn_and_continue ARG... +# ----------------------------- +# Echo program name prefixed warning message to standard error. +func_warn_and_continue () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 +} + + +# func_warning CATEGORY ARG... +# ---------------------------- +# Echo program name prefixed warning message to standard error. Warning +# messages can be filtered according to CATEGORY, where this function +# elides messages where CATEGORY is not listed in the global variable +# 'opt_warning_types'. +func_warning () +{ + $debug_cmd + + # CATEGORY must be in the warning_categories list! + case " $warning_categories " in + *" $1 "*) ;; + *) func_internal_error "invalid warning category '$1'" ;; + esac + + _G_category=$1 + shift + + case " $opt_warning_types " in + *" $_G_category "*) $warning_func ${1+"$@"} ;; + esac +} + + +# func_sort_ver VER1 VER2 +# ----------------------- +# 'sort -V' is not generally available. +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +func_sort_ver () +{ + $debug_cmd + + printf '%s\n%s\n' "$1" "$2" \ + | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n +} + +# func_lt_ver PREV CURR +# --------------------- +# Return true if PREV and CURR are in the correct order according to +# func_sort_ver, otherwise false. Use it like this: +# +# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." +func_lt_ver () +{ + $debug_cmd + + test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: +#! /bin/sh + +# Set a version string for this script. +scriptversion=2014-01-07.03; # UTC + +# A portable, pluggable option parser for Bourne shell. +# Written by Gary V. Vaughan, 2010 + +# Copyright (C) 2010-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# This file is a library for parsing options in your shell scripts along +# with assorted other useful supporting features that you can make use +# of too. +# +# For the simplest scripts you might need only: +# +# #!/bin/sh +# . relative/path/to/funclib.sh +# . relative/path/to/options-parser +# scriptversion=1.0 +# func_options ${1+"$@"} +# eval set dummy "$func_options_result"; shift +# ...rest of your script... +# +# In order for the '--version' option to work, you will need to have a +# suitably formatted comment like the one at the top of this file +# starting with '# Written by ' and ending with '# warranty; '. +# +# For '-h' and '--help' to work, you will also need a one line +# description of your script's purpose in a comment directly above the +# '# Written by ' line, like the one at the top of this file. +# +# The default options also support '--debug', which will turn on shell +# execution tracing (see the comment above debug_cmd below for another +# use), and '--verbose' and the func_verbose function to allow your script +# to display verbose messages only when your user has specified +# '--verbose'. +# +# After sourcing this file, you can plug processing for additional +# options by amending the variables from the 'Configuration' section +# below, and following the instructions in the 'Option parsing' +# section further down. + +## -------------- ## +## Configuration. ## +## -------------- ## + +# You should override these variables in your script after sourcing this +# file so that they reflect the customisations you have added to the +# option parser. + +# The usage line for option parsing errors and the start of '-h' and +# '--help' output messages. You can embed shell variables for delayed +# expansion at the time the message is displayed, but you will need to +# quote other shell meta-characters carefully to prevent them being +# expanded when the contents are evaled. +usage='$progpath [OPTION]...' + +# Short help message in response to '-h' and '--help'. Add to this or +# override it after sourcing this library to reflect the full set of +# options your script accepts. +usage_message="\ + --debug enable verbose shell tracing + -W, --warnings=CATEGORY + report the warnings falling in CATEGORY [all] + -v, --verbose verbosely report processing + --version print version information and exit + -h, --help print short or long help message and exit +" + +# Additional text appended to 'usage_message' in response to '--help'. +long_help_message=" +Warning categories include: + 'all' show all warnings + 'none' turn off all the warnings + 'error' warnings are treated as fatal errors" + +# Help message printed before fatal option parsing errors. +fatal_help="Try '\$progname --help' for more information." + + + +## ------------------------- ## +## Hook function management. ## +## ------------------------- ## + +# This section contains functions for adding, removing, and running hooks +# to the main code. A hook is just a named list of of function, that can +# be run in order later on. + +# func_hookable FUNC_NAME +# ----------------------- +# Declare that FUNC_NAME will run hooks added with +# 'func_add_hook FUNC_NAME ...'. +func_hookable () +{ + $debug_cmd + + func_append hookable_fns " $1" +} + + +# func_add_hook FUNC_NAME HOOK_FUNC +# --------------------------------- +# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must +# first have been declared "hookable" by a call to 'func_hookable'. +func_add_hook () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not accept hook functions." ;; + esac + + eval func_append ${1}_hooks '" $2"' +} + + +# func_remove_hook FUNC_NAME HOOK_FUNC +# ------------------------------------ +# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +func_remove_hook () +{ + $debug_cmd + + eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' +} + + +# func_run_hooks FUNC_NAME [ARG]... +# --------------------------------- +# Run all hook functions registered to FUNC_NAME. +# It is assumed that the list of hook functions contains nothing more +# than a whitespace-delimited list of legal shell function names, and +# no effort is wasted trying to catch shell meta-characters or preserve +# whitespace. +func_run_hooks () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not support hook funcions.n" ;; + esac + + eval _G_hook_fns=\$$1_hooks; shift + + for _G_hook in $_G_hook_fns; do + eval $_G_hook '"$@"' + + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + done + + func_quote_for_eval ${1+"$@"} + func_run_hooks_result=$func_quote_for_eval_result +} + + + +## --------------- ## +## Option parsing. ## +## --------------- ## + +# In order to add your own option parsing hooks, you must accept the +# full positional parameter list in your hook function, remove any +# options that you action, and then pass back the remaining unprocessed +# options in '_result', escaped suitably for +# 'eval'. Like this: +# +# my_options_prep () +# { +# $debug_cmd +# +# # Extend the existing usage message. +# usage_message=$usage_message' +# -s, --silent don'\''t print informational messages +# ' +# +# func_quote_for_eval ${1+"$@"} +# my_options_prep_result=$func_quote_for_eval_result +# } +# func_add_hook func_options_prep my_options_prep +# +# +# my_silent_option () +# { +# $debug_cmd +# +# # Note that for efficiency, we parse as many options as we can +# # recognise in a loop before passing the remainder back to the +# # caller on the first unrecognised argument we encounter. +# while test $# -gt 0; do +# opt=$1; shift +# case $opt in +# --silent|-s) opt_silent=: ;; +# # Separate non-argument short options: +# -s*) func_split_short_opt "$_G_opt" +# set dummy "$func_split_short_opt_name" \ +# "-$func_split_short_opt_arg" ${1+"$@"} +# shift +# ;; +# *) set dummy "$_G_opt" "$*"; shift; break ;; +# esac +# done +# +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result +# } +# func_add_hook func_parse_options my_silent_option +# +# +# my_option_validation () +# { +# $debug_cmd +# +# $opt_silent && $opt_verbose && func_fatal_help "\ +# '--silent' and '--verbose' options are mutually exclusive." +# +# func_quote_for_eval ${1+"$@"} +# my_option_validation_result=$func_quote_for_eval_result +# } +# func_add_hook func_validate_options my_option_validation +# +# You'll alse need to manually amend $usage_message to reflect the extra +# options you parse. It's preferable to append if you can, so that +# multiple option parsing hooks can be added safely. + + +# func_options [ARG]... +# --------------------- +# All the functions called inside func_options are hookable. See the +# individual implementations for details. +func_hookable func_options +func_options () +{ + $debug_cmd + + func_options_prep ${1+"$@"} + eval func_parse_options \ + ${func_options_prep_result+"$func_options_prep_result"} + eval func_validate_options \ + ${func_parse_options_result+"$func_parse_options_result"} + + eval func_run_hooks func_options \ + ${func_validate_options_result+"$func_validate_options_result"} + + # save modified positional parameters for caller + func_options_result=$func_run_hooks_result +} + + +# func_options_prep [ARG]... +# -------------------------- +# All initialisations required before starting the option parse loop. +# Note that when calling hook functions, we pass through the list of +# positional parameters. If a hook function modifies that list, and +# needs to propogate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before +# returning. +func_hookable func_options_prep +func_options_prep () +{ + $debug_cmd + + # Option defaults: + opt_verbose=false + opt_warning_types= + + func_run_hooks func_options_prep ${1+"$@"} + + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result +} + + +# func_parse_options [ARG]... +# --------------------------- +# The main option parsing loop. +func_hookable func_parse_options +func_parse_options () +{ + $debug_cmd + + func_parse_options_result= + + # this just eases exit handling + while test $# -gt 0; do + # Defer to hook functions for initial option parsing, so they + # get priority in the event of reusing an option name. + func_run_hooks func_parse_options ${1+"$@"} + + # Adjust func_parse_options positional parameters to match + eval set dummy "$func_run_hooks_result"; shift + + # Break out of the loop if we already parsed every option. + test $# -gt 0 || break + + _G_opt=$1 + shift + case $_G_opt in + --debug|-x) debug_cmd='set -x' + func_echo "enabling shell trace mode" + $debug_cmd + ;; + + --no-warnings|--no-warning|--no-warn) + set dummy --warnings none ${1+"$@"} + shift + ;; + + --warnings|--warning|-W) + test $# = 0 && func_missing_arg $_G_opt && break + case " $warning_categories $1" in + *" $1 "*) + # trailing space prevents matching last $1 above + func_append_uniq opt_warning_types " $1" + ;; + *all) + opt_warning_types=$warning_categories + ;; + *none) + opt_warning_types=none + warning_func=: + ;; + *error) + opt_warning_types=$warning_categories + warning_func=func_fatal_error + ;; + *) + func_fatal_error \ + "unsupported warning category: '$1'" + ;; + esac + shift + ;; + + --verbose|-v) opt_verbose=: ;; + --version) func_version ;; + -\?|-h) func_usage ;; + --help) func_help ;; + + # Separate optargs to long options (plugins may need this): + --*=*) func_split_equals "$_G_opt" + set dummy "$func_split_equals_lhs" \ + "$func_split_equals_rhs" ${1+"$@"} + shift + ;; + + # Separate optargs to short options: + -W*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-v*|-x*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) break ;; + -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result +} + + +# func_validate_options [ARG]... +# ------------------------------ +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +func_hookable func_validate_options +func_validate_options () +{ + $debug_cmd + + # Display all warnings if -W was not given. + test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" + + func_run_hooks func_validate_options ${1+"$@"} + + # Bail if the options were screwed! + $exit_cmd $EXIT_FAILURE + + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result +} + + + +## ----------------- ## +## Helper functions. ## +## ----------------- ## + +# This section contains the helper functions used by the rest of the +# hookable option parser framework in ascii-betical order. + + +# func_fatal_help ARG... +# ---------------------- +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + eval \$ECHO \""$fatal_help"\" + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + + +# func_help +# --------- +# Echo long help message to standard output and exit. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message" + exit 0 +} + + +# func_missing_arg ARGNAME +# ------------------------ +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $debug_cmd + + func_error "Missing argument for '$1'." + exit_cmd=exit +} + + +# func_split_equals STRING +# ------------------------ +# Set func_split_equals_lhs and func_split_equals_rhs shell variables after +# splitting STRING at the '=' sign. +test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=${1%%=*} + func_split_equals_rhs=${1#*=} + test "x$func_split_equals_lhs" = "x$1" \ + && func_split_equals_rhs= + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` + func_split_equals_rhs= + test "x$func_split_equals_lhs" = "x$1" \ + || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` + } +fi #func_split_equals + + +# func_split_short_opt SHORTOPT +# ----------------------------- +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"} + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` + } +fi #func_split_short_opt + + +# func_usage +# ---------- +# Echo short help message to standard output and exit. +func_usage () +{ + $debug_cmd + + func_usage_message + $ECHO "Run '$progname --help |${PAGER-more}' for full usage" + exit 0 +} + + +# func_usage_message +# ------------------ +# Echo short help message to standard output. +func_usage_message () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + echo + $SED -n 's|^# || + /^Written by/{ + x;p;x + } + h + /^Written by/q' < "$progpath" + echo + eval \$ECHO \""$usage_message"\" +} + + +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + + printf '%s\n' "$progname $scriptversion" + $SED -n ' + /(C)/!b go + :more + /\./!{ + N + s|\n# | | + b more + } + :go + /^# Written by /,/# warranty; / { + s|^# || + s|^# *$|| + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + p + } + /^# Written by / { + s|^# || + p + } + /^warranty; /q' < "$progpath" + + exit $? +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: + +# Set a version string. +scriptversion='(GNU libtool) 2.4.6' + + +# func_echo ARG... +# ---------------- +# Libtool also displays the current mode in messages, so override +# funclib.sh func_echo with this custom definition. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () +{ + $debug_cmd + + $warning_func ${1+"$@"} +} + + +## ---------------- ## +## Options parsing. ## +## ---------------- ## + +# Hook in the functions to make sure our own options are parsed during +# the option parsing loop. + +usage='$progpath [OPTION]... [MODE-ARG]...' + +# Short help message in response to '-h'. +usage_message="Options: + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --mode=MODE use operation mode MODE + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message +" + +# Additional text appended to 'usage_message' in response to '--help'. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. When passed as first option, +'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. +Try '$progname --help --mode=MODE' for a more detailed description of MODE. + +When reporting a bug, please describe a test case to reproduce it and +include the following information: + + host-triplet: $host + shell: $SHELL + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) + version: $progname (GNU libtool) 2.4.6 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +Report bugs to . +GNU libtool home page: . +General help using GNU software: ." + exit 0 +} + + +# func_lo2o OBJECT-NAME +# --------------------- +# Transform OBJECT-NAME from a '.lo' suffix to the platform specific +# object suffix. + +lo2o=s/\\.lo\$/.$objext/ +o2lo=s/\\.$objext\$/.lo/ + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_lo2o () + { + case $1 in + *.lo) func_lo2o_result=${1%.lo}.$objext ;; + * ) func_lo2o_result=$1 ;; + esac + }' + + # func_xform LIBOBJ-OR-SOURCE + # --------------------------- + # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) + # suffix to a '.lo' libtool-object suffix. + eval 'func_xform () + { + func_xform_result=${1%.*}.lo + }' +else + # ...otherwise fall back to using sed. + func_lo2o () + { + func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` + } + + func_xform () + { + func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` + } +fi + + +# func_fatal_configuration ARG... +# ------------------------------- +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_fatal_error ${1+"$@"} \ + "See the $PACKAGE documentation for more information." \ + "Fatal configuration error." +} + + +# func_config +# ----------- +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + + +# func_features +# ------------- +# Display the features supported by this script. +func_features () +{ + echo "host: $host" + if test yes = "$build_libtool_libs"; then + echo "enable shared libraries" + else + echo "disable shared libraries" + fi + if test yes = "$build_old_libs"; then + echo "enable static libraries" + else + echo "disable static libraries" + fi + + exit $? +} + + +# func_enable_tag TAGNAME +# ----------------------- +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname=$1 + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf=/$re_begincf/,/$re_endcf/p + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + + +# func_check_version_match +# ------------------------ +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +# libtool_options_prep [ARG]... +# ----------------------------- +# Preparation for options parsed by libtool. +libtool_options_prep () +{ + $debug_mode + + # Option defaults: + opt_config=false + opt_dlopen= + opt_dry_run=false + opt_help=false + opt_mode= + opt_preserve_dup_deps=false + opt_quiet=false + + nonopt= + preserve_args= + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + esac + + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result +} +func_add_hook func_options_prep libtool_options_prep + + +# libtool_parse_options [ARG]... +# --------------------------------- +# Provide handling for libtool specific options. +libtool_parse_options () +{ + $debug_cmd + + # Perform our own loop to consume as many options as possible in + # each iteration. + while test $# -gt 0; do + _G_opt=$1 + shift + case $_G_opt in + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + + --config) func_config ;; + + --dlopen|-dlopen) + opt_dlopen="${opt_dlopen+$opt_dlopen +}$1" + shift + ;; + + --preserve-dup-deps) + opt_preserve_dup_deps=: ;; + + --features) func_features ;; + + --finish) set dummy --mode finish ${1+"$@"}; shift ;; + + --help) opt_help=: ;; + + --help-all) opt_help=': help-all' ;; + + --mode) test $# = 0 && func_missing_arg $_G_opt && break + opt_mode=$1 + case $1 in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $_G_opt" + exit_cmd=exit + break + ;; + esac + shift + ;; + + --no-silent|--no-quiet) + opt_quiet=false + func_append preserve_args " $_G_opt" + ;; + + --no-warnings|--no-warning|--no-warn) + opt_warning=false + func_append preserve_args " $_G_opt" + ;; + + --no-verbose) + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --silent|--quiet) + opt_quiet=: + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --tag) test $# = 0 && func_missing_arg $_G_opt && break + opt_tag=$1 + func_append preserve_args " $_G_opt $1" + func_enable_tag "$1" + shift + ;; + + --verbose|-v) opt_quiet=false + opt_verbose=: + func_append preserve_args " $_G_opt" + ;; + + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result +} +func_add_hook func_parse_options libtool_parse_options + + + +# libtool_validate_options [ARG]... +# --------------------------------- +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +libtool_validate_options () +{ + # save first non-option argument + if test 0 -lt $#; then + nonopt=$1 + shift + fi + + # preserve --debug + test : = "$debug_cmd" || func_append preserve_args " --debug" + + case $host in + # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 + # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + + $opt_help || { + # Sanity checks first: + func_check_version_match + + test yes != "$build_libtool_libs" \ + && test yes != "$build_old_libs" \ + && func_fatal_configuration "not configured to build any kind of library" + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test execute != "$opt_mode"; then + func_error "unrecognized option '-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help=$help + help="Try '$progname --help --mode=$opt_mode' for more information." + } + + # Pass back the unparsed argument list + func_quote_for_eval ${1+"$@"} + libtool_validate_options_result=$func_quote_for_eval_result +} +func_add_hook func_validate_options libtool_validate_options + + +# Process options as early as possible so that --help and --version +# can return quickly. +func_options ${1+"$@"} +eval set dummy "$func_options_result"; shift + + + +## ----------- ## +## Main. ## +## ----------- ## + +magic='%%%MAGIC variable%%%' +magic_exe='%%%MAGIC EXE variable%%%' + +# Global variables. +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if 'file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case $lalib_p_line in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test yes = "$lalib_p" +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $debug_cmd + + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# 'FILE.' does not work on cygwin managed mounts. +func_source () +{ + $debug_cmd + + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} + +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case $lt_sysroot:$1 in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result='='$func_stripname_result + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $debug_cmd + + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with '--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=$1 + if test yes = "$build_libtool_libs"; then + write_lobj=\'$2\' + else + write_lobj=none + fi + + if test yes = "$build_old_libs"; then + write_oldobj=\'$3\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T </dev/null` + if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 + + +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $debug_cmd + + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result= + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result"; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi + fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 + + +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $debug_cmd + + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" + fi +} +#end: func_cygpath + + +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $debug_cmd + + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 + + +# func_convert_file_check ARG1 ARG2 +# Verify that ARG1 (a file name in $build format) was converted to $host +# format in ARG2. Otherwise, emit an error message, but continue (resetting +# func_to_host_file_result to ARG1). +func_convert_file_check () +{ + $debug_cmd + + if test -z "$2" && test -n "$1"; then + func_error "Could not determine host file name corresponding to" + func_error " '$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_file_result=$1 + fi +} +# end func_convert_file_check + + +# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH +# Verify that FROM_PATH (a path in $build format) was converted to $host +# format in TO_PATH. Otherwise, emit an error message, but continue, resetting +# func_to_host_file_result to a simplistic fallback value (see below). +func_convert_path_check () +{ + $debug_cmd + + if test -z "$4" && test -n "$3"; then + func_error "Could not determine the host path corresponding to" + func_error " '$3'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This is a deliberately simplistic "conversion" and + # should not be "improved". See libtool.info. + if test "x$1" != "x$2"; then + lt_replace_pathsep_chars="s|$1|$2|g" + func_to_host_path_result=`echo "$3" | + $SED -e "$lt_replace_pathsep_chars"` + else + func_to_host_path_result=$3 + fi + fi +} +# end func_convert_path_check + + +# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG +# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT +# and appending REPL if ORIG matches BACKPAT. +func_convert_path_front_back_pathsep () +{ + $debug_cmd + + case $4 in + $1 ) func_to_host_path_result=$3$func_to_host_path_result + ;; + esac + case $4 in + $2 ) func_append func_to_host_path_result "$3" + ;; + esac +} +# end func_convert_path_front_back_pathsep + + +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via '$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. + + +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $debug_cmd + + $to_host_file_cmd "$1" +} +# end func_to_host_file + + +# func_to_tool_file ARG LAZY +# converts the file name ARG from $build format to toolchain format. Return +# result in func_to_tool_file_result. If the conversion in use is listed +# in (the comma separated) LAZY, no conversion takes place. +func_to_tool_file () +{ + $debug_cmd + + case ,$2, in + *,"$to_tool_file_cmd",*) + func_to_tool_file_result=$1 + ;; + *) + $to_tool_file_cmd "$1" + func_to_tool_file_result=$func_to_host_file_result + ;; + esac +} +# end func_to_tool_file + + +# func_convert_file_noop ARG +# Copy ARG to func_to_host_file_result. +func_convert_file_noop () +{ + func_to_host_file_result=$1 +} +# end func_convert_file_noop + + +# func_convert_file_msys_to_w32 ARG +# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_file_result. +func_convert_file_msys_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_to_host_file_result=$func_convert_core_msys_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_w32 + + +# func_convert_file_cygwin_to_w32 ARG +# Convert file name ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_file_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # because $build is cygwin, we call "the" cygpath in $PATH; no need to use + # LT_CYGPATH in this case. + func_to_host_file_result=`cygpath -m "$1"` + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_cygwin_to_w32 + + +# func_convert_file_nix_to_w32 ARG +# Convert file name ARG from *nix to w32 format. Requires a wine environment +# and a working winepath. Returns result in func_to_host_file_result. +func_convert_file_nix_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_file_wine_to_w32 "$1" + func_to_host_file_result=$func_convert_core_file_wine_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_w32 + + +# func_convert_file_msys_to_cygwin ARG +# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_file_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_cygpath -u "$func_convert_core_msys_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_cygwin + + +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin + + +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via '$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. + + +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $debug_cmd + + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd=func_convert_path_$func_stripname_result + fi +} + + +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $debug_cmd + + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path + + +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result=$1 +} +# end func_convert_path_noop + + +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_msys_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 + + +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 + + +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_path_wine_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 + + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_dll_def_p FILE +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with _LT_DLL_DEF_P in libtool.m4 +func_dll_def_p () +{ + $debug_cmd + + func_dll_def_p_tmp=`$SED -n \ + -e 's/^[ ]*//' \ + -e '/^\(;.*\)*$/d' \ + -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ + -e q \ + "$1"` + test DEF = "$func_dll_def_p_tmp" +} + + +# func_mode_compile arg... +func_mode_compile () +{ + $debug_cmd + + # Get the compilation command and the source file. + base_compile= + srcfile=$nonopt # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg=$arg + arg_mode=normal + ;; + + target ) + libobj=$arg + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify '-o' more than once" + arg_mode=target + continue + ;; + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs=$IFS; IFS=, + for arg in $args; do + IFS=$save_ifs + func_append_quoted lastarg "$arg" + done + IFS=$save_ifs + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" + continue + ;; + + *) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg=$srcfile + srcfile=$arg + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg + + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with '-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj=$func_basename_result + } + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac + + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from '$libobj'" + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -shared) + test yes = "$build_libtool_libs" \ + || func_fatal_configuration "cannot build a shared library" + build_old_libs=no + continue + ;; + + -static) + build_libtool_libs=no + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name '$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname=$func_basename_result + xdir=$func_dirname_result + lobj=$xdir$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test yes = "$build_old_libs"; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test no = "$compiler_c_o"; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext + lockfile=$output_obj.lock + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test yes = "$need_locks"; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test warn = "$need_locks"; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test yes = "$build_libtool_libs"; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test no != "$pic_mode"; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test yes = "$suppress_opt"; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test yes = "$build_old_libs"; then + if test yes != "$pic_mode"; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test yes = "$compiler_c_o"; then + func_append command " -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test no != "$need_locks"; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { + test compile = "$opt_mode" && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a '.o' file suitable for static linking + -static only build a '.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler + +COMPILE-COMMAND is a command to be used in creating a 'standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix '.c' with the +library object suffix, '.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to '-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the '--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the 'install' or 'cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with '-') are ignored. + +Every other argument is treated as a filename. Files ending in '.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in '.la', then a libtool library is created, +only library objects ('.lo' files) may be specified, and '-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created +using 'ar' and 'ranlib', or on Windows using 'lib'. + +If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode '$opt_mode'" + ;; + esac + + echo + $ECHO "Try '$progname --help' for more information about other modes." +} + +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test : = "$opt_help"; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | $SED -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + $SED '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi + + +# func_mode_execute arg... +func_mode_execute () +{ + $debug_cmd + + # The first argument is the command name. + cmd=$nonopt + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "'$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "'$file' was not linked with '-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir=$func_dirname_result + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir=$func_dirname_result + ;; + + *) + func_warning "'-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir=$absdir + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic=$magic + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file=$progdir/$program + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file=$progdir/$program + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if $opt_dry_run; then + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + else + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd=\$cmd$args + fi +} + +test execute = "$opt_mode" && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $debug_cmd + + libs= + libdirs= + admincmds= + + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" + + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "'$opt' is not a valid libtool archive" + fi + + else + func_fatal_error "invalid argument '$opt'" + fi + done + + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi + + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and '=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib + done + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_quiet && exit $EXIT_SUCCESS + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the '-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the '$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the '$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the '$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; + *) + echo "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} + +test finish = "$opt_mode" && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $debug_cmd + + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac + then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=false + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=: ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test X-m = "X$prev" && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the '$prev' option requires an argument" + + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=: + if $isdir; then + destdir=$dest + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir=$func_dirname_result + destname=$func_basename_result + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "'$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "'$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; + + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir=$func_dirname_result + func_append dir "$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking '$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname=$1 + shift + + srcname=$realname + test -n "$relink_command" && srcname=${realname}T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme=$stripme + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme= + ;; + esac + ;; + os2*) + case $realname in + *_dll.a) + tstripme= + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try 'ln -sf' first, because the 'ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib=$destdir/$realname + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name=$func_basename_result + instname=$dir/${name}i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest=$destfile + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to '$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test yes = "$build_old_libs"; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext= + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=.exe + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script '$wrapper'" + + finalize=: + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "'$lib' has not been installed in '$libdir'" + finalize=false + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test no = "$fast_install" && test -n "$relink_command"; then + $opt_dry_run || { + if $finalize; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file=$func_basename_result + outputname=$tmpdir/$file + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_quiet || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink '$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file=$outputname + else + func_warning "cannot relink '$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name=$func_basename_result + + # Set up the ranlib parameters. + oldlib=$destdir/$name + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run '$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test install = "$opt_mode" && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $debug_cmd + + my_outputname=$1 + my_originator=$2 + my_pic_p=${3-false} + my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms=${my_outputname}S.c + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist=$output_objdir/$my_outputname.nm + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* External symbol declarations for the compiler. */\ +" + + if test yes = "$dlself"; then + func_verbose "generating symbol list for '$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from '$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols=$output_objdir/$outputname.exp + $opt_dry_run || { + $RM $export_symbols + eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from '$dlprefile'" + func_basename "$dlprefile" + name=$func_basename_result + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename= + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname"; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename=$func_basename_result + else + # no lafile. user explicitly requested -dlpreopen . + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename"; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + func_show_eval '$RM "${nlist}I"' + if test -n "$global_symbol_to_import"; then + eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' + fi + + echo >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[];\ +" + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ +static void lt_syminit(void) +{ + LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; + for (; symbol->name; ++symbol) + {" + $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" + echo >> "$output_objdir/$my_dlsyms" "\ + } +}" + fi + echo >> "$output_objdir/$my_dlsyms" "\ +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{ {\"$my_originator\", (void *) 0}," + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ + {\"@INIT@\", (void *) <_syminit}," + fi + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + $my_pic_p && pic_flag_for_symtable=" $pic_flag" + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' + + # Transform the symbol file into the correct name. + symfileobj=$output_objdir/${my_outputname}S.$objext + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for '$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $debug_cmd + + win32_libid_type=unknown + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + case $nm_interface in + "MS dumpbin") + if func_cygming_ms_implib_p "$1" || + func_cygming_gnu_implib_p "$1" + then + win32_nmres=import + else + win32_nmres= + fi + ;; + *) + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s|.*|import| + p + q + } + }'` + ;; + esac + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $debug_cmd + + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $debug_cmd + + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive that possess that section. Heuristic: eliminate + # all those that have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $debug_cmd + + if func_cygming_gnu_implib_p "$1"; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1"; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result= + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $debug_cmd + + f_ex_an_ar_dir=$1; shift + f_ex_an_ar_oldlib=$1 + if test yes = "$lock_old_archive_extraction"; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test yes = "$lock_old_archive_extraction"; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $debug_cmd + + my_gentop=$1; shift + my_oldlibs=${1+"$@"} + my_oldobjs= + my_xlib= + my_xabs= + my_xdir= + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib=$func_basename_result + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir=$my_gentop/$my_xlib_u + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + func_basename "$darwin_archive" + darwin_base_archive=$func_basename_result + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches; do + func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" + $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" + cd "unfat-$$/$darwin_base_archive-$darwin_arch" + func_extract_an_archive "`pwd`" "$darwin_base_archive" + cd "$darwin_curdir" + $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result=$my_oldobjs +} + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory where it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ that is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options that match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test yes = "$fast_install"; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + \$ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + # Export our shlibpath_var if we have one. + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} + + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat < +#include +#ifdef _MSC_VER +# include +# include +# include +#else +# include +# include +# ifdef __CYGWIN__ +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* declarations of non-ANSI functions */ +#if defined __MINGW32__ +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined __CYGWIN__ +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined other_platform || defined ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined _MSC_VER +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +#elif defined __MINGW32__ +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined __CYGWIN__ +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined other platforms ... */ +#endif + +#if defined PATH_MAX +# define LT_PATHMAX PATH_MAX +#elif defined MAXPATHLEN +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ + defined __OS2__ +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free (stale); stale = 0; } \ +} while (0) + +#if defined LT_DEBUGWRAPPER +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif + +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF + + cat <= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + size_t tmp_len; + char *concat_name; + + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined HAVE_DOS_BASED_FILE_SYSTEM + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined HAVE_DOS_BASED_FILE_SYSTEM + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = (size_t) (q - p); + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (STREQ (str, pat)) + *str = '\0'; + } + return str; +} + +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} + +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + size_t len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + size_t orig_value_len = strlen (orig_value); + size_t add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + size_t len = strlen (new_value); + while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[--len] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' + cat <<"EOF" +} +EOF +} +# end: func_emit_cwrapperexe_src + +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $debug_cmd + + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + +# func_mode_link arg... +func_mode_link () +{ + $debug_cmd + + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # what system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll that has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + os2dllname= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=false + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module=$wl-single_module + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test yes != "$build_libtool_libs" \ + && func_fatal_configuration "cannot build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg=$1 + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + bindir) + bindir=$arg + prev= + continue + ;; + dlfiles|dlprefiles) + $preload || { + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=: + } + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test no = "$dlself"; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test dlprefiles = "$prev"; then + dlself=yes + elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test dlfiles = "$prev"; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols=$arg + test -f "$arg" \ + || func_fatal_error "symbol file '$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex=$arg + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir=$arg + prev= + continue + ;; + mllvm) + # Clang does not use LLVM to link, so we can simply discard any + # '-mllvm $arg' options when doing the link step. + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + if test none != "$pic_object"; then + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + fi + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file '$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + os2dllname) + os2dllname=$arg + prev= + continue + ;; + precious_regex) + precious_files_regex=$arg + prev= + continue + ;; + release) + release=-$arg + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test rpath = "$prev"; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds=$arg + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg=$arg + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "'-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test X-export-symbols = "X$arg"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between '-L' and '$1'" + else + func_fatal_error "need path for '-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of '$dir'" + dir=$absdir + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test X-lc = "X$arg" || test X-lm = "X$arg"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test X-lc = "X$arg" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc due to us having libc/libc_r. + test X-lc = "X$arg" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test X-lc = "X$arg" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test X-lc = "X$arg" && continue + ;; + esac + elif test X-lc_r = "X$arg"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -mllvm) + prev=mllvm + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module=$wl-multi_module + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "'-no-install' is ignored for $host" + func_warning "assuming '-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -os2dllname) + prev=os2dllname + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # -fstack-protector* stack protector flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -specs=* GCC specs files + # -stdlib=* select c++ std lib with clang + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ + -specs=*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + -Z*) + if test os2 = "`expr $host : '.*\(os2\)'`"; then + # OS/2 uses -Zxxx to specify OS/2-specific options + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case $arg in + -Zlinker | -Zstack) + prev=xcompiler + ;; + esac + continue + else + # Otherwise treat like 'Some other compiler flag' below + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + fi + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + test none = "$pic_object" || { + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + } + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test dlfiles = "$prev"; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test dlprefiles = "$prev"; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the '$prevarg' option requires an argument" + + if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname=$func_basename_result + libobjs_save=$libobjs + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + + func_dirname "$output" "/" "" + output_objdir=$func_dirname_result$objdir + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test lib = "$linkmode"; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=false + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test lib,link = "$linkmode,$pass"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs=$tmp_deplibs + fi + + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass"; then + libs=$deplibs + deplibs= + fi + if test prog = "$linkmode"; then + case $pass in + dlopen) libs=$dlfiles ;; + dlpreopen) libs=$dlprefiles ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + esac + fi + if test lib,dlpreopen = "$linkmode,$pass"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs=$dlprefiles + fi + if test dlopen = "$pass"; then + # Collect dlpreopened libraries + save_deplibs=$deplibs + deplibs= + fi + + for deplib in $libs; do + lib= + found=false + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test lib != "$linkmode" && test prog != "$linkmode"; then + func_warning "'-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test lib = "$linkmode"; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib=$searchdir/lib$name$search_ext + if test -f "$lib"; then + if test .la = "$search_ext"; then + found=: + else + found=false + fi + break 2 + fi + done + done + if $found; then + # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll=$l + done + if test "X$ll" = "X$old_library"; then # only static version available + found=false + func_dirname "$lib" "" "." + ladir=$func_dirname_result + lib=$ladir/$old_library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + else + # deplib doesn't seem to be a libtool library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + ;; # -l + *.ltframework) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test conv = "$pass" && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + if test scan = "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "'-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test link = "$pass"; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=false + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=: + fi + ;; + pass_all) + valid_a_lib=: + ;; + esac + if $valid_a_lib; then + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + else + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + fi + ;; + esac + continue + ;; + prog) + if test link != "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + elif test prog = "$linkmode"; then + if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=: + continue + ;; + esac # case $deplib + + $found || test -f "$lib" \ + || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "'$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir=$func_dirname_result + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass" || + { test prog != "$linkmode" && test lib != "$linkmode"; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test conv = "$pass"; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + elif test prog != "$linkmode" && test lib != "$linkmode"; then + func_fatal_error "'$lib' is not a convenience library" + fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test yes = "$prefer_static_libs" || + test built,no = "$prefer_static_libs,$installed"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib=$l + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + + # This library was specified with -dlopen. + if test dlopen = "$pass"; then + test -z "$libdir" \ + && func_fatal_error "cannot -dlopen a convenience library: '$lib'" + if test -z "$dlname" || + test yes != "$dlopen_support" || + test no = "$build_libtool_libs" + then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of '$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir=$ladir + fi + ;; + esac + func_basename "$lib" + laname=$func_basename_result + + # Find the relevant object directory and library name. + if test yes = "$installed"; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library '$lib' was moved." + dir=$ladir + absdir=$abs_ladir + libdir=$abs_ladir + else + dir=$lt_sysroot$libdir + absdir=$lt_sysroot$libdir + fi + test yes = "$hardcode_automatic" && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir=$ladir + absdir=$abs_ladir + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir=$ladir/$objdir + absdir=$abs_ladir/$objdir + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test dlpreopen = "$pass"; then + if test -z "$libdir" && test prog = "$linkmode"; then + func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" + fi + case $host in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test lib = "$linkmode"; then + deplibs="$dir/$old_library $deplibs" + elif test prog,link = "$linkmode,$pass"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test prog = "$linkmode" && test link != "$pass"; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=false + if test no != "$link_all_deplibs" || test -z "$library_names" || + test no = "$build_libtool_libs"; then + linkalldeplibs=: + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if $linkalldeplibs; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test prog,link = "$linkmode,$pass"; then + if test -n "$library_names" && + { { test no = "$prefer_static_libs" || + test built,yes = "$prefer_static_libs,$installed"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then + # Make sure the rpath contains only unique directories. + case $temp_rpath: in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if $alldeplibs && + { test pass_all = "$deplibs_check_method" || + { test yes = "$build_libtool_libs" && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test built = "$use_static_libs" && test yes = "$installed"; then + use_static_libs=no + fi + if test -n "$library_names" && + { test no = "$use_static_libs" || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc* | *os2*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test no = "$installed"; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule= + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule=$dlpremoduletest + break + fi + done + if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then + echo + if test prog = "$linkmode"; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test lib = "$linkmode" && + test yes = "$hardcode_into_libs"; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname=$1 + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname=$dlname + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc* | *os2*) + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + esac + eval soname=\"$soname_spec\" + else + soname=$realname + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot=$soname + func_basename "$soroot" + soname=$func_basename_result + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from '$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for '$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test prog = "$linkmode" || test relink != "$opt_mode"; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test no = "$hardcode_direct"; then + add=$dir/$linklib + case $host in + *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; + *-*-sysv4*uw2*) add_dir=-L$dir ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir=-L$dir ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we cannot + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library"; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add=$dir/$old_library + fi + elif test -n "$old_library"; then + add=$dir/$old_library + fi + fi + esac + elif test no = "$hardcode_minus_L"; then + case $host in + *-*-sunos*) add_shlibpath=$dir ;; + esac + add_dir=-L$dir + add=-l$name + elif test no = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + relink) + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$dir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$absdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test yes != "$lib_linked"; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test prog = "$linkmode"; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test yes != "$hardcode_direct" && + test yes != "$hardcode_minus_L" && + test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test prog = "$linkmode" || test relink = "$opt_mode"; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$libdir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$libdir + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add=-l$name + elif test yes = "$hardcode_automatic"; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib"; then + add=$inst_prefix_dir$libdir/$linklib + else + add=$libdir/$linklib + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir=-L$libdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + fi + + if test prog = "$linkmode"; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test prog = "$linkmode"; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test unsupported != "$hardcode_direct"; then + test -n "$old_library" && linklib=$old_library + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test yes = "$build_libtool_libs"; then + # Not a shared library + if test pass_all != "$deplibs_check_method"; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system cannot link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test yes = "$module"; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test lib = "$linkmode"; then + if test -n "$dependency_libs" && + { test yes != "$hardcode_into_libs" || + test yes = "$build_old_libs" || + test yes = "$link_static"; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs=$temp_deplibs + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test no != "$link_all_deplibs"; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path=$deplib ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of '$dir'" + absdir=$dir + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names"; then + for tmp in $deplibrary_names; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl"; then + depdepl=$absdir/$objdir/$depdepl + darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" + func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" + path= + fi + fi + ;; + *) + path=-L$absdir/$objdir + ;; + esac + else + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "'$deplib' seems to be moved" + + path=-L$absdir + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test link = "$pass"; then + if test prog = "$linkmode"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs=$newdependency_libs + if test dlpreopen = "$pass"; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test dlopen != "$pass"; then + test conv = "$pass" || { + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + } + + if test prog,link = "$linkmode,$pass"; then + vars="compile_deplibs finalize_deplibs" + else + vars=deplibs + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i= + ;; + esac + if test -n "$i"; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test prog = "$linkmode"; then + dlfiles=$newdlfiles + fi + if test prog = "$linkmode" || test lib = "$linkmode"; then + dlprefiles=$newdlprefiles + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "'-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "'-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs=$output + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form 'libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test no = "$module" \ + && func_fatal_help "libtool library '$output' must begin with 'lib'" + + if test no != "$need_lib_prefix"; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test pass_all != "$deplibs_check_method"; then + func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test no = "$dlself" \ + || func_warning "'-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test 1 -lt "$#" \ + && func_warning "ignoring multiple '-rpath's for a libtool library" + + install_libdir=$1 + + oldlibs= + if test -z "$rpath"; then + if test yes = "$build_libtool_libs"; then + # Building a libtool convenience library. + # Some compilers have problems with a '.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "'-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs=$IFS; IFS=: + set dummy $vinfo 0 0 0 + shift + IFS=$save_ifs + + test -n "$7" && \ + func_fatal_help "too many parameters to '-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major=$1 + number_minor=$2 + number_revision=$3 + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # that has an extra 1 added just for fun + # + case $version_type in + # correct linux to gnu/linux during the next big refactor + darwin|freebsd-elf|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_revision + ;; + freebsd-aout|qnx|sunos) + current=$number_major + revision=$number_minor + age=0 + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_minor + lt_irix_increment=no + ;; + esac + ;; + no) + current=$1 + revision=$2 + age=$3 + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT '$current' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION '$revision' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE '$age' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE '$age' is greater than the current interface number '$current'" + func_fatal_error "'$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + # On Darwin other compilers + case $CC in + nagfor*) + verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + ;; + *) + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + esac + ;; + + freebsd-aout) + major=.$current + versuffix=.$current.$revision + ;; + + freebsd-elf) + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + irix | nonstopux) + if test no = "$lt_irix_increment"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring=$verstring_prefix$major.$revision + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test 0 -ne "$loop"; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring_prefix$major.$iface:$verstring + done + + # Before this point, $major must not contain '.'. + major=.$major + versuffix=$major.$revision + ;; + + linux) # correct to gnu/linux during the next big refactor + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=.$current.$age.$revision + verstring=$current.$age.$revision + + # Add in all the interfaces that we are compatible with. + loop=$age + while test 0 -ne "$loop"; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring:$iface.0 + done + + # Make executables depend on our current version. + func_append verstring ":$current.0" + ;; + + qnx) + major=.$current + versuffix=.$current + ;; + + sco) + major=.$current + versuffix=.$current + ;; + + sunos) + major=.$current + versuffix=.$current.$revision + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 file systems. + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + + *) + func_fatal_configuration "unknown library version type '$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring=0.0 + ;; + esac + if test no = "$need_version"; then + versuffix= + else + versuffix=.0.0 + fi + fi + + # Remove version info from name if versioning should be avoided + if test yes,no = "$avoid_version,$need_version"; then + major= + versuffix= + verstring= + fi + + # Check to see if the archive will have undefined symbols. + if test yes = "$allow_undefined"; then + if test unsupported = "$allow_undefined_flag"; then + if test yes = "$build_old_libs"; then + func_warning "undefined symbols not allowed in $host shared libraries; building static only" + build_libtool_libs=no + else + func_fatal_error "can't build $host shared library unless -no-undefined is specified" + fi + fi + else + # Don't allow undefined symbols. + allow_undefined_flag=$no_undefined_flag + fi + + fi + + func_generate_dlsyms "$libname" "$libname" : + func_append libobjs " $symfileobj" + test " " = "$libobjs" && libobjs= + + if test relink != "$opt_mode"; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) + if test -n "$precious_files_regex"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles=$dlfiles + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles=$dlprefiles + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test yes = "$build_libtool_libs"; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test yes = "$build_libtool_need_lc"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release= + versuffix= + major= + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib=$potent_lib + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | $SED 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; + *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib= + ;; + esac + fi + if test -n "$a_deplib"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib=$potent_lib # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs= + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + for i in $predeps $postdeps; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test none = "$deplibs_check_method"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test yes = "$droppeddeps"; then + if test yes = "$module"; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test no = "$allow_undefined"; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs=$new_libs + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test yes = "$build_libtool_libs"; then + # Remove $wl instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac + if test yes = "$hardcode_into_libs"; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath=$finalize_rpath + test relink = "$opt_mode" || rpath=$compile_rpath$rpath + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath=$finalize_shlibpath + test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname=$1 + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname=$realname + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib=$output_objdir/$realname + linknames= + for link + do + func_append linknames " $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols=$output_objdir/$libname.uexp + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + func_dll_def_p "$export_symbols" || { + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols=$export_symbols + export_symbols= + always_export_symbols=yes + } + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs=$IFS; IFS='~' + for cmd1 in $cmds; do + IFS=$save_ifs + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test yes = "$try_normal_branch" \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=$output_objdir/$output_la.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS=$save_ifs + if test -n "$export_symbols_regex" && test : != "$skipped_export"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test : != "$skipped_export" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs=$tmp_deplibs + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test yes = "$compiler_needs_object" && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test : != "$skipped_export" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then + output=$output_objdir/$output_la.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then + output=$output_objdir/$output_la.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test yes = "$compiler_needs_object"; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-$k.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test -z "$objlist" || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test 1 -eq "$k"; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-$k.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-$k.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + func_append delfiles " $output" + + else + output= + fi + + ${skipped_export-false} && { + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + } + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs=$IFS; IFS='~' + for cmd in $concat_cmds; do + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + ${skipped_export-false} && { + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + } + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs=$IFS; IFS='~' + for cmd in $cmds; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test yes = "$module" || test yes = "$export_dynamic"; then + # On all known operating systems, these are identical. + dlname=$soname + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "'-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object '$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj=$output + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # if reload_cmds runs $LD directly, get rid of -Wl from + # whole_archive_flag_spec and hope we can get by with turning comma + # into space. + case $reload_cmds in + *\$LD[\ \$]*) wl= ;; + esac + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags + else + gentop=$output_objdir/${obj}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # If we're not building shared, we need to use non_pic_objs + test yes = "$build_libtool_libs" || libobjs=$non_pic_objects + + # Create the old-style object. + reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs + + output=$obj + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + test yes = "$build_libtool_libs" || { + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + } + + if test -n "$pic_flag" || test default != "$pic_mode"; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output=$libobj + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "'-release' is ignored for programs" + + $preload \ + && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ + && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test CXX = "$tagname"; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " $wl-bind_at_load" + func_append finalize_command " $wl-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs=$new_libs + + + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath=$rpath + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath=$rpath + + if test -n "$libobjs" && test yes = "$build_old_libs"; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" false + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=: + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=false + ;; + *cygwin* | *mingw* ) + test yes = "$build_libtool_libs" || wrappers_required=false + ;; + *) + if test no = "$need_relink" || test yes != "$build_libtool_libs"; then + wrappers_required=false + fi + ;; + esac + $wrappers_required || { + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command=$compile_command$compile_rpath + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.$objext"; then + func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' + fi + + exit $exit_status + } + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test yes = "$no_install"; then + # We don't need to create a wrapper script. + link_command=$compile_var$compile_command$compile_rpath + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + exit $EXIT_SUCCESS + fi + + case $hardcode_action,$fast_install in + relink,*) + # Fast installation is not supported + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "'$output' will be relinked during installation" + ;; + *,yes) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + ;; + *,no) + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + ;; + *,needless) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command= + ;; + esac + + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource=$output_path/$objdir/lt-$output_name.c + cwrapper=$output_path/$output_name.exe + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host"; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + case $build_libtool_libs in + convenience) + oldobjs="$libobjs_save $symfileobj" + addlibs=$convenience + build_libtool_libs=no + ;; + module) + oldobjs=$libobjs_save + addlibs=$old_convenience + build_libtool_libs=no + ;; + *) + oldobjs="$old_deplibs $non_pic_objects" + $preload && test -f "$symfileobj" \ + && func_append oldobjs " $symfileobj" + addlibs=$old_convenience + ;; + esac + + if test -n "$addlibs"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase=$func_basename_result + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac + done + fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj"; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test -z "$oldobjs"; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test yes = "$build_old_libs" && old_library=$libname.$libext + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test yes = "$hardcode_automatic"; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test yes = "$installed"; then + if test -z "$install_libdir"; then + break + fi + output=$output_objdir/${outputname}i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name=$func_basename_result + func_resolve_sysroot "$deplib" + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs=$newdependency_libs + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles=$newdlprefiles + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles=$newdlprefiles + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test -n "$bindir"; then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result/$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that cannot go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test no,yes = "$installed,$need_relink"; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +if test link = "$opt_mode" || test relink = "$opt_mode"; then + func_mode_link ${1+"$@"} +fi + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $debug_cmd + + RM=$nonopt + files= + rmforce=false + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + for arg + do + case $arg in + -f) func_append RM " $arg"; rmforce=: ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + for file in $files; do + func_dirname "$file" "" "." + dir=$func_dirname_result + if test . = "$dir"; then + odir=$objdir + else + odir=$dir/$objdir + fi + func_basename "$file" + name=$func_basename_result + test uninstall = "$opt_mode" && odir=$dir + + # Remember odir for removal later, being careful to avoid duplicates + if test clean = "$opt_mode"; then + case " $rmdirs " in + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif $rmforce; then + continue + fi + + rmfiles=$file + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + func_append rmfiles " $odir/$n" + done + test -n "$old_library" && func_append rmfiles " $odir/$old_library" + + case $opt_mode in + clean) + case " $library_names " in + *" $dlname "*) ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; + esac + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && test none != "$pic_object"; then + func_append rmfiles " $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && test none != "$non_pic_object"; then + func_append rmfiles " $dir/$non_pic_object" + fi + fi + ;; + + *) + if test clean = "$opt_mode"; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + func_append rmfiles " $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + func_append rmfiles " $odir/$name $odir/${name}S.$objext" + if test yes = "$fast_install" && test -n "$relink_command"; then + func_append rmfiles " $odir/lt-$name" + fi + if test "X$noexename" != "X$name"; then + func_append rmfiles " $odir/lt-$noexename.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + + # Try to remove the $objdir's in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then + func_mode_uninstall ${1+"$@"} +fi + +test -z "$opt_mode" && { + help=$generic_help + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode '$opt_mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# where we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: diff --git a/build/litter/missing b/build/litter/missing new file mode 100755 index 0000000..625aeb1 --- /dev/null +++ b/build/litter/missing @@ -0,0 +1,215 @@ +#! /bin/sh +# Common wrapper for a few potentially missing GNU programs. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try '$0 --help' for more information" + exit 1 +fi + +case $1 in + + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; + + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" + exit 1 + ;; + +esac + +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi + +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build/litter/tap-driver.sh b/build/litter/tap-driver.sh new file mode 100755 index 0000000..2516e9c --- /dev/null +++ b/build/litter/tap-driver.sh @@ -0,0 +1,651 @@ +#! /bin/sh +# Copyright (C) 2011-2018 Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +scriptversion=2013-12-23.17; # UTC + +# Make unconditional expansion of undefined variables an error. This +# helps a lot in preventing typo-related bugs. +set -u + +me=tap-driver.sh + +fatal () +{ + echo "$me: fatal: $*" >&2 + exit 1 +} + +usage_error () +{ + echo "$me: $*" >&2 + print_usage >&2 + exit 2 +} + +print_usage () +{ + cat < + # + trap : 1 3 2 13 15 + if test $merge -gt 0; then + exec 2>&1 + else + exec 2>&3 + fi + "$@" + echo $? + ) | LC_ALL=C ${AM_TAP_AWK-awk} \ + -v me="$me" \ + -v test_script_name="$test_name" \ + -v log_file="$log_file" \ + -v trs_file="$trs_file" \ + -v expect_failure="$expect_failure" \ + -v merge="$merge" \ + -v ignore_exit="$ignore_exit" \ + -v comments="$comments" \ + -v diag_string="$diag_string" \ +' +# TODO: the usages of "cat >&3" below could be optimized when using +# GNU awk, and/on on systems that supports /dev/fd/. + +# Implementation note: in what follows, `result_obj` will be an +# associative array that (partly) simulates a TAP result object +# from the `TAP::Parser` perl module. + +## ----------- ## +## FUNCTIONS ## +## ----------- ## + +function fatal(msg) +{ + print me ": " msg | "cat >&2" + exit 1 +} + +function abort(where) +{ + fatal("internal error " where) +} + +# Convert a boolean to a "yes"/"no" string. +function yn(bool) +{ + return bool ? "yes" : "no"; +} + +function add_test_result(result) +{ + if (!test_results_index) + test_results_index = 0 + test_results_list[test_results_index] = result + test_results_index += 1 + test_results_seen[result] = 1; +} + +# Whether the test script should be re-run by "make recheck". +function must_recheck() +{ + for (k in test_results_seen) + if (k != "XFAIL" && k != "PASS" && k != "SKIP") + return 1 + return 0 +} + +# Whether the content of the log file associated to this test should +# be copied into the "global" test-suite.log. +function copy_in_global_log() +{ + for (k in test_results_seen) + if (k != "PASS") + return 1 + return 0 +} + +function get_global_test_result() +{ + if ("ERROR" in test_results_seen) + return "ERROR" + if ("FAIL" in test_results_seen || "XPASS" in test_results_seen) + return "FAIL" + all_skipped = 1 + for (k in test_results_seen) + if (k != "SKIP") + all_skipped = 0 + if (all_skipped) + return "SKIP" + return "PASS"; +} + +function stringify_result_obj(result_obj) +{ + if (result_obj["is_unplanned"] || result_obj["number"] != testno) + return "ERROR" + + if (plan_seen == LATE_PLAN) + return "ERROR" + + if (result_obj["directive"] == "TODO") + return result_obj["is_ok"] ? "XPASS" : "XFAIL" + + if (result_obj["directive"] == "SKIP") + return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL; + + if (length(result_obj["directive"])) + abort("in function stringify_result_obj()") + + return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL +} + +function decorate_result(result) +{ + color_name = color_for_result[result] + if (color_name) + return color_map[color_name] "" result "" color_map["std"] + # If we are not using colorized output, or if we do not know how + # to colorize the given result, we should return it unchanged. + return result +} + +function report(result, details) +{ + if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/) + { + msg = ": " test_script_name + add_test_result(result) + } + else if (result == "#") + { + msg = " " test_script_name ":" + } + else + { + abort("in function report()") + } + if (length(details)) + msg = msg " " details + # Output on console might be colorized. + print decorate_result(result) msg + # Log the result in the log file too, to help debugging (this is + # especially true when said result is a TAP error or "Bail out!"). + print result msg | "cat >&3"; +} + +function testsuite_error(error_message) +{ + report("ERROR", "- " error_message) +} + +function handle_tap_result() +{ + details = result_obj["number"]; + if (length(result_obj["description"])) + details = details " " result_obj["description"] + + if (plan_seen == LATE_PLAN) + { + details = details " # AFTER LATE PLAN"; + } + else if (result_obj["is_unplanned"]) + { + details = details " # UNPLANNED"; + } + else if (result_obj["number"] != testno) + { + details = sprintf("%s # OUT-OF-ORDER (expecting %d)", + details, testno); + } + else if (result_obj["directive"]) + { + details = details " # " result_obj["directive"]; + if (length(result_obj["explanation"])) + details = details " " result_obj["explanation"] + } + + report(stringify_result_obj(result_obj), details) +} + +# `skip_reason` should be empty whenever planned > 0. +function handle_tap_plan(planned, skip_reason) +{ + planned += 0 # Avoid getting confused if, say, `planned` is "00" + if (length(skip_reason) && planned > 0) + abort("in function handle_tap_plan()") + if (plan_seen) + { + # Error, only one plan per stream is acceptable. + testsuite_error("multiple test plans") + return; + } + planned_tests = planned + # The TAP plan can come before or after *all* the TAP results; we speak + # respectively of an "early" or a "late" plan. If we see the plan line + # after at least one TAP result has been seen, assume we have a late + # plan; in this case, any further test result seen after the plan will + # be flagged as an error. + plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN) + # If testno > 0, we have an error ("too many tests run") that will be + # automatically dealt with later, so do not worry about it here. If + # $plan_seen is true, we have an error due to a repeated plan, and that + # has already been dealt with above. Otherwise, we have a valid "plan + # with SKIP" specification, and should report it as a particular kind + # of SKIP result. + if (planned == 0 && testno == 0) + { + if (length(skip_reason)) + skip_reason = "- " skip_reason; + report("SKIP", skip_reason); + } +} + +function extract_tap_comment(line) +{ + if (index(line, diag_string) == 1) + { + # Strip leading `diag_string` from `line`. + line = substr(line, length(diag_string) + 1) + # And strip any leading and trailing whitespace left. + sub("^[ \t]*", "", line) + sub("[ \t]*$", "", line) + # Return what is left (if any). + return line; + } + return ""; +} + +# When this function is called, we know that line is a TAP result line, +# so that it matches the (perl) RE "^(not )?ok\b". +function setup_result_obj(line) +{ + # Get the result, and remove it from the line. + result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0) + sub("^(not )?ok[ \t]*", "", line) + + # If the result has an explicit number, get it and strip it; otherwise, + # automatically assing the next progresive number to it. + if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/) + { + match(line, "^[0-9]+") + # The final `+ 0` is to normalize numbers with leading zeros. + result_obj["number"] = substr(line, 1, RLENGTH) + 0 + line = substr(line, RLENGTH + 1) + } + else + { + result_obj["number"] = testno + } + + if (plan_seen == LATE_PLAN) + # No further test results are acceptable after a "late" TAP plan + # has been seen. + result_obj["is_unplanned"] = 1 + else if (plan_seen && testno > planned_tests) + result_obj["is_unplanned"] = 1 + else + result_obj["is_unplanned"] = 0 + + # Strip trailing and leading whitespace. + sub("^[ \t]*", "", line) + sub("[ \t]*$", "", line) + + # This will have to be corrected if we have a "TODO"/"SKIP" directive. + result_obj["description"] = line + result_obj["directive"] = "" + result_obj["explanation"] = "" + + if (index(line, "#") == 0) + return # No possible directive, nothing more to do. + + # Directives are case-insensitive. + rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*" + + # See whether we have the directive, and if yes, where. + pos = match(line, rx "$") + if (!pos) + pos = match(line, rx "[^a-zA-Z0-9_]") + + # If there was no TAP directive, we have nothing more to do. + if (!pos) + return + + # Let`s now see if the TAP directive has been escaped. For example: + # escaped: ok \# SKIP + # not escaped: ok \\# SKIP + # escaped: ok \\\\\# SKIP + # not escaped: ok \ # SKIP + if (substr(line, pos, 1) == "#") + { + bslash_count = 0 + for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--) + bslash_count += 1 + if (bslash_count % 2) + return # Directive was escaped. + } + + # Strip the directive and its explanation (if any) from the test + # description. + result_obj["description"] = substr(line, 1, pos - 1) + # Now remove the test description from the line, that has been dealt + # with already. + line = substr(line, pos) + # Strip the directive, and save its value (normalized to upper case). + sub("^[ \t]*#[ \t]*", "", line) + result_obj["directive"] = toupper(substr(line, 1, 4)) + line = substr(line, 5) + # Now get the explanation for the directive (if any), with leading + # and trailing whitespace removed. + sub("^[ \t]*", "", line) + sub("[ \t]*$", "", line) + result_obj["explanation"] = line +} + +function get_test_exit_message(status) +{ + if (status == 0) + return "" + if (status !~ /^[1-9][0-9]*$/) + abort("getting exit status") + if (status < 127) + exit_details = "" + else if (status == 127) + exit_details = " (command not found?)" + else if (status >= 128 && status <= 255) + exit_details = sprintf(" (terminated by signal %d?)", status - 128) + else if (status > 256 && status <= 384) + # We used to report an "abnormal termination" here, but some Korn + # shells, when a child process die due to signal number n, can leave + # in $? an exit status of 256+n instead of the more standard 128+n. + # Apparently, both behaviours are allowed by POSIX (2008), so be + # prepared to handle them both. See also Austing Group report ID + # 0000051 + exit_details = sprintf(" (terminated by signal %d?)", status - 256) + else + # Never seen in practice. + exit_details = " (abnormal termination)" + return sprintf("exited with status %d%s", status, exit_details) +} + +function write_test_results() +{ + print ":global-test-result: " get_global_test_result() > trs_file + print ":recheck: " yn(must_recheck()) > trs_file + print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file + for (i = 0; i < test_results_index; i += 1) + print ":test-result: " test_results_list[i] > trs_file + close(trs_file); +} + +BEGIN { + +## ------- ## +## SETUP ## +## ------- ## + +'"$init_colors"' + +# Properly initialized once the TAP plan is seen. +planned_tests = 0 + +COOKED_PASS = expect_failure ? "XPASS": "PASS"; +COOKED_FAIL = expect_failure ? "XFAIL": "FAIL"; + +# Enumeration-like constants to remember which kind of plan (if any) +# has been seen. It is important that NO_PLAN evaluates "false" as +# a boolean. +NO_PLAN = 0 +EARLY_PLAN = 1 +LATE_PLAN = 2 + +testno = 0 # Number of test results seen so far. +bailed_out = 0 # Whether a "Bail out!" directive has been seen. + +# Whether the TAP plan has been seen or not, and if yes, which kind +# it is ("early" is seen before any test result, "late" otherwise). +plan_seen = NO_PLAN + +## --------- ## +## PARSING ## +## --------- ## + +is_first_read = 1 + +while (1) + { + # Involutions required so that we are able to read the exit status + # from the last input line. + st = getline + if (st < 0) # I/O error. + fatal("I/O error while reading from input stream") + else if (st == 0) # End-of-input + { + if (is_first_read) + abort("in input loop: only one input line") + break + } + if (is_first_read) + { + is_first_read = 0 + nextline = $0 + continue + } + else + { + curline = nextline + nextline = $0 + $0 = curline + } + # Copy any input line verbatim into the log file. + print | "cat >&3" + # Parsing of TAP input should stop after a "Bail out!" directive. + if (bailed_out) + continue + + # TAP test result. + if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/) + { + testno += 1 + setup_result_obj($0) + handle_tap_result() + } + # TAP plan (normal or "SKIP" without explanation). + else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/) + { + # The next two lines will put the number of planned tests in $0. + sub("^1\\.\\.", "") + sub("[^0-9]*$", "") + handle_tap_plan($0, "") + continue + } + # TAP "SKIP" plan, with an explanation. + else if ($0 ~ /^1\.\.0+[ \t]*#/) + { + # The next lines will put the skip explanation in $0, stripping + # any leading and trailing whitespace. This is a little more + # tricky in truth, since we want to also strip a potential leading + # "SKIP" string from the message. + sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "") + sub("[ \t]*$", ""); + handle_tap_plan(0, $0) + } + # "Bail out!" magic. + # Older versions of prove and TAP::Harness (e.g., 3.17) did not + # recognize a "Bail out!" directive when preceded by leading + # whitespace, but more modern versions (e.g., 3.23) do. So we + # emulate the latter, "more modern" behaviour. + else if ($0 ~ /^[ \t]*Bail out!/) + { + bailed_out = 1 + # Get the bailout message (if any), with leading and trailing + # whitespace stripped. The message remains stored in `$0`. + sub("^[ \t]*Bail out![ \t]*", ""); + sub("[ \t]*$", ""); + # Format the error message for the + bailout_message = "Bail out!" + if (length($0)) + bailout_message = bailout_message " " $0 + testsuite_error(bailout_message) + } + # Maybe we have too look for dianogtic comments too. + else if (comments != 0) + { + comment = extract_tap_comment($0); + if (length(comment)) + report("#", comment); + } + } + +## -------- ## +## FINISH ## +## -------- ## + +# A "Bail out!" directive should cause us to ignore any following TAP +# error, as well as a non-zero exit status from the TAP producer. +if (!bailed_out) + { + if (!plan_seen) + { + testsuite_error("missing test plan") + } + else if (planned_tests != testno) + { + bad_amount = testno > planned_tests ? "many" : "few" + testsuite_error(sprintf("too %s tests run (expected %d, got %d)", + bad_amount, planned_tests, testno)) + } + if (!ignore_exit) + { + # Fetch exit status from the last line. + exit_message = get_test_exit_message(nextline) + if (exit_message) + testsuite_error(exit_message) + } + } + +write_test_results() + +exit 0 + +} # End of "BEGIN" block. +' + +# TODO: document that we consume the file descriptor 3 :-( +} 3>"$log_file" + +test $? -eq 0 || fatal "I/O or internal error" + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build/litter/test-driver b/build/litter/test-driver new file mode 100755 index 0000000..b8521a4 --- /dev/null +++ b/build/litter/test-driver @@ -0,0 +1,148 @@ +#! /bin/sh +# test-driver - basic testsuite driver script. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 2011-2018 Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +# Make unconditional expansion of undefined variables an error. This +# helps a lot in preventing typo-related bugs. +set -u + +usage_error () +{ + echo "$0: $*" >&2 + print_usage >&2 + exit 2 +} + +print_usage () +{ + cat <$log_file 2>&1 +estatus=$? + +if test $enable_hard_errors = no && test $estatus -eq 99; then + tweaked_estatus=1 +else + tweaked_estatus=$estatus +fi + +case $tweaked_estatus:$expect_failure in + 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; + 0:*) col=$grn res=PASS recheck=no gcopy=no;; + 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; + 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;; + *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;; + *:*) col=$red res=FAIL recheck=yes gcopy=yes;; +esac + +# Report the test outcome and exit status in the logs, so that one can +# know whether the test passed or failed simply by looking at the '.log' +# file, without the need of also peaking into the corresponding '.trs' +# file (automake bug#11814). +echo "$res $test_name (exit status: $estatus)" >>$log_file + +# Report outcome to console. +echo "${col}${res}${std}: $test_name" + +# Register the test result, and other relevant metadata. +echo ":test-result: $res" > $trs_file +echo ":global-test-result: $res" >> $trs_file +echo ":recheck: $recheck" >> $trs_file +echo ":copy-in-global-log: $gcopy" >> $trs_file + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build/m4/gettext.m4 b/build/m4/gettext.m4 new file mode 100644 index 0000000..e783241 --- /dev/null +++ b/build/m4/gettext.m4 @@ -0,0 +1,386 @@ +# gettext.m4 serial 70 (gettext-0.20) +dnl Copyright (C) 1995-2014, 2016, 2018 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. +dnl +dnl This file can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2006, 2008-2010. + +dnl Macro to add for using GNU gettext. + +dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]). +dnl INTLSYMBOL must be one of 'external', 'use-libtool'. +dnl INTLSYMBOL should be 'external' for packages other than GNU gettext, and +dnl 'use-libtool' for the packages 'gettext-runtime' and 'gettext-tools'. +dnl If INTLSYMBOL is 'use-libtool', then a libtool library +dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static, +dnl depending on --{enable,disable}-{shared,static} and on the presence of +dnl AM-DISABLE-SHARED). +dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext +dnl implementations (in libc or libintl) without the ngettext() function +dnl will be ignored. If NEEDSYMBOL is specified and is +dnl 'need-formatstring-macros', then GNU gettext implementations that don't +dnl support the ISO C 99 formatstring macros will be ignored. +dnl INTLDIR is used to find the intl libraries. If empty, +dnl the value '$(top_builddir)/intl/' is used. +dnl +dnl The result of the configuration is one of three cases: +dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled +dnl and used. +dnl Catalog format: GNU --> install in $(datadir) +dnl Catalog extension: .mo after installation, .gmo in source tree +dnl 2) GNU gettext has been found in the system's C library. +dnl Catalog format: GNU --> install in $(datadir) +dnl Catalog extension: .mo after installation, .gmo in source tree +dnl 3) No internationalization, always use English msgid. +dnl Catalog format: none +dnl Catalog extension: none +dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur. +dnl The use of .gmo is historical (it was needed to avoid overwriting the +dnl GNU format catalogs when building on a platform with an X/Open gettext), +dnl but we keep it in order not to force irrelevant filename changes on the +dnl maintainers. +dnl +AC_DEFUN([AM_GNU_GETTEXT], +[ + dnl Argument checking. + ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [use-libtool], , + [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT +])])])]) + ifelse(ifelse([$1], [], [old])[]ifelse([$1], [no-libtool], [old]), [old], + [errprint([ERROR: Use of AM_GNU_GETTEXT without [external] argument is no longer supported. +])]) + ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], , + [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT +])])])]) + define([gt_included_intl], + ifelse([$1], [external], [no], [yes])) + gt_NEEDS_INIT + AM_GNU_GETTEXT_NEED([$2]) + + AC_REQUIRE([AM_PO_SUBDIRS])dnl + ifelse(gt_included_intl, yes, [ + AC_REQUIRE([AM_INTL_SUBDIR])dnl + ]) + + dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + AC_REQUIRE([AC_LIB_RPATH]) + + dnl Sometimes libintl requires libiconv, so first search for libiconv. + dnl Ideally we would do this search only after the + dnl if test "$USE_NLS" = "yes"; then + dnl if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then + dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT + dnl the configure script would need to contain the same shell code + dnl again, outside any 'if'. There are two solutions: + dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'. + dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE. + dnl Since AC_PROVIDE_IFELSE is not documented, we avoid it. + ifelse(gt_included_intl, yes, , [ + AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) + ]) + + dnl Sometimes, on Mac OS X, libintl requires linking with CoreFoundation. + gt_INTL_MACOSX + + dnl Set USE_NLS. + AC_REQUIRE([AM_NLS]) + + ifelse(gt_included_intl, yes, [ + BUILD_INCLUDED_LIBINTL=no + USE_INCLUDED_LIBINTL=no + ]) + LIBINTL= + LTLIBINTL= + POSUB= + + dnl Add a version number to the cache macros. + case " $gt_needs " in + *" need-formatstring-macros "*) gt_api_version=3 ;; + *" need-ngettext "*) gt_api_version=2 ;; + *) gt_api_version=1 ;; + esac + gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc" + gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl" + + dnl If we use NLS figure out what method + if test "$USE_NLS" = "yes"; then + gt_use_preinstalled_gnugettext=no + ifelse(gt_included_intl, yes, [ + AC_MSG_CHECKING([whether included gettext is requested]) + AC_ARG_WITH([included-gettext], + [ --with-included-gettext use the GNU gettext library included here], + nls_cv_force_use_gnu_gettext=$withval, + nls_cv_force_use_gnu_gettext=no) + AC_MSG_RESULT([$nls_cv_force_use_gnu_gettext]) + + nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" + if test "$nls_cv_force_use_gnu_gettext" != "yes"; then + ]) + dnl User does not insist on using GNU NLS library. Figure out what + dnl to use. If GNU gettext is available we use this. Else we have + dnl to fall back to GNU NLS library. + + if test $gt_api_version -ge 3; then + gt_revision_test_code=' +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +changequote(,)dnl +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +changequote([,])dnl +' + else + gt_revision_test_code= + fi + if test $gt_api_version -ge 2; then + gt_expression_test_code=' + * ngettext ("", "", 0)' + else + gt_expression_test_code= + fi + + AC_CACHE_CHECK([for GNU gettext in libc], [$gt_func_gnugettext_libc], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +extern int _nl_msg_cat_cntr; +extern int *_nl_domain_bindings; +#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_domain_bindings) +#else +#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0 +#endif +$gt_revision_test_code + ]], + [[ +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION + ]])], + [eval "$gt_func_gnugettext_libc=yes"], + [eval "$gt_func_gnugettext_libc=no"])]) + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then + dnl Sometimes libintl requires libiconv, so first search for libiconv. + ifelse(gt_included_intl, yes, , [ + AM_ICONV_LINK + ]) + dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL + dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv]) + dnl because that would add "-liconv" to LIBINTL and LTLIBINTL + dnl even if libiconv doesn't exist. + AC_LIB_LINKFLAGS_BODY([intl]) + AC_CACHE_CHECK([for GNU gettext in libintl], + [$gt_func_gnugettext_libintl], + [gt_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $INCINTL" + gt_save_LIBS="$LIBS" + LIBS="$LIBS $LIBINTL" + dnl Now see whether libintl exists and does not depend on libiconv. + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); +#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias ("")) +#else +#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0 +#endif +$gt_revision_test_code + ]], + [[ +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION + ]])], + [eval "$gt_func_gnugettext_libintl=yes"], + [eval "$gt_func_gnugettext_libintl=no"]) + dnl Now see whether libintl exists and depends on libiconv. + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then + LIBS="$LIBS $LIBICONV" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); +#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias ("")) +#else +#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0 +#endif +$gt_revision_test_code + ]], + [[ +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION + ]])], + [LIBINTL="$LIBINTL $LIBICONV" + LTLIBINTL="$LTLIBINTL $LTLIBICONV" + eval "$gt_func_gnugettext_libintl=yes" + ]) + fi + CPPFLAGS="$gt_save_CPPFLAGS" + LIBS="$gt_save_LIBS"]) + fi + + dnl If an already present or preinstalled GNU gettext() is found, + dnl use it. But if this macro is used in GNU gettext, and GNU + dnl gettext is already preinstalled in libintl, we update this + dnl libintl. (Cf. the install rule in intl/Makefile.in.) + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \ + || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \ + && test "$PACKAGE" != gettext-runtime \ + && test "$PACKAGE" != gettext-tools; }; then + gt_use_preinstalled_gnugettext=yes + else + dnl Reset the values set by searching for libintl. + LIBINTL= + LTLIBINTL= + INCINTL= + fi + + ifelse(gt_included_intl, yes, [ + if test "$gt_use_preinstalled_gnugettext" != "yes"; then + dnl GNU gettext is not found in the C library. + dnl Fall back on included GNU gettext library. + nls_cv_use_gnu_gettext=yes + fi + fi + + if test "$nls_cv_use_gnu_gettext" = "yes"; then + dnl Mark actions used to generate GNU NLS library. + BUILD_INCLUDED_LIBINTL=yes + USE_INCLUDED_LIBINTL=yes + LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.la $LIBICONV $LIBTHREAD" + LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.la $LTLIBICONV $LTLIBTHREAD" + LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'` + fi + + CATOBJEXT= + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + dnl Mark actions to use GNU gettext tools. + CATOBJEXT=.gmo + fi + ]) + + if test -n "$INTL_MACOSX_LIBS"; then + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + dnl Some extra flags are needed during linking. + LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" + LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" + fi + fi + + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + AC_DEFINE([ENABLE_NLS], [1], + [Define to 1 if translation of program messages to the user's native language + is requested.]) + else + USE_NLS=no + fi + fi + + AC_MSG_CHECKING([whether to use NLS]) + AC_MSG_RESULT([$USE_NLS]) + if test "$USE_NLS" = "yes"; then + AC_MSG_CHECKING([where the gettext function comes from]) + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + gt_source="external libintl" + else + gt_source="libc" + fi + else + gt_source="included intl directory" + fi + AC_MSG_RESULT([$gt_source]) + fi + + if test "$USE_NLS" = "yes"; then + + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + AC_MSG_CHECKING([how to link with libintl]) + AC_MSG_RESULT([$LIBINTL]) + AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL]) + fi + + dnl For backward compatibility. Some packages may be using this. + AC_DEFINE([HAVE_GETTEXT], [1], + [Define if the GNU gettext() function is already present or preinstalled.]) + AC_DEFINE([HAVE_DCGETTEXT], [1], + [Define if the GNU dcgettext() function is already present or preinstalled.]) + fi + + dnl We need to process the po/ directory. + POSUB=po + fi + + ifelse(gt_included_intl, yes, [ + dnl In GNU gettext we have to set BUILD_INCLUDED_LIBINTL to 'yes' + dnl because some of the testsuite requires it. + BUILD_INCLUDED_LIBINTL=yes + + dnl Make all variables we use known to autoconf. + AC_SUBST([BUILD_INCLUDED_LIBINTL]) + AC_SUBST([USE_INCLUDED_LIBINTL]) + AC_SUBST([CATOBJEXT]) + ]) + + dnl For backward compatibility. Some Makefiles may be using this. + INTLLIBS="$LIBINTL" + AC_SUBST([INTLLIBS]) + + dnl Make all documented variables known to autoconf. + AC_SUBST([LIBINTL]) + AC_SUBST([LTLIBINTL]) + AC_SUBST([POSUB]) +]) + + +dnl gt_NEEDS_INIT ensures that the gt_needs variable is initialized. +m4_define([gt_NEEDS_INIT], +[ + m4_divert_text([DEFAULTS], [gt_needs=]) + m4_define([gt_NEEDS_INIT], []) +]) + + +dnl Usage: AM_GNU_GETTEXT_NEED([NEEDSYMBOL]) +AC_DEFUN([AM_GNU_GETTEXT_NEED], +[ + m4_divert_text([INIT_PREPARE], [gt_needs="$gt_needs $1"]) +]) + + +dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version]) +AC_DEFUN([AM_GNU_GETTEXT_VERSION], []) + + +dnl Usage: AM_GNU_GETTEXT_REQUIRE_VERSION([gettext-version]) +AC_DEFUN([AM_GNU_GETTEXT_REQUIRE_VERSION], []) diff --git a/build/m4/host-cpu-c-abi.m4 b/build/m4/host-cpu-c-abi.m4 new file mode 100644 index 0000000..4407296 --- /dev/null +++ b/build/m4/host-cpu-c-abi.m4 @@ -0,0 +1,644 @@ +# host-cpu-c-abi.m4 serial 11 +dnl Copyright (C) 2002-2019 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl From Bruno Haible and Sam Steingold. + +dnl Sets the HOST_CPU variable to the canonical name of the CPU. +dnl Sets the HOST_CPU_C_ABI variable to the canonical name of the CPU with its +dnl C language ABI (application binary interface). +dnl Also defines __${HOST_CPU}__ and __${HOST_CPU_C_ABI}__ as C macros in +dnl config.h. +dnl +dnl This canonical name can be used to select a particular assembly language +dnl source file that will interoperate with C code on the given host. +dnl +dnl For example: +dnl * 'i386' and 'sparc' are different canonical names, because code for i386 +dnl will not run on SPARC CPUs and vice versa. They have different +dnl instruction sets. +dnl * 'sparc' and 'sparc64' are different canonical names, because code for +dnl 'sparc' and code for 'sparc64' cannot be linked together: 'sparc' code +dnl contains 32-bit instructions, whereas 'sparc64' code contains 64-bit +dnl instructions. A process on a SPARC CPU can be in 32-bit mode or in 64-bit +dnl mode, but not both. +dnl * 'mips' and 'mipsn32' are different canonical names, because they use +dnl different argument passing and return conventions for C functions, and +dnl although the instruction set of 'mips' is a large subset of the +dnl instruction set of 'mipsn32'. +dnl * 'mipsn32' and 'mips64' are different canonical names, because they use +dnl different sizes for the C types like 'int' and 'void *', and although +dnl the instruction sets of 'mipsn32' and 'mips64' are the same. +dnl * The same canonical name is used for different endiannesses. You can +dnl determine the endianness through preprocessor symbols: +dnl - 'arm': test __ARMEL__. +dnl - 'mips', 'mipsn32', 'mips64': test _MIPSEB vs. _MIPSEL. +dnl - 'powerpc64': test _BIG_ENDIAN vs. _LITTLE_ENDIAN. +dnl * The same name 'i386' is used for CPUs of type i386, i486, i586 +dnl (Pentium), AMD K7, Pentium II, Pentium IV, etc., because +dnl - Instructions that do not exist on all of these CPUs (cmpxchg, +dnl MMX, SSE, SSE2, 3DNow! etc.) are not frequently used. If your +dnl assembly language source files use such instructions, you will +dnl need to make the distinction. +dnl - Speed of execution of the common instruction set is reasonable across +dnl the entire family of CPUs. If you have assembly language source files +dnl that are optimized for particular CPU types (like GNU gmp has), you +dnl will need to make the distinction. +dnl See . +AC_DEFUN([gl_HOST_CPU_C_ABI], +[ + AC_REQUIRE([AC_CANONICAL_HOST]) + AC_REQUIRE([gl_C_ASM]) + AC_CACHE_CHECK([host CPU and C ABI], [gl_cv_host_cpu_c_abi], + [case "$host_cpu" in + +changequote(,)dnl + i[4567]86 ) +changequote([,])dnl + gl_cv_host_cpu_c_abi=i386 + ;; + + x86_64 ) + # On x86_64 systems, the C compiler may be generating code in one of + # these ABIs: + # - 64-bit instruction set, 64-bit pointers, 64-bit 'long': x86_64. + # - 64-bit instruction set, 64-bit pointers, 32-bit 'long': x86_64 + # with native Windows (mingw, MSVC). + # - 64-bit instruction set, 32-bit pointers, 32-bit 'long': x86_64-x32. + # - 32-bit instruction set, 32-bit pointers, 32-bit 'long': i386. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if (defined __x86_64__ || defined __amd64__ \ + || defined _M_X64 || defined _M_AMD64) + int ok; + #else + error fail + #endif + ]])], + [AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __ILP32__ || defined _ILP32 + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=x86_64-x32], + [gl_cv_host_cpu_c_abi=x86_64])], + [gl_cv_host_cpu_c_abi=i386]) + ;; + +changequote(,)dnl + alphaev[4-8] | alphaev56 | alphapca5[67] | alphaev6[78] ) +changequote([,])dnl + gl_cv_host_cpu_c_abi=alpha + ;; + + arm* | aarch64 ) + # Assume arm with EABI. + # On arm64 systems, the C compiler may be generating code in one of + # these ABIs: + # - aarch64 instruction set, 64-bit pointers, 64-bit 'long': arm64. + # - aarch64 instruction set, 32-bit pointers, 32-bit 'long': arm64-ilp32. + # - 32-bit instruction set, 32-bit pointers, 32-bit 'long': arm or armhf. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#ifdef __aarch64__ + int ok; + #else + error fail + #endif + ]])], + [AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __ILP32__ || defined _ILP32 + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=arm64-ilp32], + [gl_cv_host_cpu_c_abi=arm64])], + [# Don't distinguish little-endian and big-endian arm, since they + # don't require different machine code for simple operations and + # since the user can distinguish them through the preprocessor + # defines __ARMEL__ vs. __ARMEB__. + # But distinguish arm which passes floating-point arguments and + # return values in integer registers (r0, r1, ...) - this is + # gcc -mfloat-abi=soft or gcc -mfloat-abi=softfp - from arm which + # passes them in float registers (s0, s1, ...) and double registers + # (d0, d1, ...) - this is gcc -mfloat-abi=hard. GCC 4.6 or newer + # sets the preprocessor defines __ARM_PCS (for the first case) and + # __ARM_PCS_VFP (for the second case), but older GCC does not. + echo 'double ddd; void func (double dd) { ddd = dd; }' > conftest.c + # Look for a reference to the register d0 in the .s file. + AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS $gl_c_asm_opt conftest.c) >/dev/null 2>&1 + if LC_ALL=C grep 'd0,' conftest.$gl_asmext >/dev/null; then + gl_cv_host_cpu_c_abi=armhf + else + gl_cv_host_cpu_c_abi=arm + fi + rm -f conftest* + ]) + ;; + + hppa1.0 | hppa1.1 | hppa2.0* | hppa64 ) + # On hppa, the C compiler may be generating 32-bit code or 64-bit + # code. In the latter case, it defines _LP64 and __LP64__. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#ifdef __LP64__ + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=hppa64], + [gl_cv_host_cpu_c_abi=hppa]) + ;; + + ia64* ) + # On ia64 on HP-UX, the C compiler may be generating 64-bit code or + # 32-bit code. In the latter case, it defines _ILP32. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#ifdef _ILP32 + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=ia64-ilp32], + [gl_cv_host_cpu_c_abi=ia64]) + ;; + + mips* ) + # We should also check for (_MIPS_SZPTR == 64), but gcc keeps this + # at 32. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined _MIPS_SZLONG && (_MIPS_SZLONG == 64) + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=mips64], + [# In the n32 ABI, _ABIN32 is defined, _ABIO32 is not defined (but + # may later get defined by ), and _MIPS_SIM == _ABIN32. + # In the 32 ABI, _ABIO32 is defined, _ABIN32 is not defined (but + # may later get defined by ), and _MIPS_SIM == _ABIO32. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if (_MIPS_SIM == _ABIN32) + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=mipsn32], + [gl_cv_host_cpu_c_abi=mips])]) + ;; + + powerpc* ) + # Different ABIs are in use on AIX vs. Mac OS X vs. Linux,*BSD. + # No need to distinguish them here; the caller may distinguish + # them based on the OS. + # On powerpc64 systems, the C compiler may still be generating + # 32-bit code. And on powerpc-ibm-aix systems, the C compiler may + # be generating 64-bit code. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __powerpc64__ || defined _ARCH_PPC64 + int ok; + #else + error fail + #endif + ]])], + [# On powerpc64, there are two ABIs on Linux: The AIX compatible + # one and the ELFv2 one. The latter defines _CALL_ELF=2. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined _CALL_ELF && _CALL_ELF == 2 + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=powerpc64-elfv2], + [gl_cv_host_cpu_c_abi=powerpc64]) + ], + [gl_cv_host_cpu_c_abi=powerpc]) + ;; + + rs6000 ) + gl_cv_host_cpu_c_abi=powerpc + ;; + + riscv32 | riscv64 ) + # There are 2 architectures (with variants): rv32* and rv64*. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if __riscv_xlen == 64 + int ok; + #else + error fail + #endif + ]])], + [cpu=riscv64], + [cpu=riscv32]) + # There are 6 ABIs: ilp32, ilp32f, ilp32d, lp64, lp64f, lp64d. + # Size of 'long' and 'void *': + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __LP64__ + int ok; + #else + error fail + #endif + ]])], + [main_abi=lp64], + [main_abi=ilp32]) + # Float ABIs: + # __riscv_float_abi_double: + # 'float' and 'double' are passed in floating-point registers. + # __riscv_float_abi_single: + # 'float' are passed in floating-point registers. + # __riscv_float_abi_soft: + # No values are passed in floating-point registers. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __riscv_float_abi_double + int ok; + #else + error fail + #endif + ]])], + [float_abi=d], + [AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __riscv_float_abi_single + int ok; + #else + error fail + #endif + ]])], + [float_abi=f], + [float_abi='']) + ]) + gl_cv_host_cpu_c_abi="${cpu}-${main_abi}${float_abi}" + ;; + + s390* ) + # On s390x, the C compiler may be generating 64-bit (= s390x) code + # or 31-bit (= s390) code. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __LP64__ || defined __s390x__ + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=s390x], + [gl_cv_host_cpu_c_abi=s390]) + ;; + + sparc | sparc64 ) + # UltraSPARCs running Linux have `uname -m` = "sparc64", but the + # C compiler still generates 32-bit code. + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#if defined __sparcv9 || defined __arch64__ + int ok; + #else + error fail + #endif + ]])], + [gl_cv_host_cpu_c_abi=sparc64], + [gl_cv_host_cpu_c_abi=sparc]) + ;; + + *) + gl_cv_host_cpu_c_abi="$host_cpu" + ;; + esac + ]) + + dnl In most cases, $HOST_CPU and $HOST_CPU_C_ABI are the same. + HOST_CPU=`echo "$gl_cv_host_cpu_c_abi" | sed -e 's/-.*//'` + HOST_CPU_C_ABI="$gl_cv_host_cpu_c_abi" + AC_SUBST([HOST_CPU]) + AC_SUBST([HOST_CPU_C_ABI]) + + # This was + # AC_DEFINE_UNQUOTED([__${HOST_CPU}__]) + # AC_DEFINE_UNQUOTED([__${HOST_CPU_C_ABI}__]) + # earlier, but KAI C++ 3.2d doesn't like this. + sed -e 's/-/_/g' >> confdefs.h < +#include + ]], + [[iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);]])], + [am_cv_func_iconv=yes]) + if test "$am_cv_func_iconv" != yes; then + am_save_LIBS="$LIBS" + LIBS="$LIBS $LIBICONV" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#include + ]], + [[iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);]])], + [am_cv_lib_iconv=yes] + [am_cv_func_iconv=yes]) + LIBS="$am_save_LIBS" + fi + ]) + if test "$am_cv_func_iconv" = yes; then + AC_CACHE_CHECK([for working iconv], [am_cv_func_iconv_works], [ + dnl This tests against bugs in AIX 5.1, AIX 6.1..7.1, HP-UX 11.11, + dnl Solaris 10. + am_save_LIBS="$LIBS" + if test $am_cv_lib_iconv = yes; then + LIBS="$LIBS $LIBICONV" + fi + am_cv_func_iconv_works=no + for ac_iconv_const in '' 'const'; do + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#include + +#ifndef ICONV_CONST +# define ICONV_CONST $ac_iconv_const +#endif + ]], + [[int result = 0; + /* Test against AIX 5.1 bug: Failures are not distinguishable from successful + returns. */ + { + iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8"); + if (cd_utf8_to_88591 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\342\202\254"; /* EURO SIGN */ + char buf[10]; + ICONV_CONST char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_utf8_to_88591, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 1; + iconv_close (cd_utf8_to_88591); + } + } + /* Test against Solaris 10 bug: Failures are not distinguishable from + successful returns. */ + { + iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646"); + if (cd_ascii_to_88591 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\263"; + char buf[10]; + ICONV_CONST char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_ascii_to_88591, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 2; + iconv_close (cd_ascii_to_88591); + } + } + /* Test against AIX 6.1..7.1 bug: Buffer overrun. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\304"; + static char buf[2] = { (char)0xDE, (char)0xAD }; + ICONV_CONST char *inptr = input; + size_t inbytesleft = 1; + char *outptr = buf; + size_t outbytesleft = 1; + size_t res = iconv (cd_88591_to_utf8, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD) + result |= 4; + iconv_close (cd_88591_to_utf8); + } + } +#if 0 /* This bug could be worked around by the caller. */ + /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337"; + char buf[50]; + ICONV_CONST char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_88591_to_utf8, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if ((int)res > 0) + result |= 8; + iconv_close (cd_88591_to_utf8); + } + } +#endif + /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is + provided. */ + { + /* Try standardized names. */ + iconv_t cd1 = iconv_open ("UTF-8", "EUC-JP"); + /* Try IRIX, OSF/1 names. */ + iconv_t cd2 = iconv_open ("UTF-8", "eucJP"); + /* Try AIX names. */ + iconv_t cd3 = iconv_open ("UTF-8", "IBM-eucJP"); + /* Try HP-UX names. */ + iconv_t cd4 = iconv_open ("utf8", "eucJP"); + if (cd1 == (iconv_t)(-1) && cd2 == (iconv_t)(-1) + && cd3 == (iconv_t)(-1) && cd4 == (iconv_t)(-1)) + result |= 16; + if (cd1 != (iconv_t)(-1)) + iconv_close (cd1); + if (cd2 != (iconv_t)(-1)) + iconv_close (cd2); + if (cd3 != (iconv_t)(-1)) + iconv_close (cd3); + if (cd4 != (iconv_t)(-1)) + iconv_close (cd4); + } + return result; +]])], + [am_cv_func_iconv_works=yes], , + [case "$host_os" in + aix* | hpux*) am_cv_func_iconv_works="guessing no" ;; + *) am_cv_func_iconv_works="guessing yes" ;; + esac]) + test "$am_cv_func_iconv_works" = no || break + done + LIBS="$am_save_LIBS" + ]) + case "$am_cv_func_iconv_works" in + *no) am_func_iconv=no am_cv_lib_iconv=no ;; + *) am_func_iconv=yes ;; + esac + else + am_func_iconv=no am_cv_lib_iconv=no + fi + if test "$am_func_iconv" = yes; then + AC_DEFINE([HAVE_ICONV], [1], + [Define if you have the iconv() function and it works.]) + fi + if test "$am_cv_lib_iconv" = yes; then + AC_MSG_CHECKING([how to link with libiconv]) + AC_MSG_RESULT([$LIBICONV]) + else + dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV + dnl either. + CPPFLAGS="$am_save_CPPFLAGS" + LIBICONV= + LTLIBICONV= + fi + AC_SUBST([LIBICONV]) + AC_SUBST([LTLIBICONV]) +]) + +dnl Define AM_ICONV using AC_DEFUN_ONCE for Autoconf >= 2.64, in order to +dnl avoid warnings like +dnl "warning: AC_REQUIRE: `AM_ICONV' was expanded before it was required". +dnl This is tricky because of the way 'aclocal' is implemented: +dnl - It requires defining an auxiliary macro whose name ends in AC_DEFUN. +dnl Otherwise aclocal's initial scan pass would miss the macro definition. +dnl - It requires a line break inside the AC_DEFUN_ONCE and AC_DEFUN expansions. +dnl Otherwise aclocal would emit many "Use of uninitialized value $1" +dnl warnings. +m4_define([gl_iconv_AC_DEFUN], + m4_version_prereq([2.64], + [[AC_DEFUN_ONCE( + [$1], [$2])]], + [m4_ifdef([gl_00GNULIB], + [[AC_DEFUN_ONCE( + [$1], [$2])]], + [[AC_DEFUN( + [$1], [$2])]])])) +gl_iconv_AC_DEFUN([AM_ICONV], +[ + AM_ICONV_LINK + if test "$am_cv_func_iconv" = yes; then + AC_MSG_CHECKING([for iconv declaration]) + AC_CACHE_VAL([am_cv_proto_iconv], [ + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#include +extern +#ifdef __cplusplus +"C" +#endif +#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) +size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); +#else +size_t iconv(); +#endif + ]], + [[]])], + [am_cv_proto_iconv_arg1=""], + [am_cv_proto_iconv_arg1="const"]) + am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"]) + am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'` + AC_MSG_RESULT([ + $am_cv_proto_iconv]) + else + dnl When compiling GNU libiconv on a system that does not have iconv yet, + dnl pick the POSIX compliant declaration without 'const'. + am_cv_proto_iconv_arg1="" + fi + AC_DEFINE_UNQUOTED([ICONV_CONST], [$am_cv_proto_iconv_arg1], + [Define as const if the declaration of iconv() needs const.]) + dnl Also substitute ICONV_CONST in the gnulib generated . + m4_ifdef([gl_ICONV_H_DEFAULTS], + [AC_REQUIRE([gl_ICONV_H_DEFAULTS]) + if test -n "$am_cv_proto_iconv_arg1"; then + ICONV_CONST="const" + fi + ]) +]) diff --git a/build/m4/intlmacosx.m4 b/build/m4/intlmacosx.m4 new file mode 100644 index 0000000..30e6f50 --- /dev/null +++ b/build/m4/intlmacosx.m4 @@ -0,0 +1,72 @@ +# intlmacosx.m4 serial 6 (gettext-0.20) +dnl Copyright (C) 2004-2014, 2016, 2019 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. +dnl +dnl This file can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Checks for special options needed on Mac OS X. +dnl Defines INTL_MACOSX_LIBS. +AC_DEFUN([gt_INTL_MACOSX], +[ + dnl Check for API introduced in Mac OS X 10.4. + AC_CACHE_CHECK([for CFPreferencesCopyAppValue], + [gt_cv_func_CFPreferencesCopyAppValue], + [gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[CFPreferencesCopyAppValue(NULL, NULL)]])], + [gt_cv_func_CFPreferencesCopyAppValue=yes], + [gt_cv_func_CFPreferencesCopyAppValue=no]) + LIBS="$gt_save_LIBS"]) + if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then + AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], [1], + [Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in the CoreFoundation framework.]) + fi + dnl Check for API introduced in Mac OS X 10.5. + AC_CACHE_CHECK([for CFLocaleCopyCurrent], [gt_cv_func_CFLocaleCopyCurrent], + [gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[CFLocaleCopyCurrent();]])], + [gt_cv_func_CFLocaleCopyCurrent=yes], + [gt_cv_func_CFLocaleCopyCurrent=no]) + LIBS="$gt_save_LIBS"]) + if test $gt_cv_func_CFLocaleCopyCurrent = yes; then + AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], [1], + [Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the CoreFoundation framework.]) + fi + AC_CACHE_CHECK([for CFLocaleCopyPreferredLanguages], [gt_cv_func_CFLocaleCopyPreferredLanguages], + [gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[CFLocaleCopyPreferredLanguages();]])], + [gt_cv_func_CFLocaleCopyPreferredLanguages=yes], + [gt_cv_func_CFLocaleCopyPreferredLanguages=no]) + LIBS="$gt_save_LIBS"]) + if test $gt_cv_func_CFLocaleCopyPreferredLanguages = yes; then + AC_DEFINE([HAVE_CFLOCALECOPYPREFERREDLANGUAGES], [1], + [Define to 1 if you have the Mac OS X function CFLocaleCopyPreferredLanguages in the CoreFoundation framework.]) + fi + INTL_MACOSX_LIBS= + if test $gt_cv_func_CFPreferencesCopyAppValue = yes \ + || test $gt_cv_func_CFLocaleCopyCurrent = yes \ + || test $gt_cv_func_CFLocaleCopyPreferredLanguages = yes; then + INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" + fi + AC_SUBST([INTL_MACOSX_LIBS]) +]) diff --git a/build/m4/ld-version-script.m4 b/build/m4/ld-version-script.m4 new file mode 100644 index 0000000..4364f9f --- /dev/null +++ b/build/m4/ld-version-script.m4 @@ -0,0 +1,48 @@ +# ld-version-script.m4 serial 4 +dnl Copyright (C) 2008-2018 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl From Simon Josefsson + +# FIXME: The test below returns a false positive for mingw +# cross-compiles, 'local:' statements does not reduce number of +# exported symbols in a DLL. Use --disable-ld-version-script to work +# around the problem. + +# gl_LD_VERSION_SCRIPT +# -------------------- +# Check if LD supports linker scripts, and define automake conditional +# HAVE_LD_VERSION_SCRIPT if so. +AC_DEFUN([gl_LD_VERSION_SCRIPT], +[ + AC_ARG_ENABLE([ld-version-script], + [AS_HELP_STRING([--enable-ld-version-script], + [enable linker version script (default is enabled when possible)])], + [have_ld_version_script=$enableval], + [AC_CACHE_CHECK([if LD -Wl,--version-script works], + [gl_cv_sys_ld_version_script], + [gl_cv_sys_ld_version_script=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" + echo foo >conftest.map + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], + [], + [cat > conftest.map <&1 /dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +if test -n "$LD"; then + AC_MSG_CHECKING([for ld]) +elif test "$GCC" = yes; then + AC_MSG_CHECKING([for ld used by $CC]) +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +if test -n "$LD"; then + # Let the user override the test with a path. + : +else + AC_CACHE_VAL([acl_cv_path_LD], + [ + acl_cv_path_LD= # Final result of this test + ac_prog=ld # Program to search in $PATH + if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + acl_output=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + acl_output=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $acl_output in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + acl_output=`echo "$acl_output" | sed 's%\\\\%/%g'` + while echo "$acl_output" | grep "$re_direlt" > /dev/null 2>&1; do + acl_output=`echo $acl_output | sed "s%$re_direlt%/%"` + done + # Got the pathname. No search in PATH is needed. + acl_cv_path_LD="$acl_output" + ac_prog= + ;; + "") + # If it fails, then pretend we aren't using GCC. + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac + fi + if test -n "$ac_prog"; then + # Search for $ac_prog in $PATH. + acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$acl_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + acl_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$acl_cv_path_LD" -v 2>&1 conftest.sh + . ./conftest.sh + rm -f ./conftest.sh + acl_cv_rpath=done + ]) + wl="$acl_cv_wl" + acl_libext="$acl_cv_libext" + acl_shlibext="$acl_cv_shlibext" + acl_libname_spec="$acl_cv_libname_spec" + acl_library_names_spec="$acl_cv_library_names_spec" + acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" + acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + acl_hardcode_direct="$acl_cv_hardcode_direct" + acl_hardcode_minus_L="$acl_cv_hardcode_minus_L" + dnl Determine whether the user wants rpath handling at all. + AC_ARG_ENABLE([rpath], + [ --disable-rpath do not hardcode runtime library paths], + :, enable_rpath=yes) +]) + +dnl AC_LIB_FROMPACKAGE(name, package) +dnl declares that libname comes from the given package. The configure file +dnl will then not have a --with-libname-prefix option but a +dnl --with-package-prefix option. Several libraries can come from the same +dnl package. This declaration must occur before an AC_LIB_LINKFLAGS or similar +dnl macro call that searches for libname. +AC_DEFUN([AC_LIB_FROMPACKAGE], +[ + pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + define([acl_frompackage_]NAME, [$2]) + popdef([NAME]) + pushdef([PACK],[$2]) + pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + define([acl_libsinpackage_]PACKUP, + m4_ifdef([acl_libsinpackage_]PACKUP, [m4_defn([acl_libsinpackage_]PACKUP)[, ]],)[lib$1]) + popdef([PACKUP]) + popdef([PACK]) +]) + +dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and +dnl the libraries corresponding to explicit and implicit dependencies. +dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables. +dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found +dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem. +AC_DEFUN([AC_LIB_LINKFLAGS_BODY], +[ + AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) + pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + pushdef([PACK],[m4_ifdef([acl_frompackage_]NAME, [acl_frompackage_]NAME, lib[$1])]) + pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + pushdef([PACKLIBS],[m4_ifdef([acl_frompackage_]NAME, [acl_libsinpackage_]PACKUP, lib[$1])]) + dnl By default, look in $includedir and $libdir. + use_additional=yes + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + AC_ARG_WITH(PACK[-prefix], +[[ --with-]]PACK[[-prefix[=DIR] search for ]PACKLIBS[ in DIR/include and DIR/lib + --without-]]PACK[[-prefix don't search for ]PACKLIBS[ in includedir and libdir]], +[ + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi +]) + dnl Search the library and its dependencies in $additional_libdir and + dnl $LDFLAGS. Using breadth-first-seach. + LIB[]NAME= + LTLIB[]NAME= + INC[]NAME= + LIB[]NAME[]_PREFIX= + dnl HAVE_LIB${NAME} is an indicator that LIB${NAME}, LTLIB${NAME} have been + dnl computed. So it has to be reset here. + HAVE_LIB[]NAME= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='$1 $2' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + dnl See if it was already located by an earlier AC_LIB_LINKFLAGS + dnl or AC_LIB_HAVE_LINKFLAGS call. + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value" + else + dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined + dnl that this library doesn't exist. So just drop it. + : + fi + else + dnl Search the library lib$name in $additional_libdir and $LDFLAGS + dnl and the already constructed $LIBNAME/$LTLIBNAME. + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + dnl The same code as in the loop below: + dnl First look for a shared library. + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + dnl Then look for a static library. + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + dnl First look for a shared library. + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + dnl Then look for a static library. + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + dnl Found the library. + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + dnl Linking with a shared library. We attempt to hardcode its + dnl directory into the executable's runpath, unless it's the + dnl standard /usr/lib. + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + dnl No hardcoding is needed. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + else + dnl Use an explicit option to hardcode DIR into the resulting + dnl binary. + dnl Potentially add DIR to ltrpathdirs. + dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + dnl The hardcoding into $LIBNAME is system dependent. + if test "$acl_hardcode_direct" = yes; then + dnl Using DIR/libNAME.so during linking hardcodes DIR into the + dnl resulting binary. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + dnl Use an explicit option to hardcode DIR into the resulting + dnl binary. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + dnl Potentially add DIR to rpathdirs. + dnl The rpathdirs will be appended to $LIBNAME at the end. + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + dnl Rely on "-L$found_dir". + dnl But don't add it if it's already contained in the LDFLAGS + dnl or the already constructed $LIBNAME + haveit= + for x in $LDFLAGS $LIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + dnl FIXME: Not sure whether we should use + dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" + dnl here. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + else + dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH + dnl here, because this doesn't fit in flags passed to the + dnl compiler. So give up. No hardcoding. This affects only + dnl very old systems. + dnl FIXME: Not sure whether we should use + dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" + dnl here. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + dnl Linking with a static library. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a" + else + dnl We shouldn't come here, but anyway it's good to have a + dnl fallback. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name" + fi + fi + dnl Assume the include files are nearby. + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = '$1'; then + LIB[]NAME[]_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = '$1'; then + LIB[]NAME[]_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + dnl Potentially add $additional_includedir to $INCNAME. + dnl But don't add it + dnl 1. if it's the standard /usr/include, + dnl 2. if it's /usr/local/include and we are using GCC on Linux, + dnl 3. if it's already present in $CPPFLAGS or the already + dnl constructed $INCNAME, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INC[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + dnl Really add $additional_includedir to $INCNAME. + INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + dnl Look for dependencies. + if test -n "$found_la"; then + dnl Read the .la file. It defines the variables + dnl dlname, library_names, old_library, dependency_libs, current, + dnl age, revision, installed, dlopen, dlpreopen, libdir. + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + dnl We use only dependency_libs. + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME. + dnl But don't add it + dnl 1. if it's the standard /usr/lib, + dnl 2. if it's /usr/local/lib and we are using GCC on Linux, + dnl 3. if it's already present in $LDFLAGS or the already + dnl constructed $LIBNAME, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + dnl Really add $additional_libdir to $LIBNAME. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + dnl Really add $additional_libdir to $LTLIBNAME. + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + dnl Potentially add DIR to rpathdirs. + dnl The rpathdirs will be appended to $LIBNAME at the end. + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + dnl Potentially add DIR to ltrpathdirs. + dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + dnl Handle this in the next round. + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + dnl Handle this in the next round. Throw away the .la's + dnl directory; it is already contained in a preceding -L + dnl option. + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + dnl Most likely an immediate library name. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep" + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep" + ;; + esac + done + fi + else + dnl Didn't find the library; assume it is in the system directories + dnl known to the linker and runtime loader. (All the system + dnl directories known to the linker should also be known to the + dnl runtime loader, otherwise the system is severely misconfigured.) + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + dnl Weird platform: only the last -rpath option counts, the user must + dnl pass all path elements in one option. We can arrange that for a + dnl single library, but not when more than one $LIBNAMEs are used. + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl. + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" + else + dnl The -rpath options are cumulative. + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + dnl When using libtool, the option that works for both libraries and + dnl executables is -R. The -R options are cumulative. + for found_dir in $ltrpathdirs; do + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir" + done + fi + popdef([PACKLIBS]) + popdef([PACKUP]) + popdef([PACK]) + popdef([NAME]) +]) + +dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR, +dnl unless already present in VAR. +dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes +dnl contains two or three consecutive elements that belong together. +AC_DEFUN([AC_LIB_APPENDTOVAR], +[ + for element in [$2]; do + haveit= + for x in $[$1]; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + [$1]="${[$1]}${[$1]:+ }$element" + fi + done +]) + +dnl For those cases where a variable contains several -L and -l options +dnl referring to unknown libraries and directories, this macro determines the +dnl necessary additional linker options for the runtime path. +dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL]) +dnl sets LDADDVAR to linker options needed together with LIBSVALUE. +dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed, +dnl otherwise linking without libtool is assumed. +AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], +[ + AC_REQUIRE([AC_LIB_RPATH]) + AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) + $1= + if test "$enable_rpath" != no; then + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + dnl Use an explicit option to hardcode directories into the resulting + dnl binary. + rpathdirs= + next= + for opt in $2; do + if test -n "$next"; then + dir="$next" + dnl No need to hardcode the standard /usr/lib. + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then + rpathdirs="$rpathdirs $dir" + fi + next= + else + case $opt in + -L) next=yes ;; + -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'` + dnl No need to hardcode the standard /usr/lib. + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then + rpathdirs="$rpathdirs $dir" + fi + next= ;; + *) next= ;; + esac + fi + done + if test "X$rpathdirs" != "X"; then + if test -n ""$3""; then + dnl libtool is used for linking. Use -R options. + for dir in $rpathdirs; do + $1="${$1}${$1:+ }-R$dir" + done + else + dnl The linker is used for linking directly. + if test -n "$acl_hardcode_libdir_separator"; then + dnl Weird platform: only the last -rpath option counts, the user + dnl must pass all path elements in one option. + alldirs= + for dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + $1="$flag" + else + dnl The -rpath options are cumulative. + for dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + $1="${$1}${$1:+ }$flag" + done + fi + fi + fi + fi + fi + AC_SUBST([$1]) +]) diff --git a/build/m4/lib-prefix.m4 b/build/m4/lib-prefix.m4 new file mode 100644 index 0000000..8adb17b --- /dev/null +++ b/build/m4/lib-prefix.m4 @@ -0,0 +1,249 @@ +# lib-prefix.m4 serial 14 +dnl Copyright (C) 2001-2005, 2008-2019 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl From Bruno Haible. + +dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed +dnl to access previously installed libraries. The basic assumption is that +dnl a user will want packages to use other packages he previously installed +dnl with the same --prefix option. +dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate +dnl libraries, but is otherwise very convenient. +AC_DEFUN([AC_LIB_PREFIX], +[ + AC_BEFORE([$0], [AC_LIB_LINKFLAGS]) + AC_REQUIRE([AC_PROG_CC]) + AC_REQUIRE([AC_CANONICAL_HOST]) + AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + dnl By default, look in $includedir and $libdir. + use_additional=yes + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + AC_ARG_WITH([lib-prefix], +[[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib + --without-lib-prefix don't search for libraries in includedir and libdir]], +[ + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + fi + fi +]) + if test $use_additional = yes; then + dnl Potentially add $additional_includedir to $CPPFLAGS. + dnl But don't add it + dnl 1. if it's the standard /usr/include, + dnl 2. if it's already present in $CPPFLAGS, + dnl 3. if it's /usr/local/include and we are using GCC on Linux, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + for x in $CPPFLAGS; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + dnl Really add $additional_includedir to $CPPFLAGS. + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" + fi + fi + fi + fi + dnl Potentially add $additional_libdir to $LDFLAGS. + dnl But don't add it + dnl 1. if it's the standard /usr/lib, + dnl 2. if it's already present in $LDFLAGS, + dnl 3. if it's /usr/local/lib and we are using GCC on Linux, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then + haveit= + for x in $LDFLAGS; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + dnl Really add $additional_libdir to $LDFLAGS. + LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" + fi + fi + fi + fi + fi +]) + +dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix, +dnl acl_final_exec_prefix, containing the values to which $prefix and +dnl $exec_prefix will expand at the end of the configure script. +AC_DEFUN([AC_LIB_PREPARE_PREFIX], +[ + dnl Unfortunately, prefix and exec_prefix get only finally determined + dnl at the end of configure. + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" + else + acl_final_prefix="$prefix" + fi + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" +]) + +dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the +dnl variables prefix and exec_prefix bound to the values they will have +dnl at the end of the configure script. +AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], +[ + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + $1 + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" +]) + +dnl AC_LIB_PREPARE_MULTILIB creates +dnl - a variable acl_libdirstem, containing the basename of the libdir, either +dnl "lib" or "lib64" or "lib/64", +dnl - a variable acl_libdirstem2, as a secondary possible value for +dnl acl_libdirstem, either the same as acl_libdirstem or "lib/sparcv9" or +dnl "lib/amd64". +AC_DEFUN([AC_LIB_PREPARE_MULTILIB], +[ + dnl There is no formal standard regarding lib and lib64. + dnl On glibc systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib64 and 32-bit libraries go under $prefix/lib. We determine + dnl the compiler's default mode by looking at the compiler's library search + dnl path. If at least one of its elements ends in /lib64 or points to a + dnl directory whose absolute pathname ends in /lib64, we assume a 64-bit ABI. + dnl Otherwise we use the default, namely "lib". + dnl On Solaris systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib/64 (which is a symlink to either $prefix/lib/sparcv9 or + dnl $prefix/lib/amd64) and 32-bit libraries go under $prefix/lib. + AC_REQUIRE([AC_CANONICAL_HOST]) + AC_REQUIRE([gl_HOST_CPU_C_ABI_32BIT]) + + case "$host_os" in + solaris*) + AC_CACHE_CHECK([for 64-bit host], [gl_cv_solaris_64bit], + [AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [[#ifdef _LP64 + int ok; + #else + error fail + #endif + ]])], + [gl_cv_solaris_64bit=yes], + [gl_cv_solaris_64bit=no]) + ]);; + esac + + dnl Allow the user to override the result by setting acl_cv_libdirstems. + AC_CACHE_CHECK([for the common suffixes of directories in the library search path], + [acl_cv_libdirstems], + [acl_libdirstem=lib + acl_libdirstem2= + case "$host_os" in + solaris*) + dnl See Solaris 10 Software Developer Collection > Solaris 64-bit Developer's Guide > The Development Environment + dnl . + dnl "Portable Makefiles should refer to any library directories using the 64 symbolic link." + dnl But we want to recognize the sparcv9 or amd64 subdirectory also if the + dnl symlink is missing, so we set acl_libdirstem2 too. + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; + esac + fi + ;; + *) + dnl If $CC generates code for a 32-bit ABI, the libraries are + dnl surely under $prefix/lib, not $prefix/lib64. + if test "$HOST_CPU_C_ABI_32BIT" != yes; then + dnl The result is a property of the system. However, non-system + dnl compilers sometimes have odd library search paths. Therefore + dnl prefer asking /usr/bin/gcc, if available, rather than $CC. + searchpath=`(if test -f /usr/bin/gcc \ + && LC_ALL=C /usr/bin/gcc -print-search-dirs >/dev/null 2>/dev/null; then \ + LC_ALL=C /usr/bin/gcc -print-search-dirs; \ + else \ + LC_ALL=C $CC -print-search-dirs; \ + fi) 2>/dev/null \ + | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" + acl_cv_libdirstems="$acl_libdirstem,$acl_libdirstem2" + ]) + # Decompose acl_cv_libdirstems into acl_libdirstem and acl_libdirstem2. + acl_libdirstem=`echo "$acl_cv_libdirstems" | sed -e 's/,.*//'` + acl_libdirstem2=`echo "$acl_cv_libdirstems" | sed -e '/,/s/.*,//'` +]) diff --git a/build/m4/libtool.m4 b/build/m4/libtool.m4 new file mode 100644 index 0000000..a644432 --- /dev/null +++ b/build/m4/libtool.m4 @@ -0,0 +1,8372 @@ +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- +# +# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +m4_define([_LT_COPYING], [dnl +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +]) + +# serial 58 LT_INIT + + +# LT_PREREQ(VERSION) +# ------------------ +# Complain and exit if this libtool version is less that VERSION. +m4_defun([LT_PREREQ], +[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, + [m4_default([$3], + [m4_fatal([Libtool version $1 or higher is required], + 63)])], + [$2])]) + + +# _LT_CHECK_BUILDDIR +# ------------------ +# Complain if the absolute build directory name contains unusual characters +m4_defun([_LT_CHECK_BUILDDIR], +[case `pwd` in + *\ * | *\ *) + AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; +esac +]) + + +# LT_INIT([OPTIONS]) +# ------------------ +AC_DEFUN([LT_INIT], +[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK +AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +AC_BEFORE([$0], [LT_LANG])dnl +AC_BEFORE([$0], [LT_OUTPUT])dnl +AC_BEFORE([$0], [LTDL_INIT])dnl +m4_require([_LT_CHECK_BUILDDIR])dnl + +dnl Autoconf doesn't catch unexpanded LT_ macros by default: +m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl +m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl +dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 +dnl unless we require an AC_DEFUNed macro: +AC_REQUIRE([LTOPTIONS_VERSION])dnl +AC_REQUIRE([LTSUGAR_VERSION])dnl +AC_REQUIRE([LTVERSION_VERSION])dnl +AC_REQUIRE([LTOBSOLETE_VERSION])dnl +m4_require([_LT_PROG_LTMAIN])dnl + +_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) + +dnl Parse OPTIONS +_LT_SET_OPTIONS([$0], [$1]) + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS=$ltmain + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +_LT_SETUP + +# Only expand once: +m4_define([LT_INIT]) +])# LT_INIT + +# Old names: +AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) +AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PROG_LIBTOOL], []) +dnl AC_DEFUN([AM_PROG_LIBTOOL], []) + + +# _LT_PREPARE_CC_BASENAME +# ----------------------- +m4_defun([_LT_PREPARE_CC_BASENAME], [ +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in @S|@*""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} +])# _LT_PREPARE_CC_BASENAME + + +# _LT_CC_BASENAME(CC) +# ------------------- +# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME, +# but that macro is also expanded into generated libtool script, which +# arranges for $SED and $ECHO to be set by different means. +m4_defun([_LT_CC_BASENAME], +[m4_require([_LT_PREPARE_CC_BASENAME])dnl +AC_REQUIRE([_LT_DECL_SED])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +func_cc_basename $1 +cc_basename=$func_cc_basename_result +]) + + +# _LT_FILEUTILS_DEFAULTS +# ---------------------- +# It is okay to use these file commands and assume they have been set +# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'. +m4_defun([_LT_FILEUTILS_DEFAULTS], +[: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} +])# _LT_FILEUTILS_DEFAULTS + + +# _LT_SETUP +# --------- +m4_defun([_LT_SETUP], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl + +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl +_LT_DECL([], [host_alias], [0], [The host system])dnl +_LT_DECL([], [host], [0])dnl +_LT_DECL([], [host_os], [0])dnl +dnl +_LT_DECL([], [build_alias], [0], [The build system])dnl +_LT_DECL([], [build], [0])dnl +_LT_DECL([], [build_os], [0])dnl +dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +test -z "$LN_S" && LN_S="ln -s" +_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl +dnl +AC_REQUIRE([LT_CMD_MAX_LEN])dnl +_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl +_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl +dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl +m4_require([_LT_CMD_RELOAD])dnl +m4_require([_LT_CHECK_MAGIC_METHOD])dnl +m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl +m4_require([_LT_CMD_OLD_ARCHIVE])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_WITH_SYSROOT])dnl +m4_require([_LT_CMD_TRUNCATE])dnl + +_LT_CONFIG_LIBTOOL_INIT([ +# See if we are running on zsh, and set the options that allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi +]) +if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + +_LT_CHECK_OBJDIR + +m4_require([_LT_TAG_COMPILER])dnl + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld=$lt_cv_prog_gnu_ld + +old_CC=$CC +old_CFLAGS=$CFLAGS + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + _LT_PATH_MAGIC + fi + ;; +esac + +# Use C for the default configuration in the libtool script +LT_SUPPORTED_TAG([CC]) +_LT_LANG_C_CONFIG +_LT_LANG_DEFAULT_CONFIG +_LT_CONFIG_COMMANDS +])# _LT_SETUP + + +# _LT_PREPARE_SED_QUOTE_VARS +# -------------------------- +# Define a few sed substitution that help us do robust quoting. +m4_defun([_LT_PREPARE_SED_QUOTE_VARS], +[# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +]) + +# _LT_PROG_LTMAIN +# --------------- +# Note that this code is called both from 'configure', and 'config.status' +# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, +# 'config.status' has no value for ac_aux_dir unless we are using Automake, +# so we pass a copy along to make sure it has a sensible value anyway. +m4_defun([_LT_PROG_LTMAIN], +[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl +_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) +ltmain=$ac_aux_dir/ltmain.sh +])# _LT_PROG_LTMAIN + + +## ------------------------------------- ## +## Accumulate code for creating libtool. ## +## ------------------------------------- ## + +# So that we can recreate a full libtool script including additional +# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS +# in macros and then make a single call at the end using the 'libtool' +# label. + + +# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) +# ---------------------------------------- +# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL_INIT], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_INIT], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_INIT]) + + +# _LT_CONFIG_LIBTOOL([COMMANDS]) +# ------------------------------ +# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) + + +# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) +# ----------------------------------------------------- +m4_defun([_LT_CONFIG_SAVE_COMMANDS], +[_LT_CONFIG_LIBTOOL([$1]) +_LT_CONFIG_LIBTOOL_INIT([$2]) +]) + + +# _LT_FORMAT_COMMENT([COMMENT]) +# ----------------------------- +# Add leading comment marks to the start of each line, and a trailing +# full-stop to the whole comment if one is not present already. +m4_define([_LT_FORMAT_COMMENT], +[m4_ifval([$1], [ +m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], + [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) +)]) + + + +## ------------------------ ## +## FIXME: Eliminate VARNAME ## +## ------------------------ ## + + +# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) +# ------------------------------------------------------------------- +# CONFIGNAME is the name given to the value in the libtool script. +# VARNAME is the (base) name used in the configure script. +# VALUE may be 0, 1 or 2 for a computed quote escaped value based on +# VARNAME. Any other value will be used directly. +m4_define([_LT_DECL], +[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], + [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], + [m4_ifval([$1], [$1], [$2])]) + lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) + m4_ifval([$4], + [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) + lt_dict_add_subkey([lt_decl_dict], [$2], + [tagged?], [m4_ifval([$5], [yes], [no])])]) +]) + + +# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) +# -------------------------------------------------------- +m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) + + +# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_tag_varnames], +[_lt_decl_filter([tagged?], [yes], $@)]) + + +# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) +# --------------------------------------------------------- +m4_define([_lt_decl_filter], +[m4_case([$#], + [0], [m4_fatal([$0: too few arguments: $#])], + [1], [m4_fatal([$0: too few arguments: $#: $1])], + [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], + [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], + [lt_dict_filter([lt_decl_dict], $@)])[]dnl +]) + + +# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) +# -------------------------------------------------- +m4_define([lt_decl_quote_varnames], +[_lt_decl_filter([value], [1], $@)]) + + +# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_dquote_varnames], +[_lt_decl_filter([value], [2], $@)]) + + +# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_varnames_tagged], +[m4_assert([$# <= 2])dnl +_$0(m4_quote(m4_default([$1], [[, ]])), + m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), + m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) +m4_define([_lt_decl_varnames_tagged], +[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) + + +# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_all_varnames], +[_$0(m4_quote(m4_default([$1], [[, ]])), + m4_if([$2], [], + m4_quote(lt_decl_varnames), + m4_quote(m4_shift($@))))[]dnl +]) +m4_define([_lt_decl_all_varnames], +[lt_join($@, lt_decl_varnames_tagged([$1], + lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl +]) + + +# _LT_CONFIG_STATUS_DECLARE([VARNAME]) +# ------------------------------------ +# Quote a variable value, and forward it to 'config.status' so that its +# declaration there will have the same value as in 'configure'. VARNAME +# must have a single quote delimited value for this to work. +m4_define([_LT_CONFIG_STATUS_DECLARE], +[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) + + +# _LT_CONFIG_STATUS_DECLARATIONS +# ------------------------------ +# We delimit libtool config variables with single quotes, so when +# we write them to config.status, we have to be sure to quote all +# embedded single quotes properly. In configure, this macro expands +# each variable declared with _LT_DECL (and _LT_TAGDECL) into: +# +# ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' +m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], +[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), + [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAGS +# ---------------- +# Output comment and list of tags supported by the script +m4_defun([_LT_LIBTOOL_TAGS], +[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl +available_tags='_LT_TAGS'dnl +]) + + +# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) +# ----------------------------------- +# Extract the dictionary values for VARNAME (optionally with TAG) and +# expand to a commented shell variable setting: +# +# # Some comment about what VAR is for. +# visible_name=$lt_internal_name +m4_define([_LT_LIBTOOL_DECLARE], +[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], + [description])))[]dnl +m4_pushdef([_libtool_name], + m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl +m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), + [0], [_libtool_name=[$]$1], + [1], [_libtool_name=$lt_[]$1], + [2], [_libtool_name=$lt_[]$1], + [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl +m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl +]) + + +# _LT_LIBTOOL_CONFIG_VARS +# ----------------------- +# Produce commented declarations of non-tagged libtool config variables +# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool' +# script. Tagged libtool config variables (even for the LIBTOOL CONFIG +# section) are produced by _LT_LIBTOOL_TAG_VARS. +m4_defun([_LT_LIBTOOL_CONFIG_VARS], +[m4_foreach([_lt_var], + m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAG_VARS(TAG) +# ------------------------- +m4_define([_LT_LIBTOOL_TAG_VARS], +[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) + + +# _LT_TAGVAR(VARNAME, [TAGNAME]) +# ------------------------------ +m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) + + +# _LT_CONFIG_COMMANDS +# ------------------- +# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of +# variables for single and double quote escaping we saved from calls +# to _LT_DECL, we can put quote escaped variables declarations +# into 'config.status', and then the shell code to quote escape them in +# for loops in 'config.status'. Finally, any additional code accumulated +# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. +m4_defun([_LT_CONFIG_COMMANDS], +[AC_PROVIDE_IFELSE([LT_OUTPUT], + dnl If the libtool generation code has been placed in $CONFIG_LT, + dnl instead of duplicating it all over again into config.status, + dnl then we will have config.status run $CONFIG_LT later, so it + dnl needs to know what name is stored there: + [AC_CONFIG_COMMANDS([libtool], + [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], + dnl If the libtool generation code is destined for config.status, + dnl expand the accumulated commands and init code now: + [AC_CONFIG_COMMANDS([libtool], + [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) +])#_LT_CONFIG_COMMANDS + + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], +[ + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +_LT_CONFIG_STATUS_DECLARATIONS +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$[]1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_quote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_dquote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +_LT_OUTPUT_LIBTOOL_INIT +]) + +# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) +# ------------------------------------ +# Generate a child script FILE with all initialization necessary to +# reuse the environment learned by the parent script, and make the +# file executable. If COMMENT is supplied, it is inserted after the +# '#!' sequence but before initialization text begins. After this +# macro, additional text can be appended to FILE to form the body of +# the child script. The macro ends with non-zero status if the +# file could not be fully written (such as if the disk is full). +m4_ifdef([AS_INIT_GENERATED], +[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], +[m4_defun([_LT_GENERATED_FILE_INIT], +[m4_require([AS_PREPARE])]dnl +[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl +[lt_write_fail=0 +cat >$1 <<_ASEOF || lt_write_fail=1 +#! $SHELL +# Generated by $as_me. +$2 +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$1 <<\_ASEOF || lt_write_fail=1 +AS_SHELL_SANITIZE +_AS_PREPARE +exec AS_MESSAGE_FD>&1 +_ASEOF +test 0 = "$lt_write_fail" && chmod +x $1[]dnl +m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT + +# LT_OUTPUT +# --------- +# This macro allows early generation of the libtool script (before +# AC_OUTPUT is called), incase it is used in configure for compilation +# tests. +AC_DEFUN([LT_OUTPUT], +[: ${CONFIG_LT=./config.lt} +AC_MSG_NOTICE([creating $CONFIG_LT]) +_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], +[# Run this file to recreate a libtool stub with the current configuration.]) + +cat >>"$CONFIG_LT" <<\_LTEOF +lt_cl_silent=false +exec AS_MESSAGE_LOG_FD>>config.log +{ + echo + AS_BOX([Running $as_me.]) +} >&AS_MESSAGE_LOG_FD + +lt_cl_help="\ +'$as_me' creates a local libtool stub from the current configuration, +for use in further configure time tests before the real libtool is +generated. + +Usage: $[0] [[OPTIONS]] + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + +Report bugs to ." + +lt_cl_version="\ +m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl +m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) +configured by $[0], generated by m4_PACKAGE_STRING. + +Copyright (C) 2011 Free Software Foundation, Inc. +This config.lt script is free software; the Free Software Foundation +gives unlimited permision to copy, distribute and modify it." + +while test 0 != $[#] +do + case $[1] in + --version | --v* | -V ) + echo "$lt_cl_version"; exit 0 ;; + --help | --h* | -h ) + echo "$lt_cl_help"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --quiet | --q* | --silent | --s* | -q ) + lt_cl_silent=: ;; + + -*) AC_MSG_ERROR([unrecognized option: $[1] +Try '$[0] --help' for more information.]) ;; + + *) AC_MSG_ERROR([unrecognized argument: $[1] +Try '$[0] --help' for more information.]) ;; + esac + shift +done + +if $lt_cl_silent; then + exec AS_MESSAGE_FD>/dev/null +fi +_LTEOF + +cat >>"$CONFIG_LT" <<_LTEOF +_LT_OUTPUT_LIBTOOL_COMMANDS_INIT +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AC_MSG_NOTICE([creating $ofile]) +_LT_OUTPUT_LIBTOOL_COMMANDS +AS_EXIT(0) +_LTEOF +chmod +x "$CONFIG_LT" + +# configure is writing to config.log, but config.lt does its own redirection, +# appending to config.log, which fails on DOS, as config.log is still kept +# open by configure. Here we exec the FD to /dev/null, effectively closing +# config.log, so it can be properly (re)opened and appended to by config.lt. +lt_cl_success=: +test yes = "$silent" && + lt_config_lt_args="$lt_config_lt_args --quiet" +exec AS_MESSAGE_LOG_FD>/dev/null +$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false +exec AS_MESSAGE_LOG_FD>>config.log +$lt_cl_success || AS_EXIT(1) +])# LT_OUTPUT + + +# _LT_CONFIG(TAG) +# --------------- +# If TAG is the built-in tag, create an initial libtool script with a +# default configuration from the untagged config vars. Otherwise add code +# to config.status for appending the configuration named by TAG from the +# matching tagged config vars. +m4_defun([_LT_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_CONFIG_SAVE_COMMANDS([ + m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl + m4_if(_LT_TAG, [C], [ + # See if we are running on zsh, and set the options that allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + + cfgfile=${ofile}T + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL +# Generated automatically by $as_me ($PACKAGE) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +_LT_COPYING +_LT_LIBTOOL_TAGS + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + +# ### BEGIN LIBTOOL CONFIG +_LT_LIBTOOL_CONFIG_VARS +_LT_LIBTOOL_TAG_VARS +# ### END LIBTOOL CONFIG + +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +_LT_PREPARE_MUNGE_PATH_LIST +_LT_PREPARE_CC_BASENAME + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + _LT_PROG_LTMAIN + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +], +[cat <<_LT_EOF >> "$ofile" + +dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded +dnl in a comment (ie after a #). +# ### BEGIN LIBTOOL TAG CONFIG: $1 +_LT_LIBTOOL_TAG_VARS(_LT_TAG) +# ### END LIBTOOL TAG CONFIG: $1 +_LT_EOF +])dnl /m4_if +], +[m4_if([$1], [], [ + PACKAGE='$PACKAGE' + VERSION='$VERSION' + RM='$RM' + ofile='$ofile'], []) +])dnl /_LT_CONFIG_SAVE_COMMANDS +])# _LT_CONFIG + + +# LT_SUPPORTED_TAG(TAG) +# --------------------- +# Trace this macro to discover what tags are supported by the libtool +# --tag option, using: +# autoconf --trace 'LT_SUPPORTED_TAG:$1' +AC_DEFUN([LT_SUPPORTED_TAG], []) + + +# C support is built-in for now +m4_define([_LT_LANG_C_enabled], []) +m4_define([_LT_TAGS], []) + + +# LT_LANG(LANG) +# ------------- +# Enable libtool support for the given language if not already enabled. +AC_DEFUN([LT_LANG], +[AC_BEFORE([$0], [LT_OUTPUT])dnl +m4_case([$1], + [C], [_LT_LANG(C)], + [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], + [Java], [_LT_LANG(GCJ)], + [Fortran 77], [_LT_LANG(F77)], + [Fortran], [_LT_LANG(FC)], + [Windows Resource], [_LT_LANG(RC)], + [m4_ifdef([_LT_LANG_]$1[_CONFIG], + [_LT_LANG($1)], + [m4_fatal([$0: unsupported language: "$1"])])])dnl +])# LT_LANG + + +# _LT_LANG(LANGNAME) +# ------------------ +m4_defun([_LT_LANG], +[m4_ifdef([_LT_LANG_]$1[_enabled], [], + [LT_SUPPORTED_TAG([$1])dnl + m4_append([_LT_TAGS], [$1 ])dnl + m4_define([_LT_LANG_]$1[_enabled], [])dnl + _LT_LANG_$1_CONFIG($1)])dnl +])# _LT_LANG + + +m4_ifndef([AC_PROG_GO], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + +# _LT_LANG_DEFAULT_CONFIG +# ----------------------- +m4_defun([_LT_LANG_DEFAULT_CONFIG], +[AC_PROVIDE_IFELSE([AC_PROG_CXX], + [LT_LANG(CXX)], + [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) + +AC_PROVIDE_IFELSE([AC_PROG_F77], + [LT_LANG(F77)], + [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) + +AC_PROVIDE_IFELSE([AC_PROG_FC], + [LT_LANG(FC)], + [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) + +dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal +dnl pulling things in needlessly. +AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([LT_PROG_GCJ], + [LT_LANG(GCJ)], + [m4_ifdef([AC_PROG_GCJ], + [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([A][M_PROG_GCJ], + [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([LT_PROG_GCJ], + [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) + +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + +AC_PROVIDE_IFELSE([LT_PROG_RC], + [LT_LANG(RC)], + [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) +])# _LT_LANG_DEFAULT_CONFIG + +# Obsolete macros: +AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) +AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) +AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) +AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_CXX], []) +dnl AC_DEFUN([AC_LIBTOOL_F77], []) +dnl AC_DEFUN([AC_LIBTOOL_FC], []) +dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) +dnl AC_DEFUN([AC_LIBTOOL_RC], []) + + +# _LT_TAG_COMPILER +# ---------------- +m4_defun([_LT_TAG_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl +_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl +_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl +_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_TAG_COMPILER + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +m4_defun([_LT_COMPILER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +m4_defun([_LT_LINKER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* +])# _LT_LINKER_BOILERPLATE + +# _LT_REQUIRED_DARWIN_CHECKS +# ------------------------- +m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ + case $host_os in + rhapsody* | darwin*) + AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) + AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) + AC_CHECK_TOOL([LIPO], [lipo], [:]) + AC_CHECK_TOOL([OTOOL], [otool], [:]) + AC_CHECK_TOOL([OTOOL64], [otool64], [:]) + _LT_DECL([], [DSYMUTIL], [1], + [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) + _LT_DECL([], [NMEDIT], [1], + [Tool to change global to local symbols on Mac OS X]) + _LT_DECL([], [LIPO], [1], + [Tool to manipulate fat objects and archives on Mac OS X]) + _LT_DECL([], [OTOOL], [1], + [ldd/readelf like tool for Mach-O binaries on Mac OS X]) + _LT_DECL([], [OTOOL64], [1], + [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) + + AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], + [lt_cv_apple_cc_single_mod=no + if test -z "$LT_MULTI_MODULE"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi]) + + AC_CACHE_CHECK([for -exported_symbols_list linker flag], + [lt_cv_ld_exported_symbols_list], + [lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [lt_cv_ld_exported_symbols_list=yes], + [lt_cv_ld_exported_symbols_list=no]) + LDFLAGS=$save_LDFLAGS + ]) + + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], + [lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD + echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD + $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + ]) + case $host_os in + rhapsody* | darwin1.[[012]]) + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[[012]][[,.]]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test yes = "$lt_cv_apple_cc_single_mod"; then + _lt_dar_single_mod='$single_module' + fi + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' + fi + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac +]) + + +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- +# Checks for linker and compiler features on darwin +m4_defun([_LT_DARWIN_LINKER_FEATURES], +[ + m4_require([_LT_REQUIRED_DARWIN_CHECKS]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_automatic, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + if test yes = "$lt_cv_ld_force_load"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + m4_if([$1], [CXX], +[ if test yes != "$lt_cv_apple_cc_single_mod"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" + fi +],[]) + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi +]) + +# _LT_SYS_MODULE_PATH_AIX([TAGNAME]) +# ---------------------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +# Store the results from the different compilers for each TAGNAME. +# Allow to override them for all tags through lt_cv_aix_libpath. +m4_defun([_LT_SYS_MODULE_PATH_AIX], +[m4_require([_LT_DECL_SED])dnl +if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], + [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ + lt_aix_libpath_sed='[ + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }]' + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi],[]) + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib + fi + ]) + aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) +fi +])# _LT_SYS_MODULE_PATH_AIX + + +# _LT_SHELL_INIT(ARG) +# ------------------- +m4_define([_LT_SHELL_INIT], +[m4_divert_text([M4SH-INIT], [$1 +])])# _LT_SHELL_INIT + + + +# _LT_PROG_ECHO_BACKSLASH +# ----------------------- +# Find how we can fake an echo command that does not interpret backslash. +# In particular, with Autoconf 2.60 or later we add some code to the start +# of the generated configure script that will find a shell with a builtin +# printf (that we can use as an echo command). +m4_defun([_LT_PROG_ECHO_BACKSLASH], +[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +AC_MSG_CHECKING([how to print strings]) +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$[]1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +case $ECHO in + printf*) AC_MSG_RESULT([printf]) ;; + print*) AC_MSG_RESULT([print -r]) ;; + *) AC_MSG_RESULT([cat]) ;; +esac + +m4_ifdef([_AS_DETECT_SUGGESTED], +[_AS_DETECT_SUGGESTED([ + test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test "X`printf %s $ECHO`" = "X$ECHO" \ + || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) + +_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) +_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) +])# _LT_PROG_ECHO_BACKSLASH + + +# _LT_WITH_SYSROOT +# ---------------- +AC_DEFUN([_LT_WITH_SYSROOT], +[AC_MSG_CHECKING([for sysroot]) +AC_ARG_WITH([sysroot], +[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@], + [Search for dependent libraries within DIR (or the compiler's sysroot + if not specified).])], +[], [with_sysroot=no]) + +dnl lt_sysroot will always be passed unquoted. We quote it here +dnl in case the user passed a directory name. +lt_sysroot= +case $with_sysroot in #( + yes) + if test yes = "$GCC"; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + AC_MSG_RESULT([$with_sysroot]) + AC_MSG_ERROR([The sysroot must be an absolute path.]) + ;; +esac + + AC_MSG_RESULT([${lt_sysroot:-no}]) +_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl +[dependent libraries, and where our libraries should be installed.])]) + +# _LT_ENABLE_LOCK +# --------------- +m4_defun([_LT_ENABLE_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AS_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test no = "$enable_libtool_lock" || enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE=32 + ;; + *ELF-64*) + HPUX_IA64_MODE=64 + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test yes = "$lt_cv_prog_gnu_ld"; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac + ;; + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test yes != "$lt_cv_cc_needs_belf"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS=$SAVE_CFLAGS + fi + ;; +*-*solaris*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*|x86_64-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD=${LD-ld}_sol2 + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks=$enable_libtool_lock +])# _LT_ENABLE_LOCK + + +# _LT_PROG_AR +# ----------- +m4_defun([_LT_PROG_AR], +[AC_CHECK_TOOLS(AR, [ar], false) +: ${AR=ar} +: ${AR_FLAGS=cru} +_LT_DECL([], [AR], [1], [The archiver]) +_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) + +AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], + [lt_cv_ar_at_file=no + AC_COMPILE_IFELSE([AC_LANG_PROGRAM], + [echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' + AC_TRY_EVAL([lt_ar_try]) + if test 0 -eq "$ac_status"; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + AC_TRY_EVAL([lt_ar_try]) + if test 0 -ne "$ac_status"; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + ]) + ]) + +if test no = "$lt_cv_ar_at_file"; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi +_LT_DECL([], [archiver_list_spec], [1], + [How to feed a file listing to the archiver]) +])# _LT_PROG_AR + + +# _LT_CMD_OLD_ARCHIVE +# ------------------- +m4_defun([_LT_CMD_OLD_ARCHIVE], +[_LT_PROG_AR + +AC_CHECK_TOOL(STRIP, strip, :) +test -z "$STRIP" && STRIP=: +_LT_DECL([], [STRIP], [1], [A symbol stripping program]) + +AC_CHECK_TOOL(RANLIB, ranlib, :) +test -z "$RANLIB" && RANLIB=: +_LT_DECL([], [RANLIB], [1], + [Commands used to install an old-style archive]) + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + bitrig* | openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac +_LT_DECL([], [old_postinstall_cmds], [2]) +_LT_DECL([], [old_postuninstall_cmds], [2]) +_LT_TAGDECL([], [old_archive_cmds], [2], + [Commands used to build an old-style archive]) +_LT_DECL([], [lock_old_archive_extraction], [0], + [Whether to use a lock for old archive extraction]) +])# _LT_CMD_OLD_ARCHIVE + + +# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([_LT_COMPILER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $RM conftest* +]) + +if test yes = "[$]$2"; then + m4_if([$5], , :, [$5]) +else + m4_if([$6], , :, [$6]) +fi +])# _LT_COMPILER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) + + +# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------- +# Check whether the given linker option works +AC_DEFUN([_LT_LINKER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $3" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS +]) + +if test yes = "[$]$2"; then + m4_if([$4], , :, [$4]) +else + m4_if([$5], , :, [$5]) +fi +])# _LT_LINKER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) + + +# LT_CMD_MAX_LEN +#--------------- +AC_DEFUN([LT_CMD_MAX_LEN], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring=ABCD + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test 17 != "$i" # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac +]) +if test -n "$lt_cv_sys_max_cmd_len"; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +max_cmd_len=$lt_cv_sys_max_cmd_len +_LT_DECL([], [max_cmd_len], [0], + [What is the maximum length of a command?]) +])# LT_CMD_MAX_LEN + +# Old name: +AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) + + +# _LT_HEADER_DLFCN +# ---------------- +m4_defun([_LT_HEADER_DLFCN], +[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl +])# _LT_HEADER_DLFCN + + +# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# ---------------------------------------------------------------- +m4_defun([_LT_TRY_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test yes = "$cross_compiling"; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +[#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +}] +_LT_EOF + if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_TRY_DLOPEN_SELF + + +# LT_SYS_DLOPEN_SELF +# ------------------ +AC_DEFUN([LT_SYS_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test yes != "$enable_dlopen"; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen=load_add_on + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen=LoadLibrary + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[ + lt_cv_dlopen=dyld + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen=shl_load], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen=dlopen], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test no = "$lt_cv_dlopen"; then + enable_dlopen=no + else + enable_dlopen=yes + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS=$LDFLAGS + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS=$LIBS + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test yes = "$lt_cv_dlopen_self"; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +_LT_DECL([dlopen_support], [enable_dlopen], [0], + [Whether dlopen is supported]) +_LT_DECL([dlopen_self], [enable_dlopen_self], [0], + [Whether dlopen of programs is supported]) +_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], + [Whether dlopen of statically linked programs is supported]) +])# LT_SYS_DLOPEN_SELF + +# Old name: +AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) + + +# _LT_COMPILER_C_O([TAGNAME]) +# --------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler. +# This macro does not hard code the compiler like AC_PROG_CC_C_O. +m4_defun([_LT_COMPILER_C_O], +[m4_require([_LT_DECL_SED])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* +]) +_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], + [Does compiler simultaneously support -c and -o options?]) +])# _LT_COMPILER_C_O + + +# _LT_COMPILER_FILE_LOCKS([TAGNAME]) +# ---------------------------------- +# Check to see if we can do hard links to lock some files if needed +m4_defun([_LT_COMPILER_FILE_LOCKS], +[m4_require([_LT_ENABLE_LOCK])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_COMPILER_C_O([$1]) + +hard_links=nottested +if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test no = "$hard_links"; then + AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) +])# _LT_COMPILER_FILE_LOCKS + + +# _LT_CHECK_OBJDIR +# ---------------- +m4_defun([_LT_CHECK_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +_LT_DECL([], [objdir], [0], + [The name of the directory that contains temporary libtool files])dnl +m4_pattern_allow([LT_OBJDIR])dnl +AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/", + [Define to the sub-directory where libtool stores uninstalled libraries.]) +])# _LT_CHECK_OBJDIR + + +# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) +# -------------------------------------- +# Check hardcoding attributes. +m4_defun([_LT_LINKER_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || + test -n "$_LT_TAGVAR(runpath_var, $1)" || + test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then + + # We can hardcode non-existent directories. + if test no != "$_LT_TAGVAR(hardcode_direct, $1)" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" && + test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then + # Linking always hardcodes the temporary library directory. + _LT_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) + +if test relink = "$_LT_TAGVAR(hardcode_action, $1)" || + test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi +_LT_TAGDECL([], [hardcode_action], [0], + [How to hardcode a shared library path into an executable]) +])# _LT_LINKER_HARDCODE_LIBPATH + + +# _LT_CMD_STRIPLIB +# ---------------- +m4_defun([_LT_CMD_STRIPLIB], +[m4_require([_LT_DECL_EGREP]) +striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP"; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) +_LT_DECL([], [striplib], [1]) +])# _LT_CMD_STRIPLIB + + +# _LT_PREPARE_MUNGE_PATH_LIST +# --------------------------- +# Make sure func_munge_path_list() is defined correctly. +m4_defun([_LT_PREPARE_MUNGE_PATH_LIST], +[[# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x@S|@2 in + x) + ;; + *:) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\" + ;; + x:*) + eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\" + ;; + *) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + esac +} +]])# _LT_PREPARE_PATH_LIST + + +# _LT_SYS_DYNAMIC_LINKER([TAG]) +# ----------------------------- +# PORTME Fill in your ld.so characteristics +m4_defun([_LT_SYS_DYNAMIC_LINKER], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_OBJDUMP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl +AC_MSG_CHECKING([dynamic linker characteristics]) +m4_if([$1], + [], [ +if test yes = "$GCC"; then + case $host_os in + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary... + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo = "/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[[lt_foo]]++; } + if (lt_freq[[lt_foo]] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +AC_ARG_VAR([LT_SYS_LIBRARY_PATH], +[User-defined run-time library search path.]) + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[[4-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a[(]lib.so.V[)]' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[23]].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[[3-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], + [lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [lt_cv_shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + ]) + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + +_LT_DECL([], [variables_saved_for_relink], [1], + [Variables whose values should be saved in libtool wrapper scripts and + restored at link time]) +_LT_DECL([], [need_lib_prefix], [0], + [Do we need the "lib" prefix for modules?]) +_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) +_LT_DECL([], [version_type], [0], [Library versioning type]) +_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) +_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) +_LT_DECL([], [shlibpath_overrides_runpath], [0], + [Is shlibpath searched before the hard-coded library search path?]) +_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) +_LT_DECL([], [library_names_spec], [1], + [[List of archive names. First name is the real one, the rest are links. + The last name is the one that the linker finds with -lNAME]]) +_LT_DECL([], [soname_spec], [1], + [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [install_override_mode], [1], + [Permission mode override for installation of shared libraries]) +_LT_DECL([], [postinstall_cmds], [2], + [Command to use after installation of a shared archive]) +_LT_DECL([], [postuninstall_cmds], [2], + [Command to use after uninstallation of a shared archive]) +_LT_DECL([], [finish_cmds], [2], + [Commands used to finish a libtool library installation in a directory]) +_LT_DECL([], [finish_eval], [1], + [[As "finish_cmds", except a single script fragment to be evaled but + not shown]]) +_LT_DECL([], [hardcode_into_libs], [0], + [Whether we should hardcode library paths into libraries]) +_LT_DECL([], [sys_lib_search_path_spec], [2], + [Compile-time system search path for libraries]) +_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2], + [Detected run-time system search path for libraries]) +_LT_DECL([], [configure_time_lt_sys_library_path], [2], + [Explicit LT_SYS_LIBRARY_PATH set during ./configure time]) +])# _LT_SYS_DYNAMIC_LINKER + + +# _LT_PATH_TOOL_PREFIX(TOOL) +# -------------------------- +# find a file program that can recognize shared library +AC_DEFUN([_LT_PATH_TOOL_PREFIX], +[m4_require([_LT_DECL_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="m4_if([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$1"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac]) +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +_LT_DECL([], [MAGIC_CMD], [0], + [Used to examine libraries when file_magic_cmd begins with "file"])dnl +])# _LT_PATH_TOOL_PREFIX + +# Old name: +AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) + + +# _LT_PATH_MAGIC +# -------------- +# find a file program that can recognize a shared library +m4_defun([_LT_PATH_MAGIC], +[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# _LT_PATH_MAGIC + + +# LT_PATH_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([LT_PATH_LD], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PROG_ECHO_BACKSLASH])dnl + +AC_ARG_WITH([gnu-ld], + [AS_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test no = "$withval" || with_gnu_ld=yes], + [with_gnu_ld=no])dnl + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd], +[if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi]) +rm -f conftest.i conftest2.i conftest.out]) +])# _LT_PATH_DD + + +# _LT_CMD_TRUNCATE +# ---------------- +# find command to truncate a binary pipe +m4_defun([_LT_CMD_TRUNCATE], +[m4_require([_LT_PATH_DD]) +AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin], +[printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"]) +_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1], + [Command to truncate a binary pipe]) +])# _LT_CMD_TRUNCATE + + +# _LT_CHECK_MAGIC_METHOD +# ---------------------- +# how to check for library dependencies +# -- PORTME fill in with the dynamic library characteristics +m4_defun([_LT_CHECK_MAGIC_METHOD], +[m4_require([_LT_DECL_EGREP]) +m4_require([_LT_DECL_OBJDUMP]) +AC_CACHE_CHECK([how to recognize dependent libraries], +lt_cv_deplibs_check_method, +[lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# 'unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[[4-9]]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[[45]]*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + if ( file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + +_LT_DECL([], [deplibs_check_method], [1], + [Method to check whether dependent libraries are shared objects]) +_LT_DECL([], [file_magic_cmd], [1], + [Command to use when deplibs_check_method = "file_magic"]) +_LT_DECL([], [file_magic_glob], [1], + [How to find potential files when deplibs_check_method = "file_magic"]) +_LT_DECL([], [want_nocaseglob], [1], + [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) +])# _LT_CHECK_MAGIC_METHOD + + +# LT_PATH_NM +# ---------- +# find the pathname to a BSD- or MS-compatible name lister +AC_DEFUN([LT_PATH_NM], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM=$NM +else + lt_nm_to_check=${ac_tool_prefix}nm + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break 2 + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break 2 + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS=$lt_save_ifs + done + : ${lt_cv_path_NM=no} +fi]) +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols -headers" + ;; + *) + DUMPBIN=: + ;; + esac + fi + AC_SUBST([DUMPBIN]) + if test : != "$DUMPBIN"; then + NM=$DUMPBIN + fi +fi +test -z "$NM" && NM=nm +AC_SUBST([NM]) +_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl + +AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], + [lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) + cat conftest.out >&AS_MESSAGE_LOG_FD + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest*]) +])# LT_PATH_NM + +# Old names: +AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) +AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_PROG_NM], []) +dnl AC_DEFUN([AC_PROG_NM], []) + +# _LT_CHECK_SHAREDLIB_FROM_LINKLIB +# -------------------------------- +# how to determine the name of the shared library +# associated with a specific link library. +# -- PORTME fill in with the dynamic library characteristics +m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], +[m4_require([_LT_DECL_EGREP]) +m4_require([_LT_DECL_OBJDUMP]) +m4_require([_LT_DECL_DLLTOOL]) +AC_CACHE_CHECK([how to associate runtime and link libraries], +lt_cv_sharedlib_from_linklib_cmd, +[lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd=$ECHO + ;; +esac +]) +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + +_LT_DECL([], [sharedlib_from_linklib_cmd], [1], + [Command to associate shared and link libraries]) +])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB + + +# _LT_PATH_MANIFEST_TOOL +# ---------------------- +# locate the manifest tool +m4_defun([_LT_PATH_MANIFEST_TOOL], +[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], + [lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&AS_MESSAGE_LOG_FD + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest*]) +if test yes != "$lt_cv_path_mainfest_tool"; then + MANIFEST_TOOL=: +fi +_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl +])# _LT_PATH_MANIFEST_TOOL + + +# _LT_DLL_DEF_P([FILE]) +# --------------------- +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with func_dll_def_p in the libtool script +AC_DEFUN([_LT_DLL_DEF_P], +[dnl + test DEF = "`$SED -n dnl + -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace + -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments + -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl + -e q dnl Only consider the first "real" line + $1`" dnl +])# _LT_DLL_DEF_P + + +# LT_LIB_M +# -------- +# check for math library +AC_DEFUN([LT_LIB_M], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw) + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM=-lm) + ;; +esac +AC_SUBST([LIBM]) +])# LT_LIB_M + +# Old name: +AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_CHECK_LIBM], []) + + +# _LT_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------- +m4_defun([_LT_COMPILER_NO_RTTI], +[m4_require([_LT_TAG_COMPILER])dnl + +_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test yes = "$GCC"; then + case $cc_basename in + nvcc*) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; + *) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; + esac + + _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], + [Compiler flag to turn off builtin functions]) +])# _LT_COMPILER_NO_RTTI + + +# _LT_CMD_GLOBAL_SYMBOLS +# ---------------------- +m4_defun([_LT_CMD_GLOBAL_SYMBOLS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([LT_PATH_NM])dnl +AC_REQUIRE([LT_PATH_LD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_TAG_COMPILER])dnl + +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) + if test ia64 = "$host_cpu"; then + symcode='[[ABCDEGRST]]' + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK ['"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx]" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if AC_TRY_EVAL(ac_compile); then + # Now try to grab the symbols. + nlist=conftest.nm + if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT@&t@_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT@&t@_DLSYM_CONST +#else +# define LT@&t@_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT@&t@_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[[]] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS=conftstm.$ac_objext + CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test yes = "$pipe_works"; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + +_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], + [Take the output of nm and produce a listing of raw symbols and C names]) +_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], + [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1], + [Transform the output of nm into a list of symbols to manually relocate]) +_LT_DECL([global_symbol_to_c_name_address], + [lt_cv_sys_global_symbol_to_c_name_address], [1], + [Transform the output of nm in a C name address pair]) +_LT_DECL([global_symbol_to_c_name_address_lib_prefix], + [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], + [Transform the output of nm in a C name address pair when lib prefix is needed]) +_LT_DECL([nm_interface], [lt_cv_nm_interface], [1], + [The name lister interface]) +_LT_DECL([], [nm_file_list_spec], [1], + [Specify filename containing input files for $NM]) +]) # _LT_CMD_GLOBAL_SYMBOLS + + +# _LT_COMPILER_PIC([TAGNAME]) +# --------------------------- +m4_defun([_LT_COMPILER_PIC], +[m4_require([_LT_TAG_COMPILER])dnl +_LT_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_TAGVAR(lt_prog_compiler_static, $1)= + +m4_if([$1], [CXX], [ + # C++ specific cases for pic, static, wl, etc. + if test yes = "$GXX"; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix[[4-9]]*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + if test ia64 != "$host_cpu"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64, which still supported -KPIC. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test yes = "$GCC"; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' + _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' + ;; + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + rdos*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" + ;; +esac + +AC_CACHE_CHECK([for $compiler option to produce PIC], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) +_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], + [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], + [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], + [Additional compiler flags for building library objects]) + +_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], + [How to pass a linker flag through the compiler]) +# +# Check to make sure the static flag actually works. +# +wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" +_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) +_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], + [Compiler flag to prevent dynamic linking]) +])# _LT_COMPILER_PIC + + +# _LT_LINKER_SHLIBS([TAGNAME]) +# ---------------------------- +# See if the linker supports building shared libraries. +m4_defun([_LT_LINKER_SHLIBS], +[AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +m4_if([$1], [CXX], [ + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + case $host_os in + aix[[4-9]]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds + ;; + cygwin* | mingw* | cegcc*) + case $cc_basename in + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + ;; + esac + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac +], [ + runpath_var= + _LT_TAGVAR(allow_undefined_flag, $1)= + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(archive_cmds, $1)= + _LT_TAGVAR(archive_expsym_cmds, $1)= + _LT_TAGVAR(compiler_needs_object, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(hardcode_automatic, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_separator, $1)= + _LT_TAGVAR(hardcode_minus_L, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(inherit_rpath, $1)=no + _LT_TAGVAR(link_all_deplibs, $1)=unknown + _LT_TAGVAR(module_cmds, $1)= + _LT_TAGVAR(module_expsym_cmds, $1)= + _LT_TAGVAR(old_archive_from_new_cmds, $1)= + _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_TAGVAR(thread_safe_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. +dnl Note also adjust exclude_expsyms for C++ above. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test yes != "$GCC"; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd* | bitrig*) + with_gnu_ld=no + ;; + esac + + _LT_TAGVAR(ld_shlibs, $1)=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test yes = "$with_gnu_ld"; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; + *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test yes = "$lt_use_gnu_ld_interface"; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='$wl' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[[3-9]]*) + # On AIX/PPC, the GNU linker is very broken + if test ia64 != "$host_cpu"; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test linux-dietlibc = "$host_os"; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test no = "$tmp_diet" + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + _LT_TAGVAR(whole_archive_flag_spec, $1)= + tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; + xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + + if test yes = "$supports_anon_versioning"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + tcc*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' + ;; + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then + runpath_var= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix[[4-9]]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then + aix_use_runtimelinking=yes + break + fi + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac + + if test yes = "$GCC"; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + bsdi[[45]]*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + esac + ;; + + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + ;; + + hpux10*) + if test yes,no = "$GCC,$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test yes,no = "$GCC,$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + m4_if($1, [], [ + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + _LT_LINKER_OPTION([if $CC understands -b], + _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) + ;; + esac + fi + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], + [lt_cv_irix_exported_symbol], + [save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" + AC_LINK_IFELSE( + [AC_LANG_SOURCE( + [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], + [C++], [[int foo (void) { return 0; }]], + [Fortran 77], [[ + subroutine foo + end]], + [Fortran], [[ + subroutine foo + end]])])], + [lt_cv_irix_exported_symbol=yes], + [lt_cv_irix_exported_symbol=no]) + LDFLAGS=$save_LDFLAGS]) + if test yes = "$lt_cv_irix_exported_symbol"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + fi + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(ld_shlibs, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *nto* | *qnx*) + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + fi + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + osf3*) + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' + if test yes = "$GCC"; then + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. GCC discards it without '$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test yes = "$GCC"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + fi + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test sequent = "$host_vendor"; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + if test sni = "$host_vendor"; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym' + ;; + esac + fi + fi +]) +AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) +test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no + +_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld + +_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl +_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl +_LT_DECL([], [extract_expsyms_cmds], [2], + [The commands to extract the exported symbol list from a shared archive]) + +# +# Do we need to explicitly link libc? +# +case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $_LT_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_CACHE_CHECK([whether -lc should be explicitly linked in], + [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), + [$RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + ]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) + ;; + esac + fi + ;; +esac + +_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], + [Whether or not to add -lc for building shared libraries]) +_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], + [enable_shared_with_static_runtimes], [0], + [Whether or not to disallow shared libs when runtime libs are static]) +_LT_TAGDECL([], [export_dynamic_flag_spec], [1], + [Compiler flag to allow reflexive dlopens]) +_LT_TAGDECL([], [whole_archive_flag_spec], [1], + [Compiler flag to generate shared objects directly from archives]) +_LT_TAGDECL([], [compiler_needs_object], [1], + [Whether the compiler copes with passing no objects directly]) +_LT_TAGDECL([], [old_archive_from_new_cmds], [2], + [Create an old-style archive from a shared archive]) +_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], + [Create a temporary old-style archive to link instead of a shared archive]) +_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) +_LT_TAGDECL([], [archive_expsym_cmds], [2]) +_LT_TAGDECL([], [module_cmds], [2], + [Commands used to build a loadable module if different from building + a shared archive.]) +_LT_TAGDECL([], [module_expsym_cmds], [2]) +_LT_TAGDECL([], [with_gnu_ld], [1], + [Whether we are building with GNU ld or not]) +_LT_TAGDECL([], [allow_undefined_flag], [1], + [Flag that allows shared libraries with undefined symbols to be built]) +_LT_TAGDECL([], [no_undefined_flag], [1], + [Flag that enforces no undefined symbols]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], + [Flag to hardcode $libdir into a binary during linking. + This must work even if $libdir does not exist]) +_LT_TAGDECL([], [hardcode_libdir_separator], [1], + [Whether we need a single "-rpath" flag with a separated argument]) +_LT_TAGDECL([], [hardcode_direct], [0], + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes + DIR into the resulting binary]) +_LT_TAGDECL([], [hardcode_direct_absolute], [0], + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes + DIR into the resulting binary and the resulting library dependency is + "absolute", i.e impossible to change by setting $shlibpath_var if the + library is relocated]) +_LT_TAGDECL([], [hardcode_minus_L], [0], + [Set to "yes" if using the -LDIR flag during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_shlibpath_var], [0], + [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_automatic], [0], + [Set to "yes" if building a shared library automatically hardcodes DIR + into the library and all subsequent libraries and executables linked + against it]) +_LT_TAGDECL([], [inherit_rpath], [0], + [Set to yes if linker adds runtime paths of dependent libraries + to runtime path list]) +_LT_TAGDECL([], [link_all_deplibs], [0], + [Whether libtool must link a program against all its dependency libraries]) +_LT_TAGDECL([], [always_export_symbols], [0], + [Set to "yes" if exported symbols are required]) +_LT_TAGDECL([], [export_symbols_cmds], [2], + [The commands to list exported symbols]) +_LT_TAGDECL([], [exclude_expsyms], [1], + [Symbols that should not be listed in the preloaded symbols]) +_LT_TAGDECL([], [include_expsyms], [1], + [Symbols that must always be exported]) +_LT_TAGDECL([], [prelink_cmds], [2], + [Commands necessary for linking programs (against libraries) with templates]) +_LT_TAGDECL([], [postlink_cmds], [2], + [Commands necessary for finishing linking programs]) +_LT_TAGDECL([], [file_list_spec], [1], + [Specify filename containing input files]) +dnl FIXME: Not yet implemented +dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], +dnl [Compiler flag to generate thread safe objects]) +])# _LT_LINKER_SHLIBS + + +# _LT_LANG_C_CONFIG([TAG]) +# ------------------------ +# Ensure that the configuration variables for a C compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_C_CONFIG], +[m4_require([_LT_DECL_EGREP])dnl +lt_save_CC=$CC +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + +_LT_TAG_COMPILER +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + LT_SYS_DLOPEN_SELF + _LT_CMD_STRIPLIB + + # Report what library types will actually be built + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[[4-9]]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_CONFIG($1) +fi +AC_LANG_POP +CC=$lt_save_CC +])# _LT_LANG_C_CONFIG + + +# _LT_LANG_CXX_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a C++ compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_CXX_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +if test -n "$CXX" && ( test no != "$CXX" && + ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || + (test g++ != "$CXX"))); then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi + +AC_LANG_PUSH(C++) +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(compiler_needs_object, $1)=no +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_caught_CXX_error"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_CFLAGS=$CFLAGS + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + CFLAGS=$CXXFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test yes = "$GXX"; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + else + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + fi + + if test yes = "$GXX"; then + # Set up default GNU C++ configuration + + LT_PATH_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test yes = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='$wl' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + _LT_TAGVAR(ld_shlibs, $1)=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aix[[4-9]]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac + + if test yes = "$GXX"; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag=$shared_flag' $wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + # The "-G" linker flag allows undefined symbols. + _LT_TAGVAR(no_undefined_flag, $1)='-bernotok' + # Determine the default libpath from the value encoded in an empty + # executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + case $GXX,$cc_basename in + ,cl* | no,cl*) + # Native MSVC + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # g++ + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + freebsd2.*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + freebsd-elf*) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + hpux9*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' + fi + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + ;; + xl* | mpixl* | bgxl*) + # IBM XL 8.0 on PPC, with GNU ld + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + if test yes = "$supports_anon_versioning"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + fi + output_verbose_link_cmd=func_echo_all + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + case $host in + osf3*) + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + ;; + *) + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ + $RM $lib.exp' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + case $host in + osf3*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + else + # g++ 2.7 appears to require '-G' NOT '-shared' on this + # platform. + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + fi + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ + '"$_LT_TAGVAR(old_archive_cmds, $1)" + _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ + '"$_LT_TAGVAR(reload_cmds, $1)" + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) + test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no + + _LT_TAGVAR(GCC, $1)=$GXX + _LT_TAGVAR(LD, $1)=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test yes != "$_lt_caught_CXX_error" + +AC_LANG_POP +])# _LT_LANG_CXX_CONFIG + + +# _LT_FUNC_STRIPNAME_CNF +# ---------------------- +# func_stripname_cnf prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# +# This function is identical to the (non-XSI) version of func_stripname, +# except this one can be used by m4 code that may be executed by configure, +# rather than the libtool script. +m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl +AC_REQUIRE([_LT_DECL_SED]) +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) +func_stripname_cnf () +{ + case @S|@2 in + .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;; + *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;; + esac +} # func_stripname_cnf +])# _LT_FUNC_STRIPNAME_CNF + + +# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) +# --------------------------------- +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +m4_defun([_LT_SYS_HIDDEN_LIBDEPS], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl +# Dependencies to place before and after the object being linked: +_LT_TAGVAR(predep_objects, $1)= +_LT_TAGVAR(postdep_objects, $1)= +_LT_TAGVAR(predeps, $1)= +_LT_TAGVAR(postdeps, $1)= +_LT_TAGVAR(compiler_lib_search_path, $1)= + +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF +int a; +void foo (void) { a = 0; } +_LT_EOF +], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF +], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer*4 a + a=0 + return + end +_LT_EOF +], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer a + a=0 + return + end +_LT_EOF +], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF +public class foo { + private int a; + public void bar (void) { + a = 0; + } +}; +_LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF +]) + +_lt_libdeps_save_CFLAGS=$CFLAGS +case "$CC $CFLAGS " in #( +*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; +*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; +esac + +dnl Parse the compiler output and extract the necessary +dnl objects, libraries and library flags. +if AC_TRY_EVAL(ac_compile); then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case $prev$p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test x-L = "$p" || + test x-R = "$p"; then + prev=$p + continue + fi + + # Expand the sysroot to ease extracting the directories later. + if test -z "$prev"; then + case $p in + -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; + -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; + -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; + esac + fi + case $p in + =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; + esac + if test no = "$pre_test_object_deps_done"; then + case $prev in + -L | -R) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then + _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p + else + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$_LT_TAGVAR(postdeps, $1)"; then + _LT_TAGVAR(postdeps, $1)=$prev$p + else + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p" + fi + fi + prev= + ;; + + *.lto.$objext) ;; # Ignore GCC LTO objects + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test no = "$pre_test_object_deps_done"; then + if test -z "$_LT_TAGVAR(predep_objects, $1)"; then + _LT_TAGVAR(predep_objects, $1)=$p + else + _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" + fi + else + if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then + _LT_TAGVAR(postdep_objects, $1)=$p + else + _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling $1 test program" +fi + +$RM -f confest.$objext +CFLAGS=$_lt_libdeps_save_CFLAGS + +# PORTME: override above test on systems where it is broken +m4_if([$1], [CXX], +[case $host_os in +interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_TAGVAR(predep_objects,$1)= + _LT_TAGVAR(postdep_objects,$1)= + _LT_TAGVAR(postdeps,$1)= + ;; +esac +]) + +case " $_LT_TAGVAR(postdeps, $1) " in +*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; +esac + _LT_TAGVAR(compiler_lib_search_dirs, $1)= +if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'` +fi +_LT_TAGDECL([], [compiler_lib_search_dirs], [1], + [The directories searched by this compiler when creating a shared library]) +_LT_TAGDECL([], [predep_objects], [1], + [Dependencies to place before and after the objects being linked to + create a shared library]) +_LT_TAGDECL([], [postdep_objects], [1]) +_LT_TAGDECL([], [predeps], [1]) +_LT_TAGDECL([], [postdeps], [1]) +_LT_TAGDECL([], [compiler_lib_search_path], [1], + [The library search path used internally by the compiler when linking + a shared library]) +])# _LT_SYS_HIDDEN_LIBDEPS + + +# _LT_LANG_F77_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a Fortran 77 compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_F77_CONFIG], +[AC_LANG_PUSH(Fortran 77) +if test -z "$F77" || test no = "$F77"; then + _lt_disable_F77=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the F77 compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_disable_F77"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${F77-"f77"} + CFLAGS=$FFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + GCC=$G77 + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)=$G77 + _LT_TAGVAR(LD, $1)=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test yes != "$_lt_disable_F77" + +AC_LANG_POP +])# _LT_LANG_F77_CONFIG + + +# _LT_LANG_FC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for a Fortran compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_FC_CONFIG], +[AC_LANG_PUSH(Fortran) + +if test -z "$FC" || test no = "$FC"; then + _lt_disable_FC=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for fc test sources. +ac_ext=${ac_fc_srcext-f} + +# Object file extension for compiled fc test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the FC compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_disable_FC"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${FC-"f95"} + CFLAGS=$FCFLAGS + compiler=$CC + GCC=$ac_cv_fc_compiler_gnu + + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu + _LT_TAGVAR(LD, $1)=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test yes != "$_lt_disable_FC" + +AC_LANG_POP +])# _LT_LANG_FC_CONFIG + + +# _LT_LANG_GCJ_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Java Compiler compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_GCJ_CONFIG], +[AC_REQUIRE([LT_PROG_GCJ])dnl +AC_LANG_SAVE + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GCJ-"gcj"} +CFLAGS=$GCJFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)=$LD +_LT_CC_BASENAME([$compiler]) + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GCJ_CONFIG + + +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)=$LD +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + +# _LT_LANG_RC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for the Windows resource compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_RC_CONFIG], +[AC_REQUIRE([LT_PROG_RC])dnl +AC_LANG_SAVE + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + +# Code to be used in simple link tests +lt_simple_link_test_code=$lt_simple_compile_test_code + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC= +CC=${RC-"windres"} +CFLAGS= +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) +_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + +if test -n "$compiler"; then + : + _LT_CONFIG($1) +fi + +GCC=$lt_save_GCC +AC_LANG_RESTORE +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_RC_CONFIG + + +# LT_PROG_GCJ +# ----------- +AC_DEFUN([LT_PROG_GCJ], +[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], + [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], + [AC_CHECK_TOOL(GCJ, gcj,) + test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS)])])[]dnl +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_GCJ], []) + + +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + +# LT_PROG_RC +# ---------- +AC_DEFUN([LT_PROG_RC], +[AC_CHECK_TOOL(RC, windres,) +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_RC], []) + + +# _LT_DECL_EGREP +# -------------- +# If we don't have a new enough Autoconf to choose the best grep +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_EGREP], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_REQUIRE([AC_PROG_FGREP])dnl +test -z "$GREP" && GREP=grep +_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) +_LT_DECL([], [EGREP], [1], [An ERE matcher]) +_LT_DECL([], [FGREP], [1], [A literal string matcher]) +dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too +AC_SUBST([GREP]) +]) + + +# _LT_DECL_OBJDUMP +# -------------- +# If we don't have a new enough Autoconf to choose the best objdump +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_OBJDUMP], +[AC_CHECK_TOOL(OBJDUMP, objdump, false) +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) +AC_SUBST([OBJDUMP]) +]) + +# _LT_DECL_DLLTOOL +# ---------------- +# Ensure DLLTOOL variable is set. +m4_defun([_LT_DECL_DLLTOOL], +[AC_CHECK_TOOL(DLLTOOL, dlltool, false) +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program]) +AC_SUBST([DLLTOOL]) +]) + +# _LT_DECL_SED +# ------------ +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +m4_defun([_LT_DECL_SED], +[AC_PROG_SED +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" +_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) +_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], + [Sed that helps us avoid accidentally triggering echo(1) options like -n]) +])# _LT_DECL_SED + +m4_ifndef([AC_PROG_SED], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ + +m4_defun([AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +IFS=$as_save_IFS +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f "$lt_ac_sed" && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test 10 -lt "$lt_ac_count" && break + lt_ac_count=`expr $lt_ac_count + 1` + if test "$lt_ac_count" -gt "$lt_ac_max"; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_SUBST([SED]) +AC_MSG_RESULT([$SED]) +])#AC_PROG_SED +])#m4_ifndef + +# Old name: +AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_SED], []) + + +# _LT_CHECK_SHELL_FEATURES +# ------------------------ +# Find out whether the shell is Bourne or XSI compatible, +# or has some other useful features. +m4_defun([_LT_CHECK_SHELL_FEATURES], +[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi +_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac +_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl +_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl +])# _LT_CHECK_SHELL_FEATURES + + +# _LT_PATH_CONVERSION_FUNCTIONS +# ----------------------------- +# Determine what file name conversion functions should be used by +# func_to_host_file (and, implicitly, by func_to_host_path). These are needed +# for certain cross-compile configurations and native mingw. +m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_MSG_CHECKING([how to convert $build file names to $host format]) +AC_CACHE_VAL(lt_cv_to_host_file_cmd, +[case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac +]) +to_host_file_cmd=$lt_cv_to_host_file_cmd +AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) +_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], + [0], [convert $build file names to $host format])dnl + +AC_MSG_CHECKING([how to convert $build file names to toolchain format]) +AC_CACHE_VAL(lt_cv_to_tool_file_cmd, +[#assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac +]) +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) +_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], + [0], [convert $build files to toolchain format])dnl +])# _LT_PATH_CONVERSION_FUNCTIONS diff --git a/build/m4/ltoptions.m4 b/build/m4/ltoptions.m4 new file mode 100644 index 0000000..94b0829 --- /dev/null +++ b/build/m4/ltoptions.m4 @@ -0,0 +1,437 @@ +# Helper functions for option handling. -*- Autoconf -*- +# +# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software +# Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 8 ltoptions.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) + + +# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) +# ------------------------------------------ +m4_define([_LT_MANGLE_OPTION], +[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) + + +# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) +# --------------------------------------- +# Set option OPTION-NAME for macro MACRO-NAME, and if there is a +# matching handler defined, dispatch to it. Other OPTION-NAMEs are +# saved as a flag. +m4_define([_LT_SET_OPTION], +[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl +m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), + _LT_MANGLE_DEFUN([$1], [$2]), + [m4_warning([Unknown $1 option '$2'])])[]dnl +]) + + +# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) +# ------------------------------------------------------------ +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +m4_define([_LT_IF_OPTION], +[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) + + +# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) +# ------------------------------------------------------- +# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME +# are set. +m4_define([_LT_UNLESS_OPTIONS], +[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), + [m4_define([$0_found])])])[]dnl +m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 +])[]dnl +]) + + +# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) +# ---------------------------------------- +# OPTION-LIST is a space-separated list of Libtool options associated +# with MACRO-NAME. If any OPTION has a matching handler declared with +# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about +# the unknown option and exit. +m4_defun([_LT_SET_OPTIONS], +[# Set options +m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [_LT_SET_OPTION([$1], _LT_Option)]) + +m4_if([$1],[LT_INIT],[ + dnl + dnl Simply set some default values (i.e off) if boolean options were not + dnl specified: + _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no + ]) + _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no + ]) + dnl + dnl If no reference was made to various pairs of opposing options, then + dnl we run the default mode handler for the pair. For example, if neither + dnl 'shared' nor 'disable-shared' was passed, we enable building of shared + dnl archives by default: + _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) + _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], + [_LT_ENABLE_FAST_INSTALL]) + _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4], + [_LT_WITH_AIX_SONAME([aix])]) + ]) +])# _LT_SET_OPTIONS + + +## --------------------------------- ## +## Macros to handle LT_INIT options. ## +## --------------------------------- ## + +# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) +# ----------------------------------------- +m4_define([_LT_MANGLE_DEFUN], +[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) + + +# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) +# ----------------------------------------------- +m4_define([LT_OPTION_DEFINE], +[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl +])# LT_OPTION_DEFINE + + +# dlopen +# ------ +LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes +]) + +AU_DEFUN([AC_LIBTOOL_DLOPEN], +[_LT_SET_OPTION([LT_INIT], [dlopen]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the 'dlopen' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) + + +# win32-dll +# --------- +# Declare package support for building win32 dll's. +LT_OPTION_DEFINE([LT_INIT], [win32-dll], +[enable_win32_dll=yes + +case $host in +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +esac + +test -z "$AS" && AS=as +_LT_DECL([], [AS], [1], [Assembler program])dnl + +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl + +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl +])# win32-dll + +AU_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +_LT_SET_OPTION([LT_INIT], [win32-dll]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the 'win32-dll' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) + + +# _LT_ENABLE_SHARED([DEFAULT]) +# ---------------------------- +# implement the --enable-shared flag, and supports the 'shared' and +# 'disable-shared' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. +m4_define([_LT_ENABLE_SHARED], +[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([shared], + [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) + + _LT_DECL([build_libtool_libs], [enable_shared], [0], + [Whether or not to build shared libraries]) +])# _LT_ENABLE_SHARED + +LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) +]) + +AC_DEFUN([AC_DISABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], [disable-shared]) +]) + +AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_SHARED], []) +dnl AC_DEFUN([AM_DISABLE_SHARED], []) + + + +# _LT_ENABLE_STATIC([DEFAULT]) +# ---------------------------- +# implement the --enable-static flag, and support the 'static' and +# 'disable-static' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. +m4_define([_LT_ENABLE_STATIC], +[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([static], + [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [enable_static=]_LT_ENABLE_STATIC_DEFAULT) + + _LT_DECL([build_old_libs], [enable_static], [0], + [Whether or not to build static libraries]) +])# _LT_ENABLE_STATIC + +LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) +]) + +AC_DEFUN([AC_DISABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], [disable-static]) +]) + +AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_STATIC], []) +dnl AC_DEFUN([AM_DISABLE_STATIC], []) + + + +# _LT_ENABLE_FAST_INSTALL([DEFAULT]) +# ---------------------------------- +# implement the --enable-fast-install flag, and support the 'fast-install' +# and 'disable-fast-install' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. +m4_define([_LT_ENABLE_FAST_INSTALL], +[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([fast-install], + [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) + +_LT_DECL([fast_install], [enable_fast_install], [0], + [Whether or not to optimize for fast installation])dnl +])# _LT_ENABLE_FAST_INSTALL + +LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) + +# Old names: +AU_DEFUN([AC_ENABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the 'fast-install' option into LT_INIT's first parameter.]) +]) + +AU_DEFUN([AC_DISABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the 'disable-fast-install' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) +dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) + + +# _LT_WITH_AIX_SONAME([DEFAULT]) +# ---------------------------------- +# implement the --with-aix-soname flag, and support the `aix-soname=aix' +# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT +# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'. +m4_define([_LT_WITH_AIX_SONAME], +[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl +shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[[5-9]]*,yes) + AC_MSG_CHECKING([which variant of shared library versioning to provide]) + AC_ARG_WITH([aix-soname], + [AS_HELP_STRING([--with-aix-soname=aix|svr4|both], + [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])], + [case $withval in + aix|svr4|both) + ;; + *) + AC_MSG_ERROR([Unknown argument to --with-aix-soname]) + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname], + [AC_CACHE_VAL([lt_cv_with_aix_soname], + [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT) + with_aix_soname=$lt_cv_with_aix_soname]) + AC_MSG_RESULT([$with_aix_soname]) + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + +_LT_DECL([], [shared_archive_member_spec], [0], + [Shared archive member basename, for filename based shared library versioning on AIX])dnl +])# _LT_WITH_AIX_SONAME + +LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])]) + + +# _LT_WITH_PIC([MODE]) +# -------------------- +# implement the --with-pic flag, and support the 'pic-only' and 'no-pic' +# LT_INIT options. +# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'. +m4_define([_LT_WITH_PIC], +[AC_ARG_WITH([pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [pic_mode=m4_default([$1], [default])]) + +_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl +])# _LT_WITH_PIC + +LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) + +# Old name: +AU_DEFUN([AC_LIBTOOL_PICMODE], +[_LT_SET_OPTION([LT_INIT], [pic-only]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the 'pic-only' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) + +## ----------------- ## +## LTDL_INIT Options ## +## ----------------- ## + +m4_define([_LTDL_MODE], []) +LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], + [m4_define([_LTDL_MODE], [nonrecursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [recursive], + [m4_define([_LTDL_MODE], [recursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [subproject], + [m4_define([_LTDL_MODE], [subproject])]) + +m4_define([_LTDL_TYPE], []) +LT_OPTION_DEFINE([LTDL_INIT], [installable], + [m4_define([_LTDL_TYPE], [installable])]) +LT_OPTION_DEFINE([LTDL_INIT], [convenience], + [m4_define([_LTDL_TYPE], [convenience])]) diff --git a/build/m4/ltsugar.m4 b/build/m4/ltsugar.m4 new file mode 100644 index 0000000..48bc934 --- /dev/null +++ b/build/m4/ltsugar.m4 @@ -0,0 +1,124 @@ +# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- +# +# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software +# Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltsugar.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) + + +# lt_join(SEP, ARG1, [ARG2...]) +# ----------------------------- +# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their +# associated separator. +# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier +# versions in m4sugar had bugs. +m4_define([lt_join], +[m4_if([$#], [1], [], + [$#], [2], [[$2]], + [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) +m4_define([_lt_join], +[m4_if([$#$2], [2], [], + [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) + + +# lt_car(LIST) +# lt_cdr(LIST) +# ------------ +# Manipulate m4 lists. +# These macros are necessary as long as will still need to support +# Autoconf-2.59, which quotes differently. +m4_define([lt_car], [[$1]]) +m4_define([lt_cdr], +[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], + [$#], 1, [], + [m4_dquote(m4_shift($@))])]) +m4_define([lt_unquote], $1) + + +# lt_append(MACRO-NAME, STRING, [SEPARATOR]) +# ------------------------------------------ +# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'. +# Note that neither SEPARATOR nor STRING are expanded; they are appended +# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). +# No SEPARATOR is output if MACRO-NAME was previously undefined (different +# than defined and empty). +# +# This macro is needed until we can rely on Autoconf 2.62, since earlier +# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. +m4_define([lt_append], +[m4_define([$1], + m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) + + + +# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) +# ---------------------------------------------------------- +# Produce a SEP delimited list of all paired combinations of elements of +# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list +# has the form PREFIXmINFIXSUFFIXn. +# Needed until we can rely on m4_combine added in Autoconf 2.62. +m4_define([lt_combine], +[m4_if(m4_eval([$# > 3]), [1], + [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl +[[m4_foreach([_Lt_prefix], [$2], + [m4_foreach([_Lt_suffix], + ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, + [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) + + +# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) +# ----------------------------------------------------------------------- +# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited +# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. +m4_define([lt_if_append_uniq], +[m4_ifdef([$1], + [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], + [lt_append([$1], [$2], [$3])$4], + [$5])], + [lt_append([$1], [$2], [$3])$4])]) + + +# lt_dict_add(DICT, KEY, VALUE) +# ----------------------------- +m4_define([lt_dict_add], +[m4_define([$1($2)], [$3])]) + + +# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) +# -------------------------------------------- +m4_define([lt_dict_add_subkey], +[m4_define([$1($2:$3)], [$4])]) + + +# lt_dict_fetch(DICT, KEY, [SUBKEY]) +# ---------------------------------- +m4_define([lt_dict_fetch], +[m4_ifval([$3], + m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), + m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) + + +# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) +# ----------------------------------------------------------------- +m4_define([lt_if_dict_fetch], +[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], + [$5], + [$6])]) + + +# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) +# -------------------------------------------------------------- +m4_define([lt_dict_filter], +[m4_if([$5], [], [], + [lt_join(m4_quote(m4_default([$4], [[, ]])), + lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), + [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl +]) diff --git a/build/m4/ltversion.m4 b/build/m4/ltversion.m4 new file mode 100644 index 0000000..fa04b52 --- /dev/null +++ b/build/m4/ltversion.m4 @@ -0,0 +1,23 @@ +# ltversion.m4 -- version numbers -*- Autoconf -*- +# +# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# @configure_input@ + +# serial 4179 ltversion.m4 +# This file is part of GNU Libtool + +m4_define([LT_PACKAGE_VERSION], [2.4.6]) +m4_define([LT_PACKAGE_REVISION], [2.4.6]) + +AC_DEFUN([LTVERSION_VERSION], +[macro_version='2.4.6' +macro_revision='2.4.6' +_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) +_LT_DECL(, macro_revision, 0) +]) diff --git a/build/m4/lt~obsolete.m4 b/build/m4/lt~obsolete.m4 new file mode 100644 index 0000000..c6b26f8 --- /dev/null +++ b/build/m4/lt~obsolete.m4 @@ -0,0 +1,99 @@ +# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- +# +# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software +# Foundation, Inc. +# Written by Scott James Remnant, 2004. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 5 lt~obsolete.m4 + +# These exist entirely to fool aclocal when bootstrapping libtool. +# +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN), +# which have later been changed to m4_define as they aren't part of the +# exported API, or moved to Autoconf or Automake where they belong. +# +# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN +# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us +# using a macro with the same name in our local m4/libtool.m4 it'll +# pull the old libtool.m4 in (it doesn't see our shiny new m4_define +# and doesn't know about Autoconf macros at all.) +# +# So we provide this file, which has a silly filename so it's always +# included after everything else. This provides aclocal with the +# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything +# because those macros already exist, or will be overwritten later. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# +# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. +# Yes, that means every name once taken will need to remain here until +# we give up compatibility with versions before 1.7, at which point +# we need to keep only those names which we still refer to. + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) + +m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) +m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) +m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) +m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) +m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) +m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) +m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) +m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) +m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) +m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) +m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) +m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) +m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) +m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) +m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) +m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) +m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) +m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) +m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) +m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) +m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) +m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) +m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) +m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) +m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) +m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) +m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) +m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) +m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) +m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) +m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) +m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) +m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) +m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) +m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) +m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) +m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) +m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) +m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) +m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) +m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) +m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) +m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) +m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) +m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) +m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) +m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) +m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) +m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) +m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) diff --git a/build/m4/nls.m4 b/build/m4/nls.m4 new file mode 100644 index 0000000..b62f614 --- /dev/null +++ b/build/m4/nls.m4 @@ -0,0 +1,32 @@ +# nls.m4 serial 5 (gettext-0.18) +dnl Copyright (C) 1995-2003, 2005-2006, 2008-2014, 2016, 2019 Free Software +dnl Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. +dnl +dnl This file can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2003. + +AC_PREREQ([2.50]) + +AC_DEFUN([AM_NLS], +[ + AC_MSG_CHECKING([whether NLS is requested]) + dnl Default is enabled NLS + AC_ARG_ENABLE([nls], + [ --disable-nls do not use Native Language Support], + USE_NLS=$enableval, USE_NLS=yes) + AC_MSG_RESULT([$USE_NLS]) + AC_SUBST([USE_NLS]) +]) diff --git a/build/m4/po.m4 b/build/m4/po.m4 new file mode 100644 index 0000000..143792d --- /dev/null +++ b/build/m4/po.m4 @@ -0,0 +1,450 @@ +# po.m4 serial 30 (gettext-0.20) +dnl Copyright (C) 1995-2014, 2016, 2018-2019 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. +dnl +dnl This file can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2003. + +AC_PREREQ([2.60]) + +dnl Checks for all prerequisites of the po subdirectory. +AC_DEFUN([AM_PO_SUBDIRS], +[ + AC_REQUIRE([AC_PROG_MAKE_SET])dnl + AC_REQUIRE([AC_PROG_INSTALL])dnl + AC_REQUIRE([AC_PROG_MKDIR_P])dnl + AC_REQUIRE([AC_PROG_SED])dnl + AC_REQUIRE([AM_NLS])dnl + + dnl Release version of the gettext macros. This is used to ensure that + dnl the gettext macros and po/Makefile.in.in are in sync. + AC_SUBST([GETTEXT_MACRO_VERSION], [0.20]) + + dnl Perform the following tests also if --disable-nls has been given, + dnl because they are needed for "make dist" to work. + + dnl Search for GNU msgfmt in the PATH. + dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. + dnl The second test excludes FreeBSD msgfmt. + AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && + (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], + :) + AC_PATH_PROG([GMSGFMT], [gmsgfmt], [$MSGFMT]) + + dnl Test whether it is GNU msgfmt >= 0.15. +changequote(,)dnl + case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; + *) GMSGFMT_015=$GMSGFMT ;; + esac +changequote([,])dnl + AC_SUBST([GMSGFMT_015]) + + dnl Search for GNU xgettext 0.12 or newer in the PATH. + dnl The first test excludes Solaris xgettext and early GNU xgettext versions. + dnl The second test excludes FreeBSD xgettext. + AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && + (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], + :) + dnl Remove leftover from FreeBSD xgettext call. + rm -f messages.po + + dnl Test whether it is GNU xgettext >= 0.15. +changequote(,)dnl + case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; + *) XGETTEXT_015=$XGETTEXT ;; + esac +changequote([,])dnl + AC_SUBST([XGETTEXT_015]) + + dnl Search for GNU msgmerge 0.11 or newer in the PATH. + AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, + [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :) + + dnl Test whether it is GNU msgmerge >= 0.20. + if LC_ALL=C $MSGMERGE --help | grep ' --for-msgfmt ' >/dev/null; then + MSGMERGE_FOR_MSGFMT_OPTION='--for-msgfmt' + else + dnl Test whether it is GNU msgmerge >= 0.12. + if LC_ALL=C $MSGMERGE --help | grep ' --no-fuzzy-matching ' >/dev/null; then + MSGMERGE_FOR_MSGFMT_OPTION='--no-fuzzy-matching --no-location --quiet' + else + dnl With these old versions, $(MSGMERGE) $(MSGMERGE_FOR_MSGFMT_OPTION) is + dnl slow. But this is not a big problem, as such old gettext versions are + dnl hardly in use any more. + MSGMERGE_FOR_MSGFMT_OPTION='--no-location --quiet' + fi + fi + AC_SUBST([MSGMERGE_FOR_MSGFMT_OPTION]) + + dnl Support for AM_XGETTEXT_OPTION. + test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= + AC_SUBST([XGETTEXT_EXTRA_OPTIONS]) + + AC_CONFIG_COMMANDS([po-directories], [[ + for ac_file in $CONFIG_FILES; do + # Support "outfile[:infile[:infile...]]" + case "$ac_file" in + *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + esac + # PO directories have a Makefile.in generated from Makefile.in.in. + case "$ac_file" in */Makefile.in) + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + # Treat a directory as a PO directory if and only if it has a + # POTFILES.in file. This allows packages to have multiple PO + # directories under different names or in different locations. + if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then + rm -f "$ac_dir/POTFILES" + test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" + gt_tab=`printf '\t'` + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + POMAKEFILEDEPS="POTFILES.in" + # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend + # on $ac_dir but don't depend on user-specified configuration + # parameters. + if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then + # The LINGUAS file contains the set of available languages. + if test -n "$OBSOLETE_ALL_LINGUAS"; then + test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" + fi + ALL_LINGUAS=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` + POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" + else + # The set of available languages was given in configure.in. + ALL_LINGUAS=$OBSOLETE_ALL_LINGUAS + fi + # Compute POFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) + # Compute UPDATEPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) + # Compute DUMMYPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) + # Compute GMOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) + case "$ac_given_srcdir" in + .) srcdirpre= ;; + *) srcdirpre='$(srcdir)/' ;; + esac + POFILES= + UPDATEPOFILES= + DUMMYPOFILES= + GMOFILES= + for lang in $ALL_LINGUAS; do + POFILES="$POFILES $srcdirpre$lang.po" + UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" + DUMMYPOFILES="$DUMMYPOFILES $lang.nop" + GMOFILES="$GMOFILES $srcdirpre$lang.gmo" + done + # CATALOGS depends on both $ac_dir and the user's LINGUAS + # environment variable. + INST_LINGUAS= + if test -n "$ALL_LINGUAS"; then + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "$LINGUAS"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + INST_LINGUAS="$INST_LINGUAS $presentlang" + fi + done + fi + CATALOGS= + if test -n "$INST_LINGUAS"; then + for lang in $INST_LINGUAS; do + CATALOGS="$CATALOGS $lang.gmo" + done + fi + test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" + sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" + for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do + if test -f "$f"; then + case "$f" in + *.orig | *.bak | *~) ;; + *) cat "$f" >> "$ac_dir/Makefile" ;; + esac + fi + done + fi + ;; + esac + done]], + [# Capture the value of obsolete ALL_LINGUAS because we need it to compute + # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. + OBSOLETE_ALL_LINGUAS="$ALL_LINGUAS" + # Capture the value of LINGUAS because we need it to compute CATALOGS. + LINGUAS="${LINGUAS-%UNSET%}" + ]) +]) + +dnl Postprocesses a Makefile in a directory containing PO files. +AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], +[ + # When this code is run, in config.status, two variables have already been + # set: + # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in, + # - LINGUAS is the value of the environment variable LINGUAS at configure + # time. + +changequote(,)dnl + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + # Find a way to echo strings without interpreting backslash. + if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then + gt_echo='echo' + else + if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then + gt_echo='printf %s\n' + else + echo_func () { + cat < "$ac_file.tmp" + tab=`printf '\t'` + if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then + # Add dependencies that cannot be formulated as a simple suffix rule. + for lang in $ALL_LINGUAS; do + frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` + cat >> "$ac_file.tmp" < /dev/null; then + # Add dependencies that cannot be formulated as a simple suffix rule. + for lang in $ALL_LINGUAS; do + frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'` + cat >> "$ac_file.tmp" <> "$ac_file.tmp" <, 1996. + +AC_PREREQ([2.50]) + +# Search path for a program which passes the given test. + +dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, +dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) +AC_DEFUN([AM_PATH_PROG_WITH_TEST], +[ +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "$2", so it can be a program name with args. +set dummy $2; ac_word=[$]2 +AC_MSG_CHECKING([for $ac_word]) +AC_CACHE_VAL([ac_cv_path_$1], +[case "[$]$1" in + [[\\/]]* | ?:[[\\/]]*) + ac_cv_path_$1="[$]$1" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in ifelse([$5], , $PATH, [$5]); do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD + if [$3]; then + ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" +dnl If no 4th arg is given, leave the cache variable unset, +dnl so AC_PATH_PROGS will keep looking. +ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" +])dnl + ;; +esac])dnl +$1="$ac_cv_path_$1" +if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then + AC_MSG_RESULT([$][$1]) +else + AC_MSG_RESULT([no]) +fi +AC_SUBST([$1])dnl +]) diff --git a/common/Makefile.am b/common/Makefile.am new file mode 100644 index 0000000..3a5f73d --- /dev/null +++ b/common/Makefile.am @@ -0,0 +1,140 @@ + +inc_HEADERS += \ + common/pkcs11.h \ + common/pkcs11x.h \ + $(NULL) + +noinst_LTLIBRARIES += \ + libp11-common.la \ + libp11-library.la \ + libp11-tool.la \ + $(NULL) + +check_LTLIBRARIES += \ + libp11-test.la \ + $(NULL) + +libp11_common_la_SOURCES = \ + common/argv.c common/argv.h \ + common/attrs.c common/attrs.h \ + common/array.c common/array.h \ + common/buffer.c common/buffer.h \ + common/compat.c common/compat.h \ + common/constants.c common/constants.h \ + common/debug.c common/debug.h \ + common/dict.c common/dict.h \ + common/hash.c common/hash.h \ + common/lexer.c common/lexer.h \ + common/message.c common/message.h \ + common/path.c common/path.h \ + common/pkcs11.h common/pkcs11x.h common/pkcs11i.h \ + common/runtime.c common/runtime.h \ + common/url.c common/url.h \ + common/vsock.c common/vsock.h \ + common/init.h \ + $(NULL) + +libp11_library_la_SOURCES = \ + common/library.c common/library.h \ + $(NULL) + +libp11_test_la_SOURCES = \ + common/mock.c common/mock.h \ + common/test.c common/test.h \ + $(NULL) + +libp11_tool_la_SOURCES = \ + common/tool.c common/tool.h \ + $(NULL) + +if !OS_WIN32 +libp11_tool_la_SOURCES += \ + common/unix-peer.c common/unix-peer.h \ + $(NULL) +endif + +# Tests ---------------------------------------------------------------- + +common_LIBS = \ + libp11-test.la \ + libp11-common.la \ + $(NULL) + +c_tests += \ + test-tests \ + test-compat \ + test-hash \ + test-dict \ + test-array \ + test-constants \ + test-attrs \ + test-buffer \ + test-url \ + test-path \ + test-lexer \ + test-message \ + test-argv \ + test-runtime \ + $(NULL) + +test_argv_SOURCES = common/test-argv.c +test_argv_LDADD = $(common_LIBS) + +test_array_SOURCES = common/test-array.c +test_array_LDADD = $(common_LIBS) + +test_attrs_SOURCES = common/test-attrs.c +test_attrs_LDADD = $(common_LIBS) + +test_buffer_SOURCES = common/test-buffer.c +test_buffer_LDADD = $(common_LIBS) + +test_compat_SOURCES = common/test-compat.c +test_compat_LDADD = $(common_LIBS) + +test_constants_SOURCES = common/test-constants.c +test_constants_LDADD = $(common_LIBS) + +test_dict_SOURCES = common/test-dict.c +test_dict_LDADD = $(common_LIBS) + +test_hash_SOURCES = common/test-hash.c +test_hash_LDADD = $(common_LIBS) + +test_lexer_SOURCES = common/test-lexer.c +test_lexer_LDADD = $(common_LIBS) + +test_message_SOURCES = common/test-message.c +test_message_LDADD = $(common_LIBS) + +test_path_SOURCES = common/test-path.c +test_path_LDADD = $(common_LIBS) + +test_tests_SOURCES = common/test-tests.c +test_tests_LDADD = $(common_LIBS) + +test_url_SOURCES = common/test-url.c +test_url_LDADD = $(common_LIBS) + +test_runtime_SOURCES = common/test-runtime.c +test_runtime_LDADD = $(common_LIBS) + +check_PROGRAMS += \ + common/frob-getauxval \ + common/frob-getenv \ + $(NULL) + +common_frob_getauxval_SOURCES = common/frob-getauxval.c +common_frob_getauxval_LDADD = $(common_LIBS) + +common_frob_getenv_SOURCES = common/frob-getenv.c +common_frob_getenv_LDADD = $(common_LIBS) + +if !OS_WIN32 +check_PROGRAMS += common/frob-getprogname + +common_frob_getprogname_SOURCES = common/frob-getprogname.c +common_frob_getprogname_LDADD = $(common_LIBS) +endif + +EXTRA_DIST += common/meson.build diff --git a/common/argv.c b/common/argv.c new file mode 100644 index 0000000..541730c --- /dev/null +++ b/common/argv.c @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "argv.h" +#include "debug.h" + +#include +#include +#include + +bool +p11_argv_parse (const char *string, + void (*sink) (char *, void *), + void *argument) +{ + char quote = '\0'; + char *src, *dup, *at, *arg; + bool ret = true; + + return_val_if_fail (string != NULL, false); + return_val_if_fail (sink != NULL, false); + + src = dup = strdup (string); + return_val_if_fail (dup != NULL, false); + + arg = at = src; + for (src = dup; *src; src++) { + + /* Matching quote */ + if (quote == *src) { + quote = '\0'; + + /* Inside of quotes */ + } else if (quote != '\0') { + if (*src == '\\') { + src++; + if (!*src) { + ret = false; + goto done; + } + if (*src != quote) + *at++ = '\\'; + } + *at++ = *src; + + /* Space, not inside of quotes */ + } else if (isspace (*src)) { + *at = 0; + sink (arg, argument); + arg = at; + + /* Other character outside of quotes */ + } else { + switch (*src) { + case '\'': + case '"': + quote = *src; + break; + case '\\': + *at++ = *src++; + if (!*src) { + ret = false; + goto done; + } + /* fall through */ + default: + *at++ = *src; + break; + } + } + } + + + if (at != arg) { + *at = 0; + sink (arg, argument); + } + +done: + free (dup); + return ret; +} diff --git a/common/argv.h b/common/argv.h new file mode 100644 index 0000000..8f95490 --- /dev/null +++ b/common/argv.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_ARGV_H_ +#define P11_ARGV_H_ + +#include "compat.h" + +bool p11_argv_parse (const char *string, + void (*sink) (char *, void *), + void *argument); + +#endif /* P11_ARGV_H_ */ diff --git a/common/array.c b/common/array.c new file mode 100644 index 0000000..570230c --- /dev/null +++ b/common/array.c @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + */ + +#include "config.h" + +#include "array.h" +#include "debug.h" + +#include +#include +#include + +static bool +maybe_expand_array (p11_array *array, + unsigned int length) +{ + unsigned int new_allocated; + void **new_memory; + + if (length <= array->allocated) + return true; + + + if (array->allocated == 0) + new_allocated = 16; + else { + return_val_if_fail (SIZE_MAX / array->allocated >= 2, false); + new_allocated = array->allocated * 2; + } + if (new_allocated < length) + new_allocated = length; + + new_memory = reallocarray (array->elem, new_allocated, sizeof (void*)); + return_val_if_fail (new_memory != NULL, false); + + array->elem = new_memory; + array->allocated = new_allocated; + return true; +} + +p11_array * +p11_array_new (p11_destroyer destroyer) +{ + p11_array *array; + + array = calloc (1, sizeof (p11_array)); + if (array == NULL) + return NULL; + + if (!maybe_expand_array (array, 2)) { + p11_array_free (array); + return NULL; + } + + array->destroyer = destroyer; + return array; +} + +void +p11_array_free (p11_array *array) +{ + if (array == NULL) + return; + + p11_array_clear (array); + free (array->elem); + free (array); +} + +bool +p11_array_push (p11_array *array, + void *value) +{ + if (!maybe_expand_array (array, array->num + 1)) + return_val_if_reached (false); + + array->elem[array->num] = value; + array->num++; + return true; +} + +bool +p11_array_insert (p11_array *array, + unsigned int index, + void *value) +{ + return_val_if_fail (index <= array->num, false); + if (!maybe_expand_array (array, array->num + 1)) + return_val_if_reached (false); + + memmove (array->elem + index + 1, array->elem + index, + (array->num - index) * sizeof (void*)); + array->elem[index] = value; + array->num++; + return true; +} + +void +p11_array_remove (p11_array *array, + unsigned int index) +{ + if (array->destroyer) + (array->destroyer) (array->elem[index]); + memmove (array->elem + index, array->elem + index + 1, + (array->num - (index + 1)) * sizeof (void*)); + array->num--; +} + +void +p11_array_clear (p11_array *array) +{ + unsigned int i; + + if (array->destroyer) { + for (i = 0; i < array->num; i++) + (array->destroyer) (array->elem[i]); + } + + array->num = 0; +} diff --git a/common/array.h b/common/array.h new file mode 100644 index 0000000..212d533 --- /dev/null +++ b/common/array.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Waler + */ + +#ifndef __P11_ARRAY_H__ +#define __P11_ARRAY_H__ + +#include "compat.h" + +#ifndef P11_DESTROYER_DEFINED +#define P11_DESTROYER_DEFINED + +typedef void (*p11_destroyer) (void *data); + +#endif + +typedef struct _p11_array { + void **elem; + unsigned int num; + + /* private */ + unsigned int allocated; + p11_destroyer destroyer; +} p11_array; + +p11_array * p11_array_new (p11_destroyer destroyer); + +void p11_array_free (p11_array *array); + +bool p11_array_push (p11_array *array, + void *value); + +bool p11_array_insert (p11_array *array, + unsigned int index, + void *value); + +void p11_array_remove (p11_array *array, + unsigned int index); + +void p11_array_clear (p11_array *array); + +#endif /* __P11_ARRAY_H__ */ diff --git a/common/attrs.c b/common/attrs.c new file mode 100644 index 0000000..ad233f4 --- /dev/null +++ b/common/attrs.c @@ -0,0 +1,910 @@ +/* + * Copyright (C) 2012, Redhat Inc. + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "buffer.h" +#include "compat.h" +#include "constants.h" +#include "debug.h" +#include "hash.h" +#include "pkcs11.h" +#include "pkcs11i.h" +#include "pkcs11x.h" + +#include +#include +#include +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +bool +p11_attrs_terminator (const CK_ATTRIBUTE *attrs) +{ + return (attrs == NULL || attrs->type == CKA_INVALID); +} + +CK_ULONG +p11_attrs_count (const CK_ATTRIBUTE *attrs) +{ + CK_ULONG count; + + if (attrs == NULL) + return 0UL; + + for (count = 0; !p11_attrs_terminator (attrs); count++, attrs++); + + return count; +} + +void +p11_attrs_free (void *attrs) +{ + CK_ATTRIBUTE *ats = attrs; + int i; + + if (!attrs) + return; + + for (i = 0; !p11_attrs_terminator (ats + i); i++) + free (ats[i].pValue); + free (ats); +} + +static CK_ATTRIBUTE * +attrs_build (CK_ATTRIBUTE *attrs, + CK_ULONG count_to_add, + bool take_values, + bool override, + CK_ATTRIBUTE * (*generator) (void *), + void *state) +{ + CK_ATTRIBUTE *attr; + CK_ATTRIBUTE *add; + CK_ULONG current; + CK_ULONG at; + CK_ULONG j; + CK_ULONG i; + size_t length; + void *new_memory; + + /* How many attributes we already have */ + current = p11_attrs_count (attrs); + + /* Reallocate for how many we need */ + length = current + count_to_add; + return_val_if_fail (current <= length && length < SIZE_MAX, NULL); + new_memory = reallocarray (attrs, length + 1, sizeof (CK_ATTRIBUTE)); + return_val_if_fail (new_memory != NULL, NULL); + attrs = new_memory; + + at = current; + for (i = 0; i < count_to_add; i++) { + add = (generator) (state); + + /* Skip with invalid type */ + if (!add || add->type == CKA_INVALID) + continue; + + attr = NULL; + + /* Do we have this attribute? */ + for (j = 0; attr == NULL && j < current; j++) { + if (attrs[j].type == add->type) { + attr = attrs + j; + break; + } + } + + /* The attribute doesn't exist */ + if (attr == NULL) { + attr = attrs + at; + at++; + + /* The attribute exists and we're not overriding */ + } else if (!override) { + if (take_values) + free (add->pValue); + continue; + + /* The attribute exitss, and we're overriding */ + } else { + free (attr->pValue); + } + + memcpy (attr, add, sizeof (CK_ATTRIBUTE)); + if (!take_values && attr->pValue != NULL) { + if (attr->ulValueLen == 0) + attr->pValue = malloc (1); + else + attr->pValue = memdup (attr->pValue, attr->ulValueLen); + return_val_if_fail (attr->pValue != NULL, NULL); + } + } + + /* Mark this as the end */ + (attrs + at)->type = CKA_INVALID; + assert (p11_attrs_terminator (attrs + at)); + return attrs; +} + +static CK_ATTRIBUTE * +vararg_generator (void *state) +{ + va_list *va = state; + return va_arg (*va, CK_ATTRIBUTE *); +} + +CK_ATTRIBUTE * +p11_attrs_build (CK_ATTRIBUTE *attrs, + ...) +{ + CK_ULONG count; + va_list va; + + count = 0UL; + va_start (va, attrs); + while (va_arg (va, CK_ATTRIBUTE *)) + count++; + va_end (va); + + va_start (va, attrs); + attrs = attrs_build (attrs, count, false, true, + vararg_generator, &va); + va_end (va); + + return attrs; +} + +static CK_ATTRIBUTE * +template_generator (void *state) +{ + CK_ATTRIBUTE **template = state; + return (*template)++; +} + +CK_ATTRIBUTE * +p11_attrs_buildn (CK_ATTRIBUTE *attrs, + const CK_ATTRIBUTE *add, + CK_ULONG count) +{ + return attrs_build (attrs, count, false, true, + template_generator, &add); +} + +CK_ATTRIBUTE * +p11_attrs_take (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_VOID_PTR value, + CK_ULONG length) +{ + CK_ATTRIBUTE attr = { type, value, length }; + CK_ATTRIBUTE *add = &attr; + return attrs_build (attrs, 1, true, true, + template_generator, &add); +} + +CK_ATTRIBUTE * +p11_attrs_merge (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + bool replace) +{ + CK_ATTRIBUTE *ptr; + CK_ULONG count; + + if (attrs == NULL) + return merge; + + ptr = merge; + count = p11_attrs_count (merge); + + attrs = attrs_build (attrs, count, true, replace, + template_generator, &ptr); + + /* + * Since we're supposed to own the merge attributes, + * free the container array. + */ + free (merge); + + return attrs; +} + +CK_ATTRIBUTE * +p11_attrs_dup (const CK_ATTRIBUTE *attrs) +{ + CK_ULONG count; + + count = p11_attrs_count (attrs); + return p11_attrs_buildn (NULL, attrs, count); +} + +CK_ATTRIBUTE * +p11_attrs_find (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type) +{ + CK_ULONG i; + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + if (attrs[i].type == type) + return attrs + i; + } + + return NULL; +} + +CK_ATTRIBUTE * +p11_attrs_findn (CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type) +{ + CK_ULONG i; + + for (i = 0; i < count; i++) { + if (attrs[i].type == type) + return attrs + i; + } + + return NULL; +} + +bool +p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_BBOOL *value) +{ + CK_ULONG i; + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + if (attrs[i].type == type && + attrs[i].ulValueLen == sizeof (CK_BBOOL) && + attrs[i].pValue != NULL) { + *value = *((CK_BBOOL *)attrs[i].pValue); + return true; + } + } + + return false; +} + +bool +p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type, + CK_BBOOL *value) +{ + CK_ULONG i; + + for (i = 0; i < count; i++) { + if (attrs[i].type == type && + attrs[i].ulValueLen == sizeof (CK_BBOOL) && + attrs[i].pValue != NULL) { + *value = *((CK_BBOOL *)attrs[i].pValue); + return true; + } + } + + return false; +} + +bool +p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_ULONG *value) +{ + CK_ULONG i; + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + if (attrs[i].type == type && + attrs[i].ulValueLen == sizeof (CK_ULONG) && + attrs[i].pValue != NULL) { + *value = *((CK_ULONG *)attrs[i].pValue); + return true; + } + } + + return false; +} + +bool +p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type, + CK_ULONG *value) +{ + CK_ULONG i; + + for (i = 0; i < count; i++) { + if (attrs[i].type == type && + attrs[i].ulValueLen == sizeof (CK_ULONG) && + attrs[i].pValue != NULL) { + *value = *((CK_ULONG *)attrs[i].pValue); + return true; + } + } + + return false; +} + +void * +p11_attrs_find_value (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + size_t *length) +{ + CK_ULONG i; + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + if (attrs[i].type == type && + attrs[i].ulValueLen != 0 && + attrs[i].ulValueLen != (CK_ULONG)-1 && + attrs[i].pValue != NULL) { + if (length) + *length = attrs[i].ulValueLen; + return attrs[i].pValue; + } + } + + return NULL; +} + +CK_ATTRIBUTE * +p11_attrs_find_valid (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type) +{ + CK_ULONG i; + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + if (attrs[i].type == type && + attrs[i].pValue != NULL && + attrs[i].ulValueLen != 0 && + attrs[i].ulValueLen != (CK_ULONG)-1) + return attrs + i; + } + + return NULL; +} + +bool +p11_attrs_remove (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type) +{ + CK_ULONG count; + CK_ULONG i; + + count = p11_attrs_count (attrs); + for (i = 0; i < count; i++) { + if (attrs[i].type == type) + break; + } + + if (i == count) + return false; + + if (attrs[i].pValue) + free (attrs[i].pValue); + + memmove (attrs + i, attrs + i + 1, (count - (i + 1)) * sizeof (CK_ATTRIBUTE)); + attrs[count - 1].type = CKA_INVALID; + return true; +} + +void +p11_attrs_purge (CK_ATTRIBUTE *attrs) +{ + int in, out; + + for (in = 0, out = 0; !p11_attrs_terminator (attrs + in); in++) { + if (attrs[in].ulValueLen == (CK_ULONG)-1) { + free (attrs[in].pValue); + attrs[in].pValue = NULL; + attrs[in].ulValueLen = 0; + } else { + if (in != out) + memcpy (attrs + out, attrs + in, sizeof (CK_ATTRIBUTE)); + out++; + } + } + + attrs[out].type = CKA_INVALID; + assert (p11_attrs_terminator (attrs + out)); + +} + +bool +p11_attrs_match (const CK_ATTRIBUTE *attrs, + const CK_ATTRIBUTE *match) +{ + CK_ATTRIBUTE *attr; + + for (; !p11_attrs_terminator (match); match++) { + attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type); + if (!attr) + return false; + if (!p11_attr_equal (attr, match)) + return false; + } + + return true; +} + +bool +p11_attrs_matchn (const CK_ATTRIBUTE *attrs, + const CK_ATTRIBUTE *match, + CK_ULONG count) +{ + CK_ATTRIBUTE *attr; + CK_ULONG i; + + for (i = 0; i < count; i++) { + attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match[i].type); + if (!attr) + return false; + if (!p11_attr_equal (attr, match + i)) + return false; + } + + return true; + +} + + +bool +p11_attr_match_value (const CK_ATTRIBUTE *attr, + const void *value, + ssize_t length) +{ + if (length < 0) + length = strlen (value); + return (attr != NULL && + attr->ulValueLen == length && + (attr->pValue == value || + (attr->pValue && value && + memcmp (attr->pValue, value, attr->ulValueLen) == 0))); +} + +bool +p11_attr_equal (const void *v1, + const void *v2) +{ + const CK_ATTRIBUTE *one = v1; + const CK_ATTRIBUTE *two = v2; + + return (one == two || + (one && two && one->type == two->type && + p11_attr_match_value (one, two->pValue, two->ulValueLen))); +} + +unsigned int +p11_attr_hash (const void *data) +{ + const CK_ATTRIBUTE *attr = data; + uint32_t hash = 0; + + if (attr != NULL) { + p11_hash_murmur3 (&hash, + &attr->type, sizeof (attr->type), + attr->pValue, (size_t)attr->ulValueLen, + NULL); + } + + return hash; +} + +static void +buffer_append_printf (p11_buffer *buffer, + const char *format, + ...) GNUC_PRINTF(2, 3); + +static void +buffer_append_printf (p11_buffer *buffer, + const char *format, + ...) +{ + char *string; + va_list va; + + va_start (va, format); + if (vasprintf (&string, format, va) < 0) { + va_end (va); + return_if_reached (); + } + va_end (va); + + p11_buffer_add (buffer, string, -1); + free (string); +} + +static bool +attribute_is_ulong_of_type (const CK_ATTRIBUTE *attr, + CK_ULONG type) +{ + if (attr->type != type) + return false; + if (attr->ulValueLen != sizeof (CK_ULONG)) + return false; + if (!attr->pValue) + return false; + return true; +} + +static bool +attribute_is_trust_value (const CK_ATTRIBUTE *attr) +{ + switch (attr->type) { + case CKA_TRUST_DIGITAL_SIGNATURE: + case CKA_TRUST_NON_REPUDIATION: + case CKA_TRUST_KEY_ENCIPHERMENT: + case CKA_TRUST_DATA_ENCIPHERMENT: + case CKA_TRUST_KEY_AGREEMENT: + case CKA_TRUST_KEY_CERT_SIGN: + case CKA_TRUST_CRL_SIGN: + case CKA_TRUST_SERVER_AUTH: + case CKA_TRUST_CLIENT_AUTH: + case CKA_TRUST_CODE_SIGNING: + case CKA_TRUST_EMAIL_PROTECTION: + case CKA_TRUST_IPSEC_END_SYSTEM: + case CKA_TRUST_IPSEC_TUNNEL: + case CKA_TRUST_IPSEC_USER: + case CKA_TRUST_TIME_STAMPING: + break; + default: + return false; + } + + return attribute_is_ulong_of_type (attr, attr->type); +} + +static bool +attribute_is_sensitive (const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) +{ + /* + * Don't print any just attribute, since they may contain + * sensitive data + */ + + switch (attr->type) { + #define X(x) case x: return false; + X (CKA_CLASS) + X (CKA_TOKEN) + X (CKA_PRIVATE) + X (CKA_LABEL) + X (CKA_APPLICATION) + X (CKA_OBJECT_ID) + X (CKA_CERTIFICATE_TYPE) + X (CKA_ISSUER) + X (CKA_SERIAL_NUMBER) + X (CKA_AC_ISSUER) + X (CKA_OWNER) + X (CKA_ATTR_TYPES) + X (CKA_TRUSTED) + X (CKA_CERTIFICATE_CATEGORY) + X (CKA_JAVA_MIDP_SECURITY_DOMAIN) + X (CKA_URL) + X (CKA_HASH_OF_SUBJECT_PUBLIC_KEY) + X (CKA_HASH_OF_ISSUER_PUBLIC_KEY) + X (CKA_CHECK_VALUE) + X (CKA_KEY_TYPE) + X (CKA_SUBJECT) + X (CKA_ID) + X (CKA_SENSITIVE) + X (CKA_ENCRYPT) + X (CKA_DECRYPT) + X (CKA_WRAP) + X (CKA_UNWRAP) + X (CKA_SIGN) + X (CKA_SIGN_RECOVER) + X (CKA_VERIFY) + X (CKA_VERIFY_RECOVER) + X (CKA_DERIVE) + X (CKA_START_DATE) + X (CKA_END_DATE) + X (CKA_MODULUS_BITS) + X (CKA_PRIME_BITS) + /* X (CKA_SUBPRIME_BITS) */ + /* X (CKA_SUB_PRIME_BITS) */ + X (CKA_VALUE_BITS) + X (CKA_VALUE_LEN) + X (CKA_EXTRACTABLE) + X (CKA_LOCAL) + X (CKA_NEVER_EXTRACTABLE) + X (CKA_ALWAYS_SENSITIVE) + X (CKA_KEY_GEN_MECHANISM) + X (CKA_MODIFIABLE) + X (CKA_SECONDARY_AUTH) + X (CKA_AUTH_PIN_FLAGS) + X (CKA_ALWAYS_AUTHENTICATE) + X (CKA_WRAP_WITH_TRUSTED) + X (CKA_WRAP_TEMPLATE) + X (CKA_UNWRAP_TEMPLATE) + X (CKA_HW_FEATURE_TYPE) + X (CKA_RESET_ON_INIT) + X (CKA_HAS_RESET) + X (CKA_PIXEL_X) + X (CKA_PIXEL_Y) + X (CKA_RESOLUTION) + X (CKA_CHAR_ROWS) + X (CKA_CHAR_COLUMNS) + X (CKA_COLOR) + X (CKA_BITS_PER_PIXEL) + X (CKA_CHAR_SETS) + X (CKA_ENCODING_METHODS) + X (CKA_MIME_TYPES) + X (CKA_MECHANISM_TYPE) + X (CKA_REQUIRED_CMS_ATTRIBUTES) + X (CKA_DEFAULT_CMS_ATTRIBUTES) + X (CKA_SUPPORTED_CMS_ATTRIBUTES) + X (CKA_ALLOWED_MECHANISMS) + X (CKA_X_ASSERTION_TYPE) + X (CKA_X_CERTIFICATE_VALUE) + X (CKA_X_PURPOSE) + X (CKA_X_PEER) + X (CKA_X_DISTRUSTED) + X (CKA_X_CRITICAL) + X (CKA_PUBLIC_KEY_INFO) + X (CKA_NSS_URL) + X (CKA_NSS_EMAIL) + X (CKA_NSS_SMIME_INFO) + X (CKA_NSS_SMIME_TIMESTAMP) + X (CKA_NSS_PKCS8_SALT) + X (CKA_NSS_PASSWORD_CHECK) + X (CKA_NSS_EXPIRES) + X (CKA_NSS_KRL) + X (CKA_NSS_PQG_COUNTER) + X (CKA_NSS_PQG_SEED) + X (CKA_NSS_PQG_H) + X (CKA_NSS_PQG_SEED_BITS) + X (CKA_NSS_MODULE_SPEC) + X (CKA_TRUST_DIGITAL_SIGNATURE) + X (CKA_TRUST_NON_REPUDIATION) + X (CKA_TRUST_KEY_ENCIPHERMENT) + X (CKA_TRUST_DATA_ENCIPHERMENT) + X (CKA_TRUST_KEY_AGREEMENT) + X (CKA_TRUST_KEY_CERT_SIGN) + X (CKA_TRUST_CRL_SIGN) + X (CKA_TRUST_SERVER_AUTH) + X (CKA_TRUST_CLIENT_AUTH) + X (CKA_TRUST_CODE_SIGNING) + X (CKA_TRUST_EMAIL_PROTECTION) + X (CKA_TRUST_IPSEC_END_SYSTEM) + X (CKA_TRUST_IPSEC_TUNNEL) + X (CKA_TRUST_IPSEC_USER) + X (CKA_TRUST_TIME_STAMPING) + X (CKA_TRUST_STEP_UP_APPROVED) + X (CKA_CERT_SHA1_HASH) + X (CKA_CERT_MD5_HASH) + case CKA_VALUE: + return (klass != CKO_CERTIFICATE && + klass != CKO_X_CERTIFICATE_EXTENSION); + #undef X + } + + return true; +} + +static void +format_class (p11_buffer *buffer, + CK_OBJECT_CLASS klass) +{ + const char *string = p11_constant_name (p11_constant_classes, klass); + if (string != NULL) + p11_buffer_add (buffer, string, -1); + else + buffer_append_printf (buffer, "0x%08lX", klass); +} + +static void +format_assertion_type (p11_buffer *buffer, + CK_X_ASSERTION_TYPE type) +{ + const char *string = p11_constant_name (p11_constant_asserts, type); + if (string != NULL) + p11_buffer_add (buffer, string, -1); + else + buffer_append_printf (buffer, "0x%08lX", type); +} + +static void +format_key_type (p11_buffer *buffer, + CK_KEY_TYPE type) +{ + const char *string = p11_constant_name (p11_constant_keys, type); + if (string != NULL) + p11_buffer_add (buffer, string, -1); + else + buffer_append_printf (buffer, "0x%08lX", type); +} + +static void +format_certificate_type (p11_buffer *buffer, + CK_CERTIFICATE_TYPE type) +{ + const char *string = p11_constant_name (p11_constant_certs, type); + if (string != NULL) + p11_buffer_add (buffer, string, -1); + else + buffer_append_printf (buffer, "0x%08lX", type); +} + +static void +format_trust_value (p11_buffer *buffer, + CK_TRUST trust) +{ + const char *string = p11_constant_name (p11_constant_trusts, trust); + if (string != NULL) + p11_buffer_add (buffer, string, -1); + else + buffer_append_printf (buffer, "0x%08lX", trust); +} + +static void +format_certificate_category (p11_buffer *buffer, + CK_ULONG category) +{ + const char *string = p11_constant_name (p11_constant_categories, category); + if (string != NULL) + buffer_append_printf (buffer, "%lu (%s)", category, string); + else + buffer_append_printf (buffer, "%lu", category); +} + +static void +format_attribute_type (p11_buffer *buffer, + CK_ULONG type) +{ + const char *string = p11_constant_name (p11_constant_types, type); + if (string != NULL) + p11_buffer_add (buffer, string, -1); + else + buffer_append_printf (buffer, "CKA_0x%08lX", type); +} + +static void +format_some_bytes (p11_buffer *buffer, + void *bytes, + CK_ULONG length) +{ + unsigned char ch; + const unsigned char *data = bytes; + CK_ULONG i; + + if (bytes == NULL) { + p11_buffer_add (buffer, "NULL", -1); + return; + } + + p11_buffer_add (buffer, "\"", 1); + for (i = 0; i < length && i < 128; i++) { + ch = data[i]; + if (ch == '\t') + p11_buffer_add (buffer, "\\t", -1); + else if (ch == '\n') + p11_buffer_add (buffer, "\\n", -1); + else if (ch == '\r') + p11_buffer_add (buffer, "\\r", -1); + else if (ch >= 32 && ch < 127) + p11_buffer_add (buffer, &ch, 1); + else + buffer_append_printf (buffer, "\\x%02x", ch); + } + + if (i < length) + buffer_append_printf (buffer, "..."); + p11_buffer_add (buffer, "\"", 1); +} + +void +p11_attr_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) +{ + p11_buffer_add (buffer, "{ ", -1); + format_attribute_type (buffer, attr->type); + p11_buffer_add (buffer, " = ", -1); + if (attr->ulValueLen == CKA_INVALID) { + buffer_append_printf (buffer, "(-1) INVALID"); + } else if (attribute_is_ulong_of_type (attr, CKA_CLASS)) { + format_class (buffer, *((CK_OBJECT_CLASS *)attr->pValue)); + } else if (attribute_is_ulong_of_type (attr, CKA_X_ASSERTION_TYPE)) { + format_assertion_type (buffer, *((CK_X_ASSERTION_TYPE *)attr->pValue)); + } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_TYPE)) { + format_certificate_type (buffer, *((CK_CERTIFICATE_TYPE *)attr->pValue)); + } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_CATEGORY)) { + format_certificate_category (buffer, *((CK_ULONG *)attr->pValue)); + } else if (attribute_is_ulong_of_type (attr, CKA_KEY_TYPE)) { + format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue)); + } else if (attribute_is_trust_value (attr)) { + format_trust_value (buffer, *((CK_TRUST *)attr->pValue)); + } else if (attribute_is_sensitive (attr, klass)) { + buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen); + } else { + buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen); + format_some_bytes (buffer, attr->pValue, attr->ulValueLen); + } + p11_buffer_add (buffer, " }", -1); +} + +void +p11_attrs_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attrs, + int count) +{ + CK_BBOOL first = CK_TRUE; + CK_OBJECT_CLASS klass; + int i; + + if (count < 0) + count = p11_attrs_count (attrs); + + if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass)) + klass = CKA_INVALID; + + buffer_append_printf (buffer, "(%d) [", count); + for (i = 0; i < count; i++) { + if (first) + p11_buffer_add (buffer, " ", 1); + else + p11_buffer_add (buffer, ", ", 2); + first = CK_FALSE; + p11_attr_format (buffer, attrs + i, klass); + } + p11_buffer_add (buffer, " ]", -1); +} + +char * +p11_attrs_to_string (const CK_ATTRIBUTE *attrs, + int count) +{ + p11_buffer buffer; + if (!p11_buffer_init_null (&buffer, 128)) + return_val_if_reached (NULL); + p11_attrs_format (&buffer, attrs, count); + return p11_buffer_steal (&buffer, NULL); +} + +char * +p11_attr_to_string (const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) +{ + p11_buffer buffer; + if (!p11_buffer_init_null (&buffer, 32)) + return_val_if_reached (NULL); + p11_attr_format (&buffer, attr, klass); + return p11_buffer_steal (&buffer, NULL); +} diff --git a/common/attrs.h b/common/attrs.h new file mode 100644 index 0000000..2780013 --- /dev/null +++ b/common/attrs.h @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2012, Redhat Inc. + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_ATTRS_H_ +#define P11_ATTRS_H_ + +#include "buffer.h" +#include "compat.h" +#include "pkcs11.h" + +#define CKA_INVALID ((CK_ULONG)-1) + +CK_ATTRIBUTE * p11_attrs_dup (const CK_ATTRIBUTE *attrs); + +CK_ATTRIBUTE * p11_attrs_build (CK_ATTRIBUTE *attrs, + ...); + +CK_ATTRIBUTE * p11_attrs_buildn (CK_ATTRIBUTE *attrs, + const CK_ATTRIBUTE *add, + CK_ULONG count); + +CK_ATTRIBUTE * p11_attrs_take (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_VOID_PTR value, + CK_ULONG length); + +CK_ATTRIBUTE * p11_attrs_merge (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + bool replace); + +void p11_attrs_purge (CK_ATTRIBUTE *attrs); + +bool p11_attrs_terminator (const CK_ATTRIBUTE *attrs); + +CK_ULONG p11_attrs_count (const CK_ATTRIBUTE *attrs); + +void p11_attrs_free (void *attrs); + +CK_ATTRIBUTE * p11_attrs_find (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type); + +CK_ATTRIBUTE * p11_attrs_findn (CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type); + +bool p11_attrs_find_bool (const CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_BBOOL *value); + +bool p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type, + CK_BBOOL *value); + +bool p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + CK_ULONG *value); + +bool p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_ATTRIBUTE_TYPE type, + CK_ULONG *value); + +void * p11_attrs_find_value (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type, + size_t *length); + +CK_ATTRIBUTE * p11_attrs_find_valid (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type); + +bool p11_attrs_remove (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE_TYPE type); + +bool p11_attrs_match (const CK_ATTRIBUTE *attrs, + const CK_ATTRIBUTE *match); + +bool p11_attrs_matchn (const CK_ATTRIBUTE *attrs, + const CK_ATTRIBUTE *match, + CK_ULONG count); + +char * p11_attrs_to_string (const CK_ATTRIBUTE *attrs, + int count); + +void p11_attrs_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attrs, + int count); + +char * p11_attr_to_string (const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass); + +void p11_attr_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass); + +bool p11_attr_equal (const void *one, + const void *two); + +unsigned int p11_attr_hash (const void *data); + +bool p11_attr_match_value (const CK_ATTRIBUTE *attr, + const void *value, + ssize_t length); + +#endif /* P11_ATTRS_H_ */ diff --git a/common/buffer.c b/common/buffer.c new file mode 100644 index 0000000..668a259 --- /dev/null +++ b/common/buffer.c @@ -0,0 +1,198 @@ +/* + * Copyright (C) 2007, 2012 Stefan Walter + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "buffer.h" +#include "debug.h" + +#include +#include +#include +#include +#include + +static bool +buffer_realloc (p11_buffer *buffer, + size_t size) +{ + void *data; + + /* Memory owned elsewhere can't be reallocated */ + return_val_if_fail (buffer->frealloc != NULL, false); + + /* Reallocate built in buffer using allocator */ + data = (buffer->frealloc) (buffer->data, size); + if (!data && size > 0) { + p11_buffer_fail (buffer); + return_val_if_reached (false); + } + + buffer->data = data; + buffer->size = size; + return true; +} + +bool +p11_buffer_init (p11_buffer *buffer, + size_t reserve) +{ + p11_buffer_init_full (buffer, NULL, 0, 0, realloc, free); + return buffer_realloc (buffer, reserve); +} + +bool +p11_buffer_init_null (p11_buffer *buffer, + size_t reserve) +{ + p11_buffer_init_full (buffer, NULL, 0, P11_BUFFER_NULL, realloc, free); + return buffer_realloc (buffer, reserve); +} + +void +p11_buffer_init_full (p11_buffer *buffer, + void *data, + size_t len, + int flags, + void * (* frealloc) (void *, size_t), + void (* ffree) (void *)) +{ + memset (buffer, 0, sizeof (*buffer)); + + buffer->data = data; + buffer->len = len; + buffer->size = len; + buffer->flags = flags; + buffer->frealloc = frealloc; + buffer->ffree = ffree; + + return_if_fail (!(flags & P11_BUFFER_FAILED)); +} + +void +p11_buffer_uninit (p11_buffer *buffer) +{ + return_if_fail (buffer != NULL); + + if (buffer->ffree && buffer->data) + (buffer->ffree) (buffer->data); + memset (buffer, 0, sizeof (*buffer)); +} + +void * +p11_buffer_steal (p11_buffer *buffer, + size_t *length) +{ + void *data; + + return_val_if_fail (p11_buffer_ok (buffer), NULL); + + if (length) + *length = buffer->len; + data = buffer->data; + + buffer->data = NULL; + buffer->size = 0; + buffer->len = 0; + return data; +} + +bool +p11_buffer_reset (p11_buffer *buffer, + size_t reserve) +{ + buffer->flags &= ~P11_BUFFER_FAILED; + buffer->len = 0; + + if (reserve < buffer->size) + return true; + return buffer_realloc (buffer, reserve); +} + +void * +p11_buffer_append (p11_buffer *buffer, + size_t length) +{ + unsigned char *data; + size_t terminator; + size_t newlen; + size_t reserve; + size_t offset; + + return_val_if_fail (p11_buffer_ok (buffer), NULL); + + terminator = (buffer->flags & P11_BUFFER_NULL) ? 1 : 0; + + /* Check for unlikely and unrecoverable integer overflow */ + return_val_if_fail (SIZE_MAX - (terminator + length) > buffer->len, NULL); + + reserve = terminator + length + buffer->len; + + if (reserve > buffer->size) { + + /* Calculate a new length, minimize number of buffer allocations */ + return_val_if_fail (buffer->size < SIZE_MAX / 2, NULL); + newlen = buffer->size * 2; + if (!newlen) + newlen = 16; + if (reserve > newlen) + newlen = reserve; + + if (!buffer_realloc (buffer, newlen)) + return_val_if_reached (NULL); + } + + data = buffer->data; + offset = buffer->len; + buffer->len += length; + if (terminator) + data[buffer->len] = '\0'; + return data + offset; +} + +void +p11_buffer_add (p11_buffer *buffer, + const void *data, + ssize_t length) +{ + void *at; + + if (length < 0) + length = strlen (data); + + at = p11_buffer_append (buffer, length); + return_if_fail (at != NULL); + memcpy (at, data, length); +} diff --git a/common/buffer.h b/common/buffer.h new file mode 100644 index 0000000..6a61083 --- /dev/null +++ b/common/buffer.h @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2007, 2012 Stefan Walter + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_BUFFER_H_ +#define P11_BUFFER_H_ + +#include "compat.h" + +enum { + P11_BUFFER_FAILED = 1 << 0, + P11_BUFFER_NULL = 1 << 1, +}; + +typedef struct { + void *data; + size_t len; + + int flags; + size_t size; + void * (* frealloc) (void *, size_t); + void (* ffree) (void *); +} p11_buffer; + +bool p11_buffer_init (p11_buffer *buffer, + size_t size); + +bool p11_buffer_init_null (p11_buffer *buffer, + size_t size); + +void p11_buffer_init_full (p11_buffer *buffer, + void *data, + size_t len, + int flags, + void * (* frealloc) (void *, size_t), + void (* ffree) (void *)); + +void p11_buffer_uninit (p11_buffer *buffer); + +void * p11_buffer_steal (p11_buffer *buffer, + size_t *length); + +bool p11_buffer_reset (p11_buffer *buffer, + size_t size); + +void * p11_buffer_append (p11_buffer *buffer, + size_t length); + +void p11_buffer_add (p11_buffer *buffer, + const void *data, + ssize_t length); + +#define p11_buffer_fail(buf) \ + ((buf)->flags |= P11_BUFFER_FAILED) + +#define p11_buffer_ok(buf) \ + (((buf)->flags & P11_BUFFER_FAILED) ? false : true) + +#define p11_buffer_failed(buf) \ + (((buf)->flags & P11_BUFFER_FAILED) ? true : false) + +#endif /* BUFFER_H */ diff --git a/common/compat.c b/common/compat.c new file mode 100644 index 0000000..f69187f --- /dev/null +++ b/common/compat.c @@ -0,0 +1,1013 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +/* + * This is needed to expose pthread_mutexattr_settype and PTHREAD_MUTEX_DEFAULT + * on older pthreads implementations + */ +#define _XOPEN_SOURCE 700 + +#include "compat.h" +#include "debug.h" + +#include +#include +#include +#include +#include +#include + +/*- + * Portions of this file are covered by the following copyright: + * + * Copyright (c) 2001 Mike Barcroft + * Copyright (c) 1990, 1993 + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HAVE_GETPROGNAME + +#ifdef OS_UNIX + +#include + +#if defined (HAVE_PROGRAM_INVOCATION_SHORT_NAME) && !HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME +extern char *program_invocation_short_name; +#endif + +#if defined (HAVE___PROGNAME) && !HAVE_DECL___PROGNAME +extern char *__progname; +#endif + +const char * +getprogname (void) +{ + const char *name; + +#if defined (HAVE_GETEXECNAME) + const char *p; + name = getexecname(); + p = strrchr (name ? name : "", '/'); + if (p != NULL) + name = p + 1; +#elif defined (HAVE_PROGRAM_INVOCATION_SHORT_NAME) +#ifdef __linux__ + name = program_invocation_name; + assert (name); + if (*name == '/') { + /* + * Some programs pack command line arguments into argv[0]. + * Check if it is the case by reading /proc/self/exe and extract + * the program name. + * + * Logic borrowed from: + * . + */ + static char *buf; + + if (!buf) + buf = realpath ("/proc/self/exe", NULL); + + if (buf && strncmp (buf, name, strlen (buf)) == 0) + /* Use the executable path if the prefix matches. */ + name = strrchr (buf, '/') + 1; + else + /* Otherwise fall back to + * program_invocation_short_name. */ + name = program_invocation_short_name; + } else { + name = program_invocation_short_name; + } +#else + name = program_invocation_short_name; +#endif +#elif defined (HAVE___PROGNAME) + name = __progname; +#else + #error No way to retrieve short program name +#endif + + return name; +} + +#else /* OS_WIN32 */ + +extern char **__argv; +static char prognamebuf[256]; + +const char * +getprogname (void) +{ + const char *name; + const char *p, *p2; + size_t length; + + name = __argv[0]; + if (name == NULL) + return NULL; + + p = strrchr (name, '\\'); + p2 = strrchr (name, '/'); + if (p2 > p) + p = p2; + if (p != NULL) + name = p + 1; + + length = sizeof (prognamebuf) - 1; + strncpy (prognamebuf, name, length); + prognamebuf[length] = 0; + length = strlen (prognamebuf); + if (length > 4 && _stricmp (prognamebuf + (length - 4), ".exe") == 0) + prognamebuf[length - 4] = '\0'; + + return prognamebuf; +} + +#endif /* OS_WIN32 */ + +#endif /* HAVE_GETPROGNAME */ + +#ifdef OS_UNIX +#include +#include +#include +#include + +#ifndef PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP +void +p11_recursive_mutex_init (p11_mutex_t *mutex) +{ + pthread_mutexattr_t attr; + int ret; + + pthread_mutexattr_init (&attr); + pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE); + ret = pthread_mutex_init (mutex, &attr); + assert (ret == 0); + pthread_mutexattr_destroy (&attr); +} +#endif + +char * +p11_dl_error (void) +{ + const char *msg = dlerror (); + return msg ? strdup (msg) : NULL; +} + +struct _p11_mmap { + int fd; + void *data; + size_t size; +}; + +p11_mmap * +p11_mmap_open (const char *path, + struct stat *sb, + void **data, + size_t *size) +{ + struct stat stb; + p11_mmap *map; + + map = calloc (1, sizeof (p11_mmap)); + if (map == NULL) + return NULL; + + map->fd = open (path, O_RDONLY | O_CLOEXEC); + if (map->fd == -1) { + free (map); + return NULL; + } + + if (sb == NULL) { + sb = &stb; + if (fstat (map->fd, &stb) < 0) { + close (map->fd); + free (map); + return NULL; + } + } + + /* Workaround for broken ZFS on Linux */ + if (S_ISDIR (sb->st_mode)) { + errno = EISDIR; + close (map->fd); + free (map); + return NULL; + } + + if (sb->st_size == 0) { + *data = ""; + *size = 0; + return map; + } + + map->size = sb->st_size; + map->data = mmap (NULL, map->size, PROT_READ, MAP_PRIVATE, map->fd, 0); + if (map->data == MAP_FAILED) { + close (map->fd); + free (map); + return NULL; + } + + *data = map->data; + *size = map->size; + return map; +} + +void +p11_mmap_close (p11_mmap *map) +{ + if (map->size) + munmap (map->data, map->size); + close (map->fd); + free (map); +} + +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + +char * +p11_dl_error (void) +{ + DWORD code = GetLastError(); + LPVOID msg_buf; + char *result; + + FormatMessageA (FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, code, + MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), + (LPSTR)&msg_buf, 0, NULL); + + result = strdup (msg_buf); + LocalFree (msg_buf); + return result; +} + +int +p11_thread_create (p11_thread_t *thread, + p11_thread_routine routine, + void *arg) +{ + assert (thread); + + *thread = CreateThread (NULL, 0, + (LPTHREAD_START_ROUTINE)routine, + arg, 0, NULL); + + if (*thread == NULL) + return GetLastError (); + + return 0; +} + +int +p11_thread_join (p11_thread_t thread) +{ + DWORD res; + + res = WaitForSingleObject (thread, INFINITE); + if (res == WAIT_FAILED) + return GetLastError (); + + CloseHandle (thread); + return 0; +} + +struct _p11_mmap { + HANDLE file; + HANDLE mapping; + void *data; +}; + +p11_mmap * +p11_mmap_open (const char *path, + struct stat *sb, + void **data, + size_t *size) +{ + HANDLE mapping; + LARGE_INTEGER large; + DWORD errn; + p11_mmap *map; + + map = calloc (1, sizeof (p11_mmap)); + if (map == NULL) { + errno = ENOMEM; + return NULL; + } + + map->file = CreateFile (path, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_FLAG_RANDOM_ACCESS, NULL); + if (map->file == INVALID_HANDLE_VALUE) { + errn = GetLastError (); + free (map); + SetLastError (errn); + if (errn == ERROR_PATH_NOT_FOUND || errn == ERROR_FILE_NOT_FOUND) + errno = ENOENT; + else if (errn == ERROR_ACCESS_DENIED) + errno = EPERM; + return NULL; + } + + if (sb == NULL) { + if (!GetFileSizeEx (map->file, &large)) { + errn = GetLastError (); + CloseHandle (map->file); + free (map); + SetLastError (errn); + if (errn == ERROR_ACCESS_DENIED) + errno = EPERM; + return NULL; + } + } else { + large.QuadPart = sb->st_size; + } + + mapping = CreateFileMapping (map->file, NULL, PAGE_READONLY, 0, 0, NULL); + if (!mapping) { + errn = GetLastError (); + CloseHandle (map->file); + free (map); + SetLastError (errn); + if (errn == ERROR_ACCESS_DENIED) + errno = EPERM; + return NULL; + } + + map->data = MapViewOfFile (mapping, FILE_MAP_READ, 0, 0, large.QuadPart); + CloseHandle (mapping); + + if (map->data == NULL) { + errn = GetLastError (); + CloseHandle (map->file); + free (map); + SetLastError (errn); + if (errn == ERROR_ACCESS_DENIED) + errno = EPERM; + return NULL; + } + + *data = map->data; + *size = large.QuadPart; + return map; +} + +void +p11_mmap_close (p11_mmap *map) +{ + UnmapViewOfFile (map->data); + CloseHandle (map->file); + free (map); +} + +#endif /* OS_WIN32 */ + +#ifndef HAVE_STRNSTR +#include + +/* + * Find the first occurrence of find in s, where the search is limited to the + * first slen characters of s. + */ +char * +strnstr (const char *s, + const char *find, + size_t slen) +{ + char c, sc; + size_t len; + + if ((c = *find++) != '\0') { + len = strlen (find); + do { + do { + if (slen-- < 1 || (sc = *s++) == '\0') + return (NULL); + } while (sc != c); + if (len > slen) + return (NULL); + } while (strncmp(s, find, len) != 0); + s--; + } + return ((char *)s); +} + +#endif /* HAVE_STRNSTR */ + +#ifndef HAVE_MEMDUP + +void * +memdup (const void *data, + size_t length) +{ + void *dup; + + if (!data) + return NULL; + + dup = malloc (length); + if (dup != NULL) + memcpy (dup, data, length); + + return dup; +} + +#endif /* HAVE_MEMDUP */ + +/* + * WORKAROUND: So in lots of released builds of firefox a completely broken strndup() + * is present. It does not NULL terminate its string output. It is unconditionally + * defined, and overrides the libc strndup() function on platforms where it + * exists as a function. For this reason we (for now) unconditionally define + * strndup(). + */ + +#if 1 /* #ifndef HAVE_STRNDUP */ + +/* + * HAVE_STRNDUP may be undefined if strndup() isn't working. So it may be + * present, and yet strndup may still be a defined header macro. + */ +#ifdef strndup +#undef strndup +#endif + +char * +strndup (const char *data, + size_t length); + +char * +strndup (const char *data, + size_t length) +{ + char *ret; + + ret = malloc (length + 1); + if (ret != NULL) { + strncpy (ret, data, length); + ret[length] = 0; + } + + return ret; +} + +#endif /* HAVE_STRNDUP */ + +#ifndef HAVE_REALLOCARRAY + +void * +reallocarray (void *ptr, + size_t nmemb, + size_t size) +{ + assert (nmemb > 0 && size > 0); + if (SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + return realloc (ptr, nmemb * size); +} + +#endif /* HAVE_MEMDUP */ + +#ifndef HAVE_STRCONCAT + +#include + +char * +strconcat (const char *first, + ...) +{ + size_t length = 0; + const char *arg; + char *result, *at; + va_list va; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) { + size_t old_length = length; + length += strlen (arg); + if (length < old_length) { + va_end (va); + return_val_if_reached (NULL); + } + } + + va_end (va); + + at = result = malloc (length + 1); + if (result == NULL) + return NULL; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) { + length = strlen (arg); + memcpy (at, arg, length); + at += length; + } + + va_end (va); + + *at = 0; + return result; +} + +#endif /* HAVE_STRCONCAT */ + +#ifndef HAVE_VASPRINTF +#include + +int vasprintf(char **strp, const char *fmt, va_list ap); + +int +vasprintf (char **strp, + const char *fmt, + va_list ap) +{ + char *buf = NULL; + char *nbuf; + int guess = 128; + int length = 0; + va_list orig, aq; + int ret; + + if (fmt == NULL) { + errno = EINVAL; + return -1; + } + + va_copy (orig, ap); + for (;;) { + nbuf = realloc (buf, guess); + if (!nbuf) { + free (buf); + va_end (orig); + return -1; + } + + buf = nbuf; + length = guess; + + va_copy (aq, orig); + ret = vsnprintf (buf, length, fmt, aq); + va_end (aq); + + if (ret < 0) + guess *= 2; + + else if (ret >= length) + guess = ret + 1; + + else + break; + } + va_end (orig); + + *strp = buf; + return ret; +} + +#endif /* HAVE_VASPRINTF */ + +#ifndef HAVE_ASPRINTF + +int asprintf(char **strp, const char *fmt, ...); + +int +asprintf (char **strp, + const char *fmt, + ...) +{ + va_list va; + int ret; + + va_start (va, fmt); + ret = vasprintf (strp, fmt, va); + va_end (va); + + return ret; +} + +#endif /* HAVE_ASPRINTF */ + +#ifndef HAVE_GMTIME_R + +struct tm * +gmtime_r (const time_t *timep, + struct tm *result) +{ +#ifdef OS_WIN32 + /* + * On win32 gmtime() returns thread local storage, so we can + * just copy it out into the buffer without worrying about races. + */ + struct tm *tg; + tg = gmtime (timep); + if (!tg) + return NULL; + memcpy (result, tg, sizeof (struct tm)); + return result; +#else + #error Need either gmtime_r() function on Unix +#endif +} + +#endif /* HAVE_GMTIME_R */ + +#if !defined(HAVE_MKDTEMP) || !defined(HAVE_MKSTEMP) +#include +#include + +static int +_gettemp (char *path, + int *doopen, + int domkdir, + int slen) +{ + static const char padchar[] = + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + static const int maxpathlen = 1024; + + char *start, *trv, *suffp, *carryp; + char *pad; + struct stat sbuf; + int rval; + int rnd; + char carrybuf[maxpathlen]; + + if ((doopen != NULL && domkdir) || slen < 0) { + errno = EINVAL; + return (0); + } + + for (trv = path; *trv != '\0'; ++trv) + ; + if (trv - path >= maxpathlen) { + errno = ENAMETOOLONG; + return (0); + } + trv -= slen; + suffp = trv; + --trv; + if (trv < path || NULL != strchr (suffp, '/')) { + errno = EINVAL; + return (0); + } + + /* Fill space with random characters */ + while (trv >= path && *trv == 'X') { + rnd = rand () % (sizeof (padchar) - 1); + *trv-- = padchar[rnd]; + } + start = trv + 1; + + /* save first combination of random characters */ + memcpy (carrybuf, start, suffp - start); + + /* + * check the target directory. + */ + if (doopen != NULL || domkdir) { + for (; trv > path; --trv) { + if (*trv == '/') { + *trv = '\0'; + rval = stat(path, &sbuf); + *trv = '/'; + if (rval != 0) + return (0); + if (!S_ISDIR(sbuf.st_mode)) { + errno = ENOTDIR; + return (0); + } + break; + } + } + } + + for (;;) { + if (doopen) { + if ((*doopen = open (path, O_BINARY | O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600)) >= 0) + return (1); + if (errno != EEXIST) + return (0); + } else if (domkdir) { +#ifdef OS_UNIX + if (mkdir (path, 0700) == 0) +#else + if (mkdir (path) == 0) +#endif + return (1); + if (errno != EEXIST) + return (0); +#ifdef OS_UNIX + } else if (lstat (path, &sbuf)) +#else + } else if (stat (path, &sbuf)) +#endif + return (errno == ENOENT); + + /* If we have a collision, cycle through the space of filenames */ + for (trv = start, carryp = carrybuf;;) { + /* have we tried all possible permutations? */ + if (trv == suffp) + return (0); /* yes - exit with EEXIST */ + pad = strchr(padchar, *trv); + if (pad == NULL) { + /* this should never happen */ + errno = EIO; + return (0); + } + /* increment character */ + *trv = (*++pad == '\0') ? padchar[0] : *pad; + /* carry to next position? */ + if (*trv == *carryp) { + /* increment position and loop */ + ++trv; + ++carryp; + } else { + /* try with new name */ + break; + } + } + } + + /*NOTREACHED*/ +} + +#endif /* !HAVE_MKDTEMP || !HAVE_MKSTEMP */ + +#ifndef HAVE_MKSTEMP + +int +mkstemp (char *template) +{ + int fd; + + return (_gettemp (template, &fd, 0, 0) ? fd : -1); +} + +#endif /* HAVE_MKSTEMP */ + +#ifndef HAVE_MKDTEMP + +char * +mkdtemp (char *template) +{ + return (_gettemp (template, (int *)NULL, 1, 0) ? template : (char *)NULL); +} + +#endif /* HAVE_MKDTEMP */ + +#ifndef HAVE_GETAUXVAL + +unsigned long +getauxval (unsigned long type) +{ + static unsigned long secure = 0UL; + static bool check_secure_initialized = false; + + /* + * This is the only one our stand-in impl supports and is + * also the only type we define in compat.h header + */ + assert (type == AT_SECURE); + + if (!check_secure_initialized) { +#if defined(HAVE___LIBC_ENABLE_SECURE) + extern int __libc_enable_secure; + secure = __libc_enable_secure; + +#elif defined(HAVE_ISSETUGID) && \ + !((defined __APPLE__ && defined __MACH__) || (defined __FREEBSD__)) + secure = issetugid (); + +#elif defined(OS_UNIX) + uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ + gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ + +#ifdef HAVE_GETRESUID + if (getresuid (&ruid, &euid, &suid) != 0 || + getresgid (&rgid, &egid, &sgid) != 0) +#endif /* HAVE_GETRESUID */ + { + suid = ruid = getuid (); + sgid = rgid = getgid (); + euid = geteuid (); + egid = getegid (); + } + + secure = (ruid != euid || ruid != suid || + rgid != egid || rgid != sgid); +#endif /* OS_UNIX */ + check_secure_initialized = true; + } + + return secure; +} + +#endif /* HAVE_GETAUXVAL */ + +char * +secure_getenv (const char *name) +{ + if (getauxval (AT_SECURE)) + return NULL; + return getenv (name); +} + +#ifndef HAVE_STRERROR_R + +int +strerror_r (int errnum, + char *buf, + size_t buflen) +{ +#ifdef OS_WIN32 +#if _WIN32_WINNT < 0x502 /* WinXP or older */ + int n = sys_nerr; + const char *p; + if (errnum < 0 || errnum >= n) + p = sys_errlist[n]; + else + p = sys_errlist[errnum]; + if (buf == NULL || buflen == 0) + return EINVAL; + strncpy(buf, p, buflen); + buf[buflen-1] = 0; + return 0; +#else /* Server 2003 or newer */ + return strerror_s (buf, buflen, errnum); +#endif /*_WIN32_WINNT*/ + +#else + #error no strerror_r implementation +#endif +} + +#endif /* HAVE_STRERROR_R */ + +void +p11_dl_close (void *dl) +{ +#ifdef OS_WIN32 + FreeLibrary (dl); +#else + (void) dlclose (dl); +#endif +} + + +#ifdef OS_UNIX + +#include + +#ifndef HAVE_FDWALK + +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif + +int +fdwalk (int (* cb) (void *data, int fd), + void *data) +{ + struct dirent *de; + char *end; + DIR *dir; + int open_max; + long num; + int res = 0; + int fd; + +#ifdef HAVE_SYS_RESOURCE_H + struct rlimit rl; +#endif + +#ifdef __linux__ + dir = opendir ("/proc/self/fd"); + if (dir != NULL) { + while ((de = readdir (dir)) != NULL) { + end = NULL; + num = (int) strtol (de->d_name, &end, 10); + + /* didn't parse or is the opendir() fd */ + if (!end || *end != '\0' || + (int)num == dirfd (dir)) + continue; + + fd = num; + + /* call the callback */ + res = cb (data, fd); + if (res != 0) + break; + } + + closedir (dir); + return res; + } +#endif + + /* No /proc, brute force */ +#ifdef HAVE_SYS_RESOURCE_H + if (getrlimit (RLIMIT_NOFILE, &rl) == 0 && rl.rlim_max != RLIM_INFINITY) + open_max = rl.rlim_max; + else +#endif + open_max = sysconf (_SC_OPEN_MAX); + + for (fd = 0; fd < open_max; fd++) { + res = cb (data, fd); + if (res != 0) + break; + } + + return res; +} + +#endif /* HAVE_FDWALK */ + +#endif /* OS_UNIX */ + +int +p11_ascii_tolower (int c) +{ + if (c >= 'A' && c <= 'Z') + return 'a' + (c - 'A'); + return c; +} + +int +p11_ascii_toupper (int c) +{ + if (c >= 'a' && c <= 'z') + return 'A' + (c - 'a'); + return c; +} diff --git a/common/compat.h b/common/compat.h new file mode 100644 index 0000000..d6ce3d4 --- /dev/null +++ b/common/compat.h @@ -0,0 +1,388 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __COMPAT_H__ +#define __COMPAT_H__ + +#include "config.h" + +#include +#include + +#if !defined(__cplusplus) && (__GNUC__ > 2) +#define GNUC_PRINTF(x, y) __attribute__((__format__(__printf__, x, y))) +#else +#define GNUC_PRINTF(x, y) +#endif + +#if __GNUC__ >= 4 +#define GNUC_NULL_TERMINATED __attribute__((__sentinel__)) +#else +#define GNUC_NULL_TERMINATED +#endif + +#if (201112L <= __STDC_VERSION__ \ + || (!defined __STRICT_ANSI__ && 4 < __GNUC__ + (6 <= __GNUC_MINOR__))) +# define P11_STATIC_ASSERT(x) _Static_assert(x, "static assertion failed") +#else +# define P11_STATIC_ASSERT(x) +#endif + +/* For detecting clang features */ +#ifndef __has_feature +#define __has_feature(x) 0 +#endif + +#ifndef CLANG_ANALYZER_NORETURN +#if __has_feature(attribute_analyzer_noreturn) +#define CLANG_ANALYZER_NORETURN __attribute__((analyzer_noreturn)) +#else +#define CLANG_ANALYZER_NORETURN +#endif +#endif + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef HAVE_GETPROGNAME +const char * getprogname (void); +#endif + +#ifndef HAVE_MKSTEMP + +int mkstemp (char *template); + +#endif /* HAVE_MKSTEMP */ + +#ifndef HAVE_MKDTEMP + +char * mkdtemp (char *template); + +#endif /* HAVE_MKDTEMP */ + +char * strdup_path_mangle (const char *template); + +void p11_dl_close (void * dl); + +/* ----------------------------------------------------------------------------- + * WIN32 + */ + +#ifdef OS_WIN32 + +#ifndef _WIN32_WINNT +#define _WIN32_WINNT 0x500 +#endif + +#ifndef _WIN32_IE +#define _WIN32_IE 0x500 +#endif + +#define WIN32_LEAN_AND_MEAN 1 +#include + +#include + +/* Oh ... my ... god */ +#undef CreateMutex + +typedef CRITICAL_SECTION p11_mutex_t; + +typedef HANDLE p11_thread_t; + +typedef DWORD p11_thread_id_t; + +#define P11_RECURSIVE_MUTEX_INIT(m) \ + (InitializeCriticalSection (&m)) +#define p11_mutex_init(m) \ + (InitializeCriticalSection (m)) +#define p11_mutex_lock(m) \ + (EnterCriticalSection (m)) +#define p11_mutex_unlock(m) \ + (LeaveCriticalSection (m)) +#define p11_mutex_uninit(m) \ + (DeleteCriticalSection (m)) + +typedef void * (*p11_thread_routine) (void *arg); + +int p11_thread_create (p11_thread_t *thread, p11_thread_routine, void *arg); + +int p11_thread_join (p11_thread_t thread); + +/* Returns a thread_id_t */ +#define p11_thread_id_self() \ + (GetCurrentThreadId ()) + +typedef HMODULE dl_module_t; + +#define p11_dl_open(f) \ + (LoadLibrary (f)) +#define p11_dl_symbol(d, s) \ + ((void *)GetProcAddress ((d), (s))) + +char * p11_dl_error (void); + +#define p11_sleep_ms(ms) \ + (Sleep (ms)) + +typedef struct _p11_mmap p11_mmap; + +p11_mmap * p11_mmap_open (const char *path, + struct stat *sb, + void **data, + size_t *size); + +void p11_mmap_close (p11_mmap *map); + +#ifndef HAVE_SETENV +#define setenv(n, v, z) _putenv_s(n, v) +#endif /* HAVE_SETENV */ + +#endif /* OS_WIN32 */ + +/* ---------------------------------------------------------------------------- + * UNIX + */ + +#ifdef OS_UNIX + +#include +#include +#include +#include + +typedef pthread_mutex_t p11_mutex_t; + +#ifdef PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP + +/* No implementation, because done by static initializer */ +#define P11_RECURSIVE_MUTEX_INIT(mutex) + +#else + +#define P11_RECURSIVE_MUTEX_INIT(mutex) \ + (p11_recursive_mutex_init (&(mutex))) + +void p11_recursive_mutex_init (p11_mutex_t *mutex); + +#endif + +#define p11_mutex_init(m) \ + (pthread_mutex_init (m, NULL)) +#define p11_mutex_lock(m) \ + (pthread_mutex_lock (m)) +#define p11_mutex_unlock(m) \ + (pthread_mutex_unlock (m)) +#define p11_mutex_uninit(m) \ + (pthread_mutex_destroy(m)) + +typedef pthread_cond_t p11_cond_t; + +#define p11_cond_init(c) \ + (pthread_cond_init (c, NULL)) +#define p11_cond_wait(c, m) \ + (pthread_cond_wait (c, m)) +#define p11_cond_signal(c) \ + (pthread_cond_signal (c)) +#define p11_cond_broadcast(c) \ + (pthread_cond_broadcast (c)) +#define p11_cond_uninit(c) \ + (pthread_cond_destroy (c)) + +typedef pthread_t p11_thread_t; + +typedef pthread_t p11_thread_id_t; + +typedef void * (*p11_thread_routine) (void *arg); + +#define p11_thread_create(t, r, a) \ + (pthread_create ((t), NULL, (r), (a))) +#define p11_thread_join(t) \ + (pthread_join ((t), NULL)) +#define p11_thread_id_self(m) \ + (pthread_self ()) + +typedef void * dl_module_t; + +#define p11_dl_open(f) \ + (dlopen ((f), RTLD_LOCAL | RTLD_NOW)) +#define p11_dl_symbol(d, s) \ + (dlsym ((d), (s))) + +char * p11_dl_error (void); + +#define p11_sleep_ms(ms) \ + do { int _ms = (ms); \ + struct timespec _ts = { _ms / 1000, (_ms % 1000) * 1000 * 1000 }; \ + nanosleep (&_ts, NULL); \ + } while(0) + +typedef struct _p11_mmap p11_mmap; + +p11_mmap * p11_mmap_open (const char *path, + struct stat *sb, + void **data, + size_t *size); + +void p11_mmap_close (p11_mmap *map); + +#endif /* OS_UNIX */ + +/* ---------------------------------------------------------------------------- + * MORE COMPAT + */ + +#ifdef HAVE_ERRNO_H +#include +#endif /* HAVE_ERRNO_H */ + +#ifndef HAVE_STRNSTR + +char * strnstr (const char *s, + const char *find, + size_t slen); + +#endif /* HAVE_STRNSTR */ + +#ifndef HAVE_MEMDUP + +void * memdup (const void *data, + size_t length); + +#endif /* HAVE_MEMDUP */ + +#ifndef HAVE_STRNDUP + +char * strndup (const char *data, + size_t length); + +#endif /* HAVE_STRDUP */ + +#if defined HAVE_DECL_REALLOCARRAY && !HAVE_DECL_REALLOCARRAY + +void * reallocarray (void *ptr, + size_t nmemb, + size_t size); + +#endif /* HAVE_REALLOCARRAY */ + +#ifdef HAVE_STDBOOL_H +#include +#else +typedef enum { false, true } bool; +#endif + +#ifndef HAVE_STRCONCAT + +char * strconcat (const char *first, + ...) GNUC_NULL_TERMINATED; + +#endif /* HAVE_STRCONCAT */ + +#if defined HAVE_DECL_ASPRINTF && !HAVE_DECL_ASPRINTF + +int asprintf (char **strp, + const char *fmt, + ...); + +#endif /* HAVE_ASPRINTF */ + +#if defined HAVE_DECL_VASPRINTF && !HAVE_DECL_VASPRINTF +#include + +int vasprintf (char **strp, + const char *fmt, + va_list ap); + +#endif /* HAVE_DECL_VASPRINTF */ + +#ifndef HAVE_GMTIME_R +#include + +struct tm * gmtime_r (const time_t *timep, + struct tm *result); + +#endif /* HAVE_GMTIME_R */ + +#ifndef HAVE_TIMEGM +#include + +time_t timegm (struct tm *tm); + +#endif /* HAVE_TIMEGM */ + +#ifdef HAVE_GETAUXVAL + +#include + +#else /* !HAVE_GETAUXVAL */ + +unsigned long getauxval (unsigned long type); + +#define AT_SECURE 23 + +#endif /* !HAVE_GETAUXVAL */ + +char * secure_getenv (const char *name); + +#ifndef HAVE_STRERROR_R + +int strerror_r (int errnum, + char *buf, + size_t buflen); + +#endif /* HAVE_STRERROR_R */ + +#ifndef HAVE_FDWALK + +int fdwalk (int (* cb) (void *data, int fd), + void *data); + +#endif + +/* If either locale_t or newlocale() is not available, strerror_l() + * cannot be used */ +#if !defined(HAVE_LOCALE_T) || !defined(HAVE_NEWLOCALE) +#undef HAVE_STRERROR_L +#endif + +int p11_ascii_tolower (int c); +int p11_ascii_toupper (int c); + +#endif /* __COMPAT_H__ */ diff --git a/common/constants.c b/common/constants.c new file mode 100644 index 0000000..2b785b8 --- /dev/null +++ b/common/constants.c @@ -0,0 +1,713 @@ +/* + * Copyright (C) 2013, Redhat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "constants.h" +#include "debug.h" +#include "pkcs11.h" +#include "pkcs11i.h" +#include "pkcs11x.h" + +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +/* + * These are in numeric order of their type for easy lookup + * After changing something make sure to run the test-attrs + * test to verify everything is in order. + */ + +#define CT(x, n) { x, #x, { n } }, +#define CT2(x, n, n2) { x, #x, { n, n2 } }, + +const p11_constant p11_constant_types[] = { + CT (CKA_CLASS, "class") + CT (CKA_TOKEN, "token") + CT (CKA_PRIVATE, "private") + CT (CKA_LABEL, "label") + CT (CKA_APPLICATION, "application") + CT (CKA_VALUE, "value") + CT (CKA_OBJECT_ID, "object-id") + CT (CKA_CERTIFICATE_TYPE, "certificate-type") + CT (CKA_ISSUER, "issuer") + CT (CKA_SERIAL_NUMBER, "serial-number") + CT (CKA_AC_ISSUER, "ac-issuer") + CT (CKA_OWNER, "owner") + CT (CKA_ATTR_TYPES, "attr-types") + CT (CKA_TRUSTED, "trusted") + CT (CKA_CERTIFICATE_CATEGORY, "certificate-category") + CT (CKA_JAVA_MIDP_SECURITY_DOMAIN, "java-midp-security-domain") + CT (CKA_URL, "url") + CT (CKA_HASH_OF_SUBJECT_PUBLIC_KEY, "hash-of-subject-public-key") + CT (CKA_HASH_OF_ISSUER_PUBLIC_KEY, "hash-of-issuer-public-key") + CT (CKA_CHECK_VALUE, "check-value") + CT (CKA_KEY_TYPE, "key-type") + CT (CKA_SUBJECT, "subject") + CT (CKA_ID, "id") + CT (CKA_SENSITIVE, "sensitive") + CT (CKA_ENCRYPT, "encrypt") + CT (CKA_DECRYPT, "decrypt") + CT (CKA_WRAP, "wrap") + CT (CKA_UNWRAP, "unwrap") + CT (CKA_SIGN, "sign") + CT (CKA_SIGN_RECOVER, "sign-recover") + CT (CKA_VERIFY, "verify") + CT (CKA_VERIFY_RECOVER, "recover") + CT (CKA_DERIVE, "derive") + CT (CKA_START_DATE, "start-date") + CT (CKA_END_DATE, "end-date") + CT (CKA_MODULUS, "modulus") + CT (CKA_MODULUS_BITS, "modulus-bits") + CT (CKA_PUBLIC_EXPONENT, "public-exponent") + CT (CKA_PRIVATE_EXPONENT, "private-exponent") + CT (CKA_PRIME_1, "prime-1") + CT (CKA_PRIME_2, "prime-2") + CT (CKA_EXPONENT_1, "exponent-1") + CT (CKA_EXPONENT_2, "exponent-2") + CT (CKA_COEFFICIENT, "coefficient") + CT2 (CKA_PUBLIC_KEY_INFO, "public-key-info", "x-public-key-info") + CT (CKA_PRIME, "prime") + CT (CKA_SUBPRIME, "subprime") + CT (CKA_BASE, "base") + CT (CKA_PRIME_BITS, "prime-bits") + /* CT (CKA_SUBPRIME_BITS) */ + CT (CKA_SUB_PRIME_BITS, "subprime-bits") + CT (CKA_VALUE_BITS, "value-bits") + CT (CKA_VALUE_LEN, "value-len") + CT (CKA_EXTRACTABLE, "extractable") + CT (CKA_LOCAL, "local") + CT (CKA_NEVER_EXTRACTABLE, "never-extractable") + CT (CKA_ALWAYS_SENSITIVE, "always-sensitive") + CT (CKA_KEY_GEN_MECHANISM, "key-gen-mechanism") + CT (CKA_MODIFIABLE, "modifiable") + CT (CKA_ECDSA_PARAMS, "ecdsa-params") + /* CT (CKA_EC_PARAMS) */ + CT (CKA_EC_POINT, "ec-point") + CT (CKA_SECONDARY_AUTH, "secondary-auth") + CT (CKA_AUTH_PIN_FLAGS, "auth-pin-flags") + CT (CKA_ALWAYS_AUTHENTICATE, "always-authenticate") + CT (CKA_WRAP_WITH_TRUSTED, "wrap-with-trusted") + CT (CKA_HW_FEATURE_TYPE, "hw-feature-type") + CT (CKA_RESET_ON_INIT, "reset-on-init") + CT (CKA_HAS_RESET, "has-reset") + CT (CKA_PIXEL_X, "pixel-x") + CT (CKA_PIXEL_Y, "pixel-y") + CT (CKA_RESOLUTION, "resolution") + CT (CKA_CHAR_ROWS, "char-rows") + CT (CKA_CHAR_COLUMNS, "char-columns") + CT (CKA_COLOR, "color") + CT (CKA_BITS_PER_PIXEL, "bits-per-pixel") + CT (CKA_CHAR_SETS, "char-sets") + CT (CKA_ENCODING_METHODS, "encoding-methods") + CT (CKA_MIME_TYPES, "mime-types") + CT (CKA_MECHANISM_TYPE, "mechanism-type") + CT (CKA_REQUIRED_CMS_ATTRIBUTES, "required-cms-attributes") + CT (CKA_DEFAULT_CMS_ATTRIBUTES, "default-cms-attributes") + CT (CKA_SUPPORTED_CMS_ATTRIBUTES, "supported-cms-attributes") + CT (CKA_WRAP_TEMPLATE, "wrap-template") + CT (CKA_UNWRAP_TEMPLATE, "unwrap-template") + CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms") + CT (CKA_NSS_URL, "nss-url") + CT (CKA_NSS_EMAIL, "nss-email") + CT (CKA_NSS_SMIME_INFO, "nss-smime-constant") + CT (CKA_NSS_SMIME_TIMESTAMP, "nss-smime-timestamp") + CT (CKA_NSS_PKCS8_SALT, "nss-pkcs8-salt") + CT (CKA_NSS_PASSWORD_CHECK, "nss-password-check") + CT (CKA_NSS_EXPIRES, "nss-expires") + CT (CKA_NSS_KRL, "nss-krl") + CT (CKA_NSS_PQG_COUNTER, "nss-pqg-counter") + CT (CKA_NSS_PQG_SEED, "nss-pqg-seed") + CT (CKA_NSS_PQG_H, "nss-pqg-h") + CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits") + CT (CKA_NSS_MODULE_SPEC, "nss-module-spec") + CT (CKA_NSS_MOZILLA_CA_POLICY, "nss-mozilla-ca-policy") + CT (CKA_NSS_SERVER_DISTRUST_AFTER, "nss-server-distrust-after") + CT (CKA_NSS_EMAIL_DISTRUST_AFTER, "nss-email-distrust-after") + CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature") + CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation") + CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment") + CT (CKA_TRUST_DATA_ENCIPHERMENT, "trust-data-encipherment") + CT (CKA_TRUST_KEY_AGREEMENT, "trust-key-agreement") + CT (CKA_TRUST_KEY_CERT_SIGN, "trust-key-cert-sign") + CT (CKA_TRUST_CRL_SIGN, "trust-crl-sign") + CT (CKA_TRUST_SERVER_AUTH, "trust-server-auth") + CT (CKA_TRUST_CLIENT_AUTH, "trust-client-auth") + CT (CKA_TRUST_CODE_SIGNING, "trust-code-signing") + CT (CKA_TRUST_EMAIL_PROTECTION, "trust-email-protection") + CT (CKA_TRUST_IPSEC_END_SYSTEM, "trust-ipsec-end-system") + CT (CKA_TRUST_IPSEC_TUNNEL, "trust-ipsec-tunnel") + CT (CKA_TRUST_IPSEC_USER, "trust-ipsec-user") + CT (CKA_TRUST_TIME_STAMPING, "trust-time-stamping") + CT (CKA_TRUST_STEP_UP_APPROVED, "trust-step-up-approved") + CT (CKA_CERT_SHA1_HASH, "cert-sha1-hash") + CT (CKA_CERT_MD5_HASH, "cert-md5-hash") + CT (CKA_X_ASSERTION_TYPE, "x-assertion-type") + CT (CKA_X_CERTIFICATE_VALUE, "x-certificate-value") + CT (CKA_X_PURPOSE, "x-purpose") + CT (CKA_X_PEER, "x-peer") + CT (CKA_X_DISTRUSTED, "x-distrusted") + CT (CKA_X_CRITICAL, "x-critical") + { CKA_INVALID }, +}; + +const p11_constant p11_constant_classes[] = { + CT (CKO_DATA, "data") + CT (CKO_CERTIFICATE, "certificate") + CT (CKO_PUBLIC_KEY, "public-key") + CT (CKO_PRIVATE_KEY, "private-key") + CT (CKO_SECRET_KEY, "secret-key") + CT (CKO_HW_FEATURE, "hw-feature") + CT (CKO_DOMAIN_PARAMETERS, "domain-parameters") + CT (CKO_MECHANISM, "mechanism") + CT (CKO_NSS_CRL, "nss-crl") + CT (CKO_NSS_SMIME, "nss-smime") + CT (CKO_NSS_TRUST, "nss-trust") + CT (CKO_NSS_BUILTIN_ROOT_LIST, "nss-builtin-root-list") + CT (CKO_NSS_NEWSLOT, "nss-newslot") + CT (CKO_NSS_DELSLOT, "nss-delslot") + CT (CKO_X_TRUST_ASSERTION, "x-trust-assertion") + CT (CKO_X_CERTIFICATE_EXTENSION, "x-certificate-extension") + { CKA_INVALID }, +}; + +const p11_constant p11_constant_trusts[] = { + CT (CKT_NSS_TRUSTED, "nss-trusted") + CT (CKT_NSS_TRUSTED_DELEGATOR, "nss-trusted-delegator") + CT (CKT_NSS_MUST_VERIFY_TRUST, "nss-must-verify-trust") + CT (CKT_NSS_TRUST_UNKNOWN, "nss-trust-unknown") + CT (CKT_NSS_NOT_TRUSTED, "nss-not-trusted") + CT (CKT_NSS_VALID_DELEGATOR, "nss-valid-delegator") + { CKA_INVALID }, +}; + +const p11_constant p11_constant_certs[] = { + CT (CKC_X_509, "x-509") + CT (CKC_X_509_ATTR_CERT, "x-509-attr-cert") + CT (CKC_WTLS, "wtls") + { CKA_INVALID }, +}; + +const p11_constant p11_constant_keys[] = { + CT (CKK_RSA, "rsa") + CT (CKK_DSA, "dsa") + CT (CKK_DH, "dh") + /* CT (CKK_ECDSA) */ + CT (CKK_EC, "ec") + CT (CKK_X9_42_DH, "x9-42-dh") + CT (CKK_KEA, "kea") + CT (CKK_GENERIC_SECRET, "generic-secret") + CT (CKK_RC2, "rc2") + CT (CKK_RC4, "rc4") + CT (CKK_DES, "des") + CT (CKK_DES2, "des2") + CT (CKK_DES3, "des3") + CT (CKK_CAST, "cast") + CT (CKK_CAST3, "cast3") + CT (CKK_CAST128, "cast128") + CT (CKK_RC5, "rc5") + CT (CKK_IDEA, "idea") + CT (CKK_SKIPJACK, "skipjack") + CT (CKK_BATON, "baton") + CT (CKK_JUNIPER, "juniper") + CT (CKK_CDMF, "cdmf") + CT (CKK_AES, "aes") + CT (CKK_BLOWFISH, "blowfish") + CT (CKK_TWOFISH, "twofish") + CT (CKK_NSS_PKCS8, "nss-pkcs8") + { CKA_INVALID }, +}; + +const p11_constant p11_constant_asserts[] = { + CT (CKT_X_DISTRUSTED_CERTIFICATE, "x-distrusted-certificate") + CT (CKT_X_PINNED_CERTIFICATE, "x-pinned-certificate") + CT (CKT_X_ANCHORED_CERTIFICATE, "x-anchored-certificate") + { CKA_INVALID }, +}; + +const p11_constant p11_constant_categories[] = { + { 0, "unspecified", { "unspecified" } }, + { 1, "token-user", { "token-user" } }, + { 2, "authority", { "authority" } }, + { 3, "other-entry", { "other-entry" } }, + { CKA_INVALID }, +}; + +const p11_constant p11_constant_users[] = { + CT (CKU_SO, NULL) + CT (CKU_USER, NULL) + CT (CKU_CONTEXT_SPECIFIC, NULL) + { CKA_INVALID }, +}; + +const p11_constant p11_constant_states[] = { + CT (CKS_RO_PUBLIC_SESSION, NULL) + CT (CKS_RO_USER_FUNCTIONS, NULL) + CT (CKS_RW_PUBLIC_SESSION, NULL) + CT (CKS_RW_USER_FUNCTIONS, NULL) + CT (CKS_RW_SO_FUNCTIONS, NULL) + { CKA_INVALID }, +}; + +const p11_constant p11_constant_returns[] = { + CT (CKR_OK, NULL) + CT (CKR_CANCEL, NULL) + CT (CKR_HOST_MEMORY, NULL) + CT (CKR_SLOT_ID_INVALID, NULL) + CT (CKR_GENERAL_ERROR, NULL) + CT (CKR_FUNCTION_FAILED, NULL) + CT (CKR_ARGUMENTS_BAD, NULL) + CT (CKR_NO_EVENT, NULL) + CT (CKR_NEED_TO_CREATE_THREADS, NULL) + CT (CKR_CANT_LOCK, NULL) + CT (CKR_ATTRIBUTE_READ_ONLY, NULL) + CT (CKR_ATTRIBUTE_SENSITIVE, NULL) + CT (CKR_ATTRIBUTE_TYPE_INVALID, NULL) + CT (CKR_ATTRIBUTE_VALUE_INVALID, NULL) + CT (CKR_DATA_INVALID, NULL) + CT (CKR_DATA_LEN_RANGE, NULL) + CT (CKR_DEVICE_ERROR, NULL) + CT (CKR_DEVICE_MEMORY, NULL) + CT (CKR_DEVICE_REMOVED, NULL) + CT (CKR_ENCRYPTED_DATA_INVALID, NULL) + CT (CKR_ENCRYPTED_DATA_LEN_RANGE, NULL) + CT (CKR_FUNCTION_CANCELED, NULL) + CT (CKR_FUNCTION_NOT_PARALLEL, NULL) + CT (CKR_FUNCTION_NOT_SUPPORTED, NULL) + CT (CKR_KEY_HANDLE_INVALID, NULL) + CT (CKR_KEY_SIZE_RANGE, NULL) + CT (CKR_KEY_TYPE_INCONSISTENT, NULL) + CT (CKR_KEY_NOT_NEEDED, NULL) + CT (CKR_KEY_CHANGED, NULL) + CT (CKR_KEY_NEEDED, NULL) + CT (CKR_KEY_INDIGESTIBLE, NULL) + CT (CKR_KEY_FUNCTION_NOT_PERMITTED, NULL) + CT (CKR_KEY_NOT_WRAPPABLE, NULL) + CT (CKR_KEY_UNEXTRACTABLE, NULL) + CT (CKR_MECHANISM_INVALID, NULL) + CT (CKR_MECHANISM_PARAM_INVALID, NULL) + CT (CKR_OBJECT_HANDLE_INVALID, NULL) + CT (CKR_OPERATION_ACTIVE, NULL) + CT (CKR_OPERATION_NOT_INITIALIZED, NULL) + CT (CKR_PIN_INCORRECT, NULL) + CT (CKR_PIN_INVALID, NULL) + CT (CKR_PIN_LEN_RANGE, NULL) + CT (CKR_PIN_EXPIRED, NULL) + CT (CKR_PIN_LOCKED, NULL) + CT (CKR_SESSION_CLOSED, NULL) + CT (CKR_SESSION_COUNT, NULL) + CT (CKR_SESSION_HANDLE_INVALID, NULL) + CT (CKR_SESSION_PARALLEL_NOT_SUPPORTED, NULL) + CT (CKR_SESSION_READ_ONLY, NULL) + CT (CKR_SESSION_EXISTS, NULL) + CT (CKR_SESSION_READ_ONLY_EXISTS, NULL) + CT (CKR_SESSION_READ_WRITE_SO_EXISTS, NULL) + CT (CKR_SIGNATURE_INVALID, NULL) + CT (CKR_SIGNATURE_LEN_RANGE, NULL) + CT (CKR_TEMPLATE_INCOMPLETE, NULL) + CT (CKR_TEMPLATE_INCONSISTENT, NULL) + CT (CKR_TOKEN_NOT_PRESENT, NULL) + CT (CKR_TOKEN_NOT_RECOGNIZED, NULL) + CT (CKR_TOKEN_WRITE_PROTECTED, NULL) + CT (CKR_UNWRAPPING_KEY_HANDLE_INVALID, NULL) + CT (CKR_UNWRAPPING_KEY_SIZE_RANGE, NULL) + CT (CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, NULL) + CT (CKR_USER_ALREADY_LOGGED_IN, NULL) + CT (CKR_USER_NOT_LOGGED_IN, NULL) + CT (CKR_USER_PIN_NOT_INITIALIZED, NULL) + CT (CKR_USER_TYPE_INVALID, NULL) + CT (CKR_USER_ANOTHER_ALREADY_LOGGED_IN, NULL) + CT (CKR_USER_TOO_MANY_TYPES, NULL) + CT (CKR_WRAPPED_KEY_INVALID, NULL) + CT (CKR_WRAPPED_KEY_LEN_RANGE, NULL) + CT (CKR_WRAPPING_KEY_HANDLE_INVALID, NULL) + CT (CKR_WRAPPING_KEY_SIZE_RANGE, NULL) + CT (CKR_WRAPPING_KEY_TYPE_INCONSISTENT, NULL) + CT (CKR_RANDOM_SEED_NOT_SUPPORTED, NULL) + CT (CKR_RANDOM_NO_RNG, NULL) + CT (CKR_DOMAIN_PARAMS_INVALID, NULL) + CT (CKR_BUFFER_TOO_SMALL, NULL) + CT (CKR_SAVED_STATE_INVALID, NULL) + CT (CKR_INFORMATION_SENSITIVE, NULL) + CT (CKR_STATE_UNSAVEABLE, NULL) + CT (CKR_CRYPTOKI_NOT_INITIALIZED, NULL) + CT (CKR_CRYPTOKI_ALREADY_INITIALIZED, NULL) + CT (CKR_MUTEX_BAD, NULL) + CT (CKR_MUTEX_NOT_LOCKED, NULL) + CT (CKR_FUNCTION_REJECTED, NULL) + { CKA_INVALID }, +}; + +const p11_constant p11_constant_mechanisms[] = { + CT (CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen") + CT (CKM_RSA_PKCS, "rsa-pkcs") + CT (CKM_RSA_9796, "rsa-9796") + CT (CKM_RSA_X_509, "rsa-x-509") + CT (CKM_MD2_RSA_PKCS, "md2-rsa-pkcs") + CT (CKM_MD5_RSA_PKCS, "md5-rsa-pkcs") + CT (CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs") + CT (CKM_RIPEMD128_RSA_PKCS, "ripemd128-rsa-pkcs") + CT (CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs") + CT (CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep") + CT (CKM_RSA_X9_31_KEY_PAIR_GEN, "rsa-x9-31-key-pair-gen") + CT (CKM_RSA_X9_31, "rsa-x9-31") + CT (CKM_SHA1_RSA_X9_31, "sha1-rsa-x9-31") + CT (CKM_RSA_PKCS_PSS, "rsa-pkcs-pss") + CT (CKM_SHA1_RSA_PKCS_PSS, "sha1-rsa-pkcs-pss") + CT (CKM_DSA_KEY_PAIR_GEN, "dsa-key-pair-gen") + CT (CKM_DSA, NULL) /* "dsa" */ + CT (CKM_DSA_SHA1, "dsa-sha1") + CT (CKM_DH_PKCS_KEY_PAIR_GEN, "dh-pkcs-key-pair-gen") + CT (CKM_DH_PKCS_DERIVE, "dh-pkcs-derive") + CT (CKM_X9_42_DH_KEY_PAIR_GEN, "x9-42-dh-key-pair-gen") + CT (CKM_X9_42_DH_DERIVE, "x9-42-dh-derive") + CT (CKM_X9_42_DH_HYBRID_DERIVE, "x9-42-dh-hybrid-derive") + CT (CKM_X9_42_MQV_DERIVE, "x9-42-mqv-derive") + CT (CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs") + CT (CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs") + CT (CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs") + CT (CKM_SHA256_RSA_PKCS_PSS, "sha256-rsa-pkcs-pss") + CT (CKM_SHA384_RSA_PKCS_PSS, "sha384-rsa-pkcs-pss") + CT (CKM_SHA512_RSA_PKCS_PSS, "sha512-rsa-pkcs-pss") + CT (CKM_RC2_KEY_GEN, "rc2-key-gen") + CT (CKM_RC2_ECB, "rc2-ecb") + CT (CKM_RC2_CBC, "rc2-cbc") + CT (CKM_RC2_MAC, "rc2-mac") + CT (CKM_RC2_MAC_GENERAL, "rc2-mac-general") + CT (CKM_RC2_CBC_PAD, "rc2-cbc-pad") + CT (CKM_RC4_KEY_GEN, "rc4-key-gen") + CT (CKM_RC4, NULL) /* "rc4" */ + CT (CKM_DES_KEY_GEN, "des-key-gen") + CT (CKM_DES_ECB, "des-ecb") + CT (CKM_DES_CBC, "des-cbc") + CT (CKM_DES_MAC, "des-mac") + CT (CKM_DES_MAC_GENERAL, "des-mac-general") + CT (CKM_DES_CBC_PAD, "des-cbc-pad") + CT (CKM_DES2_KEY_GEN, "des2-key-gen") + CT (CKM_DES3_KEY_GEN, "des3-key-gen") + CT (CKM_DES3_ECB, "des3-ecb") + CT (CKM_DES3_CBC, "des3-cbc") + CT (CKM_DES3_MAC, "des3-mac") + CT (CKM_DES3_MAC_GENERAL, "des3-mac-general") + CT (CKM_DES3_CBC_PAD, "des3-cbc-pad") + CT (CKM_CDMF_KEY_GEN, "cdmf-key-gen") + CT (CKM_CDMF_ECB, "cdmf-ecb") + CT (CKM_CDMF_CBC, "cdmf-cbc") + CT (CKM_CDMF_MAC, "cdmf-mac") + CT (CKM_CDMF_MAC_GENERAL, "cdmf-mac-general") + CT (CKM_CDMF_CBC_PAD, "cdmf-cbc-pad") + CT (CKM_DES_OFB64, "des-ofb64") + CT (CKM_DES_OFB8, "des-ofb8") + CT (CKM_DES_CFB64, "des-cfb64") + CT (CKM_DES_CFB8, "des-cfb8") + CT (CKM_MD2, "md2") + CT (CKM_MD2_HMAC, "md2-hmac") + CT (CKM_MD2_HMAC_GENERAL, "md2-hmac-general") + CT (CKM_MD5, "md5") + CT (CKM_MD5_HMAC, "md5-hmac") + CT (CKM_MD5_HMAC_GENERAL, "md5-hmac-general") + CT (CKM_SHA_1, "sha-1") + CT (CKM_SHA_1_HMAC, "sha-1-hmac") + CT (CKM_SHA_1_HMAC_GENERAL, "sha-1-hmac-general") + CT (CKM_RIPEMD128, "ripemd128") + CT (CKM_RIPEMD128_HMAC, "ripemd128-hmac") + CT (CKM_RIPEMD128_HMAC_GENERAL, "ripemd128-hmac-general") + CT (CKM_RIPEMD160, "ripemd160") + CT (CKM_RIPEMD160_HMAC, "ripemd160-hmac") + CT (CKM_RIPEMD160_HMAC_GENERAL, "ripemd160-hmac-general") + CT (CKM_SHA256, "sha256") + CT (CKM_SHA256_HMAC, "sha256-hmac") + CT (CKM_SHA256_HMAC_GENERAL, "sha256-hmac-general") + CT (CKM_SHA384, "sha384") + CT (CKM_SHA384_HMAC, "sha384-hmac") + CT (CKM_SHA384_HMAC_GENERAL, "sha384-hmac-general") + CT (CKM_SHA512, "sha512") + CT (CKM_SHA512_HMAC, "sha512-hmac") + CT (CKM_SHA512_HMAC_GENERAL, "sha512-hmac-general") + CT (CKM_CAST_KEY_GEN, "cast-key-gen") + CT (CKM_CAST_ECB, "cast-ecb") + CT (CKM_CAST_CBC, "cast-cbc") + CT (CKM_CAST_MAC, "cast-mac") + CT (CKM_CAST_MAC_GENERAL, "cast-mac-general") + CT (CKM_CAST_CBC_PAD, "cast-cbc-pad") + CT (CKM_CAST3_KEY_GEN, "cast3-key-gen") + CT (CKM_CAST3_ECB, "cast3-ecb") + CT (CKM_CAST3_CBC, "cast3-cbc") + CT (CKM_CAST3_MAC, "cast3-mac") + CT (CKM_CAST3_MAC_GENERAL, "cast3-mac-general") + CT (CKM_CAST3_CBC_PAD, "cast3-cbc-pad") + CT (CKM_CAST5_KEY_GEN, "cast5-key-gen") + /* CT (CKM_CAST128_KEY_GEN) */ + CT (CKM_CAST5_ECB, "cast5-ecb") + /* CT (CKM_CAST128_ECB) */ + CT (CKM_CAST5_CBC, "cast5-cbc") + /* CT (CKM_CAST128_CBC) */ + CT (CKM_CAST5_MAC, "cast5-mac") + /* CT (CKM_CAST128_MAC) */ + CT (CKM_CAST5_MAC_GENERAL, "cast5-mac-general") + /* CT (CKM_CAST128_MAC_GENERAL) */ + CT (CKM_CAST5_CBC_PAD, "cast5-cbc-pad") + /* CT (CKM_CAST128_CBC_PAD) */ + CT (CKM_RC5_KEY_GEN, "rc5-key-gen") + CT (CKM_RC5_ECB, "rc5-ecb") + CT (CKM_RC5_CBC, "rc5-cbc") + CT (CKM_RC5_MAC, "rc5-mac") + CT (CKM_RC5_MAC_GENERAL, "rc5-mac-general") + CT (CKM_RC5_CBC_PAD, "rc5-cbc-pad") + CT (CKM_IDEA_KEY_GEN, "idea-key-gen") + CT (CKM_IDEA_ECB, "idea-ecb") + CT (CKM_IDEA_CBC, "idea-cbc") + CT (CKM_IDEA_MAC, "idea-mac") + CT (CKM_IDEA_MAC_GENERAL, "idea-mac-general") + CT (CKM_IDEA_CBC_PAD, "idea-cbc-pad") + CT (CKM_GENERIC_SECRET_KEY_GEN, "generic-secret-key-gen") + CT (CKM_CONCATENATE_BASE_AND_KEY, "concatenate-base-and-key") + CT (CKM_CONCATENATE_BASE_AND_DATA, "concatenate-base-and-data") + CT (CKM_CONCATENATE_DATA_AND_BASE, "concatenate-data-and-base") + CT (CKM_XOR_BASE_AND_DATA, "xor-base-and-data") + CT (CKM_EXTRACT_KEY_FROM_KEY, "extract-key-from-key") + CT (CKM_SSL3_PRE_MASTER_KEY_GEN, "ssl3-pre-master-key-gen") + CT (CKM_SSL3_MASTER_KEY_DERIVE, "ssl3-master-key-derive") + CT (CKM_SSL3_KEY_AND_MAC_DERIVE, "ssl3-key-and-mac-derive") + CT (CKM_SSL3_MASTER_KEY_DERIVE_DH, "ssl3-master-key-derive-dh") + CT (CKM_TLS_PRE_MASTER_KEY_GEN, "tls-pre-master-key-gen") + CT (CKM_TLS_MASTER_KEY_DERIVE, "tls-master-key-derive") + CT (CKM_TLS_KEY_AND_MAC_DERIVE, "tls-key-and-mac-derive") + CT (CKM_TLS_MASTER_KEY_DERIVE_DH, "tls-master-key-derive-dh") + /* CT (CKM_TLS_PRF) */ + CT (CKM_SSL3_MD5_MAC, "ssl3-md5-mac") + CT (CKM_SSL3_SHA1_MAC, "ssl3-sha1-mac") + CT (CKM_MD5_KEY_DERIVATION, "md5-key-derivation") + CT (CKM_MD2_KEY_DERIVATION, "md2-key-derivation") + CT (CKM_SHA1_KEY_DERIVATION, "sha1-key-derivation") + CT (CKM_SHA256_KEY_DERIVATION, "sha256-key-derivation") + CT (CKM_SHA384_KEY_DERIVATION, "sha384-key-derivation") + CT (CKM_SHA512_KEY_DERIVATION, "sha512-key-derivation") + CT (CKM_PBE_MD2_DES_CBC, "pbe-md2-des-cbc") + CT (CKM_PBE_MD5_DES_CBC, "pbe-md5-des-cbc") + CT (CKM_PBE_MD5_CAST_CBC, "pbe-md5-cast-cbc") + CT (CKM_PBE_MD5_CAST3_CBC, "pbe-md5-cast3-cbc") + CT (CKM_PBE_MD5_CAST5_CBC, "pbe-md5-cast5-cbc") + /* CT (CKM_PBE_MD5_CAST128_CBC) */ + CT (CKM_PBE_SHA1_CAST5_CBC, "pbe-sha1-cast5-cbc") + /* CT (CKM_PBE_SHA1_CAST128_CBC) */ + CT (CKM_PBE_SHA1_RC4_128, "pbe-sha1-rc4-128") + CT (CKM_PBE_SHA1_RC4_40, "pbe-sha1-rc4-40") + CT (CKM_PBE_SHA1_DES3_EDE_CBC, "pbe-sha1-des3-ede-cbc") + CT (CKM_PBE_SHA1_DES2_EDE_CBC, "pbe-sha1-des2-ede-cbc") + CT (CKM_PBE_SHA1_RC2_128_CBC, "pbe-sha1-rc2-128-cbc") + CT (CKM_PBE_SHA1_RC2_40_CBC, "pbe-sha1-rc2-40-cbc") + CT (CKM_PKCS5_PBKD2, "pkcs5-pbkd2") + CT (CKM_PBA_SHA1_WITH_SHA1_HMAC, "pba-sha1-with-sha1-hmac") + CT (CKM_WTLS_PRE_MASTER_KEY_GEN, "wtls-pre-master-key-gen") + CT (CKM_WTLS_MASTER_KEY_DERIVE, "wtls-master-key-derive") + CT (CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC, "wtls-master-key-derive-dh-ecc") + CT (CKM_WTLS_PRF, "wtls-prf") + CT (CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE, "wtls-server-key-and-mac-derive") + CT (CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE, "wtls-client-key-and-mac-derive") + CT (CKM_KEY_WRAP_LYNKS, "key-wrap-lynks") + CT (CKM_KEY_WRAP_SET_OAEP, "key-wrap-set-oaep") + CT (CKM_CMS_SIG, "cms-sig") + CT (CKM_SKIPJACK_KEY_GEN, "skipjack-key-gen") + CT (CKM_SKIPJACK_ECB64, "skipjack-ecb64") + CT (CKM_SKIPJACK_CBC64, "skipjack-cbc64") + CT (CKM_SKIPJACK_OFB64, "skipjack-ofb64") + CT (CKM_SKIPJACK_CFB64, "skipjack-cfb64") + CT (CKM_SKIPJACK_CFB32, "skipjack-cfb32") + CT (CKM_SKIPJACK_CFB16, "skipjack-cfb16") + CT (CKM_SKIPJACK_CFB8, "skipjack-cfb8") + CT (CKM_SKIPJACK_WRAP, "skipjack-wrap") + CT (CKM_SKIPJACK_PRIVATE_WRAP, "skipjack-private-wrap") + CT (CKM_SKIPJACK_RELAYX, "skipjack-relayx") + CT (CKM_KEA_KEY_PAIR_GEN, "kea-key-pair-gen") + CT (CKM_KEA_KEY_DERIVE, "kea-key-derive") + CT (CKM_FORTEZZA_TIMESTAMP, "fortezza-timestamp") + CT (CKM_BATON_KEY_GEN, "baton-key-gen") + CT (CKM_BATON_ECB128, "baton-ecb128") + CT (CKM_BATON_ECB96, "baton-ecb96") + CT (CKM_BATON_CBC128, "baton-cbc128") + CT (CKM_BATON_COUNTER, "baton-counter") + CT (CKM_BATON_SHUFFLE, "baton-shuffle") + CT (CKM_BATON_WRAP, "baton-wrap") + CT (CKM_ECDSA_KEY_PAIR_GEN, "ecdsa-key-pair-gen") + /* CT (CKM_EC_KEY_PAIR_GEN) */ + CT (CKM_ECDSA, "ecdsa") + CT (CKM_ECDSA_SHA1, "ecdsa-sha1") + CT (CKM_ECDH1_DERIVE, "ecdh1-derive") + CT (CKM_ECDH1_COFACTOR_DERIVE, "ecdh1-cofactor-derive") + CT (CKM_ECMQV_DERIVE, "ecmqv-derive") + CT (CKM_JUNIPER_KEY_GEN, "juniper-key-gen") + CT (CKM_JUNIPER_ECB128, "juniper-ecb128") + CT (CKM_JUNIPER_CBC128, "juniper-cbc128") + CT (CKM_JUNIPER_COUNTER, "juniper-counter") + CT (CKM_JUNIPER_SHUFFLE, "juniper-shuffle") + CT (CKM_JUNIPER_WRAP, "juniper-wrap") + CT (CKM_FASTHASH, "fasthash") + CT (CKM_AES_KEY_GEN, "aes-key-gen") + CT (CKM_AES_ECB, "aes-ecb") + CT (CKM_AES_CBC, "aes-cbc") + CT (CKM_AES_MAC, "aes-mac") + CT (CKM_AES_MAC_GENERAL, "aes-mac-general") + CT (CKM_AES_CBC_PAD, "aes-cbc-pad") + CT (CKM_BLOWFISH_KEY_GEN, "blowfish-key-gen") + CT (CKM_BLOWFISH_CBC, "blowfish-cbc") + CT (CKM_TWOFISH_KEY_GEN, "twofish-key-gen") + CT (CKM_TWOFISH_CBC, "twofish-cbc") + CT (CKM_DES_ECB_ENCRYPT_DATA, "des-ecb-encrypt-data") + CT (CKM_DES_CBC_ENCRYPT_DATA, "des-cbc-encrypt-data") + CT (CKM_DES3_ECB_ENCRYPT_DATA, "des3-ecb-encrypt-data") + CT (CKM_DES3_CBC_ENCRYPT_DATA, "des3-cbc-encrypt-data") + CT (CKM_AES_ECB_ENCRYPT_DATA, "aes-ecb-encrypt-data") + CT (CKM_AES_CBC_ENCRYPT_DATA, "aes-cbc-encrypt-data") + CT (CKM_DSA_PARAMETER_GEN, "dsa-parameter-gen") + CT (CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen") + CT (CKM_X9_42_DH_PARAMETER_GEN, "x9-42-dh-parameter-gen") + { CKA_INVALID }, +}; + +#undef CT + +struct { + const p11_constant *table; + int length; +} tables[] = { + { p11_constant_types, ELEMS (p11_constant_types) - 1 }, + { p11_constant_classes, ELEMS (p11_constant_classes) - 1 }, + { p11_constant_trusts, ELEMS (p11_constant_trusts) - 1 }, + { p11_constant_certs, ELEMS (p11_constant_certs) - 1 }, + { p11_constant_keys, ELEMS (p11_constant_keys) - 1 }, + { p11_constant_asserts, ELEMS (p11_constant_asserts) - 1 }, + { p11_constant_categories, ELEMS (p11_constant_categories) - 1 }, + { p11_constant_mechanisms, ELEMS (p11_constant_mechanisms) - 1 }, + { p11_constant_states, ELEMS (p11_constant_states) - 1 }, + { p11_constant_users, ELEMS (p11_constant_users) - 1 }, + { p11_constant_returns, ELEMS (p11_constant_returns) - 1 }, +}; + +static int +compar_attr_info (const void *one, + const void *two) +{ + const p11_constant *a1 = one; + const p11_constant *a2 = two; + if (a1->value == a2->value) + return 0; + if (a1->value < a2->value) + return -1; + return 1; +} + +static const p11_constant * +lookup_info (const p11_constant *table, + CK_ATTRIBUTE_TYPE type) +{ + p11_constant match = { type, NULL, { NULL } }; + int length = -1; + int i; + + for (i = 0; i < ELEMS (tables); i++) { + if (table == tables[i].table) { + length = tables[i].length; + break; + } + } + + if (length == -1) + return_val_if_reached (NULL); + + return bsearch (&match, table, length, sizeof (p11_constant), compar_attr_info); + +} +const char * +p11_constant_name (const p11_constant *constants, + CK_ULONG type) +{ + const p11_constant *constant = lookup_info (constants, type); + return constant ? constant->name : NULL; +} + +const char * +p11_constant_nick (const p11_constant *constants, + CK_ULONG type) +{ + const p11_constant *constant = lookup_info (constants, type); + return constant ? constant->nicks[0] : NULL; +} + +p11_dict * +p11_constant_reverse (bool nick) +{ + const p11_constant *table; + p11_dict *lookups; + int length = -1; + int i, j, k; + + lookups = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + return_val_if_fail (lookups != NULL, NULL); + + for (i = 0; i < ELEMS (tables); i++) { + table = tables[i].table; + length = tables[i].length; + + for (j = 0; j < length; j++) { + if (nick) { + for (k = 0; table[j].nicks[k] != NULL; k++) { + if (!p11_dict_set (lookups, (void *)table[j].nicks[k], + (void *)&table[j].value)) + return_val_if_reached (NULL); + } + } else { + if (!p11_dict_set (lookups, (void *)table[j].name, (void *)&table[j].value)) + return_val_if_reached (NULL); + } + } + } + + return lookups; +} + +CK_ULONG +p11_constant_resolve (p11_dict *reversed, + const char *string) +{ + CK_ULONG *ptr; + + return_val_if_fail (reversed != NULL, CKA_INVALID); + return_val_if_fail (string != NULL, CKA_INVALID); + + ptr = p11_dict_get (reversed, string); + return ptr ? *ptr : CKA_INVALID; +} diff --git a/common/constants.h b/common/constants.h new file mode 100644 index 0000000..1526373 --- /dev/null +++ b/common/constants.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2012, Redhat Inc. + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_CONSTANTS_H_ +#define P11_CONSTANTS_H_ + +#include "compat.h" +#include "dict.h" +#include "pkcs11.h" + +typedef struct { + CK_ULONG value; + const char *name; + const char *nicks[4]; +} p11_constant; + +const char * p11_constant_name (const p11_constant *constants, + CK_ULONG value); + +const char * p11_constant_nick (const p11_constant *constants, + CK_ULONG type); + +p11_dict * p11_constant_reverse (bool nick); + +CK_ULONG p11_constant_resolve (p11_dict *table, + const char *string); + +extern const p11_constant p11_constant_types[]; + +extern const p11_constant p11_constant_classes[]; + +extern const p11_constant p11_constant_trusts[]; + +extern const p11_constant p11_constant_certs[]; + +extern const p11_constant p11_constant_keys[]; + +extern const p11_constant p11_constant_asserts[]; + +extern const p11_constant p11_constant_categories[]; + +extern const p11_constant p11_constant_mechanisms[]; + +extern const p11_constant p11_constant_states[]; + +extern const p11_constant p11_constant_users[]; + +extern const p11_constant p11_constant_returns[]; + +#endif /* P11_CONSTANTS_H_ */ diff --git a/common/debug.c b/common/debug.c new file mode 100644 index 0000000..628fbcb --- /dev/null +++ b/common/debug.c @@ -0,0 +1,191 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "debug.h" + +#include +#ifdef HAVE_LOCALE_H +#include +#endif +#include +#include +#include +#include +#include + +#define P11_DEBUG_MESSAGE_MAX 512 + +struct DebugKey { + const char *name; + int value; +}; + +static struct DebugKey debug_keys[] = { + { "lib", P11_DEBUG_LIB }, + { "conf", P11_DEBUG_CONF }, + { "uri", P11_DEBUG_URI }, + { "proxy", P11_DEBUG_PROXY }, + { "trust", P11_DEBUG_TRUST }, + { "tool", P11_DEBUG_TOOL }, + { "rpc", P11_DEBUG_RPC }, + { 0, } +}; + +static bool debug_strict = false; + +/* global variable exported in debug.h */ +int p11_debug_current_flags = ~0; + +#ifdef HAVE_STRERROR_L +extern locale_t p11_message_locale; +#endif + +static int +parse_environ_flags (void) +{ + const char *env; + int result = 0; + const char *p; + const char *q; + int i; + + env = secure_getenv ("P11_KIT_STRICT"); + if (env && env[0] != '\0') + debug_strict = true; + + env = getenv ("P11_KIT_DEBUG"); + if (!env) + return 0; + + if (strcmp (env, "all") == 0) { + for (i = 0; debug_keys[i].name; i++) + result |= debug_keys[i].value; + + } else if (strcmp (env, "help") == 0) { + fprintf (stderr, "Supported debug values:"); + for (i = 0; debug_keys[i].name; i++) + fprintf (stderr, " %s", debug_keys[i].name); + fprintf (stderr, "\n"); + + } else { + p = env; + while (*p) { + q = strpbrk (p, ":;, \t"); + if (!q) + q = p + strlen (p); + + for (i = 0; debug_keys[i].name; i++) { + if (q - p == strlen (debug_keys[i].name) && + strncmp (debug_keys[i].name, p, q - p) == 0) + result |= debug_keys[i].value; + } + + p = q; + if (*p) + p++; + } + } + + return result; +} + +void +p11_debug_init (void) +{ + p11_debug_current_flags = parse_environ_flags (); +} + +void +p11_debug_message (int flag, + const char *format, ...) +{ + va_list args; + + if (flag & p11_debug_current_flags) { + fprintf (stderr, "(p11-kit:%d) ", getpid()); + va_start (args, format); + vfprintf (stderr, format, args); + va_end (args); + fprintf (stderr, "\n"); + } +} + +void +p11_debug_message_err (int flag, + int errnum, + const char *format, ...) +{ + va_list args; + char strerr[P11_DEBUG_MESSAGE_MAX]; + + if (flag & p11_debug_current_flags) { + fprintf (stderr, "(p11-kit:%d) ", getpid()); + va_start (args, format); + vfprintf (stderr, format, args); + va_end (args); + + snprintf (strerr, sizeof (strerr), "Unknown error %d", errnum); +#ifdef HAVE_STRERROR_L + if (p11_message_locale != (locale_t) 0) + strncpy (strerr, strerror_l (errnum, p11_message_locale), sizeof (strerr)); +#else + strerror_r (errnum, strerr, sizeof (strerr)); +#endif + strerr[P11_DEBUG_MESSAGE_MAX - 1] = 0; + fprintf (stderr, ": %s\n", strerr); + } +} + +void +p11_debug_precond (const char *format, + ...) +{ + va_list va; + + va_start (va, format); + vfprintf (stderr, format, va); + va_end (va); + +#ifdef __COVERITY__ + fprintf (stderr, "ignoring P11_KIT_STRICT under coverity: %d", (int)debug_strict); +#else + if (debug_strict) +#endif + abort (); +} diff --git a/common/debug.h b/common/debug.h new file mode 100644 index 0000000..7ea36f3 --- /dev/null +++ b/common/debug.h @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_DEBUG_H +#define P11_DEBUG_H + +#include "compat.h" + +/* Please keep this enum in sync with keys in debug.c */ +enum { + P11_DEBUG_LIB = 1 << 1, + P11_DEBUG_CONF = 1 << 2, + P11_DEBUG_URI = 1 << 3, + P11_DEBUG_PROXY = 1 << 4, + P11_DEBUG_TRUST = 1 << 5, + P11_DEBUG_TOOL = 1 << 6, + P11_DEBUG_RPC = 1 << 7, +}; + +extern int p11_debug_current_flags; + +void p11_debug_init (void); + +void p11_debug_message (int flag, + const char *format, + ...) GNUC_PRINTF (2, 3); + +void p11_debug_message_err (int flag, + int errnum, + const char *format, + ...) GNUC_PRINTF (3, 4); + +void p11_debug_precond (const char *format, + ...) GNUC_PRINTF (1, 2) + CLANG_ANALYZER_NORETURN; + +#ifndef assert_not_reached +#define assert_not_reached() \ + (assert (false && "this code should not be reached")) +#endif + +#define return_val_if_fail(x, v) \ + do { if (x) { } else { \ + p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ + return v; \ + } } while (false) + +#define return_if_fail(x) \ + do { if (x) { } else { \ + p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ + return; \ + } } while (false) + +#define return_if_reached() \ + do { \ + p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \ + return; \ + } while (false) + +#define return_val_if_reached(v) \ + do { \ + p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \ + return v; \ + } while (false) + +#define warn_if_reached(v) \ + do { \ + p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \ + } while (false) + +#define warn_if_fail(x) \ + do { if (x) { } else { \ + p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ + } } while (false) + +#endif /* DEBUG_H */ + +/* ----------------------------------------------------------------------------- + * Below this point is outside the DEBUG_H guard - so it can take effect + * more than once. So you can do: + * + * #define P11_DEBUG_FLAG P11_DEBUG_ONE_THING + * #include "debug.h" + * ... + * p11_debug ("if we're debugging one thing"); + * ... + * #undef P11_DEBUG_FLAG + * #define P11_DEBUG_FLAG DEBUG_OTHER_THING + * #include "debug.h" + * ... + * p11_debug ("if we're debugging the other thing"); + * ... + */ + +#ifdef P11_DEBUG_FLAG +#ifdef WITH_DEBUG + +#undef p11_debug +#define p11_debug(format, ...) do { \ + if (P11_DEBUG_FLAG & p11_debug_current_flags) \ + p11_debug_message (P11_DEBUG_FLAG, "%s: " format, __PRETTY_FUNCTION__, ##__VA_ARGS__); \ + } while (0) + +#undef p11_debug_err +#define p11_debug_err(errnum, format, ...) do { \ + if (P11_DEBUG_FLAG & p11_debug_current_flags) \ + p11_debug_message_err (P11_DEBUG_FLAG, errnum, "%s: " format, __PRETTY_FUNCTION__, ##__VA_ARGS__); \ + } while (0) + +#undef p11_debugging +#define p11_debugging \ + (P11_DEBUG_FLAG & p11_debug_current_flags) + +#else /* !defined (WITH_DEBUG) */ + +#undef p11_debug +#define p11_debug(format, ...) \ + do {} while (false) + +#undef p11_debug_err +#define p11_debug_err(errnum, format, ...) \ + do {} while (false) + +#undef p11_debugging +#define p11_debugging (0) + +#endif /* !defined (WITH_DEBUG) */ + +#endif /* defined (P11_DEBUG_FLAG) */ diff --git a/common/dict.c b/common/dict.c new file mode 100644 index 0000000..b7ab00d --- /dev/null +++ b/common/dict.c @@ -0,0 +1,389 @@ +/* + * Copyright (c) 2004 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + */ + +#include "config.h" + +#include "debug.h" +#include "dict.h" +#include "hash.h" + +#include + +#include +#include +#include +#include + +struct _p11_dict { + p11_dict_hasher hash_func; + p11_dict_equals equal_func; + p11_destroyer key_destroy_func; + p11_destroyer value_destroy_func; + + struct _p11_dictbucket **buckets; + unsigned int num_items; + unsigned int num_buckets; +}; + +typedef struct _p11_dictbucket { + void *key; + unsigned int hashed; + void *value; + struct _p11_dictbucket *next; +} dictbucket; + +static dictbucket * +next_entry (p11_dictiter *iter) +{ + dictbucket *bucket = iter->next; + while (!bucket) { + if (iter->index >= iter->dict->num_buckets) + return NULL; + bucket = iter->dict->buckets[iter->index++]; + } + iter->next = bucket->next; + return bucket; +} + + +bool +p11_dict_next (p11_dictiter *iter, + void **key, + void **value) +{ + dictbucket *bucket = next_entry (iter); + if (bucket == NULL) + return false; + if (key) + *key = bucket->key; + if (value) + *value = bucket->value; + return true; +} + +void +p11_dict_iterate (p11_dict *dict, + p11_dictiter *iter) +{ + iter->dict = dict; + iter->index = 0; + iter->next = NULL; +} + +static dictbucket ** +lookup_or_create_bucket (p11_dict *dict, + const void *key, + bool create) +{ + dictbucket **bucketp; + unsigned int hash; + + /* Perform the hashing */ + hash = dict->hash_func (key); + + /* scan linked list */ + for (bucketp = &dict->buckets[hash % dict->num_buckets]; + *bucketp != NULL; bucketp = &(*bucketp)->next) { + if((*bucketp)->hashed == hash && dict->equal_func ((*bucketp)->key, key)) + break; + } + + if ((*bucketp) != NULL || !create) + return bucketp; + + /* add a new entry for non-NULL val */ + (*bucketp) = calloc (sizeof (dictbucket), 1); + + if (*bucketp != NULL) { + (*bucketp)->key = (void*)key; + (*bucketp)->hashed = hash; + dict->num_items++; + } + + return bucketp; +} + +void * +p11_dict_get (p11_dict *dict, + const void *key) +{ + dictbucket **bucketp; + + bucketp = lookup_or_create_bucket (dict, key, false); + if (bucketp && *bucketp) + return (void*)((*bucketp)->value); + else + return NULL; +} + +bool +p11_dict_set (p11_dict *dict, + void *key, + void *val) +{ + dictbucket **bucketp; + p11_dictiter iter; + dictbucket *bucket; + dictbucket **new_buckets; + unsigned int num_buckets; + + bucketp = lookup_or_create_bucket (dict, key, true); + if(bucketp && *bucketp) { + + /* Destroy the previous key */ + if ((*bucketp)->key && (*bucketp)->key != key && dict->key_destroy_func) + dict->key_destroy_func ((*bucketp)->key); + + /* Destroy the previous value */ + if ((*bucketp)->value && (*bucketp)->value != val && dict->value_destroy_func) + dict->value_destroy_func ((*bucketp)->value); + + /* replace entry */ + (*bucketp)->key = key; + (*bucketp)->value = val; + + /* check that the collision rate isn't too high */ + if (dict->num_items > dict->num_buckets) { + num_buckets = dict->num_buckets * 2 + 1; + new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets); + + /* Ignore failures, maybe we can expand later */ + if(new_buckets) { + p11_dict_iterate (dict, &iter); + while ((bucket = next_entry (&iter)) != NULL) { + unsigned int i = bucket->hashed % num_buckets; + bucket->next = new_buckets[i]; + new_buckets[i] = bucket; + } + + free (dict->buckets); + dict->buckets = new_buckets; + dict->num_buckets = num_buckets; + } + } + + return true; + } + + return_val_if_reached (false); +} + +bool +p11_dict_steal (p11_dict *dict, + const void *key, + void **stolen_key, + void **stolen_value) +{ + dictbucket **bucketp; + + bucketp = lookup_or_create_bucket (dict, key, false); + if (bucketp && *bucketp) { + dictbucket *old = *bucketp; + *bucketp = (*bucketp)->next; + --dict->num_items; + if (stolen_key) + *stolen_key = old->key; + if (stolen_value) + *stolen_value = old->value; + free (old); + return true; + } + + return false; + +} + +bool +p11_dict_remove (p11_dict *dict, + const void *key) +{ + void *old_key; + void *old_value; + + if (!p11_dict_steal (dict, key, &old_key, &old_value)) + return false; + + if (dict->key_destroy_func) + dict->key_destroy_func (old_key); + if (dict->value_destroy_func) + dict->value_destroy_func (old_value); + return true; +} + +void +p11_dict_clear (p11_dict *dict) +{ + dictbucket *bucket, *next; + unsigned int i; + + /* Free all entries in the array */ + for (i = 0; i < dict->num_buckets; ++i) { + bucket = dict->buckets[i]; + while (bucket != NULL) { + next = bucket->next; + if (dict->key_destroy_func) + dict->key_destroy_func (bucket->key); + if (dict->value_destroy_func) + dict->value_destroy_func (bucket->value); + free (bucket); + bucket = next; + } + } + + memset (dict->buckets, 0, dict->num_buckets * sizeof (dictbucket *)); + dict->num_items = 0; +} + +p11_dict * +p11_dict_new (p11_dict_hasher hash_func, + p11_dict_equals equal_func, + p11_destroyer key_destroy_func, + p11_destroyer value_destroy_func) +{ + p11_dict *dict; + + assert (hash_func); + assert (equal_func); + + dict = malloc (sizeof (p11_dict)); + if (dict) { + dict->hash_func = hash_func; + dict->equal_func = equal_func; + dict->key_destroy_func = key_destroy_func; + dict->value_destroy_func = value_destroy_func; + + dict->num_buckets = 9; + dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets); + if (!dict->buckets) { + free (dict); + return NULL; + } + + dict->num_items = 0; + } + + return dict; +} + +void +p11_dict_free (p11_dict *dict) +{ + dictbucket *bucket; + p11_dictiter iter; + + if (!dict) + return; + + p11_dict_iterate (dict, &iter); + while ((bucket = next_entry (&iter)) != NULL) { + if (dict->key_destroy_func) + dict->key_destroy_func (bucket->key); + if (dict->value_destroy_func) + dict->value_destroy_func (bucket->value); + free (bucket); + } + + if (dict->buckets) + free (dict->buckets); + + free (dict); +} + +unsigned int +p11_dict_size (p11_dict *dict) +{ + return dict->num_items; +} + +unsigned int +p11_dict_str_hash (const void *string) +{ + uint32_t hash; + p11_hash_murmur3 (&hash, string, strlen (string), NULL); + return hash; +} + +bool +p11_dict_str_equal (const void *string_one, + const void *string_two) +{ + assert (string_one); + assert (string_two); + + return strcmp (string_one, string_two) == 0; +} + +unsigned int +p11_dict_ulongptr_hash (const void *to_ulong) +{ + assert (to_ulong); + return (unsigned int)*((unsigned long*)to_ulong); +} + +bool +p11_dict_ulongptr_equal (const void *ulong_one, + const void *ulong_two) +{ + assert (ulong_one); + assert (ulong_two); + return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two); +} + +unsigned int +p11_dict_intptr_hash (const void *to_int) +{ + assert (to_int); + return (unsigned int)*((int*)to_int); +} + +bool +p11_dict_intptr_equal (const void *int_one, + const void *int_two) +{ + assert (int_one); + assert (int_two); + return *((int*)int_one) == *((int*)int_two); +} + +unsigned int +p11_dict_direct_hash (const void *ptr) +{ + return (unsigned int)(size_t)ptr; +} + +bool +p11_dict_direct_equal (const void *ptr_one, + const void *ptr_two) +{ + return ptr_one == ptr_two; +} diff --git a/common/dict.h b/common/dict.h new file mode 100644 index 0000000..080f6b8 --- /dev/null +++ b/common/dict.h @@ -0,0 +1,180 @@ +/* + * Copyright (c) 2004 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Waler + */ + +#ifndef P11_DICT_H_ +#define P11_DICT_H_ + +#include "compat.h" + +/* + * ARGUMENT DOCUMENTATION + * + * dict: The dict + * key: Pointer to the key value + * val: Pointer to the value + * iter: A dict iterator + */ + + +/* ---------------------------------------------------------------------------------- + * TYPES + */ + +/* Abstract type for dicts. */ +typedef struct _p11_dict p11_dict; + +/* Type for scanning hash tables. */ +typedef struct _p11_dictiter { + p11_dict *dict; + struct _p11_dictbucket *next; + unsigned int index; +} p11_dictiter; + +typedef unsigned int (*p11_dict_hasher) (const void *data); + +typedef bool (*p11_dict_equals) (const void *one, + const void *two); + +#ifndef P11_DESTROYER_DEFINED +#define P11_DESTROYER_DEFINED + +typedef void (*p11_destroyer) (void *data); + +#endif + +/* ----------------------------------------------------------------------------- + * MAIN + */ + +/* + * p11_dict_create : Create a hash table + * - returns an allocated hashtable + */ +p11_dict * p11_dict_new (p11_dict_hasher hasher, + p11_dict_equals equals, + p11_destroyer key_destroyer, + p11_destroyer value_destroyer); + +/* + * p11_dict_free : Free a hash table + */ +void p11_dict_free (p11_dict *dict); + +/* + * p11_dict_size: Number of values in hash table + * - returns the number of entries in hash table + */ +unsigned int p11_dict_size (p11_dict *dict); + +/* + * p11_dict_get: Retrieves a value from the hash table + * - returns the value of the entry + */ +void* p11_dict_get (p11_dict *dict, + const void *key); + +/* + * p11_dict_set: Set a value in the hash table + * - returns true if the entry was added properly + */ +bool p11_dict_set (p11_dict *dict, + void *key, + void *value); + +/* + * p11_dict_remove: Remove a value from the hash table + * - returns true if the entry was found + */ +bool p11_dict_remove (p11_dict *dict, + const void *key); + +/* + * p11_dict_steal: Remove a value from the hash table without calling + * destroy funcs + * - returns true if the entry was found + */ +bool p11_dict_steal (p11_dict *dict, + const void *key, + void **stolen_key, + void **stolen_value); + +/* + * p11_dict_iterate: Start enumerating through the hash table + * - returns a hash iterator + */ +void p11_dict_iterate (p11_dict *dict, + p11_dictiter *iter); + +/* + * p11_dict_next: Enumerate through hash table + * - sets key and value to key and/or value + * - returns whether there was another entry + * - p11_dict_remove or p11_dict_steal is safe to use on + * the current key. + */ +bool p11_dict_next (p11_dictiter *iter, + void **key, + void **value); + +/* + * p11_dict_clear: Clear all values from has htable. + */ +void p11_dict_clear (p11_dict *dict); + +/* ----------------------------------------------------------------------------- + * KEY FUNCTIONS + */ + +unsigned int p11_dict_str_hash (const void *string); + +bool p11_dict_str_equal (const void *string_one, + const void *string_two); + +unsigned int p11_dict_ulongptr_hash (const void *to_ulong); + +bool p11_dict_ulongptr_equal (const void *ulong_one, + const void *ulong_two); + +unsigned int p11_dict_intptr_hash (const void *to_int); + +bool p11_dict_intptr_equal (const void *int_one, + const void *int_two); + +unsigned int p11_dict_direct_hash (const void *ptr); + +bool p11_dict_direct_equal (const void *ptr_one, + const void *ptr_two); + +#endif /* __P11_DICT_H__ */ diff --git a/common/frob-getauxval.c b/common/frob-getauxval.c new file mode 100644 index 0000000..02745be --- /dev/null +++ b/common/frob-getauxval.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include +#include +#include +#include + +int +main (int argc, + char *argv[]) +{ + unsigned long type = 0; + unsigned long ret; + + if (argc == 2) + type = atoi (argv[1]); + + if (type == 0) { + fprintf (stderr, "usage: frob-getauxval 23"); + abort (); + } + + ret = getauxval (type); + printf ("getauxval(%lu) == %lu\n", type, ret); + return (int)ret; +} diff --git a/common/frob-getenv.c b/common/frob-getenv.c new file mode 100644 index 0000000..a36594a --- /dev/null +++ b/common/frob-getenv.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2014 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include +#include +#include +#include + +int +main (int argc, + char *argv[]) +{ + int ret; + const char *val; + +fprintf (stderr, "calling secure_getenv(%s) getenv(%s) = %s\n", argv[1], argv[1], getenv(argv[1])); + val = secure_getenv (argv[1]); + if (val == NULL) { + printf ("%s=NULL\n", argv[1]); + return 0; + } + + ret = atoi (val); + if (ret == 0) { + fprintf (stderr, "usage: frob-getenv VAR"); + abort (); + } + + printf ("%s=%d\n", argv[1], ret); + return ret; +} diff --git a/common/frob-getprogname.c b/common/frob-getprogname.c new file mode 100644 index 0000000..ead658c --- /dev/null +++ b/common/frob-getprogname.c @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2020 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" +#include "compat.h" + +#include +#include +#include +#include +#include +#include +#include + +int +main (int argc, + char *argv[]) +{ + if (argc == 1) { + pid_t pid; + int pfds[2]; + + if (pipe (pfds) < 0) { + perror ("pipe"); + exit (EXIT_FAILURE); + } + + pid = fork (); + if (pid < 0) { + perror ("fork"); + exit (EXIT_FAILURE); + } + + if (pid == 0) { + char * const args[] = { + BUILDDIR "/common/frob-getprogname" EXEEXT " foo bar", + "foo", + "bar", + NULL, + }; + + dup2 (pfds[1], STDOUT_FILENO); + close (pfds[0]); + close (pfds[1]); + execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args); + } else { + int status; + char buffer[1024]; + size_t offset = 0; + ssize_t nread; + char *p; + + close (pfds[1]); + while (1) { + nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset); + if (nread < 0) { + perror ("read"); + exit (EXIT_FAILURE); + } + if (nread == 0) + break; + offset += nread; + } + + if (waitpid (pid, &status, 0) < 0) { + perror ("waitpid"); + exit (EXIT_FAILURE); + } + + assert (!WIFSIGNALED (status)); + assert (WIFEXITED (status)); + assert (WEXITSTATUS (status) == 0); + + p = memchr (buffer, '\n', sizeof(buffer)); + if (!p) { + fprintf (stderr, "missing newline: %s\n", buffer); + exit (EXIT_FAILURE); + } + *p = '\0'; + + return strcmp ("frob-getprogname", buffer) == 0 ? EXIT_SUCCESS : EXIT_FAILURE; + } + } else { + printf ("%s\n", getprogname ()); + exit (EXIT_SUCCESS); + } + + return EXIT_SUCCESS; +} diff --git a/common/hash.c b/common/hash.c new file mode 100644 index 0000000..5572085 --- /dev/null +++ b/common/hash.c @@ -0,0 +1,174 @@ +/* + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/*! \file + * SHA-1 in C + * \author By Steve Reid + * 100% Public Domain + * \verbatim + * Test Vectors + * "abc" + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 + * A million repetitions of "a" + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F + * \endverbatim + */ + +#include "config.h" + +#include "hash.h" + +#include +#include +#include +#include + +/* This code is based on the public domain MurmurHash3 from Austin Appleby: + * http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp + * + * We use only the 32 bit variant, and slow it down a bit to support unaligned + * reads. + */ + +#if !defined(__cplusplus) && (__GNUC__ > 2) +#define GNUC_INLINE __attribute__((always_inline)) +#else +#define GNUC_INLINE +#endif + +GNUC_INLINE static inline uint32_t +rotl (uint32_t x, + int8_t r) +{ + return (x << r) | (x >> (32 - r)); +} + +/* + * Finalization mix - force all bits of a hash block to avalanche + */ + +GNUC_INLINE static inline uint32_t +fmix (uint32_t h) +{ + h ^= h >> 16; + h *= 0x85ebca6b; + h ^= h >> 13; + h *= 0xc2b2ae35; + h ^= h >> 16; + + return h; +} + + +void +p11_hash_murmur3 (void *hash, + const void *input, + size_t len, + ...) +{ + uint8_t overflow[4]; + const uint8_t *data; + va_list va; + uint32_t h1; + uint32_t k1; + uint32_t c1; + uint32_t c2; + + h1 = 42; /* arbitrary choice of seed */ + c1 = 0xcc9e2d51; + c2 = 0x1b873593; + data = input; + + /* body */ + + /* Mix 4 bytes at a time into the hash */ + va_start (va, len); + for (;;) { + if (len >= 4) { + memcpy (&k1, data, 4); + data += 4; + len -= 4; + + } else { + size_t num = len; + memcpy (overflow, data, len); + + while (num < 4) { + size_t part; + + data = va_arg (va, const void *); + if (!data) + break; + + /* Combine uint32 from old and new */ + len = va_arg (va, size_t); + part = 4 - num; + if (part > len) + part = len; + memcpy (overflow + num, data, part); + data += part; + len -= part; + num += part; + } + + if (num < 4) { + len = num; + break; + } + + memcpy (&k1, overflow, 4); + } + + k1 *= c1; + k1 = rotl (k1, 15); + k1 *= c2; + + h1 ^= k1; + h1 = rotl (h1, 13); + h1 = h1 * 5 + 0xe6546b64; + } + va_end (va); + + /* tail */ + + k1 = 0; + + switch (len) { + case 3: + k1 ^= overflow[2] << 16; + case 2: + k1 ^= overflow[1] << 8; + case 1: + k1 ^= overflow[0]; + k1 *= c1; + k1 = rotl (k1, 15); + k1 *= c2; + h1 ^= k1; + default: + break; + } + + /* finalization */ + + h1 ^= len; + h1 = fmix(h1); + + assert (sizeof (h1) == P11_HASH_MURMUR3_LEN); + memcpy (hash, &h1, sizeof (h1)); +} diff --git a/common/hash.h b/common/hash.h new file mode 100644 index 0000000..41371c6 --- /dev/null +++ b/common/hash.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_HASH_H_ +#define P11_HASH_H_ + +#include "compat.h" + +#define P11_HASH_MURMUR3_LEN 4 + +void p11_hash_murmur3 (void *hash, + const void *input, + size_t length, + ...) GNUC_NULL_TERMINATED; + +#endif /* P11_HASH_H_ */ diff --git a/common/init.h b/common/init.h new file mode 100644 index 0000000..39f1cd2 --- /dev/null +++ b/common/init.h @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * Copyright (c) 2012 Stef Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "library.h" + +#ifndef P11_INIT_H +#define P11_INIT_H + +#ifdef OS_UNIX + +void INIT (void); + +void FINI (void); + +#ifdef __GNUC__ +__attribute__((constructor)) +#endif +void +INIT (void) +{ + p11_library_init (); +} + +#ifdef __GNUC__ +__attribute__((destructor)) +#endif +void +FINI (void) +{ + CLEANUP; + p11_library_uninit (); +} + +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + +BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); + +BOOL WINAPI +DllMain (HINSTANCE instance, + DWORD reason, + LPVOID reserved) +{ + switch (reason) { + case DLL_PROCESS_ATTACH: + p11_library_init (); + break; + case DLL_THREAD_DETACH: + p11_library_thread_cleanup (); + break; + case DLL_PROCESS_DETACH: + CLEANUP; + p11_library_uninit (); + break; + default: + break; + } + + return TRUE; +} + +#endif /* OS_WIN32 */ + +#endif /* P11_INIT_H */ diff --git a/common/lexer.c b/common/lexer.c new file mode 100644 index 0000000..6253492 --- /dev/null +++ b/common/lexer.c @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2005 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_CONF +#include "debug.h" +#include "lexer.h" +#include "message.h" + +#include +#include +#include +#include +#include +#include + +void +p11_lexer_init (p11_lexer *lexer, + const char *filename, + const char *data, + size_t length) +{ + return_if_fail (lexer != NULL); + + memset (lexer, 0, sizeof (p11_lexer)); + lexer->at = data; + lexer->remaining = length; + + return_if_fail (filename != NULL); + lexer->filename = strdup (filename); + return_if_fail (lexer->filename != NULL); +} + +static void +clear_state (p11_lexer *lexer) +{ + switch (lexer->tok_type) { + case TOK_FIELD: + free (lexer->tok.field.name); + free (lexer->tok.field.value); + break; + case TOK_SECTION: + free (lexer->tok.section.name); + break; + case TOK_PEM: + case TOK_EOF: + break; + } + + memset (&lexer->tok, 0, sizeof (lexer->tok)); + lexer->tok_type = TOK_EOF; + lexer->complained = false; +} + +bool +p11_lexer_next (p11_lexer *lexer, + bool *failed) +{ + const char *colon; + const char *value; + const char *line; + const char *end; + const char *pos; + char *part; + + return_val_if_fail (lexer != NULL, false); + + clear_state (lexer); + if (failed) + *failed = false; + + /* Go through lines and process them */ + while (lexer->remaining != 0) { + assert (lexer->remaining > 0); + + /* Is this line the start of a PEM block? */ + if (strncmp (lexer->at, "-----BEGIN ", 11) == 0) { + pos = strnstr (lexer->at, "\n-----END ", lexer->remaining); + if (pos != NULL) { + end = memchr (pos + 1, '\n', lexer->remaining - (pos - lexer->at) - 1); + if (end) + end += 1; + else + end = lexer->at + lexer->remaining; + lexer->tok_type = TOK_PEM; + lexer->tok.pem.begin = lexer->at; + lexer->tok.pem.length = end - lexer->at; + assert (end - lexer->at <= lexer->remaining); + lexer->remaining -= (end - lexer->at); + lexer->at = end; + return true; + } + + p11_lexer_msg (lexer, "invalid pem block: no ending line"); + if (failed) + *failed = true; + return false; + } + + line = lexer->at; + end = memchr (lexer->at, '\n', lexer->remaining); + if (end == NULL) { + end = lexer->at + lexer->remaining; + lexer->remaining = 0; + lexer->at = end; + } else { + assert ((end - lexer->at) + 1 <= lexer->remaining); + lexer->remaining -= (end - lexer->at) + 1; + lexer->at = end + 1; + } + + /* Strip whitespace from line */ + while (line != end && isspace (line[0])) + ++line; + while (line != end && isspace (*(end - 1))) + --end; + + /* Empty lines / comments at start */ + if (line == end || line[0] == '#') + continue; + + /* Is the the a section ? */ + if (line[0] == '[') { + if (*(end - 1) != ']') { + part = strndup (line, end - line); + p11_lexer_msg (lexer, "invalid section header: missing braces"); + free (part); + if (failed) + *failed = true; + return false; + } + + lexer->tok_type = TOK_SECTION; + lexer->tok.section.name = strndup (line + 1, (end - line) - 2); + return_val_if_fail (lexer->tok.section.name != NULL, false); + return true; + } + + /* Look for the break between name: value on the same line */ + colon = memchr (line, ':', end - line); + if (!colon) { + part = strndup (line, end - line); + p11_lexer_msg (lexer, "invalid field line: no colon"); + free (part); + if (failed) + *failed = true; + return false; + } + + /* Strip whitespace from name and value */ + value = colon + 1; + while (value != end && isspace (value[0])) + ++value; + while (line != colon && isspace (*(colon - 1))) + --colon; + + lexer->tok_type = TOK_FIELD; + lexer->tok.field.name = strndup (line, colon - line); + lexer->tok.field.value = strndup (value, end - value); + return_val_if_fail (lexer->tok.field.name && lexer->tok.field.value, false); + return true; + } + + return false; +} + +void +p11_lexer_done (p11_lexer *lexer) +{ + return_if_fail (lexer != NULL); + clear_state (lexer); + free (lexer->filename); + memset (lexer, 0, sizeof (p11_lexer)); +} + +void +p11_lexer_msg (p11_lexer *lexer, + const char *msg) +{ + return_if_fail (lexer != NULL); + + if (lexer->complained) + return; + + switch (lexer->tok_type) { + case TOK_FIELD: + p11_message ("%s: %s: %s", lexer->filename, + lexer->tok.field.name, msg); + break; + case TOK_SECTION: + p11_message ("%s: [%s]: %s", lexer->filename, + lexer->tok.section.name, msg); + break; + case TOK_PEM: + p11_message ("%s: BEGIN ...: %s", lexer->filename, msg); + break; + default: + p11_message ("%s: %s", lexer->filename, msg); + break; + } + + lexer->complained = true; +} diff --git a/common/lexer.h b/common/lexer.h new file mode 100644 index 0000000..9daf296 --- /dev/null +++ b/common/lexer.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2005 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_LEXER_H__ +#define P11_LEXER_H__ + +#include "compat.h" + +enum { + TOK_EOF = 0, + TOK_SECTION = 1, + TOK_FIELD, + TOK_PEM, +}; + +typedef struct { + char *filename; + const char *at; + int remaining; + int complained; + + int tok_type; + union { + struct { + char *name; + } section; + struct { + char *name; + char *value; + } field; + struct { + const char *begin; + size_t length; + } pem; + } tok; +} p11_lexer; + +void p11_lexer_init (p11_lexer *lexer, + const char *filename, + const char *data, + size_t length); + +bool p11_lexer_next (p11_lexer *lexer, + bool *failed); + +void p11_lexer_done (p11_lexer *lexer); + +void p11_lexer_msg (p11_lexer *lexer, + const char *msg); + +#endif /* P11_LEXER_H__ */ diff --git a/common/library.c b/common/library.c new file mode 100644 index 0000000..c1275f3 --- /dev/null +++ b/common/library.c @@ -0,0 +1,261 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * Copyright (c) 2012 Stef Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#define P11_DEBUG_FLAG P11_DEBUG_LIB +#include "debug.h" +#include "library.h" +#include "message.h" + +#include +#ifdef HAVE_LOCALE_H +#include +#endif +#include +#include +#include +#include + +#define P11_MESSAGE_MAX 512 + +typedef struct { + char message[P11_MESSAGE_MAX]; +} p11_local; + +static p11_local * _p11_library_get_thread_local (void); + +#ifdef PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP +p11_mutex_t p11_library_mutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; + +p11_mutex_t p11_virtual_mutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; +#else +p11_mutex_t p11_library_mutex; + +p11_mutex_t p11_virtual_mutex; +#endif + +#ifdef OS_UNIX +#ifndef __GNUC__ +pthread_once_t p11_library_once = PTHREAD_ONCE_INIT; +#endif +#endif + +unsigned int p11_forkid = 1; + +#ifdef HAVE_STRERROR_L +extern locale_t p11_message_locale; +#endif + +static char * +thread_local_message (void) +{ + p11_local *local; + local = _p11_library_get_thread_local (); + return local ? local->message : NULL; +} + +static char * +dont_store_message (void) +{ + return NULL; +} + +static void +uninit_common (void) +{ + p11_debug ("uninitializing library"); +} + +#ifdef OS_UNIX + +#ifdef P11_TLS_KEYWORD +static p11_local * +_p11_library_get_thread_local (void) +{ + static P11_TLS_KEYWORD p11_local local; + static P11_TLS_KEYWORD bool local_initialized = false; + + if (!local_initialized) { + memset (&local, 0, sizeof (p11_local)); + local_initialized = true; + } + + return &local; +} +#else +static pthread_key_t thread_local = 0; + +static p11_local * +_p11_library_get_thread_local (void) +{ + p11_local *local; + + p11_library_init_once (); + + local = pthread_getspecific (thread_local); + if (local == NULL) { + local = calloc (1, sizeof (p11_local)); + pthread_setspecific (thread_local, local); + } + + return local; +} +#endif + +static void +count_forks (void) +{ + /* Thread safe, executed in child, one thread exists */ + p11_forkid++; +} + +void +p11_library_init_impl (void) +{ + p11_debug_init (); + p11_debug ("initializing library"); + P11_RECURSIVE_MUTEX_INIT (p11_library_mutex); + P11_RECURSIVE_MUTEX_INIT (p11_virtual_mutex); +#ifndef P11_TLS_KEYWORD + pthread_key_create (&thread_local, free); +#endif + p11_message_storage = thread_local_message; +#ifdef HAVE_STRERROR_L + p11_message_locale = newlocale (LC_ALL_MASK, "POSIX", (locale_t) 0); +#endif + + pthread_atfork (NULL, NULL, count_forks); +} + +void +p11_library_init (void) +{ + p11_library_init_impl (); +} + +void +p11_library_uninit (void) +{ + uninit_common (); + +#ifndef P11_TLS_KEYWORD + /* Some cleanup to pacify valgrind */ + free (pthread_getspecific (thread_local)); + pthread_setspecific (thread_local, NULL); +#endif + +#ifdef HAVE_STRERROR_L + freelocale (p11_message_locale); +#endif + p11_message_storage = dont_store_message; +#ifndef P11_TLS_KEYWORD + pthread_key_delete (thread_local); +#endif + p11_mutex_uninit (&p11_virtual_mutex); + p11_mutex_uninit (&p11_library_mutex); +} + +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + +static DWORD thread_local = TLS_OUT_OF_INDEXES; + +BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); + +static p11_local * +_p11_library_get_thread_local (void) +{ + LPVOID data; + + if (thread_local == TLS_OUT_OF_INDEXES) + return NULL; + + data = TlsGetValue (thread_local); + if (data == NULL) { + data = LocalAlloc (LPTR, sizeof (p11_local)); + TlsSetValue (thread_local, data); + } + + return (p11_local *)data; +} + +void +p11_library_init (void) +{ + p11_debug_init (); + p11_debug ("initializing library"); + P11_RECURSIVE_MUTEX_INIT (p11_library_mutex); + P11_RECURSIVE_MUTEX_INIT (p11_virtual_mutex); + thread_local = TlsAlloc (); + if (thread_local == TLS_OUT_OF_INDEXES) + p11_debug ("couldn't setup tls"); + else + p11_message_storage = thread_local_message; +} + +void +p11_library_thread_cleanup (void) +{ + p11_local *local; + if (thread_local != TLS_OUT_OF_INDEXES) { + p11_debug ("thread stopped, freeing tls"); + local = TlsGetValue (thread_local); + LocalFree (local); + } +} + +void +p11_library_uninit (void) +{ + LPVOID data; + + uninit_common (); + + if (thread_local != TLS_OUT_OF_INDEXES) { + p11_message_storage = dont_store_message; + data = TlsGetValue (thread_local); + LocalFree (data); + TlsFree (thread_local); + } + p11_mutex_uninit (&p11_virtual_mutex); + p11_mutex_uninit (&p11_library_mutex); +} + +#endif /* OS_WIN32 */ diff --git a/common/library.h b/common/library.h new file mode 100644 index 0000000..0a779b0 --- /dev/null +++ b/common/library.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#ifndef P11_LIBRARY_H_ +#define P11_LIBRARY_H_ + +#include "config.h" +#include "compat.h" + +#include + +extern p11_mutex_t p11_library_mutex; + +/* Used in virtual.c to maintain the global list of precompiled closures */ +extern p11_mutex_t p11_virtual_mutex; + +extern unsigned int p11_forkid; + +#define p11_lock() p11_mutex_lock (&p11_library_mutex); + +#define p11_unlock() p11_mutex_unlock (&p11_library_mutex); + +#ifdef OS_WIN32 + +/* No implementation, because done by DllMain */ +#define p11_library_init_once() + +#else /* !OS_WIN32 */ + +#ifdef __GNUC__ + +/* No implementation, because done by the ELF constructor */ +#define p11_library_init_once() + +#else + +extern pthread_once_t p11_library_once; + +#define p11_library_init_once() \ + pthread_once (&p11_library_once, p11_library_init_impl); + +#endif /* !__GNUC__ */ + +void p11_library_init_impl (void); + +#endif /* !OS_WIN32 */ + +void p11_library_init (void); + +void p11_library_thread_cleanup (void); + +void p11_library_uninit (void); + +#endif /* P11_LIBRARY_H_ */ diff --git a/common/meson.build b/common/meson.build new file mode 100644 index 0000000..b74b163 --- /dev/null +++ b/common/meson.build @@ -0,0 +1,106 @@ +install_headers('pkcs11.h', 'pkcs11x.h', subdir: 'p11-kit-1/p11-kit') + +libp11_common_sources = [ + 'argv.c', + 'attrs.c', + 'array.c', + 'buffer.c', + 'compat.c', + 'constants.c', + 'debug.c', + 'dict.c', + 'hash.c', + 'lexer.c', + 'message.c', + 'path.c', + 'runtime.c', + 'url.c', + 'vsock.c' +] + +libp11_common = static_library('p11-common', libp11_common_sources, + gnu_symbol_visibility: 'hidden', + include_directories: configinc) + +libp11_common_dep = declare_dependency(include_directories: [configinc, + commoninc], + link_with: libp11_common) + +libp11_library = static_library('p11-library', 'library.c', + gnu_symbol_visibility: 'hidden', + include_directories: configinc) + +libp11_library_dep = declare_dependency(link_with: libp11_library, + dependencies: [libp11_common_dep] + thread_deps) + +if get_option('test') + libp11_test_sources = [ + 'mock.c', + 'test.c' + ] + + libp11_test = static_library('p11-test', libp11_test_sources, + include_directories: configinc) + libp11_test_dep = declare_dependency(link_with: libp11_test, + dependencies: [libp11_common_dep] + thread_deps) +endif + +libp11_tool_sources = [ + 'tool.c' +] + +if host_system != 'windows' + libp11_tool_sources += ['unix-peer.c', 'unix-peer.h'] +endif + +libp11_tool = static_library('p11-tool', libp11_tool_sources, + include_directories: configinc) +libp11_tool_dep = declare_dependency(link_with: libp11_tool, + dependencies: [libp11_common_dep]) + +# Tests ---------------------------------------------------------------- + +if get_option('test') + common_tests = [ + 'test-tests', + 'test-compat', + 'test-hash', + 'test-dict', + 'test-array', + 'test-constants', + 'test-attrs', + 'test-buffer', + 'test-url', + 'test-path', + 'test-lexer', + 'test-message', + 'test-argv', + 'test-runtime' + ] + + foreach name : common_tests + t = executable(name, '@0@.c'.format(name), + c_args: tests_c_args, + include_directories: configinc, + dependencies: dlopen_deps, + link_with: [libp11_test, libp11_common]) + test(name, t) + endforeach + + common_progs = [ + 'frob-getauxval', + 'frob-getenv' + ] + + if host_system != 'windows' + common_progs += ['frob-getprogname'] + endif + + foreach name : common_progs + executable(name, '@0@.c'.format(name), + c_args: tests_c_args, + include_directories: configinc, + dependencies: dlopen_deps, + link_with: [libp11_common]) + endforeach +endif diff --git a/common/message.c b/common/message.c new file mode 100644 index 0000000..e439def --- /dev/null +++ b/common/message.c @@ -0,0 +1,185 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * Copyright (c) 2012 Stef Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +/* + * Oh god. glibc is nasty. Changes behavior and definitions of POSIX + * functions to completely different signatures depending on defines + */ +#define _POSIX_C_SOURCE 200112L + +#include "compat.h" +#define P11_DEBUG_FLAG P11_DEBUG_LIB +#include "debug.h" +#include "message.h" + +#include +#include +#ifdef HAVE_LOCALE_H +#include +#endif +#include +#include +#include +#include + +bool p11_print_messages = false; + +#ifdef HAVE_STRERROR_L +locale_t p11_message_locale = (locale_t) 0; +#endif + +static char * +default_message_storage (void) +{ + static char message[P11_MESSAGE_MAX] = { 0, }; + return message; +} + +/* Function pointer declared in message.h as extern */ +char * (* p11_message_storage) (void) = default_message_storage; + +void +p11_message_store (const char* msg, + size_t length) +{ + char *buffer; + + /* + * p11_message_storage() is called to get a storage location for + * the last message. It defaults to a globally allocated buffer + * but is overridden in library.c with a function that returns + * per thread buffers. + * + * The returned value is P11_MESSAGE_MAX bytes long + */ + buffer = p11_message_storage (); + + if (length > P11_MESSAGE_MAX - 1) + length = P11_MESSAGE_MAX - 1; + + if (buffer != NULL) { + memcpy (buffer, msg, length); + buffer[length] = 0; + } +} + +void +p11_message_err (int errnum, + const char* msg, + ...) +{ + char buffer[P11_MESSAGE_MAX]; + char strerr[P11_MESSAGE_MAX]; + va_list va; + size_t length; + + va_start (va, msg); + length = vsnprintf (buffer, P11_MESSAGE_MAX - 1, msg, va); + va_end (va); + + /* Was it truncated? */ + if (length > P11_MESSAGE_MAX - 1) + length = P11_MESSAGE_MAX - 1; + buffer[length] = 0; + + snprintf (strerr, sizeof (strerr), "Unknown error %d", errnum); +#ifdef HAVE_STRERROR_L + if (p11_message_locale != (locale_t) 0) + strncpy (strerr, strerror_l (errnum, p11_message_locale), sizeof (strerr)); +#else + strerror_r (errnum, strerr, sizeof (strerr)); +#endif + strerr[P11_MESSAGE_MAX - 1] = 0; + + p11_message ("%s: %s", buffer, strerr); +} + +void +p11_message (const char* msg, + ...) +{ + char buffer[P11_MESSAGE_MAX]; + va_list va; + size_t length; + + va_start (va, msg); + length = vsnprintf (buffer, P11_MESSAGE_MAX - 1, msg, va); + va_end (va); + + /* Was it truncated? */ + if (length > P11_MESSAGE_MAX - 1) + length = P11_MESSAGE_MAX - 1; + buffer[length] = 0; + + /* If printing is not disabled, just print out */ + if (p11_print_messages) + fprintf (stderr, "p11-kit: %s\n", buffer); + else + p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer); + p11_message_store (buffer, length); +} + +void +p11_message_quiet (void) +{ + p11_print_messages = false; +} + +void +p11_message_loud (void) +{ + p11_print_messages = true; +} + +const char * +p11_message_last (void) +{ + char *buffer; + buffer = p11_message_storage (); + return buffer && buffer[0] ? buffer : NULL; +} + +void +p11_message_clear (void) +{ + char *buffer; + buffer = p11_message_storage (); + if (buffer != NULL) + buffer[0] = 0; +} diff --git a/common/message.h b/common/message.h new file mode 100644 index 0000000..3fe86df --- /dev/null +++ b/common/message.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#ifndef P11_MESSAGE_H_ +#define P11_MESSAGE_H_ + +#include "compat.h" + +#include + +#define P11_MESSAGE_MAX 512 + +extern char * (* p11_message_storage) (void); + +void p11_message (const char* msg, + ...) GNUC_PRINTF (1, 2); + +void p11_message_err (int errnum, + const char* msg, + ...) GNUC_PRINTF (2, 3); + +void p11_message_store (const char* msg, + size_t length); + +const char * p11_message_last (void); + +void p11_message_clear (void); + +void p11_message_quiet (void); + +void p11_message_loud (void); + +#endif /* P11_MESSAGE_H_ */ diff --git a/common/mock.c b/common/mock.c new file mode 100644 index 0000000..7a6230a --- /dev/null +++ b/common/mock.c @@ -0,0 +1,3980 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "debug.h" +#define CRYPTOKI_EXPORTS +#include "pkcs11.h" +#include "message.h" + +#include "mock.h" + +#include "attrs.h" +#define P11_DEBUG_FLAG P11_DEBUG_LIB +#include "debug.h" +#include "dict.h" +#include "array.h" +#include "library.h" + +#include +#include +#include +#include +#include +#include +#include + +/* ------------------------------------------------------------------- + * GLOBALS and SUPPORT STUFF + */ + +/* Various mutexes */ +static p11_mutex_t init_mutex; + +/* Whether we've been initialized, and on what process id it happened */ +static bool pkcs11_initialized = false; +static pid_t pkcs11_initialized_pid = 0; + +static CK_UTF8CHAR *the_pin = NULL; +static CK_ULONG n_the_pin = 0; + +static bool logged_in = false; +static CK_USER_TYPE the_user_type = 0; + +typedef struct _Session { + CK_SESSION_HANDLE handle; + p11_dict *objects; + CK_SESSION_INFO info; + + /* For find operations */ + bool finding; + p11_array *matches; + + bool want_context_login; + + /* For encrypt, decrypt operations */ + CK_OBJECT_HANDLE crypto_key; + CK_ATTRIBUTE_TYPE crypto_method; + CK_MECHANISM_TYPE crypto_mechanism; + + /* For sign, verify, digest, CKM_MOCK_COUNT */ + CK_MECHANISM_TYPE hash_mechanism; + CK_ATTRIBUTE_TYPE hash_method; + CK_OBJECT_HANDLE hash_key; + CK_ULONG hash_count; + + /* For 'signing' with CKM_MOCK_PREFIX */ + CK_BYTE sign_prefix[128]; + CK_ULONG n_sign_prefix; + + /* The random seed */ + CK_BYTE random_seed[128]; + CK_ULONG random_seed_len; +} Session; + +static unsigned int unique_identifier = 100; +static p11_dict *the_sessions = NULL; +static p11_dict *the_objects = NULL; + +#define SIGNED_PREFIX "signed-prefix:" + +#define handle_to_pointer(handle) \ + ((void *)(size_t)(handle)) + +#define pointer_to_handle(pointer) \ + ((CK_ULONG)(size_t)(pointer)) + +static void +free_session (void *data) +{ + Session *sess = (Session *)data; + if (sess) { + p11_dict_free (sess->objects); + p11_array_free (sess->matches); + } + free (sess); +} + +static CK_RV +lookup_object (Session *sess, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE **attrs, + p11_dict **table) +{ + CK_BBOOL priv; + + *attrs = p11_dict_get (the_objects, handle_to_pointer (object)); + if (*attrs) { + if (table) + *table = the_objects; + } else { + *attrs = p11_dict_get (sess->objects, handle_to_pointer (object)); + if (*attrs) { + if (table) + *table = sess->objects; + } + } + + if (!*attrs) + return CKR_OBJECT_HANDLE_INVALID; + else if (!logged_in && p11_attrs_find_bool (*attrs, CKA_PRIVATE, &priv) && priv) + return CKR_USER_NOT_LOGGED_IN; + + return CKR_OK; +} + +void +mock_module_add_object (CK_SLOT_ID slot_id, + const CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE *copy; + + return_if_fail (slot_id == MOCK_SLOT_ONE_ID); + return_if_fail (attrs != NULL); + + copy = p11_attrs_dup (attrs); + return_if_fail (copy != NULL); + + mock_module_take_object (slot_id, copy); +} + +void +mock_module_take_object (CK_SLOT_ID slot_id, + CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_HANDLE object; + + return_if_fail (slot_id == MOCK_SLOT_ONE_ID); + return_if_fail (attrs != NULL); + + object = ++unique_identifier; + if (!p11_dict_set (the_objects, handle_to_pointer (object), attrs)) + return_if_reached (); +} + +static void +module_reset_objects (CK_SLOT_ID slot_id) +{ + return_if_fail (slot_id == MOCK_SLOT_ONE_ID); + + if (!the_objects) { + the_objects = p11_dict_new (p11_dict_direct_hash, + p11_dict_direct_equal, + NULL, p11_attrs_free); + return_if_fail (the_objects != NULL); + } + + p11_dict_clear (the_objects); + + /* Our token object */ + { + CK_OBJECT_CLASS klass = CKO_DATA; + char *label = "TEST LABEL"; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, strlen (label) }, + { CKA_INVALID, NULL, 0 }, + }; + p11_dict_set (the_objects, handle_to_pointer (MOCK_DATA_OBJECT), p11_attrs_dup (attrs)); + } + + /* Private capitalize key */ + { + CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; + char *label = "Private Capitalize Key"; + char *value = "value"; + CK_MECHANISM_TYPE type = CKM_MOCK_CAPITALIZE; + CK_BBOOL btrue = CK_TRUE; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, strlen (label) }, + { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, + { CKA_DECRYPT, &btrue, sizeof (btrue) }, + { CKA_PRIVATE, &btrue, sizeof (btrue) }, + { CKA_WRAP, &btrue, sizeof (btrue) }, + { CKA_UNWRAP, &btrue, sizeof (btrue) }, + { CKA_DERIVE, &btrue, sizeof (btrue) }, + { CKA_VALUE, value, strlen (value) }, + { CKA_INVALID, NULL, 0 }, + }; + p11_dict_set (the_objects, handle_to_pointer (MOCK_PRIVATE_KEY_CAPITALIZE), p11_attrs_dup (attrs)); + + } + + { + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + char *label = "Public Capitalize Key"; + char *value = "value"; + CK_MECHANISM_TYPE type = CKM_MOCK_CAPITALIZE; + CK_BBOOL btrue = CK_TRUE; + CK_BBOOL bfalse = CK_FALSE; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, strlen (label) }, + { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, + { CKA_ENCRYPT, &btrue, sizeof (btrue) }, + { CKA_PRIVATE, &bfalse, sizeof (bfalse) }, + { CKA_VALUE, value, strlen (value) }, + { CKA_INVALID, NULL, 0 }, + }; + p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_CAPITALIZE), p11_attrs_dup (attrs)); + + } + + { + CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; + char *label = "Private prefix key"; + char *value = "value"; + CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX; + CK_BBOOL btrue = CK_TRUE; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, strlen (label) }, + { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, + { CKA_SIGN, &btrue, sizeof (btrue) }, + { CKA_PRIVATE, &btrue, sizeof (btrue) }, + { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) }, + { CKA_VALUE, value, strlen (value) }, + { CKA_INVALID, NULL, 0 }, + }; + p11_dict_set (the_objects, handle_to_pointer (MOCK_PRIVATE_KEY_PREFIX), p11_attrs_dup (attrs)); + + } + + { + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + char *label = "Public prefix key"; + char *value = "value"; + CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX; + CK_BBOOL btrue = CK_TRUE; + CK_BBOOL bfalse = CK_FALSE; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, strlen (label) }, + { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) }, + { CKA_VERIFY, &btrue, sizeof (btrue) }, + { CKA_PRIVATE, &bfalse, sizeof (bfalse) }, + { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) }, + { CKA_VALUE, value, strlen (value) }, + { CKA_INVALID, NULL, 0 }, + }; + p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_PREFIX), p11_attrs_dup (attrs)); + + } +} + +static void +module_finalize (void) +{ + p11_mutex_lock (&init_mutex); + + /* This should stop all other calls in */ + pkcs11_initialized = false; + pkcs11_initialized_pid = 0; + + if (the_objects) + p11_dict_free (the_objects); + the_objects = NULL; + + if (the_sessions) + p11_dict_free (the_sessions); + the_sessions = NULL; + logged_in = false; + the_user_type = 0; + + free (the_pin); + the_pin = NULL; + n_the_pin = 0; + + p11_mutex_unlock (&init_mutex); +} + +bool +mock_module_initialized (void) +{ + return pkcs11_initialized; +} +void +mock_module_reset (void) +{ + module_finalize (); + module_reset_objects (MOCK_SLOT_ONE_ID); + +} + +void +mock_module_enumerate_objects (CK_SESSION_HANDLE handle, + mock_enumerator func, + void *user_data) +{ + p11_dictiter iter; + void *key; + void *value; + Session *sess; + + assert (the_objects != NULL); + assert (func != NULL); + + /* Token objects */ + p11_dict_iterate (the_objects, &iter); + while (p11_dict_next (&iter, &key, &value)) { + if (!(func) (pointer_to_handle (key), value, user_data)) + return; + } + + /* session objects */ + if (handle) { + sess = p11_dict_get (the_sessions, handle_to_pointer (handle)); + if (sess) { + p11_dict_iterate (sess->objects, &iter); + while (p11_dict_next (&iter, &key, &value)) { + if (!(func) (pointer_to_handle (key), value, user_data)) + return; + } + } + } +} + +/* ------------------------------------------------------------------- + * INITIALIZATION and 'GLOBAL' CALLS + */ + +CK_RV +mock_C_Initialize (CK_VOID_PTR init_args) +{ + CK_C_INITIALIZE_ARGS_PTR args = NULL; + CK_RV ret = CKR_OK; + pid_t pid; + + p11_mutex_lock (&init_mutex); + + if (init_args != NULL) { + int supplied_ok; + + /* pReserved must be NULL */ + args = init_args; + + /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ + supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && + args->LockMutex == NULL && args->UnlockMutex == NULL) || + (args->CreateMutex != NULL && args->DestroyMutex != NULL && + args->LockMutex != NULL && args->UnlockMutex != NULL); + if (!supplied_ok) { + p11_debug_precond ("invalid set of mutex calls supplied\n"); + ret = CKR_ARGUMENTS_BAD; + goto done; + } + + /* + * When the CKF_OS_LOCKING_OK flag isn't set return an error. + * We must be able to use our pthread functionality. + */ + if (!(args->flags & CKF_OS_LOCKING_OK)) { + p11_debug_precond ("can't do without os locking\n"); + ret = CKR_CANT_LOCK; + goto done; + } + } + + pid = getpid (); + if (pkcs11_initialized) { + + /* This process has called C_Initialize already */ + if (pid == pkcs11_initialized_pid) { + p11_debug_precond ("p11-kit: C_Initialize called twice for same process\n"); + ret = CKR_CRYPTOKI_ALREADY_INITIALIZED; + goto done; + } + } + + /* We store CK_ULONG as pointers here, so verify that they fit */ + assert (sizeof (CK_ULONG) <= sizeof (void *)); + + free (the_pin); + the_pin = (CK_UTF8CHAR_PTR)strdup ("booo"); + n_the_pin = 4; + + if (the_sessions) + p11_dict_free (the_sessions); + the_sessions = p11_dict_new (p11_dict_direct_hash, + p11_dict_direct_equal, + NULL, free_session); + if (!the_sessions) { + ret = CKR_HOST_MEMORY; + goto done; + } + + module_reset_objects (MOCK_SLOT_ONE_ID); + +done: + /* Mark us as officially initialized */ + if (ret == CKR_OK) { + pkcs11_initialized = true; + pkcs11_initialized_pid = pid; + } else if (ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) { + pkcs11_initialized = false; + pkcs11_initialized_pid = 0; + } + + p11_mutex_unlock (&init_mutex); + + return ret; +} + +CK_RV +mock_X_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + return mock_C_Initialize (init_args); +} + +CK_RV +mock_C_Initialize__fails (CK_VOID_PTR init_args) +{ + return CKR_FUNCTION_FAILED; +} + +CK_RV +mock_X_Initialize__fails (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + return mock_C_Initialize__fails (init_args); +} + +CK_RV +mock_C_Finalize (CK_VOID_PTR reserved) +{ + return_val_if_fail (pkcs11_initialized, CKR_CRYPTOKI_NOT_INITIALIZED); + return_val_if_fail (reserved == NULL, CKR_ARGUMENTS_BAD); + + module_finalize (); + return CKR_OK; +} + +CK_RV +mock_X_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + return mock_C_Finalize (reserved); +} + +CK_RV +mock_C_GetInfo (CK_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + memcpy (info, &MOCK_INFO, sizeof (*info)); + return CKR_OK; +} + +CK_RV +mock_X_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info) +{ + return mock_C_GetInfo (info); +} + +CK_RV +mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list) +{ + /* This would be a strange call to receive, should be overridden */ + return_val_if_reached (CKR_FUNCTION_NOT_SUPPORTED); +} + +CK_RV +mock_C_GetSlotList (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + CK_ULONG num; + + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + num = token_present ? 1 : 2; + + /* Application only wants to know the number of slots. */ + if (slot_list == NULL) { + *count = num; + return CKR_OK; + } + + if (*count < num) + return_val_if_reached (CKR_BUFFER_TOO_SMALL); + + *count = num; + slot_list[0] = MOCK_SLOT_ONE_ID; + if (!token_present) + slot_list[1] = MOCK_SLOT_TWO_ID; + + return CKR_OK; + +} + +CK_RV +mock_C_GetSlotList__no_tokens (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + /* No tokens */ + *count = 0; + return CKR_OK; +} + +CK_RV +mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + return mock_C_GetSlotList__no_tokens (token_present, + slot_list, + count); +; +} + +/* Update mock-module.h URIs when updating this */ + +static const CK_SLOT_INFO MOCK_INFO_ONE = { + "TEST SLOT ", + "TEST MANUFACTURER ", + CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, + { 55, 155 }, + { 65, 165 }, +}; + +/* Update mock-module.h URIs when updating this */ + +static const CK_SLOT_INFO MOCK_INFO_TWO = { + "TEST SLOT ", + "TEST MANUFACTURER ", + CKF_REMOVABLE_DEVICE, + { 55, 155 }, + { 65, 165 }, +}; + +CK_RV +mock_C_GetSlotInfo (CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + if (slot_id == MOCK_SLOT_ONE_ID) { + memcpy (info, &MOCK_INFO_ONE, sizeof (*info)); + return CKR_OK; + } else if (slot_id == MOCK_SLOT_TWO_ID) { + memcpy (info, &MOCK_INFO_TWO, sizeof (*info)); + return CKR_OK; + } else { + return CKR_SLOT_ID_INVALID; + } +} + +CK_RV +mock_C_GetSlotList__fail_first (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + return CKR_VENDOR_DEFINED; +} + +CK_RV +mock_C_GetSlotList__fail_late (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + if (!slot_list) + return mock_C_GetSlotList (token_present, slot_list, count); + return CKR_VENDOR_DEFINED; +} + +CK_RV +mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID id, + CK_SLOT_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_SLOT_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +/* Update gck-mock.h URIs when updating this */ + +static const CK_TOKEN_INFO MOCK_TOKEN_ONE = { + "TEST LABEL ", + "TEST MANUFACTURER ", + "TEST MODEL ", + "TEST SERIAL ", + CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + { 75, 175 }, + { 85, 185 }, + { '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' } +}; + +CK_RV +mock_C_GetTokenInfo (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + if (slot_id == MOCK_SLOT_ONE_ID) { + memcpy (info, &MOCK_TOKEN_ONE, sizeof (*info)); + return CKR_OK; + } else if (slot_id == MOCK_SLOT_TWO_ID) { + return CKR_TOKEN_NOT_PRESENT; + } else { + return CKR_SLOT_ID_INVALID; + } +} + +CK_RV +mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +/* + * TWO mechanisms: + * CKM_MOCK_CAPITALIZE + * CKM_MOCK_PREFIX + */ + +CK_RV +mock_C_GetMechanismList (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); + + if (slot_id == MOCK_SLOT_TWO_ID) + return CKR_TOKEN_NOT_PRESENT; + else if (slot_id != MOCK_SLOT_ONE_ID) + return CKR_SLOT_ID_INVALID; + + /* Application only wants to know the number of slots. */ + if (mechanism_list == NULL) { + *count = 2; + return CKR_OK; + } + + if (*count < 2) + return_val_if_reached (CKR_BUFFER_TOO_SMALL); + + mechanism_list[0] = CKM_MOCK_CAPITALIZE; + mechanism_list[1] = CKM_MOCK_PREFIX; + *count = 2; + return CKR_OK; +} + +CK_RV +mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + CK_RV rv; + + rv = mock_C_GetTokenInfo (slot_id, info); + if (rv == CKR_OK) + info->flags &= ~ CKF_TOKEN_INITIALIZED; + + return rv; +} + +/* + * TWO mechanisms: + * CKM_MOCK_CAPITALIZE + * CKM_MOCK_PREFIX + */ + +CK_RV +mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +static const CK_MECHANISM_INFO MOCK_MECH_CAPITALIZE = { + 512, 4096, CKF_ENCRYPT | CKF_DECRYPT +}; + +static const CK_MECHANISM_INFO MOCK_MECH_PREFIX = { + 2048, 2048, CKF_SIGN | CKF_VERIFY +}; + +CK_RV +mock_C_GetMechanismInfo (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + if (slot_id == MOCK_SLOT_TWO_ID) + return CKR_TOKEN_NOT_PRESENT; + else if (slot_id != MOCK_SLOT_ONE_ID) + return CKR_SLOT_ID_INVALID; + + if (type == CKM_MOCK_CAPITALIZE) { + memcpy (info, &MOCK_MECH_CAPITALIZE, sizeof (*info)); + return CKR_OK; + } else if (type == CKM_MOCK_PREFIX) { + memcpy (info, &MOCK_MECH_PREFIX, sizeof (*info)); + return CKR_OK; + } else { + return CKR_MECHANISM_INVALID; + } +} + +CK_RV +mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_C_InitToken__specific_args (CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + return_val_if_fail (pin != NULL, CKR_ARGUMENTS_BAD); + return_val_if_fail (label != NULL, CKR_ARGUMENTS_BAD); + + if (slot_id == MOCK_SLOT_TWO_ID) + return CKR_TOKEN_NOT_PRESENT; + else if (slot_id != MOCK_SLOT_ONE_ID) + return CKR_SLOT_ID_INVALID; + + if (strlen ("TEST PIN") != pin_len || + strncmp ((char *)pin, "TEST PIN", pin_len) != 0) + return CKR_PIN_INVALID; + if (strcmp ((char *)label, "TEST LABEL") != 0) + return CKR_ARGUMENTS_BAD; + + free (the_pin); + the_pin = memdup (pin, pin_len); + return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY); + n_the_pin = pin_len; + return CKR_OK; +} + +CK_RV +mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_C_WaitForSlotEvent (CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + return_val_if_fail (slot, CKR_ARGUMENTS_BAD); + + if (flags & CKF_DONT_BLOCK) + return CKR_NO_EVENT; + + *slot = MOCK_SLOT_TWO_ID; + return CKR_OK; +} + +CK_RV +mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + return_val_if_fail (slot, CKR_ARGUMENTS_BAD); + + return CKR_NO_EVENT; +} + +CK_RV +mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + return_val_if_fail (slot, CKR_ARGUMENTS_BAD); + + return CKR_NO_EVENT; +} + +CK_RV +mock_C_OpenSession (CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session) +{ + Session *sess; + + return_val_if_fail (session, CKR_ARGUMENTS_BAD); + + if (slot_id == MOCK_SLOT_TWO_ID) + return CKR_TOKEN_NOT_PRESENT; + else if (slot_id != MOCK_SLOT_ONE_ID) + return CKR_SLOT_ID_INVALID; + if ((flags & CKF_SERIAL_SESSION) != CKF_SERIAL_SESSION) + return CKR_SESSION_PARALLEL_NOT_SUPPORTED; + + sess = calloc (1, sizeof (Session)); + return_val_if_fail (sess != NULL, CKR_HOST_MEMORY); + sess->handle = ++unique_identifier; + sess->info.flags = flags; + sess->info.slotID = slot_id; + sess->info.state = 0; + sess->info.ulDeviceError = 1414; + sess->objects = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, + NULL, p11_attrs_free); + *session = sess->handle; + + memcpy (sess->random_seed, "random", 6); + sess->random_seed_len = 6; + + p11_dict_set (the_sessions, handle_to_pointer (sess->handle), sess); + return CKR_OK; +} + +CK_RV +mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session) +{ + return_val_if_fail (session, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session) +{ + return_val_if_fail (session, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_C_OpenSession__fails (CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session) +{ + return_val_if_fail (session, CKR_ARGUMENTS_BAD); + + return CKR_DEVICE_ERROR; +} + +CK_RV +mock_C_CloseSession (CK_SESSION_HANDLE session) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + p11_dict_remove (the_sessions, handle_to_pointer (session)); + return CKR_OK; +} + +CK_RV +mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_CloseAllSessions (CK_SLOT_ID slot_id) +{ + if (slot_id == MOCK_SLOT_TWO_ID) + return CKR_TOKEN_NOT_PRESENT; + else if (slot_id != MOCK_SLOT_ONE_ID) + return CKR_SLOT_ID_INVALID; + + p11_dict_clear (the_sessions); + return CKR_OK; +} + +CK_RV +mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id) +{ + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id) +{ + return CKR_SLOT_ID_INVALID; +} + +CK_RV +mock_C_GetFunctionStatus (CK_SESSION_HANDLE session) +{ + if (!p11_dict_get (the_sessions, handle_to_pointer (session))) + return CKR_SESSION_HANDLE_INVALID; + return CKR_FUNCTION_NOT_PARALLEL; +} + +CK_RV +mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +CK_RV +mock_C_CancelFunction (CK_SESSION_HANDLE session) +{ + if (!p11_dict_get (the_sessions, handle_to_pointer (session))) + return CKR_SESSION_HANDLE_INVALID; + return CKR_FUNCTION_NOT_PARALLEL; +} + +CK_RV +mock_C_CancelFunction__not_parallel (CK_SESSION_HANDLE session) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +CK_RV +mock_C_GetSessionInfo (CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + Session *sess; + + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (logged_in) { + if (sess->info.flags & CKF_RW_SESSION) + sess->info.state = CKS_RW_USER_FUNCTIONS; + else + sess->info.state = CKS_RO_USER_FUNCTIONS; + } else { + if (sess->info.flags & CKF_RW_SESSION) + sess->info.state = CKS_RW_PUBLIC_SESSION; + else + sess->info.state = CKS_RO_PUBLIC_SESSION; + } + + memcpy (info, &sess->info, sizeof (*info)); + return CKR_OK; +} + +CK_RV +mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + + if (strlen ("TEST PIN") != pin_len || + strncmp ((char *)pin, "TEST PIN", pin_len) != 0) + return CKR_PIN_INVALID; + + free (the_pin); + the_pin = memdup (pin, pin_len); + return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY); + n_the_pin = pin_len; + return CKR_OK; +} + +CK_RV +mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + + if (old_pin_len != n_the_pin) + return CKR_PIN_INCORRECT; + if (memcmp (old_pin, the_pin, n_the_pin) != 0) + return CKR_PIN_INCORRECT; + + if (strlen ("TEST PIN") != new_pin_len || + strncmp ((char *)new_pin, "TEST PIN", new_pin_len) != 0) + return CKR_PIN_INVALID; + + free (the_pin); + the_pin = memdup (new_pin, new_pin_len); + return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY); + n_the_pin = new_pin_len; + return CKR_OK; +} + +CK_RV +mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GetOperationState (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + Session *sess; + + return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + + if (!operation_state) { + *operation_state_len = sizeof (sess); + return CKR_OK; + } + + if (*operation_state_len < sizeof (sess)) + return CKR_BUFFER_TOO_SMALL; + + memcpy (operation_state, &sess, sizeof (sess)); + *operation_state_len = sizeof (sess); + return CKR_OK; +} + +CK_RV +mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV +mock_C_SetOperationState (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + + if (!operation_state || operation_state_len != sizeof (sess)) + return CKR_ARGUMENTS_BAD; + + /* Yes, just arbitrary numbers, to make sure they got through */ + if (encryption_key != 355 || authentication_key != 455) + return CKR_KEY_HANDLE_INVALID; + if (memcmp (operation_state, &sess, sizeof (sess)) != 0) + return CKR_SAVED_STATE_INVALID; + return CKR_OK; +} + +CK_RV +mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Login (CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + Session *sess; + + return_val_if_fail (user_type == CKU_SO || + user_type == CKU_USER || + user_type == CKU_CONTEXT_SPECIFIC, + CKR_USER_TYPE_INVALID); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + + if (logged_in && user_type != CKU_CONTEXT_SPECIFIC) + return CKR_USER_ALREADY_LOGGED_IN; + + if (!pin) + return CKR_PIN_INCORRECT; + + if (pin_len != n_the_pin) + return CKR_PIN_INCORRECT; + if (strncmp ((char *)pin, (char *)the_pin, pin_len) != 0) + return CKR_PIN_INCORRECT; + + if (user_type == CKU_CONTEXT_SPECIFIC) { + return_val_if_fail (sess->want_context_login, CKR_OPERATION_NOT_INITIALIZED); + sess->want_context_login = false; + } else { + logged_in = true; + the_user_type = user_type; + } + + return CKR_OK; +} + +CK_RV +mock_C_Login__invalid_handle (CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Logout (CK_SESSION_HANDLE session) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!logged_in) + return CKR_USER_NOT_LOGGED_IN; + + logged_in = false; + the_user_type = 0; + return CKR_OK; +} + +CK_RV +mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_CreateObject (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR object) +{ + CK_ATTRIBUTE *attrs; + Session *sess; + CK_BBOOL token, priv; + + return_val_if_fail (object, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + attrs = p11_attrs_buildn (NULL, template, count); + + if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &priv) && priv) { + if (!logged_in) { + p11_attrs_free (attrs); + return CKR_USER_NOT_LOGGED_IN; + } + } + + *object = ++unique_identifier; + if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*object), attrs); + else + p11_dict_set (sess->objects, handle_to_pointer (*object), attrs); + + return CKR_OK; +} + +CK_RV +mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_CopyObject (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + CK_ATTRIBUTE *attrs; + Session *sess; + CK_BBOOL token, priv; + CK_RV rv; + + return_val_if_fail (object, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, object, &attrs, NULL); + if (rv != CKR_OK) + return rv; + + if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &priv) && priv) { + if (!logged_in) + return CKR_USER_NOT_LOGGED_IN; + } + + attrs = p11_attrs_buildn (p11_attrs_dup (attrs), template, count); + + *new_object = ++unique_identifier; + if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*new_object), attrs); + else + p11_dict_set (sess->objects, handle_to_pointer (*new_object), attrs); + + return CKR_OK; +} + +CK_RV +mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + + +CK_RV +mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DestroyObject (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + CK_ATTRIBUTE *attrs; + Session *sess; + p11_dict *table; + CK_RV rv; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, object, &attrs, &table); + if (rv != CKR_OK) + return rv; + + p11_dict_remove (table, handle_to_pointer (object)); + return CKR_OK; +} + +CK_RV +mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GetObjectSize (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + CK_ATTRIBUTE *attrs; + Session *sess; + CK_RV rv; + CK_ULONG i; + + return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, object, &attrs, NULL); + if (rv != CKR_OK) + return rv; + + *size = 0; + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + if (attrs[i].ulValueLen != (CK_ULONG)-1) + *size += attrs[i].ulValueLen; + } + + return CKR_OK; +} + +CK_RV +mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + return_val_if_fail (size, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + return_val_if_fail (size, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GetAttributeValue (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + CK_ATTRIBUTE *result; + CK_RV ret = CKR_OK; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *attr; + Session *sess; + CK_ULONG i; + CK_RV rv; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, object, &attrs, NULL); + if (rv != CKR_OK) + return rv; + + for (i = 0; i < count; ++i) { + result = template + i; + attr = p11_attrs_find (attrs, result->type); + if (!attr) { + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_ATTRIBUTE_TYPE_INVALID; + continue; + } + + if (!result->pValue) { + result->ulValueLen = attr->ulValueLen; + continue; + } + + if (result->ulValueLen >= attr->ulValueLen) { + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + result->ulValueLen = attr->ulValueLen; + continue; + } + + result->ulValueLen = (CK_ULONG)-1; + ret = CKR_BUFFER_TOO_SMALL; + } + + return ret; +} + +CK_RV +mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_FUNCTION_REJECTED; +} + +CK_RV +mock_C_GetAttributeValue__fail_late (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + CK_ULONG i; + + for (i = 0; i < count; i++) { + if (template[i].pValue) + return CKR_FUNCTION_FAILED; + } + return mock_C_GetAttributeValue (session, object, template, count); +} + +CK_RV +mock_C_SetAttributeValue (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + Session *sess; + CK_ATTRIBUTE *attrs; + p11_dict *table; + CK_RV rv; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, object, &attrs, &table); + if (rv != CKR_OK) + return rv; + + p11_dict_steal (table, handle_to_pointer (object), NULL, (void **)&attrs); + attrs = p11_attrs_buildn (attrs, template, count); + p11_dict_set (table, handle_to_pointer (object), attrs); + return CKR_OK; +} + +CK_RV +mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +typedef struct _FindObjects { + CK_ATTRIBUTE *template; + CK_ULONG count; + Session *sess; +} FindObjects; + +static bool +enumerate_and_find_objects (CK_OBJECT_HANDLE object, + CK_ATTRIBUTE *attrs, + void *user_data) +{ + FindObjects *ctx = user_data; + CK_ATTRIBUTE *match; + CK_ATTRIBUTE *attr; + CK_BBOOL private; + CK_ULONG i; + + if (!logged_in) { + if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &private) && private) + return 1; /* Continue */ + } + + for (i = 0; i < ctx->count; ++i) { + match = ctx->template + i; + attr = p11_attrs_find (attrs, match->type); + if (!attr) + return true; /* Continue */ + + if (attr->ulValueLen != match->ulValueLen || + memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0) + return true; /* Continue */ + } + + p11_array_push (ctx->sess->matches, handle_to_pointer (object)); + return true; /* Continue */ +} + +static int +compar_handles (const void *one, + const void *two) +{ + void **p1 = (void **)one; + void **p2 = (void **)two; + return pointer_to_handle (*p2) - pointer_to_handle (*p1); +} + +CK_RV +mock_C_FindObjectsInit (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + Session *sess; + FindObjects ctx; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* Starting an operation, cancels any previous one */ + sess->crypto_mechanism = 0; + sess->hash_mechanism = 0; + + sess->finding = true; + p11_array_free (sess->matches); + sess->matches = p11_array_new (NULL); + + ctx.template = template; + ctx.count = count; + ctx.sess = sess; + + mock_module_enumerate_objects (session, enumerate_and_find_objects, &ctx); + qsort (sess->matches->elem, sess->matches->num, sizeof (void *), compar_handles); + return CKR_OK; +} + +CK_RV +mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_DEVICE_MEMORY; +} + +CK_RV +mock_C_FindObjects (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_object_count, + CK_ULONG_PTR object_count) +{ + Session *sess; + + return_val_if_fail (objects, CKR_ARGUMENTS_BAD); + return_val_if_fail (object_count, CKR_ARGUMENTS_BAD); + return_val_if_fail (max_object_count != 0, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + if (!sess->finding) + return CKR_OPERATION_NOT_INITIALIZED; + + *object_count = 0; + while (max_object_count > 0) { + if (sess->matches->num == 0) + break; + *objects = pointer_to_handle (sess->matches->elem[sess->matches->num - 1]); + ++objects; + --max_object_count; + ++(*object_count); + p11_array_remove (sess->matches, sess->matches->num - 1); + } + + return CKR_OK; +} + +CK_RV +mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_FindObjects__fails (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_DEVICE_REMOVED; +} + +CK_RV +mock_C_FindObjectsFinal (CK_SESSION_HANDLE session) +{ + + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (sess == NULL) + return CKR_SESSION_HANDLE_INVALID; + if (!sess->finding) + return CKR_OPERATION_NOT_INITIALIZED; + + sess->finding = false; + p11_array_free (sess->matches); + sess->matches = NULL; + + return CKR_OK; +} + +CK_RV +mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_EncryptInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Session *sess; + + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* Starting an operation, cancels any previous one */ + sess->finding = CK_FALSE; + + if (mechanism->mechanism != CKM_MOCK_CAPITALIZE) + return CKR_MECHANISM_INVALID; + if (key != MOCK_PUBLIC_KEY_CAPITALIZE) + return CKR_KEY_HANDLE_INVALID; + + sess->crypto_method = CKA_ENCRYPT; + sess->crypto_mechanism = CKM_MOCK_CAPITALIZE; + sess->crypto_key = key; + return CKR_OK; +} + +CK_RV +mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Encrypt (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + CK_ULONG last = 0; + CK_RV rv; + rv = mock_C_EncryptUpdate (session, data, data_len, encrypted_data, encrypted_data_len); + if (rv == CKR_OK) + rv = mock_C_EncryptFinal (session, encrypted_data, &last); + return rv; +} + +CK_RV +mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_EncryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + Session *sess; + CK_ULONG i; + + return_val_if_fail (part != NULL, CKR_DATA_INVALID); + return_val_if_fail (encrypted_part_len != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->crypto_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->crypto_method != CKA_ENCRYPT) + return CKR_OPERATION_NOT_INITIALIZED; + assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE); + assert (sess->crypto_key == MOCK_PUBLIC_KEY_CAPITALIZE); + + if (!encrypted_part) { + *encrypted_part_len = part_len; + return CKR_OK; + } + + if (*encrypted_part_len < part_len) { + *encrypted_part_len = part_len; + return CKR_BUFFER_TOO_SMALL; + } + + for (i = 0; i < part_len; ++i) + encrypted_part[i] = p11_ascii_toupper (part[i]); + *encrypted_part_len = part_len; + return CKR_OK; +} + +CK_RV +mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_EncryptFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_encrypted_part, + CK_ULONG_PTR last_encrypted_part_len) +{ + Session *sess; + + return_val_if_fail (last_encrypted_part_len != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->crypto_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->crypto_method != CKA_ENCRYPT) + return CKR_OPERATION_NOT_INITIALIZED; + + *last_encrypted_part_len = 0; + + sess->crypto_method = 0; + sess->crypto_mechanism = 0; + sess->crypto_key = 0; + return CKR_OK; +} + +CK_RV +mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DecryptInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Session *sess; + + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* Starting an operation, cancels any previous one */ + sess->finding = false; + + if (mechanism->mechanism != CKM_MOCK_CAPITALIZE) + return CKR_MECHANISM_INVALID; + if (key != MOCK_PRIVATE_KEY_CAPITALIZE) + return CKR_KEY_HANDLE_INVALID; + + sess->crypto_method = CKA_DECRYPT; + sess->crypto_mechanism = CKM_MOCK_CAPITALIZE; + sess->crypto_key = key; + return CKR_OK; +} + +CK_RV +mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Decrypt (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_data, + CK_ULONG encrypted_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + CK_ULONG last = 0; + CK_RV rv; + rv = mock_C_DecryptUpdate (session, encrypted_data, encrypted_data_len, data, data_len); + if (rv == CKR_OK) + rv = mock_C_DecryptFinal (session, data, &last); + return rv; +} + +CK_RV +mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DecryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + Session *sess; + CK_ULONG i; + + return_val_if_fail (encrypted_part, CKR_ENCRYPTED_DATA_INVALID); + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->crypto_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->crypto_method != CKA_DECRYPT) + return CKR_OPERATION_NOT_INITIALIZED; + assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE); + assert (sess->crypto_key == MOCK_PRIVATE_KEY_CAPITALIZE); + + if (!part) { + *part_len = encrypted_part_len; + return CKR_OK; + } + + if (*part_len < encrypted_part_len) { + *part_len = encrypted_part_len; + return CKR_BUFFER_TOO_SMALL; + } + + for (i = 0; i < encrypted_part_len; ++i) + part[i] = p11_ascii_tolower (encrypted_part[i]); + *part_len = encrypted_part_len; + return CKR_OK; +} + +CK_RV +mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DecryptFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + Session *sess; + + return_val_if_fail (last_part_len != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->crypto_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->crypto_method != CKA_DECRYPT) + return CKR_OPERATION_NOT_INITIALIZED; + + *last_part_len = 0; + + sess->crypto_method = 0; + sess->crypto_mechanism = 0; + sess->crypto_key = 0; + + return CKR_OK; +} + +CK_RV +mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DigestInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + Session *sess; + + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + /* Starting an operation, cancels any previous one */ + sess->finding = false; + + if (mechanism->mechanism != CKM_MOCK_COUNT) + return CKR_MECHANISM_INVALID; + + sess->hash_mechanism = CKM_MOCK_COUNT; + sess->hash_method = (CK_ULONG)-1; + sess->hash_count = 0; + sess->hash_key = 0; + return CKR_OK; +} + +CK_RV +mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Digest (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + CK_RV rv; + + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + rv = mock_C_DigestUpdate (session, data, data_len); + if (rv == CKR_OK) + rv = mock_C_DigestFinal (session, digest, digest_len); + return rv; +} + +CK_RV +mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DigestUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->hash_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->hash_method != (CK_ULONG)-1) + return CKR_OPERATION_NOT_INITIALIZED; + assert (sess->hash_mechanism == CKM_MOCK_COUNT); + + sess->hash_count += part_len; + return CKR_OK; +} + +CK_RV +mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DigestKey (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->hash_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->hash_method != (CK_ULONG)-1) + return CKR_OPERATION_NOT_INITIALIZED; + assert (sess->hash_mechanism == CKM_MOCK_COUNT); + + sess->hash_count += key; + return CKR_OK; +} + +CK_RV +mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DigestFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + char buffer[32]; + Session *sess; + int len; + + return_val_if_fail (digest_len != NULL, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (!sess->hash_mechanism) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->hash_method != (CK_ULONG)-1) + return CKR_OPERATION_NOT_INITIALIZED; + assert (sess->hash_mechanism == CKM_MOCK_COUNT); + + len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count); + + if (!digest) { + *digest_len = len; + return CKR_OK; + } else if (*digest_len < len) { + *digest_len = len; + return CKR_BUFFER_TOO_SMALL; + } + + memcpy (digest, &buffer, len); + *digest_len = len; + + sess->hash_count = 0; + sess->hash_mechanism = 0; + sess->hash_key = 0; + sess->hash_method = 0; + + return CKR_OK; +} + +CK_RV +mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +static CK_RV +prefix_mechanism_init (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_TYPE method, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Session *sess; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *value; + CK_BYTE_PTR param; + CK_ULONG n_param; + CK_ULONG length; + CK_RV rv; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (mechanism->mechanism != CKM_MOCK_PREFIX) + return CKR_MECHANISM_INVALID; + if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) { + if (key != MOCK_PRIVATE_KEY_PREFIX) + return CKR_KEY_HANDLE_INVALID; + } else if (method == CKA_VERIFY || method == CKA_VERIFY_RECOVER) { + if (key != MOCK_PUBLIC_KEY_PREFIX) + return CKR_KEY_HANDLE_INVALID; + } else { + assert_not_reached (); + } + + rv = lookup_object (sess, key, &attrs, NULL); + if (rv != CKR_OK) + return rv; + + value = p11_attrs_find_valid (attrs, CKA_VALUE); + if (value == NULL) + return CKR_KEY_TYPE_INCONSISTENT; + + if (mechanism->pParameter) { + param = mechanism->pParameter; + n_param = mechanism->ulParameterLen; + } else { + param = (CK_BYTE_PTR)SIGNED_PREFIX; + n_param = strlen (SIGNED_PREFIX) + 1; + } + + length = value->ulValueLen + n_param; + if (length > sizeof (sess->sign_prefix)) + return CKR_KEY_SIZE_RANGE; + + /* Starting an operation, cancels any finding */ + sess->finding = false; + + sess->hash_mechanism = CKM_MOCK_PREFIX; + sess->hash_method = method; + sess->hash_key = key; + sess->hash_count = 0; + + memcpy (sess->sign_prefix, param, n_param); + memcpy (sess->sign_prefix + n_param, value->pValue, value->ulValueLen); + sess->n_sign_prefix = length; + + /* The private key has CKA_ALWAYS_AUTHENTICATE above */ + if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) + sess->want_context_login = true; + + return CKR_OK; + +} + +CK_RV +mock_C_SignInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + return prefix_mechanism_init (session, CKA_SIGN, mechanism, key); +} + +CK_RV +mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Sign (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + CK_RV rv; + + rv = mock_C_SignUpdate (session, data, data_len); + if (rv == CKR_OK) + rv = mock_C_SignFinal (session, signature, signature_len); + + return rv; +} + +CK_RV +mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SignUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + if (sess->hash_mechanism != CKM_MOCK_PREFIX || + sess->hash_method != CKA_SIGN) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->want_context_login) + return CKR_USER_NOT_LOGGED_IN; + + sess->hash_count += part_len; + return CKR_OK; +} + +CK_RV +mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SignFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + char buffer[32]; + Session *sess; + CK_ULONG length; + int len; + + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + if (sess->hash_mechanism != CKM_MOCK_PREFIX || + sess->hash_method != CKA_SIGN) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->want_context_login) + return CKR_USER_NOT_LOGGED_IN; + + len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count); + length = sess->n_sign_prefix + len; + + if (!signature) { + *signature_len = length; + return CKR_OK; + } + + if (*signature_len < length) { + *signature_len = length; + return CKR_BUFFER_TOO_SMALL; + } + + memcpy (signature, sess->sign_prefix, sess->n_sign_prefix); + memcpy (signature + sess->n_sign_prefix, buffer, len); + *signature_len = length; + + sess->hash_mechanism = 0; + sess->hash_method = 0; + sess->hash_count = 0; + sess->hash_key = 0; + + return CKR_OK; +} + +CK_RV +mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SignRecoverInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + return prefix_mechanism_init (session, CKA_SIGN_RECOVER, mechanism, key); +} + +CK_RV +mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SignRecover (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + Session *sess; + CK_ULONG length; + + return_val_if_fail (data, CKR_DATA_INVALID); + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + if (sess->hash_method != CKA_SIGN_RECOVER || + sess->hash_mechanism != CKM_MOCK_PREFIX) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->want_context_login) + return CKR_USER_NOT_LOGGED_IN; + + length = sess->n_sign_prefix + data_len; + + if (!signature) { + *signature_len = length; + return CKR_OK; + } + + if (*signature_len < length) { + *signature_len = length; + return CKR_BUFFER_TOO_SMALL; + } + + memcpy (signature, sess->sign_prefix, sess->n_sign_prefix); + memcpy (signature + sess->n_sign_prefix, data, data_len); + *signature_len = length; + + sess->hash_method = 0; + sess->hash_mechanism = 0; + sess->hash_key = 0; + sess->hash_count = 0; + + return CKR_OK; +} + +CK_RV +mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_VerifyInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + return prefix_mechanism_init (session, CKA_VERIFY, mechanism, key); +} + +CK_RV +mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_Verify (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + CK_RV rv; + + rv = mock_C_VerifyUpdate (session, data, data_len); + if (rv == CKR_OK) + rv = mock_C_VerifyFinal (session, signature, signature_len); + + return rv; +} + +CK_RV +mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_VerifyUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + if (sess->hash_mechanism != CKM_MOCK_PREFIX || + sess->hash_method != CKA_VERIFY) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->want_context_login) + return CKR_USER_NOT_LOGGED_IN; + + sess->hash_count += part_len; + return CKR_OK; +} + +CK_RV +mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_VerifyFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + char buffer[32]; + Session *sess; + CK_ULONG length; + int len; + + return_val_if_fail (signature, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + if (sess->hash_mechanism != CKM_MOCK_PREFIX || + sess->hash_method != CKA_VERIFY) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->want_context_login) + return CKR_USER_NOT_LOGGED_IN; + + len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count); + length = sess->n_sign_prefix + len; + + if (signature_len != length) + return CKR_SIGNATURE_LEN_RANGE; + + if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0 || + memcmp (signature + sess->n_sign_prefix, buffer, len) != 0) + return CKR_SIGNATURE_INVALID; + + sess->hash_mechanism = 0; + sess->hash_method = 0; + sess->hash_count = 0; + sess->hash_key = 0; + + return CKR_OK; +} + +CK_RV +mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD); + return prefix_mechanism_init (session, CKA_VERIFY_RECOVER, mechanism, key); +} + +CK_RV +mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_VerifyRecover (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + Session *sess; + CK_ULONG length; + + return_val_if_fail (signature, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + if (sess->hash_mechanism != CKM_MOCK_PREFIX || + sess->hash_method != CKA_VERIFY_RECOVER) + return CKR_OPERATION_NOT_INITIALIZED; + if (sess->want_context_login) + return CKR_USER_NOT_LOGGED_IN; + + if (signature_len < sess->n_sign_prefix) + return CKR_SIGNATURE_LEN_RANGE; + if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0) + return CKR_SIGNATURE_INVALID; + + length = signature_len - sess->n_sign_prefix; + if (!data) { + *data_len = length; + return CKR_OK; + } + + if (*data_len < length) { + *data_len = length; + return CKR_BUFFER_TOO_SMALL; + } + + *data_len = length; + memcpy (data, signature + sess->n_sign_prefix, length); + return CKR_OK; +} + +CK_RV +mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + CK_RV rv; + + rv = mock_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len); + if (rv == CKR_OK) + rv = mock_C_DigestUpdate (session, part, part_len); + + return rv; +} + +CK_RV +mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + CK_RV rv; + + rv = mock_C_DecryptUpdate (session, encrypted_part, encrypted_part_len, part, part_len); + if (rv == CKR_OK) + rv = mock_C_DigestUpdate (session, part, *part_len); + + return rv; +} + +CK_RV +mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + CK_RV rv; + + rv = mock_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len); + if (rv == CKR_OK) + rv = mock_C_SignUpdate (session, part, part_len); + + return rv; +} + +CK_RV +mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + CK_RV rv; + + rv = mock_C_DecryptUpdate (session, encrypted_part, encrypted_part_len, part, part_len); + if (rv == CKR_OK) + rv = mock_C_VerifyUpdate (session, part, *part_len); + + return rv; +} + +CK_RV +mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GenerateKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE value; + Session *sess; + CK_BBOOL token; + + return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); + return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (count, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (key, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (mechanism->mechanism != CKM_MOCK_GENERATE) + return CKR_MECHANISM_INVALID; + + if (!mechanism->pParameter || mechanism->ulParameterLen != 9 || + memcmp (mechanism->pParameter, "generate", 9) != 0) + return CKR_MECHANISM_PARAM_INVALID; + + value.type = CKA_VALUE; + value.pValue = "generated"; + value.ulValueLen = strlen (value.pValue); + + attrs = p11_attrs_buildn (NULL, template, count); + attrs = p11_attrs_buildn (attrs, &value, 1); + + *key = ++unique_identifier; + if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*key), attrs); + else + p11_dict_set (sess->objects, handle_to_pointer (*key), attrs); + + return CKR_OK; +} + +CK_RV +mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GenerateKeyPair (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR public_key_template, + CK_ULONG public_key_count, + CK_ATTRIBUTE_PTR private_key_template, + CK_ULONG private_key_count, + CK_OBJECT_HANDLE_PTR public_key, + CK_OBJECT_HANDLE_PTR private_key) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE value; + Session *sess; + CK_BBOOL token; + + return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); + return_val_if_fail (public_key_template, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (public_key_count, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (private_key_template, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (private_key_count, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (public_key, CKR_ARGUMENTS_BAD); + return_val_if_fail (private_key, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (mechanism->mechanism != CKM_MOCK_GENERATE) + return CKR_MECHANISM_INVALID; + + if (!mechanism->pParameter || mechanism->ulParameterLen != 9 || + memcmp (mechanism->pParameter, "generate", 9) != 0) + return CKR_MECHANISM_PARAM_INVALID; + + value.type = CKA_VALUE; + value.pValue = "generated"; + value.ulValueLen = strlen (value.pValue); + + attrs = p11_attrs_buildn (NULL, public_key_template, public_key_count); + attrs = p11_attrs_buildn (attrs, &value, 1); + + *public_key = ++unique_identifier; + if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*public_key), attrs); + else + p11_dict_set (sess->objects, handle_to_pointer (*public_key), attrs); + + attrs = p11_attrs_buildn (NULL, private_key_template, private_key_count); + attrs = p11_attrs_buildn (attrs, &value, 1); + + *private_key = ++unique_identifier; + if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*private_key), attrs); + else + p11_dict_set (sess->objects, handle_to_pointer (*private_key), attrs); + + return CKR_OK; +} + +CK_RV +mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_WrapKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *attr; + Session *sess; + CK_RV rv; + + return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); + return_val_if_fail (wrapping_key, CKR_OBJECT_HANDLE_INVALID); + return_val_if_fail (key, CKR_OBJECT_HANDLE_INVALID); + return_val_if_fail (wrapped_key_len, CKR_WRAPPED_KEY_LEN_RANGE); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, wrapping_key, &attrs, NULL); + if (rv == CKR_OBJECT_HANDLE_INVALID) + return CKR_WRAPPING_KEY_HANDLE_INVALID; + else if (rv != CKR_OK) + return rv; + + rv = lookup_object (sess, key, &attrs, NULL); + if (rv == CKR_OBJECT_HANDLE_INVALID) + return CKR_WRAPPING_KEY_HANDLE_INVALID; + else if (rv != CKR_OK) + return rv; + + if (mechanism->mechanism != CKM_MOCK_WRAP) + return CKR_MECHANISM_INVALID; + + if (mechanism->pParameter == NULL || + mechanism->ulParameterLen != 4 || + memcmp (mechanism->pParameter, "wrap", 4) != 0) { + return CKR_MECHANISM_PARAM_INVALID; + } + + attr = p11_attrs_find_valid (attrs, CKA_VALUE); + if (attr == NULL) + return CKR_WRAPPED_KEY_INVALID; + + if (!wrapped_key) { + *wrapped_key_len = attr->ulValueLen; + return CKR_OK; + } + + if (*wrapped_key_len < attr->ulValueLen) { + *wrapped_key_len = attr->ulValueLen; + return CKR_BUFFER_TOO_SMALL; + } + + memcpy (wrapped_key, attr->pValue, attr->ulValueLen); + *wrapped_key_len = attr->ulValueLen; + + return CKR_OK; +} + +CK_RV +mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_UnwrapKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE value; + Session *sess; + CK_BBOOL token; + CK_RV rv; + + return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); + return_val_if_fail (unwrapping_key, CKR_WRAPPING_KEY_HANDLE_INVALID); + return_val_if_fail (wrapped_key, CKR_WRAPPED_KEY_INVALID); + return_val_if_fail (wrapped_key_len, CKR_WRAPPED_KEY_LEN_RANGE); + return_val_if_fail (key, CKR_ARGUMENTS_BAD); + return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (count, CKR_TEMPLATE_INCONSISTENT); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, unwrapping_key, &attrs, NULL); + if (rv == CKR_OBJECT_HANDLE_INVALID) + return CKR_WRAPPING_KEY_HANDLE_INVALID; + else if (rv != CKR_OK) + return rv; + + if (mechanism->mechanism != CKM_MOCK_WRAP) + return CKR_MECHANISM_INVALID; + + if (mechanism->pParameter == NULL || + mechanism->ulParameterLen != 4 || + memcmp (mechanism->pParameter, "wrap", 4) != 0) { + return CKR_MECHANISM_PARAM_INVALID; + } + + value.type = CKA_VALUE; + value.pValue = wrapped_key; + value.ulValueLen = wrapped_key_len; + + attrs = p11_attrs_buildn (NULL, template, count); + attrs = p11_attrs_buildn (attrs, &value, 1); + + *key = ++unique_identifier; + if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*key), attrs); + else + p11_dict_set (sess->objects, handle_to_pointer (*key), attrs); + + return CKR_OK; +} + +CK_RV +mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_DeriveKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + CK_ATTRIBUTE *attrs, *copy; + CK_ATTRIBUTE value; + Session *sess; + CK_BBOOL token; + CK_RV rv; + + return_val_if_fail (mechanism, CKR_MECHANISM_INVALID); + return_val_if_fail (count, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE); + return_val_if_fail (key, CKR_ARGUMENTS_BAD); + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + rv = lookup_object (sess, base_key, &attrs, NULL); + if (rv == CKR_OBJECT_HANDLE_INVALID) + return CKR_KEY_HANDLE_INVALID; + else if (rv != CKR_OK) + return rv; + + if (mechanism->mechanism != CKM_MOCK_DERIVE) + return CKR_MECHANISM_INVALID; + + if (mechanism->pParameter == NULL || + mechanism->ulParameterLen != 6 || + memcmp (mechanism->pParameter, "derive", 6) != 0) { + return CKR_MECHANISM_PARAM_INVALID; + } + + value.type = CKA_VALUE; + value.pValue = "derived"; + value.ulValueLen = strlen (value.pValue); + + copy = p11_attrs_buildn (NULL, template, count); + copy = p11_attrs_buildn (copy, &value, 1); + + *key = ++unique_identifier; + if (p11_attrs_find_bool (copy, CKA_TOKEN, &token) && token) + p11_dict_set (the_objects, handle_to_pointer (*key), copy); + else + p11_dict_set (sess->objects, handle_to_pointer (*key), copy); + + return CKR_OK; +} + +CK_RV +mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_SeedRandom (CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + Session *sess; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (seed_len > sizeof (sess->random_seed)) + return CKR_RANDOM_SEED_NOT_SUPPORTED; + + memcpy (sess->random_seed, seed, seed_len); + sess->random_seed_len = seed_len; + return CKR_OK; +} + +CK_RV +mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_GenerateRandom (CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + Session *sess; + CK_ULONG block; + + sess = p11_dict_get (the_sessions, handle_to_pointer (session)); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + while (random_len > 0) { + block = sess->random_seed_len; + if (block > random_len) + block = random_len; + memcpy (random_data, sess->random_seed, block); + random_data += block; + random_len -= block; + } + + return CKR_OK; +} + +CK_RV +mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_FUNCTION_LIST mock_module_no_slots = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + mock_C_Initialize, + mock_C_Finalize, + mock_C_GetInfo, + mock_C_GetFunctionList_not_supported, + mock_C_GetSlotList__no_tokens, + mock_C_GetSlotInfo__invalid_slotid, + mock_C_GetTokenInfo__invalid_slotid, + mock_C_GetMechanismList__invalid_slotid, + mock_C_GetMechanismInfo__invalid_slotid, + mock_C_InitToken__invalid_slotid, + mock_C_InitPIN__invalid_handle, + mock_C_SetPIN__invalid_handle, + mock_C_OpenSession__invalid_slotid, + mock_C_CloseSession__invalid_handle, + mock_C_CloseAllSessions__invalid_slotid, + mock_C_GetSessionInfo__invalid_handle, + mock_C_GetOperationState__invalid_handle, + mock_C_SetOperationState__invalid_handle, + mock_C_Login__invalid_handle, + mock_C_Logout__invalid_handle, + mock_C_CreateObject__invalid_handle, + mock_C_CopyObject__invalid_handle, + mock_C_DestroyObject__invalid_handle, + mock_C_GetObjectSize__invalid_handle, + mock_C_GetAttributeValue__invalid_handle, + mock_C_SetAttributeValue__invalid_handle, + mock_C_FindObjectsInit__invalid_handle, + mock_C_FindObjects__invalid_handle, + mock_C_FindObjectsFinal__invalid_handle, + mock_C_EncryptInit__invalid_handle, + mock_C_Encrypt__invalid_handle, + mock_C_EncryptUpdate__invalid_handle, + mock_C_EncryptFinal__invalid_handle, + mock_C_DecryptInit__invalid_handle, + mock_C_Decrypt__invalid_handle, + mock_C_DecryptUpdate__invalid_handle, + mock_C_DecryptFinal__invalid_handle, + mock_C_DigestInit__invalid_handle, + mock_C_Digest__invalid_handle, + mock_C_DigestUpdate__invalid_handle, + mock_C_DigestKey__invalid_handle, + mock_C_DigestFinal__invalid_handle, + mock_C_SignInit__invalid_handle, + mock_C_Sign__invalid_handle, + mock_C_SignUpdate__invalid_handle, + mock_C_SignFinal__invalid_handle, + mock_C_SignRecoverInit__invalid_handle, + mock_C_SignRecover__invalid_handle, + mock_C_VerifyInit__invalid_handle, + mock_C_Verify__invalid_handle, + mock_C_VerifyUpdate__invalid_handle, + mock_C_VerifyFinal__invalid_handle, + mock_C_VerifyRecoverInit__invalid_handle, + mock_C_VerifyRecover__invalid_handle, + mock_C_DigestEncryptUpdate__invalid_handle, + mock_C_DecryptDigestUpdate__invalid_handle, + mock_C_SignEncryptUpdate__invalid_handle, + mock_C_DecryptVerifyUpdate__invalid_handle, + mock_C_GenerateKey__invalid_handle, + mock_C_GenerateKeyPair__invalid_handle, + mock_C_WrapKey__invalid_handle, + mock_C_UnwrapKey__invalid_handle, + mock_C_DeriveKey__invalid_handle, + mock_C_SeedRandom__invalid_handle, + mock_C_GenerateRandom__invalid_handle, + mock_C_GetFunctionStatus__not_parallel, + mock_C_CancelFunction__not_parallel, + mock_C_WaitForSlotEvent__no_event, +}; + +CK_X_FUNCTION_LIST mock_x_module_no_slots = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + mock_X_Initialize, + mock_X_Finalize, + mock_X_GetInfo, + mock_X_GetSlotList__no_tokens, + mock_X_GetSlotInfo__invalid_slotid, + mock_X_GetTokenInfo__invalid_slotid, + mock_X_GetMechanismList__invalid_slotid, + mock_X_GetMechanismInfo__invalid_slotid, + mock_X_InitToken__invalid_slotid, + mock_X_InitPIN__invalid_handle, + mock_X_SetPIN__invalid_handle, + mock_X_OpenSession__invalid_slotid, + mock_X_CloseSession__invalid_handle, + mock_X_CloseAllSessions__invalid_slotid, + mock_X_GetSessionInfo__invalid_handle, + mock_X_GetOperationState__invalid_handle, + mock_X_SetOperationState__invalid_handle, + mock_X_Login__invalid_handle, + mock_X_Logout__invalid_handle, + mock_X_CreateObject__invalid_handle, + mock_X_CopyObject__invalid_handle, + mock_X_DestroyObject__invalid_handle, + mock_X_GetObjectSize__invalid_handle, + mock_X_GetAttributeValue__invalid_handle, + mock_X_SetAttributeValue__invalid_handle, + mock_X_FindObjectsInit__invalid_handle, + mock_X_FindObjects__invalid_handle, + mock_X_FindObjectsFinal__invalid_handle, + mock_X_EncryptInit__invalid_handle, + mock_X_Encrypt__invalid_handle, + mock_X_EncryptUpdate__invalid_handle, + mock_X_EncryptFinal__invalid_handle, + mock_X_DecryptInit__invalid_handle, + mock_X_Decrypt__invalid_handle, + mock_X_DecryptUpdate__invalid_handle, + mock_X_DecryptFinal__invalid_handle, + mock_X_DigestInit__invalid_handle, + mock_X_Digest__invalid_handle, + mock_X_DigestUpdate__invalid_handle, + mock_X_DigestKey__invalid_handle, + mock_X_DigestFinal__invalid_handle, + mock_X_SignInit__invalid_handle, + mock_X_Sign__invalid_handle, + mock_X_SignUpdate__invalid_handle, + mock_X_SignFinal__invalid_handle, + mock_X_SignRecoverInit__invalid_handle, + mock_X_SignRecover__invalid_handle, + mock_X_VerifyInit__invalid_handle, + mock_X_Verify__invalid_handle, + mock_X_VerifyUpdate__invalid_handle, + mock_X_VerifyFinal__invalid_handle, + mock_X_VerifyRecoverInit__invalid_handle, + mock_X_VerifyRecover__invalid_handle, + mock_X_DigestEncryptUpdate__invalid_handle, + mock_X_DecryptDigestUpdate__invalid_handle, + mock_X_SignEncryptUpdate__invalid_handle, + mock_X_DecryptVerifyUpdate__invalid_handle, + mock_X_GenerateKey__invalid_handle, + mock_X_GenerateKeyPair__invalid_handle, + mock_X_WrapKey__invalid_handle, + mock_X_UnwrapKey__invalid_handle, + mock_X_DeriveKey__invalid_handle, + mock_X_SeedRandom__invalid_handle, + mock_X_GenerateRandom__invalid_handle, + mock_X_WaitForSlotEvent__no_event, +}; + +CK_FUNCTION_LIST mock_module = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + mock_C_Initialize, + mock_C_Finalize, + mock_C_GetInfo, + mock_C_GetFunctionList_not_supported, + mock_C_GetSlotList, + mock_C_GetSlotInfo, + mock_C_GetTokenInfo, + mock_C_GetMechanismList, + mock_C_GetMechanismInfo, + mock_C_InitToken__specific_args, + mock_C_InitPIN__specific_args, + mock_C_SetPIN__specific_args, + mock_C_OpenSession, + mock_C_CloseSession, + mock_C_CloseAllSessions, + mock_C_GetSessionInfo, + mock_C_GetOperationState, + mock_C_SetOperationState, + mock_C_Login, + mock_C_Logout, + mock_C_CreateObject, + mock_C_CopyObject, + mock_C_DestroyObject, + mock_C_GetObjectSize, + mock_C_GetAttributeValue, + mock_C_SetAttributeValue, + mock_C_FindObjectsInit, + mock_C_FindObjects, + mock_C_FindObjectsFinal, + mock_C_EncryptInit, + mock_C_Encrypt, + mock_C_EncryptUpdate, + mock_C_EncryptFinal, + mock_C_DecryptInit, + mock_C_Decrypt, + mock_C_DecryptUpdate, + mock_C_DecryptFinal, + mock_C_DigestInit, + mock_C_Digest, + mock_C_DigestUpdate, + mock_C_DigestKey, + mock_C_DigestFinal, + mock_C_SignInit, + mock_C_Sign, + mock_C_SignUpdate, + mock_C_SignFinal, + mock_C_SignRecoverInit, + mock_C_SignRecover, + mock_C_VerifyInit, + mock_C_Verify, + mock_C_VerifyUpdate, + mock_C_VerifyFinal, + mock_C_VerifyRecoverInit, + mock_C_VerifyRecover, + mock_C_DigestEncryptUpdate, + mock_C_DecryptDigestUpdate, + mock_C_SignEncryptUpdate, + mock_C_DecryptVerifyUpdate, + mock_C_GenerateKey, + mock_C_GenerateKeyPair, + mock_C_WrapKey, + mock_C_UnwrapKey, + mock_C_DeriveKey, + mock_C_SeedRandom, + mock_C_GenerateRandom, + mock_C_GetFunctionStatus, + mock_C_CancelFunction, + mock_C_WaitForSlotEvent, +}; + +void +mock_module_init (void) +{ + static bool initialized = false; + if (!initialized) { + p11_mutex_init (&init_mutex); + initialized = true; + } +} diff --git a/common/mock.h b/common/mock.h new file mode 100644 index 0000000..16beb66 --- /dev/null +++ b/common/mock.h @@ -0,0 +1,1134 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __MOCK_H__ +#define __MOCK_H__ + +#include "compat.h" +#include "pkcs11.h" +#include "pkcs11i.h" + +enum { + MOCK_DATA_OBJECT = 2, + MOCK_PRIVATE_KEY_CAPITALIZE = 3, + MOCK_PUBLIC_KEY_CAPITALIZE = 4, + MOCK_PRIVATE_KEY_PREFIX = 5, + MOCK_PUBLIC_KEY_PREFIX = 6, + + /* + * CKM_MOCK_CAPITALIZE (encrypt/decrypt) + * - Capitalizes to encrypt + * - Lowercase to decrypt + */ + CKM_MOCK_CAPITALIZE = (CKM_VENDOR_DEFINED | 1), + + /* + * CKM_MOCK_PREFIX (sign/verify) + * - Sign prefixes the data with a key label + * - Verify unprefixes data using key label + */ + CKM_MOCK_PREFIX = (CKM_VENDOR_DEFINED | 2), + + /* + * CKM_MOCK_GENERATE (generate-pair) + * - Generates a pair of keys, mechanism parameter should be 'generate' + */ + CKM_MOCK_GENERATE = (CKM_VENDOR_DEFINED | 3), + + /* + * CKM_MOCK_WRAP (wrap key) + * - Wraps key by returning value, mechanism parameter should be 'wrap' + */ + CKM_MOCK_WRAP = (CKM_VENDOR_DEFINED | 4), + + /* + * CKM_MOCK_DERIVE (derive-key) + * - Derives key by setting value to 'derived' + * - Mechanism param should be 'derive' + */ + CKM_MOCK_DERIVE = (CKM_VENDOR_DEFINED | 5), + + /* + * CKM_MOCK_COUNT (digest) + * - Counts the number of bytes, and returns a CK_ULONG 'hash' value + */ + CKM_MOCK_COUNT = (CKM_VENDOR_DEFINED | 6), + + MOCK_SLOT_ONE_ID = 52, + MOCK_SLOT_TWO_ID = 134, + + MOCK_SLOTS_PRESENT = 1, + MOCK_SLOTS_ALL = 2, +}; + +static const CK_INFO MOCK_INFO = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + "MOCK MANUFACTURER ", + 0, + "MOCK LIBRARY ", + { 45, 145 } +}; + +extern CK_FUNCTION_LIST mock_module; + +extern CK_FUNCTION_LIST mock_module_no_slots; + +extern CK_X_FUNCTION_LIST mock_x_module_no_slots; + +void mock_module_init (void); + +typedef bool (* mock_enumerator) (CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs, + void *user_data); + +void mock_module_enumerate_objects (CK_SESSION_HANDLE session, + mock_enumerator func, + void *user_data); + +void mock_module_add_object (CK_SLOT_ID slot_id, + const CK_ATTRIBUTE *attrs); + +void mock_module_reset (void); + +bool mock_module_initialized (void); + +void mock_module_take_object (CK_SLOT_ID slot_id, + CK_ATTRIBUTE *attrs); + +CK_RV mock_C_Initialize (CK_VOID_PTR init_args); + +CK_RV mock_C_Initialize__fails (CK_VOID_PTR init_args); + +CK_RV mock_X_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args); + +CK_RV mock_X_Initialize__fails (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args); + +CK_RV mock_C_Finalize (CK_VOID_PTR reserved); + +CK_RV mock_X_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved); + +CK_RV mock_C_GetInfo (CK_INFO_PTR info); + +CK_RV mock_X_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info); + +CK_RV mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list); + +CK_RV mock_C_GetSlotList (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetSlotList__no_tokens (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetSlotList__fail_first (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetSlotList__fail_late (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetSlotInfo (CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info); + +CK_RV mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info); + +CK_RV mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info); + +CK_RV mock_C_GetTokenInfo (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info); + +CK_RV mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info); + +CK_RV mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info); + +CK_RV mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info); + +CK_RV mock_C_GetMechanismList (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count); + +CK_RV mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count); + +CK_RV mock_C_GetMechanismInfo (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info); + +CK_RV mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info); + +CK_RV mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info); + +CK_RV mock_C_InitToken__specific_args (CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label); + +CK_RV mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label); + +CK_RV mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label); + + +CK_RV mock_C_WaitForSlotEvent (CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved); + +CK_RV mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved); + +CK_RV mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved); + +CK_RV mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session); + +CK_RV mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session); + +CK_RV mock_C_OpenSession__fails (CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session); + +CK_RV mock_C_OpenSession (CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session); + +CK_RV mock_C_CloseSession (CK_SESSION_HANDLE session); + +CK_RV mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session); + +CK_RV mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session); + +CK_RV mock_C_CloseAllSessions (CK_SLOT_ID slot_id); + +CK_RV mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id); + +CK_RV mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id); + +CK_RV mock_C_GetFunctionStatus (CK_SESSION_HANDLE session); + +CK_RV mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session); + +CK_RV mock_C_CancelFunction (CK_SESSION_HANDLE session); + +CK_RV mock_C_CancelFunction__not_parallel (CK_SESSION_HANDLE session); + +CK_RV mock_C_GetSessionInfo (CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info); + +CK_RV mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info); + +CK_RV mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info); + +CK_RV mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + +CK_RV mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + +CK_RV mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + +CK_RV mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len); + +CK_RV mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len); + +CK_RV mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len); + +CK_RV mock_C_GetOperationState (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len); + +CK_RV mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len); + +CK_RV mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len); + +CK_RV mock_C_SetOperationState (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key); + +CK_RV mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key); + +CK_RV mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key); + +CK_RV mock_C_Login (CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + +CK_RV mock_C_Login__invalid_handle (CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + +CK_RV mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + +CK_RV mock_C_Logout (CK_SESSION_HANDLE session); + +CK_RV mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session); + +CK_RV mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session); + +CK_RV mock_C_CreateObject (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR object); + +CK_RV mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + +CK_RV mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + +CK_RV mock_C_CopyObject (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + +CK_RV mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + +CK_RV mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + +CK_RV mock_C_DestroyObject (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object); + +CK_RV mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object); + +CK_RV mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object); + +CK_RV mock_C_GetObjectSize (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size); + +CK_RV mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size); + +CK_RV mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size); + +CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_GetAttributeValue__fail_late (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_SetAttributeValue (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_FindObjectsInit (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + +CK_RV mock_C_FindObjects (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_object_count, + CK_ULONG_PTR object_count); + +CK_RV mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count); + +CK_RV mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count); + +CK_RV mock_C_FindObjects__fails (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count); + +CK_RV mock_C_FindObjectsFinal (CK_SESSION_HANDLE session); + +CK_RV mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session); + +CK_RV mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session); + +CK_RV mock_C_EncryptInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_Encrypt (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len); + +CK_RV mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len); + +CK_RV mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len); + +CK_RV mock_C_EncryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len); + +CK_RV mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len); + +CK_RV mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len); + +CK_RV mock_C_EncryptFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_encrypted_part, + CK_ULONG_PTR last_encrypted_part_len); + +CK_RV mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + +CK_RV mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + +CK_RV mock_C_DecryptInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_Decrypt (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_data, + CK_ULONG encrypted_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + +CK_RV mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + +CK_RV mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + +CK_RV mock_C_DecryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_C_DecryptFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + +CK_RV mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + +CK_RV mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + +CK_RV mock_C_DigestInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism); + +CK_RV mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism); + +CK_RV mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism); + +CK_RV mock_C_Digest (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + +CK_RV mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + +CK_RV mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + +CK_RV mock_C_DigestUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_C_DigestKey (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_DigestFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + +CK_RV mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + +CK_RV mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + +CK_RV mock_C_SignInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_Sign (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_C_SignUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_C_SignFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_C_SignRecoverInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_SignRecover (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + +CK_RV mock_C_VerifyInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_Verify (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + +CK_RV mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + +CK_RV mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + +CK_RV mock_C_VerifyUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + +CK_RV mock_C_VerifyFinal (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + +CK_RV mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + +CK_RV mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + +CK_RV mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + +CK_RV mock_C_VerifyRecover (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + +CK_RV mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + +CK_RV mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + +CK_RV mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len); + +CK_RV mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len); + +CK_RV mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len); + +CK_RV mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len); + +CK_RV mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len); + +CK_RV mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len); + +CK_RV mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + +CK_RV mock_C_GenerateKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_C_GenerateKeyPair (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR public_key_template, + CK_ULONG public_key_count, + CK_ATTRIBUTE_PTR private_key_template, + CK_ULONG private_key_count, + CK_OBJECT_HANDLE_PTR public_key, + CK_OBJECT_HANDLE_PTR private_key); + +CK_RV mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key); + +CK_RV mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key); + +CK_RV mock_C_WrapKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len); + +CK_RV mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len); + +CK_RV mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len); + +CK_RV mock_C_UnwrapKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_C_DeriveKey (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + +CK_RV mock_C_SeedRandom (CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len); + +CK_RV mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len); + +CK_RV mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len); + +CK_RV mock_C_GenerateRandom (CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len); + +CK_RV mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len); + +CK_RV mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len); + +#endif /* __MOCK_H__ */ diff --git a/common/path.c b/common/path.c new file mode 100644 index 0000000..17a6230 --- /dev/null +++ b/common/path.c @@ -0,0 +1,363 @@ +/* + * Copyright (c) 2005 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "buffer.h" +#include "debug.h" +#include "message.h" +#include "path.h" +#include "url.h" + +#include +#include +#include +#include +#include + +#ifdef OS_UNIX +#include +#include +#endif + +#ifdef OS_WIN32 +#include +#endif + + +char * +p11_path_base (const char *path) +{ +#ifdef OS_WIN32 + const char *delims = "/\\"; +#else + const char *delims = "/"; +#endif + + const char *end; + const char *beg; + + return_val_if_fail (path != NULL, NULL); + + /* Any trailing slashes */ + end = path + strlen (path); + while (end != path) { + if (!strchr (delims, *(end - 1))) + break; + end--; + } + + /* Find the last slash after those */ + beg = end; + while (beg != path) { + if (strchr (delims, *(beg - 1))) + break; + beg--; + } + + return strndup (beg, end - beg); +} + +static inline bool +is_path_component_or_null (char ch) +{ + return (ch == '\0' || ch == '/' +#ifdef OS_WIN32 + || ch == '\\' +#endif + ); +} + +static char * +expand_homedir (const char *remainder) +{ + const char *env; + + if (getauxval (AT_SECURE)) { + errno = EPERM; + return NULL; + } + + while (remainder[0] && is_path_component_or_null (remainder[0])) + remainder++; + if (remainder[0] == '\0') + remainder = NULL; + + /* Expand $XDG_CONFIG_HOME */ + if (remainder != NULL && + strncmp (remainder, ".config", 7) == 0 && + is_path_component_or_null (remainder[7])) { + env = getenv ("XDG_CONFIG_HOME"); + if (env && env[0]) + return p11_path_build (env, remainder + 8, NULL); + } + + env = getenv ("HOME"); + if (env && env[0]) { + return p11_path_build (env, remainder, NULL); + + } else { +#ifdef OS_UNIX + char buf[1024]; + struct passwd pws; + struct passwd *pwd = NULL; + int error; + int ret; + + errno = 0; + ret = getpwuid_r (getuid (), &pws, buf, sizeof (buf), &pwd); + if (pwd == NULL) { + if (ret == 0) + error = ESRCH; + else + error = errno; + p11_message_err (error, "couldn't lookup home directory for user %d", getuid ()); + errno = error; + return NULL; + } + + return p11_path_build (pwd->pw_dir, remainder, NULL); + +#else /* OS_WIN32 */ + char directory[MAX_PATH + 1]; + + if (!SHGetSpecialFolderPathA (NULL, directory, CSIDL_PROFILE, TRUE)) { + p11_message ("couldn't lookup home directory for user"); + errno = ENOTDIR; + return NULL; + } + + return p11_path_build (directory, remainder, NULL); + +#endif /* OS_WIN32 */ + } +} + +char * +p11_path_expand (const char *path) +{ + return_val_if_fail (path != NULL, NULL); + + if (strncmp (path, "~", 1) == 0 && + is_path_component_or_null (path[1])) { + return expand_homedir (path + 1); + + } else { + return strdup (path); + } +} + +bool +p11_path_absolute (const char *path) +{ + return_val_if_fail (path != NULL, false); + + return (path[0] == '/') +#ifdef OS_WIN32 + || (path[0] != '\0' && path[1] == ':' && path[2] == '\\') +#endif + ; +} + +char * +p11_path_build (const char *path, + ...) +{ +#ifdef OS_WIN32 + const char delim = '\\'; +#else + const char delim = '/'; +#endif + const char *first = path; + char *built; + size_t len; + size_t at; + size_t num; + size_t until; + va_list va; + + return_val_if_fail (path != NULL, NULL); + + len = 1; + va_start (va, path); + while (path != NULL) { + size_t old_len = len; + len += strlen (path) + 1; + if (len < old_len) { + va_end (va); + return_val_if_reached (NULL); + } + path = va_arg (va, const char *); + } + va_end (va); + + built = malloc (len + 1); + return_val_if_fail (built != NULL, NULL); + + at = 0; + path = first; + va_start (va, path); + while (path != NULL) { + num = strlen (path); + + /* Trim end of the path */ + until = (at > 0) ? 0 : 1; + while (num > until && is_path_component_or_null (path[num - 1])) + num--; + + if (at != 0) { + if (num == 0) + continue; + built[at++] = delim; + } + + assert (at + num < len); + memcpy (built + at, path, num); + at += num; + + path = va_arg (va, const char *); + + /* Trim beginning of path */ + while (path && path[0] && is_path_component_or_null (path[0])) + path++; + } + va_end (va); + + assert (at < len); + built[at] = '\0'; + return built; +} + +char * +p11_path_parent (const char *path) +{ + const char *e; + char *parent; + bool had = false; + + return_val_if_fail (path != NULL, NULL); + + /* Find the end of the last component */ + e = path + strlen (path); + while (e != path && is_path_component_or_null (*e)) + e--; + + /* Find the beginning of the last component */ + while (e != path && !is_path_component_or_null (*e)) { + had = true; + e--; + } + + /* Find the end of the last component */ + while (e != path && is_path_component_or_null (*e)) + e--; + + if (e == path) { + if (!had) + return NULL; + parent = strdup ("/"); + } else { + parent = strndup (path, (e - path) + 1); + } + + return_val_if_fail (parent != NULL, NULL); + return parent; +} + +bool +p11_path_prefix (const char *string, + const char *prefix) +{ + int a, b; + + return_val_if_fail (string != NULL, false); + return_val_if_fail (prefix != NULL, false); + + a = strlen (string); + b = strlen (prefix); + + return a > b && + strncmp (string, prefix, b) == 0 && + is_path_component_or_null (string[b]); +} + +void +p11_path_canon (char *name) +{ + static const char *VALID = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_"; + int i; + + return_if_fail (name != NULL); + + for (i = 0; name[i] != '\0'; i++) { + if (strchr (VALID, name[i]) == NULL) + name[i] = '_'; + } +} + +char * +p11_path_encode (const char *path) +{ + static const char *VALID = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_/\\"; + p11_buffer buf; + char *result; + + return_val_if_fail (path != NULL, NULL); + + if (!p11_buffer_init_null (&buf, strlen (path))) + return_val_if_reached (NULL); + + p11_url_encode ((unsigned char *)path, + (unsigned char *)path + strlen (path), + VALID, + &buf); + return_val_if_fail (p11_buffer_ok (&buf), NULL); + + result = p11_buffer_steal (&buf, NULL); + p11_buffer_uninit (&buf); + + return result; +} + +char * +p11_path_decode (const char *path) +{ + return (char *) p11_url_decode (path, path + strlen (path), "", NULL); +} diff --git a/common/path.h b/common/path.h new file mode 100644 index 0000000..243c14f --- /dev/null +++ b/common/path.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_PATH_H__ +#define P11_PATH_H__ + +#include "compat.h" + +#ifdef OS_WIN32 +#define P11_PATH_SEP ";" +#define P11_PATH_SEP_C ';' +#else +#define P11_PATH_SEP ":" +#define P11_PATH_SEP_C ':' +#endif + +/* + * The semantics of both POSIX basename() and GNU asename() are so crappy that + * we just don't even bother. And what's worse is how it completely changes + * behavior if _GNU_SOURCE is defined. Nasty stuff. + */ +char * p11_path_base (const char *name); + +char * p11_path_expand (const char *path); + +char * p11_path_build (const char *path, + ...) GNUC_NULL_TERMINATED; + +bool p11_path_absolute (const char *path); + +char * p11_path_parent (const char *path); + +bool p11_path_prefix (const char *string, + const char *prefix); + +void p11_path_canon (char *name); + +char * p11_path_encode (const char *path); + +char * p11_path_decode (const char *path); + +#endif /* P11_PATH_H__ */ diff --git a/common/pkcs11.h b/common/pkcs11.h new file mode 100644 index 0000000..6058b6d --- /dev/null +++ b/common/pkcs11.h @@ -0,0 +1,1751 @@ +/* pkcs11.h + Copyright 2006, 2007 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus + Copyright 2017 Red Hat, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. */ + +/* Please submit any changes back to the p11-kit project at + https://github.com/p11-glue/p11-kit/, so that + they can be picked up by other projects from there as well. */ + +/* This file is a modified implementation of the PKCS #11 standard by + OASIS group. It is mostly a drop-in replacement, with the + following change: + + This header file does not require any macro definitions by the user + (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros + for you (if useful, some are missing, let me know if you need + more). + + There is an additional API available that does comply better to the + GNU coding standard. It can be switched on by defining + CRYPTOKI_GNU before including this header file. For this, the + following changes are made to the specification: + + All structure types are changed to a "struct ck_foo" where CK_FOO + is the type name in PKCS #11. + + All non-structure types are changed to ck_foo_t where CK_FOO is the + lowercase version of the type name in PKCS #11. The basic types + (CK_ULONG et al.) are removed without substitute. + + All members of structures are modified in the following way: Type + indication prefixes are removed, and underscore characters are + inserted before words. Then the result is lowercased. + + Note that function names are still in the original case, as they + need for ABI compatibility. + + CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use + . + + If CRYPTOKI_COMPAT is defined before including this header file, + then none of the API changes above take place, and the API is the + one defined by the PKCS #11 standard. */ + +#ifndef PKCS11_H +#define PKCS11_H 1 + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* The version of cryptoki we implement. The revision is changed with + each modification of this file. */ +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 40 +#define P11_KIT_CRYPTOKI_VERSION_REVISION 0 + + +/* Compatibility interface is default, unless CRYPTOKI_GNU is + given. */ +#ifndef CRYPTOKI_GNU +#ifndef CRYPTOKI_COMPAT +#define CRYPTOKI_COMPAT 1 +#endif +#endif + +/* System dependencies. */ + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) + +/* There is a matching pop below. */ +#pragma pack(push, cryptoki, 1) + +#ifdef CRYPTOKI_EXPORTS +#define CK_SPEC __declspec(dllexport) +#else +#define CK_SPEC __declspec(dllimport) +#endif + +#else + +#define CK_SPEC + +#endif + + +#ifdef CRYPTOKI_COMPAT + /* If we are in compatibility mode, switch all exposed names to the + PKCS #11 variant. There are corresponding #undefs below. */ + +#define ck_flags_t CK_FLAGS +#define ck_version _CK_VERSION + +#define ck_info _CK_INFO +#define cryptoki_version cryptokiVersion +#define manufacturer_id manufacturerID +#define library_description libraryDescription +#define library_version libraryVersion + +#define ck_notification_t CK_NOTIFICATION +#define ck_slot_id_t CK_SLOT_ID + +#define ck_slot_info _CK_SLOT_INFO +#define slot_description slotDescription +#define hardware_version hardwareVersion +#define firmware_version firmwareVersion + +#define ck_token_info _CK_TOKEN_INFO +#define serial_number serialNumber +#define max_session_count ulMaxSessionCount +#define session_count ulSessionCount +#define max_rw_session_count ulMaxRwSessionCount +#define rw_session_count ulRwSessionCount +#define max_pin_len ulMaxPinLen +#define min_pin_len ulMinPinLen +#define total_public_memory ulTotalPublicMemory +#define free_public_memory ulFreePublicMemory +#define total_private_memory ulTotalPrivateMemory +#define free_private_memory ulFreePrivateMemory +#define utc_time utcTime + +#define ck_session_handle_t CK_SESSION_HANDLE +#define ck_user_type_t CK_USER_TYPE +#define ck_state_t CK_STATE + +#define ck_session_info _CK_SESSION_INFO +#define slot_id slotID +#define device_error ulDeviceError + +#define ck_object_handle_t CK_OBJECT_HANDLE +#define ck_object_class_t CK_OBJECT_CLASS +#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE +#define ck_key_type_t CK_KEY_TYPE +#define ck_certificate_type_t CK_CERTIFICATE_TYPE +#define ck_attribute_type_t CK_ATTRIBUTE_TYPE + +#define ck_attribute _CK_ATTRIBUTE +#define value pValue +#define value_len ulValueLen + +#define count ulCount + +#define ck_date _CK_DATE + +#define ck_mechanism_type_t CK_MECHANISM_TYPE + +#define ck_mechanism _CK_MECHANISM +#define parameter pParameter +#define parameter_len ulParameterLen + +#define params pParams + +#define ck_mechanism_info _CK_MECHANISM_INFO +#define min_key_size ulMinKeySize +#define max_key_size ulMaxKeySize + +#define ck_param_type CK_PARAM_TYPE +#define ck_otp_param CK_OTP_PARAM +#define ck_otp_params CK_OTP_PARAMS +#define ck_otp_signature_info CK_OTP_SIGNATURE_INFO + +#define ck_rv_t CK_RV +#define ck_notify_t CK_NOTIFY + +#define ck_function_list _CK_FUNCTION_LIST + +#define ck_createmutex_t CK_CREATEMUTEX +#define ck_destroymutex_t CK_DESTROYMUTEX +#define ck_lockmutex_t CK_LOCKMUTEX +#define ck_unlockmutex_t CK_UNLOCKMUTEX + +#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS +#define create_mutex CreateMutex +#define destroy_mutex DestroyMutex +#define lock_mutex LockMutex +#define unlock_mutex UnlockMutex +#define reserved pReserved + +#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE +#define ck_rsa_pkcs_oaep_source_type_t CK_RSA_PKCS_OAEP_SOURCE_TYPE +#define hash_alg hashAlg +#define s_len sLen +#define source_data pSourceData +#define source_data_len ulSourceDataLen + +#define counter_bits ulCounterBits +#define iv_ptr pIv +#define iv_len ulIvLen +#define iv_bits ulIvBits +#define aad_ptr pAAD +#define aad_len ulAADLen +#define tag_bits ulTagBits +#define shared_data_len ulSharedDataLen +#define shared_data pSharedData +#define public_data_len ulPublicDataLen +#define public_data pPublicData +#define string_data pData +#define string_data_len ulLen +#define data_params pData +#endif /* CRYPTOKI_COMPAT */ + + + +typedef unsigned long ck_flags_t; + +struct ck_version +{ + unsigned char major; + unsigned char minor; +}; + + +struct ck_info +{ + struct ck_version cryptoki_version; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + unsigned char library_description[32]; + struct ck_version library_version; +}; + + +typedef unsigned long ck_notification_t; + +#define CKN_SURRENDER (0UL) + + +typedef unsigned long ck_slot_id_t; + + +struct ck_slot_info +{ + unsigned char slot_description[64]; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + struct ck_version hardware_version; + struct ck_version firmware_version; +}; + + +#define CKF_TOKEN_PRESENT (1UL << 0) +#define CKF_REMOVABLE_DEVICE (1UL << 1) +#define CKF_HW_SLOT (1UL << 2) +#define CKF_ARRAY_ATTRIBUTE (1UL << 30) + + +struct ck_token_info +{ + unsigned char label[32]; + unsigned char manufacturer_id[32]; + unsigned char model[16]; + unsigned char serial_number[16]; + ck_flags_t flags; + unsigned long max_session_count; + unsigned long session_count; + unsigned long max_rw_session_count; + unsigned long rw_session_count; + unsigned long max_pin_len; + unsigned long min_pin_len; + unsigned long total_public_memory; + unsigned long free_public_memory; + unsigned long total_private_memory; + unsigned long free_private_memory; + struct ck_version hardware_version; + struct ck_version firmware_version; + unsigned char utc_time[16]; +}; + + +#define CKF_RNG (1UL << 0) +#define CKF_WRITE_PROTECTED (1UL << 1) +#define CKF_LOGIN_REQUIRED (1UL << 2) +#define CKF_USER_PIN_INITIALIZED (1UL << 3) +#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) +#define CKF_CLOCK_ON_TOKEN (1UL << 6) +#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) +#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) +#define CKF_TOKEN_INITIALIZED (1UL << 10) +#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) +#define CKF_USER_PIN_COUNT_LOW (1UL << 16) +#define CKF_USER_PIN_FINAL_TRY (1UL << 17) +#define CKF_USER_PIN_LOCKED (1UL << 18) +#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) +#define CKF_SO_PIN_COUNT_LOW (1UL << 20) +#define CKF_SO_PIN_FINAL_TRY (1UL << 21) +#define CKF_SO_PIN_LOCKED (1UL << 22) +#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) + +#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) +#define CK_EFFECTIVELY_INFINITE (0UL) + + +typedef unsigned long ck_session_handle_t; + +#define CK_INVALID_HANDLE (0UL) + + +typedef unsigned long ck_user_type_t; + +#define CKU_SO (0UL) +#define CKU_USER (1UL) +#define CKU_CONTEXT_SPECIFIC (2UL) + + +typedef unsigned long ck_state_t; + +#define CKS_RO_PUBLIC_SESSION (0UL) +#define CKS_RO_USER_FUNCTIONS (1UL) +#define CKS_RW_PUBLIC_SESSION (2UL) +#define CKS_RW_USER_FUNCTIONS (3UL) +#define CKS_RW_SO_FUNCTIONS (4UL) + + +struct ck_session_info +{ + ck_slot_id_t slot_id; + ck_state_t state; + ck_flags_t flags; + unsigned long device_error; +}; + +#define CKF_RW_SESSION (1UL << 1) +#define CKF_SERIAL_SESSION (1UL << 2) + + +typedef unsigned long ck_object_handle_t; + + +typedef unsigned long ck_object_class_t; + +#define CKO_DATA (0UL) +#define CKO_CERTIFICATE (1UL) +#define CKO_PUBLIC_KEY (2UL) +#define CKO_PRIVATE_KEY (3UL) +#define CKO_SECRET_KEY (4UL) +#define CKO_HW_FEATURE (5UL) +#define CKO_DOMAIN_PARAMETERS (6UL) +#define CKO_MECHANISM (7UL) +#define CKO_OTP_KEY (8UL) +#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_hw_feature_type_t; + +#define CKH_MONOTONIC_COUNTER (1UL) +#define CKH_CLOCK (2UL) +#define CKH_USER_INTERFACE (3UL) +#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_key_type_t; + +#define CKK_RSA (0UL) +#define CKK_DSA (1UL) +#define CKK_DH (2UL) +#define CKK_ECDSA (3UL) +#define CKK_EC (3UL) +#define CKK_X9_42_DH (4UL) +#define CKK_KEA (5UL) +#define CKK_GENERIC_SECRET (0x10UL) +#define CKK_RC2 (0x11UL) +#define CKK_RC4 (0x12UL) +#define CKK_DES (0x13UL) +#define CKK_DES2 (0x14UL) +#define CKK_DES3 (0x15UL) +#define CKK_CAST (0x16UL) +#define CKK_CAST3 (0x17UL) +#define CKK_CAST128 (0x18UL) +#define CKK_RC5 (0x19UL) +#define CKK_IDEA (0x1aUL) +#define CKK_SKIPJACK (0x1bUL) +#define CKK_BATON (0x1cUL) +#define CKK_JUNIPER (0x1dUL) +#define CKK_CDMF (0x1eUL) +#define CKK_AES (0x1fUL) +#define CKK_BLOWFISH (0x20UL) +#define CKK_TWOFISH (0x21UL) +#define CKK_SECURID (0x22UL) +#define CKK_HOTP (0x23UL) +#define CKK_ACTI (0x24UL) +#define CKK_CAMELLIA (0x25UL) +#define CKK_ARIA (0x26UL) +#define CKK_MD5_HMAC (0x27UL) +#define CKK_SHA_1_HMAC (0x28UL) +#define CKK_RIPEMD128_HMAC (0x29UL) +#define CKK_RIPEMD160_HMAC (0x2aUL) +#define CKK_SHA256_HMAC (0x2bUL) +#define CKK_SHA384_HMAC (0x2cUL) +#define CKK_SHA512_HMAC (0x2dUL) +#define CKK_SHA224_HMAC (0x2eUL) +#define CKK_SEED (0x2fUL) +#define CKK_GOSTR3410 (0x30UL) +#define CKK_GOSTR3411 (0x31UL) +#define CKK_GOST28147 (0x32UL) +#define CKK_EC_EDWARDS (0x40UL) +#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_certificate_type_t; + +#define CKC_X_509 (0UL) +#define CKC_X_509_ATTR_CERT (1UL) +#define CKC_WTLS (2UL) +#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + +#define CKC_OPENPGP (CKC_VENDOR_DEFINED|0x504750UL) + +typedef unsigned long ck_attribute_type_t; + +#define CKA_CLASS (0UL) +#define CKA_TOKEN (1UL) +#define CKA_PRIVATE (2UL) +#define CKA_LABEL (3UL) +#define CKA_APPLICATION (0x10UL) +#define CKA_VALUE (0x11UL) +#define CKA_OBJECT_ID (0x12UL) +#define CKA_CERTIFICATE_TYPE (0x80UL) +#define CKA_ISSUER (0x81UL) +#define CKA_SERIAL_NUMBER (0x82UL) +#define CKA_AC_ISSUER (0x83UL) +#define CKA_OWNER (0x84UL) +#define CKA_ATTR_TYPES (0x85UL) +#define CKA_TRUSTED (0x86UL) +#define CKA_CERTIFICATE_CATEGORY (0x87UL) +#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) +#define CKA_URL (0x89UL) +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) +#define CKA_NAME_HASH_ALGORITHM (0x8cUL) +#define CKA_CHECK_VALUE (0x90UL) +#define CKA_KEY_TYPE (0x100UL) +#define CKA_SUBJECT (0x101UL) +#define CKA_ID (0x102UL) +#define CKA_SENSITIVE (0x103UL) +#define CKA_ENCRYPT (0x104UL) +#define CKA_DECRYPT (0x105UL) +#define CKA_WRAP (0x106UL) +#define CKA_UNWRAP (0x107UL) +#define CKA_SIGN (0x108UL) +#define CKA_SIGN_RECOVER (0x109UL) +#define CKA_VERIFY (0x10aUL) +#define CKA_VERIFY_RECOVER (0x10bUL) +#define CKA_DERIVE (0x10cUL) +#define CKA_START_DATE (0x110UL) +#define CKA_END_DATE (0x111UL) +#define CKA_MODULUS (0x120UL) +#define CKA_MODULUS_BITS (0x121UL) +#define CKA_PUBLIC_EXPONENT (0x122UL) +#define CKA_PRIVATE_EXPONENT (0x123UL) +#define CKA_PRIME_1 (0x124UL) +#define CKA_PRIME_2 (0x125UL) +#define CKA_EXPONENT_1 (0x126UL) +#define CKA_EXPONENT_2 (0x127UL) +#define CKA_COEFFICIENT (0x128UL) +#define CKA_PUBLIC_KEY_INFO (0x129UL) +#define CKA_PRIME (0x130UL) +#define CKA_SUBPRIME (0x131UL) +#define CKA_BASE (0x132UL) +#define CKA_PRIME_BITS (0x133UL) +#define CKA_SUB_PRIME_BITS (0x134UL) +#define CKA_VALUE_BITS (0x160UL) +#define CKA_VALUE_LEN (0x161UL) +#define CKA_EXTRACTABLE (0x162UL) +#define CKA_LOCAL (0x163UL) +#define CKA_NEVER_EXTRACTABLE (0x164UL) +#define CKA_ALWAYS_SENSITIVE (0x165UL) +#define CKA_KEY_GEN_MECHANISM (0x166UL) +#define CKA_MODIFIABLE (0x170UL) +#define CKA_COPYABLE (0x171UL) +#define CKA_DESTROYABLE (0x172UL) +#define CKA_ECDSA_PARAMS (0x180UL) +#define CKA_EC_PARAMS (0x180UL) +#define CKA_EC_POINT (0x181UL) +#define CKA_SECONDARY_AUTH (0x200UL) +#define CKA_AUTH_PIN_FLAGS (0x201UL) +#define CKA_ALWAYS_AUTHENTICATE (0x202UL) +#define CKA_WRAP_WITH_TRUSTED (0x210UL) +#define CKA_OTP_FORMAT (0x220UL) +#define CKA_OTP_LENGTH (0x221UL) +#define CKA_OTP_TIME_INTERVAL (0x222UL) +#define CKA_OTP_USER_FRIENDLY_MODE (0x223UL) +#define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL) +#define CKA_OTP_TIME_REQUIREMENT (0x225UL) +#define CKA_OTP_COUNTER_REQUIREMENT (0x226UL) +#define CKA_OTP_PIN_REQUIREMENT (0x227UL) +#define CKA_OTP_USER_IDENTIFIER (0x22AUL) +#define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL) +#define CKA_OTP_SERVICE_LOGO (0x22CUL) +#define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL) +#define CKA_OTP_COUNTER (0x22EUL) +#define CKA_OTP_TIME (0x22FUL) +#define CKA_GOSTR3410_PARAMS (0x250UL) +#define CKA_GOSTR3411_PARAMS (0x251UL) +#define CKA_GOST28147_PARAMS (0x252UL) +#define CKA_HW_FEATURE_TYPE (0x300UL) +#define CKA_RESET_ON_INIT (0x301UL) +#define CKA_HAS_RESET (0x302UL) +#define CKA_PIXEL_X (0x400UL) +#define CKA_PIXEL_Y (0x401UL) +#define CKA_RESOLUTION (0x402UL) +#define CKA_CHAR_ROWS (0x403UL) +#define CKA_CHAR_COLUMNS (0x404UL) +#define CKA_COLOR (0x405UL) +#define CKA_BITS_PER_PIXEL (0x406UL) +#define CKA_CHAR_SETS (0x480UL) +#define CKA_ENCODING_METHODS (0x481UL) +#define CKA_MIME_TYPES (0x482UL) +#define CKA_MECHANISM_TYPE (0x500UL) +#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) +#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) +#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) +#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x213UL) +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) +#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +struct ck_attribute +{ + ck_attribute_type_t type; + void *value; + unsigned long value_len; +}; + + +struct ck_date +{ + unsigned char year[4]; + unsigned char month[2]; + unsigned char day[2]; +}; + + +typedef unsigned long ck_mechanism_type_t; + +#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) +#define CKM_RSA_PKCS (1UL) +#define CKM_RSA_9796 (2UL) +#define CKM_RSA_X_509 (3UL) +#define CKM_MD2_RSA_PKCS (4UL) +#define CKM_MD5_RSA_PKCS (5UL) +#define CKM_SHA1_RSA_PKCS (6UL) +#define CKM_RIPEMD128_RSA_PKCS (7UL) +#define CKM_RIPEMD160_RSA_PKCS (8UL) +#define CKM_RSA_PKCS_OAEP (9UL) +#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) +#define CKM_RSA_X9_31 (0xbUL) +#define CKM_SHA1_RSA_X9_31 (0xcUL) +#define CKM_RSA_PKCS_PSS (0xdUL) +#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) +#define CKM_DSA_KEY_PAIR_GEN (0x10UL) +#define CKM_DSA (0x11UL) +#define CKM_DSA_SHA1 (0x12UL) +#define CKM_DSA_SHA224 (0x13UL) +#define CKM_DSA_SHA256 (0x14UL) +#define CKM_DSA_SHA384 (0x15UL) +#define CKM_DSA_SHA512 (0x16UL) +#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) +#define CKM_DH_PKCS_DERIVE (0x21UL) +#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) +#define CKM_X9_42_DH_DERIVE (0x31UL) +#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) +#define CKM_X9_42_MQV_DERIVE (0x33UL) +#define CKM_SHA256_RSA_PKCS (0x40UL) +#define CKM_SHA384_RSA_PKCS (0x41UL) +#define CKM_SHA512_RSA_PKCS (0x42UL) +#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) +#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) +#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) +#define CKM_SHA512_224 (0x48UL) +#define CKM_SHA512_224_HMAC (0x49UL) +#define CKM_SHA512_224_HMAC_GENERAL (0x4aUL) +#define CKM_SHA512_224_KEY_DERIVATION (0x4bUL) +#define CKM_SHA512_256 (0x4cUL) +#define CKM_SHA512_256_HMAC (0x4dUL) +#define CKM_SHA512_256_HMAC_GENERAL (0x4eUL) +#define CKM_SHA512_256_KEY_DERIVATION (0x4fUL) +#define CKM_SHA512_T (0x50UL) +#define CKM_SHA512_T_HMAC (0x51UL) +#define CKM_SHA512_T_HMAC_GENERAL (0x52UL) +#define CKM_SHA512_T_KEY_DERIVATION (0x53UL) +#define CKM_RC2_KEY_GEN (0x100UL) +#define CKM_RC2_ECB (0x101UL) +#define CKM_RC2_CBC (0x102UL) +#define CKM_RC2_MAC (0x103UL) +#define CKM_RC2_MAC_GENERAL (0x104UL) +#define CKM_RC2_CBC_PAD (0x105UL) +#define CKM_RC4_KEY_GEN (0x110UL) +#define CKM_RC4 (0x111UL) +#define CKM_DES_KEY_GEN (0x120UL) +#define CKM_DES_ECB (0x121UL) +#define CKM_DES_CBC (0x122UL) +#define CKM_DES_MAC (0x123UL) +#define CKM_DES_MAC_GENERAL (0x124UL) +#define CKM_DES_CBC_PAD (0x125UL) +#define CKM_DES2_KEY_GEN (0x130UL) +#define CKM_DES3_KEY_GEN (0x131UL) +#define CKM_DES3_ECB (0x132UL) +#define CKM_DES3_CBC (0x133UL) +#define CKM_DES3_MAC (0x134UL) +#define CKM_DES3_MAC_GENERAL (0x135UL) +#define CKM_DES3_CBC_PAD (0x136UL) +#define CKM_DES3_CMAC_GENERAL (0x137UL) +#define CKM_DES3_CMAC (0x138UL) +#define CKM_CDMF_KEY_GEN (0x140UL) +#define CKM_CDMF_ECB (0x141UL) +#define CKM_CDMF_CBC (0x142UL) +#define CKM_CDMF_MAC (0x143UL) +#define CKM_CDMF_MAC_GENERAL (0x144UL) +#define CKM_CDMF_CBC_PAD (0x145UL) +#define CKM_DES_OFB64 (0x150UL) +#define CKM_DES_OFB8 (0x151UL) +#define CKM_DES_CFB64 (0x152UL) +#define CKM_DES_CFB8 (0x153UL) +#define CKM_MD2 (0x200UL) +#define CKM_MD2_HMAC (0x201UL) +#define CKM_MD2_HMAC_GENERAL (0x202UL) +#define CKM_MD5 (0x210UL) +#define CKM_MD5_HMAC (0x211UL) +#define CKM_MD5_HMAC_GENERAL (0x212UL) +#define CKM_SHA_1 (0x220UL) +#define CKM_SHA_1_HMAC (0x221UL) +#define CKM_SHA_1_HMAC_GENERAL (0x222UL) +#define CKM_RIPEMD128 (0x230UL) +#define CKM_RIPEMD128_HMAC (0x231UL) +#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) +#define CKM_RIPEMD160 (0x240UL) +#define CKM_RIPEMD160_HMAC (0x241UL) +#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) +#define CKM_SHA256 (0x250UL) +#define CKM_SHA256_HMAC (0x251UL) +#define CKM_SHA256_HMAC_GENERAL (0x252UL) +#define CKM_SHA384 (0x260UL) +#define CKM_SHA384_HMAC (0x261UL) +#define CKM_SHA384_HMAC_GENERAL (0x262UL) +#define CKM_SHA512 (0x270UL) +#define CKM_SHA512_HMAC (0x271UL) +#define CKM_SHA512_HMAC_GENERAL (0x272UL) +#define CKM_SECURID_KEY_GEN (0x280UL) +#define CKM_SECURID (0x282UL) +#define CKM_HOTP_KEY_GEN (0x290UL) +#define CKM_HOTP (0x291UL) +#define CKM_ACTI (0x2a0UL) +#define CKM_ACTI_KEY_GEN (0x2a1UL) +#define CKM_CAST_KEY_GEN (0x300UL) +#define CKM_CAST_ECB (0x301UL) +#define CKM_CAST_CBC (0x302UL) +#define CKM_CAST_MAC (0x303UL) +#define CKM_CAST_MAC_GENERAL (0x304UL) +#define CKM_CAST_CBC_PAD (0x305UL) +#define CKM_CAST3_KEY_GEN (0x310UL) +#define CKM_CAST3_ECB (0x311UL) +#define CKM_CAST3_CBC (0x312UL) +#define CKM_CAST3_MAC (0x313UL) +#define CKM_CAST3_MAC_GENERAL (0x314UL) +#define CKM_CAST3_CBC_PAD (0x315UL) +#define CKM_CAST5_KEY_GEN (0x320UL) +#define CKM_CAST128_KEY_GEN (0x320UL) +#define CKM_CAST5_ECB (0x321UL) +#define CKM_CAST128_ECB (0x321UL) +#define CKM_CAST5_CBC (0x322UL) +#define CKM_CAST128_CBC (0x322UL) +#define CKM_CAST5_MAC (0x323UL) +#define CKM_CAST128_MAC (0x323UL) +#define CKM_CAST5_MAC_GENERAL (0x324UL) +#define CKM_CAST128_MAC_GENERAL (0x324UL) +#define CKM_CAST5_CBC_PAD (0x325UL) +#define CKM_CAST128_CBC_PAD (0x325UL) +#define CKM_RC5_KEY_GEN (0x330UL) +#define CKM_RC5_ECB (0x331UL) +#define CKM_RC5_CBC (0x332UL) +#define CKM_RC5_MAC (0x333UL) +#define CKM_RC5_MAC_GENERAL (0x334UL) +#define CKM_RC5_CBC_PAD (0x335UL) +#define CKM_IDEA_KEY_GEN (0x340UL) +#define CKM_IDEA_ECB (0x341UL) +#define CKM_IDEA_CBC (0x342UL) +#define CKM_IDEA_MAC (0x343UL) +#define CKM_IDEA_MAC_GENERAL (0x344UL) +#define CKM_IDEA_CBC_PAD (0x345UL) +#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) +#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) +#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) +#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) +#define CKM_XOR_BASE_AND_DATA (0x364UL) +#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) +#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) +#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) +#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) +#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) +#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) +#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) +#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) +#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) +#define CKM_TLS_PRF (0x378UL) +#define CKM_SSL3_MD5_MAC (0x380UL) +#define CKM_SSL3_SHA1_MAC (0x381UL) +#define CKM_MD5_KEY_DERIVATION (0x390UL) +#define CKM_MD2_KEY_DERIVATION (0x391UL) +#define CKM_SHA1_KEY_DERIVATION (0x392UL) +#define CKM_SHA256_KEY_DERIVATION (0x393UL) +#define CKM_SHA384_KEY_DERIVATION (0x394UL) +#define CKM_SHA512_KEY_DERIVATION (0x395UL) +#define CKM_PBE_MD2_DES_CBC (0x3a0UL) +#define CKM_PBE_MD5_DES_CBC (0x3a1UL) +#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) +#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) +#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) +#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) +#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) +#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) +#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) +#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) +#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) +#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) +#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) +#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) +#define CKM_PKCS5_PBKD2 (0x3b0UL) +#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) +#define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL) +#define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL) +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL) +#define CKM_WTLS_PRF (0x3d3UL) +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL) +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL) +#define CKM_TLS10_MAC_SERVER (0x3d6UL) +#define CKM_TLS10_MAC_CLIENT (0x3d7UL) +#define CKM_TLS12_MAC (0x3d8UL) +#define CKM_TLS12_KDF (0x3d9UL) +#define CKM_TLS12_MASTER_KEY_DERIVE (0x3e0UL) +#define CKM_TLS12_KEY_AND_MAC_DERIVE (0x3e1UL) +#define CKM_TLS12_MASTER_KEY_DERIVE_DH (0x3e2UL) +#define CKM_TLS12_KEY_SAFE_DERIVE (0x3e3UL) +#define CKM_TLS_MAC (0x3e4UL) +#define CKM_TLS_KDF (0x3e5UL) +#define CKM_KEY_WRAP_LYNKS (0x400UL) +#define CKM_KEY_WRAP_SET_OAEP (0x401UL) +#define CKM_CMS_SIG (0x500UL) +#define CKM_KIP_DERIVE (0x510UL) +#define CKM_KIP_WRAP (0x511UL) +#define CKM_KIP_MAC (0x512UL) +#define CKM_ARIA_KEY_GEN (0x560UL) +#define CKM_ARIA_ECB (0x561UL) +#define CKM_ARIA_CBC (0x562UL) +#define CKM_ARIA_MAC (0x563UL) +#define CKM_ARIA_MAC_GENERAL (0x564UL) +#define CKM_ARIA_CBC_PAD (0x565UL) +#define CKM_ARIA_ECB_ENCRYPT_DATA (0x566UL) +#define CKM_ARIA_CBC_ENCRYPT_DATA (0x567UL) +#define CKM_SEED_KEY_GEN (0x650UL) +#define CKM_SEED_ECB (0x651UL) +#define CKM_SEED_CBC (0x652UL) +#define CKM_SEED_MAC (0x653UL) +#define CKM_SEED_MAC_GENERAL (0x654UL) +#define CKM_SEED_CBC_PAD (0x655UL) +#define CKM_SEED_ECB_ENCRYPT_DATA (0x656UL) +#define CKM_SEED_CBC_ENCRYPT_DATA (0x657UL) +#define CKM_SKIPJACK_KEY_GEN (0x1000UL) +#define CKM_SKIPJACK_ECB64 (0x1001UL) +#define CKM_SKIPJACK_CBC64 (0x1002UL) +#define CKM_SKIPJACK_OFB64 (0x1003UL) +#define CKM_SKIPJACK_CFB64 (0x1004UL) +#define CKM_SKIPJACK_CFB32 (0x1005UL) +#define CKM_SKIPJACK_CFB16 (0x1006UL) +#define CKM_SKIPJACK_CFB8 (0x1007UL) +#define CKM_SKIPJACK_WRAP (0x1008UL) +#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) +#define CKM_SKIPJACK_RELAYX (0x100aUL) +#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) +#define CKM_KEA_KEY_DERIVE (0x1011UL) +#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) +#define CKM_BATON_KEY_GEN (0x1030UL) +#define CKM_BATON_ECB128 (0x1031UL) +#define CKM_BATON_ECB96 (0x1032UL) +#define CKM_BATON_CBC128 (0x1033UL) +#define CKM_BATON_COUNTER (0x1034UL) +#define CKM_BATON_SHUFFLE (0x1035UL) +#define CKM_BATON_WRAP (0x1036UL) +#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) +#define CKM_EC_KEY_PAIR_GEN (0x1040UL) +#define CKM_ECDSA (0x1041UL) +#define CKM_ECDSA_SHA1 (0x1042UL) +#define CKM_ECDSA_SHA224 (0x1043UL) +#define CKM_ECDSA_SHA256 (0x1044UL) +#define CKM_ECDSA_SHA384 (0x1045UL) +#define CKM_ECDSA_SHA512 (0x1046UL) +#define CKM_ECDH1_DERIVE (0x1050UL) +#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) +#define CKM_ECMQV_DERIVE (0x1052UL) +#define CKM_ECDH_AES_KEY_WRAP (0x1053UL) +#define CKM_RSA_AES_KEY_WRAP (0x1054UL) +#define CKM_JUNIPER_KEY_GEN (0x1060UL) +#define CKM_JUNIPER_ECB128 (0x1061UL) +#define CKM_JUNIPER_CBC128 (0x1062UL) +#define CKM_JUNIPER_COUNTER (0x1063UL) +#define CKM_JUNIPER_SHUFFLE (0x1064UL) +#define CKM_JUNIPER_WRAP (0x1065UL) +#define CKM_FASTHASH (0x1070UL) +#define CKM_AES_KEY_GEN (0x1080UL) +#define CKM_AES_ECB (0x1081UL) +#define CKM_AES_CBC (0x1082UL) +#define CKM_AES_MAC (0x1083UL) +#define CKM_AES_MAC_GENERAL (0x1084UL) +#define CKM_AES_CBC_PAD (0x1085UL) +#define CKM_AES_CTR (0x1086UL) +#define CKM_AES_GCM (0x1087UL) +#define CKM_AES_CCM (0x1088UL) +#define CKM_AES_CTS (0x1089UL) +#define CKM_AES_CMAC (0x108aUL) +#define CKM_AES_CMAC_GENERAL (0x108bUL) +#define CKM_AES_XCBC_MAC (0x108cUL) +#define CKM_AES_XCBC_MAC_96 (0x108dUL) +#define CKM_AES_GMAC (0x108eUL) +#define CKM_BLOWFISH_KEY_GEN (0x1090UL) +#define CKM_BLOWFISH_CBC (0x1091UL) +#define CKM_TWOFISH_KEY_GEN (0x1092UL) +#define CKM_TWOFISH_CBC (0x1093UL) +#define CKM_BLOWFISH_CBC_PAD (0x1094UL) +#define CKM_TWOFISH_CBC_PAD (0x1095UL) +#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) +#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) +#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) +#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) +#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) +#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) +#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL) +#define CKM_GOSTR3410 (0x1201UL) +#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL) +#define CKM_GOSTR3410_KEY_WRAP (0x1203UL) +#define CKM_GOSTR3410_DERIVE (0x1204UL) +#define CKM_GOSTR3411 (0x1210UL) +#define CKM_GOSTR3411_HMAC (0x1211UL) +#define CKM_GOST28147_KEY_GEN (0x1220UL) +#define CKM_GOST28147_ECB (0x1221UL) +#define CKM_GOST28147 (0x1222UL) +#define CKM_GOST28147_MAC (0x1223UL) +#define CKM_GOST28147_KEY_WRAP (0x1224UL) +#define CKM_DSA_PARAMETER_GEN (0x2000UL) +#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) +#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN (0x2003UL) +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN (0x2004UL) +#define CKM_AES_OFB (0x2104UL) +#define CKM_AES_CFB64 (0x2105UL) +#define CKM_AES_CFB8 (0x2106UL) +#define CKM_AES_CFB128 (0x2107UL) +#define CKM_AES_CFB1 (0x2108UL) + +#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + +/* Amendments */ +#define CKM_SHA224 (0x255UL) +#define CKM_SHA224_HMAC (0x256UL) +#define CKM_SHA224_HMAC_GENERAL (0x257UL) +#define CKM_SHA224_RSA_PKCS (0x46UL) +#define CKM_SHA224_RSA_PKCS_PSS (0x47UL) +#define CKM_SHA224_KEY_DERIVATION (0x396UL) + +#define CKM_CAMELLIA_KEY_GEN (0x550UL) +#define CKM_CAMELLIA_ECB (0x551UL) +#define CKM_CAMELLIA_CBC (0x552UL) +#define CKM_CAMELLIA_MAC (0x553UL) +#define CKM_CAMELLIA_MAC_GENERAL (0x554UL) +#define CKM_CAMELLIA_CBC_PAD (0x555UL) +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) +#define CKM_CAMELLIA_CTR (0x558UL) + +#define CKM_AES_KEY_WRAP (0x2109UL) +#define CKM_AES_KEY_WRAP_PAD (0x210aUL) + +#define CKM_RSA_PKCS_TPM_1_1 (0x4001UL) +#define CKM_RSA_PKCS_OAEP_TPM_1_1 (0x4002UL) + +/* From version 3.0 */ +#define CKM_EC_EDWARDS_KEY_PAIR_GEN (0x1055UL) +#define CKM_EDDSA (0x1057UL) + +/* Attribute and other constants related to OTP */ +#define CK_OTP_FORMAT_DECIMAL (0UL) +#define CK_OTP_FORMAT_HEXADECIMAL (1UL) +#define CK_OTP_FORMAT_ALPHANUMERIC (2UL) +#define CK_OTP_FORMAT_BINARY (3UL) +#define CK_OTP_PARAM_IGNORED (0UL) +#define CK_OTP_PARAM_OPTIONAL (1UL) +#define CK_OTP_PARAM_MANDATORY (2UL) + +#define CK_OTP_VALUE (0UL) +#define CK_OTP_PIN (1UL) +#define CK_OTP_CHALLENGE (2UL) +#define CK_OTP_TIME (3UL) +#define CK_OTP_COUNTER (4UL) +#define CK_OTP_FLAGS (5UL) +#define CK_OTP_OUTPUT_LENGTH (6UL) +#define CK_OTP_FORMAT (7UL) + +/* OTP mechanism flags */ +#define CKF_NEXT_OTP (0x01UL) +#define CKF_EXCLUDE_TIME (0x02UL) +#define CKF_EXCLUDE_COUNTER (0x04UL) +#define CKF_EXCLUDE_CHALLENGE (0x08UL) +#define CKF_EXCLUDE_PIN (0x10UL) +#define CKF_USER_FRIENDLY_OTP (0x20UL) + +#define CKN_OTP_CHANGED (0x01UL) + +struct ck_mechanism +{ + ck_mechanism_type_t mechanism; + void *parameter; + unsigned long parameter_len; +}; + + +struct ck_mechanism_info +{ + unsigned long min_key_size; + unsigned long max_key_size; + ck_flags_t flags; +}; + +typedef unsigned long ck_param_type; + +typedef struct ck_otp_param { + ck_param_type type; + void *value; + unsigned long value_len; +} ck_otp_param; + +typedef struct ck_otp_params { + struct ck_otp_param *params; + unsigned long count; +} ck_otp_params; + +typedef struct ck_otp_signature_info +{ + struct ck_otp_param *params; + unsigned long count; +} ck_otp_signature_info; + +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA224 0x00000005UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL + +typedef unsigned long ck_rsa_pkcs_mgf_type_t; +typedef ck_rsa_pkcs_mgf_type_t * CK_RSA_PKCS_MGF_TYPE_PTR; + +struct ck_rsa_pkcs_pss_params { + ck_mechanism_type_t hash_alg; + ck_rsa_pkcs_mgf_type_t mgf; + unsigned long s_len; +}; + +typedef unsigned long ck_rsa_pkcs_oaep_source_type_t; + +struct ck_rsa_pkcs_oaep_params { + ck_mechanism_type_t hash_alg; + ck_rsa_pkcs_mgf_type_t mgf; + ck_rsa_pkcs_oaep_source_type_t source; + void *source_data; + unsigned long source_data_len; +}; + +struct ck_aes_ctr_params { + unsigned long counter_bits; + unsigned char cb[16]; +}; + +struct ck_gcm_params { + unsigned char *iv_ptr; + unsigned long iv_len; + unsigned long iv_bits; + unsigned char *aad_ptr; + unsigned long aad_len; + unsigned long tag_bits; +}; + + +/* The following EC Key Derivation Functions are defined */ +#define CKD_NULL (0x01UL) +#define CKD_SHA1_KDF (0x02UL) + +/* The following X9.42 DH key derivation functions are defined */ +#define CKD_SHA1_KDF_ASN1 (0x03UL) +#define CKD_SHA1_KDF_CONCATENATE (0x04UL) +#define CKD_SHA224_KDF (0x05UL) +#define CKD_SHA256_KDF (0x06UL) +#define CKD_SHA384_KDF (0x07UL) +#define CKD_SHA512_KDF (0x08UL) +#define CKD_CPDIVERSIFY_KDF (0x09UL) + +typedef unsigned long ck_ec_kdf_t; + +struct ck_ecdh1_derive_params { + ck_ec_kdf_t kdf; + unsigned long shared_data_len; + unsigned char *shared_data; + unsigned long public_data_len; + unsigned char *public_data; +}; + +struct ck_key_derivation_string_data { + unsigned char *string_data; + unsigned long string_data_len; +}; + +struct ck_des_cbc_encrypt_data_params { + unsigned char iv[8]; + unsigned char *data_params; + unsigned long length; +}; + +struct ck_aes_cbc_encrypt_data_params { + unsigned char iv[16]; + unsigned char *data_params; + unsigned long length; +}; + +#define CKF_HW (1UL << 0) +#define CKF_ENCRYPT (1UL << 8) +#define CKF_DECRYPT (1UL << 9) +#define CKF_DIGEST (1UL << 10) +#define CKF_SIGN (1UL << 11) +#define CKF_SIGN_RECOVER (1UL << 12) +#define CKF_VERIFY (1UL << 13) +#define CKF_VERIFY_RECOVER (1UL << 14) +#define CKF_GENERATE (1UL << 15) +#define CKF_GENERATE_KEY_PAIR (1UL << 16) +#define CKF_WRAP (1UL << 17) +#define CKF_UNWRAP (1UL << 18) +#define CKF_DERIVE (1UL << 19) +#define CKF_EXTENSION ((unsigned long) (1UL << 31)) + +#define CKF_EC_F_P (1UL << 20) +#define CKF_EC_NAMEDCURVE (1UL << 23) +#define CKF_EC_UNCOMPRESS (1UL << 24) +#define CKF_EC_COMPRESS (1UL << 25) + + +/* Flags for C_WaitForSlotEvent. */ +#define CKF_DONT_BLOCK (1UL) + + +typedef unsigned long ck_rv_t; + + +typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, + ck_notification_t event, void *application); + +/* Forward reference. */ +struct ck_function_list; + +#define _CK_DECLARE_FUNCTION(name, args) \ +typedef ck_rv_t (*CK_ ## name) args; \ +ck_rv_t CK_SPEC name args + +_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); +_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); +_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); +_CK_DECLARE_FUNCTION (C_GetFunctionList, + (struct ck_function_list **function_list)); + +_CK_DECLARE_FUNCTION (C_GetSlotList, + (unsigned char token_present, ck_slot_id_t *slot_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetSlotInfo, + (ck_slot_id_t slot_id, struct ck_slot_info *info)); +_CK_DECLARE_FUNCTION (C_GetTokenInfo, + (ck_slot_id_t slot_id, struct ck_token_info *info)); +_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, + (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); +_CK_DECLARE_FUNCTION (C_GetMechanismList, + (ck_slot_id_t slot_id, + ck_mechanism_type_t *mechanism_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetMechanismInfo, + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info *info)); +_CK_DECLARE_FUNCTION (C_InitToken, + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); +_CK_DECLARE_FUNCTION (C_InitPIN, + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_SetPIN, + (ck_session_handle_t session, unsigned char *old_pin, + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len)); + +_CK_DECLARE_FUNCTION (C_OpenSession, + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t *session)); +_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); +_CK_DECLARE_FUNCTION (C_GetSessionInfo, + (ck_session_handle_t session, + struct ck_session_info *info)); +_CK_DECLARE_FUNCTION (C_GetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); +_CK_DECLARE_FUNCTION (C_SetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); +_CK_DECLARE_FUNCTION (C_Login, + (ck_session_handle_t session, ck_user_type_t user_type, + unsigned char *pin, unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_CreateObject, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t *object)); +_CK_DECLARE_FUNCTION (C_CopyObject, + (ck_session_handle_t session, ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t *new_object)); +_CK_DECLARE_FUNCTION (C_DestroyObject, + (ck_session_handle_t session, + ck_object_handle_t object)); +_CK_DECLARE_FUNCTION (C_GetObjectSize, + (ck_session_handle_t session, + ck_object_handle_t object, + unsigned long *size)); +_CK_DECLARE_FUNCTION (C_GetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_SetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjectsInit, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjects, + (ck_session_handle_t session, + ck_object_handle_t *object, + unsigned long max_object_count, + unsigned long *object_count)); +_CK_DECLARE_FUNCTION (C_FindObjectsFinal, + (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_EncryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Encrypt, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); +_CK_DECLARE_FUNCTION (C_EncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_EncryptFinal, + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); + +_CK_DECLARE_FUNCTION (C_DecryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Decrypt, + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); +_CK_DECLARE_FUNCTION (C_DecryptUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_DecryptFinal, + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); + +_CK_DECLARE_FUNCTION (C_DigestInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism)); +_CK_DECLARE_FUNCTION (C_Digest, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, + unsigned long *digest_len)); +_CK_DECLARE_FUNCTION (C_DigestUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_DigestKey, + (ck_session_handle_t session, ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_DigestFinal, + (ck_session_handle_t session, + unsigned char *digest, + unsigned long *digest_len)); + +_CK_DECLARE_FUNCTION (C_SignInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Sign, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_SignFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_SignRecover, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + +_CK_DECLARE_FUNCTION (C_VerifyInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Verify, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_VerifyFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_VerifyRecover, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len)); + +_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); + +_CK_DECLARE_FUNCTION (C_GenerateKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_GenerateKeyPair, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t *public_key, + ck_object_handle_t *private_key)); +_CK_DECLARE_FUNCTION (C_WrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); +_CK_DECLARE_FUNCTION (C_UnwrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_DeriveKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); + +_CK_DECLARE_FUNCTION (C_SeedRandom, + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); +_CK_DECLARE_FUNCTION (C_GenerateRandom, + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); + +_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); + + +struct ck_function_list +{ + struct ck_version version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; +}; + + +typedef ck_rv_t (*ck_createmutex_t) (void **mutex); +typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); +typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); +typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); + + +struct ck_c_initialize_args +{ + ck_createmutex_t create_mutex; + ck_destroymutex_t destroy_mutex; + ck_lockmutex_t lock_mutex; + ck_unlockmutex_t unlock_mutex; + ck_flags_t flags; + void *reserved; +}; + + +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) +#define CKF_OS_LOCKING_OK (1UL << 1) + +#define CKR_OK (0UL) +#define CKR_CANCEL (1UL) +#define CKR_HOST_MEMORY (2UL) +#define CKR_SLOT_ID_INVALID (3UL) +#define CKR_GENERAL_ERROR (5UL) +#define CKR_FUNCTION_FAILED (6UL) +#define CKR_ARGUMENTS_BAD (7UL) +#define CKR_NO_EVENT (8UL) +#define CKR_NEED_TO_CREATE_THREADS (9UL) +#define CKR_CANT_LOCK (0xaUL) +#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) +#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) +#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) +#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) +#define CKR_ACTION_PROHIBITED (0x1BUL) +#define CKR_DATA_INVALID (0x20UL) +#define CKR_DATA_LEN_RANGE (0x21UL) +#define CKR_DEVICE_ERROR (0x30UL) +#define CKR_DEVICE_MEMORY (0x31UL) +#define CKR_DEVICE_REMOVED (0x32UL) +#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) +#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) +#define CKR_FUNCTION_CANCELED (0x50UL) +#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) +#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) +#define CKR_KEY_HANDLE_INVALID (0x60UL) +#define CKR_KEY_SIZE_RANGE (0x62UL) +#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) +#define CKR_KEY_NOT_NEEDED (0x64UL) +#define CKR_KEY_CHANGED (0x65UL) +#define CKR_KEY_NEEDED (0x66UL) +#define CKR_KEY_INDIGESTIBLE (0x67UL) +#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) +#define CKR_KEY_NOT_WRAPPABLE (0x69UL) +#define CKR_KEY_UNEXTRACTABLE (0x6aUL) +#define CKR_MECHANISM_INVALID (0x70UL) +#define CKR_MECHANISM_PARAM_INVALID (0x71UL) +#define CKR_OBJECT_HANDLE_INVALID (0x82UL) +#define CKR_OPERATION_ACTIVE (0x90UL) +#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) +#define CKR_PIN_INCORRECT (0xa0UL) +#define CKR_PIN_INVALID (0xa1UL) +#define CKR_PIN_LEN_RANGE (0xa2UL) +#define CKR_PIN_EXPIRED (0xa3UL) +#define CKR_PIN_LOCKED (0xa4UL) +#define CKR_SESSION_CLOSED (0xb0UL) +#define CKR_SESSION_COUNT (0xb1UL) +#define CKR_SESSION_HANDLE_INVALID (0xb3UL) +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) +#define CKR_SESSION_READ_ONLY (0xb5UL) +#define CKR_SESSION_EXISTS (0xb6UL) +#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) +#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) +#define CKR_SIGNATURE_INVALID (0xc0UL) +#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) +#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) +#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) +#define CKR_TOKEN_NOT_PRESENT (0xe0UL) +#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) +#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) +#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) +#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) +#define CKR_USER_NOT_LOGGED_IN (0x101UL) +#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) +#define CKR_USER_TYPE_INVALID (0x103UL) +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) +#define CKR_USER_TOO_MANY_TYPES (0x105UL) +#define CKR_WRAPPED_KEY_INVALID (0x110UL) +#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) +#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) +#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) +#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) +#define CKR_RANDOM_NO_RNG (0x121UL) +#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) +#define CKR_CURVE_NOT_SUPPORTED (0x140UL) +#define CKR_BUFFER_TOO_SMALL (0x150UL) +#define CKR_SAVED_STATE_INVALID (0x160UL) +#define CKR_INFORMATION_SENSITIVE (0x170UL) +#define CKR_STATE_UNSAVEABLE (0x180UL) +#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) +#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) +#define CKR_MUTEX_BAD (0x1a0UL) +#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) +#define CKR_NEW_PIN_MODE (0x1b0UL) +#define CKR_NEXT_OTP (0x1b1UL) +#define CKR_EXCEEDED_MAX_ITERATIONS (0x1c0UL) +#define CKR_FIPS_SELF_TEST_FAILED (0x1c1UL) +#define CKR_LIBRARY_LOAD_FAILED (0x1c2UL) +#define CKR_PIN_TOO_WEAK (0x1c3UL) +#define CKR_PUBLIC_KEY_INVALID (0x1c4UL) +#define CKR_FUNCTION_REJECTED (0x200UL) +#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +#define CKZ_DATA_SPECIFIED (0x01UL) + + + +/* Compatibility layer. */ + +#ifdef CRYPTOKI_COMPAT + +#undef CK_DEFINE_FUNCTION +#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name + +/* For NULL. */ +#include + +typedef unsigned char CK_BYTE; +typedef unsigned char CK_CHAR; +typedef unsigned char CK_UTF8CHAR; +typedef unsigned char CK_BBOOL; +typedef unsigned long int CK_ULONG; +typedef long int CK_LONG; +typedef CK_BYTE *CK_BYTE_PTR; +typedef CK_CHAR *CK_CHAR_PTR; +typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; +typedef CK_ULONG *CK_ULONG_PTR; +typedef void *CK_VOID_PTR; +typedef void **CK_VOID_PTR_PTR; +#define CK_FALSE 0 +#define CK_TRUE 1 +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef TRUE +#define TRUE 1 +#endif +#endif + +typedef struct ck_version CK_VERSION; +typedef struct ck_version *CK_VERSION_PTR; + +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; + +typedef ck_slot_id_t *CK_SLOT_ID_PTR; + +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; + +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; + +typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; + +typedef struct ck_session_info CK_SESSION_INFO; +typedef struct ck_session_info *CK_SESSION_INFO_PTR; + +typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; + +typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; + +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; + +typedef struct ck_date CK_DATE; +typedef struct ck_date *CK_DATE_PTR; + +typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; + +typedef struct ck_mechanism CK_MECHANISM; +typedef struct ck_mechanism *CK_MECHANISM_PTR; + +typedef struct ck_mechanism_info CK_MECHANISM_INFO; +typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; + +typedef struct ck_otp_mechanism_info CK_OTP_MECHANISM_INFO; +typedef struct ck_otp_mechanism_info *CK_OTP_MECHANISM_INFO_PTR; + +typedef struct ck_function_list CK_FUNCTION_LIST; +typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; +typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; + +typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; +typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; + +typedef struct ck_rsa_pkcs_pss_params CK_RSA_PKCS_PSS_PARAMS; +typedef struct ck_rsa_pkcs_pss_params *CK_RSA_PKCS_PSS_PARAMS_PTR; + +typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS; +typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR; + +typedef struct ck_aes_ctr_params CK_AES_CTR_PARAMS; +typedef struct ck_aes_ctr_params *CK_AES_CTR_PARAMS_PTR; + +typedef struct ck_gcm_params CK_GCM_PARAMS; +typedef struct ck_gcm_params *CK_GCM_PARAMS_PTR; + +typedef struct ck_ecdh1_derive_params CK_ECDH1_DERIVE_PARAMS; +typedef struct ck_ecdh1_derive_params *CK_ECDH1_DERIVE_PARAMS_PTR; + +typedef struct ck_key_derivation_string_data CK_KEY_DERIVATION_STRING_DATA; +typedef struct ck_key_derivation_string_data *CK_KEY_DERIVATION_STRING_DATA_PTR; + +typedef struct ck_des_cbc_encrypt_data_params CK_DES_CBC_ENCRYPT_DATA_PARAMS; +typedef struct ck_des_cbc_encrypt_data_params *CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct ck_aes_cbc_encrypt_data_params CK_AES_CBC_ENCRYPT_DATA_PARAMS; +typedef struct ck_aes_cbc_encrypt_data_params *CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +#ifndef NULL_PTR +#define NULL_PTR NULL +#endif + +/* Delete the helper macros defined at the top of the file. */ +#undef ck_flags_t +#undef ck_version + +#undef ck_info +#undef cryptoki_version +#undef manufacturer_id +#undef library_description +#undef library_version + +#undef ck_notification_t +#undef ck_slot_id_t + +#undef ck_slot_info +#undef slot_description +#undef hardware_version +#undef firmware_version + +#undef ck_token_info +#undef serial_number +#undef max_session_count +#undef session_count +#undef max_rw_session_count +#undef rw_session_count +#undef max_pin_len +#undef min_pin_len +#undef total_public_memory +#undef free_public_memory +#undef total_private_memory +#undef free_private_memory +#undef utc_time + +#undef ck_session_handle_t +#undef ck_user_type_t +#undef ck_state_t + +#undef ck_session_info +#undef slot_id +#undef device_error + +#undef ck_object_handle_t +#undef ck_object_class_t +#undef ck_hw_feature_type_t +#undef ck_key_type_t +#undef ck_certificate_type_t +#undef ck_attribute_type_t + +#undef ck_attribute +#undef value +#undef value_len + +#undef params +#undef count + +#undef ck_date + +#undef ck_mechanism_type_t + +#undef ck_mechanism +#undef parameter +#undef parameter_len + +#undef ck_mechanism_info + +#undef ck_param_type +#undef ck_otp_param +#undef ck_otp_params +#undef ck_otp_signature_info + +#undef min_key_size +#undef max_key_size + +#undef ck_rv_t +#undef ck_notify_t + +#undef ck_function_list + +#undef ck_createmutex_t +#undef ck_destroymutex_t +#undef ck_lockmutex_t +#undef ck_unlockmutex_t + +#undef ck_c_initialize_args +#undef create_mutex +#undef destroy_mutex +#undef lock_mutex +#undef unlock_mutex +#undef reserved + +#endif /* CRYPTOKI_COMPAT */ + + +/* System dependencies. */ +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#pragma pack(pop, cryptoki) +#endif + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_H */ diff --git a/common/pkcs11i.h b/common/pkcs11i.h new file mode 100644 index 0000000..d9e3ffc --- /dev/null +++ b/common/pkcs11i.h @@ -0,0 +1,505 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef PKCS11_I_H_ +#define PKCS11_I_H_ 1 + +#if defined(__cplusplus) +extern "C" { +#endif + +/* ------------------------------------------------------------------- + * TRUST ASSERTIONS + * + * These are retired and should not be used in new code + */ + +#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100) +#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1) +#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2) +#define CKA_X_PURPOSE (CKA_X_VENDOR + 3) +#define CKA_X_PEER (CKA_X_VENDOR + 4) +typedef CK_ULONG CK_X_ASSERTION_TYPE; +#define CKT_X_DISTRUSTED_CERTIFICATE 1UL +#define CKT_X_PINNED_CERTIFICATE 2UL +#define CKT_X_ANCHORED_CERTIFICATE 3UL + +/* ------------------------------------------------------------------- + * Other deprecated definitions + */ +#define CKA_X_CRITICAL (CKA_X_VENDOR + 101) + +/* ------------------------------------------------------------------- + * SUBCLASSABLE PKCS#11 FUNCTIONS + */ + +typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST; + +typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *, + CK_VOID_PTR); + +typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *, + CK_VOID_PTR); + +typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *, + CK_INFO_PTR); + +typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *, + CK_BBOOL, + CK_SLOT_ID_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_SLOT_INFO_PTR); + +typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_TOKEN_INFO_PTR); + +typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_MECHANISM_TYPE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_MECHANISM_TYPE, + CK_MECHANISM_INFO_PTR); + +typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR); + +typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_FLAGS, + CK_VOID_PTR, + CK_NOTIFY, + CK_SESSION_HANDLE_PTR); + +typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID); + +typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_SESSION_INFO_PTR); + +typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_USER_TYPE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE_PTR, + CK_ULONG, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR); + +typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *, + CK_FLAGS, + CK_SLOT_ID_PTR, + CK_VOID_PTR); + +struct _CK_X_FUNCTION_LIST { + CK_VERSION version; + CK_X_Initialize C_Initialize; + CK_X_Finalize C_Finalize; + CK_X_GetInfo C_GetInfo; + CK_X_GetSlotList C_GetSlotList; + CK_X_GetSlotInfo C_GetSlotInfo; + CK_X_GetTokenInfo C_GetTokenInfo; + CK_X_GetMechanismList C_GetMechanismList; + CK_X_GetMechanismInfo C_GetMechanismInfo; + CK_X_InitToken C_InitToken; + CK_X_InitPIN C_InitPIN; + CK_X_SetPIN C_SetPIN; + CK_X_OpenSession C_OpenSession; + CK_X_CloseSession C_CloseSession; + CK_X_CloseAllSessions C_CloseAllSessions; + CK_X_GetSessionInfo C_GetSessionInfo; + CK_X_GetOperationState C_GetOperationState; + CK_X_SetOperationState C_SetOperationState; + CK_X_Login C_Login; + CK_X_Logout C_Logout; + CK_X_CreateObject C_CreateObject; + CK_X_CopyObject C_CopyObject; + CK_X_DestroyObject C_DestroyObject; + CK_X_GetObjectSize C_GetObjectSize; + CK_X_GetAttributeValue C_GetAttributeValue; + CK_X_SetAttributeValue C_SetAttributeValue; + CK_X_FindObjectsInit C_FindObjectsInit; + CK_X_FindObjects C_FindObjects; + CK_X_FindObjectsFinal C_FindObjectsFinal; + CK_X_EncryptInit C_EncryptInit; + CK_X_Encrypt C_Encrypt; + CK_X_EncryptUpdate C_EncryptUpdate; + CK_X_EncryptFinal C_EncryptFinal; + CK_X_DecryptInit C_DecryptInit; + CK_X_Decrypt C_Decrypt; + CK_X_DecryptUpdate C_DecryptUpdate; + CK_X_DecryptFinal C_DecryptFinal; + CK_X_DigestInit C_DigestInit; + CK_X_Digest C_Digest; + CK_X_DigestUpdate C_DigestUpdate; + CK_X_DigestKey C_DigestKey; + CK_X_DigestFinal C_DigestFinal; + CK_X_SignInit C_SignInit; + CK_X_Sign C_Sign; + CK_X_SignUpdate C_SignUpdate; + CK_X_SignFinal C_SignFinal; + CK_X_SignRecoverInit C_SignRecoverInit; + CK_X_SignRecover C_SignRecover; + CK_X_VerifyInit C_VerifyInit; + CK_X_Verify C_Verify; + CK_X_VerifyUpdate C_VerifyUpdate; + CK_X_VerifyFinal C_VerifyFinal; + CK_X_VerifyRecoverInit C_VerifyRecoverInit; + CK_X_VerifyRecover C_VerifyRecover; + CK_X_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_X_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_X_SignEncryptUpdate C_SignEncryptUpdate; + CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_X_GenerateKey C_GenerateKey; + CK_X_GenerateKeyPair C_GenerateKeyPair; + CK_X_WrapKey C_WrapKey; + CK_X_UnwrapKey C_UnwrapKey; + CK_X_DeriveKey C_DeriveKey; + CK_X_SeedRandom C_SeedRandom; + CK_X_GenerateRandom C_GenerateRandom; + CK_X_WaitForSlotEvent C_WaitForSlotEvent; +}; + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_X_H_ */ diff --git a/common/pkcs11x.h b/common/pkcs11x.h new file mode 100644 index 0000000..3b12db6 --- /dev/null +++ b/common/pkcs11x.h @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef PKCS11_X_H_ +#define PKCS11_X_H_ 1 + +#if defined(__cplusplus) +extern "C" { +#endif + +/* ------------------------------------------------------------------- + * NSS TRUST OBJECTS + * + * And related, non-standard + */ + +/* Define this if you want the NSS specific symbols */ +#define CRYPTOKI_NSS_VENDOR_DEFINED 1 +#ifdef CRYPTOKI_NSS_VENDOR_DEFINED + +/* Various NSS objects */ +#define CKO_NSS_CRL 0xce534351UL +#define CKO_NSS_SMIME 0xce534352UL +#define CKO_NSS_TRUST 0xce534353UL +#define CKO_NSS_BUILTIN_ROOT_LIST 0xce534354UL +#define CKO_NSS_NEWSLOT 0xce534355UL +#define CKO_NSS_DELSLOT 0xce534356UL + +/* Various NSS key types */ +#define CKK_NSS_PKCS8 0xce534351UL + +/* Various NSS attributes */ +#define CKA_NSS_URL 0xce534351UL +#define CKA_NSS_EMAIL 0xce534352UL +#define CKA_NSS_SMIME_INFO 0xce534353UL +#define CKA_NSS_SMIME_TIMESTAMP 0xce534354UL +#define CKA_NSS_PKCS8_SALT 0xce534355UL +#define CKA_NSS_PASSWORD_CHECK 0xce534356UL +#define CKA_NSS_EXPIRES 0xce534357UL +#define CKA_NSS_KRL 0xce534358UL +#define CKA_NSS_PQG_COUNTER 0xce534364UL +#define CKA_NSS_PQG_SEED 0xce534365UL +#define CKA_NSS_PQG_H 0xce534366UL +#define CKA_NSS_PQG_SEED_BITS 0xce534367UL +#define CKA_NSS_MODULE_SPEC 0xce534368UL +#define CKA_NSS_MOZILLA_CA_POLICY 0xce534372UL +#define CKA_NSS_SERVER_DISTRUST_AFTER 0xce534373UL +#define CKA_NSS_EMAIL_DISTRUST_AFTER 0xce534374UL + +/* NSS trust attributes */ +#define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL +#define CKA_TRUST_NON_REPUDIATION 0xce536352UL +#define CKA_TRUST_KEY_ENCIPHERMENT 0xce536353UL +#define CKA_TRUST_DATA_ENCIPHERMENT 0xce536354UL +#define CKA_TRUST_KEY_AGREEMENT 0xce536355UL +#define CKA_TRUST_KEY_CERT_SIGN 0xce536356UL +#define CKA_TRUST_CRL_SIGN 0xce536357UL +#define CKA_TRUST_SERVER_AUTH 0xce536358UL +#define CKA_TRUST_CLIENT_AUTH 0xce536359UL +#define CKA_TRUST_CODE_SIGNING 0xce53635aUL +#define CKA_TRUST_EMAIL_PROTECTION 0xce53635bUL +#define CKA_TRUST_IPSEC_END_SYSTEM 0xce53635cUL +#define CKA_TRUST_IPSEC_TUNNEL 0xce53635dUL +#define CKA_TRUST_IPSEC_USER 0xce53635eUL +#define CKA_TRUST_TIME_STAMPING 0xce53635fUL +#define CKA_TRUST_STEP_UP_APPROVED 0xce536360UL +#define CKA_CERT_SHA1_HASH 0xce5363b4UL +#define CKA_CERT_MD5_HASH 0xce5363b5UL + +/* NSS trust values */ +typedef CK_ULONG CK_TRUST; +#define CKT_NSS_TRUSTED 0xce534351UL +#define CKT_NSS_TRUSTED_DELEGATOR 0xce534352UL +#define CKT_NSS_MUST_VERIFY_TRUST 0xce534353UL +#define CKT_NSS_NOT_TRUSTED 0xce53435AUL +#define CKT_NSS_TRUST_UNKNOWN 0xce534355UL +#define CKT_NSS_VALID_DELEGATOR 0xce53435BUL + +/* NSS specific mechanisms */ +#define CKM_NSS_AES_KEY_WRAP 0xce534351UL +#define CKM_NSS_AES_KEY_WRAP_PAD 0xce534352UL + +/* NSS specific return values */ +#define CKR_NSS_CERTDB_FAILED 0xce534351UL +#define CKR_NSS_KEYDB_FAILED 0xce534352UL + +#endif /* CRYPTOKI_NSS_VENDOR_DEFINED */ + +/* Define this if you want the vendor specific symbols */ +#define CRYPTOKI_X_VENDOR_DEFINED 1 +#ifdef CRYPTOKI_X_VENDOR_DEFINED + +#define CKA_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL) +#define CKO_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL) + +/* ------------------------------------------------------------------- + * BLACKLISTS + */ + +#define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100) + +/* ------------------------------------------------------------------- + * CERTIFICATE EXTENSIONS + * + * For attaching certificate extensions to certificates + */ + +#define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200) + +/* From the 2.40 draft */ +#ifndef CKA_PUBLIC_KEY_INFO +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#endif + +#endif /* CRYPTOKI_X_VENDOR_DEFINED */ + +/* Define this if you want the vendor specific symbols */ +#define CRYPTOKI_RU_TEAM_TC26_VENDOR_DEFINED 1 +#ifdef CRYPTOKI_RU_TEAM_TC26_VENDOR_DEFINED + +/* See https://tc26.ru/standarts/perevody/guidelines-the-pkcs-11-extensions-for-implementing-the-gost-r-34-10-2012-and-gost-r-34-11-2012-russian-standards-.html */ + +#define NSSCK_VENDOR_PKCS11_RU_TEAM 0xD4321000 /* 0x80000000 | 0x54321000 */ +#define CK_VENDOR_PKCS11_RU_TEAM_TC26 NSSCK_VENDOR_PKCS11_RU_TEAM + +/* GOST KEY TYPES */ +#define CKK_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x003) +#define CKK_KUZNECHIK (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x004) +#define CKK_MAGMA (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x005) + +/* PKCS #5 PRF Functions */ +#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411_2012_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x003) + +/* GOST MECHANISMS */ +#define CKM_GOSTR3410_512_KEY_PAIR_GEN (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x005) +#define CKM_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x006) +#define CKM_GOSTR3410_2012_DERIVE (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x007) +#define CKM_GOSTR3410_WITH_GOSTR3411_2012_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x008) +#define CKM_GOSTR3410_WITH_GOSTR3411_2012_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x009) +#define CKM_GOSTR3410_PUBLIC_KEY_DERIVE (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x00A) +#define CKM_GOSTR3411_2012_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x012) +#define CKM_GOSTR3411_2012_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x013) +#define CKM_GOSTR3411_2012_256_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x014) +#define CKM_GOSTR3411_2012_512_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x015) +#define CKM_TLS_GOST_PRF_2012_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x016) +#define CKM_TLS_GOST_PRF_2012_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x017) +#define CKM_TLS_GOST_MASTER_KEY_DERIVE_2012_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x018) +#define CKM_KDF_4357 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x025) +#define CKM_KDF_GOSTR3411_2012_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 |0x026) + +#endif /* CRYPTOKI_RU_TEAM_TC26_VENDOR_DEFINED */ + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_X_H_ */ diff --git a/common/runtime.c b/common/runtime.c new file mode 100644 index 0000000..71fd553 --- /dev/null +++ b/common/runtime.c @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2018 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" + +#include "runtime.h" + +#include "compat.h" + +#include +#include +#include + +#ifdef OS_UNIX +#include +#include +#include +#include + +static const char * const _p11_runtime_bases_default[] = { "/run", "/var/run", NULL }; +const char * const *_p11_runtime_bases = _p11_runtime_bases_default; +#endif + +CK_RV +p11_get_runtime_directory (char **directoryp) +{ + const char *envvar; + char *directory; +#ifdef OS_UNIX + const char * const *bases = _p11_runtime_bases; + char *prefix; + uid_t uid; + struct stat sb; + struct passwd pwbuf, *pw; + char buf[1024]; + int i; +#endif + + /* We can't always assume the XDG_RUNTIME_DIR envvar here, + * because the PKCS#11 module can be loaded by a program that + * calls setuid(). */ + envvar = secure_getenv ("XDG_RUNTIME_DIR"); + + if (envvar != NULL && envvar[0] != '\0') { + directory = strdup (envvar); + if (!directory) + return CKR_HOST_MEMORY; + + *directoryp = directory; + return CKR_OK; + } + +#ifdef OS_UNIX + uid = getuid (); + + for (i = 0; bases[i] != NULL; i++) { + if (asprintf (&prefix, "%s/user/%u", + bases[i], (unsigned int) uid) < 0) + return CKR_HOST_MEMORY; + if (stat (prefix, &sb) != -1 && S_ISDIR (sb.st_mode)) { + *directoryp = prefix; + return CKR_OK; + } + free (prefix); + } +#endif + + /* We can't use /run/user/, fallback to ~/.cache. */ + envvar = secure_getenv ("XDG_CACHE_HOME"); + + if (envvar != NULL && envvar[0] != '\0') { + directory = strdup (envvar); + if (!directory) + return CKR_HOST_MEMORY; + + *directoryp = directory; + return CKR_OK; + } + +#ifdef OS_UNIX + if (getpwuid_r (uid, &pwbuf, buf, sizeof buf, &pw) == 0 && + pw != NULL && pw->pw_dir != NULL && *pw->pw_dir == '/') { + if (asprintf (&directory, "%s/.cache", pw->pw_dir) < 0) + return CKR_HOST_MEMORY; + *directoryp = directory; + return CKR_OK; + } +#endif + + return CKR_GENERAL_ERROR; +} diff --git a/common/runtime.h b/common/runtime.h new file mode 100644 index 0000000..42b2237 --- /dev/null +++ b/common/runtime.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2018 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#ifndef __RUNTIME_H__ +#define __RUNTIME_H__ + +#include "pkcs11.h" + +CK_RV p11_get_runtime_directory (char **directoryp); + +#endif /* __RUNTIME_H__ */ diff --git a/common/test-argv.c b/common/test-argv.c new file mode 100644 index 0000000..7eeddde --- /dev/null +++ b/common/test-argv.c @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2017 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" + +#include +#include +#include + +#include "argv.h" +#include "test.h" + +struct { + char *foo; + char *bar; +} test; + +static void +on_argv_parsed (char *argument, void *data) +{ + char *value; + + value = argument + strcspn (argument, ":="); + if (!*value) + value = NULL; + else + *(value++) = 0; + + if (strcmp (argument, "foo") == 0) { + test.foo = value ? strdup (value) : NULL; + } else if (strcmp (argument, "bar") == 0) { + test.bar = value ? strdup (value) : NULL; + } +} + +static void +setup (void *data) +{ + memset (&test, 0, sizeof (test)); +} + +static void +teardown (void *data) +{ + free (test.foo); + free (test.bar); +} + +static void +test_parse (void) +{ + p11_argv_parse ("foo=foo bar=bar", on_argv_parsed, NULL); + assert_str_eq ("foo", test.foo); + assert_str_eq ("bar", test.bar); +} + +static void +test_parse_quote (void) +{ + p11_argv_parse ("foo='foo bar' bar=\"bar baz\"", on_argv_parsed, NULL); + assert_str_eq ("foo bar", test.foo); + assert_str_eq ("bar baz", test.bar); +} + +static void +test_parse_backslash (void) +{ + p11_argv_parse ("foo='\\this\\isn\\'t\\a\\path' bar=bar", + on_argv_parsed, NULL); + assert_str_eq ("\\this\\isn't\\a\\path", test.foo); + assert_str_eq ("bar", test.bar); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_parse, "/argv/parse"); + p11_test (test_parse_quote, "/argv/parse_quote"); + p11_test (test_parse_backslash, "/argv/parse_backslash"); + return p11_test_run (argc, argv); +} diff --git a/common/test-array.c b/common/test-array.c new file mode 100644 index 0000000..695917a --- /dev/null +++ b/common/test-array.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include + +#include "array.h" +#include "test.h" + +static void +test_create (void) +{ + p11_array *array; + + array = p11_array_new (NULL); + assert_ptr_not_null (array); + p11_array_free (array); +} + +static void +test_free_null (void) +{ + p11_array_free (NULL); +} + +static void +destroy_value (void *data) +{ + int *value = data; + *value = 2; +} + +static void +test_free_destroys (void) +{ + p11_array *array; + int value = 0; + + array = p11_array_new (destroy_value); + assert_ptr_not_null (array); + if (!p11_array_push (array, &value)) + assert_not_reached (); + p11_array_free (array); + + assert_num_eq (2, value); +} + +static void +test_add (void) +{ + char *value = "VALUE"; + p11_array *array; + + array = p11_array_new (NULL); + if (!p11_array_push (array, value)) + assert_not_reached (); + + assert_num_eq (1, array->num); + assert_ptr_eq (array->elem[0], value); + + p11_array_free (array); +} + +static void +test_add_remove (void) +{ + char *value = "VALUE"; + p11_array *array; + + array = p11_array_new (NULL); + if (!p11_array_push (array, value)) + assert_not_reached (); + + assert_num_eq (1, array->num); + + assert_ptr_eq (array->elem[0], value); + + p11_array_remove (array, 0); + + assert_num_eq (0, array->num); + + p11_array_free (array); +} + +static void +test_remove_destroys (void) +{ + p11_array *array; + int value = 0; + + array = p11_array_new (destroy_value); + if (!p11_array_push (array, &value)) + assert_not_reached (); + + p11_array_remove (array, 0); + + assert_num_eq (2, value); + + /* should not be destroyed again */ + value = 0; + + p11_array_free (array); + + assert_num_eq (0, value); +} + +static void +test_remove_and_count (void) +{ + p11_array *array; + int *value; + int i; + + array = p11_array_new (free); + + assert_num_eq (0, array->num); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (int)); + assert (value != NULL); + *value = i; + if (!p11_array_push (array, value)) + assert_not_reached (); + assert_num_eq (i + 1, array->num); + } + + for (i = 10; i < 20000; ++i) { + p11_array_remove (array, 10); + assert_num_eq (20010 - (i + 1), array->num); + } + + assert_num_eq (10, array->num); + + p11_array_free (array); +} + +static void +test_clear_destroys (void) +{ + p11_array *array; + int value = 0; + + array = p11_array_new (destroy_value); + if (!p11_array_push (array, &value)) + assert_not_reached (); + + assert_num_eq (1, array->num); + + p11_array_clear (array); + + assert_num_eq (2, value); + assert_num_eq (0, array->num); + + /* should not be destroyed again */ + value = 0; + + p11_array_free (array); + + assert_num_eq (0, value); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_create, "/array/create"); + p11_test (test_add, "/array/add"); + p11_test (test_add_remove, "/array/add-remove"); + p11_test (test_remove_destroys, "/array/remove-destroys"); + p11_test (test_remove_and_count, "/array/remove-and-count"); + p11_test (test_free_null, "/array/free-null"); + p11_test (test_free_destroys, "/array/free-destroys"); + p11_test (test_clear_destroys, "/array/clear-destroys"); + return p11_test_run (argc, argv); +} diff --git a/common/test-attrs.c b/common/test-attrs.c new file mode 100644 index 0000000..bc588c8 --- /dev/null +++ b/common/test-attrs.c @@ -0,0 +1,786 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "attrs.h" +#include "debug.h" + +static void +test_terminator (void) +{ + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_LABEL, NULL, 0 }, + { CKA_INVALID }, + }; + + assert_num_eq (true, p11_attrs_terminator (attrs + 2)); + assert_num_eq (true, p11_attrs_terminator (NULL)); + assert_num_eq (false, p11_attrs_terminator (attrs)); + assert_num_eq (false, p11_attrs_terminator (attrs + 1)); +} + +static void +test_count (void) +{ + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE empty[] = { + { CKA_INVALID }, + }; + + assert_num_eq (2, p11_attrs_count (attrs)); + assert_num_eq (0, p11_attrs_count (NULL)); + assert_num_eq (0, p11_attrs_count (empty)); +} + +static void +test_build_one (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; + + attrs = p11_attrs_build (NULL, &add, NULL); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert (attrs[1].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_two (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; + + attrs = p11_attrs_build (NULL, &one, &two, NULL); + + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_invalid (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE invalid = { CKA_INVALID }; + CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 }; + + attrs = p11_attrs_build (NULL, &one, &invalid, &two, NULL); + + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_buildn_two (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 } + }; + + attrs = p11_attrs_buildn (NULL, add, 2); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_buildn_one (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; + + attrs = p11_attrs_buildn (NULL, &add, 1); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert (attrs[1].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_add (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE two = { CKA_TOKEN, "\x01", 1 }; + + attrs = p11_attrs_buildn (NULL, initial, 2); + attrs = p11_attrs_build (attrs, &one, &two, NULL); + + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_TOKEN); + assert_num_eq (1, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_build_null (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE add = { CKA_LABEL, NULL, (CK_ULONG)-1 }; + + attrs = p11_attrs_build (NULL, &add, NULL); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert (attrs->ulValueLen == (CK_ULONG)-1); + assert_ptr_eq (NULL, attrs->pValue); + + p11_attrs_free (attrs); +} + +static void +test_dup (void) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + attrs = p11_attrs_dup (original); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); + + assert (attrs[2].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_take (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE *attrs; + + attrs = p11_attrs_buildn (NULL, initial, 2); + attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7); + attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1); + assert_ptr_not_null (attrs); + + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_TOKEN); + assert_num_eq (1, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + + +static void +test_merge_replace (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_LABEL, "boooyah", 7 }, + { CKA_APPLICATION, "disco", 5 }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + + attrs = p11_attrs_buildn (NULL, initial, 2); + merge = p11_attrs_buildn (NULL, extra, 2); + attrs = p11_attrs_merge (attrs, merge, true); + assert_ptr_not_null (attrs); + + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_APPLICATION); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "disco", 5) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_merge_empty (void) +{ + CK_ATTRIBUTE extra[] = { + { CKA_LABEL, "boooyah", 7 }, + { CKA_APPLICATION, "disco", 5 }, + }; + + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *merge; + + merge = p11_attrs_buildn (NULL, extra, 2); + attrs = p11_attrs_merge (attrs, merge, true); + assert_ptr_not_null (attrs); + assert_ptr_eq (merge, attrs); + + p11_attrs_free (attrs); +} + +static void +test_merge_augment (void) +{ + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_VALUE, "nine", 4 }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_LABEL, "boooyah", 7 }, + { CKA_APPLICATION, "disco", 5 }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + + attrs = p11_attrs_buildn (NULL, initial, 2); + merge = p11_attrs_buildn (NULL, extra, 2); + attrs = p11_attrs_merge (attrs, merge, false); + assert_ptr_not_null (attrs); + + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (5, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "label", 5) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); + + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_APPLICATION); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "disco", 5) == 0); + + assert (attrs[3].type == CKA_INVALID); + + p11_attrs_free (attrs); +} + +static void +test_free_null (void) +{ + p11_attrs_free (NULL); +} + +static void +test_equal (void) +{ + char *data = "extra attribute"; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; + CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; + CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; + + assert (p11_attr_equal (&one, &one)); + assert (!p11_attr_equal (&one, NULL)); + assert (!p11_attr_equal (NULL, &one)); + assert (!p11_attr_equal (&one, &two)); + assert (!p11_attr_equal (&two, &other)); + assert (p11_attr_equal (&other, &overflow)); + assert (!p11_attr_equal (&one, &null)); + assert (!p11_attr_equal (&one, &null)); + assert (!p11_attr_equal (&other, &content)); +} + +static void +test_hash (void) +{ + char *data = "extra attribute"; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 }; + CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 }; + CK_ATTRIBUTE other = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; + CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; + unsigned int hash; + + hash = p11_attr_hash (&one); + assert (hash != 0); + + assert (p11_attr_hash (&one) == hash); + assert (p11_attr_hash (&two) != hash); + assert (p11_attr_hash (&other) != hash); + assert (p11_attr_hash (&overflow) != hash); + assert (p11_attr_hash (&null) != hash); + assert (p11_attr_hash (&content) != hash); + + hash = p11_attr_hash (NULL); + assert (hash == 0); +} + +static void +test_to_string (void) +{ + char *data = "extra attribute"; + CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, data, 5 }, + { CKA_INVALID }, + }; + + char *string; + + + string = p11_attr_to_string (&one, CKA_INVALID); + assert_str_eq ("{ CKA_LABEL = (3) \"yay\" }", string); + free (string); + + string = p11_attrs_to_string (attrs, -1); + assert_str_eq ("(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string); + free (string); + + string = p11_attrs_to_string (attrs, 1); + assert_str_eq ("(1) [ { CKA_LABEL = (3) \"yay\" } ]", string); + free (string); +} + +static void +test_find (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + attr = p11_attrs_find (attrs, CKA_TOKEN); + assert_ptr_eq (attrs + 1, attr); + + attr = p11_attrs_find (attrs, CKA_VALUE); + assert_ptr_eq (NULL, attr); +} + +static void +test_findn (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + attr = p11_attrs_findn (attrs, 2, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + attr = p11_attrs_findn (attrs, 2, CKA_TOKEN); + assert_ptr_eq (attrs + 1, attr); + + attr = p11_attrs_findn (attrs, 2, CKA_VALUE); + assert_ptr_eq (NULL, attr); + + attr = p11_attrs_findn (attrs, 1, CKA_TOKEN); + assert_ptr_eq (NULL, attr); +} + +static void +test_remove (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + CK_ATTRIBUTE *attrs; + CK_BBOOL ret; + + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + attrs = p11_attrs_buildn (NULL, initial, 2); + assert_ptr_not_null (attrs); + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + ret = p11_attrs_remove (attrs, CKA_LABEL); + assert_num_eq (CK_TRUE, ret); + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (NULL, attr); + + ret = p11_attrs_remove (attrs, CKA_LABEL); + assert_num_eq (CK_FALSE, ret); + + p11_attrs_free (attrs); +} + +static void +test_purge (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_ATTRIBUTE *attr; + CK_ATTRIBUTE *attrs; + + CK_ATTRIBUTE initial[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + attrs = p11_attrs_buildn (NULL, initial, 2); + assert_ptr_not_null (attrs); + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 0, attr); + + attr[0].ulValueLen = (CK_ULONG) -1; + + p11_attrs_purge (attrs); + + attr = p11_attrs_find (attrs, CKA_LABEL); + assert_ptr_eq (NULL, attr); + + p11_attrs_free (attrs); +} + +static void +test_match (void) +{ + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE subset[] = { + { CKA_LABEL, "label", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE different[] = { + { CKA_LABEL, "other", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_LABEL, "other", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + assert (p11_attrs_match (attrs, attrs)); + assert (p11_attrs_match (attrs, subset)); + assert (!p11_attrs_match (attrs, different)); + assert (!p11_attrs_match (attrs, extra)); +} + +static void +test_matchn (void) +{ + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "label", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE subset[] = { + { CKA_LABEL, "label", 5 }, + }; + + CK_ATTRIBUTE different[] = { + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_LABEL, "other", 5 }, + }; + + CK_ATTRIBUTE extra[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_LABEL, "other", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + }; + + assert (p11_attrs_matchn (attrs, subset, 1)); + assert (!p11_attrs_matchn (attrs, different, 2)); + assert (!p11_attrs_matchn (attrs, extra, 3)); +} + +static void +test_find_bool (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_BBOOL vfalse = CK_FALSE; + CK_BBOOL value; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "\x01yy", 3 }, + { CKA_VALUE, &vtrue, (CK_ULONG)-1 }, + { CKA_TOKEN, &vtrue, sizeof (CK_BBOOL) }, + { CKA_TOKEN, &vfalse, sizeof (CK_BBOOL) }, + { CKA_INVALID }, + }; + + assert (p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE); + assert (!p11_attrs_find_bool (attrs, CKA_LABEL, &value)); + assert (!p11_attrs_find_bool (attrs, CKA_VALUE, &value)); +} + +static void +test_find_ulong (void) +{ + CK_ULONG v33 = 33UL; + CK_ULONG v45 = 45UL; + CK_ULONG value; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, &v33, 2 }, + { CKA_VALUE, &v45, (CK_ULONG)-1 }, + { CKA_BITS_PER_PIXEL, &v33, sizeof (CK_ULONG) }, + { CKA_BITS_PER_PIXEL, &v45, sizeof (CK_ULONG) }, + { CKA_INVALID }, + }; + + assert (p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33); + assert (!p11_attrs_find_ulong (attrs, CKA_LABEL, &value)); + assert (!p11_attrs_find_ulong (attrs, CKA_VALUE, &value)); +} + +static void +test_find_value (void) +{ + void *value; + size_t length; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "", (CK_ULONG)-1 }, + { CKA_LABEL, NULL, 5 }, + { CKA_LABEL, "", 0 }, + { CKA_LABEL, "test", 4 }, + { CKA_VALUE, NULL, 0 }, + { CKA_INVALID }, + }; + + value = p11_attrs_find_value (attrs, CKA_LABEL, &length); + assert_ptr_eq (attrs[3].pValue, value); + assert_num_eq (4, length); + + value = p11_attrs_find_value (attrs, CKA_LABEL, NULL); + assert_ptr_eq (attrs[3].pValue, value); + + value = p11_attrs_find_value (attrs, CKA_VALUE, &length); + assert_ptr_eq (NULL, value); + + value = p11_attrs_find_value (attrs, CKA_TOKEN, &length); + assert_ptr_eq (NULL, value); +} + +static void +test_find_valid (void) +{ + CK_ATTRIBUTE *attr; + + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "", (CK_ULONG)-1 }, + { CKA_LABEL, NULL, 5 }, + { CKA_LABEL, "", 0 }, + { CKA_LABEL, "test", 4 }, + { CKA_VALUE, "value", 5 }, + { CKA_INVALID }, + }; + + attr = p11_attrs_find_valid (attrs, CKA_LABEL); + assert_ptr_eq (attrs + 3, attr); + + attr = p11_attrs_find_valid (attrs, CKA_VALUE); + assert_ptr_eq (attrs + 4, attr); + + attr = p11_attrs_find_valid (attrs, CKA_TOKEN); + assert_ptr_eq (NULL, attr); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_equal, "/attrs/equal"); + p11_test (test_hash, "/attrs/hash"); + p11_test (test_to_string, "/attrs/to-string"); + + p11_test (test_terminator, "/attrs/terminator"); + p11_test (test_count, "/attrs/count"); + p11_test (test_build_one, "/attrs/build-one"); + p11_test (test_build_two, "/attrs/build-two"); + p11_test (test_build_invalid, "/attrs/build-invalid"); + p11_test (test_buildn_one, "/attrs/buildn-one"); + p11_test (test_buildn_two, "/attrs/buildn-two"); + p11_test (test_build_add, "/attrs/build-add"); + p11_test (test_build_null, "/attrs/build-null"); + p11_test (test_dup, "/attrs/dup"); + p11_test (test_take, "/attrs/take"); + p11_test (test_merge_replace, "/attrs/merge-replace"); + p11_test (test_merge_augment, "/attrs/merge-augment"); + p11_test (test_merge_empty, "/attrs/merge-empty"); + p11_test (test_free_null, "/attrs/free-null"); + p11_test (test_match, "/attrs/match"); + p11_test (test_matchn, "/attrs/matchn"); + p11_test (test_find, "/attrs/find"); + p11_test (test_findn, "/attrs/findn"); + p11_test (test_find_bool, "/attrs/find-bool"); + p11_test (test_find_ulong, "/attrs/find-ulong"); + p11_test (test_find_value, "/attrs/find-value"); + p11_test (test_find_valid, "/attrs/find-valid"); + p11_test (test_remove, "/attrs/remove"); + p11_test (test_purge, "/attrs/purge"); + return p11_test_run (argc, argv); +} diff --git a/common/test-buffer.c b/common/test-buffer.c new file mode 100644 index 0000000..4fd060d --- /dev/null +++ b/common/test-buffer.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "debug.h" +#include "buffer.h" + +static void +test_init_uninit (void) +{ + p11_buffer buffer; + + p11_buffer_init (&buffer, 10); + assert_ptr_not_null (buffer.data); + assert_num_eq (0, buffer.len); + assert_num_eq (0, buffer.flags); + assert (buffer.size >= 10); + assert_ptr_not_null (buffer.ffree); + assert_ptr_not_null (buffer.frealloc); + + p11_buffer_uninit (&buffer); +} + +static void +test_append (void) +{ + p11_buffer buffer; + + p11_buffer_init (&buffer, 10); + buffer.len = 5; + p11_buffer_append (&buffer, 35); + assert_num_eq (5 + 35, buffer.len); + assert (buffer.size >= 35 + 5); + + p11_buffer_append (&buffer, 15); + assert_num_eq (5 + 35 + 15, buffer.len); + assert (buffer.size >= 5 + 35 + 15); + + p11_buffer_uninit (&buffer); +} + +static void +test_null (void) +{ + p11_buffer buffer; + + p11_buffer_init_null (&buffer, 10); + p11_buffer_add (&buffer, "Blah", -1); + p11_buffer_add (&buffer, " blah", -1); + + assert_str_eq ("Blah blah", buffer.data); + + p11_buffer_uninit (&buffer); +} + +static int mock_realloced = 0; +static int mock_freed = 0; + +static void * +mock_realloc (void *data, + size_t size) +{ + mock_realloced++; + return realloc (data, size); +} + +static void +mock_free (void *data) +{ + mock_freed++; + free (data); +} + +static void +test_init_for_data (void) +{ + p11_buffer buffer; + unsigned char *ret; + size_t len; + + mock_realloced = 0; + mock_freed = 0; + + p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0, + mock_realloc, mock_free); + + assert_ptr_not_null (buffer.data); + assert_str_eq ("blah", (char *)buffer.data); + assert_num_eq (4, buffer.len); + assert_num_eq (0, buffer.flags); + assert_num_eq (4, buffer.size); + assert_ptr_eq (mock_free, buffer.ffree); + assert_ptr_eq (mock_realloc, buffer.frealloc); + + assert_num_eq (0, mock_realloced); + assert_num_eq (0, mock_freed); + + len = buffer.len; + ret = p11_buffer_append (&buffer, 1024); + assert_ptr_eq ((char *)buffer.data + len, ret); + assert_num_eq (1, mock_realloced); + + p11_buffer_uninit (&buffer); + assert_num_eq (1, mock_realloced); + assert_num_eq (1, mock_freed); +} + +static void +test_steal (void) +{ + p11_buffer buffer; + char *string; + size_t length; + + mock_freed = 0; + + p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, + P11_BUFFER_NULL, mock_realloc, mock_free); + + assert_ptr_not_null (buffer.data); + assert_str_eq ("blah", buffer.data); + + p11_buffer_add (&buffer, " yada", -1); + assert_str_eq ("blah yada", buffer.data); + + string = p11_buffer_steal (&buffer, &length); + p11_buffer_uninit (&buffer); + + assert_str_eq ("blah yada", string); + assert_num_eq (9, length); + assert_num_eq (0, mock_freed); + + free (string); +} + +static void +test_add (void) +{ + p11_buffer buffer; + + p11_buffer_init (&buffer, 10); + + p11_buffer_add (&buffer, (unsigned char *)"Planet Express", 15); + assert_num_eq (15, buffer.len); + assert_str_eq ("Planet Express", (char *)buffer.data); + assert (p11_buffer_ok (&buffer)); + + p11_buffer_uninit (&buffer); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_init_uninit, "/buffer/init-uninit"); + p11_test (test_init_for_data, "/buffer/init-for-data"); + p11_test (test_append, "/buffer/append"); + p11_test (test_null, "/buffer/null"); + p11_test (test_add, "/buffer/add"); + p11_test (test_steal, "/buffer/steal"); + return p11_test_run (argc, argv); +} diff --git a/common/test-compat.c b/common/test-compat.c new file mode 100644 index 0000000..9759003 --- /dev/null +++ b/common/test-compat.c @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "compat.h" + +static void +test_strndup (void) +{ + char unterminated[] = { 't', 'e', 's', 't', 'e', 'r', 'o', 'n', 'i', 'o' }; + char *res; + + res = strndup (unterminated, 6); + assert_str_eq (res, "tester"); + free (res); + + res = strndup ("test", 6); + assert_str_eq (res, "test"); + free (res); +} + +#ifdef OS_UNIX + +static void +test_getauxval (void) +{ + /* 23 is AT_SECURE */ + const char *args[] = { BUILDDIR "/common/frob-getauxval", "23", NULL }; + char *path; + int ret; + + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 0); + + path = p11_test_copy_setgid (args[0], BUILDDIR); + if (path == NULL) + return; + + args[0] = path; + ret = p11_test_run_child (args, true); + assert_num_cmp (ret, !=, 0); + + if (unlink (path) < 0) + assert_fail ("unlink failed", strerror (errno)); + free (path); +} + +static void +test_secure_getenv (void) +{ + const char *args[] = { BUILDDIR "/common/frob-getenv", "BLAH", NULL }; + char *path; + int ret; + + setenv ("BLAH", "5", 1); + + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 5); + + path = p11_test_copy_setgid (args[0], BUILDDIR); + if (path == NULL) + return; + + args[0] = path; + ret = p11_test_run_child (args, true); + assert_num_cmp (ret, ==, 0); + + if (unlink (path) < 0) + assert_fail ("unlink failed", strerror (errno)); + free (path); +} + +static void +test_mmap (void) +{ + p11_mmap *map; + void *data; + size_t size; + char file[] = "emptyfileXXXXXX"; + int fd = mkstemp (file); + assert (fd >= 0); + close (fd); + /* mmap on empty file should work */ + map = p11_mmap_open (file, NULL, &data, &size); + unlink (file); + assert_ptr_not_null (map); + p11_mmap_close (map); +} + +static void +test_getprogname (void) +{ +#if defined(__linux__) && defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME) + const char *args[] = { BUILDDIR "/common/frob-getprogname", NULL }; + int ret; + + ret = p11_test_run_child (args, false); + assert_num_eq (ret, 0); +#else + assert_skip ("cannot perform getprogname test", NULL); +#endif +} + +#endif /* OS_UNIX */ + +int +main (int argc, + char *argv[]) +{ + p11_test (test_strndup, "/compat/strndup"); +#ifdef OS_UNIX + /* Don't run this test when under fakeroot, or the binary is + * written under /tmp */ + if (!getenv ("FAKED_MODE") && strncmp (BUILDDIR, "/tmp/", 5) != 0) { + p11_test (test_getauxval, "/compat/getauxval"); + p11_test (test_secure_getenv, "/compat/secure_getenv"); + } + p11_test (test_mmap, "/compat/mmap"); + p11_test (test_getprogname, "/compat/getprogname"); +#endif + return p11_test_run (argc, argv); +} diff --git a/common/test-constants.c b/common/test-constants.c new file mode 100644 index 0000000..577d611 --- /dev/null +++ b/common/test-constants.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "attrs.h" +#include "constants.h" +#include "debug.h" + +static void +test_constants (void *arg) +{ + const p11_constant *constant = arg; + p11_dict *nicks, *names; + CK_ULONG check; + int i, j; + + nicks = p11_constant_reverse (true); + names = p11_constant_reverse (false); + + for (i = 1; constant[i].value != CKA_INVALID; i++) { + if (constant[i].value < constant[i - 1].value) + assert_fail ("attr constant out of order", constant[i].name); + } + for (i = 0; constant[i].value != CKA_INVALID; i++) { + assert_ptr_not_null (constant[i].name); + + if (constant[i].nicks[0]) { + assert_str_eq (constant[i].nicks[0], + p11_constant_nick (constant, constant[i].value)); + } + + assert_str_eq (constant[i].name, + p11_constant_name (constant, constant[i].value)); + + for (j = 0; constant[i].nicks[j] != NULL; j++) { + check = p11_constant_resolve (nicks, constant[i].nicks[j]); + assert_num_eq (constant[i].value, check); + } + + check = p11_constant_resolve (names, constant[i].name); + assert_num_eq (constant[i].value, check); + } + + p11_dict_free (names); + p11_dict_free (nicks); +} + +int +main (int argc, + char *argv[]) +{ + p11_testx (test_constants, (void *)p11_constant_types, "/constants/types"); + p11_testx (test_constants, (void *)p11_constant_classes, "/constants/classes"); + p11_testx (test_constants, (void *)p11_constant_trusts, "/constants/trusts"); + p11_testx (test_constants, (void *)p11_constant_certs, "/constants/certs"); + p11_testx (test_constants, (void *)p11_constant_keys, "/constants/keys"); + p11_testx (test_constants, (void *)p11_constant_asserts, "/constants/asserts"); + p11_testx (test_constants, (void *)p11_constant_categories, "/constants/categories"); + p11_testx (test_constants, (void *)p11_constant_mechanisms, "/constants/mechanisms"); + p11_testx (test_constants, (void *)p11_constant_users, "/constants/users"); + p11_testx (test_constants, (void *)p11_constant_states, "/constants/states"); + p11_testx (test_constants, (void *)p11_constant_returns, "/constants/returns"); + + return p11_test_run (argc, argv); +} diff --git a/common/test-dict.c b/common/test-dict.c new file mode 100644 index 0000000..f12a34e --- /dev/null +++ b/common/test-dict.c @@ -0,0 +1,522 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "dict.h" + +static void +test_create (void) +{ + p11_dict *map; + + map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + assert_ptr_not_null (map); + p11_dict_free (map); +} + +static void +test_free_null (void) +{ + p11_dict_free (NULL); +} + +typedef struct { + int value; + bool freed; +} Key; + +static unsigned int +key_hash (const void *ptr) +{ + const Key *k = ptr; + assert (!k->freed); + return p11_dict_intptr_hash (&k->value); +} + +static bool +key_equal (const void *one, + const void *two) +{ + const Key *k1 = one; + const Key *k2 = two; + assert (!k1->freed); + assert (!k2->freed); + return p11_dict_intptr_equal (&k1->value, &k2->value); +} + +static void +key_destroy (void *data) +{ + Key *k = data; + assert (!k->freed); + k->freed = true; +} + +static void +value_destroy (void *data) +{ + int *value = data; + *value = 2; +} + +static void +test_free_destroys (void) +{ + p11_dict *map; + Key key = { 8, 0 }; + int value = 0; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + p11_dict_free (map); + + assert_num_eq (true, key.freed); + assert_num_eq (2, value); +} + +static void +test_iterate (void) +{ + p11_dict *map; + p11_dictiter iter; + int key = 1; + int value = 2; + void *pkey; + void *pvalue; + int ret; + + map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + p11_dict_iterate (map, &iter); + + ret = p11_dict_next (&iter, &pkey, &pvalue); + assert_num_eq (1, ret); + assert_ptr_eq (pkey, &key); + assert_ptr_eq (pvalue, &value); + + ret = p11_dict_next (&iter, &pkey, &pvalue); + assert_num_eq (0, ret); + + p11_dict_free (map); +} + +static int +compar_strings (const void *one, + const void *two) +{ + char **p1 = (char **)one; + char **p2 = (char **)two; + return strcmp (*p1, *p2); +} + +static void +test_iterate_remove (void) +{ + p11_dict *map; + p11_dictiter iter; + char *keys[] = { "111", "222", "333" }; + char *values[] = { "444", "555", "666" }; + void *okeys[3]; + void *ovalues[3]; + bool ret; + int i; + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + assert_ptr_not_null (map); + + for (i = 0; i < 3; i++) { + if (!p11_dict_set (map, keys[i], values[i])) + assert_not_reached (); + } + + p11_dict_iterate (map, &iter); + + ret = p11_dict_next (&iter, &okeys[0], &ovalues[0]); + assert_num_eq (true, ret); + + ret = p11_dict_next (&iter, &okeys[1], &ovalues[1]); + assert_num_eq (true, ret); + if (!p11_dict_remove (map, okeys[1])) + assert_not_reached (); + + ret = p11_dict_next (&iter, &okeys[2], &ovalues[2]); + assert_num_eq (true, ret); + + ret = p11_dict_next (&iter, NULL, NULL); + assert_num_eq (false, ret); + + assert_num_eq (2, p11_dict_size (map)); + p11_dict_free (map); + + qsort (okeys, 3, sizeof (void *), compar_strings); + qsort (ovalues, 3, sizeof (void *), compar_strings); + + for (i = 0; i < 3; i++) { + assert_str_eq (keys[i], okeys[i]); + assert_ptr_eq (keys[i], okeys[i]); + assert_str_eq (values[i], ovalues[i]); + assert_ptr_eq (values[i], ovalues[i]); + } +} + +static void +test_set_get (void) +{ + char *key = "KEY"; + char *value = "VALUE"; + char *check; + p11_dict *map; + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + p11_dict_set (map, key, value); + check = p11_dict_get (map, key); + assert_ptr_eq (check, value); + + p11_dict_free (map); +} + +static void +test_set_get_remove (void) +{ + char *key = "KEY"; + char *value = "VALUE"; + char *check; + p11_dict *map; + bool ret; + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + + if (!p11_dict_set (map, key, value)) + assert_not_reached (); + + check = p11_dict_get (map, key); + assert_ptr_eq (check, value); + + ret = p11_dict_remove (map, key); + assert_num_eq (true, ret); + ret = p11_dict_remove (map, key); + assert_num_eq (false, ret); + + check = p11_dict_get (map, key); + assert (check == NULL); + + p11_dict_free (map); +} + +static void +test_set_clear (void) +{ + char *key = "KEY"; + char *value = "VALUE"; + char *check; + p11_dict *map; + + map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + if (!p11_dict_set (map, key, value)) + assert_not_reached (); + + p11_dict_clear (map); + + check = p11_dict_get (map, key); + assert (check == NULL); + + p11_dict_free (map); +} + +static void +test_remove_destroys (void) +{ + p11_dict *map; + Key key = { 8, 0 }; + int value = 0; + bool ret; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + ret = p11_dict_remove (map, &key); + assert_num_eq (true, ret); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + ret = p11_dict_remove (map, &key); + assert_num_eq (false, ret); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + p11_dict_free (map); + + assert_num_eq (false, key.freed); + assert_num_eq (0, value); +} + +static void +test_set_destroys (void) +{ + p11_dict *map; + Key key = { 8, 0 }; + Key key2 = { 8, 0 }; + int value, value2; + bool ret; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting same key and value, should not be destroyed */ + ret = p11_dict_set (map, &key, &value); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value); + assert_num_eq (0, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting a new key same value, key should be destroyed */ + ret = p11_dict_set (map, &key2, &value); + assert_num_eq (true, ret); + assert_num_eq (true, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value); + assert_num_eq (0, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting same key, new value, value should be destroyed */ + ret = p11_dict_set (map, &key2, &value2); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (2, value); + assert_num_eq (0, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + /* Setting new key new value, both should be destroyed */ + ret = p11_dict_set (map, &key, &value); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (true, key2.freed); + assert_num_eq (0, value); + assert_num_eq (2, value2); + + key.freed = key2.freed = false; + value = value2 = 0; + + p11_dict_free (map); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value2); +} + + +static void +test_clear_destroys (void) +{ + p11_dict *map; + Key key = { 18, 0 }; + int value = 0; + + map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); + assert_ptr_not_null (map); + if (!p11_dict_set (map, &key, &value)) + assert_not_reached (); + + p11_dict_clear (map); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + p11_dict_clear (map); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); + + /* should not be destroyed again */ + key.freed = false; + value = 0; + + p11_dict_free (map); + + assert_num_eq (false, key.freed); + assert_num_eq (0, value); +} + +static unsigned int +test_hash_intptr_with_collisions (const void *data) +{ + /* lots and lots of collisions, only returns 100 values */ + return (unsigned int)(*((int*)data) % 100); +} + +static void +test_hash_add_check_lots_and_collisions (void) +{ + p11_dict *map; + int *value; + int i; + + map = p11_dict_new (test_hash_intptr_with_collisions, + p11_dict_intptr_equal, NULL, free); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (int)); + assert (value != NULL); + *value = i; + if (!p11_dict_set (map, value, value)) + assert_not_reached (); + } + + for (i = 0; i < 20000; ++i) { + value = p11_dict_get (map, &i); + assert_ptr_not_null (value); + assert_num_eq (i, *value); + } + + p11_dict_free (map); +} + +static void +test_hash_count (void) +{ + p11_dict *map; + int *value; + int i; + bool ret; + + map = p11_dict_new (p11_dict_intptr_hash, p11_dict_intptr_equal, NULL, free); + + assert_num_eq (0, p11_dict_size (map)); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (int)); + assert (value != NULL); + *value = i; + if (!p11_dict_set (map, value, value)) + assert_not_reached (); + assert_num_eq (i + 1, p11_dict_size (map)); + } + + for (i = 0; i < 20000; ++i) { + ret = p11_dict_remove (map, &i); + assert_num_eq (true, ret); + assert_num_eq (20000 - (i + 1), p11_dict_size (map)); + } + + p11_dict_clear (map); + assert_num_eq (0, p11_dict_size (map)); + + p11_dict_free (map); +} + +static void +test_hash_ulongptr (void) +{ + p11_dict *map; + unsigned long *value; + unsigned long i; + + map = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); + + for (i = 0; i < 20000; ++i) { + value = malloc (sizeof (unsigned long)); + assert (value != NULL); + *value = i; + if (!p11_dict_set (map, value, value)) + assert_not_reached (); + } + + for (i = 0; i < 20000; ++i) { + value = p11_dict_get (map, &i); + assert_ptr_not_null (value); + assert_num_eq (i, *value); + } + + p11_dict_free (map); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_create, "/dict/create"); + p11_test (test_set_get, "/dict/set-get"); + p11_test (test_set_get_remove, "/dict/set-get-remove"); + p11_test (test_remove_destroys, "/dict/remove-destroys"); + p11_test (test_set_clear, "/dict/set-clear"); + p11_test (test_set_destroys, "/dict/set-destroys"); + p11_test (test_clear_destroys, "/dict/clear-destroys"); + p11_test (test_free_null, "/dict/free-null"); + p11_test (test_free_destroys, "/dict/free-destroys"); + p11_test (test_iterate, "/dict/iterate"); + p11_test (test_iterate_remove, "/dict/iterate-remove"); + p11_test (test_hash_add_check_lots_and_collisions, "/dict/add-check-lots-and-collisions"); + p11_test (test_hash_count, "/dict/count"); + p11_test (test_hash_ulongptr, "/dict/ulongptr"); + return p11_test_run (argc, argv); +} diff --git a/common/test-hash.c b/common/test-hash.c new file mode 100644 index 0000000..a12d5a4 --- /dev/null +++ b/common/test-hash.c @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#include "hash.h" + +static void +test_murmur3 (void) +{ + uint32_t one, two, four, seven, eleven, split; + + assert (sizeof (one) == P11_HASH_MURMUR3_LEN); + + p11_hash_murmur3 ((unsigned char *)&one, "one", 3, NULL); + p11_hash_murmur3 ((unsigned char *)&two, "two", 3, NULL); + p11_hash_murmur3 ((unsigned char *)&four, "four", 4, NULL); + p11_hash_murmur3 ((unsigned char *)&seven, "seven", 5, NULL); + p11_hash_murmur3 ((unsigned char *)&eleven, "eleven", 6, NULL); + p11_hash_murmur3 ((unsigned char *)&split, "ele", 3, "ven", 3, NULL); + + assert (one != two); + assert (one != four); + assert (one != seven); + assert (one != eleven); + + assert (two != four); + assert (two != seven); + assert (two != eleven); + + assert (four != seven); + assert (four != eleven); + + assert (split == eleven); +} + +static void +test_murmur3_incr (void) +{ + uint32_t first, second; + + p11_hash_murmur3 ((unsigned char *)&first, + "this is the long input!", (size_t)23, + NULL); + + p11_hash_murmur3 ((unsigned char *)&second, + "this", (size_t)4, + " ", (size_t)1, + "is ", (size_t)3, + "the long ", (size_t)9, + "in", (size_t)2, + "p", (size_t)1, + "u", (size_t)1, + "t", (size_t)1, + "!", (size_t)1, + NULL); + + assert_num_eq (first, second); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_murmur3, "/hash/murmur3"); + p11_test (test_murmur3_incr, "/hash/murmur3-incr"); + return p11_test_run (argc, argv); +} diff --git a/common/test-lexer.c b/common/test-lexer.c new file mode 100644 index 0000000..e4480fd --- /dev/null +++ b/common/test-lexer.c @@ -0,0 +1,253 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "compat.h" +#include "debug.h" +#include "lexer.h" +#include "message.h" + +typedef struct { + int tok_type; + const char *name; + const char *value; +} expected_tok; + +static void +check_lex_msg (const char *file, + int line, + const char *function, + const expected_tok *expected, + const char *input, + bool failure) +{ + p11_lexer lexer; + size_t len; + bool failed; + int i; + + p11_lexer_init (&lexer, "test", input, strlen (input)); + for (i = 0; p11_lexer_next (&lexer, &failed); i++) { + if (expected[i].tok_type != lexer.tok_type) + p11_test_fail (file, line, function, + "lexer token type does not match: (%d != %d)", + expected[i].tok_type, lexer.tok_type); + switch (lexer.tok_type) { + case TOK_FIELD: + if (strcmp (expected[i].name, lexer.tok.field.name) != 0) + p11_test_fail (file, line, function, + "field name doesn't match: (%s != %s)", + expected[i].name, lexer.tok.field.name); + if (strcmp (expected[i].value, lexer.tok.field.value) != 0) + p11_test_fail (file, line, function, + "field value doesn't match: (%s != %s)", + expected[i].value, lexer.tok.field.value); + break; + case TOK_SECTION: + if (strcmp (expected[i].name, lexer.tok.field.name) != 0) + p11_test_fail (file, line, function, + "section name doesn't match: (%s != %s)", + expected[i].name, lexer.tok.field.name); + break; + case TOK_PEM: + len = strlen (expected[i].name); + if (lexer.tok.pem.length < len || + strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) { + p11_test_fail (file, line, function, + "wrong type of PEM block: %s", + expected[i].name); + } + break; + case TOK_EOF: + p11_test_fail (file, line, function, "eof should not be received"); + break; + } + } + + if (failure && !failed) + p11_test_fail (file, line, function, "lexing didn't fail"); + else if (!failure && failed) + p11_test_fail (file, line, function, "lexing failed"); + if (TOK_EOF != expected[i].tok_type) + p11_test_fail (file, line, function, "premature end of lexing"); + + p11_lexer_done (&lexer); +} + +#define check_lex_success(expected, input) \ + check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, false) + +#define check_lex_failure(expected, input) \ + check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, true) + +static void +test_basic (void) +{ + const char *input = "[the header]\n" + "field: value\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n"; + + const expected_tok expected[] = { + { TOK_SECTION, "the header" }, + { TOK_FIELD, "field", "value" }, + { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, + { TOK_EOF } + }; + + check_lex_success (expected, input); +} + +static void +test_corners (void) +{ + const char *input = "\r\n" /* blankline */ + " [the header]\r\n" /* bad line endings */ + " field: value \r\n" /* whitespace */ + "number: 2\n" /* extra space*/ + "number :3\n" /* extra space*/ + "number : 4\n" /* extra space*/ + "\n" + " # A comment \n" + "not-a-comment: # value\n" + "-----BEGIN BLOCK1-----\r\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\r\n" + "-----END BLOCK1-----"; /* no new line */ + + const expected_tok expected[] = { + { TOK_SECTION, "the header" }, + { TOK_FIELD, "field", "value" }, + { TOK_FIELD, "number", "2" }, + { TOK_FIELD, "number", "3" }, + { TOK_FIELD, "number", "4" }, + { TOK_FIELD, "not-a-comment", "# value" }, + { TOK_PEM, "-----BEGIN BLOCK1-----\r\n", }, + { TOK_EOF } + }; + + check_lex_success (expected, input); +} + +static void +test_following (void) +{ + const char *input = "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "field: value"; + + const expected_tok expected[] = { + { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, + { TOK_FIELD, "field", "value" }, + { TOK_EOF } + }; + + check_lex_success (expected, input); +} + +static void +test_bad_pem (void) +{ + const char *input = "field: value\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"; + + const expected_tok expected[] = { + { TOK_FIELD, "field", "value" }, + { TOK_EOF } + }; + + p11_message_quiet (); + + check_lex_failure (expected, input); + + p11_message_loud (); +} + +static void +test_bad_section (void) +{ + const char *input = "field: value\n" + "[section\n" + "bad]\n"; + + const expected_tok expected[] = { + { TOK_FIELD, "field", "value" }, + { TOK_EOF } + }; + + p11_message_quiet (); + + check_lex_failure (expected, input); + + p11_message_loud (); +} + +static void +test_bad_value (void) +{ + const char *input = "field_value\n" + "[section\n" + "bad]\n"; + + const expected_tok expected[] = { + { TOK_EOF } + }; + + p11_message_quiet (); + + check_lex_failure (expected, input); + + p11_message_loud (); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_basic, "/lexer/basic"); + p11_test (test_corners, "/lexer/corners"); + p11_test (test_following, "/lexer/following"); + p11_test (test_bad_pem, "/lexer/bad-pem"); + p11_test (test_bad_section, "/lexer/bad-section"); + p11_test (test_bad_value, "/lexer/bad-value"); + return p11_test_run (argc, argv); +} diff --git a/common/test-message.c b/common/test-message.c new file mode 100644 index 0000000..5f0fce4 --- /dev/null +++ b/common/test-message.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "message.h" + +#include +#ifdef HAVE_LOCALE_H +#include +#endif +#include +#include + +#ifdef HAVE_STRERROR_L +extern locale_t p11_message_locale; +#endif + +static void +test_with_err (void) +{ + const char *last; + char *expected; + +#ifdef HAVE_STRERROR_L + p11_message_locale = newlocale (LC_ALL_MASK, "POSIX", (locale_t) 0); +#endif + + errno = E2BIG; + p11_message_err (ENOENT, "Details: %s", "value"); + last = p11_message_last (); + + if (asprintf (&expected, "Details: value: %s", strerror (ENOENT)) < 0) + assert_not_reached (); + assert_str_eq (expected, last); + free (expected); + +#ifdef HAVE_STRERROR_L + freelocale (p11_message_locale); +#endif +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_with_err, "/message/with-err"); + return p11_test_run (argc, argv); +} diff --git a/common/test-path.c b/common/test-path.c new file mode 100644 index 0000000..2eb5444 --- /dev/null +++ b/common/test-path.c @@ -0,0 +1,238 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "compat.h" +#include "path.h" + +static void +test_base (void) +{ + struct { + const char *in; + const char *out; + } fixtures[] = { + { "/this/is/a/path", "path" }, + { "/this/is/a/folder/", "folder" }, + { "folder/", "folder" }, + { "/", "" }, + { "this", "this" }, +#ifdef OS_WIN32 + { "\\this\\is\\a\\path", "path" }, + { "\\this\\is\\a\\folder\\", "folder" }, + { "C:\\this\\is\\a\\path", "path" }, + { "D:\\this\\is\\a\\folder\\", "folder" }, + { "folder\\", "folder" }, + { "\\", "" }, +#endif + { NULL }, + }; + + char *out; + int i; + + for (i = 0; fixtures[i].in != NULL; i++) { + out = p11_path_base (fixtures[i].in); + assert_str_eq (fixtures[i].out, out); + free (out); + } +} + +#define assert_str_eq_free(ex, ac) \ + do { const char *__s1 = (ex); \ + char *__s2 = (ac); \ + if (__s1 && __s2 && strcmp (__s1, __s2) == 0) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (%s == %s)", \ + #ex, #ac, __s1 ? __s1 : "(null)", __s2 ? __s2 : "(null)"); \ + free (__s2); \ + } while (0) + +static void +test_build (void) +{ +#ifdef OS_UNIX + assert_str_eq_free ("/root/second", + p11_path_build ("/root", "second", NULL)); + assert_str_eq_free ("/root/second", + p11_path_build ("/root", "/second", NULL)); + assert_str_eq_free ("/root/second", + p11_path_build ("/root/", "second", NULL)); + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "second", "third", NULL)); + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "/second/third", NULL)); +#else /* OS_WIN32 */ + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root", "second", NULL)); + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root", "\\second", NULL)); + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root\\", "second", NULL)); + assert_str_eq_free ("C:\\root\\second\\third", + p11_path_build ("C:\\root", "second", "third", NULL)); + assert_str_eq_free ("C:\\root\\second/third", + p11_path_build ("C:\\root", "second/third", NULL)); +#endif +} + +static void +test_expand (void) +{ + char *path; + +#ifdef OS_UNIX + putenv ("HOME=/home/blah"); + assert_str_eq_free ("/home/blah/my/path", + p11_path_expand ("~/my/path")); + assert_str_eq_free ("/home/blah", + p11_path_expand ("~")); + putenv ("XDG_CONFIG_HOME=/my"); + assert_str_eq_free ("/my/path", + p11_path_expand ("~/.config/path")); + putenv ("XDG_CONFIG_HOME="); + assert_str_eq_free ("/home/blah/.config/path", + p11_path_expand ("~/.config/path")); +#else /* OS_WIN32 */ + putenv ("HOME=C:\\Users\\blah"); + assert_str_eq_free ("C:\\Users\\blah\\my/path", + p11_path_expand ("~/my/path")); + assert_str_eq_free ("C:\\Users\\blah\\path", + p11_path_expand ("~\\path")); +#endif + + putenv("HOME="); + path = p11_path_expand ("~/this/is/my/path"); + assert (strstr (path, "this/is/my/path") != NULL); + free (path); +} + +static void +test_absolute (void) +{ +#ifdef OS_UNIX + assert (p11_path_absolute ("/home")); + assert (!p11_path_absolute ("home")); +#else /* OS_WIN32 */ + assert (p11_path_absolute ("C:\\home")); + assert (!p11_path_absolute ("home")); + assert (p11_path_absolute ("/home")); +#endif +} + +static void +test_parent (void) +{ + assert_str_eq_free ("/", p11_path_parent ("/root")); + assert_str_eq_free ("/", p11_path_parent ("/root/")); + assert_str_eq_free ("/", p11_path_parent ("/root//")); + assert_str_eq_free ("/root", p11_path_parent ("/root/second")); + assert_str_eq_free ("/root", p11_path_parent ("/root//second")); + assert_str_eq_free ("/root", p11_path_parent ("/root//second//")); + assert_str_eq_free ("/root", p11_path_parent ("/root///second")); + assert_str_eq_free ("/root/second", p11_path_parent ("/root/second/test.file")); + assert_ptr_eq (NULL, p11_path_parent ("/")); + assert_ptr_eq (NULL, p11_path_parent ("//")); + assert_ptr_eq (NULL, p11_path_parent ("")); +} + +static void +test_prefix (void) +{ + assert (p11_path_prefix ("/test/second", "/test")); + assert (!p11_path_prefix ("/test", "/test")); + assert (!p11_path_prefix ("/different/prefix", "/test")); + assert (!p11_path_prefix ("/te", "/test")); + assert (!p11_path_prefix ("/test", "/test/blah")); + assert (p11_path_prefix ("/test/other/second", "/test")); + assert (p11_path_prefix ("/test//other//second", "/test")); +} + +static void +test_canon (void) +{ + char *test; + + test = strdup ("2309haonutb;AOE@#$O "); + p11_path_canon (test); + assert_str_eq (test, "2309haonutb_AOE___O_"); + free (test); + + test = strdup ("22@# %ATI@#$onot"); + p11_path_canon (test); + assert_str_eq (test, "22____ATI___onot"); + free (test); +} + +static void +test_encode (void) +{ + char *test; + + test = p11_path_encode ("2309haonutb;/AOE@#$O "); + assert_str_eq (test, "2309haonutb%3B/AOE%40%23%24O%20"); + free (test); +} + +static void +test_decode (void) +{ + char *test; + + test = p11_path_decode ("2309haonutb%3b/AOE%40%23%24O%20"); + assert_str_eq (test, "2309haonutb;/AOE@#$O "); + free (test); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_base, "/path/base"); + p11_test (test_build, "/path/build"); + p11_test (test_expand, "/path/expand"); + p11_test (test_absolute, "/path/absolute"); + p11_test (test_parent, "/path/parent"); + p11_test (test_prefix, "/path/prefix"); + p11_test (test_canon, "/path/canon"); + p11_test (test_encode, "/path/encode"); + p11_test (test_decode, "/path/decode"); + + return p11_test_run (argc, argv); +} diff --git a/common/test-runtime.c b/common/test-runtime.c new file mode 100644 index 0000000..51071b8 --- /dev/null +++ b/common/test-runtime.c @@ -0,0 +1,143 @@ +/* + * Copyright (c) 2018 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" +#include "test.h" + +#include "runtime.h" +#include "compat.h" + +#include +#include + +#ifdef OS_UNIX +#include +#include +#endif + +static struct { + char *directory; +} test; + +extern const char * const *_p11_runtime_bases; + +static void +setup (void *unused) +{ + test.directory = p11_test_directory ("p11-test-runtime"); +} + +static void +teardown (void *unused) +{ + p11_test_directory_delete (test.directory); + free (test.directory); +} + +static void +test_xdg_runtime_dir (void) +{ + char *directory; + + setenv ("XDG_RUNTIME_DIR", "/nowhere", 1); + p11_get_runtime_directory (&directory); + assert_str_eq ("/nowhere", directory); + free (directory); +} + +#ifdef OS_UNIX +static void +test_bases (void) +{ + char *directory; + const char * bases[] = { + NULL, + NULL + }; + char *user, *path; + CK_RV rv; + + if (asprintf (&user, "%s/user", test.directory) < 0) + assert_not_reached (); + if (mkdir (user, 0700) < 0) + assert_not_reached (); + if (asprintf (&path, "%s/%d", user, getuid ()) < 0) + assert_not_reached (); + free (user); + if (mkdir (path, 0700) < 0) + assert_not_reached (); + + bases[0] = test.directory; + _p11_runtime_bases = bases; + + unsetenv ("XDG_RUNTIME_DIR"); + rv = p11_get_runtime_directory (&directory); + assert_num_eq (CKR_OK, rv); + assert_str_eq (path, directory); + free (path); + free (directory); +} +#endif + +static void +test_xdg_cache_home (void) +{ + char *directory; +#ifdef OS_UNIX + const char * bases[] = { + NULL + }; + _p11_runtime_bases = bases; +#endif + + /* MinGW doesn't have unsetenv */ + setenv ("XDG_RUNTIME_DIR", "", 1); + setenv ("XDG_CACHE_HOME", "/cache", 1); + p11_get_runtime_directory (&directory); + assert_str_eq ("/cache", directory); + free (directory); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_xdg_runtime_dir, "/runtime/xdg-runtime-dir"); +#ifdef OS_UNIX + p11_test (test_bases, "/runtime/bases"); +#endif + p11_test (test_xdg_cache_home, "/runtime/xdg-cache-home"); + p11_test_run (argc, argv); +} diff --git a/common/test-tests.c b/common/test-tests.c new file mode 100644 index 0000000..2ca1929 --- /dev/null +++ b/common/test-tests.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include + +static void +test_success (void) +{ + /* Yup, nothing */ +} + + +static void +test_failure (void) +{ + if (getenv ("TEST_FAIL")) { + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, + "Unconditional test failure due to TEST_FAIL environment variable"); + } +} + +static void +test_memory (void) +{ + char *mem; + + if (getenv ("TEST_FAIL")) { + mem = malloc (1); + assert (mem != NULL); + free (mem); + /* cppcheck-suppress deallocuse */ + *mem = 1; + } +} + + +static void +test_leak (void) +{ + char *mem; + + if (getenv ("TEST_FAIL")) { + mem = malloc (1); + assert (mem != NULL); + *mem = 1; + } + /* cppcheck-suppress memleak */ +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_success, "/test/success"); + + if (getenv ("TEST_FAIL")) { + p11_test (test_failure, "/test/failure"); + p11_test (test_memory, "/test/memory"); + p11_test (test_leak, "/test/leak"); + } + + return p11_test_run (argc, argv); +} diff --git a/common/test-url.c b/common/test-url.c new file mode 100644 index 0000000..4f10cb4 --- /dev/null +++ b/common/test-url.c @@ -0,0 +1,192 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "debug.h" +#include "message.h" + +#include +#include +#include +#include + +#include "url.h" + +static void +check_decode_msg (const char *file, + int line, + const char *function, + const char *input, + ssize_t input_len, + const char *expected, + size_t expected_len) +{ + unsigned char *decoded; + size_t length; + + if (input_len < 0) + input_len = strlen (input); + decoded = p11_url_decode (input, input + input_len, "", &length); + + if (expected == NULL) { + if (decoded != NULL) + p11_test_fail (file, line, function, "decoding should have failed"); + + } else { + if (decoded == NULL) + p11_test_fail (file, line, function, "decoding failed"); + if (expected_len != length) + p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", + (unsigned long)expected_len, (unsigned long)length); + if (memcmp (decoded, expected, length) != 0) + p11_test_fail (file, line, function, "decoding wrong"); + free (decoded); + } +} + +#define check_decode_success(input, input_len, expected, expected_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) + +#define check_decode_failure(input, input_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) + +static void +test_decode_success (void) +{ + check_decode_success ("%54%45%53%54%00", -1, "TEST", 5); + check_decode_success ("%54%45%53%54%00", 6, "TE", 2); + check_decode_success ("%54est%00", -1, "Test", 5); +} + +static void +test_decode_skip (void) +{ + const char *input = "%54 %45 %53 %54 %00"; + unsigned char *decoded; + size_t length; + + decoded = p11_url_decode (input, input + strlen (input), P11_URL_WHITESPACE, &length); + assert_str_eq ("TEST", (char *)decoded); + assert_num_eq (5, length); + + free (decoded); +} + +static void +test_decode_failure (void) +{ + /* Early termination */ + check_decode_failure ("%54%45%53%5", -1); + check_decode_failure ("%54%45%53%", -1); + + /* Not hex characters */ + check_decode_failure ("%54%XX%53%54%00", -1); +} + +static void +test_encode (void) +{ + const unsigned char *input = (unsigned char *)"TEST"; + p11_buffer buf; + + if (!p11_buffer_init_null (&buf, 5)) + assert_not_reached (); + + p11_url_encode (input, input + 5, "", &buf); + assert (p11_buffer_ok (&buf)); + assert_str_eq ("%54%45%53%54%00", (char *)buf.data); + assert_num_eq (15, buf.len); + + p11_buffer_uninit (&buf); +} + +static void +test_encode_verbatim (void) +{ + const unsigned char *input = (unsigned char *)"TEST"; + p11_buffer buf; + + if (!p11_buffer_init_null (&buf, 5)) + assert_not_reached (); + + p11_url_encode (input, input + 5, "ES", &buf); + assert (p11_buffer_ok (&buf)); + assert_str_eq ("%54ES%54%00", (char *)buf.data); + assert_num_eq (11, buf.len); + + p11_buffer_uninit (&buf); +} + +static void +test_encode_lower (void) +{ + const unsigned char *input = (unsigned char *)",.:;"; + p11_buffer buf; + + if (!p11_buffer_init_null (&buf, 5)) + assert_not_reached (); + + p11_url_encode (input, input + 5, "", &buf); + assert (p11_buffer_ok (&buf)); + assert_str_eq ("%2C%2E%3A%3B%00", (char *)buf.data); + assert_num_eq (15, buf.len); + + if (!p11_buffer_reset (&buf, 5)) + assert_not_reached (); + + setenv ("P11_KIT_URI_LOWERCASE", "1", 1); + + p11_url_encode (input, input + 5, "", &buf); + assert (p11_buffer_ok (&buf)); + assert_str_eq ("%2c%2e%3a%3b%00", (char *)buf.data); + assert_num_eq (15, buf.len); + + p11_buffer_uninit (&buf); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_decode_success, "/url/decode-success"); + p11_test (test_decode_skip, "/url/decode-skip"); + p11_test (test_decode_failure, "/url/decode-failure"); + + p11_test (test_encode, "/url/encode"); + p11_test (test_encode_verbatim, "/url/encode-verbatim"); + p11_test (test_encode_lower, "/url/encode-lower"); + return p11_test_run (argc, argv); +} diff --git a/common/test.c b/common/test.c new file mode 100644 index 0000000..82c41de --- /dev/null +++ b/common/test.c @@ -0,0 +1,648 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_TEST_SOURCE 1 + +#include "compat.h" +#include "test.h" +#include "debug.h" +#include "path.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef OS_UNIX +#include +#include +#endif + +enum { + FIXTURE, + TEST, +}; + +typedef void (*func_with_arg) (void *); + +typedef struct _test_item { + int type; + + union { + struct { + char name[1024]; + func_with_arg func; + void *argument; + bool failed; + } test; + struct { + func_with_arg setup; + func_with_arg teardown; + } fix; + } x; + + struct _test_item *next; +} test_item; + +struct { + test_item *suite; + test_item *last; + int number; + jmp_buf jump; +} gl = { NULL, NULL, 0, }; + +static void +print_diagnostics (const char *filename, + int line, + const char *function, + char *output) +{ + const char *pos; + char *from; + char *next; + + for (from = output; from != NULL; ) { + next = strchr (from, '\n'); + if (next) { + next[0] = '\0'; + next += 1; + } + + printf ("# %s\n", from); + from = next; + } + + pos = strrchr (filename, '/'); + if (pos != NULL && pos[1] != '\0') + filename = pos + 1; + + printf ("# in %s() at %s:%d\n", function, filename, line); +} + +void +p11_test_fail (const char *filename, + int line, + const char *function, + const char *message, + ...) +{ + char *output; + va_list va; + + assert (gl.last != NULL); + assert (gl.last->type == TEST); + gl.last->x.test.failed = true; + + printf ("not ok %d %s\n", gl.number, gl.last->x.test.name); + + va_start (va, message); + if (vasprintf (&output, message, va) < 0) + assert (0 && "vasprintf() failed"); + va_end (va); + + print_diagnostics (filename, line, function, output); + free (output); + + /* Let coverity know we're not supposed to return from here */ +#ifdef __COVERITY__ + abort(); +#endif + + longjmp (gl.jump, 1); +} + +void +p11_test_skip (const char *filename, + int line, + const char *function, + const char *message, + ...) +{ + char *output; + char *pos; + va_list va; + + assert (gl.last != NULL); + assert (gl.last->type == TEST); + + printf ("ok %d %s", gl.number, gl.last->x.test.name); + + va_start (va, message); + if (vasprintf (&output, message, va) < 0) + assert (0 && "vasprintf() failed"); + va_end (va); + + pos = strchr (output, '\n'); + if (pos) { + *pos = '\0'; + pos++; + } + printf (" # SKIP %s\n", output); + + if (pos) + print_diagnostics (filename, line, function, pos); + free (output); + + /* Let coverity know we're not supposed to return from here */ +#ifdef __COVERITY__ + abort(); +#endif + + longjmp (gl.jump, 1); +} + +void +p11_test_todo (const char *filename, + int line, + const char *function, + const char *message, + ...) +{ + char *output; + char *pos; + va_list va; + + assert (gl.last != NULL); + assert (gl.last->type == TEST); + + printf ("not ok %d %s", gl.number, gl.last->x.test.name); + + va_start (va, message); + if (vasprintf (&output, message, va) < 0) + assert (0 && "vasprintf() failed"); + va_end (va); + + pos = strchr (output, '\n'); + if (pos) { + *pos = '\0'; + pos++; + } + printf (" # TODO %s\n", output); + + if (pos) + print_diagnostics (filename, line, function, pos); + free (output); + + /* Let coverity know we're not supposed to return from here */ +#ifdef __COVERITY__ + abort(); +#endif + + longjmp (gl.jump, 1); +} + +static void +test_push (test_item *it) +{ + test_item *item; + + item = calloc (1, sizeof (test_item)); + assert (item != NULL); + memcpy (item, it, sizeof (test_item)); + + if (!gl.suite) + gl.suite = item; + if (gl.last) + gl.last->next = item; + gl.last = item; +} + +void +p11_test (void (* function) (void), + const char *name, + ...) +{ + test_item item = { TEST, }; + va_list va; + + item.x.test.func = (func_with_arg)function; + + va_start (va, name); + vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va); + va_end (va); + + test_push (&item); +} + +void +p11_testx (void (* function) (void *), + void *argument, + const char *name, + ...) +{ + test_item item = { TEST, }; + va_list va; + + item.type = TEST; + item.x.test.func = function; + item.x.test.argument = argument; + + va_start (va, name); + vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va); + va_end (va); + + test_push (&item); +} + +void +p11_fixture (void (* setup) (void *), + void (* teardown) (void *)) +{ + test_item item; + + item.type = FIXTURE; + item.x.fix.setup = setup; + item.x.fix.teardown = teardown; + + test_push (&item); +} + +static int +should_run_test (int argc, + char **argv, + test_item *item) +{ + int i; + if (argc == 0) + return 1; + for (i = 0; i < argc; i++) { + if (strcmp (argv[i], item->x.test.name) == 0) + return 1; + } + + return 0; +} + +int +p11_test_run (int argc, + char **argv) +{ + test_item *fixture = NULL; + test_item *item; + test_item *next; + int count; + int ret = 0; + int setup; + int opt; + + /* p11-kit specific stuff */ + putenv ("P11_KIT_STRICT=1"); + p11_debug_init (); + + while ((opt = getopt (argc, argv, "")) != -1) { + switch (opt) { + default: + fprintf (stderr, "specify only test names on the command line\n"); + return 2; + } + } + + argc -= optind; + argv += optind; + + assert (gl.number == 0); + gl.last = NULL; + + for (item = gl.suite, count = 0; item != NULL; item = item->next) { + if (item->type == TEST && should_run_test (argc, argv, item)) + count++; + } + + if (count == 0) { + printf ("1..0 # No tests\n"); + return 0; + } + + printf ("1..%d\n", count); + + for (item = gl.suite, gl.number = 0; item != NULL; item = item->next) { + if (item->type == FIXTURE) { + fixture = item; + continue; + } + + assert (item->type == TEST); + + if (!should_run_test (argc, argv, item)) + continue; + + gl.last = item; + gl.number++; + setup = 0; + + if (setjmp (gl.jump) == 0) { + if (fixture && fixture->x.fix.setup) + (fixture->x.fix.setup) (item->x.test.argument); + + setup = 1; + + assert (item->x.test.func); + (item->x.test.func)(item->x.test.argument); + + printf ("ok %d %s\n", gl.number, item->x.test.name); + } + + if (setup) { + if (setjmp (gl.jump) == 0) { + if (fixture && fixture->x.fix.teardown) + (fixture->x.fix.teardown) (item->x.test.argument); + } + } + + gl.last = NULL; + } + + for (item = gl.suite; item != NULL; item = next) { + if (item->type == TEST) { + if (item->x.test.failed) + ret++; + } + + next = item->next; + free (item); + } + + gl.suite = NULL; + gl.last = 0; + gl.number = 0; + return ret; +} + +static char * +expand_tempdir (const char *name) +{ + const char *env; + + env = secure_getenv ("TMPDIR"); + if (env && env[0]) { + return p11_path_build (env, name, NULL); + + } else { +#ifdef OS_UNIX +#ifdef _PATH_TMP + return p11_path_build (_PATH_TMP, name, NULL); +#else + return p11_path_build ("/tmp", name, NULL); +#endif + +#else /* OS_WIN32 */ + char directory[MAX_PATH + 1]; + + if (!GetTempPathA (MAX_PATH + 1, directory)) { + printf ("# couldn't lookup temp directory\n"); + errno = ENOTDIR; + return NULL; + } + + return p11_path_build (directory, name, NULL); + +#endif /* OS_WIN32 */ + } +} + +char * +p11_test_directory (const char *prefix) +{ + char *templ; + char *directory; + + if (asprintf (&templ, "%s.XXXXXX", prefix) < 0) + assert_not_reached (); + + directory = expand_tempdir (templ); + assert (directory != NULL); + + if (!mkdtemp (directory)) { + printf ("# couldn't create temp directory: %s: %s\n", + directory, strerror (errno)); + free (directory); + assert_not_reached (); + return NULL; + } + + free (templ); + return directory; +} + +void +p11_test_file_write (const char *base, + const char *name, + const void *contents, + size_t length) +{ + char *path = NULL; + FILE *f; + + if (base) { + if (asprintf (&path, "%s/%s", base, name) < 0) + assert_not_reached (); + name = path; + } + + f = fopen (name, "wb"); + if (f == NULL) { + printf ("# couldn't open file for writing: %s: %s\n", name, strerror (errno)); + assert_not_reached (); + } + + if (fwrite (contents, 1, length, f) != length || + fclose (f) != 0) { + printf ("# couldn't write to file: %s: %s\n", name, strerror (errno)); + assert_not_reached (); + } + + free (path); +} + +void +p11_test_file_delete (const char *base, + const char *name) +{ + char *path = NULL; + + if (base) { + if (asprintf (&path, "%s/%s", base, name) < 0) + assert_not_reached (); + name = path; + } + + if (unlink (name) < 0) { + printf ("# Couldn't delete file: %s\n", name); + assert_not_reached (); + } + + free (path); +} + +void +p11_test_directory_delete (const char *directory) +{ + struct dirent *dp; + DIR *dir; + char *path; + struct stat st; + + dir = opendir (directory); + if (dir == NULL) { + printf ("# Couldn't open directory: %s\n", directory); + assert_not_reached (); + } + + while ((dp = readdir (dir)) != NULL) { + if (strcmp (dp->d_name, ".") == 0 || + strcmp (dp->d_name, "..") == 0) + continue; + + if (asprintf (&path, "%s/%s", directory, dp->d_name) < 0) + assert_not_reached (); + if (stat (path, &st) < 0) + assert_not_reached (); + if (S_ISDIR (st.st_mode)) + p11_test_directory_delete (path); + else + p11_test_file_delete (directory, dp->d_name); + free (path); + } + + closedir (dir); + + if (rmdir (directory) < 0) { + printf ("# Couldn't remove directory: %s\n", directory); + assert_not_reached (); + } +} + + +#ifdef OS_UNIX + +static void +copy_file (const char *input, + int fd) +{ + p11_mmap *mmap; + const char *data; + ssize_t written; + size_t size; + + mmap = p11_mmap_open (input, NULL, (void **)&data, &size); + assert (mmap != NULL); + + while (size > 0) { + written = write (fd, data, size); + assert (written >= 0); + + data += written; + size -= written; + } + + p11_mmap_close (mmap); +} + +char * +p11_test_copy_setgid (const char *input, + const char *tmpdir) +{ + gid_t groups[128]; + char *path; + gid_t group = 0; + int ret; + int fd; + int i; + + ret = getgroups (128, groups); + for (i = 0; i < ret; ++i) { + if (groups[i] != getgid ()) { + group = groups[i]; + break; + } + } + if (i == ret) { + fprintf (stderr, "# no suitable group, skipping test\n"); + return NULL; + } + + if (asprintf(&path, "%s/test-setgid.XXXXXX", tmpdir) < 0) + assert_not_reached(); + + assert (path != NULL); + + fd = mkstemp (path); + assert (fd >= 0); + + copy_file (input, fd); + if (fchown (fd, getuid (), group) < 0) + assert_not_reached (); + if (fchmod (fd, 02750) < 0) + assert_not_reached (); + if (close (fd) < 0) + assert_not_reached (); + + return path; +} + +int +p11_test_run_child (const char **argv, + bool quiet_out) +{ + pid_t child; + int status; + + child = fork (); + assert (child >= 0); + + /* In the child process? */ + if (child == 0) { + if (quiet_out) + close (1); /* stdout */ + execv (argv[0], (char **)argv); + assert_not_reached (); + } + + if (waitpid (child, &status, 0) < 0) + assert_not_reached (); + + assert (!WIFSIGNALED (status)); + assert (WIFEXITED (status)); + + return WEXITSTATUS (status); +} + +#endif /* OS_UNIX */ diff --git a/common/test.h b/common/test.h new file mode 100644 index 0000000..81b90f6 --- /dev/null +++ b/common/test.h @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "compat.h" + +#ifndef P11_TEST_H_ +#define P11_TEST_H_ + +#ifndef P11_TEST_SOURCE + +#include + +#ifdef assert_not_reached +#undef assert_not_reached +#endif + +#ifdef assert +#undef assert +#endif + +#define assert(expr) \ + assert_true(expr) +#define assert_true(expr) \ + do { if (expr) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s)", #expr); \ + } while (0) +#define assert_false(expr) \ + do { if (expr) \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (!(%s))", #expr); \ + } while (0) +#define assert_fail(msg, detail) \ + do { const char *__s = (detail); \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "%s%s%s", (msg), __s ? ": ": "", __s ? __s : ""); \ + } while (0) +#define assert_skip(msg, detail) \ + do { const char *__s = (detail); \ + p11_test_skip (__FILE__, __LINE__, __FUNCTION__, "%s%s%s", (msg), __s ? ": ": "", __s ? __s : ""); \ + } while (0) +#define assert_todo(msg, detail) \ + do { const char *__s = (detail); \ + p11_test_todo (__FILE__, __LINE__, __FUNCTION__, "%s%s%s", (msg), __s ? ": ": "", __s ? __s : ""); \ + } while (0) +#define assert_not_reached(msg) \ + do { \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "code should not be reached"); \ + } while (0) +#define assert_ptr_not_null(ptr) \ + do { if ((ptr) != NULL) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s != NULL)", #ptr); \ + } while (0) +#define assert_num_cmp(a1, cmp, a2) \ + do { unsigned long __n1 = (a1); \ + unsigned long __n2 = (a2); \ + if (__n1 cmp __n2) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%lu %s %lu)", \ + #a1, #cmp, #a2, __n1, #cmp, __n2); \ + } while (0) +#define assert_num_eq(a1, a2) \ + assert_num_cmp(a1, ==, a2) +#define assert_str_cmp(a1, cmp, a2) \ + do { const char *__s1 = (a1); \ + const char *__s2 = (a2); \ + if (__s1 && __s2 && strcmp (__s1, __s2) cmp 0) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%s %s %s)", \ + #a1, #cmp, #a2, __s1 ? __s1 : "(null)", #cmp, __s2 ? __s2 : "(null)"); \ + } while (0) +#define assert_str_eq(a1, a2) \ + assert_str_cmp(a1, ==, a2) +#define assert_ptr_eq(a1, a2) \ + do { const void *__p1 = (a1); \ + const void *__p2 = (a2); \ + if (__p1 == __p2) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (0x%08lx == 0x%08lx)", \ + #a1, #a2, (unsigned long)(size_t)__p1, (unsigned long)(size_t)__p2); \ + } while (0) + +#define assert_str_contains(expr, needle) \ + do { const char *__str = (expr); \ + if (__str && strstr (__str, needle)) ; else \ + p1_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s): '%s' does not contain '%s'", \ + #expr, __str, needle); \ + } while (0) + +#endif /* !P11_TEST_SOURCE */ + + +void p11_test_fail (const char *filename, + int line, + const char *function, + const char *message, + ...) GNUC_PRINTF(4, 5) CLANG_ANALYZER_NORETURN; + +void p11_test_skip (const char *filename, + int line, + const char *function, + const char *message, + ...) GNUC_PRINTF(4, 5) CLANG_ANALYZER_NORETURN; + +void p11_test_todo (const char *filename, + int line, + const char *function, + const char *message, + ...) GNUC_PRINTF(4, 5) CLANG_ANALYZER_NORETURN; + +void p11_test (void (* function) (void), + const char *name, + ...) GNUC_PRINTF(2, 3); + +void p11_testx (void (* function) (void *), + void *argument, + const char *name, + ...) GNUC_PRINTF(3, 4); + +void p11_fixture (void (* setup) (void *), + void (* teardown) (void *)); + +int p11_test_run (int argc, + char **argv); + +char * p11_test_directory (const char *prefix); + +void p11_test_directory_delete (const char *directory); + +void p11_test_file_write (const char *directory, + const char *name, + const void *contents, + size_t length); + +void p11_test_file_delete (const char *directory, + const char *name); + +#ifdef OS_UNIX + +char * p11_test_copy_setgid (const char *path, + const char *tmpdir); + +int p11_test_run_child (const char **argv, + bool quiet_out); + +#endif + +#endif /* P11_TEST_H_ */ diff --git a/common/tool.c b/common/tool.c new file mode 100644 index 0000000..414f852 --- /dev/null +++ b/common/tool.c @@ -0,0 +1,334 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "path.h" + +#include +#include +#include +#include +#include +#include +#include + +#include "tool.h" + +static char +short_option (int opt) +{ + if (isalpha (opt) || isdigit (opt)) + return (char)opt; + return 0; +} + +static const struct option * +find_option (const struct option *longopts, + int opt) +{ + int i; + + for (i = 0; longopts[i].name != NULL; i++) { + if (longopts[i].val == opt) + return longopts + i; + } + + return NULL; +} + +void +p11_tool_usage (const p11_tool_desc *usages, + const struct option *longopts) +{ + const struct option *longopt; + const int indent = 22; + const char *long_name; + const char *description; + const char *next; + char short_name; + int spaces; + int len; + int i; + + for (i = 0; usages[i].text != NULL; i++) { + + /* If no option, then this is a heading */ + if (!usages[i].option) { + printf ("%s\n\n", usages[i].text); + continue; + } + + longopt = find_option (longopts, usages[i].option); + long_name = longopt ? longopt->name : NULL; + short_name = short_option (usages[i].option); + description = usages[i].text; + + if (short_name && long_name) + len = printf (" -%c, --%s", (int)short_name, long_name); + else if (long_name) + len = printf (" --%s", long_name); + else + len = printf (" -%c", (int)short_name); + if (longopt && longopt->has_arg) + len += printf ("%s<%s>", + long_name ? "=" : " ", + usages[i].arg ? usages[i].arg : "..."); + if (len < indent) { + spaces = indent - len; + } else { + printf ("\n"); + spaces = indent; + } + while (description) { + while (spaces-- > 0) + fputc (' ', stdout); + next = strchr (description, '\n'); + if (next) { + next += 1; + printf ("%.*s", (int)(next - description), description); + description = next; + spaces = indent; + } else { + printf ("%s\n", description); + break; + } + } + + } +} + +int +p11_tool_getopt (int argc, + char *argv[], + const struct option *longopts) +{ + p11_buffer buf; + int ret; + char opt; + int i; + + if (!p11_buffer_init_null (&buf, 64)) + return_val_if_reached (-1); + + for (i = 0; longopts[i].name != NULL; i++) { + opt = short_option (longopts[i].val); + if (opt != 0) { + p11_buffer_add (&buf, &opt, 1); + assert (longopts[i].has_arg != optional_argument); + if (longopts[i].has_arg == required_argument) + p11_buffer_add (&buf, ":", 1); + } + } + + ret = getopt_long (argc, argv, buf.data, longopts, NULL); + + p11_buffer_uninit (&buf); + + return ret; +} + +static void +command_usage (const p11_tool_command *commands) +{ + const char *progname; + int i; + + progname = getprogname (); + printf ("usage: %s command ...\n", progname); + printf ("\nCommon %s commands are:\n", progname); + for (i = 0; commands[i].name != NULL; i++) { + if (strcmp (commands[i].name, P11_TOOL_FALLBACK) != 0) + printf (" %-15s %s\n", commands[i].name, commands[i].text); + } + printf ("\nSee '%s --help' for more information\n", progname); +} + +static void +verbose_arg (void) +{ + setenv ("P11_KIT_DEBUG", "tool", 0); + p11_message_loud (); +} + +static void +quiet_arg (void) +{ + setenv ("P11_KIT_DEBUG", "", 1); + p11_message_quiet (); +} + +int +p11_tool_main (int argc, + char *argv[], + const p11_tool_command *commands) +{ + const p11_tool_command *fallback = NULL; + char *command = NULL; + bool want_help = false; + bool skip; + int in, out; + int i; + + /* Print messages by default. */ + p11_message_loud (); + + /* + * Parse the global options. We rearrange the options as + * necessary, in order to pass relevant options through + * to the commands, but also have them take effect globally. + */ + + for (in = 1, out = 1; in < argc; in++, out++) { + + /* The non-option is the command, take it out of the arguments */ + if (argv[in][0] != '-') { + if (!command) { + skip = true; + command = argv[in]; + } else { + skip = false; + } + + /* The global long options */ + } else if (argv[in][1] == '-') { + skip = false; + + if (strcmp (argv[in], "--") == 0) { + if (!command) { + p11_message ("no command specified"); + return 2; + } else { + break; + } + + } else if (strcmp (argv[in], "--verbose") == 0) { + verbose_arg (); + + } else if (strcmp (argv[in], "--quiet") == 0) { + quiet_arg (); + + } else if (strcmp (argv[in], "--help") == 0) { + want_help = true; + + } else if (!command) { + p11_message ("unknown global option: %s", argv[in]); + return 2; + } + + /* The global short options */ + } else { + skip = false; + + for (i = 1; argv[in][i] != '\0'; i++) { + switch (argv[in][i]) { + case 'h': + want_help = true; + break; + + /* Compatibility option */ + case 'l': + command = "list-modules"; + break; + + case 'v': + verbose_arg (); + break; + + case 'q': + quiet_arg (); + break; + + default: + if (!command) { + p11_message ("unknown global option: -%c", (int)argv[in][i]); + return 2; + } + break; + } + } + } + + /* Skipping this argument? */ + if (skip) + out--; + else + argv[out] = argv[in]; + } + + /* Initialize tool's debugging after setting env vars above */ + p11_debug_init (); + + if (command == NULL) { + /* As a special favor if someone just typed the command, help them out */ + if (argc == 1) { + command_usage (commands); + return 2; + } else if (want_help) { + command_usage (commands); + return 0; + } else { + p11_message ("no command specified"); + return 2; + } + } + + argc = out; + + /* Look for the command */ + for (i = 0; commands[i].name != NULL; i++) { + if (strcmp (commands[i].name, P11_TOOL_FALLBACK) == 0) { + fallback = commands + i; + + } else if (strcmp (commands[i].name, command) == 0) { + argv[0] = command; + return (commands[i].function) (argc, argv); + } + } + + /* Got here because no command matched */ + if (fallback != NULL) { + argv[0] = command; + return (fallback->function) (argc, argv); + } + + /* At this point we have no command */ + p11_message ("'%s' is not a valid command. See '%s --help'", + command, getprogname ()); + return 2; +} diff --git a/common/tool.h b/common/tool.h new file mode 100644 index 0000000..16785da --- /dev/null +++ b/common/tool.h @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_TOOL_H_ +#define P11_TOOL_H_ + +#include + +#define P11_TOOL_FALLBACK "" + +typedef struct { + const char *name; + int (*function) (int, char*[]); + const char *text; +} p11_tool_command; + +typedef struct { + int option; + const char *text; + const char *arg; +} p11_tool_desc; + +int p11_tool_main (int argc, + char *argv[], + const p11_tool_command *commands); + +int p11_tool_getopt (int argc, + char *argv[], + const struct option *longopts); + +void p11_tool_usage (const p11_tool_desc *usages, + const struct option *longopts); + +#endif /* P11_TOOL_H_ */ diff --git a/common/unix-peer.c b/common/unix-peer.c new file mode 100644 index 0000000..7fe2eea --- /dev/null +++ b/common/unix-peer.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2013 Nikos Mavrogiannopoulos + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Nikos Mavrogiannopoulos + */ + +#include "config.h" + +#include "unix-peer.h" + +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_UCRED_H +# include +#endif + +/* Returns the unix domain socket peer information. + * Returns zero on success. + */ +int +p11_get_upeer_id (int cfd, uid_t *uid, uid_t *gid, pid_t *pid) +{ + int ret; +#if defined(SO_PEERCRED) + struct ucred cr; + socklen_t cr_len; + + cr_len = sizeof (cr); + ret = getsockopt (cfd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len); + if (ret == -1) + return -1; + + if (uid) + *uid = cr.uid; + + if (gid) + *gid = cr.gid; + + if (pid) + *pid = cr.pid; + +#elif defined(HAVE_GETPEEREID) + /* *BSD/MacOSX */ + uid_t euid; + gid_t egid; + + ret = getpeereid (cfd, &euid, &egid); + + if (ret == -1) + return -1; + + if (uid) + *uid = euid; + + if (gid) + *gid = egid; + + if (pid) + *pid = -1; + +#elif defined(HAVE_GETPEERUCRED) + /* *Solaris/OpenIndiana */ + ucred_t *ucred = NULL; + + if (getpeerucred(cfd, &ucred) == -1) + return -1; + + ret = ( (uid && (*uid = ucred_geteuid(ucred)) == -1) || + (gid && (*gid = ucred_getrgid(ucred)) == -1) || + (pid && (*pid = ucred_getpid(ucred)) == -1) ); + + ucred_free(ucred); + + if (ret) + return -1; +#else +#error "Unsupported UNIX variant" +#endif + return 0; +} diff --git a/common/unix-peer.h b/common/unix-peer.h new file mode 100644 index 0000000..00adc88 --- /dev/null +++ b/common/unix-peer.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2014 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Nikos Mavrogiannopoulos + */ + +#ifndef P11_UNIX_PEER_H_ +#define P11_UNIX_PEER_H_ + +#include + +int p11_get_upeer_id (int cfd, uid_t *uid, uid_t *gid, pid_t *pid); + +#endif /* P11_UNIX_PEER_H_ */ diff --git a/common/url.c b/common/url.c new file mode 100644 index 0000000..903c58b --- /dev/null +++ b/common/url.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "debug.h" +#include "url.h" + +#include +#include +#include +#include +#include + +const static char HEX_CHARS_UPPER[] = "0123456789ABCDEF"; +const static char HEX_CHARS_LOWER[] = "0123456789abcdef"; + +unsigned char * +p11_url_decode (const char *value, + const char *end, + const char *skip, + size_t *length) +{ + char *a, *b; + unsigned char *result, *p; + + assert (value <= end); + assert (skip != NULL); + + /* String can only get shorter */ + result = malloc ((end - value) + 1); + return_val_if_fail (result != NULL, NULL); + + /* Now loop through looking for escapes */ + p = result; + while (value != end) { + /* + * A percent sign followed by two hex digits means + * that the digits represent an escaped character. + */ + if (*value == '%') { + value++; + if (end - value < 2) { + free (result); + return NULL; + } + a = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[0])); + b = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[1])); + if (!a || !b) { + free (result); + return NULL; + } + *p = (a - HEX_CHARS_UPPER) << 4; + *(p++) |= (b - HEX_CHARS_UPPER); + value += 2; + + /* Ignore whitespace characters */ + } else if (strchr (skip, *value)) { + value++; + + /* A different character */ + } else { + *(p++) = *(value++); + } + } + + /* Null terminate string, in case its a string */ + *p = 0; + + if (length) + *length = p - result; + return result; +} + +void +p11_url_encode (const unsigned char *value, + const unsigned char *end, + const char *verbatim, + p11_buffer *buf) +{ + char hex[3]; + const char *env; + const char *hex_chars; + + assert (value <= end); + + /* Opt to output lowercase hex-digits for compatibility */ + env = secure_getenv ("P11_KIT_URI_LOWERCASE"); + if (env && *env != '\0') + hex_chars = HEX_CHARS_LOWER; + else + hex_chars = HEX_CHARS_UPPER; + + /* Now loop through looking for escapes */ + while (value != end) { + + /* These characters we let through verbatim */ + if (*value && strchr (verbatim, *value) != NULL) { + p11_buffer_add (buf, value, 1); + + /* All others get encoded */ + } else { + hex[0] = '%'; + hex[1] = hex_chars[((unsigned char)*value) >> 4]; + hex[2] = hex_chars[((unsigned char)*value) & 0x0F]; + p11_buffer_add (buf, hex, 3); + } + + ++value; + } +} diff --git a/common/url.h b/common/url.h new file mode 100644 index 0000000..3c9cfb4 --- /dev/null +++ b/common/url.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_URL_H +#define P11_URL_H + +#include "buffer.h" +#include "compat.h" + +#include + +#define P11_URL_WHITESPACE " \n\r\v" + +#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \ + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ + "0123456789_-." + +unsigned char * p11_url_decode (const char *value, + const char *end, + const char *skip, + size_t *length); + +void p11_url_encode (const unsigned char *value, + const unsigned char *end, + const char *verbatim, + p11_buffer *buf); + +#endif /* P11_URL_H */ diff --git a/common/vsock.c b/common/vsock.c new file mode 100644 index 0000000..bd8ad1a --- /dev/null +++ b/common/vsock.c @@ -0,0 +1,122 @@ +/* + * Copyright © 2020 Amazon.com, Inc. or its affiliates. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: David Woodhouse + */ + +#include "config.h" + +#include "vsock.h" + +#include +#include +#include + +#include +#include +#include + +#ifdef HAVE_VSOCK +#include +#include +#include +#endif + +/* This generic parsing utility doesn't actually require the + * vm_sockets.h header and thus doesn't require conditional + * compiliation... except for this one definition. */ +#ifndef VMADDR_CID_ANY +#define VMADDR_CID_ANY -1U +#endif + +bool +p11_vsock_parse_addr (const char *target, + unsigned int *cid, + unsigned int *port) +{ + bool cid_found = false; + bool port_found = false; + unsigned long val; + char *endptr; + + while (*target) { + if (strncmp (target, "cid=", 4) == 0) { + val = strtoul(target + 4, &endptr, 0); + if (val > UINT_MAX || endptr == target + 4) + return false; + *cid = val; + cid_found = true; + } else if (strncmp (target, "port=", 5) == 0) { + val = strtoul (target + 5, &endptr, 0); + if (val > UINT_MAX || endptr == target + 5) + return false; + *port = val; + port_found = true; + } else { + return false; + } + + target = endptr; + if (*target == ';') + target++; + else if (*target) + return false; + } + + /* Port is mandatory */ + if (!port_found) + return false; + + /* CID is optional, defaulting to VMADDR_CID_ANY */ + if (!cid_found) + *cid = VMADDR_CID_ANY; + + return true; +} + +bool +p11_vsock_get_local_cid (unsigned int *cid) +{ +#ifndef HAVE_VSOCK + return false; +#else + int fd = open ("/dev/vsock", O_RDONLY); + int rc; + + if (fd == -1) + return false; + + rc = ioctl (fd, IOCTL_VM_SOCKETS_GET_LOCAL_CID, cid, sizeof(*cid)); + close (fd); + + return (rc == 0); +#endif +} diff --git a/common/vsock.h b/common/vsock.h new file mode 100644 index 0000000..f543e8b --- /dev/null +++ b/common/vsock.h @@ -0,0 +1,46 @@ +/* + * Copyright © 2020 Amazon.com, Inc. or its affiliates. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: David Woodhouse + */ + +#ifndef P11_VSOCK_H +#define P11_VSOCK_H + +#include "compat.h" + +bool p11_vsock_parse_addr (const char *target, + unsigned int *cid, + unsigned int *port); + +bool p11_vsock_get_local_cid (unsigned int *cid); + +#endif /* P11_VSOCK_H */ diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..75668dd --- /dev/null +++ b/config.h.in @@ -0,0 +1,328 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* Define to 1 if translation of program messages to the user's native + language is requested. */ +#undef ENABLE_NLS + +/* File extension for executables */ +#undef EXEEXT + +/* Define to 1 if you have the `asprintf' function. */ +#undef HAVE_ASPRINTF + +/* Define to 1 if you have the `basename' function. */ +#undef HAVE_BASENAME + +/* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the + CoreFoundation framework. */ +#undef HAVE_CFLOCALECOPYCURRENT + +/* Define to 1 if you have the Mac OS X function + CFLocaleCopyPreferredLanguages in the CoreFoundation framework. */ +#undef HAVE_CFLOCALECOPYPREFERREDLANGUAGES + +/* Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in + the CoreFoundation framework. */ +#undef HAVE_CFPREFERENCESCOPYAPPVALUE + +/* Define if the GNU dcgettext() function is already present or preinstalled. + */ +#undef HAVE_DCGETTEXT + +/* Define to 1 if you have the declaration of `asprintf', and to 0 if you + don't. */ +#undef HAVE_DECL_ASPRINTF + +/* Define to 1 if you have the declaration of `program_invocation_short_name', + and to 0 if you don't. */ +#undef HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME + +/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you + don't. */ +#undef HAVE_DECL_REALLOCARRAY + +/* Define to 1 if you have the declaration of `vasprintf', and to 0 if you + don't. */ +#undef HAVE_DECL_VASPRINTF + +/* Define to 1 if you have the declaration of `__progname', and to 0 if you + don't. */ +#undef HAVE_DECL___PROGNAME + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the `fdwalk' function. */ +#undef HAVE_FDWALK + +/* Define to 1 if you have the `getauxval' function. */ +#undef HAVE_GETAUXVAL + +/* Define to 1 if you have the `getexecname' function. */ +#undef HAVE_GETEXECNAME + +/* Define to 1 if you have the `getpeereid' function. */ +#undef HAVE_GETPEEREID + +/* Define to 1 if you have the `getpeerucred' function. */ +#undef HAVE_GETPEERUCRED + +/* Define to 1 if you have the `getprogname' function. */ +#undef HAVE_GETPROGNAME + +/* Define to 1 if you have the `getresuid' function. */ +#undef HAVE_GETRESUID + +/* Define if the GNU gettext() function is already present or preinstalled. */ +#undef HAVE_GETTEXT + +/* Whether gmtime_r() is available */ +#undef HAVE_GMTIME_R + +/* Define if you have the iconv() function and it works. */ +#undef HAVE_ICONV + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `issetugid' function. */ +#undef HAVE_ISSETUGID + +/* Define to 1 if you have the `intl' library (-lintl). */ +#undef HAVE_LIBINTL + +/* Define to 1 if you have the `pthread' library (-lpthread). */ +#undef HAVE_LIBPTHREAD + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOCALE_H + +/* Define to 1 if the system has the type `locale_t'. */ +#undef HAVE_LOCALE_T + +/* Define to 1 if you have the `memdup' function. */ +#undef HAVE_MEMDUP + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the `mkdtemp' function. */ +#undef HAVE_MKDTEMP + +/* Define to 1 if you have the `mkstemp' function. */ +#undef HAVE_MKSTEMP + +/* Define to 1 if you have the `newlocale' function. */ +#undef HAVE_NEWLOCALE + +/* Whether program_invocation_short_name available */ +#undef HAVE_PROGRAM_INVOCATION_SHORT_NAME + +/* Define to 1 if you have the `reallocarray' function. */ +#undef HAVE_REALLOCARRAY + +/* Define to 1 if you have the `secure_getenv' function. */ +#undef HAVE_SECURE_GETENV + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if the system has the type `sighandler_t'. */ +#undef HAVE_SIGHANDLER_T + +/* Define to 1 if the system has the type `sig_t'. */ +#undef HAVE_SIG_T + +/* Define to 1 if stdbool.h conforms to C99. */ +#undef HAVE_STDBOOL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strerror_l' function. */ +#undef HAVE_STRERROR_L + +/* Define to 1 if you have the `strerror_r' function. */ +#undef HAVE_STRERROR_R + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strndup' function. */ +#undef HAVE_STRNDUP + +/* Define to 1 if you have the `strnstr' function. */ +#undef HAVE_STRNSTR + +/* Define to 1 if `d_type' is a member of `struct dirent'. */ +#undef HAVE_STRUCT_DIRENT_D_TYPE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_RESOURCE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UCRED_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `vasprintf' function. */ +#undef HAVE_VASPRINTF + +/* Define to 1 if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF + +/* Whether vsock support available */ +#undef HAVE_VSOCK + +/* Define to 1 if the system has the type `_Bool'. */ +#undef HAVE__BOOL + +/* Whether __libc_enable_secure available */ +#undef HAVE___LIBC_ENABLE_SECURE + +/* Whether __progname available */ +#undef HAVE___PROGNAME + +/* Define to 1 if the system has the type `__sighandler_t'. */ +#undef HAVE___SIGHANDLER_T + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#undef LT_OBJDIR + +/* Disable glib assertions */ +#undef NDEBUG + +/* Building for unix */ +#undef OS_UNIX + +/* Building for win32 */ +#undef OS_WIN32 + +/* the compiler keyword to define thread-local storage */ +#undef P11_TLS_KEYWORD + +/* the number of closures */ +#undef P11_VIRTUAL_MAX_FIXED + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Major version of package */ +#undef PACKAGE_MAJOR + +/* Minor version of package */ +#undef PACKAGE_MINOR + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* File extension for shared libraries */ +#undef SHLEXT + +/* The size of `unsigned long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* The trust module input paths */ +#undef TRUST_PATHS + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# undef _GNU_SOURCE +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# undef _POSIX_PTHREAD_SEMANTICS +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# undef _TANDEM_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif + + +/* Version number of package */ +#undef VERSION + +/* Build with libtasn1 and certificate support */ +#undef WITH_ASN1 + +/* Print debug output */ +#undef WITH_DEBUG + +/* Use libffi for building closures */ +#undef WITH_FFI + +/* Use freebl for hash implementation */ +#undef WITH_FREEBL + +/* More strict checks */ +#undef WITH_STRICT + +/* Build with systemd socket activation */ +#undef WITH_SYSTEMD + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* In debug mode */ +#undef _DEBUG + +/* Define to 1 if on MINIX. */ +#undef _MINIX + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +#undef _POSIX_1_SOURCE + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +#undef _POSIX_SOURCE diff --git a/configure b/configure new file mode 100755 index 0000000..41f2050 --- /dev/null +++ b/configure @@ -0,0 +1,21212 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for p11-kit 0.23.21. +# +# Report bugs to . +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1 + + test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: https://github.com/p11-glue/p11-kit/issues about your +$0: system, including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + +SHELL=${CONFIG_SHELL-/bin/sh} + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='p11-kit' +PACKAGE_TARNAME='p11-kit' +PACKAGE_VERSION='0.23.21' +PACKAGE_STRING='p11-kit 0.23.21' +PACKAGE_BUGREPORT='https://github.com/p11-glue/p11-kit/issues' +PACKAGE_URL='https://p11-glue.github.io/p11-glue/p11-kit.html' + +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +gt_needs= +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +LIBOBJS +WITH_BASH_COMPLETION_FALSE +WITH_BASH_COMPLETION_TRUE +bashcompdir +WITH_SYSTEMD_FALSE +WITH_SYSTEMD_TRUE +systemduserunitdir +LIBSYSTEMD_LIBS +LIBSYSTEMD_CFLAGS +privatedir +SHLEXT +P11KIT_LT_RELEASE +WITH_COVERAGE_FALSE +WITH_COVERAGE_TRUE +GENHTML +LCOV +GCOV +GTK_DOC_USE_REBASE_FALSE +GTK_DOC_USE_REBASE_TRUE +GTK_DOC_USE_LIBTOOL_FALSE +GTK_DOC_USE_LIBTOOL_TRUE +GTK_DOC_BUILD_PDF_FALSE +GTK_DOC_BUILD_PDF_TRUE +GTK_DOC_BUILD_HTML_FALSE +GTK_DOC_BUILD_HTML_TRUE +ENABLE_GTK_DOC_FALSE +ENABLE_GTK_DOC_TRUE +HTML_DIR +XSLTPROC +GTKDOC_SCAN +GTKDOC_MKPDF +GTKDOC_REBASE +GTKDOC_CHECK +with_trust_paths +WITH_TRUST_MODULE_FALSE +WITH_TRUST_MODULE_TRUE +HASH_LIBS +closures +WITH_FFI_FALSE +WITH_FFI_TRUE +LIBFFI_LIBS +LIBFFI_CFLAGS +WITH_ASN1_FALSE +WITH_ASN1_TRUE +ASN1PARSER +LIBTASN1_LIBS +LIBTASN1_CFLAGS +p11_module_path +p11_user_config_modules +p11_user_config_file +p11_user_config +p11_package_config_modules +p11_system_config_modules +p11_system_config_file +p11_system_config +OS_WIN32_FALSE +OS_WIN32_TRUE +POSUB +LTLIBINTL +LIBINTL +INTLLIBS +LTLIBICONV +LIBICONV +INTL_MACOSX_LIBS +XGETTEXT_EXTRA_OPTIONS +MSGMERGE_FOR_MSGFMT_OPTION +MSGMERGE +XGETTEXT_015 +XGETTEXT +GMSGFMT_015 +GMSGFMT +MSGFMT +GETTEXT_MACRO_VERSION +USE_NLS +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG +HAVE_LD_VERSION_SCRIPT_FALSE +HAVE_LD_VERSION_SCRIPT_TRUE +LT_SYS_LIBRARY_PATH +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +MANIFEST_TOOL +RANLIB +ac_ct_AR +AR +DLLTOOL +OBJDUMP +LN_S +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +SED +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +LIBTOOL +EGREP +GREP +CPP +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +MAINT +MAINTAINER_MODE_FALSE +MAINTAINER_MODE_TRUE +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL +am__quote' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_silent_rules +enable_maintainer_mode +enable_dependency_tracking +enable_static +enable_shared +with_pic +enable_fast_install +with_aix_soname +with_gnu_ld +with_sysroot +enable_libtool_lock +enable_ld_version_script +enable_nls +enable_rpath +with_libiconv_prefix +with_libintl_prefix +with_module_config +with_system_config +with_user_config +with_module_path +with_libtasn1 +with_libffi +with_closures +with_hash_impl +enable_trust_module +with_trust_paths +with_html_dir +enable_doc +enable_doc_html +enable_doc_pdf +enable_debug +enable_strict +enable_coverage +with_systemd +with_bash_completion +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP +LT_SYS_LIBRARY_PATH +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR +LIBTASN1_CFLAGS +LIBTASN1_LIBS +LIBFFI_CFLAGS +LIBFFI_LIBS +LIBSYSTEMD_CFLAGS +LIBSYSTEMD_LIBS +systemduserunitdir +bashcompdir' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures p11-kit 0.23.21 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/p11-kit] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of p11-kit 0.23.21:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") + --disable-maintainer-mode + disable make rules and dependencies not useful (and + sometimes confusing) to the casual installer + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build + --enable-static[=PKGS] build static libraries [default=no] + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + --enable-ld-version-script + enable linker version script (default is enabled + when possible) + --disable-nls do not use Native Language Support + --disable-rpath do not hardcode runtime library paths + --disable-trust-module Disable building the trust module + + --enable-doc build documentation using gtk-doc [[default=no]] + --enable-doc-html build documentation in html format [[default=yes]] + --enable-doc-pdf build documentation in pdf format [[default=no]] + --enable-debug=no/default/yes + Turn on or off debugging + --enable-strict Strict code compilation + + --enable-coverage Whether to enable coverage testing + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] + --with-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot[=DIR] Search for dependent libraries within DIR (or the + compiler's sysroot if not specified). + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib + --without-libiconv-prefix don't search for libiconv in includedir and libdir + --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib + --without-libintl-prefix don't search for libintl in includedir and libdir + --with-module-config Module configuration files shipped by packages + --with-system-config Change PKCS#11 system config directory + --with-user-config Change PKCS#11 user config directory + --with-module-path Load modules with relative path names from here + --without-libtasn1 Disable dependency on libtasn1 + + --without-libffi Don't use libffi for building closures + --with-closures=NUM the number of precompiled closures, used when libffi + is unavailable + --with-hash-impl=[freebl/internal] + Choose the hash implementation to use + + --with-trust-paths=[path]: + input paths for trust module + + + --with-html-dir=PATH path to installed docs + --without-systemd Disable systemd socket activation + --without-bash-completion + Don't install bash completion files + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path + LIBTASN1_CFLAGS + C compiler flags for LIBTASN1, overriding pkg-config + LIBTASN1_LIBS + linker flags for LIBTASN1, overriding pkg-config + LIBFFI_CFLAGS + C compiler flags for LIBFFI, overriding pkg-config + LIBFFI_LIBS linker flags for LIBFFI, overriding pkg-config + LIBSYSTEMD_CFLAGS + C compiler flags for LIBSYSTEMD, overriding pkg-config + LIBSYSTEMD_LIBS + linker flags for LIBSYSTEMD, overriding pkg-config + systemduserunitdir + value of systemduserunitdir for systemd, overriding pkg-config + bashcompdir value of completionsdir for bash-completion, overriding + pkg-config + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +p11-kit home page: . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +p11-kit configure 0.23.21 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## --------------------------------------------------------- ## +## Report this to https://github.com/p11-glue/p11-kit/issues ## +## --------------------------------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_type + +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include +#include +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 &5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member + +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by p11-kit $as_me 0.23.21, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +gt_needs="$gt_needs need-ngettext" +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +# ------------------------------------------------------------------------------ +# p11-kit libtool versioning +# CURRENT : REVISION : AGE +# +1 : 0 : +1 == new interface that does not break old one. +# +1 : 0 : 0 == removed an interface. Breaks old apps. +# ? : +1 : ? == internal changes that doesn't break anything. + +P11KIT_CURRENT=3 +P11KIT_REVISION=0 +P11KIT_AGE=3 + +# ------------------------------------------------------------------------------ + +ac_config_headers="$ac_config_headers config.h" + + +ac_aux_dir= +for ac_dir in build/litter "$srcdir"/build/litter; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in build/litter \"$srcdir\"/build/litter" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + + +am__api_version='1.16' + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='p11-kit' + VERSION='0.23.21' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar pax cpio none' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 + fi +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 +$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } + # Check whether --enable-maintainer-mode was given. +if test "${enable_maintainer_mode+set}" = set; then : + enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval +else + USE_MAINTAINER_MODE=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 +$as_echo "$USE_MAINTAINER_MODE" >&6; } + if test $USE_MAINTAINER_MODE = yes; then + MAINTAINER_MODE_TRUE= + MAINTAINER_MODE_FALSE='#' +else + MAINTAINER_MODE_TRUE='#' + MAINTAINER_MODE_FALSE= +fi + + MAINT=$MAINTAINER_MODE_TRUE + + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + + + + + +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +cat > confinc.mk << 'END' +am__doit: + @echo this is the am__doit target >confinc.out +.PHONY: am__doit +END +am__include="#" +am__quote= +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 + (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + case $?:`cat confinc.out 2>/dev/null` in #( + '0:this is the am__doit target') : + case $s in #( + BSD) : + am__include='.include' am__quote='"' ;; #( + *) : + am__include='include' am__quote='' ;; +esac ;; #( + *) : + ;; +esac + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +$as_echo "${_am_result}" >&6; } + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" +if test "x$ac_cv_header_minix_config_h" = xyes; then : + MINIX=yes +else + MINIX= +fi + + + if test "$MINIX" = yes; then + +$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h + + +$as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h + + +$as_echo "#define _MINIX 1" >>confdefs.h + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 +$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } +if ${ac_cv_safe_to_define___extensions__+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# define __EXTENSIONS__ 1 + $ac_includes_default +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_safe_to_define___extensions__=yes +else + ac_cv_safe_to_define___extensions__=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 +$as_echo "$ac_cv_safe_to_define___extensions__" >&6; } + test $ac_cv_safe_to_define___extensions__ = yes && + $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h + + $as_echo "#define _ALL_SOURCE 1" >>confdefs.h + + $as_echo "#define _GNU_SOURCE 1" >>confdefs.h + + $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h + + $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h + + + + +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac + + + +macro_version='2.4.6' +macro_revision='2.4.6' + + + + + + + + + + + + + +ltmain=$ac_aux_dir/ltmain.sh + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +$as_echo_n "checking how to print strings... " >&6; } +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "" +} + +case $ECHO in + printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +$as_echo "printf" >&6; } ;; + print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +$as_echo "print -r" >&6; } ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +$as_echo "cat" >&6; } ;; +esac + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if ${ac_cv_path_FGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_FGREP" || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if ${lt_cv_path_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM=$NM +else + lt_nm_to_check=${ac_tool_prefix}nm + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break 2 + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break 2 + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS=$lt_save_ifs + done + : ${lt_cv_path_NM=no} +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + if test -n "$ac_tool_prefix"; then + for ac_prog in dumpbin "link -dump" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$DUMPBIN" && break + done +fi +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in dumpbin "link -dump" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_DUMPBIN" && break +done + + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DUMPBIN=$ac_ct_DUMPBIN + fi +fi + + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols -headers" + ;; + *) + DUMPBIN=: + ;; + esac + fi + + if test : != "$DUMPBIN"; then + NM=$DUMPBIN + fi +fi +test -z "$NM" && NM=nm + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if ${lt_cv_nm_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +# find the maximum length of command line arguments +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if ${lt_cv_sys_max_cmd_len+:} false; then : + $as_echo_n "(cached) " >&6 +else + i=0 + teststring=ABCD + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test 17 != "$i" # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac + +fi + +if test -n "$lt_cv_sys_max_cmd_len"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi + + + + + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +if ${lt_cv_to_host_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac + +fi + +to_host_file_cmd=$lt_cv_to_host_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +$as_echo "$lt_cv_to_host_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +if ${lt_cv_to_tool_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + #assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac + +fi + +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +$as_echo "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if ${lt_cv_ld_reload_flag+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + if test yes != "$GCC"; then + reload_cmds=false + fi + ;; + darwin*) + if test yes = "$GCC"; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if ${lt_cv_deplibs_check_method+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# 'unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + if ( file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +$as_echo "$DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +$as_echo "$ac_ct_DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + +test -z "$DLLTOOL" && DLLTOOL=dlltool + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd=$ECHO + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + + + + + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} +: ${AR_FLAGS=cru} + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +$as_echo_n "checking for archiver @FILE support... " >&6; } +if ${lt_cv_ar_at_file+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -eq "$ac_status"; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -ne "$ac_status"; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +$as_echo "$lt_cv_ar_at_file" >&6; } + +if test no = "$lt_cv_ar_at_file"; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + bitrig* | openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if ${lt_cv_sys_global_symbol_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[ABCDGISTW]' + ;; +hpux*) + if test ia64 = "$host_cpu"; then + symcode='[ABCDEGRST]' + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 + (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS=conftstm.$ac_objext + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test yes = "$pipe_works"; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +$as_echo_n "checking for sysroot... " >&6; } + +# Check whether --with-sysroot was given. +if test "${with_sysroot+set}" = set; then : + withval=$with_sysroot; +else + with_sysroot=no +fi + + +lt_sysroot= +case $with_sysroot in #( + yes) + if test yes = "$GCC"; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +$as_echo "$with_sysroot" >&6; } + as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 + ;; +esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +$as_echo "${lt_sysroot:-no}" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +$as_echo_n "checking for a working dd... " >&6; } +if ${ac_cv_path_lt_DD+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +if test -z "$lt_DD"; then + ac_path_lt_DD_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in dd; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue +if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi + $ac_path_lt_DD_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_lt_DD"; then + : + fi +else + ac_cv_path_lt_DD=$lt_DD +fi + +rm -f conftest.i conftest2.i conftest.out +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +$as_echo "$ac_cv_path_lt_DD" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +$as_echo_n "checking how to truncate binary pipes... " >&6; } +if ${lt_cv_truncate_bin+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +$as_echo "$lt_cv_truncate_bin" >&6; } + + + + + + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test no = "$enable_libtool_lock" || enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE=32 + ;; + *ELF-64*) + HPUX_IA64_MODE=64 + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test yes = "$lt_cv_prog_gnu_ld"; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac + ;; + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if ${lt_cv_cc_needs_belf+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test yes != "$lt_cv_cc_needs_belf"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS=$SAVE_CFLAGS + fi + ;; +*-*solaris*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*|x86_64-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD=${LD-ld}_sol2 + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks=$enable_libtool_lock + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. +set dummy ${ac_tool_prefix}mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL +if test -n "$MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +$as_echo "$MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. +set dummy mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL +if test -n "$ac_ct_MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then + MANIFEST_TOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL + fi +else + MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" +fi + +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if ${lt_cv_path_mainfest_tool+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&5 + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +$as_echo "$lt_cv_path_mainfest_tool" >&6; } +if test yes != "$lt_cv_path_mainfest_tool"; then + MANIFEST_TOOL=: +fi + + + + + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if ${lt_cv_apple_cc_single_mod+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "$LT_MULTI_MODULE"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&5 + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if ${lt_cv_ld_exported_symbols_list+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +$as_echo_n "checking for -force_load linker flag... " >&6; } +if ${lt_cv_ld_force_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 + echo "$AR cru libconftest.a conftest.o" >&5 + $AR cru libconftest.a conftest.o 2>&5 + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&5 + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&5 + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +$as_echo "$lt_cv_ld_force_load" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[012][,.]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test yes = "$lt_cv_apple_cc_single_mod"; then + _lt_dar_single_mod='$single_module' + fi + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' + fi + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + + + +# Set options +enable_dlopen=yes +# Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_static=no +fi + + + + + + + + + + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + pic_mode=default +fi + + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[5-9]*,yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + +# Check whether --with-aix-soname was given. +if test "${with_aix_soname+set}" = set; then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else + if ${lt_cv_with_aix_soname+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_with_aix_soname=aix +fi + + with_aix_soname=$lt_cv_with_aix_soname +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +$as_echo "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS=$ltmain + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if ${lt_cv_objdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld=$lt_cv_prog_gnu_ld + +old_CC=$CC +old_CFLAGS=$CFLAGS + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +func_cc_basename $compiler +cc_basename=$func_cc_basename_result + + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/${ac_tool_prefix}file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac +fi + +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac +fi + +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +# Use C for the default configuration in the libtool script + +lt_save_CC=$CC +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + +lt_prog_compiler_no_builtin_flag= + +if test yes = "$GCC"; then + case $cc_basename in + nvcc*) + lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; + *) + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + + + + + + + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test yes = "$GCC"; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + lt_prog_compiler_pic='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +$as_echo "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if ${lt_cv_prog_compiler_pic_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works"; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works"; then + : +else + lt_prog_compiler_static= +fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= + always_export_symbols=no + archive_cmds= + archive_expsym_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no + export_dynamic_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no + hardcode_libdir_flag_spec= + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + inherit_rpath=no + link_all_deplibs=unknown + module_cmds= + module_expsym_cmds= + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test yes != "$GCC"; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd* | bitrig*) + with_gnu_ld=no + ;; + esac + + ld_shlibs=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test yes = "$with_gnu_ld"; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; + *\ \(GNU\ Binutils\)\ [3-9]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test yes = "$lt_use_gnu_ld_interface"; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='$wl' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + export_dynamic_flag_spec='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test ia64 != "$host_cpu"; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + export_dynamic_flag_spec='$wl--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + haiku*) + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + link_all_deplibs=yes + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test linux-dietlibc = "$host_os"; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test no = "$tmp_diet" + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; + xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + tcc*) + export_dynamic_flag_spec='-rdynamic' + ;; + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + ld_shlibs=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test no = "$ld_shlibs"; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix[4-9]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then + aix_use_runtimelinking=yes + break + fi + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_direct_absolute=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + file_list_spec='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct=no + hardcode_direct_absolute=no + ;; + esac + + if test yes = "$GCC"; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + export_dynamic_flag_spec='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' $wl-bernotok' + allow_undefined_flag=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + fi + archive_cmds_need_lc=yes + archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, )='true' + enable_shared_with_static_runtimes=yes + exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + old_postinstall_cmds='chmod 644 $oldlib' + postlink_cmds='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + enable_shared_with_static_runtimes=yes + ;; + esac + ;; + + darwin* | rhapsody*) + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec='' + fi + link_all_deplibs=yes + allow_undefined_flag=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + + else + ld_shlibs=no + fi + + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test yes = "$GCC"; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='$wl-E' + ;; + + hpux10*) + if test yes,no = "$GCC,$with_gnu_ld"; then + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='$wl-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test yes,no = "$GCC,$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +$as_echo_n "checking if $CC understands -b... " >&6; } +if ${lt_cv_prog_compiler__b+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler__b=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -b" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler__b=yes + fi + else + lt_cv_prog_compiler__b=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +$as_echo "$lt_cv_prog_compiler__b" >&6; } + +if test yes = "$lt_cv_prog_compiler__b"; then + archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' +fi + + ;; + esac + fi + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='$wl-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test yes = "$GCC"; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if ${lt_cv_irix_exported_symbol+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo (void) { return 0; } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_irix_exported_symbol=yes +else + lt_cv_irix_exported_symbol=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +$as_echo "$lt_cv_irix_exported_symbol" >&6; } + if test yes = "$lt_cv_irix_exported_symbol"; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + fi + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes + ;; + + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + *nto* | *qnx*) + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' + else + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + fi + else + ld_shlibs=no + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + + osf3*) + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z defs' + if test yes = "$GCC"; then + wlarc='$wl' + archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='$wl' + archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. GCC discards it without '$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test yes = "$GCC"; then + whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test sequent = "$host_vendor"; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='$wl-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='$wl-z,text' + allow_undefined_flag='$wl-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='$wl-R,$libdir' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + + if test sni = "$host_vendor"; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='$wl-Blargedynsym' + ;; + esac + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } +test no = "$ld_shlibs" && can_build_shared=no + +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no + else + lt_cv_archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test yes = "$GCC"; then + case $host_os in + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary... + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo = "/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's|/\([A-Za-z]:\)|\1|g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + + + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || + test yes = "$hardcode_automatic"; then + + # We can hardcode non-existent directories. + if test no != "$hardcode_direct" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && + test no != "$hardcode_minus_L"; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } + +if test relink = "$hardcode_action" || + test yes = "$inherit_rpath"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + if test yes != "$enable_dlopen"; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen=load_add_on + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen=LoadLibrary + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +else + + lt_cv_dlopen=dyld + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = xyes; then : + lt_cv_dlopen=shl_load +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if ${ac_cv_lib_dld_shl_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes +else + ac_cv_lib_dld_shl_load=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes; then : + lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld +else + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = xyes; then : + lt_cv_dlopen=dlopen +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if ${ac_cv_lib_svld_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_svld_dlopen=yes +else + ac_cv_lib_svld_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if ${ac_cv_lib_dld_dld_link+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_dld_link=yes +else + ac_cv_lib_dld_dld_link=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes; then : + lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test no = "$lt_cv_dlopen"; then + enable_dlopen=no + else + enable_dlopen=yes + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS=$LDFLAGS + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS=$LIBS + LIBS="$lt_cv_dlopen_libs $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } + + if test yes = "$lt_cv_dlopen_self"; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self_static+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + + + + + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP"; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac +fi + + + + + + + + + + + + + # Report what library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[4-9]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + + + + +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC=$lt_save_CC + + + + + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + + + + # Check whether --enable-ld-version-script was given. +if test "${enable_ld_version_script+set}" = set; then : + enableval=$enable_ld_version_script; have_ld_version_script=$enableval +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if LD -Wl,--version-script works" >&5 +$as_echo_n "checking if LD -Wl,--version-script works... " >&6; } +if ${gl_cv_sys_ld_version_script+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_sys_ld_version_script=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" + echo foo >conftest.map + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + cat > conftest.map <conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_sys_ld_version_script=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + rm -f conftest.map + LDFLAGS=$save_LDFLAGS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_ld_version_script" >&5 +$as_echo "$gl_cv_sys_ld_version_script" >&6; } + have_ld_version_script=$gl_cv_sys_ld_version_script +fi + + if test "$have_ld_version_script" = yes; then + HAVE_LD_VERSION_SCRIPT_TRUE= + HAVE_LD_VERSION_SCRIPT_FALSE='#' +else + HAVE_LD_VERSION_SCRIPT_TRUE='#' + HAVE_LD_VERSION_SCRIPT_FALSE= +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + +LINGUAS="" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 +$as_echo_n "checking whether NLS is requested... " >&6; } + # Check whether --enable-nls was given. +if test "${enable_nls+set}" = set; then : + enableval=$enable_nls; USE_NLS=$enableval +else + USE_NLS=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + + + + + GETTEXT_MACRO_VERSION=0.20 + + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "msgfmt", so it can be a program name with args. +set dummy msgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGFMT" in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && + (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" + ;; +esac +fi +MSGFMT="$ac_cv_path_MSGFMT" +if test "$MSGFMT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 +$as_echo "$MSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + # Extract the first word of "gmsgfmt", so it can be a program name with args. +set dummy gmsgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GMSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GMSGFMT in + [\\/]* | ?:[\\/]*) + ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" + ;; +esac +fi +GMSGFMT=$ac_cv_path_GMSGFMT +if test -n "$GMSGFMT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 +$as_echo "$GMSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; + *) GMSGFMT_015=$GMSGFMT ;; + esac + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "xgettext", so it can be a program name with args. +set dummy xgettext; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XGETTEXT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$XGETTEXT" in + [\\/]* | ?:[\\/]*) + ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && + (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" + ;; +esac +fi +XGETTEXT="$ac_cv_path_XGETTEXT" +if test "$XGETTEXT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 +$as_echo "$XGETTEXT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + rm -f messages.po + + case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; + *) XGETTEXT_015=$XGETTEXT ;; + esac + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "msgmerge", so it can be a program name with args. +set dummy msgmerge; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGMERGE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGMERGE" in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then + ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" + ;; +esac +fi +MSGMERGE="$ac_cv_path_MSGMERGE" +if test "$MSGMERGE" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 +$as_echo "$MSGMERGE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if LC_ALL=C $MSGMERGE --help | grep ' --for-msgfmt ' >/dev/null; then + MSGMERGE_FOR_MSGFMT_OPTION='--for-msgfmt' + else + if LC_ALL=C $MSGMERGE --help | grep ' --no-fuzzy-matching ' >/dev/null; then + MSGMERGE_FOR_MSGFMT_OPTION='--no-fuzzy-matching --no-location --quiet' + else + MSGMERGE_FOR_MSGFMT_OPTION='--no-location --quiet' + fi + fi + + + test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= + + + ac_config_commands="$ac_config_commands po-directories" + + + + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" + else + acl_final_prefix="$prefix" + fi + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +if test -n "$LD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld" >&5 +$as_echo_n "checking for ld... " >&6; } +elif test "$GCC" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } +elif test "$with_gnu_ld" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if test -n "$LD"; then + # Let the user override the test with a path. + : +else + if ${acl_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + + acl_cv_path_LD= # Final result of this test + ac_prog=ld # Program to search in $PATH + if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + acl_output=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + acl_output=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $acl_output in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + acl_output=`echo "$acl_output" | sed 's%\\\\%/%g'` + while echo "$acl_output" | grep "$re_direlt" > /dev/null 2>&1; do + acl_output=`echo $acl_output | sed "s%$re_direlt%/%"` + done + # Got the pathname. No search in PATH is needed. + acl_cv_path_LD="$acl_output" + ac_prog= + ;; + "") + # If it fails, then pretend we aren't using GCC. + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac + fi + if test -n "$ac_prog"; then + # Search for $ac_prog in $PATH. + acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$acl_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + acl_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$acl_cv_path_LD" -v 2>&1 conftest.$ac_ext +/* end confdefs.h. */ +#if defined __powerpc64__ || defined _ARCH_PPC64 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # The compiler produces 64-bit code. Add option '-b64' so that the + # linker groks 64-bit object files. + case "$acl_cv_path_LD " in + *" -b64 "*) ;; + *) acl_cv_path_LD="$acl_cv_path_LD -b64" ;; + esac + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + sparc64-*-netbsd*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __sparcv9 || defined __arch64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + # The compiler produces 32-bit code. Add option '-m elf32_sparc' + # so that the linker groks 32-bit object files. + case "$acl_cv_path_LD " in + *" -m elf32_sparc "*) ;; + *) acl_cv_path_LD="$acl_cv_path_LD -m elf32_sparc" ;; + esac + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + +fi + + LD="$acl_cv_path_LD" +fi +if test -n "$LD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${acl_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$acl_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$acl_cv_prog_gnu_ld + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5 +$as_echo_n "checking for shared library run path origin... " >&6; } +if ${acl_cv_rpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + + CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ + ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh + . ./conftest.sh + rm -f ./conftest.sh + acl_cv_rpath=done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5 +$as_echo "$acl_cv_rpath" >&6; } + wl="$acl_cv_wl" + acl_libext="$acl_cv_libext" + acl_shlibext="$acl_cv_shlibext" + acl_libname_spec="$acl_cv_libname_spec" + acl_library_names_spec="$acl_cv_library_names_spec" + acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" + acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + acl_hardcode_direct="$acl_cv_hardcode_direct" + acl_hardcode_minus_L="$acl_cv_hardcode_minus_L" + # Check whether --enable-rpath was given. +if test "${enable_rpath+set}" = set; then : + enableval=$enable_rpath; : +else + enable_rpath=yes +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking 32-bit host C ABI" >&5 +$as_echo_n "checking 32-bit host C ABI... " >&6; } +if ${gl_cv_host_cpu_c_abi_32bit+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$gl_cv_host_cpu_c_abi"; then + case "$gl_cv_host_cpu_c_abi" in + i386 | x86_64-x32 | arm | armhf | arm64-ilp32 | hppa | ia64-ilp32 | mips | mipsn32 | powerpc | riscv*-ilp32* | s390 | sparc) + gl_cv_host_cpu_c_abi_32bit=yes ;; + *) + gl_cv_host_cpu_c_abi_32bit=no ;; + esac + else + case "$host_cpu" in + + i[4567]86 ) + gl_cv_host_cpu_c_abi_32bit=yes + ;; + + x86_64 ) + # On x86_64 systems, the C compiler may be generating code in one of + # these ABIs: + # - 64-bit instruction set, 64-bit pointers, 64-bit 'long': x86_64. + # - 64-bit instruction set, 64-bit pointers, 32-bit 'long': x86_64 + # with native Windows (mingw, MSVC). + # - 64-bit instruction set, 32-bit pointers, 32-bit 'long': x86_64-x32. + # - 32-bit instruction set, 32-bit pointers, 32-bit 'long': i386. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if (defined __x86_64__ || defined __amd64__ \ + || defined _M_X64 || defined _M_AMD64) \ + && !(defined __ILP32__ || defined _ILP32) + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + arm* | aarch64 ) + # Assume arm with EABI. + # On arm64 systems, the C compiler may be generating code in one of + # these ABIs: + # - aarch64 instruction set, 64-bit pointers, 64-bit 'long': arm64. + # - aarch64 instruction set, 32-bit pointers, 32-bit 'long': arm64-ilp32. + # - 32-bit instruction set, 32-bit pointers, 32-bit 'long': arm or armhf. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __aarch64__ && !(defined __ILP32__ || defined _ILP32) + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + hppa1.0 | hppa1.1 | hppa2.0* | hppa64 ) + # On hppa, the C compiler may be generating 32-bit code or 64-bit + # code. In the latter case, it defines _LP64 and __LP64__. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __LP64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + ia64* ) + # On ia64 on HP-UX, the C compiler may be generating 64-bit code or + # 32-bit code. In the latter case, it defines _ILP32. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef _ILP32 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=yes +else + gl_cv_host_cpu_c_abi_32bit=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + mips* ) + # We should also check for (_MIPS_SZPTR == 64), but gcc keeps this + # at 32. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined _MIPS_SZLONG && (_MIPS_SZLONG == 64) + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + powerpc* ) + # Different ABIs are in use on AIX vs. Mac OS X vs. Linux,*BSD. + # No need to distinguish them here; the caller may distinguish + # them based on the OS. + # On powerpc64 systems, the C compiler may still be generating + # 32-bit code. And on powerpc-ibm-aix systems, the C compiler may + # be generating 64-bit code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __powerpc64__ || defined _ARCH_PPC64 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + rs6000 ) + gl_cv_host_cpu_c_abi_32bit=yes + ;; + + riscv32 | riscv64 ) + # There are 6 ABIs: ilp32, ilp32f, ilp32d, lp64, lp64f, lp64d. + # Size of 'long' and 'void *': + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + s390* ) + # On s390x, the C compiler may be generating 64-bit (= s390x) code + # or 31-bit (= s390) code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ || defined __s390x__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + sparc | sparc64 ) + # UltraSPARCs running Linux have `uname -m` = "sparc64", but the + # C compiler still generates 32-bit code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __sparcv9 || defined __arch64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + *) + gl_cv_host_cpu_c_abi_32bit=no + ;; + esac + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_host_cpu_c_abi_32bit" >&5 +$as_echo "$gl_cv_host_cpu_c_abi_32bit" >&6; } + + HOST_CPU_C_ABI_32BIT="$gl_cv_host_cpu_c_abi_32bit" + + + + + + case "$host_os" in + solaris*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5 +$as_echo_n "checking for 64-bit host... " >&6; } +if ${gl_cv_solaris_64bit+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef _LP64 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_solaris_64bit=yes +else + gl_cv_solaris_64bit=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5 +$as_echo "$gl_cv_solaris_64bit" >&6; };; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the common suffixes of directories in the library search path" >&5 +$as_echo_n "checking for the common suffixes of directories in the library search path... " >&6; } +if ${acl_cv_libdirstems+:} false; then : + $as_echo_n "(cached) " >&6 +else + acl_libdirstem=lib + acl_libdirstem2= + case "$host_os" in + solaris*) + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; + esac + fi + ;; + *) + if test "$HOST_CPU_C_ABI_32BIT" != yes; then + searchpath=`(if test -f /usr/bin/gcc \ + && LC_ALL=C /usr/bin/gcc -print-search-dirs >/dev/null 2>/dev/null; then \ + LC_ALL=C /usr/bin/gcc -print-search-dirs; \ + else \ + LC_ALL=C $CC -print-search-dirs; \ + fi) 2>/dev/null \ + | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" + acl_cv_libdirstems="$acl_libdirstem,$acl_libdirstem2" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_libdirstems" >&5 +$as_echo "$acl_cv_libdirstems" >&6; } + # Decompose acl_cv_libdirstems into acl_libdirstem and acl_libdirstem2. + acl_libdirstem=`echo "$acl_cv_libdirstems" | sed -e 's/,.*//'` + acl_libdirstem2=`echo "$acl_cv_libdirstems" | sed -e '/,/s/.*,//'` + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libiconv-prefix was given. +if test "${with_libiconv_prefix+set}" = set; then : + withval=$with_libiconv_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBICONV= + LTLIBICONV= + INCICONV= + LIBICONV_PREFIX= + HAVE_LIBICONV= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='iconv ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a" + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'iconv'; then + LIBICONV_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'iconv'; then + LIBICONV_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBICONV="${LIBICONV}${LIBICONV:+ }$dep" + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep" + ;; + esac + done + fi + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir" + done + fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5 +$as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; } +if ${gt_cv_func_CFPreferencesCopyAppValue+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFPreferencesCopyAppValue(NULL, NULL) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFPreferencesCopyAppValue=yes +else + gt_cv_func_CFPreferencesCopyAppValue=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5 +$as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; } + if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then + +$as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5 +$as_echo_n "checking for CFLocaleCopyCurrent... " >&6; } +if ${gt_cv_func_CFLocaleCopyCurrent+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFLocaleCopyCurrent(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFLocaleCopyCurrent=yes +else + gt_cv_func_CFLocaleCopyCurrent=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5 +$as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; } + if test $gt_cv_func_CFLocaleCopyCurrent = yes; then + +$as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyPreferredLanguages" >&5 +$as_echo_n "checking for CFLocaleCopyPreferredLanguages... " >&6; } +if ${gt_cv_func_CFLocaleCopyPreferredLanguages+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFLocaleCopyPreferredLanguages(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFLocaleCopyPreferredLanguages=yes +else + gt_cv_func_CFLocaleCopyPreferredLanguages=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyPreferredLanguages" >&5 +$as_echo "$gt_cv_func_CFLocaleCopyPreferredLanguages" >&6; } + if test $gt_cv_func_CFLocaleCopyPreferredLanguages = yes; then + +$as_echo "#define HAVE_CFLOCALECOPYPREFERREDLANGUAGES 1" >>confdefs.h + + fi + INTL_MACOSX_LIBS= + if test $gt_cv_func_CFPreferencesCopyAppValue = yes \ + || test $gt_cv_func_CFLocaleCopyCurrent = yes \ + || test $gt_cv_func_CFLocaleCopyPreferredLanguages = yes; then + INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" + fi + + + + + + + LIBINTL= + LTLIBINTL= + POSUB= + + case " $gt_needs " in + *" need-formatstring-macros "*) gt_api_version=3 ;; + *" need-ngettext "*) gt_api_version=2 ;; + *) gt_api_version=1 ;; + esac + gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc" + gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl" + + if test "$USE_NLS" = "yes"; then + gt_use_preinstalled_gnugettext=no + + + if test $gt_api_version -ge 3; then + gt_revision_test_code=' +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +' + else + gt_revision_test_code= + fi + if test $gt_api_version -ge 2; then + gt_expression_test_code=' + * ngettext ("", "", 0)' + else + gt_expression_test_code= + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5 +$as_echo_n "checking for GNU gettext in libc... " >&6; } +if eval \${$gt_func_gnugettext_libc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +extern int _nl_msg_cat_cntr; +extern int *_nl_domain_bindings; +#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_domain_bindings) +#else +#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0 +#endif +$gt_revision_test_code + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$gt_func_gnugettext_libc=yes" +else + eval "$gt_func_gnugettext_libc=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$gt_func_gnugettext_libc + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then + + + + + + am_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCICONV; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 +$as_echo_n "checking for iconv... " >&6; } +if ${am_cv_func_iconv+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_cv_func_iconv="no, consider installing GNU libiconv" + am_cv_lib_iconv=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test "$am_cv_func_iconv" != yes; then + am_save_LIBS="$LIBS" + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_lib_iconv=yes + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$am_save_LIBS" + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 +$as_echo "$am_cv_func_iconv" >&6; } + if test "$am_cv_func_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5 +$as_echo_n "checking for working iconv... " >&6; } +if ${am_cv_func_iconv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_save_LIBS="$LIBS" + if test $am_cv_lib_iconv = yes; then + LIBS="$LIBS $LIBICONV" + fi + am_cv_func_iconv_works=no + for ac_iconv_const in '' 'const'; do + if test "$cross_compiling" = yes; then : + case "$host_os" in + aix* | hpux*) am_cv_func_iconv_works="guessing no" ;; + *) am_cv_func_iconv_works="guessing yes" ;; + esac +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +#ifndef ICONV_CONST +# define ICONV_CONST $ac_iconv_const +#endif + +int +main () +{ +int result = 0; + /* Test against AIX 5.1 bug: Failures are not distinguishable from successful + returns. */ + { + iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8"); + if (cd_utf8_to_88591 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\342\202\254"; /* EURO SIGN */ + char buf[10]; + ICONV_CONST char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_utf8_to_88591, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 1; + iconv_close (cd_utf8_to_88591); + } + } + /* Test against Solaris 10 bug: Failures are not distinguishable from + successful returns. */ + { + iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646"); + if (cd_ascii_to_88591 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\263"; + char buf[10]; + ICONV_CONST char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_ascii_to_88591, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 2; + iconv_close (cd_ascii_to_88591); + } + } + /* Test against AIX 6.1..7.1 bug: Buffer overrun. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\304"; + static char buf[2] = { (char)0xDE, (char)0xAD }; + ICONV_CONST char *inptr = input; + size_t inbytesleft = 1; + char *outptr = buf; + size_t outbytesleft = 1; + size_t res = iconv (cd_88591_to_utf8, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD) + result |= 4; + iconv_close (cd_88591_to_utf8); + } + } +#if 0 /* This bug could be worked around by the caller. */ + /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static ICONV_CONST char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337"; + char buf[50]; + ICONV_CONST char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_88591_to_utf8, + &inptr, &inbytesleft, + &outptr, &outbytesleft); + if ((int)res > 0) + result |= 8; + iconv_close (cd_88591_to_utf8); + } + } +#endif + /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is + provided. */ + { + /* Try standardized names. */ + iconv_t cd1 = iconv_open ("UTF-8", "EUC-JP"); + /* Try IRIX, OSF/1 names. */ + iconv_t cd2 = iconv_open ("UTF-8", "eucJP"); + /* Try AIX names. */ + iconv_t cd3 = iconv_open ("UTF-8", "IBM-eucJP"); + /* Try HP-UX names. */ + iconv_t cd4 = iconv_open ("utf8", "eucJP"); + if (cd1 == (iconv_t)(-1) && cd2 == (iconv_t)(-1) + && cd3 == (iconv_t)(-1) && cd4 == (iconv_t)(-1)) + result |= 16; + if (cd1 != (iconv_t)(-1)) + iconv_close (cd1); + if (cd2 != (iconv_t)(-1)) + iconv_close (cd2); + if (cd3 != (iconv_t)(-1)) + iconv_close (cd3); + if (cd4 != (iconv_t)(-1)) + iconv_close (cd4); + } + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + am_cv_func_iconv_works=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + test "$am_cv_func_iconv_works" = no || break + done + LIBS="$am_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5 +$as_echo "$am_cv_func_iconv_works" >&6; } + case "$am_cv_func_iconv_works" in + *no) am_func_iconv=no am_cv_lib_iconv=no ;; + *) am_func_iconv=yes ;; + esac + else + am_func_iconv=no am_cv_lib_iconv=no + fi + if test "$am_func_iconv" = yes; then + +$as_echo "#define HAVE_ICONV 1" >>confdefs.h + + fi + if test "$am_cv_lib_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 +$as_echo_n "checking how to link with libiconv... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 +$as_echo "$LIBICONV" >&6; } + else + CPPFLAGS="$am_save_CPPFLAGS" + LIBICONV= + LTLIBICONV= + fi + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libintl-prefix was given. +if test "${with_libintl_prefix+set}" = set; then : + withval=$with_libintl_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBINTL= + LTLIBINTL= + INCINTL= + LIBINTL_PREFIX= + HAVE_LIBINTL= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='intl ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a" + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'intl'; then + LIBINTL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'intl'; then + LIBINTL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBINTL="${LIBINTL}${LIBINTL:+ }$dep" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep" + ;; + esac + done + fi + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir" + done + fi + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5 +$as_echo_n "checking for GNU gettext in libintl... " >&6; } +if eval \${$gt_func_gnugettext_libintl+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $INCINTL" + gt_save_LIBS="$LIBS" + LIBS="$LIBS $LIBINTL" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); +#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias ("")) +#else +#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0 +#endif +$gt_revision_test_code + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$gt_func_gnugettext_libintl=yes" +else + eval "$gt_func_gnugettext_libintl=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); +#define __GNU_GETTEXT_SYMBOL_EXPRESSION (_nl_msg_cat_cntr + *_nl_expand_alias ("")) +#else +#define __GNU_GETTEXT_SYMBOL_EXPRESSION 0 +#endif +$gt_revision_test_code + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + __GNU_GETTEXT_SYMBOL_EXPRESSION + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + LIBINTL="$LIBINTL $LIBICONV" + LTLIBINTL="$LTLIBINTL $LTLIBICONV" + eval "$gt_func_gnugettext_libintl=yes" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + CPPFLAGS="$gt_save_CPPFLAGS" + LIBS="$gt_save_LIBS" +fi +eval ac_res=\$$gt_func_gnugettext_libintl + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + fi + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \ + || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \ + && test "$PACKAGE" != gettext-runtime \ + && test "$PACKAGE" != gettext-tools; }; then + gt_use_preinstalled_gnugettext=yes + else + LIBINTL= + LTLIBINTL= + INCINTL= + fi + + + + if test -n "$INTL_MACOSX_LIBS"; then + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" + LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" + fi + fi + + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + +$as_echo "#define ENABLE_NLS 1" >>confdefs.h + + else + USE_NLS=no + fi + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5 +$as_echo_n "checking whether to use NLS... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + if test "$USE_NLS" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5 +$as_echo_n "checking where the gettext function comes from... " >&6; } + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + gt_source="external libintl" + else + gt_source="libc" + fi + else + gt_source="included intl directory" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5 +$as_echo "$gt_source" >&6; } + fi + + if test "$USE_NLS" = "yes"; then + + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5 +$as_echo_n "checking how to link with libintl... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5 +$as_echo "$LIBINTL" >&6; } + + for element in $INCINTL; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + fi + + +$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h + + +$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h + + fi + + POSUB=po + fi + + + + INTLLIBS="$LIBINTL" + + + + + + + + + + + +if test "$enable_static" = "yes"; then + as_fn_error $? "p11-kit cannot be used as a static library" "$LINENO" 5 +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for win32" >&5 +$as_echo_n "checking for win32... " >&6; } +case "$host" in + *-*-mingw*) + +cat >>confdefs.h <<_ACEOF +#define OS_WIN32 1 +_ACEOF + + os_win32=yes + os_unix=no + ;; + *) + +cat >>confdefs.h <<_ACEOF +#define OS_UNIX 1 +_ACEOF + + os_win32=no + os_unix=yes + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $os_win32" >&5 +$as_echo "$os_win32" >&6; } + if test "$os_win32" = "yes"; then + OS_WIN32_TRUE= + OS_WIN32_FALSE='#' +else + OS_WIN32_TRUE='#' + OS_WIN32_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + +# ------------------------------------------------------------------------------ +# Checks for libraries and headers + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } +if ${ac_cv_header_stdbool_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifndef bool + "error: bool is not defined" + #endif + #ifndef false + "error: false is not defined" + #endif + #if false + "error: false is not 0" + #endif + #ifndef true + "error: true is not defined" + #endif + #if true != 1 + "error: true is not 1" + #endif + #ifndef __bool_true_false_are_defined + "error: __bool_true_false_are_defined is not defined" + #endif + + struct s { _Bool s: 1; _Bool t; } s; + + char a[true == 1 ? 1 : -1]; + char b[false == 0 ? 1 : -1]; + char c[__bool_true_false_are_defined == 1 ? 1 : -1]; + char d[(bool) 0.5 == true ? 1 : -1]; + /* See body of main program for 'e'. */ + char f[(_Bool) 0.0 == false ? 1 : -1]; + char g[true]; + char h[sizeof (_Bool)]; + char i[sizeof s.t]; + enum { j = false, k = true, l = false * true, m = true * 256 }; + /* The following fails for + HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ + _Bool n[m]; + char o[sizeof n == m * sizeof n[0] ? 1 : -1]; + char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + /* Catch a bug in an HP-UX C compiler. See + http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html + */ + _Bool q = true; + _Bool *pq = &q; + +int +main () +{ + + bool e = &s; + *pq |= q; + *pq |= ! q; + /* Refer to every declared value, to avoid compiler optimizations. */ + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + + !m + !n + !o + !p + !q + !pq); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdbool_h=yes +else + ac_cv_header_stdbool_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +$as_echo "$ac_cv_header_stdbool_h" >&6; } + ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + + +if test $ac_cv_header_stdbool_h = yes; then + +$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h + +fi + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 +$as_echo_n "checking size of unsigned long... " >&6; } +if ${ac_cv_sizeof_unsigned_long+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_long" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned long) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_unsigned_long=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 +$as_echo "$ac_cv_sizeof_unsigned_long" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long +_ACEOF + + + +if test "$os_unix" = "yes"; then + ac_fn_c_check_func "$LINENO" "pthread_create" "ac_cv_func_pthread_create" +if test "x$ac_cv_func_pthread_create" = xyes; then : + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lpthread" >&5 +$as_echo_n "checking for pthread_create in -lpthread... " >&6; } +if ${ac_cv_lib_pthread_pthread_create+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpthread $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_create (); +int +main () +{ +return pthread_create (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pthread_pthread_create=yes +else + ac_cv_lib_pthread_pthread_create=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_create" >&5 +$as_echo "$ac_cv_lib_pthread_pthread_create" >&6; } +if test "x$ac_cv_lib_pthread_pthread_create" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBPTHREAD 1 +_ACEOF + + LIBS="-lpthread $LIBS" + +else + + as_fn_error $? "could not find pthread_create" "$LINENO" 5 + +fi + + +fi + + + ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep" +if test "x$ac_cv_func_nanosleep" = xyes; then : + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 +$as_echo_n "checking for library containing nanosleep... " >&6; } +if ${ac_cv_search_nanosleep+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nanosleep (); +int +main () +{ +return nanosleep (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_nanosleep=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_nanosleep+:} false; then : + break +fi +done +if ${ac_cv_search_nanosleep+:} false; then : + +else + ac_cv_search_nanosleep=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 +$as_echo "$ac_cv_search_nanosleep" >&6; } +ac_res=$ac_cv_search_nanosleep +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + + as_fn_error $? "could not find nanosleep" "$LINENO" 5 + +fi + + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +$as_echo_n "checking for library containing dlopen... " >&6; } +if ${ac_cv_search_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl dld; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dlopen+:} false; then : + break +fi +done +if ${ac_cv_search_dlopen+:} false; then : + +else + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +$as_echo "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + + as_fn_error $? "could not find dlopen" "$LINENO" 5 + +fi + + + # for Solaris we need -lsocket -lnsl for socket stuff, gethostbyname + # is just a dummy to find -lnsl + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +$as_echo_n "checking for library containing gethostbyname... " >&6; } +if ${ac_cv_search_gethostbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostbyname (); +int +main () +{ +return gethostbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_gethostbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_gethostbyname+:} false; then : + break +fi +done +if ${ac_cv_search_gethostbyname+:} false; then : + +else + ac_cv_search_gethostbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +$as_echo "$ac_cv_search_gethostbyname" >&6; } +ac_res=$ac_cv_search_gethostbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing connect" >&5 +$as_echo_n "checking for library containing connect... " >&6; } +if ${ac_cv_search_connect+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char connect (); +int +main () +{ +return connect (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_connect=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_connect+:} false; then : + break +fi +done +if ${ac_cv_search_connect+:} false; then : + +else + ac_cv_search_connect=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_connect" >&5 +$as_echo "$ac_cv_search_connect" >&6; } +ac_res=$ac_cv_search_connect +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + + as_fn_error $? "could not find socket" "$LINENO" 5 + +fi + + + for ac_header in locale.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "locale.h" "ac_cv_header_locale_h" "$ac_includes_default" +if test "x$ac_cv_header_locale_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LOCALE_H 1 +_ACEOF + + ac_fn_c_check_type "$LINENO" "locale_t" "ac_cv_type_locale_t" "#include +" +if test "x$ac_cv_type_locale_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_LOCALE_T 1 +_ACEOF + + +fi + + for ac_func in newlocale strerror_l +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +fi + +done + + + # These are things we can work around + for ac_header in sys/resource.h ucred.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + ac_fn_c_check_member "$LINENO" "struct dirent" "d_type" "ac_cv_member_struct_dirent_d_type" "#include +" +if test "x$ac_cv_member_struct_dirent_d_type" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_DIRENT_D_TYPE 1 +_ACEOF + + +fi + + for ac_func in getprogname getexecname basename mkstemp mkdtemp +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + for ac_func in getauxval getresuid secure_getenv +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + for ac_func in strnstr memdup strndup strerror_r +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + for ac_func in reallocarray +do : + ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" +if test "x$ac_cv_func_reallocarray" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_REALLOCARRAY 1 +_ACEOF + +fi +done + + ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "#include +" +if test "x$ac_cv_have_decl_reallocarray" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_REALLOCARRAY $ac_have_decl +_ACEOF + + for ac_func in fdwalk +do : + ac_fn_c_check_func "$LINENO" "fdwalk" "ac_cv_func_fdwalk" +if test "x$ac_cv_func_fdwalk" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_FDWALK 1 +_ACEOF + +fi +done + + for ac_func in setenv +do : + ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv" +if test "x$ac_cv_func_setenv" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETENV 1 +_ACEOF + +fi +done + + for ac_func in getpeereid +do : + ac_fn_c_check_func "$LINENO" "getpeereid" "ac_cv_func_getpeereid" +if test "x$ac_cv_func_getpeereid" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETPEEREID 1 +_ACEOF + +fi +done + + for ac_func in getpeerucred +do : + ac_fn_c_check_func "$LINENO" "getpeerucred" "ac_cv_func_getpeerucred" +if test "x$ac_cv_func_getpeerucred" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETPEERUCRED 1 +_ACEOF + +fi +done + + for ac_func in issetugid +do : + ac_fn_c_check_func "$LINENO" "issetugid" "ac_cv_func_issetugid" +if test "x$ac_cv_func_issetugid" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ISSETUGID 1 +_ACEOF + +fi +done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for thread-local storage class" >&5 +$as_echo_n "checking for thread-local storage class... " >&6; } +if ${ac_cv_tls_keyword+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_tls_keyword= + for keyword in _Thread_local __thread; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +static $keyword foo; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_tls_keyword=$keyword +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_tls_keyword" >&5 +$as_echo "$ac_cv_tls_keyword" >&6; } + if test -n "$ac_cv_tls_keyword"; then + +cat >>confdefs.h <<_ACEOF +#define P11_TLS_KEYWORD $ac_cv_tls_keyword +_ACEOF + + fi + + # Required functions + for ac_func in gmtime_r +do : + ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r" +if test "x$ac_cv_func_gmtime_r" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GMTIME_R 1 +_ACEOF + +$as_echo "#define HAVE_GMTIME_R 1" >>confdefs.h + +else + as_fn_error $? "could not find required gmtime_r() function" "$LINENO" 5 +fi +done + + + # Check if these are declared and/or available to link against + ac_fn_c_check_decl "$LINENO" "program_invocation_short_name" "ac_cv_have_decl_program_invocation_short_name" "#include +" +if test "x$ac_cv_have_decl_program_invocation_short_name" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME $ac_have_decl +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether program_invocation_short_name is available" >&5 +$as_echo_n "checking whether program_invocation_short_name is available... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +program_invocation_short_name = "test"; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +$as_echo "#define HAVE_PROGRAM_INVOCATION_SHORT_NAME 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_fn_c_check_decl "$LINENO" "__progname" "ac_cv_have_decl___progname" "$ac_includes_default" +if test "x$ac_cv_have_decl___progname" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL___PROGNAME $ac_have_decl +_ACEOF + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern char *__progname; +int +main () +{ +__progname=(char*)0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern int __libc_enable_secure; +int +main () +{ +__libc_enable_secure = 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +$as_echo "#define HAVE___LIBC_ENABLE_SECURE 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_fn_c_check_type "$LINENO" "sighandler_t" "ac_cv_type_sighandler_t" "#include + #include +" +if test "x$ac_cv_type_sighandler_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SIGHANDLER_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "sig_t" "ac_cv_type_sig_t" "#include + #include +" +if test "x$ac_cv_type_sig_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SIG_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "__sighandler_t" "ac_cv_type___sighandler_t" "#include + #include +" +if test "x$ac_cv_type___sighandler_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE___SIGHANDLER_T 1 +_ACEOF + + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsock support is available" >&5 +$as_echo_n "checking whether vsock support is available... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include +int +main () +{ +struct sockaddr_vm sa = { + .svm_family = AF_VSOCK, + .svm_cid = VMADDR_CID_ANY, + }; + (void)&sa; + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +$as_echo "#define HAVE_VSOCK 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + +# These are thngs we can work around +for ac_func in asprintf vasprintf vsnprintf +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +ac_fn_c_check_decl "$LINENO" "asprintf" "ac_cv_have_decl_asprintf" "#include +" +if test "x$ac_cv_have_decl_asprintf" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_ASPRINTF $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "vasprintf" "ac_cv_have_decl_vasprintf" "#include +" +if test "x$ac_cv_have_decl_vasprintf" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_VASPRINTF $ac_have_decl +_ACEOF + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dgettext in -lintl" >&5 +$as_echo_n "checking for dgettext in -lintl... " >&6; } +if ${ac_cv_lib_intl_dgettext+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dgettext (); +int +main () +{ +return dgettext (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_dgettext=yes +else + ac_cv_lib_intl_dgettext=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_dgettext" >&5 +$as_echo "$ac_cv_lib_intl_dgettext" >&6; } +if test "x$ac_cv_lib_intl_dgettext" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBINTL 1 +_ACEOF + + LIBS="-lintl $LIBS" + +fi + + +# ------------------------------------------------------------------------------ +# PKCS#11 Directories + + +# Check whether --with-module-config was given. +if test "${with_module_config+set}" = set; then : + withval=$with_module_config; module_config=$withval +else + module_config='${pkgdatadir}/modules' +fi + + + +# Check whether --with-system-config was given. +if test "${with_system_config+set}" = set; then : + withval=$with_system_config; system_config_dir=$withval +else + system_config_dir=$sysconfdir/pkcs11 +fi + + + +# Check whether --with-user-config was given. +if test "${with_user_config+set}" = set; then : + withval=$with_user_config; user_config_dir=$withval +else + user_config_dir="~/.config/pkcs11" +fi + + + +# Check whether --with-module-path was given. +if test "${with_module_path+set}" = set; then : + withval=$with_module_path; module_path=$withval +else + module_path=$libdir/pkcs11 +fi + + +# We expand these so we have concrete paths +p11_system_config=$system_config_dir +p11_system_config_file=$p11_system_config/pkcs11.conf +p11_system_config_modules=$p11_system_config/modules +p11_package_config_modules=$module_config +p11_user_config=$user_config_dir +p11_user_config_file="$p11_user_config/pkcs11.conf" +p11_user_config_modules="$p11_user_config/modules" +p11_module_path="$module_path" + + + + + + + + + + +# -------------------------------------------------------------------- +# libtasn1 support + + +# Check whether --with-libtasn1 was given. +if test "${with_libtasn1+set}" = set; then : + withval=$with_libtasn1; +fi + + +if test "$with_libtasn1" != "no"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBTASN1" >&5 +$as_echo_n "checking for LIBTASN1... " >&6; } + +if test -n "$LIBTASN1_CFLAGS"; then + pkg_cv_LIBTASN1_CFLAGS="$LIBTASN1_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= 2.3\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libtasn1 >= 2.3") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBTASN1_CFLAGS=`$PKG_CONFIG --cflags "libtasn1 >= 2.3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBTASN1_LIBS"; then + pkg_cv_LIBTASN1_LIBS="$LIBTASN1_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= 2.3\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libtasn1 >= 2.3") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBTASN1_LIBS=`$PKG_CONFIG --libs "libtasn1 >= 2.3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libtasn1 >= 2.3" 2>&1` + else + LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libtasn1 >= 2.3" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBTASN1_PKG_ERRORS" >&5 + + as_fn_error $? "libtasn1 not found. Building without it results in significant loss of functionality. To proceed use --without-libtasn1" "$LINENO" 5 + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "libtasn1 not found. Building without it results in significant loss of functionality. To proceed use --without-libtasn1" "$LINENO" 5 + +else + LIBTASN1_CFLAGS=$pkg_cv_LIBTASN1_CFLAGS + LIBTASN1_LIBS=$pkg_cv_LIBTASN1_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + + # Extract the first word of "asn1Parser", so it can be a program name with args. +set dummy asn1Parser; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ASN1PARSER+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ASN1PARSER in + [\\/]* | ?:[\\/]*) + ac_cv_path_ASN1PARSER="$ASN1PARSER" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ASN1PARSER="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ASN1PARSER=$ac_cv_path_ASN1PARSER +if test -n "$ASN1PARSER"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ASN1PARSER" >&5 +$as_echo "$ASN1PARSER" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + with_libtasn1="yes" + +cat >>confdefs.h <<_ACEOF +#define WITH_ASN1 1 +_ACEOF + + +fi + + if test "$with_libtasn1" = "yes"; then + WITH_ASN1_TRUE= + WITH_ASN1_FALSE='#' +else + WITH_ASN1_TRUE='#' + WITH_ASN1_FALSE= +fi + + +# -------------------------------------------------------------------- +# libffi + + +# Check whether --with-libffi was given. +if test "${with_libffi+set}" = set; then : + withval=$with_libffi; +fi + + +if test "$with_libffi" != "no"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBFFI" >&5 +$as_echo_n "checking for LIBFFI... " >&6; } + +if test -n "$LIBFFI_CFLAGS"; then + pkg_cv_LIBFFI_CFLAGS="$LIBFFI_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libffi >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libffi >= 3.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBFFI_CFLAGS=`$PKG_CONFIG --cflags "libffi >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBFFI_LIBS"; then + pkg_cv_LIBFFI_LIBS="$LIBFFI_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libffi >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libffi >= 3.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBFFI_LIBS=`$PKG_CONFIG --libs "libffi >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBFFI_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libffi >= 3.0.0" 2>&1` + else + LIBFFI_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libffi >= 3.0.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBFFI_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libffi >= 3.0.0) were not met: + +$LIBFFI_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables LIBFFI_CFLAGS +and LIBFFI_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables LIBFFI_CFLAGS +and LIBFFI_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + LIBFFI_CFLAGS=$pkg_cv_LIBFFI_CFLAGS + LIBFFI_LIBS=$pkg_cv_LIBFFI_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +cat >>confdefs.h <<_ACEOF +#define WITH_FFI 1 +_ACEOF + + + + + with_libffi="yes" +fi + + if test "$with_libffi" = "yes"; then + WITH_FFI_TRUE= + WITH_FFI_FALSE='#' +else + WITH_FFI_TRUE='#' + WITH_FFI_FALSE= +fi + + + +# Check whether --with-closures was given. +if test "${with_closures+set}" = set; then : + withval=$with_closures; closures=$withval +else + closures=64 +fi + + +if test "$closures" -lt 1; then + as_fn_error $? "at least one closure must be compiled in" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define P11_VIRTUAL_MAX_FIXED $closures +_ACEOF + + + +# -------------------------------------------------------------------- +# Hash implementation + + +# Check whether --with-hash-impl was given. +if test "${with_hash_impl+set}" = set; then : + withval=$with_hash_impl; +fi + + +if test "$with_hash_impl" = ""; then : + with_hash_impl=internal +fi + +case $with_hash_impl in #( + freebl) : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSSLOW_Init in -lfreebl3" >&5 +$as_echo_n "checking for NSSLOW_Init in -lfreebl3... " >&6; } +if ${ac_cv_lib_freebl3_NSSLOW_Init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lfreebl3 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char NSSLOW_Init (); +int +main () +{ +return NSSLOW_Init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_freebl3_NSSLOW_Init=yes +else + ac_cv_lib_freebl3_NSSLOW_Init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_freebl3_NSSLOW_Init" >&5 +$as_echo "$ac_cv_lib_freebl3_NSSLOW_Init" >&6; } +if test "x$ac_cv_lib_freebl3_NSSLOW_Init" = xyes; then : + + HASH_LIBS=-lfreebl3 + +cat >>confdefs.h <<_ACEOF +#define WITH_FREEBL 1 +_ACEOF + + +else + as_fn_error $? "could not find the freebl3 library" "$LINENO" 5 + +fi + + ;; #( + internal) : + + HASH_LIBS= + ;; #( + *) : + + as_fn_error $? "unsupported hash impl: $with_hash_impl" "$LINENO" 5 + + ;; +esac + + + +# -------------------------------------------------------------------- +# Trust Module + +# Check whether --enable-trust-module was given. +if test "${enable_trust_module+set}" = set; then : + enableval=$enable_trust_module; +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if trust module is enabled" >&5 +$as_echo_n "checking if trust module is enabled... " >&6; } +if test "$with_libtasn1" != "yes"; then : + + if test "$enable_trust_module" = "yes"; then : + + as_fn_error $? "--with-libtasn1 is needed in order to build the trust module" "$LINENO" 5 + +fi + if test "$enable_trust_module" != "no"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-libtasn1 is needed in order to build the trust module, disabling" >&5 +$as_echo "$as_me: WARNING: --with-libtasn1 is needed in order to build the trust module, disabling" >&2;} + +fi + enable_trust_module="no" + +fi + +if test "$enable_trust_module" != "no"; then : + enable_trust_module="yes" +fi + if test "$enable_trust_module" = "yes"; then + WITH_TRUST_MODULE_TRUE= + WITH_TRUST_MODULE_FALSE='#' +else + WITH_TRUST_MODULE_TRUE='#' + WITH_TRUST_MODULE_FALSE= +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_trust_module" >&5 +$as_echo "$enable_trust_module" >&6; } + + +# Check whether --with-trust-paths was given. +if test "${with_trust_paths+set}" = set; then : + withval=$with_trust_paths; +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for trust module paths" >&5 +$as_echo_n "checking for trust module paths... " >&6; } + +# This option was disabled, no anchors +if test "$with_trust_paths" = "no"; then + with_trust_paths="" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + +elif test "$enable_trust_module" != "yes"; then + if test "$with_trust_paths" != ""; then + as_fn_error $? "need --enable-trust-module in order to specify trust module paths." "$LINENO" 5 + fi + with_trust_paths="" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + +# Option was not set, try to detect +elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then + with_trust_paths="" + for f in /etc/pki/tls/certs/ca-bundle.crt \ + /etc/ssl/certs/ca-certificates.crt \ + /etc/ssl/ca-bundle.pem \ + /etc/ssl/ca-bundle.crt; do + if test -f "$f"; then + with_trust_paths="$f" + break + fi + done + + if test "$with_trust_paths" = ""; then + as_fn_error $? "could not find. Use --with-trust-paths=/path to set, or --without-trust-paths to disable" "$LINENO" 5 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_trust_paths" >&5 +$as_echo "$with_trust_paths" >&6; } + +else + # Anchors explicitly set + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_trust_paths" >&5 +$as_echo "$with_trust_paths" >&6; } +fi + + +cat >>confdefs.h <<_ACEOF +#define TRUST_PATHS "$with_trust_paths" +_ACEOF + + + +# -------------------------------------------------------------------- +# GTK Doc + +# Extract the first word of "gtkdoc-check", so it can be a program name with args. +set dummy gtkdoc-check; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_CHECK+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_CHECK in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_CHECK="$GTKDOC_CHECK" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_CHECK="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_CHECK=$ac_cv_path_GTKDOC_CHECK +if test -n "$GTKDOC_CHECK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_CHECK" >&5 +$as_echo "$GTKDOC_CHECK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +for ac_prog in gtkdoc-rebase +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_REBASE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_REBASE in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_REBASE="$GTKDOC_REBASE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_REBASE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_REBASE=$ac_cv_path_GTKDOC_REBASE +if test -n "$GTKDOC_REBASE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_REBASE" >&5 +$as_echo "$GTKDOC_REBASE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$GTKDOC_REBASE" && break +done +test -n "$GTKDOC_REBASE" || GTKDOC_REBASE="true" + +# Extract the first word of "gtkdoc-mkpdf", so it can be a program name with args. +set dummy gtkdoc-mkpdf; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_MKPDF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_MKPDF in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_MKPDF="$GTKDOC_MKPDF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_MKPDF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_MKPDF=$ac_cv_path_GTKDOC_MKPDF +if test -n "$GTKDOC_MKPDF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_MKPDF" >&5 +$as_echo "$GTKDOC_MKPDF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "gtkdoc-scan", so it can be a program name with args. +set dummy gtkdoc-scan; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_SCAN+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_SCAN in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_SCAN="$GTKDOC_SCAN" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_SCAN="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_SCAN=$ac_cv_path_GTKDOC_SCAN +if test -n "$GTKDOC_SCAN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_SCAN" >&5 +$as_echo "$GTKDOC_SCAN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "xsltproc", so it can be a program name with args. +set dummy xsltproc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XSLTPROC+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $XSLTPROC in + [\\/]* | ?:[\\/]*) + ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +XSLTPROC=$ac_cv_path_XSLTPROC +if test -n "$XSLTPROC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 +$as_echo "$XSLTPROC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + +# Check whether --with-html-dir was given. +if test "${with_html_dir+set}" = set; then : + withval=$with_html_dir; +else + with_html_dir='${datadir}/gtk-doc/html' +fi + +HTML_DIR="$with_html_dir" + + +# Check whether --enable-doc was given. +if test "${enable_doc+set}" = set; then : + enableval=$enable_doc; +else + enable_doc=no +fi + + +if test x$enable_doc = xyes; then + if test -z "$GTKDOC_SCAN"; then + as_fn_error $? "gtk-doc not installed and --enable-doc requested" "$LINENO" 5 + fi + if test -z "$XSLTPROC"; then + as_fn_error $? "the xsltproc command was not found and --enable-doc requested" "$LINENO" 5 + fi + doc_status="yes (manual, reference)" +else + enable_doc=no + doc_status="no (no manual or reference)" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build documentation" >&5 +$as_echo_n "checking whether to build documentation... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_doc" >&5 +$as_echo "$enable_doc" >&6; } + +# Check whether --enable-doc-html was given. +if test "${enable_doc_html+set}" = set; then : + enableval=$enable_doc_html; +else + enable_doc_html=yes +fi + +# Check whether --enable-doc-pdf was given. +if test "${enable_doc_pdf+set}" = set; then : + enableval=$enable_doc_pdf; +else + enable_doc_pdf=no +fi + + +if test -z "$GTKDOC_MKPDF"; then + enable_doc_pdf=no +fi + + if test x$enable_doc = xyes; then + ENABLE_GTK_DOC_TRUE= + ENABLE_GTK_DOC_FALSE='#' +else + ENABLE_GTK_DOC_TRUE='#' + ENABLE_GTK_DOC_FALSE= +fi + + if test x$enable_doc_html = xyes; then + GTK_DOC_BUILD_HTML_TRUE= + GTK_DOC_BUILD_HTML_FALSE='#' +else + GTK_DOC_BUILD_HTML_TRUE='#' + GTK_DOC_BUILD_HTML_FALSE= +fi + + if test x$enable_doc_pdf = xyes; then + GTK_DOC_BUILD_PDF_TRUE= + GTK_DOC_BUILD_PDF_FALSE='#' +else + GTK_DOC_BUILD_PDF_TRUE='#' + GTK_DOC_BUILD_PDF_FALSE= +fi + + if test -n "$LIBTOOL"; then + GTK_DOC_USE_LIBTOOL_TRUE= + GTK_DOC_USE_LIBTOOL_FALSE='#' +else + GTK_DOC_USE_LIBTOOL_TRUE='#' + GTK_DOC_USE_LIBTOOL_FALSE= +fi + + if test -n "$GTKDOC_REBASE"; then + GTK_DOC_USE_REBASE_TRUE= + GTK_DOC_USE_REBASE_FALSE='#' +else + GTK_DOC_USE_REBASE_TRUE='#' + GTK_DOC_USE_REBASE_FALSE= +fi + + +# -------------------------------------------------------------------- +# Compilation and linking options + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for debug mode" >&5 +$as_echo_n "checking for debug mode... " >&6; } +# Check whether --enable-debug was given. +if test "${enable_debug+set}" = set; then : + enableval=$enable_debug; +fi + + +if test "$enable_debug" != "no"; then + +cat >>confdefs.h <<_ACEOF +#define WITH_DEBUG 1 +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define _DEBUG 1 +_ACEOF + + CFLAGS="$CFLAGS -g" +fi + +if test "$enable_debug" = "yes"; then + debug_status="yes (-g, -O0, debug output)" + CFLAGS="$CFLAGS -O0" +elif test "$enable_debug" = "no"; then + debug_status="no (no debug output, NDEBUG)" + +cat >>confdefs.h <<_ACEOF +#define NDEBUG 1 +_ACEOF + +else + debug_status="default (-g, debug output)" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $debug_status" >&5 +$as_echo "$debug_status" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for more warnings" >&5 +$as_echo_n "checking for more warnings... " >&6; } +if test "$GCC" = "yes"; then + CFLAGS="$CFLAGS \ + -Wall -Wstrict-prototypes -Wmissing-declarations \ + -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ + -Wdeclaration-after-statement -Wformat=2 -Winit-self \ + -Waggregate-return -Wno-missing-format-attribute \ + -fno-strict-aliasing -fno-common" + + for option in -Wmissing-include-dirs -Wundef; do + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $option" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether gcc understands $option" >&5 +$as_echo_n "checking whether gcc understands $option... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + has_option=yes +else + has_option=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $has_option" >&5 +$as_echo "$has_option" >&6; } + if test $has_option = no; then + CFLAGS="$SAVE_CFLAGS" + fi + done +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +# Check whether --enable-strict was given. +if test "${enable_strict+set}" = set; then : + enableval=$enable_strict; +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build strict" >&5 +$as_echo_n "checking build strict... " >&6; } + +if test "$enable_strict" = "yes"; then + CFLAGS="$CFLAGS -Werror" + +cat >>confdefs.h <<_ACEOF +#define WITH_STRICT 1 +_ACEOF + + strict_status="yes (-Werror, fatals)" +else + strict_status="no" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $strict_status" >&5 +$as_echo "$strict_status" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with gcov testing" >&5 +$as_echo_n "checking whether to build with gcov testing... " >&6; } +# Check whether --enable-coverage was given. +if test "${enable_coverage+set}" = set; then : + enableval=$enable_coverage; +else + enable_coverage=no +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_coverage" >&5 +$as_echo "$enable_coverage" >&6; } + +if test "$enable_coverage" = "yes"; then + if test "$GCC" != "yes"; then + as_fn_error $? "Coverage testing requires GCC" "$LINENO" 5 + fi + + # Extract the first word of "gcov", so it can be a program name with args. +set dummy gcov; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GCOV in + [\\/]* | ?:[\\/]*) + ac_cv_path_GCOV="$GCOV" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GCOV="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GCOV" && ac_cv_path_GCOV="no" + ;; +esac +fi +GCOV=$ac_cv_path_GCOV +if test -n "$GCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCOV" >&5 +$as_echo "$GCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "$GCOV" = "no" ; then + as_fn_error $? "gcov tool is not available" "$LINENO" 5 + fi + + # Extract the first word of "lcov", so it can be a program name with args. +set dummy lcov; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_LCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $LCOV in + [\\/]* | ?:[\\/]*) + ac_cv_path_LCOV="$LCOV" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_LCOV="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_LCOV" && ac_cv_path_LCOV="no" + ;; +esac +fi +LCOV=$ac_cv_path_LCOV +if test -n "$LCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LCOV" >&5 +$as_echo "$LCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "$LCOV" = "no" ; then + as_fn_error $? "lcov tool is not installed" "$LINENO" 5 + fi + + # Extract the first word of "genhtml", so it can be a program name with args. +set dummy genhtml; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GENHTML+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GENHTML in + [\\/]* | ?:[\\/]*) + ac_cv_path_GENHTML="$GENHTML" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GENHTML="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GENHTML" && ac_cv_path_GENHTML="no" + ;; +esac +fi +GENHTML=$ac_cv_path_GENHTML +if test -n "$GENHTML"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GENHTML" >&5 +$as_echo "$GENHTML" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "$GENHTML" = "no" ; then + as_fn_error $? "lcov's genhtml tool is not installed" "$LINENO" 5 + fi + + CFLAGS="$CFLAGS -O0 -g --coverage" + LDFLAGS="$LDFLAGS --coverage" +fi + + if test "$enable_coverage" = "yes"; then + WITH_COVERAGE_TRUE= + WITH_COVERAGE_FALSE='#' +else + WITH_COVERAGE_TRUE='#' + WITH_COVERAGE_FALSE= +fi + + + + + +# --------------------------------------------------------------------- + +P11KIT_LT_RELEASE=$P11KIT_CURRENT:$P11KIT_REVISION:$P11KIT_AGE + + +echo $PACKAGE_VERSION | tr '.' ' ' | while read major minor unused; do + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_MAJOR $major +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_MINOR $minor +_ACEOF + + break +done + +case "$host" in +*-*-darwin*) + # It seems like libtool lies about this see: + # https://bugs.freedesktop.org/show_bug.cgi?id=57714 + SHLEXT='.so' + ;; +*) + eval SHLEXT=$shrext_cmds + ;; +esac + + +cat >>confdefs.h <<_ACEOF +#define SHLEXT "$SHLEXT" +_ACEOF + + + + +cat >>confdefs.h <<_ACEOF +#define EXEEXT "$EXEEXT" +_ACEOF + + +privatedir='${libexecdir}/p11-kit' + + +# -------------------------------------------------------------------- +# systemd + + +# Check whether --with-systemd was given. +if test "${with_systemd+set}" = set; then : + withval=$with_systemd; +fi + + +if test "$with_systemd" != "no"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSYSTEMD" >&5 +$as_echo_n "checking for LIBSYSTEMD... " >&6; } + +if test -n "$LIBSYSTEMD_CFLAGS"; then + pkg_cv_LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBSYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBSYSTEMD_LIBS"; then + pkg_cv_LIBSYSTEMD_LIBS="$LIBSYSTEMD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBSYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBSYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1` + else + LIBSYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBSYSTEMD_PKG_ERRORS" >&5 + + with_systemd=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + with_systemd=no +else + LIBSYSTEMD_CFLAGS=$pkg_cv_LIBSYSTEMD_CFLAGS + LIBSYSTEMD_LIBS=$pkg_cv_LIBSYSTEMD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + +if test -n "$systemduserunitdir"; then + pkg_cv_systemduserunitdir="$systemduserunitdir" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"systemd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "systemd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_systemduserunitdir=`$PKG_CONFIG --variable="systemduserunitdir" "systemd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +systemduserunitdir=$pkg_cv_systemduserunitdir + +if test "x$systemduserunitdir" = x""; then : + with_systemd=no +fi + + if test "$with_systemd" != "no"; then : + + with_systemd=yes + +cat >>confdefs.h <<_ACEOF +#define WITH_SYSTEMD 1 +_ACEOF + + +fi + +fi + + if test "$with_systemd" = "yes"; then + WITH_SYSTEMD_TRUE= + WITH_SYSTEMD_FALSE='#' +else + WITH_SYSTEMD_TRUE='#' + WITH_SYSTEMD_FALSE= +fi + + +# -------------------------------------------------------------------- +# bash completion + + +# Check whether --with-bash-completion was given. +if test "${with_bash_completion+set}" = set; then : + withval=$with_bash_completion; +fi + + +if test "$with_bash_completion" != "no"; then : + + +if test -n "$bashcompdir"; then + pkg_cv_bashcompdir="$bashcompdir" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"bash-completion\""; } >&5 + ($PKG_CONFIG --exists --print-errors "bash-completion") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_bashcompdir=`$PKG_CONFIG --variable="completionsdir" "bash-completion" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +bashcompdir=$pkg_cv_bashcompdir + +if test "x$bashcompdir" = x""; then : + +else + with_bash_completion=yes +fi + + +fi + + if test "$with_bash_completion" = "yes"; then + WITH_BASH_COMPLETION_TRUE= + WITH_BASH_COMPLETION_FALSE='#' +else + WITH_BASH_COMPLETION_TRUE='#' + WITH_BASH_COMPLETION_FALSE= +fi + + + +ac_config_files="$ac_config_files Makefile doc/Makefile doc/manual/Makefile po/Makefile.in p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example trust/trust-extract-compat trust/test-init.sh" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } +if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then + as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LD_VERSION_SCRIPT_TRUE}" && test -z "${HAVE_LD_VERSION_SCRIPT_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LD_VERSION_SCRIPT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_WIN32_TRUE}" && test -z "${OS_WIN32_FALSE}"; then + as_fn_error $? "conditional \"OS_WIN32\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +if test -z "${WITH_ASN1_TRUE}" && test -z "${WITH_ASN1_FALSE}"; then + as_fn_error $? "conditional \"WITH_ASN1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_FFI_TRUE}" && test -z "${WITH_FFI_FALSE}"; then + as_fn_error $? "conditional \"WITH_FFI\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_TRUST_MODULE_TRUE}" && test -z "${WITH_TRUST_MODULE_FALSE}"; then + as_fn_error $? "conditional \"WITH_TRUST_MODULE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_GTK_DOC_TRUE}" && test -z "${ENABLE_GTK_DOC_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_GTK_DOC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_BUILD_HTML_TRUE}" && test -z "${GTK_DOC_BUILD_HTML_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_BUILD_HTML\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_BUILD_PDF_TRUE}" && test -z "${GTK_DOC_BUILD_PDF_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_BUILD_PDF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_LIBTOOL_TRUE}" && test -z "${GTK_DOC_USE_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_REBASE_TRUE}" && test -z "${GTK_DOC_USE_REBASE_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_REBASE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_COVERAGE_TRUE}" && test -z "${WITH_COVERAGE_FALSE}"; then + as_fn_error $? "conditional \"WITH_COVERAGE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_SYSTEMD_TRUE}" && test -z "${WITH_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"WITH_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_BASH_COMPLETION_TRUE}" && test -z "${WITH_BASH_COMPLETION_FALSE}"; then + as_fn_error $? "conditional \"WITH_BASH_COMPLETION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by p11-kit $as_me 0.23.21, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to . +p11-kit home page: ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +p11-kit config.status 0.23.21 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' +macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' +pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' +SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' +ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' +host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' +host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' +host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' +build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' +build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' +build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' +SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' +Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' +GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' +EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' +FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' +LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' +NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' +LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' +ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' +exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' +lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' +lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' +lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' +reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' +file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' +want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' +DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' +sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' +AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' +archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' +STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' +RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' +lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' +CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' +compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' +GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' +nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' +lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' +objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' +need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' +MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' +LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' +OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' +libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' +module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' +postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' +need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' +version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' +runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' +libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' +soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' +install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' +finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' +configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' +configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' +old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' +striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL \ +ECHO \ +PATH_SEPARATOR \ +SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +file_magic_glob \ +want_nocaseglob \ +DLLTOOL \ +sharedlib_from_linklib_cmd \ +AR \ +AR_FLAGS \ +archiver_list_spec \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_import \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +lt_cv_nm_interface \ +nm_file_list_spec \ +lt_cv_truncate_bin \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_pic \ +lt_prog_compiler_wl \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +MANIFEST_TOOL \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_separator \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +install_override_mode \ +finish_eval \ +old_striplib \ +striplib; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postlink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +configure_time_dlsearch_path \ +configure_time_lt_sys_library_path; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +ac_aux_dir='$ac_aux_dir' + +# See if we are running on zsh, and set the options that allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + RM='$RM' + ofile='$ofile' + + + +# Capture the value of obsolete ALL_LINGUAS because we need it to compute + # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. + OBSOLETE_ALL_LINGUAS="$ALL_LINGUAS" + # Capture the value of LINGUAS because we need it to compute CATALOGS. + LINGUAS="${LINGUAS-%UNSET%}" + + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "doc/manual/Makefile") CONFIG_FILES="$CONFIG_FILES doc/manual/Makefile" ;; + "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; + "p11-kit/p11-kit-1.pc") CONFIG_FILES="$CONFIG_FILES p11-kit/p11-kit-1.pc" ;; + "p11-kit/pkcs11.conf.example") CONFIG_FILES="$CONFIG_FILES p11-kit/pkcs11.conf.example" ;; + "trust/trust-extract-compat") CONFIG_FILES="$CONFIG_FILES trust/trust-extract-compat" ;; + "trust/test-init.sh") CONFIG_FILES="$CONFIG_FILES trust/test-init.sh" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + case $CONFIG_FILES in #( + *\'*) : + eval set x "$CONFIG_FILES" ;; #( + *) : + set x $CONFIG_FILES ;; #( + *) : + ;; +esac + shift + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf + do + # Strip MF so we end up with the name of the file. + am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`$as_dirname -- "$am_mf" || +$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$am_mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + am_filepart=`$as_basename -- "$am_mf" || +$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { echo "$as_me:$LINENO: cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles" >&5 + (cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } || am_rc=$? + done + if test $am_rc -ne 0; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). +See \`config.log' for more details" "$LINENO" 5; } + fi + { am_dirpart=; unset am_dirpart;} + { am_filepart=; unset am_filepart;} + { am_mf=; unset am_mf;} + { am_rc=; unset am_rc;} + rm -f conftest-deps.mk +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options that allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + + cfgfile=${ofile}T + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL +# Generated automatically by $as_me ($PACKAGE) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# The names of the tagged configurations supported by this script. +available_tags='' + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm into a list of symbols to manually relocate. +global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# The name lister interface. +nm_interface=$lt_lt_cv_nm_interface + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and where our libraries should be installed. +lt_sysroot=$lt_sysroot + +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# ### END LIBTOOL CONFIG + +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain=$ac_aux_dir/ltmain.sh + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + ;; + "po-directories":C) + for ac_file in $CONFIG_FILES; do + # Support "outfile[:infile[:infile...]]" + case "$ac_file" in + *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + esac + # PO directories have a Makefile.in generated from Makefile.in.in. + case "$ac_file" in */Makefile.in) + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + # Treat a directory as a PO directory if and only if it has a + # POTFILES.in file. This allows packages to have multiple PO + # directories under different names or in different locations. + if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then + rm -f "$ac_dir/POTFILES" + test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" + gt_tab=`printf '\t'` + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + POMAKEFILEDEPS="POTFILES.in" + # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend + # on $ac_dir but don't depend on user-specified configuration + # parameters. + if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then + # The LINGUAS file contains the set of available languages. + if test -n "$OBSOLETE_ALL_LINGUAS"; then + test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" + fi + ALL_LINGUAS=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` + POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" + else + # The set of available languages was given in configure.in. + ALL_LINGUAS=$OBSOLETE_ALL_LINGUAS + fi + # Compute POFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) + # Compute UPDATEPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) + # Compute DUMMYPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) + # Compute GMOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) + case "$ac_given_srcdir" in + .) srcdirpre= ;; + *) srcdirpre='$(srcdir)/' ;; + esac + POFILES= + UPDATEPOFILES= + DUMMYPOFILES= + GMOFILES= + for lang in $ALL_LINGUAS; do + POFILES="$POFILES $srcdirpre$lang.po" + UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" + DUMMYPOFILES="$DUMMYPOFILES $lang.nop" + GMOFILES="$GMOFILES $srcdirpre$lang.gmo" + done + # CATALOGS depends on both $ac_dir and the user's LINGUAS + # environment variable. + INST_LINGUAS= + if test -n "$ALL_LINGUAS"; then + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "$LINGUAS"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + INST_LINGUAS="$INST_LINGUAS $presentlang" + fi + done + fi + CATALOGS= + if test -n "$INST_LINGUAS"; then + for lang in $INST_LINGUAS; do + CATALOGS="$CATALOGS $lang.gmo" + done + fi + test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" + sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" + for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do + if test -f "$f"; then + case "$f" in + *.orig | *.bak | *~) ;; + *) cat "$f" >> "$ac_dir/Makefile" ;; + esac + fi + done + fi + ;; + esac + done ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +# Format paths arguments which should wrap correctly in the output +indent='\n ' +trust_status=$(echo "$with_trust_paths" | sed -e "s/:/$indent/g") + +{ $as_echo "$as_me:${as_lineno-$LINENO}: build options: + + Host: $host + Debug build: $debug_status + Strict build: $strict_status + Build documentation: $doc_status + System global config: $p11_system_config_file + System module config directory: $p11_system_config_modules + Package module config directory: $p11_package_config_modules + User global config: $p11_user_config_file + User module config directory: $p11_user_config_modules + Load relative module paths from: $p11_module_path + + With libtasn1 dependency: $with_libtasn1 + With libffi: $with_libffi + With hash implementation: $with_hash_impl + With systemd: $with_systemd + + Build trust module: $enable_trust_module + Trust module paths: $trust_status + +" >&5 +$as_echo "$as_me: build options: + + Host: $host + Debug build: $debug_status + Strict build: $strict_status + Build documentation: $doc_status + System global config: $p11_system_config_file + System module config directory: $p11_system_config_modules + Package module config directory: $p11_package_config_modules + User global config: $p11_user_config_file + User module config directory: $p11_user_config_modules + Load relative module paths from: $p11_module_path + + With libtasn1 dependency: $with_libtasn1 + With libffi: $with_libffi + With hash implementation: $with_hash_impl + With systemd: $with_systemd + + Build trust module: $enable_trust_module + Trust module paths: $trust_status + +" >&6;} diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..ac21cbb --- /dev/null +++ b/configure.ac @@ -0,0 +1,646 @@ +AC_PREREQ(2.61) + +AC_INIT([p11-kit], + [0.23.21], + [https://github.com/p11-glue/p11-kit/issues], + [p11-kit], + [https://p11-glue.github.io/p11-glue/p11-kit.html]) + +# ------------------------------------------------------------------------------ +# p11-kit libtool versioning +# CURRENT : REVISION : AGE +# +1 : 0 : +1 == new interface that does not break old one. +# +1 : 0 : 0 == removed an interface. Breaks old apps. +# ? : +1 : ? == internal changes that doesn't break anything. + +P11KIT_CURRENT=3 +P11KIT_REVISION=0 +P11KIT_AGE=3 + +# ------------------------------------------------------------------------------ + +AC_CONFIG_HEADERS([config.h]) +AC_CONFIG_MACRO_DIR([build/m4]) +AC_CONFIG_AUX_DIR([build/litter]) +AC_REQUIRE_AUX_FILE([tap-driver.sh]) +AM_INIT_AUTOMAKE([1.12 dist-xz no-dist-gzip foreign subdir-objects]) +AM_SANITY_CHECK +AM_MAINTAINER_MODE([enable]) +m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])],) +m4_ifdef([PKG_PREREQ], [PKG_PREREQ(0.29)], + [m4_fatal([pkg.m4 is too old; copy the latest version in build/m4])]) + +dnl Enable platform specific extensions. +AC_USE_SYSTEM_EXTENSIONS + +LT_PREREQ([2.2.6]) +LT_INIT([dlopen disable-static]) + +dnl Check if -Wl,--version-script is supported by the linker +gl_LD_VERSION_SCRIPT + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_CPP +AM_PROG_CC_C_O +PKG_PROG_PKG_CONFIG + +LINGUAS="" +AM_GNU_GETTEXT([external], [need-ngettext]) +AM_GNU_GETTEXT_VERSION([0.19.8]) +m4_ifdef([AM_GNU_GETTEXT_REQUIRE_VERSION],[ +AM_GNU_GETTEXT_REQUIRE_VERSION([0.19.8]) +]) + +if test "$enable_static" = "yes"; then + AC_MSG_ERROR([p11-kit cannot be used as a static library]) +fi + +AC_MSG_CHECKING([for win32]) +case "$host" in + *-*-mingw*) + AC_DEFINE_UNQUOTED(OS_WIN32, 1, [Building for win32]) + os_win32=yes + os_unix=no + ;; + *) + AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix]) + os_win32=no + os_unix=yes + ;; +esac +AC_MSG_RESULT([$os_win32]) +AM_CONDITIONAL(OS_WIN32, test "$os_win32" = "yes") + +AC_C_BIGENDIAN + +# ------------------------------------------------------------------------------ +# Checks for libraries and headers + +AC_HEADER_STDBOOL + +AC_CHECK_SIZEOF([unsigned long]) + +if test "$os_unix" = "yes"; then + AC_CHECK_FUNC([pthread_create], , [ + AC_CHECK_LIB(pthread, pthread_create, , [ + AC_MSG_ERROR([could not find pthread_create]) + ]) + ]) + + AC_CHECK_FUNC([nanosleep], , [ + AC_SEARCH_LIBS([nanosleep], [rt], , [ + AC_MSG_ERROR([could not find nanosleep]) + ]) + ]) + + AC_SEARCH_LIBS([dlopen], [dl dld], [], [ + AC_MSG_ERROR([could not find dlopen]) + ]) + + # for Solaris we need -lsocket -lnsl for socket stuff, gethostbyname + # is just a dummy to find -lnsl + AC_SEARCH_LIBS([gethostbyname], [nsl]) + AC_SEARCH_LIBS([connect], [socket], [], [ + AC_MSG_ERROR([could not find socket]) + ]) + + AC_CHECK_HEADERS([locale.h], [ + AC_CHECK_TYPES([locale_t], [], [], [[#include ]]) + AC_CHECK_FUNCS([newlocale strerror_l]) + ]) + + # These are things we can work around + AC_CHECK_HEADERS([sys/resource.h ucred.h]) + AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include ]) + AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp]) + AC_CHECK_FUNCS([getauxval getresuid secure_getenv]) + AC_CHECK_FUNCS([strnstr memdup strndup strerror_r]) + AC_CHECK_FUNCS([reallocarray]) + AC_CHECK_DECLS([reallocarray], [], [], [[#include ]]) + AC_CHECK_FUNCS([fdwalk]) + AC_CHECK_FUNCS([setenv]) + AC_CHECK_FUNCS([getpeereid]) + AC_CHECK_FUNCS([getpeerucred]) + AC_CHECK_FUNCS([issetugid]) + + AC_CACHE_CHECK([for thread-local storage class], + [ac_cv_tls_keyword], + [ac_cv_tls_keyword= + for keyword in _Thread_local __thread; do + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[static ]$keyword[ foo;]])], + [ac_cv_tls_keyword=$keyword]) + done]) + if test -n "$ac_cv_tls_keyword"; then + AC_DEFINE_UNQUOTED([P11_TLS_KEYWORD], [$ac_cv_tls_keyword], [the compiler keyword to define thread-local storage]) + fi + + # Required functions + AC_CHECK_FUNCS([gmtime_r], + [AC_DEFINE([HAVE_GMTIME_R], 1, [Whether gmtime_r() is available])], + [AC_MSG_ERROR([could not find required gmtime_r() function])]) + + # Check if these are declared and/or available to link against + AC_CHECK_DECLS([program_invocation_short_name], [], [], [#include ]) + AC_MSG_CHECKING([whether program_invocation_short_name is available]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[program_invocation_short_name = "test";]])], + [AC_DEFINE([HAVE_PROGRAM_INVOCATION_SHORT_NAME], [1], + [Whether program_invocation_short_name available]) + AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no])]) + AC_CHECK_DECLS([__progname]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern char *__progname;]], [[__progname=(char*)0;]])], + [AC_DEFINE(HAVE___PROGNAME, [1], [Whether __progname available])]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int __libc_enable_secure;]], [[__libc_enable_secure = 0;]])], + [AC_DEFINE(HAVE___LIBC_ENABLE_SECURE, [1], [Whether __libc_enable_secure available])]) + AC_CHECK_TYPES([sighandler_t, sig_t, __sighandler_t], [], [], + [[#include + #include ]]) + + AC_MSG_CHECKING([whether vsock support is available]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + #include ]], + [[struct sockaddr_vm sa = { + .svm_family = AF_VSOCK, + .svm_cid = VMADDR_CID_ANY, + }; + (void)&sa; + return 0;]])], + [AC_DEFINE([HAVE_VSOCK], [1], + [Whether vsock support available]) + AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no])]) + +fi + +# These are thngs we can work around +AC_CHECK_FUNCS([asprintf vasprintf vsnprintf]) +AC_CHECK_DECLS([asprintf, vasprintf], [], [], [[#include ]]) + +AC_CHECK_LIB(intl, dgettext) + +# ------------------------------------------------------------------------------ +# PKCS#11 Directories + +AC_ARG_WITH([module-config], + [AS_HELP_STRING([--with-module-config], [Module configuration files shipped by packages])], + [module_config=$withval], + [module_config='${pkgdatadir}/modules']) + +AC_ARG_WITH([system-config], + [AS_HELP_STRING([--with-system-config], [Change PKCS#11 system config directory])], + [system_config_dir=$withval], + [system_config_dir=$sysconfdir/pkcs11]) + +AC_ARG_WITH([user-config], + [AS_HELP_STRING([--with-user-config], [Change PKCS#11 user config directory])], + [user_config_dir=$withval], + [user_config_dir="~/.config/pkcs11"]) + +AC_ARG_WITH([module-path], + [AS_HELP_STRING([--with-module-path], [Load modules with relative path names from here])], + [module_path=$withval], + [module_path=$libdir/pkcs11]) + +# We expand these so we have concrete paths +p11_system_config=$system_config_dir +p11_system_config_file=$p11_system_config/pkcs11.conf +p11_system_config_modules=$p11_system_config/modules +p11_package_config_modules=$module_config +p11_user_config=$user_config_dir +p11_user_config_file="$p11_user_config/pkcs11.conf" +p11_user_config_modules="$p11_user_config/modules" +p11_module_path="$module_path" + +AC_SUBST(p11_system_config) +AC_SUBST(p11_system_config_file) +AC_SUBST(p11_system_config_modules) +AC_SUBST(p11_package_config_modules) +AC_SUBST(p11_user_config) +AC_SUBST(p11_user_config_file) +AC_SUBST(p11_user_config_modules) +AC_SUBST(p11_module_path) + +# -------------------------------------------------------------------- +# libtasn1 support + +AC_ARG_WITH([libtasn1], + AS_HELP_STRING([--without-libtasn1], + [Disable dependency on libtasn1]) +) + +AS_IF([test "$with_libtasn1" != "no"], [ + PKG_CHECK_MODULES([LIBTASN1], [libtasn1 >= 2.3], [], + [AC_MSG_ERROR([libtasn1 not found. Building without it results in significant loss of functionality. To proceed use --without-libtasn1])] + ) + AC_SUBST(LIBTASN1_CFLAGS) + AC_SUBST(LIBTASN1_LIBS) + AC_PATH_PROG([ASN1PARSER], [asn1Parser]) + with_libtasn1="yes" + AC_DEFINE_UNQUOTED(WITH_ASN1, 1, [Build with libtasn1 and certificate support]) +]) + +AM_CONDITIONAL(WITH_ASN1, test "$with_libtasn1" = "yes") + +# -------------------------------------------------------------------- +# libffi + +AC_ARG_WITH([libffi], + AS_HELP_STRING([--without-libffi], + [Don't use libffi for building closures])) + +if test "$with_libffi" != "no"; then + PKG_CHECK_MODULES(LIBFFI, [libffi >= 3.0.0]) + AC_DEFINE_UNQUOTED(WITH_FFI, 1, [Use libffi for building closures]) + AC_SUBST(LIBFFI_CFLAGS) + AC_SUBST(LIBFFI_LIBS) + + with_libffi="yes" +fi + +AM_CONDITIONAL(WITH_FFI, test "$with_libffi" = "yes") + +AC_ARG_WITH([closures], + [AS_HELP_STRING([--with-closures[=NUM]], + [the number of precompiled closures, used when libffi is unavailable])], + [closures=$withval], + [closures=64]) + +if test "$closures" -lt 1; then + AC_MSG_ERROR([at least one closure must be compiled in]) +fi + +AC_DEFINE_UNQUOTED(P11_VIRTUAL_MAX_FIXED, [$closures], [the number of closures]) +AC_SUBST(closures) + +# -------------------------------------------------------------------- +# Hash implementation + +AC_ARG_WITH([hash-impl], + AS_HELP_STRING([--with-hash-impl=@<:@freebl/internal@:>@], + [Choose the hash implementation to use]) +) + +AS_IF([test "$with_hash_impl" = ""], [with_hash_impl=internal]) + +AS_CASE([$with_hash_impl], + [freebl], [ + AC_CHECK_LIB(freebl3, NSSLOW_Init, + [ + HASH_LIBS=-lfreebl3 + AC_DEFINE_UNQUOTED(WITH_FREEBL, 1, [Use freebl for hash implementation]) + ], + AC_MSG_ERROR([could not find the freebl3 library]) + ) + ], + + [internal], [ + HASH_LIBS= + ], + + [ + AC_MSG_ERROR([unsupported hash impl: $with_hash_impl]) + ] +) + +AC_SUBST(HASH_LIBS) + +# -------------------------------------------------------------------- +# Trust Module + +AC_ARG_ENABLE([trust-module], + AS_HELP_STRING([--disable-trust-module], + [Disable building the trust module]) +) + +AC_MSG_CHECKING([if trust module is enabled]) +AS_IF([test "$with_libtasn1" != "yes"], [ + AS_IF([test "$enable_trust_module" = "yes"], [ + AC_MSG_ERROR([--with-libtasn1 is needed in order to build the trust module]) + ]) + AS_IF([test "$enable_trust_module" != "no"], [ + AC_MSG_WARN([--with-libtasn1 is needed in order to build the trust module, disabling]) + ]) + enable_trust_module="no" +]) + +AS_IF([test "$enable_trust_module" != "no"], [enable_trust_module="yes"]) +AM_CONDITIONAL(WITH_TRUST_MODULE, test "$enable_trust_module" = "yes") +AC_MSG_RESULT([$enable_trust_module]) + +AC_ARG_WITH([trust-paths], + AS_HELP_STRING([--with-trust-paths=@<:@path@:>@]: + [input paths for trust module]) +) + +AC_MSG_CHECKING([for trust module paths]) + +# This option was disabled, no anchors +if test "$with_trust_paths" = "no"; then + with_trust_paths="" + AC_MSG_RESULT([disabled]) + +elif test "$enable_trust_module" != "yes"; then + if test "$with_trust_paths" != ""; then + AC_MSG_ERROR([need --enable-trust-module in order to specify trust module paths.]) + fi + with_trust_paths="" + AC_MSG_RESULT([disabled]) + +# Option was not set, try to detect +elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then + with_trust_paths="" + for f in /etc/pki/tls/certs/ca-bundle.crt \ + /etc/ssl/certs/ca-certificates.crt \ + /etc/ssl/ca-bundle.pem \ + /etc/ssl/ca-bundle.crt; do + if test -f "$f"; then + with_trust_paths="$f" + break + fi + done + + if test "$with_trust_paths" = ""; then + AC_MSG_ERROR([could not find. Use --with-trust-paths=/path to set, or --without-trust-paths to disable]) + fi + + AC_MSG_RESULT($with_trust_paths) + +else + # Anchors explicitly set + AC_MSG_RESULT($with_trust_paths) +fi + +AC_DEFINE_UNQUOTED(TRUST_PATHS, ["$with_trust_paths"], [The trust module input paths]) +AC_SUBST(with_trust_paths) + +# -------------------------------------------------------------------- +# GTK Doc + +dnl check for tools +AC_PATH_PROG([GTKDOC_CHECK],[gtkdoc-check]) +AC_PATH_PROGS([GTKDOC_REBASE],[gtkdoc-rebase],[true]) +AC_PATH_PROG([GTKDOC_MKPDF],[gtkdoc-mkpdf]) +AC_PATH_PROG([GTKDOC_SCAN],[gtkdoc-scan]) +AC_PATH_PROG([XSLTPROC], [xsltproc]) + +dnl for overriding the documentation installation directory +AC_ARG_WITH([html-dir], + AS_HELP_STRING([--with-html-dir=PATH], [path to installed docs]),, + [with_html_dir='${datadir}/gtk-doc/html']) +HTML_DIR="$with_html_dir" +AC_SUBST([HTML_DIR]) + +dnl enable/disable documentation building +AC_ARG_ENABLE([doc], + AS_HELP_STRING([--enable-doc], + [build documentation using gtk-doc [[default=no]]]),, + [enable_doc=no]) + +if test x$enable_doc = xyes; then + if test -z "$GTKDOC_SCAN"; then + AC_MSG_ERROR([gtk-doc not installed and --enable-doc requested]) + fi + if test -z "$XSLTPROC"; then + AC_MSG_ERROR([the xsltproc command was not found and --enable-doc requested]) + fi + doc_status="yes (manual, reference)" +else + enable_doc=no + doc_status="no (no manual or reference)" +fi + +AC_MSG_CHECKING([whether to build documentation]) +AC_MSG_RESULT($enable_doc) + +dnl enable/disable output formats +AC_ARG_ENABLE([doc-html], + AS_HELP_STRING([--enable-doc-html], + [build documentation in html format [[default=yes]]]),, + [enable_doc_html=yes]) +AC_ARG_ENABLE([doc-pdf], + AS_HELP_STRING([--enable-doc-pdf], + [build documentation in pdf format [[default=no]]]),, + [enable_doc_pdf=no]) + +if test -z "$GTKDOC_MKPDF"; then + enable_doc_pdf=no +fi + +AM_CONDITIONAL(ENABLE_GTK_DOC, [test x$enable_doc = xyes]) +AM_CONDITIONAL(GTK_DOC_BUILD_HTML, [test x$enable_doc_html = xyes]) +AM_CONDITIONAL(GTK_DOC_BUILD_PDF, [test x$enable_doc_pdf = xyes]) +AM_CONDITIONAL(GTK_DOC_USE_LIBTOOL, [test -n "$LIBTOOL"]) +AM_CONDITIONAL(GTK_DOC_USE_REBASE, [test -n "$GTKDOC_REBASE"]) + +# -------------------------------------------------------------------- +# Compilation and linking options + +AC_MSG_CHECKING([for debug mode]) +AC_ARG_ENABLE(debug, + AC_HELP_STRING([--enable-debug=no/default/yes], + [Turn on or off debugging])) + +if test "$enable_debug" != "no"; then + AC_DEFINE_UNQUOTED(WITH_DEBUG, 1, [Print debug output]) + AC_DEFINE_UNQUOTED(_DEBUG, 1, [In debug mode]) + CFLAGS="$CFLAGS -g" +fi + +if test "$enable_debug" = "yes"; then + debug_status="yes (-g, -O0, debug output)" + CFLAGS="$CFLAGS -O0" +elif test "$enable_debug" = "no"; then + debug_status="no (no debug output, NDEBUG)" + AC_DEFINE_UNQUOTED(NDEBUG, 1, [Disable glib assertions]) +else + debug_status="default (-g, debug output)" +fi + +AC_MSG_RESULT($debug_status) + +AC_MSG_CHECKING(for more warnings) +if test "$GCC" = "yes"; then + CFLAGS="$CFLAGS \ + -Wall -Wstrict-prototypes -Wmissing-declarations \ + -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ + -Wdeclaration-after-statement -Wformat=2 -Winit-self \ + -Waggregate-return -Wno-missing-format-attribute \ + -fno-strict-aliasing -fno-common" + + for option in -Wmissing-include-dirs -Wundef; do + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $option" + AC_MSG_CHECKING([whether gcc understands $option]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], + [has_option=yes], + [has_option=no]) + AC_MSG_RESULT($has_option) + if test $has_option = no; then + CFLAGS="$SAVE_CFLAGS" + fi + done +else + AC_MSG_RESULT(no) +fi + +AC_ARG_ENABLE(strict, + [AS_HELP_STRING([--enable-strict], [Strict code compilation])] + ) + +AC_MSG_CHECKING([build strict]) + +if test "$enable_strict" = "yes"; then + CFLAGS="$CFLAGS -Werror" + AC_DEFINE_UNQUOTED(WITH_STRICT, 1, [More strict checks]) + strict_status="yes (-Werror, fatals)" +else + strict_status="no" +fi + +AC_MSG_RESULT($strict_status) + +AC_MSG_CHECKING([whether to build with gcov testing]) +AC_ARG_ENABLE([coverage], + [AS_HELP_STRING([--enable-coverage], [Whether to enable coverage testing ])], + [], + [enable_coverage=no]) + +AC_MSG_RESULT([$enable_coverage]) + +if test "$enable_coverage" = "yes"; then + if test "$GCC" != "yes"; then + AC_MSG_ERROR(Coverage testing requires GCC) + fi + + AC_PATH_PROG(GCOV, gcov, no) + if test "$GCOV" = "no" ; then + AC_MSG_ERROR(gcov tool is not available) + fi + + AC_PATH_PROG(LCOV, lcov, no) + if test "$LCOV" = "no" ; then + AC_MSG_ERROR(lcov tool is not installed) + fi + + AC_PATH_PROG(GENHTML, genhtml, no) + if test "$GENHTML" = "no" ; then + AC_MSG_ERROR(lcov's genhtml tool is not installed) + fi + + CFLAGS="$CFLAGS -O0 -g --coverage" + LDFLAGS="$LDFLAGS --coverage" +fi + +AM_CONDITIONAL([WITH_COVERAGE], [test "$enable_coverage" = "yes"]) +AC_SUBST(LCOV) +AC_SUBST(GCOV) +AC_SUBST(GENHTML) + +# --------------------------------------------------------------------- + +P11KIT_LT_RELEASE=$P11KIT_CURRENT:$P11KIT_REVISION:$P11KIT_AGE +AC_SUBST(P11KIT_LT_RELEASE) + +echo $PACKAGE_VERSION | tr '.' ' ' | while read major minor unused; do + AC_DEFINE_UNQUOTED(PACKAGE_MAJOR, $major, [Major version of package]) + AC_DEFINE_UNQUOTED(PACKAGE_MINOR, $minor, [Minor version of package]) + break +done + +case "$host" in +*-*-darwin*) + # It seems like libtool lies about this see: + # https://bugs.freedesktop.org/show_bug.cgi?id=57714 + SHLEXT='.so' + ;; +*) + eval SHLEXT=$shrext_cmds + ;; +esac + +AC_DEFINE_UNQUOTED(SHLEXT, ["$SHLEXT"], [File extension for shared libraries]) +AC_SUBST(SHLEXT) + +AC_DEFINE_UNQUOTED(EXEEXT, ["$EXEEXT"], [File extension for executables]) + +privatedir='${libexecdir}/p11-kit' +AC_SUBST(privatedir) + +# -------------------------------------------------------------------- +# systemd + +AC_ARG_WITH([systemd], + AS_HELP_STRING([--without-systemd], + [Disable systemd socket activation])) + +AS_IF([test "$with_systemd" != "no"], [ + PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd], [], + [with_systemd=no]) + + PKG_CHECK_VAR([systemduserunitdir], [systemd], [systemduserunitdir], [], + [with_systemd=no]) + + AS_IF([test "$with_systemd" != "no"], [ + with_systemd=yes + AC_DEFINE_UNQUOTED(WITH_SYSTEMD, 1, [Build with systemd socket activation]) + ]) +]) + +AM_CONDITIONAL(WITH_SYSTEMD, [test "$with_systemd" = "yes"]) + +# -------------------------------------------------------------------- +# bash completion + +AC_ARG_WITH([bash-completion], + AS_HELP_STRING([--without-bash-completion], + [Don't install bash completion files])) + +AS_IF([test "$with_bash_completion" != "no"], [ + PKG_CHECK_VAR([bashcompdir], [bash-completion], [completionsdir], + [with_bash_completion=yes]) + AC_SUBST(bashcompdir) +]) + +AM_CONDITIONAL(WITH_BASH_COMPLETION, [test "$with_bash_completion" = "yes"]) + + +AC_CONFIG_FILES([Makefile + doc/Makefile + doc/manual/Makefile + po/Makefile.in + p11-kit/p11-kit-1.pc + p11-kit/pkcs11.conf.example + trust/trust-extract-compat + trust/test-init.sh +]) +AC_OUTPUT + +# Format paths arguments which should wrap correctly in the output +indent='\n ' +trust_status=$(echo "$with_trust_paths" | sed -e "s/:/$indent/g") + +AC_MSG_NOTICE([build options: + + Host: $host + Debug build: $debug_status + Strict build: $strict_status + Build documentation: $doc_status + System global config: $p11_system_config_file + System module config directory: $p11_system_config_modules + Package module config directory: $p11_package_config_modules + User global config: $p11_user_config_file + User module config directory: $p11_user_config_modules + Load relative module paths from: $p11_module_path + + With libtasn1 dependency: $with_libtasn1 + With libffi: $with_libffi + With hash implementation: $with_hash_impl + With systemd: $with_systemd + + Build trust module: $enable_trust_module + Trust module paths: $trust_status + +]) diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..de840c0 --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,6 @@ + +SUBDIRS = manual + +memcheck: + +leakcheck: diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..ab78f44 --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,686 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \ + $(top_srcdir)/build/m4/host-cpu-c-abi.m4 \ + $(top_srcdir)/build/m4/iconv.m4 \ + $(top_srcdir)/build/m4/intlmacosx.m4 \ + $(top_srcdir)/build/m4/ld-version-script.m4 \ + $(top_srcdir)/build/m4/lib-ld.m4 \ + $(top_srcdir)/build/m4/lib-link.m4 \ + $(top_srcdir)/build/m4/lib-prefix.m4 \ + $(top_srcdir)/build/m4/libtool.m4 \ + $(top_srcdir)/build/m4/ltoptions.m4 \ + $(top_srcdir)/build/m4/ltsugar.m4 \ + $(top_srcdir)/build/m4/ltversion.m4 \ + $(top_srcdir)/build/m4/lt~obsolete.m4 \ + $(top_srcdir)/build/m4/nls.m4 $(top_srcdir)/build/m4/po.m4 \ + $(top_srcdir)/build/m4/progtest.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GTKDOC_SCAN = @GTKDOC_SCAN@ +HASH_LIBS = @HASH_LIBS@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@ +LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11KIT_LT_RELEASE = @P11KIT_LT_RELEASE@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SHLEXT = @SHLEXT@ +STRIP = @STRIP@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bashcompdir = @bashcompdir@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +closures = @closures@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +p11_module_path = @p11_module_path@ +p11_package_config_modules = @p11_package_config_modules@ +p11_system_config = @p11_system_config@ +p11_system_config_file = @p11_system_config_file@ +p11_system_config_modules = @p11_system_config_modules@ +p11_user_config = @p11_user_config@ +p11_user_config_file = @p11_user_config_file@ +p11_user_config_modules = @p11_user_config_modules@ +pdfdir = @pdfdir@ +prefix = @prefix@ +privatedir = @privatedir@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +systemduserunitdir = @systemduserunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +with_trust_paths = @with_trust_paths@ +SUBDIRS = manual +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +memcheck: + +leakcheck: + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am new file mode 100644 index 0000000..0ebe958 --- /dev/null +++ b/doc/manual/Makefile.am @@ -0,0 +1,173 @@ +abs_top_builddir = @abs_top_builddir@ + +NULL = + +# We require automake 1.6 at least. +AUTOMAKE_OPTIONS = 1.6 + +# The name of the module, e.g. 'glib'. +DOC_MODULE=p11-kit + +# The top-level SGML file. You can change this if you want to. +DOC_MAIN_SGML_FILE=$(DOC_MODULE)-docs.xml + +# The directory containing the source code. Relative to $(srcdir). +# gtk-doc will search all .c & .h files beneath here for inline comments +# documenting the functions and macros. +# e.g. DOC_SOURCE_DIR=../../../gtk +DOC_SOURCE_DIR=$(top_srcdir)/p11-kit + +# Extra options to pass to gtkdoc-scangobj. Not normally needed. +SCANGOBJ_OPTIONS= --version + +# Extra options to supply to gtkdoc-scan. +# e.g. SCAN_OPTIONS=--deprecated-guards="GTK_DISABLE_DEPRECATED" +SCAN_OPTIONS= --rebuild-types --deprecated-guards="P11_KIT_DISABLE_DEPRECATED" + +# Extra options to supply to gtkdoc-mkdb. +# e.g. MKDB_OPTIONS=--sgml-mode --output-format=xml +MKDB_OPTIONS=--sgml-mode --output-format=xml + +# Extra options to supply to gtkdoc-mktmpl +# e.g. MKTMPL_OPTIONS=--only-section-tmpl +MKTMPL_OPTIONS= + +# MKHTML_OPTIONS=--path="$(builddir)/html $(srcdir)/html" + +# Extra options to supply to gtkdoc-fixref. Not normally needed. +# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html +FIXXREF_OPTIONS= + +# Used for dependencies. The docs will be rebuilt if any of these change. +# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h +# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c +HFILE_GLOB=$(top_srcdir)/p11-kit/*.h +CFILE_GLOB=$(top_srcdir)/p11-kit/*.c + +# Header files to ignore when scanning. +# e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h +IGNORE_HFILES= \ + private.h \ + pkcs11.h \ + conf.h \ + debug.h \ + dict.h \ + filter.h \ + log.h \ + mock.h \ + modules.h \ + pkcs11.h \ + pkcs11i.h \ + pkcs11x.h \ + private.h \ + client.h \ + proxy.h \ + rpc.h \ + rpc-message.h \ + util.h \ + virtual.h \ + virtual-fixed.h \ + array.h \ + compat.h \ + $(NULL) + +# Images to copy into HTML directory. +# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png +HTML_IMAGES= + +generate_files= \ + version.xml \ + userdir.xml \ + sysdir.xml \ + $(NULL) + +# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE). +# e.g. content_files=running.sgml building.sgml changes-2.0.sgml +content_files=p11-kit-config.xml p11-kit-sharing.xml \ + p11-kit-devel.xml \ + p11-kit-proxy.xml \ + p11-kit-trust.xml \ + p11-kit-remoting.xml \ + p11-kit.xml \ + pkcs11.conf.xml \ + trust.xml \ + annotation-glossary.xml \ + $(NULL) + +# SGML files where gtk-doc abbreviations (#GtkWidget) are expanded +# These files must be listed here *and* in content_files +# e.g. expand_content_files=running.sgml +expand_content_files= $(generate_files) + +# CFLAGS and LDFLAGS for compiling gtkdoc-scangobj with your library. +# Only needed if you are using gtkdoc-scangobj to dynamically query widget +# signals and properties. +# e.g. INCLUDES=-I$(top_srcdir) -I$(top_builddir) $(GTK_DEBUG_FLAGS) +# e.g. GTKDOC_LIBS=$(top_builddir)/gtk/$(gtktargetlib) +GTKDOC_LIBS= + +# Hacks around gtk-doc brokenness for out of tree builds +$(builddir)/p11-kit-sections.txt: $(srcdir)/p11-kit-sections.txt + cp $(srcdir)/p11-kit-sections.txt $(builddir)/p11-kit-sections.txt +$(builddir)/p11-kit-overrides.txt: $(srcdir)/p11-kit-overrides.txt + cp $(srcdir)/p11-kit-overrides.txt $(builddir)/p11-kit-overrides.txt + +# Generate our files with variables +sysdir.xml: + $(AM_V_GEN) echo -n '$(p11_system_config)' > "$@" +userdir.xml: + $(AM_V_GEN) echo -n '$(p11_user_config)' > "$@" +version.xml: + $(AM_V_GEN) echo -n '$(VERSION)' > "$@" + +# This includes the standard gtk-doc make rules, copied by gtkdocize. +include $(top_srcdir)/build/gtk-doc.make + +if ENABLE_GTK_DOC +man1_MANS = trust.1 +man8_MANS = p11-kit.8 +man5_MANS = pkcs11.conf.5 + +XSLTPROC_FLAGS = \ + --nonet \ + --stringparam man.output.quietly 1 \ + --stringparam funcsynopsis.style ansi \ + --stringparam man.th.extra1.suppress 1 \ + --stringparam man.authors.section.enabled 0 \ + --stringparam man.copyright.section.enabled 0 + +XSLTPROC_MAN = \ + $(XSLTPROC) $(XSLTPROC_FLAGS) --path $(builddir) \ + http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl + +trust.1: trust.xml $(generate_files) + $(AM_V_GEN) $(XSLTPROC_MAN) $< +pkcs11.conf.5: pkcs11.conf.xml $(generate_files) + $(AM_V_GEN) $(XSLTPROC_MAN) $< +p11-kit.8: p11-kit.xml $(generate_files) + $(AM_V_GEN) $(XSLTPROC_MAN) $< + +else # ENABLE_GTK_DOC + +man1_MANS = +man5_MANS = +man8_MANS = + +endif # ENABLE_GTK_DOC + +MAN_IN_FILES = \ + $(man8_MANS:.8=.xml) \ + $(man5_MANS:.5=.xml) \ + $(man1_MANS:.1=.xml) \ + $(NULL) + +CLEANFILES += \ + $(generate_files) \ + $(man1_MANS) \ + $(man5_MANS) \ + $(man8_MANS) \ + $(NULL) + +EXTRA_DIST += \ + $(MAN_IN_FILES) \ + $(NULL) diff --git a/doc/manual/Makefile.in b/doc/manual/Makefile.in new file mode 100644 index 0000000..4089fa1 --- /dev/null +++ b/doc/manual/Makefile.in @@ -0,0 +1,1066 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# -*- mode: makefile -*- + +#################################### +# Everything below here is generic # +#################################### +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc/manual +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \ + $(top_srcdir)/build/m4/host-cpu-c-abi.m4 \ + $(top_srcdir)/build/m4/iconv.m4 \ + $(top_srcdir)/build/m4/intlmacosx.m4 \ + $(top_srcdir)/build/m4/ld-version-script.m4 \ + $(top_srcdir)/build/m4/lib-ld.m4 \ + $(top_srcdir)/build/m4/lib-link.m4 \ + $(top_srcdir)/build/m4/lib-prefix.m4 \ + $(top_srcdir)/build/m4/libtool.m4 \ + $(top_srcdir)/build/m4/ltoptions.m4 \ + $(top_srcdir)/build/m4/ltsugar.m4 \ + $(top_srcdir)/build/m4/ltversion.m4 \ + $(top_srcdir)/build/m4/lt~obsolete.m4 \ + $(top_srcdir)/build/m4/nls.m4 $(top_srcdir)/build/m4/po.m4 \ + $(top_srcdir)/build/m4/progtest.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man8dir)" +man5dir = $(mandir)/man5 +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man1_MANS) $(man5_MANS) $(man8_MANS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build/gtk-doc.make +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GTKDOC_SCAN = @GTKDOC_SCAN@ +HASH_LIBS = @HASH_LIBS@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@ +LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11KIT_LT_RELEASE = @P11KIT_LT_RELEASE@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SHLEXT = @SHLEXT@ +STRIP = @STRIP@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bashcompdir = @bashcompdir@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +closures = @closures@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +p11_module_path = @p11_module_path@ +p11_package_config_modules = @p11_package_config_modules@ +p11_system_config = @p11_system_config@ +p11_system_config_file = @p11_system_config_file@ +p11_system_config_modules = @p11_system_config_modules@ +p11_user_config = @p11_user_config@ +p11_user_config_file = @p11_user_config_file@ +p11_user_config_modules = @p11_user_config_modules@ +pdfdir = @pdfdir@ +prefix = @prefix@ +privatedir = @privatedir@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +systemduserunitdir = @systemduserunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +with_trust_paths = @with_trust_paths@ +NULL = + +# We require automake 1.6 at least. +AUTOMAKE_OPTIONS = 1.6 + +# The name of the module, e.g. 'glib'. +DOC_MODULE = p11-kit + +# The top-level SGML file. You can change this if you want to. +DOC_MAIN_SGML_FILE = $(DOC_MODULE)-docs.xml + +# The directory containing the source code. Relative to $(srcdir). +# gtk-doc will search all .c & .h files beneath here for inline comments +# documenting the functions and macros. +# e.g. DOC_SOURCE_DIR=../../../gtk +DOC_SOURCE_DIR = $(top_srcdir)/p11-kit + +# Extra options to pass to gtkdoc-scangobj. Not normally needed. +SCANGOBJ_OPTIONS = --version + +# Extra options to supply to gtkdoc-scan. +# e.g. SCAN_OPTIONS=--deprecated-guards="GTK_DISABLE_DEPRECATED" +SCAN_OPTIONS = --rebuild-types --deprecated-guards="P11_KIT_DISABLE_DEPRECATED" + +# Extra options to supply to gtkdoc-mkdb. +# e.g. MKDB_OPTIONS=--sgml-mode --output-format=xml +MKDB_OPTIONS = --sgml-mode --output-format=xml + +# Extra options to supply to gtkdoc-mktmpl +# e.g. MKTMPL_OPTIONS=--only-section-tmpl +MKTMPL_OPTIONS = + +# MKHTML_OPTIONS=--path="$(builddir)/html $(srcdir)/html" + +# Extra options to supply to gtkdoc-fixref. Not normally needed. +# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html +FIXXREF_OPTIONS = + +# Used for dependencies. The docs will be rebuilt if any of these change. +# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h +# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c +HFILE_GLOB = $(top_srcdir)/p11-kit/*.h +CFILE_GLOB = $(top_srcdir)/p11-kit/*.c + +# Header files to ignore when scanning. +# e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h +IGNORE_HFILES = \ + private.h \ + pkcs11.h \ + conf.h \ + debug.h \ + dict.h \ + filter.h \ + log.h \ + mock.h \ + modules.h \ + pkcs11.h \ + pkcs11i.h \ + pkcs11x.h \ + private.h \ + client.h \ + proxy.h \ + rpc.h \ + rpc-message.h \ + util.h \ + virtual.h \ + virtual-fixed.h \ + array.h \ + compat.h \ + $(NULL) + + +# Images to copy into HTML directory. +# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png +HTML_IMAGES = +generate_files = \ + version.xml \ + userdir.xml \ + sysdir.xml \ + $(NULL) + + +# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE). +# e.g. content_files=running.sgml building.sgml changes-2.0.sgml +content_files = p11-kit-config.xml p11-kit-sharing.xml \ + p11-kit-devel.xml \ + p11-kit-proxy.xml \ + p11-kit-trust.xml \ + p11-kit-remoting.xml \ + p11-kit.xml \ + pkcs11.conf.xml \ + trust.xml \ + annotation-glossary.xml \ + $(NULL) + + +# SGML files where gtk-doc abbreviations (#GtkWidget) are expanded +# These files must be listed here *and* in content_files +# e.g. expand_content_files=running.sgml +expand_content_files = $(generate_files) + +# CFLAGS and LDFLAGS for compiling gtkdoc-scangobj with your library. +# Only needed if you are using gtkdoc-scangobj to dynamically query widget +# signals and properties. +# e.g. INCLUDES=-I$(top_srcdir) -I$(top_builddir) $(GTK_DEBUG_FLAGS) +# e.g. GTKDOC_LIBS=$(top_builddir)/gtk/$(gtktargetlib) +GTKDOC_LIBS = +@GTK_DOC_USE_LIBTOOL_FALSE@GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +@GTK_DOC_USE_LIBTOOL_TRUE@GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +@GTK_DOC_USE_LIBTOOL_FALSE@GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +@GTK_DOC_USE_LIBTOOL_TRUE@GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +@GTK_DOC_USE_LIBTOOL_FALSE@GTKDOC_RUN = +@GTK_DOC_USE_LIBTOOL_TRUE@GTKDOC_RUN = $(LIBTOOL) --mode=execute + +# We set GPATH here; this gives us semantics for GNU make +# which are more like other make's VPATH, when it comes to +# whether a source that is a target of one rule is then +# searched for in VPATH/GPATH. +# +GPATH = $(srcdir) +TARGET_DIR = $(HTML_DIR)/$(DOC_MODULE) +SETUP_FILES = \ + $(content_files) \ + $(DOC_MAIN_SGML_FILE) \ + $(DOC_MODULE)-sections.txt \ + $(DOC_MODULE)-overrides.txt \ + style.css + +EXTRA_DIST = $(HTML_IMAGES) $(SETUP_FILES) $(MAN_IN_FILES) $(NULL) +DOC_STAMPS = setup-build.stamp scan-build.stamp sgml-build.stamp \ + html-build.stamp pdf-build.stamp \ + sgml.stamp html.stamp pdf.stamp + +SCANOBJ_FILES = \ + $(DOC_MODULE).args \ + $(DOC_MODULE).hierarchy \ + $(DOC_MODULE).interfaces \ + $(DOC_MODULE).prerequisites \ + $(DOC_MODULE).signals + +REPORT_FILES = \ + $(DOC_MODULE)-undocumented.txt \ + $(DOC_MODULE)-undeclared.txt \ + $(DOC_MODULE)-unused.txt + +CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS) \ + $(generate_files) $(man1_MANS) $(man5_MANS) $(man8_MANS) \ + $(NULL) +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_HTML_FALSE@HTML_BUILD_STAMP = +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_HTML_TRUE@HTML_BUILD_STAMP = html-build.stamp +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_PDF_FALSE@PDF_BUILD_STAMP = +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_PDF_TRUE@PDF_BUILD_STAMP = pdf-build.stamp +@ENABLE_GTK_DOC_FALSE@man1_MANS = + +# This includes the standard gtk-doc make rules, copied by gtkdocize. +@ENABLE_GTK_DOC_TRUE@man1_MANS = trust.1 +@ENABLE_GTK_DOC_FALSE@man8_MANS = +@ENABLE_GTK_DOC_TRUE@man8_MANS = p11-kit.8 +@ENABLE_GTK_DOC_FALSE@man5_MANS = +@ENABLE_GTK_DOC_TRUE@man5_MANS = pkcs11.conf.5 +@ENABLE_GTK_DOC_TRUE@XSLTPROC_FLAGS = \ +@ENABLE_GTK_DOC_TRUE@ --nonet \ +@ENABLE_GTK_DOC_TRUE@ --stringparam man.output.quietly 1 \ +@ENABLE_GTK_DOC_TRUE@ --stringparam funcsynopsis.style ansi \ +@ENABLE_GTK_DOC_TRUE@ --stringparam man.th.extra1.suppress 1 \ +@ENABLE_GTK_DOC_TRUE@ --stringparam man.authors.section.enabled 0 \ +@ENABLE_GTK_DOC_TRUE@ --stringparam man.copyright.section.enabled 0 + +@ENABLE_GTK_DOC_TRUE@XSLTPROC_MAN = \ +@ENABLE_GTK_DOC_TRUE@ $(XSLTPROC) $(XSLTPROC_FLAGS) --path $(builddir) \ +@ENABLE_GTK_DOC_TRUE@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl + +MAN_IN_FILES = \ + $(man8_MANS:.8=.xml) \ + $(man5_MANS:.5=.xml) \ + $(man1_MANS:.1=.xml) \ + $(NULL) + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/build/gtk-doc.make $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/manual/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/manual/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; +$(top_srcdir)/build/gtk-doc.make $(am__empty): + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man1: $(man1_MANS) + @$(NORMAL_INSTALL) + @list1='$(man1_MANS)'; \ + list2=''; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +install-man5: $(man5_MANS) + @$(NORMAL_INSTALL) + @list1='$(man5_MANS)'; \ + list2=''; \ + test -n "$(man5dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.5[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) +install-man8: $(man8_MANS) + @$(NORMAL_INSTALL) + @list1='$(man8_MANS)'; \ + list2=''; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: check-am +all-am: Makefile $(MANS) all-local +installdirs: + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-local + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 install-man5 install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic \ + maintainer-clean-local + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local uninstall-man + +uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: all all-am all-local check check-am clean clean-generic \ + clean-libtool clean-local cscopelist-am ctags-am dist-hook \ + distclean distclean-generic distclean-libtool distclean-local \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-data-local \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-man1 install-man5 install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic maintainer-clean-local mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags-am uninstall uninstall-am uninstall-local uninstall-man \ + uninstall-man1 uninstall-man5 uninstall-man8 + +.PRECIOUS: Makefile + + +# Hacks around gtk-doc brokenness for out of tree builds +$(builddir)/p11-kit-sections.txt: $(srcdir)/p11-kit-sections.txt + cp $(srcdir)/p11-kit-sections.txt $(builddir)/p11-kit-sections.txt +$(builddir)/p11-kit-overrides.txt: $(srcdir)/p11-kit-overrides.txt + cp $(srcdir)/p11-kit-overrides.txt $(builddir)/p11-kit-overrides.txt + +# Generate our files with variables +sysdir.xml: + $(AM_V_GEN) echo -n '$(p11_system_config)' > "$@" +userdir.xml: + $(AM_V_GEN) echo -n '$(p11_user_config)' > "$@" +version.xml: + $(AM_V_GEN) echo -n '$(VERSION)' > "$@" + +@ENABLE_GTK_DOC_TRUE@all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) +@ENABLE_GTK_DOC_FALSE@all-local: + +docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) + +$(REPORT_FILES): sgml-build.stamp + +#### setup #### + +setup-build.stamp: + -@if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ + echo ' DOC Preparing build'; \ + files=`echo $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types`; \ + if test "x$$files" != "x" ; then \ + for file in $$files ; do \ + test -f $(abs_srcdir)/$$file && \ + cp -pu $(abs_srcdir)/$$file $(abs_builddir)/ || true; \ + done; \ + fi; \ + fi + @touch setup-build.stamp + +#### scan #### + +scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) + @echo ' DOC Scanning header files' + @_source_dir='' ; \ + for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES) + @if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \ + echo " DOC Introspecting gobjects"; \ + scanobj_options=""; \ + gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + scanobj_options="--verbose"; \ + fi; \ + fi; \ + CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \ + gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE); \ + else \ + for i in $(SCANOBJ_FILES) ; do \ + test -f $$i || touch $$i ; \ + done \ + fi + @touch scan-build.stamp + +$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES): scan-build.stamp + @true + +#### xml #### + +sgml-build.stamp: setup-build.stamp $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt $(expand_content_files) + @echo ' DOC Building XML' + @_source_dir='' ; \ + for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS) + @touch sgml-build.stamp + +sgml.stamp: sgml-build.stamp + @true + +#### html #### + +html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) $(srcdir)/style.css + @echo ' DOC Building HTML' + @rm -rf html + @mkdir html + @mkhtml_options=""; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + mkhtml_options="$$mkhtml_options --verbose"; \ + fi; \ + fi; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \ + if test "$(?)" = "0"; then \ + mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \ + fi; \ + cd html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE) + -@test "x$(HTML_IMAGES)" = "x" || \ + for file in $(HTML_IMAGES) ; do \ + if test -f $(abs_srcdir)/$$file ; then \ + cp $(abs_srcdir)/$$file $(abs_builddir)/html; \ + fi; \ + if test -f $(abs_builddir)/$$file ; then \ + cp $(abs_builddir)/$$file $(abs_builddir)/html; \ + fi; \ + done; + @echo ' DOC Fixing cross-references' + @gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS) + @mv $(builddir)/html/style.css $(builddir)/html/gtk-doc.css + @cp $(srcdir)/style.css $(builddir)/html/style.css + @touch html-build.stamp + +#### pdf #### + +pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) + @echo ' DOC Building PDF' + @rm -f $(DOC_MODULE).pdf + @mkpdf_options=""; \ + gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + mkpdf_options="$$mkpdf_options --verbose"; \ + fi; \ + fi; \ + if test "x$(HTML_IMAGES)" != "x"; then \ + for img in $(HTML_IMAGES); do \ + part=`dirname $$img`; \ + echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \ + if test $$? != 0; then \ + mkpdf_options="$$mkpdf_options --imgdir=$$part"; \ + fi; \ + done; \ + fi; \ + gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_options $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS) + @touch pdf-build.stamp + +############## + +clean-local: + @rm -f *~ *.bak + @rm -rf .libs + +distclean-local: + @rm -rf xml html $(REPORT_FILES) $(DOC_MODULE).pdf \ + $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt + @if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ + rm -f $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types; \ + fi + +maintainer-clean-local: clean + @rm -rf xml html + +install-data-local: + @installfiles=`echo $(builddir)/html/*`; \ + if test "$$installfiles" = '$(builddir)/html/*'; \ + then echo 1>&2 'Nothing to install' ; \ + else \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + $(mkinstalldirs) $${installdir} ; \ + for i in $$installfiles; do \ + echo ' $(INSTALL_DATA) '$$i ; \ + $(INSTALL_DATA) $$i $${installdir}; \ + done; \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + mv -f $${installdir}/$(DOC_MODULE).devhelp2 \ + $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \ + fi; \ + $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \ + fi + +uninstall-local: + @if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + rm -rf $${installdir} + +# +# Require gtk-doc when making dist +# +@ENABLE_GTK_DOC_TRUE@dist-check-gtkdoc: +@ENABLE_GTK_DOC_FALSE@dist-check-gtkdoc: +@ENABLE_GTK_DOC_FALSE@ @echo "*** gtk-doc must be installed and --enable-doc in order to make dist" +@ENABLE_GTK_DOC_FALSE@ @false + +dist-hook: dist-check-gtkdoc dist-hook-local + @mkdir $(distdir)/html + @cp ./html/* $(distdir)/html + @-cp ./$(DOC_MODULE).pdf $(distdir)/ + @-cp ./$(DOC_MODULE).types $(distdir)/ + @-cp ./$(DOC_MODULE)-sections.txt $(distdir)/ + @cd $(distdir) && rm -f $(DISTCLEANFILES) + @$(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html + +.PHONY : dist-hook-local docs + +@ENABLE_GTK_DOC_TRUE@trust.1: trust.xml $(generate_files) +@ENABLE_GTK_DOC_TRUE@ $(AM_V_GEN) $(XSLTPROC_MAN) $< +@ENABLE_GTK_DOC_TRUE@pkcs11.conf.5: pkcs11.conf.xml $(generate_files) +@ENABLE_GTK_DOC_TRUE@ $(AM_V_GEN) $(XSLTPROC_MAN) $< +@ENABLE_GTK_DOC_TRUE@p11-kit.8: p11-kit.xml $(generate_files) +@ENABLE_GTK_DOC_TRUE@ $(AM_V_GEN) $(XSLTPROC_MAN) $< + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/manual/annotation-glossary.xml b/doc/manual/annotation-glossary.xml new file mode 100644 index 0000000..4a0f8a6 --- /dev/null +++ b/doc/manual/annotation-glossary.xml @@ -0,0 +1,67 @@ + + +]> + + +Annotation Glossary +A + + allow-none + + NULL is ok, both for passing and for returning. + + + + array + + Parameter points to an array of items. + + + +E + + element-type + + Generics and defining elements of containers and arrays. + + + +I + + inout + + Parameter for input and for returning results. Default is transfer full. + + + +O + + out + + Parameter for returning results. Default is transfer full. + + + +T + + transfer full + + Free data after the code is done. + + + + type + + Override the parsed C type with given type + + + + transfer none + + Don't free data after the code is done. + + + + \ No newline at end of file diff --git a/doc/manual/html/config-example.html b/doc/manual/html/config-example.html new file mode 100644 index 0000000..4b8797c --- /dev/null +++ b/doc/manual/html/config-example.html @@ -0,0 +1,72 @@ + + + + +Example: p11-kit + + + + + + + + + + + + + + + + +
+

+Example

+

The following sections describe the config format in detail. But first + an example which shows the various features. The configuration below, loads + two modules called 'my-module' and 'nss'. The user settings override some + aspects of the system settings.

+

Global configuration file: /usr/local/etc/pkcs11/pkcs11.conf

+
+# This setting controls whether to load user configuration from the
+# ~/.config/pkcs11 directory. Possible values:
+#    none: No user configuration
+#    merge: Merge the user config over the system configuration (default)
+#    only: Only user configuration, ignore system configuration
+user-config: merge
+
+

One module configuration file per module: /usr/local/etc/pkcs11/modules/my-module

+
+# This setting controls the actual module library to load. This config file
+# might be installed by the package that installs this module library. This
+# is not an absolute path name. Relative path names are loaded from the
+# $(libdir)/pkcs11 directory by default.
+module: my-pkcs11-module.so
+
+# This controls whether the module is required to successfully initialize. If 'yes', then
+# a failure to load or initialize this module will result in a p11-kit system failure.
+critical: no
+
+

User configuration file: ~/.config/pkcs11/pkcs11.conf

+
+# This is an empty file. Files that do not exist are treated as empty.
+
+

User configuration file: ~/.config/pkcs11/modules/my-module

+
+# Merge with the settings in the system my-module config file. In this case
+# a developer has overridden to load a different module for my-module instead.
+module: /home/user/src/custom-module/my-module.so
+
+

User configuration file: ~/.config/pkcs11/modules/nss

+
+# Load the NSS libsoftokn.so.3 PKCS#11 library as a module. Note that we pass
+# some custom non-standard initialization arguments, as NSS expects.
+module: /usr/lib/libsoftokn3.so
+x-init-reserved: configdir='sql:/home/test/.pki/nssdb' certPrefix='' keyPrefix='' secmod='socmod.db'
+critical: yes
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/config-files.html b/doc/manual/html/config-files.html new file mode 100644 index 0000000..9167425 --- /dev/null +++ b/doc/manual/html/config-files.html @@ -0,0 +1,38 @@ + + + + +Configuration Files: p11-kit + + + + + + + + + + + + + + + + +
+

+Configuration Files

+

A complete configuration consists of several files. These files are + text files. Since p11-kit is built to be used in all + sorts of environments and at very low levels of the software stack, we + cannot make use of high level configuration APIs that you may find on a + modern desktop.

+

See the manual page for more details + on the format and available options.

+

Note that user configuration files are not loaded from the home + directory if running inside a setuid or setgid program.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/config.html b/doc/manual/html/config.html new file mode 100644 index 0000000..52a3837 --- /dev/null +++ b/doc/manual/html/config.html @@ -0,0 +1,48 @@ + + + + +PKCS#11 Configuration: p11-kit + + + + + + + + + + + + + + + + +
+

+PKCS#11 Configuration

+
+
Consistent configuration
+
Example
+
Configuration Files
+
+
+

+Consistent configuration

+

In order for multiple applications on the user's desktop to use + PKCS#11 modules in a consistent manner, there must be a configuration + or registry to specify which modules to load and how to use them. The + PKCS#11 specification does not specify such a configuration standard. +

+

Because of the multi-library module initialization problem, use of + PKCS#11 modules must be coordinated within an application. p11-kit + provides that coordination. Since coordination is required, it follows + that p11-kit can also implement a consistent module configuration. +

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel-building-style.html b/doc/manual/html/devel-building-style.html new file mode 100644 index 0000000..edbbba4 --- /dev/null +++ b/doc/manual/html/devel-building-style.html @@ -0,0 +1,57 @@ + + + + +Coding Style: p11-kit + + + + + + + + + + + + + + + + +
+

+Coding Style

+

We use a code style similar to the linux kernel. Use tabs + to indent and spaces to align/wrap beyond the indentation level.

+

We don't try to guarantee completely robust and problem free + behavior in cases where the caller or system isn't behaving. We + consider these to be outside of our control:

+
    +

  • Broken input from callers. We use preconditions + to check input and immediately return. We don't try to provide + error codes for all the various ways callers can screw + around.

    • +
  • +

    Out of memory. It is pretty much impossible to handle out + of memory errors correctly. Handling them alongside other errors + is naive and broken. We don't try to guarantee library state + (such as locks or memory leaks) when memory allocation fails.

    +

    We do check the results from all memory allocations, but + treat them as unexpected conditions. As a nod to the behavior + of callers of this library, we don't abort on memory allocation + failures. We use preconditions with somewhat sane results.

    +

    Exception: when reading files or allocating potentially + unbounded amounts of memory, we should respond robustly to memory + allocation failures.

    +
    • +
+

These unexpected conditions indicate a bug either in p11-kit or + in the system. All bets are off once this occurs.

+

Use the return_val_xxx() precondition macros to + check for unexpected conditions.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel-building.html b/doc/manual/html/devel-building.html new file mode 100644 index 0000000..91acdfd --- /dev/null +++ b/doc/manual/html/devel-building.html @@ -0,0 +1,181 @@ + + + + +Compiling p11-kit from Source: p11-kit + + + + + + + + + + + + + + + + +
+

+Compiling p11-kit from Source

+

This describes how to compiling the p11-kit package from + source code. This is normally only necessary for those wishing to + contribute to the project or package p11-kit.

+

You can download + tarballs + of the releases of p11-kit or + check + out the source code from git. This documentation will not + go into all the details of how to get your development environment + set up and instead focus on the what's unique to compiling p11-kit.

+
+

+Building on UNIX

+

p11-kit uses the standard GNU build system, using autoconf for package + configuration and resolving portability issues, automake for building makefiles + that comply with the GNU Coding Standards, and libtool for building shared + libraries on multiple platforms. The normal sequence for compiling and + installing the p11-kit library is thus:

+
+$ ./configure --prefix=/path/to/prefix ...
+$ make
+$ make install
+
+

If you've checked out the source code from git, then the + configure script does not yet exist. So use + the following instead:

+
+$ ./autogen.sh --prefix=/path/to/prefix ...
+$ make
+$ make install
+
+

The standard options provided by GNU autoconf may be passed to the configure + script. Please see the autoconf documentation or run ./configure --help + for information about the standard options. In particular you probably want to adjust + the --prefix=/xxx argument depending on your system and development + environment.

+
+
+

+Optional Dependencies

+

On a modern GNU Linux system, p11-kit has no required dependencies other + than the standard C library. However on older UNIX systems, some of the following + may be required.

+
    +

  • gettext is required if your system doesn't + have the gettext() functionality for handling message + translation databases. This can be provided by the libintl library from + the GNU gettext + package.

    • +

  • pthread is required if your (ancient) system + doesn't have this included in the base system. How this is provided is platform + specific.

    • +
+

In addition p11-kit has several optional dependencies. If these are not available + during the build, then certain features will be disabled.

+
    +

  • libffi for sharing of PKCS#11 modules + between multiple callers in the same process. It is highly recommended that + this dependency be treated as a required dependency.

    • +

  • gtk-doc is required to build the reference + manual. Use --enable-doc to control this + dependency.

    • +

  • xsltproc is required to build the command + manual pages. Use --enable-doc to control this + dependency.

    • +

  • libtasn1 is required to build the trust + module and code that interacts with certificates.

    • +

  • freebl3 (developed as part of the NSS + code base) is an optional dependency that may be used to meet policy + requirements of system builders. Enabling this dependency provides no other + advantage.

    • +
+
+
+

+Extra Configuration Options

+

In addition to the normal options, the configure script in the p11-kit library + supports these additional arguments:

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

--disable-trust-module

Disables building of the trust policy module.

--disable-debug, --enable-debug

By default p11-kit is built with debug symbols assertions and + and precondition checks. Enabling the debug option configures even more + detailed debug build, including disabling optimization. Disabling the debug + option is not recommended, as it disables all assertions, preconditions and + internal consistency checks, although it may result it a slightly faster + library.

--enable-doc

Enables building of the documentation and command line manual. + The documentation is built in the doc/html/ directory of + the build. Requires the gtk-doc and xsltproc + dependencies.

--enable-strict

Enables strict checks during building of p11-kit. All + compiler warnings become errors.

--with-hash-impl=freebl

Instead of using internal hash code, link to the freebl3 + library and use its hash implementations. The only advantage this brings is to + meet the policy requirements of system builders.

--with-libtasn1, --without-libtasn1

Build with a dependency on the libtasn1 library. This dependency + allows the trust policy module to be built as well as other code that interacts with + certificates.

--with-module-path

Specify the path to look for PKCS#11 modules which were + listed in a module config file with a relative path.

--with-trust-paths

Specify the files or directories to look for certificate + anchors and blacklists. Multiple files and/or directories are specified with + a : in between them. The first path has the highest + priority when searching for certificates.

--with-system-config

Specify the path to look for p11-kit config files. This + usually defaults to something like /etc/pkcs11

--with-user-config

Specify the path to look for user specific p11-kit config files. If + specify a path that begins with ~/ then this is expanded to the + home directory of the user running p11-kit. If you specify a path that begins with + ~/.config/ then this is expanded to the $XDG_CONFIG_HOME directory, + as outlined in the + XDG Base Dir specification. + This option defaults to ~/.pkcs11

+

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel-commands.html b/doc/manual/html/devel-commands.html new file mode 100644 index 0000000..2a7df64 --- /dev/null +++ b/doc/manual/html/devel-commands.html @@ -0,0 +1,44 @@ + + + + +Customizing installed commands: p11-kit + + + + + + + + + + + + + + + + +
+

+Customizing installed commands

+

The p11-kit tool provides a + extract-trust command which extracts trust + policy information such as certificate anchors and so on + into files for use with libraries that cannot read this trust + information directly.

+

In order to be useful the extract-trust + command needs to be customized per distribution or site. You can + find this file in at tools/p11-kit-trust-extract.in + in the p11-kit source code.

+

The command is implemented as a simple script which + performs the various p11-kit extract commands + necessary to extract the information.

+

Using this script as a standard way to extract this + information allows for consistency between distributions and ease + of system administration.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel-debugging.html b/doc/manual/html/devel-debugging.html new file mode 100644 index 0000000..0e7cd35 --- /dev/null +++ b/doc/manual/html/devel-debugging.html @@ -0,0 +1,34 @@ + + + + +Debugging Tips: p11-kit + + + + + + + + + + + + + + + +
+

+Debugging Tips

+

Unexpected conditions will produce critical warnings by p11-kit. + These are often failed internal preconditions, and usually indicate a + bug either in p11-kit or the software calling it.

+

You can use the environment variable P11_KIT_STRICT=yes + to make p11-kit do an abort() (and core dump depending on + your configuration) when a critical warning occurs.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel-paths.html b/doc/manual/html/devel-paths.html new file mode 100644 index 0000000..cca9734 --- /dev/null +++ b/doc/manual/html/devel-paths.html @@ -0,0 +1,59 @@ + + + + +Packaging PKCS#11 module configs: p11-kit + + + + + + + + + + + + + + + + +
+

+Packaging PKCS#11 module configs

+

Developers or packagers of PKCS#11 modules need to install various + files into specific locations so that p11-kit will recognize and load the + module correctly.

+

You should use pkg-config as described below + to determine configuration paths. p11-kit installs a + pkg-config file called p11-kit-1.pc. + This file contains all the information about the various paths that p11-kit + looks for files at.

+
+

+Path to place module configuration

+

As described in the module configuration + documentation, each PKCS#11 module should install a config file describing + that module. These config files should be installed to a specific directory which + can be determined by running:

+
+$ pkg-config p11-kit-1 --variable p11_module_configs
+/usr/share/p11-kit/modules
+
+
+

+Default path for modules with relative paths

+

If a module configuration + contains a relative path in its module: setting, + then that module will be loaded from the default module path. This + path can be determined by running:

+
+$ pkg-config p11-kit-1 --variable p11_module_path
+/usr/lib64/pkcs11
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel-testing.html b/doc/manual/html/devel-testing.html new file mode 100644 index 0000000..9ecc555 --- /dev/null +++ b/doc/manual/html/devel-testing.html @@ -0,0 +1,46 @@ + + + + +Testing and Code Coverage: p11-kit + + + + + + + + + + + + + + + + +
+

+Testing and Code Coverage

+

As a general rule changes to p11-kit should have a tests exercising + that change. Use the make check command to run all + the tests. If you run it from a subdirectory only the tests in that + directory will be run.

+

To check for memory errors or memory leaks, run make memcheck + or make leakcheck respectively. This requires valgrind + be installed.

+

Build p11-kit with the --enable-coverage configure + option to build code coverage support.

+

Once you've done that you can either use make coverage + to build code coverage information. Alternatively (and this is usually + easier) you can use + + git coverage to easily check whether + you've tested the lines changed by a patch.

+

A code coverage report is + available online

. +
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/devel.html b/doc/manual/html/devel.html new file mode 100644 index 0000000..b133b23 --- /dev/null +++ b/doc/manual/html/devel.html @@ -0,0 +1,58 @@ + + + + +Building, Packaging, and Contributing to p11-kit: p11-kit + + + + + + + + + + + + + + + + +
+

+Building, Packaging, and Contributing to p11-kit

+
+
Helpful Resources
+
Packaging PKCS#11 module configs
+
+
Path to place module configuration
+
Default path for modules with relative paths
+
+
Customizing installed commands
+
Compiling p11-kit from Source
+
+
Building on UNIX
+
Optional Dependencies
+
Extra Configuration Options
+
+
Coding Style
+
Testing and Code Coverage
+
Debugging Tips
+
+
+

+Helpful Resources

+

Use the following to find more information about + contributing to p11-kit beyond what's in this manual:

+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/gtk-doc.css b/doc/manual/html/gtk-doc.css new file mode 100644 index 0000000..b4a1493 --- /dev/null +++ b/doc/manual/html/gtk-doc.css @@ -0,0 +1,533 @@ +body +{ + font-family: cantarell, sans-serif; +} +.synopsis, .classsynopsis +{ + /* tango:aluminium 1/2 */ + background: #eeeeec; + background: rgba(238, 238, 236, 0.5); + border: solid 1px rgb(238, 238, 236); + padding: 0.5em; +} +.programlisting +{ + /* tango:sky blue 0/1 */ + /* fallback for no rgba support */ + background: #e6f3ff; + border: solid 1px #729fcf; + background: rgba(114, 159, 207, 0.1); + border: solid 1px rgba(114, 159, 207, 0.2); + padding: 0.5em; +} +.variablelist +{ + padding: 4px; + margin-left: 3em; +} +.variablelist td:first-child +{ + vertical-align: top; +} + +span.nowrap { + white-space: nowrap; +} + +div.gallery-float +{ + float: left; + padding: 10px; +} +div.gallery-float img +{ + border-style: none; +} +div.gallery-spacer +{ + clear: both; +} + +a, a:visited +{ + text-decoration: none; + /* tango:sky blue 2 */ + color: #3465a4; +} +a:hover +{ + text-decoration: underline; + /* tango:sky blue 1 */ + color: #729fcf; +} + +div.informaltable table +{ + border-collapse: separate; + border-spacing: 1em 0.3em; + border: none; +} + +div.informaltable table td, div.informaltable table th +{ + vertical-align: top; +} + +.function_type, +.variable_type, +.property_type, +.signal_type, +.parameter_name, +.struct_member_name, +.union_member_name, +.define_keyword, +.datatype_keyword, +.typedef_keyword +{ + text-align: right; +} + +/* dim non-primary columns */ +.c_punctuation, +.function_type, +.variable_type, +.property_type, +.signal_type, +.define_keyword, +.datatype_keyword, +.typedef_keyword, +.property_flags, +.signal_flags, +.parameter_annotations, +.enum_member_annotations, +.struct_member_annotations, +.union_member_annotations +{ + color: #888a85; +} + +.function_type a, +.function_type a:visited, +.function_type a:hover, +.property_type a, +.property_type a:visited, +.property_type a:hover, +.signal_type a, +.signal_type a:visited, +.signal_type a:hover, +.signal_flags a, +.signal_flags a:visited, +.signal_flags a:hover +{ + color: #729fcf; +} + +td p +{ + margin: 0.25em; +} + +div.table table +{ + border-collapse: collapse; + border-spacing: 0px; + /* tango:aluminium 3 */ + border: solid 1px #babdb6; +} + +div.table table td, div.table table th +{ + /* tango:aluminium 3 */ + border: solid 1px #babdb6; + padding: 3px; + vertical-align: top; +} + +div.table table th +{ + /* tango:aluminium 2 */ + background-color: #d3d7cf; +} + +h4 +{ + color: #555753; + margin-top: 1em; + margin-bottom: 1em; +} + +hr +{ + /* tango:aluminium 1 */ + color: #d3d7cf; + background: #d3d7cf; + border: none 0px; + height: 1px; + clear: both; + margin: 2.0em 0em 2.0em 0em; +} + +dl.toc dt +{ + padding-bottom: 0.25em; +} + +dl.toc > dt +{ + padding-top: 0.25em; + padding-bottom: 0.25em; + font-weight: bold; +} + +dl.toc > dl +{ + padding-bottom: 0.5em; +} + +.parameter +{ + font-style: normal; +} + +.footer +{ + padding-top: 3.5em; + /* tango:aluminium 3 */ + color: #babdb6; + text-align: center; + font-size: 80%; +} + +.informalfigure, +.figure +{ + margin: 1em; +} + +.informalexample, +.example +{ + margin-top: 1em; + margin-bottom: 1em; +} + +.warning +{ + /* tango:orange 0/1 */ + background: #ffeed9; + background: rgba(252, 175, 62, 0.1); + border-color: #ffb04f; + border-color: rgba(252, 175, 62, 0.2); +} +.note +{ + /* tango:chameleon 0/0.5 */ + background: #d8ffb2; + background: rgba(138, 226, 52, 0.1); + border-color: #abf562; + border-color: rgba(138, 226, 52, 0.2); +} +div.blockquote +{ + border-color: #eeeeec; +} +.note, .warning, div.blockquote +{ + padding: 0.5em; + border-width: 1px; + border-style: solid; + margin: 2em; +} +.note p, .warning p +{ + margin: 0; +} + +div.warning h3.title, +div.note h3.title +{ + display: none; +} + +p + div.section +{ + margin-top: 1em; +} + +div.refnamediv, +div.refsynopsisdiv, +div.refsect1, +div.refsect2, +div.toc, +div.section +{ + margin-bottom: 1em; +} + +/* blob links */ +h2 .extralinks, h3 .extralinks +{ + float: right; + /* tango:aluminium 3 */ + color: #babdb6; + font-size: 80%; + font-weight: normal; +} + +.lineart +{ + color: #d3d7cf; + font-weight: normal; +} + +.annotation +{ + /* tango:aluminium 5 */ + color: #555753; + font-weight: normal; +} + +.structfield +{ + font-style: normal; + font-weight: normal; +} + +acronym,abbr +{ + border-bottom: 1px dotted gray; +} + +.listing_frame { + /* tango:sky blue 1 */ + border: solid 1px #729fcf; + border: solid 1px rgba(114, 159, 207, 0.2); + padding: 0px; +} + +.listing_lines, .listing_code { + margin-top: 0px; + margin-bottom: 0px; + padding: 0.5em; +} +.listing_lines { + /* tango:sky blue 0.5 */ + background: #a6c5e3; + background: rgba(114, 159, 207, 0.2); + /* tango:aluminium 6 */ + color: #2e3436; +} +.listing_code { + /* tango:sky blue 0 */ + background: #e6f3ff; + background: rgba(114, 159, 207, 0.1); +} +.listing_code .programlisting { + /* override from previous */ + border: none 0px; + padding: 0px; + background: none; +} +.listing_lines pre, .listing_code pre { + margin: 0px; +} + +@media screen { + /* these have a as a first child, but since there are no parent selectors + * we can't use that. */ + a.footnote + { + position: relative; + top: 0em ! important; + } + /* this is needed so that the local anchors are displayed below the naviagtion */ + div.footnote a[name], div.refnamediv a[name], div.refsect1 a[name], div.refsect2 a[name], div.index a[name], div.glossary a[name], div.sect1 a[name] + { + display: inline-block; + position: relative; + top:-5em; + } + /* this seems to be a bug in the xsl style sheets when generating indexes */ + div.index div.index + { + top: 0em; + } + /* make space for the fixed navigation bar and add space at the bottom so that + * link targets appear somewhat close to top + */ + body + { + padding-top: 2.5em; + padding-bottom: 500px; + max-width: 60em; + } + p + { + max-width: 60em; + } + /* style and size the navigation bar */ + table.navigation#top + { + position: fixed; + background: #e2e2e2; + border-bottom: solid 1px #babdb6; + border-spacing: 5px; + margin-top: 0; + margin-bottom: 0; + top: 0; + left: 0; + z-index: 10; + } + table.navigation#top td + { + padding-left: 6px; + padding-right: 6px; + } + .navigation a, .navigation a:visited + { + /* tango:sky blue 3 */ + color: #204a87; + } + .navigation a:hover + { + /* tango:sky blue 2 */ + color: #3465a4; + } + td.shortcuts + { + /* tango:sky blue 2 */ + color: #3465a4; + font-size: 80%; + white-space: nowrap; + } + td.shortcuts .dim + { + color: #babdb6; + } + .navigation .title + { + font-size: 80%; + max-width: none; + margin: 0px; + font-weight: normal; + } +} +@media screen and (min-width: 60em) { + /* screen larger than 60em */ + body { margin: auto; } +} +@media screen and (max-width: 60em) { + /* screen less than 60em */ + #nav_hierarchy { display: none; } + #nav_interfaces { display: none; } + #nav_prerequisites { display: none; } + #nav_derived_interfaces { display: none; } + #nav_implementations { display: none; } + #nav_child_properties { display: none; } + #nav_style_properties { display: none; } + #nav_index { display: none; } + #nav_glossary { display: none; } + .gallery_image { display: none; } + .property_flags { display: none; } + .signal_flags { display: none; } + .parameter_annotations { display: none; } + .enum_member_annotations { display: none; } + .struct_member_annotations { display: none; } + .union_member_annotations { display: none; } + /* now that a column is hidden, optimize space */ + col.parameters_name { width: auto; } + col.parameters_description { width: auto; } + col.struct_members_name { width: auto; } + col.struct_members_description { width: auto; } + col.enum_members_name { width: auto; } + col.enum_members_description { width: auto; } + col.union_members_name { width: auto; } + col.union_members_description { width: auto; } + .listing_lines { display: none; } +} +@media print { + table.navigation { + visibility: collapse; + display: none; + } + div.titlepage table.navigation { + visibility: visible; + display: table; + background: #e2e2e2; + border: solid 1px #babdb6; + margin-top: 0; + margin-bottom: 0; + top: 0; + left: 0; + height: 3em; + } +} + +.hll { background-color: #ffffcc } +.c { color: #408080; font-style: italic } /* Comment */ +.err { border: 1px solid #FF0000 } /* Error */ +.k { color: #008000; font-weight: bold } /* Keyword */ +.o { color: #666666 } /* Operator */ +.ch { color: #408080; font-style: italic } /* Comment.Hashbang */ +.cm { color: #408080; font-style: italic } /* Comment.Multiline */ +.cp { color: #BC7A00 } /* Comment.Preproc */ +.cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */ +.c1 { color: #408080; font-style: italic } /* Comment.Single */ +.cs { color: #408080; font-style: italic } /* Comment.Special */ +.gd { color: #A00000 } /* Generic.Deleted */ +.ge { font-style: italic } /* Generic.Emph */ +.gr { color: #FF0000 } /* Generic.Error */ +.gh { color: #000080; font-weight: bold } /* Generic.Heading */ +.gi { color: #00A000 } /* Generic.Inserted */ +.go { color: #888888 } /* Generic.Output */ +.gp { color: #000080; font-weight: bold } /* Generic.Prompt */ +.gs { font-weight: bold } /* Generic.Strong */ +.gu { color: #800080; font-weight: bold } /* Generic.Subheading */ +.gt { color: #0044DD } /* Generic.Traceback */ +.kc { color: #008000; font-weight: bold } /* Keyword.Constant */ +.kd { color: #008000; font-weight: bold } /* Keyword.Declaration */ +.kn { color: #008000; font-weight: bold } /* Keyword.Namespace */ +.kp { color: #008000 } /* Keyword.Pseudo */ +.kr { color: #008000; font-weight: bold } /* Keyword.Reserved */ +.kt { color: #B00040 } /* Keyword.Type */ +.m { color: #666666 } /* Literal.Number */ +.s { color: #BA2121 } /* Literal.String */ +.na { color: #7D9029 } /* Name.Attribute */ +.nb { color: #008000 } /* Name.Builtin */ +.nc { color: #0000FF; font-weight: bold } /* Name.Class */ +.no { color: #880000 } /* Name.Constant */ +.nd { color: #AA22FF } /* Name.Decorator */ +.ni { color: #999999; font-weight: bold } /* Name.Entity */ +.ne { color: #D2413A; font-weight: bold } /* Name.Exception */ +.nf { color: #0000FF } /* Name.Function */ +.nl { color: #A0A000 } /* Name.Label */ +.nn { color: #0000FF; font-weight: bold } /* Name.Namespace */ +.nt { color: #008000; font-weight: bold } /* Name.Tag */ +.nv { color: #19177C } /* Name.Variable */ +.ow { color: #AA22FF; font-weight: bold } /* Operator.Word */ +.w { color: #bbbbbb } /* Text.Whitespace */ +.mb { color: #666666 } /* Literal.Number.Bin */ +.mf { color: #666666 } /* Literal.Number.Float */ +.mh { color: #666666 } /* Literal.Number.Hex */ +.mi { color: #666666 } /* Literal.Number.Integer */ +.mo { color: #666666 } /* Literal.Number.Oct */ +.sa { color: #BA2121 } /* Literal.String.Affix */ +.sb { color: #BA2121 } /* Literal.String.Backtick */ +.sc { color: #BA2121 } /* Literal.String.Char */ +.dl { color: #BA2121 } /* Literal.String.Delimiter */ +.sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */ +.s2 { color: #BA2121 } /* Literal.String.Double */ +.se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */ +.sh { color: #BA2121 } /* Literal.String.Heredoc */ +.si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */ +.sx { color: #008000 } /* Literal.String.Other */ +.sr { color: #BB6688 } /* Literal.String.Regex */ +.s1 { color: #BA2121 } /* Literal.String.Single */ +.ss { color: #19177C } /* Literal.String.Symbol */ +.bp { color: #008000 } /* Name.Builtin.Pseudo */ +.fm { color: #0000FF } /* Name.Function.Magic */ +.vc { color: #19177C } /* Name.Variable.Class */ +.vg { color: #19177C } /* Name.Variable.Global */ +.vi { color: #19177C } /* Name.Variable.Instance */ +.vm { color: #19177C } /* Name.Variable.Magic */ +.il { color: #666666 } /* Literal.Number.Integer.Long */ \ No newline at end of file diff --git a/doc/manual/html/home.png b/doc/manual/html/home.png new file mode 100644 index 0000000..9346b33 Binary files /dev/null and b/doc/manual/html/home.png differ diff --git a/doc/manual/html/index.html b/doc/manual/html/index.html new file mode 100644 index 0000000..64ef248 --- /dev/null +++ b/doc/manual/html/index.html @@ -0,0 +1,101 @@ + + + + +p11-kit: p11-kit + + + + + + + +
+
+
+
+

for p11-kit 0.23.21

+
+
+
+
+
PKCS#11 Configuration
+
+
Consistent configuration
+
Example
+
Configuration Files
+
+
Sharing PKCS#11 modules
+
+
Multiple consumers of PKCS#11 in a process
+
Managed modules
+
+
Proxy Module
+
Remoting / Forwarding
+
Trust Policy Module
+
+
Paths loaded by the Module
+
Using the Trust Policy Module with NSS
+
Using the Trust Policy Module with glib-networking
+
Disabling the Trust Policy Module
+
+
Manual Pages
+
+
+p11-kit — Tool for operating on configured PKCS#11 modules +
+
+pkcs11.conf — Configuration files for PKCS#11 modules +
+
+trust — Tool for operating on the trust policy store +
+
+
API Reference
+
+
+Modules — Module loading and initializing +
+
+URIs — Parsing and formatting PKCS#11 URIs +
+
+PIN Callbacks — PIN Callbacks +
+
+Utilities — PKCS#11 utilities +
+
+Future — Future Unstable API +
+
+Deprecated — Deprecated functions +
+
API Index
+
Annotation Glossary
+
+
Building, Packaging, and Contributing to p11-kit
+
+
Helpful Resources
+
Packaging PKCS#11 module configs
+
+
Path to place module configuration
+
Default path for modules with relative paths
+
+
Customizing installed commands
+
Compiling p11-kit from Source
+
+
Building on UNIX
+
Optional Dependencies
+
Extra Configuration Options
+
+
Coding Style
+
Testing and Code Coverage
+
Debugging Tips
+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/left-insensitive.png b/doc/manual/html/left-insensitive.png new file mode 100644 index 0000000..3269393 Binary files /dev/null and b/doc/manual/html/left-insensitive.png differ diff --git a/doc/manual/html/left.png b/doc/manual/html/left.png new file mode 100644 index 0000000..2abde03 Binary files /dev/null and b/doc/manual/html/left.png differ diff --git a/doc/manual/html/p11-kit-Deprecated.html b/doc/manual/html/p11-kit-Deprecated.html new file mode 100644 index 0000000..d5a632d --- /dev/null +++ b/doc/manual/html/p11-kit-Deprecated.html @@ -0,0 +1,460 @@ + + + + +Deprecated: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

Deprecated

+

Deprecated — Deprecated functions

+
+
+

Functions

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+CK_RV + +p11_kit_initialize_registered () +
+CK_RV + +p11_kit_finalize_registered () +
+CK_FUNCTION_LIST_PTR * + +p11_kit_registered_modules () +
+char * + +p11_kit_registered_module_to_name () +
+CK_FUNCTION_LIST_PTR + +p11_kit_registered_name_to_module () +
+char * + +p11_kit_registered_option () +
+CK_RV + +p11_kit_initialize_module () +
+CK_RV + +p11_kit_load_initialize_module () +
+CK_RV + +p11_kit_finalize_module () +
#define +P11_KIT_DEPRECATED_FOR() +
+
+
+

Description

+

These functions have been deprecated from p11-kit and are not recommended for +general usage. In large part they were deprecated because they did not adequately +insulate multiple callers of a PKCS#11 module from another, and could not +support the 'managed' mode needed to do this.

+
+
+

Functions

+
+

p11_kit_initialize_registered ()

+
CK_RV
+p11_kit_initialize_registered (void);
+
+

p11_kit_initialize_registered is deprecated and should not be used in newly-written code.

+

Since: 0.19.0: Use p11_kit_modules_load() instead.

+
+

Initialize all the registered PKCS#11 modules.

+

If this is the first time this function is called multiple times +consecutively within a single process, then it merely increments an +initialization reference count for each of these modules.

+

Use p11_kit_finalize_registered() to finalize these registered modules once +the caller is done with them.

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Returns

+

CKR_OK if the initialization succeeded, or an error code.

+
+
+
+
+

p11_kit_finalize_registered ()

+
CK_RV
+p11_kit_finalize_registered (void);
+
+

p11_kit_finalize_registered is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_modules_release() instead.

+
+

Finalize all the registered PKCS#11 modules. These should have been +initialized with p11_kit_initialize_registered().

+

If p11_kit_initialize_registered() has been called more than once in this +process, then this function must be called the same number of times before +actual finalization will occur.

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Returns

+

CKR_OK if the finalization succeeded, or an error code.

+
+
+
+
+

p11_kit_registered_modules ()

+
CK_FUNCTION_LIST_PTR *
+p11_kit_registered_modules (void);
+
+

p11_kit_registered_modules is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_modules_load() instead.

+
+

Get a list of all the registered PKCS#11 modules. This list will be valid +once the p11_kit_initialize_registered() function has been called.

+

The returned value is a NULL terminated array of

+CK_FUNCTION_LIST_PTR pointers. +

The returned modules are unmanaged.

+
+

Returns

+

A list of all the registered modules. Use the free() function to +free the list.

+
+
+
+
+

p11_kit_registered_module_to_name ()

+
char *
+p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module);
+
+

p11_kit_registered_module_to_name is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_module_get_name() instead.

+
+

Get the name of a registered PKCS#11 module.

+

You can use p11_kit_registered_modules() to get a list of all the registered +modules. This name is specified by the registered module configuration.

+
+

Parameters

+
+++++ + + + + + +

module

pointer to a registered module

 
+
+
+

Returns

+

A newly allocated string containing the module name, or

+NULL if no such registered module exists. Use free() to +

free this string.

+
+
+
+
+

p11_kit_registered_name_to_module ()

+
CK_FUNCTION_LIST_PTR
+p11_kit_registered_name_to_module (const char *name);
+
+

p11_kit_registered_name_to_module is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_module_for_name() instead.

+
+

Lookup a registered PKCS#11 module by its name. This name is specified by +the registered module configuration.

+
+

Parameters

+
+++++ + + + + + +

name

name of a registered module

 
+
+
+

Returns

+

a pointer to a PKCS#11 module, or NULL if this name was +not found.

+
+
+
+
+

p11_kit_registered_option ()

+
char *
+p11_kit_registered_option (CK_FUNCTION_LIST_PTR module,
+                           const char *field);
+
+

p11_kit_registered_option is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_config_option() instead.

+
+

Lookup a configured option for a registered PKCS#11 module. If a

+NULL module argument is specified, then this will lookup +

the configuration option in the global config file.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

module

a pointer to a registered module

 

field

the name of the option to lookup.

 
+
+
+

Returns

+

A newly allocated string containing the option value, or

+NULL if the registered module or the option were not found. +

Use free() to free the returned string.

+
+
+
+
+

p11_kit_initialize_module ()

+
CK_RV
+p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module);
+
+

p11_kit_initialize_module is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_module_initialize() instead.

+
+

Initialize an arbitrary PKCS#11 module. Normally using the +p11_kit_initialize_registered() is preferred.

+

Using this function to initialize modules allows coordination between +multiple users of the same module in a single process. It should be called +on modules that have been loaded (with dlopen() for example) but not yet +initialized. The caller should not yet have called the module's

+C_Initialize method. This function will call +C_Initialize as necessary. +

Subsequent calls to this function for the same module will result in an +initialization count being incremented for the module. It is safe (although +usually unnecessary) to use this function on registered modules.

+

The module must be finalized with p11_kit_finalize_module() instead of +calling its C_Finalize method directly.

+

This function does not accept a CK_C_INITIALIZE_ARGS argument. +Custom initialization arguments cannot be supported when multiple consumers +load the same module.

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Parameters

+
+++++ + + + + + +

module

loaded module to initialize.

 
+
+
+

Returns

+

CKR_OK if the initialization was successful.

+
+
+
+
+

p11_kit_load_initialize_module ()

+
CK_RV
+p11_kit_load_initialize_module (const char *module_path,
+                                CK_FUNCTION_LIST_PTR *module);
+
+

p11_kit_load_initialize_module is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_module_load() instead.

+
+

Load an arbitrary PKCS#11 module from a dynamic library file, and +initialize it. Normally using the p11_kit_initialize_registered() function +is preferred.

+

Using this function to load and initialize modules allows coordination between +multiple users of the same module in a single process. The caller should not +call the module's C_Initialize method. This function will call

+C_Initialize as necessary. +

If a module has already been loaded, then use of this function is unnecesasry. +Instead use the p11_kit_initialize_module() function to initialize it.

+

Subsequent calls to this function for the same module will result in an +initialization count being incremented for the module. It is safe (although +usually unnecessary) to use this function on registered modules.

+

The module must be finalized with p11_kit_finalize_module() instead of +calling its C_Finalize method directly.

+

This function does not accept a CK_C_INITIALIZE_ARGS argument. +Custom initialization arguments cannot be supported when multiple consumers +load the same module.

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

module_path

full file path of module library

 

module

location to place loaded module pointer

 
+
+
+

Returns

+

CKR_OK if the initialization was successful.

+
+
+
+
+

p11_kit_finalize_module ()

+
CK_RV
+p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module);
+
+

p11_kit_finalize_module is deprecated and should not be used in newly-written code.

+

Since 0.19.0: Use p11_kit_module_finalize() and + p11_kit_module_release() instead.

+
+

Finalize an arbitrary PKCS#11 module. The module must have been initialized +using p11_kit_initialize_module(). In most cases callers will want to use +p11_kit_finalize_registered() instead of this function.

+

Using this function to finalize modules allows coordination between +multiple users of the same module in a single process. The caller should not +call the module's C_Finalize method. This function will call

+C_Finalize as necessary. +

If the module was initialized more than once, then this function will +decrement an initialization count for the module. When the count reaches zero +the module will be truly finalized. It is safe (although usually unnecessary) +to use this function on registered modules if (and only if) they were +initialized using p11_kit_initialize_module() for some reason.

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Parameters

+
+++++ + + + + + +

module

loaded module to finalize.

 
+
+
+

Returns

+

CKR_OK if the finalization was successful.

+
+
+
+
+

P11_KIT_DEPRECATED_FOR()

+
#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead")))
+
+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit-Future.html b/doc/manual/html/p11-kit-Future.html new file mode 100644 index 0000000..98ccc22 --- /dev/null +++ b/doc/manual/html/p11-kit-Future.html @@ -0,0 +1,1325 @@ + + + + +Future: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

Future

+

Future — Future Unstable API

+
+
+

Functions

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+void + +p11_kit_set_progname () +
+void + +(*p11_kit_destroyer) () +
+P11KitIter * + +p11_kit_iter_new () +
+void + +p11_kit_iter_set_uri () +
+void + +p11_kit_iter_add_callback () +
+void + +p11_kit_iter_add_filter () +
+CK_RV + +(*p11_kit_iter_callback) () +
+void + +p11_kit_iter_begin () +
+void + +p11_kit_iter_begin_with () +
+CK_RV + +p11_kit_iter_next () +
+P11KitIterKind + +p11_kit_iter_get_kind () +
+CK_FUNCTION_LIST_PTR + +p11_kit_iter_get_module () +
+CK_SLOT_ID + +p11_kit_iter_get_slot () +
+CK_SLOT_INFO * + +p11_kit_iter_get_slot_info () +
+CK_TOKEN_INFO * + +p11_kit_iter_get_token () +
+CK_SESSION_HANDLE + +p11_kit_iter_get_session () +
+CK_SESSION_HANDLE + +p11_kit_iter_keep_session () +
+CK_OBJECT_HANDLE + +p11_kit_iter_get_object () +
+CK_RV + +p11_kit_iter_get_attributes () +
+CK_RV + +p11_kit_iter_load_attributes () +
+CK_RV + +p11_kit_iter_destroy_object () +
+void + +p11_kit_iter_free () +
+int + +p11_kit_remote_serve_module () +
+int + +p11_kit_remote_serve_token () +
+int + +p11_kit_remote_serve_tokens () +
+
+
+

Types and Values

+
++++ + + + + + + + + + + + + + + + + + + +
typedefP11KitIter
typedefp11_kit_iter
enumP11KitIterKind
enumP11KitIterBehavior
+
+
+

Description

+

API that is not yet stable enough to be enabled by default. In all likelihood +this will be included in the next release. To use this API you must define a +MACRO. See the p11-kit.h header for more details.

+
+
+

Functions

+
+

p11_kit_set_progname ()

+
void
+p11_kit_set_progname (const char *progname);
+

Set the program base name that is used by the enable-in +and disable-in module configuration options.

+

Normally this is automatically calculated from the program's argument list. +You would usually call this before initializing p11-kit modules.

+
+

Parameters

+
+++++ + + + + + +

progname

the program base name

 
+
+
+
+
+

p11_kit_destroyer ()

+
void
+(*p11_kit_destroyer) (void *data);
+

A callback called to free a resource.

+
+

Parameters

+
+++++ + + + + + +

data

data to destroy

 
+
+
+
+
+

p11_kit_iter_new ()

+
P11KitIter *
+p11_kit_iter_new (P11KitUri *uri,
+                  P11KitIterBehavior behavior);
+

Create a new PKCS#11 iterator for iterating over objects. Only +objects that match the uri + will be returned by the iterator. +Relevant information in uri + is copied, and you need not keep +uri + around.

+

If no uri + is specified then the iterator will iterate over all +objects, unless otherwise filtered.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

a PKCS#11 URI to filter on, or NULL.

[allow-none]

behavior

various behavior flags for iterator

 
+
+
+

Returns

+

a new iterator, which should be freed +with p11_kit_iter_free().

+

[transfer full]

+
+
+
+
+

p11_kit_iter_set_uri ()

+
void
+p11_kit_iter_set_uri (P11KitIter *iter,
+                      P11KitUri *uri);
+

Set the PKCS#11 uri for iterator. Only +objects that match the uri + will be returned by the iterator. +Relevant information in uri + is copied, and you need not keep +uri + around.

+

If no uri + is specified then the iterator will iterate over all +objects, unless otherwise filtered.

+

This function should be called at most once, and should be +called before iterating begins.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

iter

the iterator

 

uri

a PKCS#11 URI to filter on, or NULL.

[allow-none]
+
+
+
+
+

p11_kit_iter_add_callback ()

+
void
+p11_kit_iter_add_callback (P11KitIter *iter,
+                           p11_kit_iter_callback callback,
+                           void *callback_data,
+                           p11_kit_destroyer callback_destroy);
+

Adds a callback to the iterator which will be called each time +that an object is iterated.

+

These callbacks can also perform filtering. If any callback +indicates through it's matches argument that +the object should not match, then that object will not be iterated +as far as p11_kit_iter_next() is concerned.

+

The callbacks will be called with the matches +set to CK_TRUE and it's up to filters to change +it to CK_FALSE when necessary.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + +

iter

the iterator

 

callback

a function to call for each iteration

 

callback_data

data to pass to the function.

[allow-none]

callback_destroy

used to cleanup the data.

[allow-none]
+
+
+
+
+

p11_kit_iter_add_filter ()

+
void
+p11_kit_iter_add_filter (P11KitIter *iter,
+                         CK_ATTRIBUTE *matching,
+                         CK_ULONG count);
+

Add a filter to limit the objects that the iterator iterates over.

+

Only objects matching the passed in attributes will be iterated. +This function can be called multiple times.

+

The matching + attributes are copied.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

iter

the iterator

 

matching

the attributes that the objects should match.

[array length=count]

count

the number of attributes

 
+
+
+
+
+

p11_kit_iter_callback ()

+
CK_RV
+(*p11_kit_iter_callback) (P11KitIter *iter,
+                          CK_BBOOL *matches,
+                          void *data);
+

A callback setup with p11_kit_iter_add_callback(). This callback is +called for each object iterated.

+

If the callback sets matches + to CK_FALSE, then this object is +skipped and not matched by p11_kit_iter_next(). If you return +anything but CKR_OK, then the iteration is stopped, and +p11_kit_iter_next() returns the result code.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

iter

the iterator

 

matches

whether to match the current object.

[out]

data

callback data

 
+
+
+

Returns

+

CKR_OK to continue iterating, CKR_CANCEL to stop, or +anything else to fail

+
+
+
+
+

p11_kit_iter_begin ()

+
void
+p11_kit_iter_begin (P11KitIter *iter,
+                    CK_FUNCTION_LIST_PTR *modules);
+

Begin iterating PKCS#11 objects in the given modules +.

+

The modules + arguments should be a null-terminated list of +pointers to the modules' PKCS#11 function pointers.

+

For each module, all initialized slots will be iterated over, +having sessions opened for each of them in turn, and searched +for objects matching the search criteria.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

iter

the iterator

 

modules

null-terminated list of +modules to iterate over.

[array zero-terminated=1]
+
+
+
+
+

p11_kit_iter_begin_with ()

+
void
+p11_kit_iter_begin_with (P11KitIter *iter,
+                         CK_FUNCTION_LIST_PTR module,
+                         CK_SLOT_ID slot,
+                         CK_SESSION_HANDLE session);
+

Begin iterating PKCS#11 objects in the given module +.

+

If slot + is non-zero then the iteration will be limited to that +slot.

+

If session + is non-zero then the iteration will be limited to +objects visible through that session, which implies that they +are also limited to the slot which the session was opened for.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + +

iter

the iterator

 

module

the module to iterate over

 

slot

the slot to iterate objects in, or zero.

[allow-none]

session

the session to search for objects on, or zero.

[allow-none]
+
+
+
+
+

p11_kit_iter_next ()

+
CK_RV
+p11_kit_iter_next (P11KitIter *iter);
+

Iterate to the next matching object.

+

To access the object, session and so on, use the p11_kit_iter_get_object(), +p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions.

+

This call must only be called after either p11_kit_iter_begin() +or p11_kit_iter_begin_with() have been called.

+

Objects which are skipped by callbacks will not be returned here +as matching objects.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error

+
+
+
+
+

p11_kit_iter_get_kind ()

+
P11KitIterKind
+p11_kit_iter_get_kind (P11KitIter *iter);
+

Get the kind of the current match (a module, slot, token, or an +object).

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

a P11KitIterKind value

+
+
+
+
+

p11_kit_iter_get_module ()

+
CK_FUNCTION_LIST_PTR
+p11_kit_iter_get_module (P11KitIter *iter);
+

Get the module function pointers for the current matching object.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the module which the current matching object is in

+
+
+
+
+

p11_kit_iter_get_slot ()

+
CK_SLOT_ID
+p11_kit_iter_get_slot (P11KitIter *iter);
+

Get the slot which the current matching object is on.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the slot of the current matching object

+
+
+
+
+

p11_kit_iter_get_slot_info ()

+
CK_SLOT_INFO *
+p11_kit_iter_get_slot_info (P11KitIter *iter);
+

Get the slot info for the slot which the current matching object is on.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the slot of the current matching object.

+
+
+
+
+

p11_kit_iter_get_token ()

+
CK_TOKEN_INFO *
+p11_kit_iter_get_token (P11KitIter *iter);
+

Get the token info for the token which the current matching object is on.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the slot of the current matching object.

+
+
+
+
+

p11_kit_iter_get_session ()

+
CK_SESSION_HANDLE
+p11_kit_iter_get_session (P11KitIter *iter);
+

Get the session which the current matching object is accessible +through.

+

This can only be called after p11_kit_iter_next() succeeds.

+

The session may be closed after the next p11_kit_iter_next() call +unless p11_kit_iter_keep_session() is called.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the session used to find the current matching object

+
+
+
+
+

p11_kit_iter_keep_session ()

+
CK_SESSION_HANDLE
+p11_kit_iter_keep_session (P11KitIter *iter);
+

After calling this function the session open for iterating +the current object will not be automatically closed by +the iterator after later calls to p11_kit_iter_next() or +p11_kit_iter_free().

+

It is the callers responsibility to close this session, +after the iterator has been freed. The session may still be +used by the iterator if further iterations are performed.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the current session

+
+
+
+
+

p11_kit_iter_get_object ()

+
CK_OBJECT_HANDLE
+p11_kit_iter_get_object (P11KitIter *iter);
+

Get the current matching object.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

the current matching object

+
+
+
+
+

p11_kit_iter_get_attributes ()

+
CK_RV
+p11_kit_iter_get_attributes (P11KitIter *iter,
+                             CK_ATTRIBUTE *template,
+                             CK_ULONG count);
+

Get attributes for the current matching object.

+

This calls C_GetAttributeValue for the object +currently iterated to. Return value and attribute memory behavior +is identical to the PKCS#11 C_GetAttributeValue +function.

+

You might choose to use p11_kit_iter_load_attributes() for a more +helpful variant.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

iter

the iterator

 

template

the attributes to get.

[array length=count][inout]

count

the number of attributes

 
+
+
+

Returns

+

The result from C_GetAttributeValue.

+
+
+
+
+

p11_kit_iter_load_attributes ()

+
CK_RV
+p11_kit_iter_load_attributes (P11KitIter *iter,
+                              CK_ATTRIBUTE *template,
+                              CK_ULONG count);
+

Retrieve attributes for the current matching object.

+

Each attribute in the array will be filled in with the value +of that attribute retrieved from the object. After use the +attribute value memory pointed to by the pValue +of each attribute should be freed with the free() +function.

+

If the pValue of an attribute is not NULL passed +to this function, then it will be passed to +realloc() to allocate the correct amount +of space for the attribute value.

+

If any attribute is not present on the object, or is sensitive and +cannot be retrieved, then the pValue will be NULL. +If pValue was not NULL when passed to this function +then it will be freed with free(). In these +cases CKR_OK is returned.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

iter

the iterator

 

template

the attributes to load.

[array length=count][inout]

count

the number of attributes

 
+
+
+

Returns

+

CKR_OK or a failure code

+
+
+
+
+

p11_kit_iter_destroy_object ()

+
CK_RV
+p11_kit_iter_destroy_object (P11KitIter *iter);
+

Destroy the current matching object.

+

This can only be called after p11_kit_iter_next() succeeds.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+

Returns

+

CKR_OK or a failure code

+
+
+
+
+

p11_kit_iter_free ()

+
void
+p11_kit_iter_free (P11KitIter *iter);
+

Frees the iterator and all resources, such as sessions +or callbacks held by the iterator.

+
+

Parameters

+
+++++ + + + + + +

iter

the iterator

 
+
+
+
+
+

p11_kit_remote_serve_module ()

+
int
+p11_kit_remote_serve_module (CK_FUNCTION_LIST *module,
+                             int in_fd,
+                             int out_fd);
+

Run a module on a given pair of input/output FDs.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

module

a pointer to a loaded module

 

in_fd

input fd

 

out_fd

output fd

 
+
+
+

Returns

+

0 if success, non-zero otherwise.

+
+
+
+
+

p11_kit_remote_serve_token ()

+
int
+p11_kit_remote_serve_token (CK_FUNCTION_LIST *module,
+                            CK_TOKEN_INFO *token,
+                            int in_fd,
+                            int out_fd);
+
+

p11_kit_remote_serve_token is deprecated and should not be used in newly-written code.

+

use p11_kit_remote_serve_tokens()

+
+

Run a token wrapped in a module on a given pair of input/output FDs.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + +

module

a pointer to a loaded module

 

token

a token info

 

in_fd

input fd

 

out_fd

output fd

 
+
+
+

Returns

+

0 if success, non-zero otherwise.

+
+
+
+
+

p11_kit_remote_serve_tokens ()

+
int
+p11_kit_remote_serve_tokens (const char **tokens,
+                             size_t n_tokens,
+                             CK_FUNCTION_LIST *provider,
+                             int in_fd,
+                             int out_fd);
+

Expose tokens on a given pair of input/output FDs. If provider + is +not NULL, all the tokens must be provided by the same module.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

tokens

a list of token URIs

 

n_tokens

the length of tokens +

 

provider

a PKCS#11 module that provides the tokens.

[nullable]

in_fd

input fd

 

out_fd

output fd

 
+
+
+

Returns

+

0 if success, non-zero otherwise.

+
+
+
+
+

Types and Values

+
+

P11KitIter

+
typedef struct p11_kit_iter P11KitIter;
+
+

Used to iterate over PKCS#11 objects, tokens, slots, and modules.

+
+
+
+

p11_kit_iter

+
typedef P11KitIter p11_kit_iter;
+
+
+
+
+

enum P11KitIterKind

+

The kind of the current match.

+
+

Members

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

P11_KIT_ITER_KIND_MODULE

 +

The iterator is pointing to a module.

+		 

P11_KIT_ITER_KIND_SLOT

 +

The iterator is pointing to a slot.

+		 

P11_KIT_ITER_KIND_TOKEN

 +

The iterator is pointing to a token.

+		 

P11_KIT_ITER_KIND_OBJECT

 +

The iterator is pointing to an object.

+		 

P11_KIT_ITER_KIND_UNKNOWN

 +

The iterator doesn't point to anything.

+		 
+
+
+
+
+

enum P11KitIterBehavior

+

Various flags controlling the behavior of the iterator.

+
+

Members

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

P11_KIT_ITER_BUSY_SESSIONS

 +

Allow the iterator's sessions to be +in a busy state when the iterator returns an object.

+		 

P11_KIT_ITER_WANT_WRITABLE

 +

Try to open read-write sessions when +iterating over objects.

+		 

P11_KIT_ITER_WITH_MODULES

 +

Stop at each module while iterating.

+		 

P11_KIT_ITER_WITH_SLOTS

 +

Stop at each slot while iterating.

+		 

P11_KIT_ITER_WITH_TOKENS

 +

Stop at each token while iterating.

+		 

P11_KIT_ITER_WITHOUT_OBJECTS

 +

Ignore objects while iterating.

+		 
+
+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit-Modules.html b/doc/manual/html/p11-kit-Modules.html new file mode 100644 index 0000000..7fd3bcf --- /dev/null +++ b/doc/manual/html/p11-kit-Modules.html @@ -0,0 +1,833 @@ + + + + +Modules: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

Modules

+

Modules — Module loading and initializing

+
+
+

Functions

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+CK_FUNCTION_LIST ** + +p11_kit_modules_load_and_initialize () +
+void + +p11_kit_modules_finalize_and_release () +
+CK_FUNCTION_LIST ** + +p11_kit_modules_load () +
+CK_RV + +p11_kit_modules_initialize () +
+CK_RV + +p11_kit_modules_finalize () +
+void + +p11_kit_modules_release () +
+CK_FUNCTION_LIST * + +p11_kit_module_load () +
+CK_RV + +p11_kit_module_initialize () +
+CK_RV + +p11_kit_module_finalize () +
+void + +p11_kit_module_release () +
+CK_FUNCTION_LIST * + +p11_kit_module_for_name () +
+char * + +p11_kit_module_get_name () +
+int + +p11_kit_module_get_flags () +
+char * + +p11_kit_module_get_filename () +
+char * + +p11_kit_config_option () +
+
+
+

Types and Values

+
++++ + + + + + + + + + + +
#defineP11_KIT_MODULE_CRITICAL
#defineP11_KIT_MODULE_UNMANAGED
+
+
+

Description

+

PKCS#11 modules are used by crypto libraries and applications to access +crypto objects (like keys and certificates) and to perform crypto operations.

+

In order for applications to behave consistently with regard to the user's +installed PKCS#11 modules, each module must be configured so that applications +or libraries know that they should load it.

+

When multiple consumers of a module (such as libraries or applications) are +in the same process, coordination of the initialization and finalization +of PKCS#11 modules is required. To do this modules are managed by p11-kit. +This means that various unsafe methods are coordinated between callers. Unmanaged +modules are simply the raw PKCS#11 module pointers without p11-kit getting in the +way. It is highly recommended that the default managed behavior is used.

+

The functions here provide support for initializing configured modules. The +p11_kit_modules_load() function should be used to load and initialize +the configured modules. When done, the p11_kit_modules_release() function +should be used to release those modules and associated resources.

+

In addition p11_kit_config_option() can be used to access other parts +of the module configuration.

+

If a consumer wishes to load an arbitrary PKCS#11 module that's not +configured use p11_kit_module_load() to do so. And use p11_kit_module_release() +to later release it.

+

Modules are represented by a pointer to their CK_FUNCTION_LIST +entry points.

+
+
+

Functions

+
+

p11_kit_modules_load_and_initialize ()

+
CK_FUNCTION_LIST **
+p11_kit_modules_load_and_initialize (int flags);
+

Load and initialize configured modules.

+

If a critical module fails to load or initialize then the function will +return NULL. Non-critical modules will be skipped +and not included in the returned module list.

+

Use p11_kit_modules_finalize_and_release() when you're done with the +modules returned by this function.

+

The flags + allowed by this function, as well as their meaning, are the +same as with p11_kit_modules_load().

+
+

Parameters

+
+++++ + + + + + +

flags

flags to use to load the modules

 
+
+
+

Returns

+

a NULL terminated list of modules, or +NULL on failure

+
+
+
+
+

p11_kit_modules_finalize_and_release ()

+
void
+p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules);
+

Finalize and then release the a set of loaded PKCS#11 modules.

+

The modules may be either managed or unmanaged. The array containing +the module pointers is also freed by this function.

+

Modules are released even if their finalization returns an error code. +Managed modules will not be actually finalized or released until all +callers using them have done so.

+

For managed modules the C_Finalize function +is overridden so that multiple callers can finalize the same +modules. In addition for managed modules multiple callers can +finalize from different threads, and still guarantee consistent +thread-safe behavior.

+

For unmanaged modules if multiple callers try to finalize +a module, then one of the calls will return +CKR_CRYPTOKI_NOT_INITIALIZED according to the +PKCS#11 specification. In addition there are no guarantees that +thread-safe behavior will occur if multiple callers initialize from +different threads.

+
+

Parameters

+
+++++ + + + + + +

modules

the modules to release

 
+
+
+
+
+

p11_kit_modules_load ()

+
CK_FUNCTION_LIST **
+p11_kit_modules_load (const char *reserved,
+                      int flags);
+

Load the configured PKCS#11 modules.

+

If flags + contains the P11_KIT_MODULE_UNMANAGED flag, then the +modules will be not be loaded in 'managed' mode regardless of its +configuration. This is not recommended for general usage.

+

If flags + contains the P11_KIT_MODULE_CRITICAL flag then the +modules will all be treated as 'critical', regardless of the module +configuration. This means that a failure to load any module will +cause this function to fail.

+

For unmanaged modules there is no guarantee to the state of the +modules. Other callers may be using the modules. Using unmanaged +modules haphazardly is not recommended for this reason. Some +modules (such as those configured with RPC) cannot be loaded in +unmanaged mode, and will be skipped.

+

If flags + contains the P11_KIT_MODULE_TRUSTED flag then only the +marked as trusted modules will be loaded.

+

Use p11_kit_modules_release() to release the modules returned by +this function.

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

reserved

set to NULL

 

flags

flags to use to load the module

 
+
+
+

Returns

+

a null terminated list of modules represented as PKCS#11 +function lists, or NULL on failure

+
+
+
+
+

p11_kit_modules_initialize ()

+
CK_RV
+p11_kit_modules_initialize (CK_FUNCTION_LIST **modules,
+                            p11_kit_destroyer failure_callback);
+

Initialize all the modules in the modules + list by calling their +C_Initialize function.

+

For managed modules the C_Initialize function +is overridden so that multiple callers can initialize the same +modules. In addition for managed modules multiple callers can +initialize from different threads, and still guarantee consistent +thread-safe behavior.

+

For unmanaged modules if multiple callers try to initialize +a module, then one of the calls will return +CKR_CRYPTOKI_ALREADY_INITIALIZED according to the +PKCS#11 specification. In addition there are no guarantees that +thread-safe behavior will occur if multiple callers initialize from +different threads.

+

When a module fails to initialize it is removed from the modules + list. +If the failure_callback + is not NULL then it is called with the modules that +fail to initialize. For example, you may pass p11_kit_module_release() +as a failure_callback + if the modules + list was loaded wit p11_kit_modules_load().

+

The return value will return the failure code of the last critical +module that failed to initialize. Non-critical module failures do not affect +the return value. If no critical modules failed to initialize then the +return value will be CKR_OK.

+

When modules are removed, the list will be NULL terminated at the +appropriate place so it can continue to be used as a modules list.

+

This function does not accept a CK_C_INITIALIZE_ARGS argument. +Custom initialization arguments cannot be supported when multiple consumers +load the same module.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

modules

a NULL terminated list of modules

 

failure_callback

called with modules that fail to initialize

 
+
+
+

Returns

+

CKR_OK or the failure code of the last critical +module that failed to initialize.

+
+
+
+
+

p11_kit_modules_finalize ()

+
CK_RV
+p11_kit_modules_finalize (CK_FUNCTION_LIST **modules);
+

Finalize each module in the modules + list by calling its +C_Finalize function. Regardless of failures, all +modules + will have their C_Finalize function called.

+

If a module returns a failure from its C_Finalize +method it will be returned. If multiple modules fail, the last failure +will be returned.

+

For managed modules the C_Finalize function +is overridden so that multiple callers can finalize the same +modules. In addition for managed modules multiple callers can +finalize from different threads, and still guarantee consistent +thread-safe behavior.

+

For unmanaged modules if multiple callers try to finalize +a module, then one of the calls will return +CKR_CRYPTOKI_NOT_INITIALIZED according to the +PKCS#11 specification. In addition there are no guarantees that +thread-safe behavior will occur if multiple callers finalize from +different threads.

+
+

Parameters

+
+++++ + + + + + +

modules

a NULL terminated list of modules

 
+
+
+

Returns

+

CKR_OK or the failure code of the last +module that failed to finalize

+
+
+
+
+

p11_kit_modules_release ()

+
void
+p11_kit_modules_release (CK_FUNCTION_LIST **modules);
+

Release the a set of loaded PKCS#11 modules.

+

The modules may be either managed or unmanaged. The array containing +the module pointers is also freed by this function.

+

Managed modules will not be actually released until all +callers using them have done so. If the modules were initialized, they +should have been finalized first.

+
+

Parameters

+
+++++ + + + + + +

modules

the modules to release

 
+
+
+
+
+

p11_kit_module_load ()

+
CK_FUNCTION_LIST *
+p11_kit_module_load (const char *module_path,
+                     int flags);
+

Load an arbitrary PKCS#11 module from a dynamic library file, and +initialize it. Normally using the p11_kit_modules_load() function +is preferred.

+

A full file path or just (path/)filename relative to +P11_MODULE_PATH are accepted.

+

Using this function to load modules allows coordination between multiple +callers of the same module in a single process. If flags + contains the +P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded +in 'managed' mode and not be coordinated. This is not recommended +for general usage.

+

Subsequent calls to this function for the same module will result in an +initialization count being incremented for the module. It is safe (although +usually unnecessary) to use this function on registered modules.

+

The module should be released with p11_kit_module_release().

+

If this function fails, then an error message will be available via the +p11_kit_message() function.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

module_path

relative or full file path of module library

 

flags

flags to use when loading the module

 
+
+
+

Returns

+

the loaded module PKCS#11 functions or NULL on failure

+
+
+
+
+

p11_kit_module_initialize ()

+
CK_RV
+p11_kit_module_initialize (CK_FUNCTION_LIST *module);
+

Initialize a PKCS#11 module by calling its C_Initialize +function.

+

For managed modules the C_Initialize function +is overridden so that multiple callers can initialize the same +modules. In addition for managed modules multiple callers can +initialize from different threads, and still guarantee consistent +thread-safe behavior.

+

For unmanaged modules if multiple callers try to initialize +a module, then one of the calls will return +CKR_CRYPTOKI_ALREADY_INITIALIZED according to the +PKCS#11 specification. In addition there are no guarantees that +thread-safe behavior will occur if multiple callers initialize from +different threads.

+

This function does not accept a CK_C_INITIALIZE_ARGS argument. +Custom initialization arguments cannot be supported when multiple consumers +load the same module.

+
+

Parameters

+
+++++ + + + + + +

module

the module to initialize

 
+
+
+

Returns

+

CKR_OK or a failure code

+
+
+
+
+

p11_kit_module_finalize ()

+
CK_RV
+p11_kit_module_finalize (CK_FUNCTION_LIST *module);
+

Finalize a PKCS#11 module by calling its C_Finalize +function.

+

For managed modules the C_Finalize function +is overridden so that multiple callers can finalize the same +modules. In addition for managed modules multiple callers can +finalize from different threads, and still guarantee consistent +thread-safe behavior.

+

For unmanaged modules if multiple callers try to finalize +a module, then one of the calls will return +CKR_CRYPTOKI_NOT_INITIALIZED according to the +PKCS#11 specification. In addition there are no guarantees that +thread-safe behavior will occur if multiple callers finalize from +different threads.

+
+

Parameters

+
+++++ + + + + + +

module

the module to finalize

 
+
+
+

Returns

+

CKR_OK or a failure code

+
+
+
+
+

p11_kit_module_release ()

+
void
+p11_kit_module_release (CK_FUNCTION_LIST *module);
+

Release the a loaded PKCS#11 modules.

+

The module may be either managed or unmanaged. The C_Finalize +function will be called if no other callers are using this module.

+
+

Parameters

+
+++++ + + + + + +

module

the module to release

 
+
+
+
+
+

p11_kit_module_for_name ()

+
CK_FUNCTION_LIST *
+p11_kit_module_for_name (CK_FUNCTION_LIST **modules,
+                         const char *name);
+

Look through the list of modules + and return the module whose name + +matches.

+

Only configured modules have names. Configured modules are loaded by +p11_kit_modules_load(). The module passed to this function can be either +managed or unmanaged.

+

The return value is not copied or duplicated in anyway. It is still +'owned' by the modules + list.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

modules

a list of modules to look through

 

name

the name of the module to find

 
+
+
+

Returns

+

the module which matches the name, or NULL if no match.

+
+
+
+
+

p11_kit_module_get_name ()

+
char *
+p11_kit_module_get_name (CK_FUNCTION_LIST *module);
+

Get the configured name of the PKCS#11 module.

+

Configured modules are loaded by p11_kit_modules_load(). The module +passed to this function can be either managed or unmanaged. Non +configured modules will return NULL.

+

Use free() to release the return value when you're done with it.

+
+

Parameters

+
+++++ + + + + + +

module

pointer to a loaded module

 
+
+
+

Returns

+

a newly allocated string containing the module name, or

+NULL if the module is not a configured module +
+
+
+
+

p11_kit_module_get_flags ()

+
int
+p11_kit_module_get_flags (CK_FUNCTION_LIST *module);
+

Get the flags for this module.

+

The P11_KIT_MODULE_UNMANAGED flag will be set if the module is not +managed by p11-kit. It is a raw PKCS#11 module function list.

+

The P11_KIT_MODULE_CRITICAL flag will be set if the module is configured +to be critical, and not be skipped over if it fails to initialize or +load. This flag is also set for modules that are not configured, but have +been loaded in another fashion.

+
+

Parameters

+
+++++ + + + + + +

module

the module

 
+
+
+

Returns

+

the flags for the module

+
+
+
+
+

p11_kit_module_get_filename ()

+
char *
+p11_kit_module_get_filename (CK_FUNCTION_LIST *module);
+

Get the configured name of the PKCS#11 module.

+

Configured modules are loaded by p11_kit_modules_load(). The module +passed to this function can be either managed or unmanaged. Non +configured modules will return NULL.

+

Use free() to release the return value when you're done with it.

+
+

Parameters

+
+++++ + + + + + +

module

pointer to a loaded module

 
+
+
+

Returns

+

a newly allocated string containing the module name, or

+NULL if the module is not a configured module +
+
+
+
+

p11_kit_config_option ()

+
char *
+p11_kit_config_option (CK_FUNCTION_LIST *module,
+                       const char *option);
+

Retrieve the value for a configured option.

+

If module + is NULL, then the global option with the given name will +be retrieved. Otherwise module + should point to a configured loaded module. +If no such option + or configured module + exists, then NULL will be returned.

+

Use free() to release the returned value.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

module

the module to retrieve the option for, or NULL for global options

 

option

the option to retrieve

 
+
+
+

Returns

+

the option value or NULL

+
+
+
+
+

Types and Values

+
+

P11_KIT_MODULE_CRITICAL

+
#define P11_KIT_MODULE_CRITICAL 1
+
+

Flag to load a module in 'critical' mode. Failure to load a critical module +will prevent all other modules from loading. A failure when loading a +non-critical module skips that module.

+
+
+
+

P11_KIT_MODULE_UNMANAGED

+
#define P11_KIT_MODULE_UNMANAGED 1
+
+

Module is loaded in non 'managed' mode. This is not recommended, +disables many features, and prevents coordination between multiple +callers of the same module.

+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit-PIN-Callbacks.html b/doc/manual/html/p11-kit-PIN-Callbacks.html new file mode 100644 index 0000000..3b43d13 --- /dev/null +++ b/doc/manual/html/p11-kit-PIN-Callbacks.html @@ -0,0 +1,895 @@ + + + + +PIN Callbacks: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PIN Callbacks

+

PIN Callbacks — PIN Callbacks

+
+
+

Functions

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+P11KitPin * + +p11_kit_pin_new () +
+P11KitPin * + +p11_kit_pin_new_for_buffer () +
+P11KitPin * + +p11_kit_pin_new_for_string () +
const unsigned char * + +p11_kit_pin_get_value () +
+size_t + +p11_kit_pin_get_length () +
+P11KitPin * + +p11_kit_pin_ref () +
+void + +p11_kit_pin_unref () +
+int + +p11_kit_pin_register_callback () +
+void + +p11_kit_pin_unregister_callback () +
+P11KitPin * + +(*p11_kit_pin_callback) () +
+P11KitPin * + +p11_kit_pin_request () +
+void + +(*p11_kit_pin_destroy_func) () +
+P11KitPin * + +p11_kit_pin_file_callback () +
+
+
+

Types and Values

+
++++ + + + + + + + + + + + + + + +
typedefP11KitPin
enumP11KitPinFlags
#defineP11_KIT_PIN_FALLBACK
+
+
+

Description

+

Applications can register a callback which will be called to provide a +password associated with a given pin source.

+

PKCS#11 URIs can contain a 'pin-source' attribute. The value of this attribute +is application dependent, but often references a file containing a PIN to +use.

+

Using these functions, an applications or libraries can register a +callback with p11_kit_pin_register_callback() to be called when a given +'pin-source' attribute value is requested. The application can then prompt +the user or retrieve a PIN for the given context. These registered +callbacks are only relevant and valid within the current process.

+

A fallback callback can be registered by passing the P11_KIT_PIN_FALLBACK +value to p11_kit_pin_register_callback(). This fallback callback will be +called for every 'pin-source' attribute request for which no callback has been +directly registered.

+

To request a PIN for a given 'pin-source' attribute, use the +p11_kit_pin_request() function. If this function returns NULL then either +no callbacks were registered or none of them could handle the request.

+

If multiple callbacks are registered for the same PIN source, then they are +called in last-registered-first-called order. They are called in turn until +one of them can handle the request. Fallback callbacks are not called if +a callback was registered specifically for a requested 'pin-source' attribute.

+

PINs themselves are handled inside of P11KitPin structures. These are thread +safe and allow the callback to specify how the PIN is stored in memory +and freed. A callback can use p11_kit_pin_new_for_string() or related +functions to create a PIN to be returned.

+

For example in order to handle the following PKCS#11 URI with a 'pin-source' +attribute

+


+     pkcs11:id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91;pin-source=my-application
+

an application could register a callback like this:

+
+ + + + + + + + 
1
+2
+3
+4
+5
+6
+7
+8
+9
+10
static P11KitPin*
+my_application_pin_callback (const char *pin_source, P11KitUri *pin_uri,
+                             const char *pin_description, P11KitPinFlags pin_flags,
+                             void *callback_data)
+{
+    return p11_kit_pin_new_from_string ("pin-value");
+}
+
+p11_kit_pin_register_callback ("my-application", my_application_pin_callback,
+                               NULL, NULL);
+
+ +
+
+

Functions

+
+

p11_kit_pin_new ()

+
P11KitPin *
+p11_kit_pin_new (const unsigned char *value,
+                 size_t length);
+

Create a new P11KitPin with the given PIN value. This function is +usually used from within registered PIN callbacks.

+

Exactly length + bytes from value + are used. Null terminated strings, +or encodings are not considered. A copy of the value + will be made.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

value

the value of the PIN

 

length

the length of value +

 
+
+
+

Returns

+

The newly allocated P11KitPin, which should be freed with +p11_kit_pin_unref() when no longer needed.

+
+
+
+
+

p11_kit_pin_new_for_buffer ()

+
P11KitPin *
+p11_kit_pin_new_for_buffer (unsigned char *buffer,
+                            size_t length,
+                            p11_kit_pin_destroy_func destroy);
+

Create a new P11KitPin which will use buffer + for the PIN value. +This function is usually used from within registered PIN callbacks.

+

The buffer will not be copied. String encodings and null characters +are not considered.

+

When the last reference to this PIN is lost, then the destroy + callback +function will be called passing buffer + as an argument. This allows the +caller to use a buffer as a PIN without copying it.

+
+ + + + + + + + 
1
+2
+3
+4
char *buffer = malloc (128);
+P11KitPin *pin;
+ ....
+pin = p11_kit_pin_new_for_buffer (buffer, 128, free);
+
+ +
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

buffer

the value of the PIN

 

length

the length of buffer +

 

destroy

if not NULL, then called when PIN is destroyed.

 
+
+
+

Returns

+

The newly allocated P11KitPin, which should be freed with +p11_kit_pin_unref() when no longer needed.

+
+
+
+
+

p11_kit_pin_new_for_string ()

+
P11KitPin *
+p11_kit_pin_new_for_string (const char *value);
+

Create a new P11KitPin for the given null-terminated string, such as a +password. This function is usually used from within registered +PIN callbacks.

+

The PIN will consist of the string not including the null terminator. +String encoding is not considered. A copy of the value + will be made.

+
+

Parameters

+
+++++ + + + + + +

value

the value of the PIN

 
+
+
+

Returns

+

The newly allocated P11KitPin, which should be freed with +p11_kit_pin_unref() when no longer needed.

+
+
+
+
+

p11_kit_pin_get_value ()

+
const unsigned char *
+p11_kit_pin_get_value (P11KitPin *pin,
+                       size_t *length);
+

Get the PIN value from a P11KitPin. length + will be set to the +length of the value.

+

The value returned is owned by the P11KitPin and should not be modified. +It remains valid as long as a reference to the PIN is held. The PIN value +will not contain an extra null-terminator character.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

pin

the P11KitPin

 

length

a location to return the value length

 
+
+
+

Returns

+

the value for the PIN.

+
+
+
+
+

p11_kit_pin_get_length ()

+
size_t
+p11_kit_pin_get_length (P11KitPin *pin);
+

Get the length of the PIN value from a P11KitPin.

+
+

Parameters

+
+++++ + + + + + +

pin

the P11KitPin

 
+
+
+

Returns

+

the length of the PIN value.

+
+
+
+
+

p11_kit_pin_ref ()

+
P11KitPin *
+p11_kit_pin_ref (P11KitPin *pin);
+

Add a reference to a P11KitPin. This should be matched with a later call +to p11_kit_pin_unref(). As long as at least one reference is held, the PIN +will remain valid and in memory.

+
+

Parameters

+
+++++ + + + + + +

pin

the P11KitPin

 
+
+
+

Returns

+

the pin +pointer, for convenience sake.

+
+
+
+
+

p11_kit_pin_unref ()

+
void
+p11_kit_pin_unref (P11KitPin *pin);
+

Remove a reference from a P11KitPin. When all references have been removed +then the PIN will be freed and will no longer be in memory.

+
+

Parameters

+
+++++ + + + + + +

pin

the P11KitPin

 
+
+
+
+
+

p11_kit_pin_register_callback ()

+
int
+p11_kit_pin_register_callback (const char *pin_source,
+                               p11_kit_pin_callback callback,
+                               void *callback_data,
+                               p11_kit_pin_destroy_func callback_destroy);
+

Register a callback to handle PIN requests for a given 'pin-source' attribute. +If pin_source + is set to P11_KIT_PIN_FALLBACK then this will be a fallback +callback and will be called for requests for which no other callback has +been specifically registered.

+

If multiple callbacks are registered for the same pin_source + value, then +the last registered callback will be the first to be called.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + +

pin_source

the 'pin-source' attribute this this callback is for

 

callback

the callback function

 

callback_data

data that will be passed to the callback

 

callback_destroy

a function that will be called with callback_data +when +the callback is unregistered.

 
+
+
+

Returns

+

Returns negative if registering fails.

+
+
+
+
+

p11_kit_pin_unregister_callback ()

+
void
+p11_kit_pin_unregister_callback (const char *pin_source,
+                                 p11_kit_pin_callback callback,
+                                 void *callback_data);
+

Unregister a callback that was previously registered with the +p11_kit_pin_register_callback() function. If more than one registered +callback matches the given arguments, then only one of those will be +removed.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

pin_source

the 'pin-source' attribute the callback was registered for

 

callback

the callback function that was registered

 

callback_data

data that was registered for the callback

 
+
+
+
+
+

p11_kit_pin_callback ()

+
P11KitPin *
+(*p11_kit_pin_callback) (const char *pin_source,
+                         P11KitUri *pin_uri,
+                         const char *pin_description,
+                         P11KitPinFlags pin_flags,
+                         void *callback_data);
+

Represents a PIN callback function.

+

The various arguments are the same as the ones passed to +p11_kit_pin_request(). The callback_data + argument was the one passed to +p11_kit_pin_register_callback() when registering this callback.

+

The function should return NULL if it could not provide a PIN, either +because of an error or a user cancellation.

+

If a PIN is returned, it will be unreferenced by the caller. So it should be +either newly allocated, or referenced before returning.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

pin_source

a 'pin-source' attribute string

 

pin_uri

a PKCS#11 URI that the PIN is for, or NULL

 

pin_description

a descrption of what the PIN is for

 

pin_flags

flags describing the PIN request

 

callback_data

data that was provided when registering this callback

 
+
+
+

Returns

+

A PIN or NULL

+
+
+
+
+

p11_kit_pin_request ()

+
P11KitPin *
+p11_kit_pin_request (const char *pin_source,
+                     P11KitUri *pin_uri,
+                     const char *pin_description,
+                     P11KitPinFlags pin_flags);
+

Request a PIN for a given 'pin-source' attribute. The result depends on the +registered callbacks.

+

If not NULL, then the pin_uri + attribute should point to the thing that the +PIN is being requested for. In most use cases this should be a PKCS#11 URI +pointing to a token.

+

The pin_description + should always be specified. It is a string describing +what the PIN is for. For example this would be the token label, if the PIN +is for a token.

+

If more than one callback is registered for the pin_source +, then the latest +registered one will be called first. If that callback does not return a +PIN, then the next will be called in turn.

+

If no callback is registered for pin_source +, then the fallback callbacks will +be invoked in the same way. The fallback callbacks will not be called if any +callback has been registered specifically for pin_source +.

+

The PIN returned should be released with p11_kit_pin_unref().

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + +

pin_source

the 'pin-source' attribute that is being requested

 

pin_uri

a PKCS#11 URI that the PIN is being requested for, optionally NULL.

 

pin_description

a description of what the PIN is for, must not be NULL.

 

pin_flags

various flags for this request

 
+
+
+

Returns

+

the PIN which should be released with p11_kit_pin_unref(), or NULL +if no callback was registered or could proivde a PIN

+
+
+
+
+

p11_kit_pin_destroy_func ()

+
void
+(*p11_kit_pin_destroy_func) (void *data);
+

A function called to free or cleanup data +.

+
+

Parameters

+
+++++ + + + + + +

data

the data to destroy

 
+
+
+
+
+

p11_kit_pin_file_callback ()

+
P11KitPin *
+p11_kit_pin_file_callback (const char *pin_source,
+                           P11KitUri *pin_uri,
+                           const char *pin_description,
+                           P11KitPinFlags pin_flags,
+                           void *callback_data);
+

This is a PIN callback function that looks up the 'pin-source' attribute in +a file with that name. This can be used to enable the normal PKCS#11 URI +behavior described in the RFC.

+

If pin_flags + contains the P11_KIT_PIN_FLAGS_RETRY flag, then this +callback will always return NULL. This is to prevent endless loops +where an application is expecting to interact with a prompter, but +instead is interacting with this callback reading a file over and over.

+

This callback fails on files larger than 4 Kilobytes.

+

This callback is not registered by default. It may have security +implications depending on the source of the PKCS#11 URI and the PKCS#11 +in use. To register it, use code like the following:

+
+ + + + + + + + 
1
+2
p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
+                               NULL, NULL);
+
+ +
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

pin_source

a 'pin-source' attribute string

 

pin_uri

a PKCS#11 URI that the PIN is for, or NULL

 

pin_description

a descrption of what the PIN is for

 

pin_flags

flags describing the PIN request

 

callback_data

unused, should be NULL

 
+
+
+

Returns

+

a referenced PIN with the file contents, or NULL if the file +could not be read

+
+
+
+
+

Types and Values

+
+

P11KitPin

+
typedef struct p11_kit_pin P11KitPin;
+
+

A structure representing a PKCS#11 PIN. There are no public fields +visible in this structure. Use the various accessor functions.

+
+
+
+

enum P11KitPinFlags

+

Flags that are passed to p11_kit_pin_request() and registered callbacks.

+
+

Members

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

P11_KIT_PIN_FLAGS_USER_LOGIN

 +

The PIN is for a PKCS#11 user type login.

+		 

P11_KIT_PIN_FLAGS_SO_LOGIN

 +

The PIN is for a PKCS#11 security officer type login.

+		 

P11_KIT_PIN_FLAGS_CONTEXT_LOGIN

 +

The PIN is for a PKCS#11 contect specific type login.

+		 

P11_KIT_PIN_FLAGS_RETRY

 +

The PIN is being requested again, due to an invalid previous PIN.

+		 

P11_KIT_PIN_FLAGS_MANY_TRIES

 +

The PIN has failed too many times, and few tries are left.

+		 

P11_KIT_PIN_FLAGS_FINAL_TRY

 +

The PIN has failed too many times, and this is the last try.

+		 
+
+
+
+
+

P11_KIT_PIN_FALLBACK

+
#define P11_KIT_PIN_FALLBACK ""
+
+

Used with p11_kit_pin_register_callback() to register a fallback callback. +This callback will be called if no other callback is registered for a 'pin-source'.

+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit-URIs.html b/doc/manual/html/p11-kit-URIs.html new file mode 100644 index 0000000..e4de148 --- /dev/null +++ b/doc/manual/html/p11-kit-URIs.html @@ -0,0 +1,1602 @@ + + + + +URIs: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

URIs

+

URIs — Parsing and formatting PKCS#11 URIs

+
+
+

Functions

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+P11KitUri * + +p11_kit_uri_new () +
+CK_INFO_PTR + +p11_kit_uri_get_module_info () +
+int + +p11_kit_uri_match_module_info () +
+CK_SLOT_INFO_PTR + +p11_kit_uri_get_slot_info () +
+int + +p11_kit_uri_match_slot_info () +
+CK_SLOT_ID + +p11_kit_uri_get_slot_id () +
+void + +p11_kit_uri_set_slot_id () +
+CK_TOKEN_INFO_PTR + +p11_kit_uri_get_token_info () +
+int + +p11_kit_uri_match_token_info () +
+CK_ATTRIBUTE_PTR + +p11_kit_uri_get_attributes () +
+int + +p11_kit_uri_set_attributes () +
+void + +p11_kit_uri_clear_attributes () +
+int + +p11_kit_uri_match_attributes () +
+CK_ATTRIBUTE_PTR + +p11_kit_uri_get_attribute () +
+int + +p11_kit_uri_set_attribute () +
+int + +p11_kit_uri_clear_attribute () +
+void + +p11_kit_uri_set_unrecognized () +
+int + +p11_kit_uri_any_unrecognized () +
const char * + +p11_kit_uri_get_pin_value () +
+void + +p11_kit_uri_set_pin_value () +
const char * + +p11_kit_uri_get_pin_source () +
+void + +p11_kit_uri_set_pin_source () +
const char * + +p11_kit_uri_get_pinfile () +
+void + +p11_kit_uri_set_pinfile () +
const char * + +p11_kit_uri_get_module_name () +
+void + +p11_kit_uri_set_module_name () +
const char * + +p11_kit_uri_get_module_path () +
+void + +p11_kit_uri_set_module_path () +
const char * + +p11_kit_uri_get_vendor_query () +
+int + +p11_kit_uri_set_vendor_query () +
+int + +p11_kit_uri_format () +
+int + +p11_kit_uri_parse () +
+void + +p11_kit_uri_free () +
const char * + +p11_kit_uri_message () +
+
+
+

Types and Values

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
#defineP11_KIT_URI_SCHEME
#defineP11_KIT_URI_SCHEME_LEN
enumP11KitUriType
enumP11KitUriResult
typedefP11KitUri
typedefp11_kit_uri
#defineP11_KIT_URI_NO_MEMORY
+
+
+

Description

+

PKCS#11 URIs can be used in configuration files or applications to represent +PKCS#11 modules, tokens or objects. An example of a URI might be:

+


+     pkcs11:token=The\%20Software\%20PKCS#11\%20softtoken;
+         manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate;
+         model=1.0;type=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91
+

You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format() +to build one. URIs are represented by the P11KitUri structure. You can match +a parsed URI against PKCS#11 tokens with p11_kit_uri_match_token_info() +or attributes with p11_kit_uri_match_attributes().

+

Since URIs can represent different sorts of things, when parsing or formatting +a URI a 'context' can be used to indicate which sort of URI is expected.

+

URIs have an unrecognized flag. This flag is set during parsing +if any parts of the URI are not recognized. This may be because the part is +from a newer version of the PKCS#11 spec or because that part was not valid +inside of the desired context used when parsing.

+
+
+

Functions

+
+

p11_kit_uri_new ()

+
P11KitUri *
+p11_kit_uri_new (void);
+

Create a new blank PKCS#11 URI.

+

The new URI is in the right state to parse a string into. All relevant fields +are zeroed out. Formatting this URI will produce a valid but empty URI.

+
+

Returns

+

A newly allocated URI. This should be freed with p11_kit_uri_free().

+
+
+
+
+

p11_kit_uri_get_module_info ()

+
CK_INFO_PTR
+p11_kit_uri_get_module_info (P11KitUri *uri);
+

Get the CK_INFO structure associated with this URI.

+

If this is a parsed URI, then the fields corresponding to library parts of +the URI will be filled in. Any library URI parts that were missing will have +their fields filled with zeros.

+

If the caller wishes to setup information for building a URI, then relevant +fields should be filled in. Fields that should not appear as parts in the +resulting URI should be filled with zeros.

+
+

Parameters

+
+++++ + + + + + +

uri

the URI

 
+
+
+

Returns

+

A pointer to the CK_INFO structure.

+
+
+
+
+

p11_kit_uri_match_module_info ()

+
int
+p11_kit_uri_match_module_info (const P11KitUri *uri,
+                               const CK_INFO *info);
+

Match a CK_INFO structure against the library parts of this URI.

+

Only the fields of the CK_INFO structure that are valid for use +in a URI will be matched. A URI part that was not specified in the URI will +match any value in the structure. If during the URI parsing any unrecognized +parts were encountered then this match will fail.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

the URI

 

info

the structure to match against the URI

 
+
+
+

Returns

+

1 if the URI matches, 0 if not.

+
+
+
+
+

p11_kit_uri_get_slot_info ()

+
CK_SLOT_INFO_PTR
+p11_kit_uri_get_slot_info (P11KitUri *uri);
+

Get the CK_SLOT_INFO structure associated with this URI.

+

If this is a parsed URI, then the fields corresponding to slot parts of +the URI will be filled in. Any slot URI parts that were missing will have +their fields filled with zeros.

+

If the caller wishes to setup information for building a URI, then relevant +fields should be filled in. Fields that should not appear as parts in the +resulting URI should be filled with zeros.

+
+

Parameters

+
+++++ + + + + + +

uri

the URI

 
+
+
+

Returns

+

A pointer to the CK_INFO structure.

+
+
+
+
+

p11_kit_uri_match_slot_info ()

+
int
+p11_kit_uri_match_slot_info (const P11KitUri *uri,
+                             const CK_SLOT_INFO *slot_info);
+

Match a CK_SLOT_INFO structure against the slot parts of this +URI.

+

Only the fields of the CK_SLOT_INFO structure that are valid +for use in a URI will be matched. A URI part that was not specified in the +URI will match any value in the structure. If during the URI parsing any +unrecognized parts were encountered then this match will fail.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

the URI

 

slot_info

the structure to match against the URI

 
+
+
+

Returns

+

1 if the URI matches, 0 if not.

+
+
+
+
+

p11_kit_uri_get_slot_id ()

+
CK_SLOT_ID
+p11_kit_uri_get_slot_id (P11KitUri *uri);
+

Get the 'slot-id' part of the URI.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+

Returns

+

The slot-id or (CK_SLOT_ID)-1 if not set.

+
+
+
+
+

p11_kit_uri_set_slot_id ()

+
void
+p11_kit_uri_set_slot_id (P11KitUri *uri,
+                         CK_SLOT_ID slot_id);
+

Set the 'slot-id' part of the URI.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

slot_id

The new slot-id

 
+
+
+
+
+

p11_kit_uri_get_token_info ()

+
CK_TOKEN_INFO_PTR
+p11_kit_uri_get_token_info (P11KitUri *uri);
+

Get the CK_TOKEN_INFO structure associated with this URI.

+

If this is a parsed URI, then the fields corresponding to token parts of +the URI will be filled in. Any token URI parts that were missing will have +their fields filled with zeros.

+

If the caller wishes to setup information for building a URI, then relevant +fields should be filled in. Fields that should not appear as parts in the +resulting URI should be filled with zeros.

+
+

Parameters

+
+++++ + + + + + +

uri

the URI

 
+
+
+

Returns

+

A pointer to the CK_INFO structure.

+
+
+
+
+

p11_kit_uri_match_token_info ()

+
int
+p11_kit_uri_match_token_info (const P11KitUri *uri,
+                              const CK_TOKEN_INFO *token_info);
+

Match a CK_TOKEN_INFO structure against the token parts of this +URI.

+

Only the fields of the CK_TOKEN_INFO structure that are valid +for use in a URI will be matched. A URI part that was not specified in the +URI will match any value in the structure. If during the URI parsing any +unrecognized parts were encountered then this match will fail.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

the URI

 

token_info

the structure to match against the URI

 
+
+
+

Returns

+

1 if the URI matches, 0 if not.

+
+
+
+
+

p11_kit_uri_get_attributes ()

+
CK_ATTRIBUTE_PTR
+p11_kit_uri_get_attributes (P11KitUri *uri,
+                            CK_ULONG *n_attrs);
+
+
+
+

p11_kit_uri_set_attributes ()

+
int
+p11_kit_uri_set_attributes (P11KitUri *uri,
+                            CK_ATTRIBUTE_PTR attrs,
+                            CK_ULONG n_attrs);
+
+
+
+

p11_kit_uri_clear_attributes ()

+
void
+p11_kit_uri_clear_attributes (P11KitUri *uri);
+
+
+
+

p11_kit_uri_match_attributes ()

+
int
+p11_kit_uri_match_attributes (const P11KitUri *uri,
+                              const CK_ATTRIBUTE *attrs,
+                              CK_ULONG n_attrs);
+

Match a attributes against the object parts of this URI.

+

Only the attributes that are valid for use in a URI will be matched. A URI +part that was not specified in the URI will match any attribute value. If +during the URI parsing any unrecognized parts were encountered then this +match will fail.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

uri

The URI

 

attrs

The attributes to match

 

n_attrs

The number of attributes

 
+
+
+

Returns

+

1 if the URI matches, 0 if not.

+
+
+
+
+

p11_kit_uri_get_attribute ()

+
CK_ATTRIBUTE_PTR
+p11_kit_uri_get_attribute (P11KitUri *uri,
+                           CK_ATTRIBUTE_TYPE attr_type);
+

Get a pointer to an attribute present in this URI.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

attr_type

The attribute type

 
+
+
+

Returns

+

A pointer to the attribute, or NULL if not present. +The attribute is owned by the URI and should not be freed.

+
+
+
+
+

p11_kit_uri_set_attribute ()

+
int
+p11_kit_uri_set_attribute (P11KitUri *uri,
+                           CK_ATTRIBUTE_PTR attr);
+

Set an attribute on the URI.

+

Only attributes that map to parts in a PKCS#11 URI will be accepted.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

attr

The attribute to set

 
+
+
+

Returns

+

P11_KIT_URI_OK if the attribute was successfully set. +P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI.

+
+
+
+
+

p11_kit_uri_clear_attribute ()

+
int
+p11_kit_uri_clear_attribute (P11KitUri *uri,
+                             CK_ATTRIBUTE_TYPE attr_type);
+

Clear an attribute on the URI.

+

Only attributes that map to parts in a PKCS#11 URI will be accepted.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

attr_type

The type of the attribute to clear

 
+
+
+

Returns

+

P11_KIT_URI_OK if the attribute was successfully cleared. +P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI.

+
+
+
+
+

p11_kit_uri_set_unrecognized ()

+
void
+p11_kit_uri_set_unrecognized (P11KitUri *uri,
+                              int unrecognized);
+

Set the unrecognized flag on this URI.

+

The unrecognized flag is automatically set to 1 when during parsing any part +of the URI is unrecognized. If the unrecognized flag is set to 1, then +matching against this URI will always fail.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

unrecognized

The new unregognized flag value

 
+
+
+
+
+

p11_kit_uri_any_unrecognized ()

+
int
+p11_kit_uri_any_unrecognized (P11KitUri *uri);
+

Get the unrecognized flag for this URI.

+

The unrecognized flag is automatically set to 1 when during parsing any part +of the URI is unrecognized. If the unrecognized flag is set to 1, then +matching against this URI will always fail.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+

Returns

+

1 if unrecognized flag is set, 0 otherwise.

+
+
+
+
+

p11_kit_uri_get_pin_value ()

+
const char *
+p11_kit_uri_get_pin_value (const P11KitUri *uri);
+

Get the 'pin-value' part of the URI. This is used by some applications to +read the PIN for logging into a PKCS#11 token.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+

Returns

+

The pin-value or NULL if not present.

+
+
+
+
+

p11_kit_uri_set_pin_value ()

+
void
+p11_kit_uri_set_pin_value (P11KitUri *uri,
+                           const char *pin);
+

Set the 'pin-value' part of the URI. This is used by some applications to +specify the PIN for logging into a PKCS#11 token.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

pin

The new pin-value

 
+
+
+
+
+

p11_kit_uri_get_pin_source ()

+
const char *
+p11_kit_uri_get_pin_source (const P11KitUri *uri);
+

Get the 'pin-source' part of the URI. This is used by some applications to +lookup a PIN for logging into a PKCS#11 token.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+

Returns

+

The pin-source or NULL if not present.

+
+
+
+
+

p11_kit_uri_set_pin_source ()

+
void
+p11_kit_uri_set_pin_source (P11KitUri *uri,
+                            const char *pin_source);
+

Set the 'pin-source' part of the URI. This is used by some applications to +lookup a PIN for logging into a PKCS#11 token.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

pin_source

The new pin-source

 
+
+
+
+
+

p11_kit_uri_get_pinfile ()

+
const char *
+p11_kit_uri_get_pinfile (const P11KitUri *uri);
+
+

p11_kit_uri_get_pinfile is deprecated and should not be used in newly-written code.

+

use p11_kit_uri_get_pin_source().

+
+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+
+
+

p11_kit_uri_set_pinfile ()

+
void
+p11_kit_uri_set_pinfile (P11KitUri *uri,
+                         const char *pinfile);
+
+

p11_kit_uri_set_pinfile is deprecated and should not be used in newly-written code.

+

use p11_kit_uri_set_pin_source().

+
+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

pinfile

The pinfile

 
+
+
+
+
+

p11_kit_uri_get_module_name ()

+
const char *
+p11_kit_uri_get_module_name (const P11KitUri *uri);
+

Get the 'module-name' part of the URI. This is used by some +applications to explicitly specify the name of a PKCS#11 module.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+

Returns

+

The module-name or NULL if not present.

+
+
+
+
+

p11_kit_uri_set_module_name ()

+
void
+p11_kit_uri_set_module_name (P11KitUri *uri,
+                             const char *name);
+

Set the 'module-name' part of the URI. This is used by some +applications to explicitly specify the name of a PKCS#11 module.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

name

The new module-name

 
+
+
+
+
+

p11_kit_uri_get_module_path ()

+
const char *
+p11_kit_uri_get_module_path (const P11KitUri *uri);
+

Get the 'module-path' part of the URI. This is used by some +applications to explicitly specify the path of a PKCS#11 module.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+

Returns

+

The module-path or NULL if not present.

+
+
+
+
+

p11_kit_uri_set_module_path ()

+
void
+p11_kit_uri_set_module_path (P11KitUri *uri,
+                             const char *path);
+

Set the 'module-path' part of the URI. This is used by some +applications to explicitly specify the path of a PKCS#11 module.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

path

The new module-path

 
+
+
+
+
+

p11_kit_uri_get_vendor_query ()

+
const char *
+p11_kit_uri_get_vendor_query (const P11KitUri *uri,
+                              const char *name);
+

Get the vendor query part of the URI, identified by name +. This is +used by some applications to explicitly specify the path of a +PKCS#11 module.

+
+

Parameters

+
+++++ + + + + + + + + + + + + +

uri

The URI

 

name

The name of vendor query

 
+
+
+

Returns

+

The value of vendor query or NULL if not present.

+
+
+
+
+

p11_kit_uri_set_vendor_query ()

+
int
+p11_kit_uri_set_vendor_query (P11KitUri *uri,
+                              const char *name,
+                              const char *value);
+

Set the vendor query part of the URI, identified by name +. This is +used by some applications to explicitly specify the path of a +PKCS#11 module.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

uri

The URI

 

name

The name of vendor query

 

value

The value of vendor query.

[allow-none]
+
+
+

Returns

+

1 if the vendor query is set or removed, 0 if not.

+
+
+
+
+

p11_kit_uri_format ()

+
int
+p11_kit_uri_format (P11KitUri *uri,
+                    P11KitUriType uri_type,
+                    char **string);
+

Format a PKCS#11 URI into a string.

+

Fields which are zeroed out will not be included in the resulting string. +Attributes which are not present will also not be included.

+

The uri_type of URI specified limits the different parts of the resulting +URI. To format a URI containing all possible information use +P11_KIT_URI_FOR_ANY

+

It's up to the caller to guarantee that the attributes set in uri + are +those appropriate for inclusion in a URI, specifically: +CKA_ID, CKA_LABEL +and CKA_CLASS. The class must be one of +CKO_DATA, CKO_SECRET_KEY, +CKO_CERTIFICATE, CKO_PUBLIC_KEY, +CKO_PRIVATE_KEY.

+

The resulting string should be freed with free().

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

uri

The URI.

 

uri_type

The type of URI that should be produced.

 

string

Location to store a newly allocated string.

 
+
+
+

Returns

+

P11_KIT_URI_OK if the URI was formatted successfully, +P11_KIT_URI_UNEXPECTED if the data in uri +is invalid for a URI.

+
+
+
+
+

p11_kit_uri_parse ()

+
int
+p11_kit_uri_parse (const char *string,
+                   P11KitUriType uri_type,
+                   P11KitUri *uri);
+

Parse a PKCS#11 URI string.

+

PKCS#11 URIs can represent tokens, objects or modules. The uri_type argument +allows the caller to specify what type of URI is expected and the sorts of +things the URI should match. P11_KIT_URI_FOR_ANY can be used to parse a URI +for any context. It's then up to the caller to make sense of the way that +it is used.

+

If the PKCS#11 URI contains unrecognized URI parts or parts not applicable +to the specified context, then the unrecognized flag will be set. This will +prevent the URI from matching using the various match functions.

+
+

Parameters

+
+++++ + + + + + + + + + + + + + + + + + +

string

The string to parse

 

uri_type

The type of URI that is expected

 

uri

The blank URI to parse the values into

 
+
+
+

Returns

+

P11_KIT_URI_OK if the URI was parsed successfully. +P11_KIT_URI_BAD_SCHEME if this was not a PKCS#11 URI. +P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad. +P11_KIT_URI_BAD_VERSION if a version number was bad. +P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid.

+
+
+
+
+

p11_kit_uri_free ()

+
void
+p11_kit_uri_free (P11KitUri *uri);
+

Free a PKCS#11 URI.

+
+

Parameters

+
+++++ + + + + + +

uri

The URI

 
+
+
+
+
+

p11_kit_uri_message ()

+
const char *
+p11_kit_uri_message (int code);
+

Lookup a message for the uri error code. These codes are the P11_KIT_URI_XXX +error codes that can be returned from p11_kit_uri_parse() or +p11_kit_uri_format(). As a special case NULL, will be returned for +P11_KIT_URI_OK.

+
+

Parameters

+
+++++ + + + + + +

code

The error code

 
+
+
+

Returns

+

The message for the error code. This string is owned by the p11-kit +library.

+
+
+
+
+

Types and Values

+
+

P11_KIT_URI_SCHEME

+
#define P11_KIT_URI_SCHEME "pkcs11"
+
+

String of URI scheme for PKCS#11 URIs.

+
+
+
+

P11_KIT_URI_SCHEME_LEN

+
#define P11_KIT_URI_SCHEME_LEN 6
+
+

Length of P11_KIT_URI_SCHEME.

+
+
+
+

enum P11KitUriType

+

A PKCS#11 URI can represent different kinds of things. This flag is used by +p11_kit_uri_parse() to denote in what context the URI will be used.

+

The various types can be combined.

+
+

Members

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

P11_KIT_URI_FOR_OBJECT

 +

The URI represents one or more objects

+		 

P11_KIT_URI_FOR_TOKEN

 +

The URI represents one or more tokens

+		 

P11_KIT_URI_FOR_SLOT

 +

The URI represents one or more slots

+		 

P11_KIT_URI_FOR_MODULE

 +

The URI represents one or more modules

+		 

P11_KIT_URI_FOR_MODULE_WITH_VERSION

 +

The URI represents a module with +a specific version.

+		 

P11_KIT_URI_FOR_OBJECT_ON_TOKEN

 +

The URI represents one or more objects +that are present on a specific token.

+		 

P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE

 +

The URI represents one or more +objects that are present on a specific token, being used with a certain +module.

+		 

P11_KIT_URI_FOR_ANY

 +

The URI can represent anything

+		 
+
+
+
+
+

enum P11KitUriResult

+

Error codes returned by various functions. The functions each clearly state +which error codes they are capable of returning.

+
+

Members

+
+++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

P11_KIT_URI_OK

 +

Success

+		 

P11_KIT_URI_UNEXPECTED

 +

Unexpected or internal system error

+		 

P11_KIT_URI_BAD_SCHEME

 +

The URI had a bad scheme

+		 

P11_KIT_URI_BAD_ENCODING

 +

The URI had a bad encoding

+		 

P11_KIT_URI_BAD_SYNTAX

 +

The URI had a bad syntax

+		 

P11_KIT_URI_BAD_VERSION

 +

The URI contained a bad version number

+		 

P11_KIT_URI_NOT_FOUND

 +

A requested part of the URI was not found

+		 
+
+
+
+
+

P11KitUri

+
typedef struct p11_kit_uri P11KitUri;
+
+

A structure representing a PKCS#11 URI. There are no public fields +visible in this structure. Use the various accessor functions.

+
+
+
+

p11_kit_uri

+
typedef struct p11_kit_uri p11_kit_uri;
+
+
+
+
+

P11_KIT_URI_NO_MEMORY

+
#define P11_KIT_URI_NO_MEMORY P11_KIT_URI_UNEXPECTED
+
+

Unexpected memory allocation failure result. Same as P11_KIT_URI_UNEXPECTED.

+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit-Utilities.html b/doc/manual/html/p11-kit-Utilities.html new file mode 100644 index 0000000..748259b --- /dev/null +++ b/doc/manual/html/p11-kit-Utilities.html @@ -0,0 +1,269 @@ + + + + +Utilities: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

Utilities

+

Utilities — PKCS#11 utilities

+
+
+

Functions

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
const char * + +p11_kit_strerror () +
const char * + +p11_kit_message () +
+char * + +p11_kit_space_strdup () +
+size_t + +p11_kit_space_strlen () +
+void + +p11_kit_be_quiet () +
+void + +p11_kit_be_loud () +
+
+
+

Description

+

Utility functions for working with PKCS#11.

+
+
+

Functions

+
+

p11_kit_strerror ()

+
const char *
+p11_kit_strerror (CK_RV rv);
+

Get a message for a PKCS#11 return value or error code. Do not +pass CKR_OK or other such non errors to this function.

+
+

Parameters

+
+++++ + + + + + +

rv

The code to get a message for.

 
+
+
+

Returns

+

The user readable and localized message.

+
+
+
+
+

p11_kit_message ()

+
const char *
+p11_kit_message (void);
+

Gets the failure message for a recently called p11-kit function, which +returned a failure code on this thread. Not all functions set this message. +Each function that does so, will note it in its documentation.

+

If the most recent p11-kit function did not fail, then this will return NULL. +The string is owned by the p11-kit library and is only valid on the same +thread that the failed function executed on.

+
+

Returns

+

The last failure message, or NULL.

+
+
+
+
+

p11_kit_space_strdup ()

+
char *
+p11_kit_space_strdup (const unsigned char *string,
+                      size_t max_length);
+

In PKCS#11 structures many strings are encoded in a strange way. The string +is placed in a fixed length buffer and then padded with spaces.

+

This function copies the space padded string into a normal null-terminated +string. The result is owned by the caller.

+
+ + + + + + + + 
1
+2
+3
+4
CK_INFO info;
+char *description;
+   ...
+description = p11_kit_space_strdup (info->libraryDescription, sizeof (info->libraryDescription));
+
+ +
+

Parameters

+
+++++ + + + + + + + + + + + + +

string

Pointer to string block

 

max_length

Maximum length of string block

 
+
+
+

Returns

+

The newly allocated string, or NULL if memory could not be allocated.

+
+
+
+
+

p11_kit_space_strlen ()

+
size_t
+p11_kit_space_strlen (const unsigned char *string,
+                      size_t max_length);
+

In PKCS#11 structures many strings are encoded in a strange way. The string +is placed in a fixed length buffer and then padded with spaces.

+

This function determines the actual length of the string. Since the string +is not null-terminated you need to pass in the size of buffer as max_length. +The string will never be longer than this buffer.

+
+ + + + + + + + 
1
+2
+3
+4
CK_INFO info;
+size_t length;
+   ...
+length = p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription));
+
+ +
+

Parameters

+
+++++ + + + + + + + + + + + + +

string

Pointer to string block

 

max_length

Maximum length of string block

 
+
+
+

Returns

+

The length of the space padded string.

+
+
+
+
+

p11_kit_be_quiet ()

+
void
+p11_kit_be_quiet (void);
+

Once this function is called, the p11-kit library will no longer print +failure or warning messages to stderr.

+
+
+
+

p11_kit_be_loud ()

+
void
+p11_kit_be_loud (void);
+

Tell the p11-kit library will print failure or warning messages to stderr. +This is the default behavior, but can be changed using p11_kit_be_quiet().

+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit.devhelp2 b/doc/manual/html/p11-kit.devhelp2 new file mode 100644 index 0000000..810c023 --- /dev/null +++ b/doc/manual/html/p11-kit.devhelp2 @@ -0,0 +1,206 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/manual/html/p11-kit.html b/doc/manual/html/p11-kit.html new file mode 100644 index 0000000..17a2176 --- /dev/null +++ b/doc/manual/html/p11-kit.html @@ -0,0 +1,129 @@ + + + + +p11-kit: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

p11-kit

+

p11-kit — Tool for operating on configured PKCS#11 modules

+
+
+

Synopsis

+

p11-kit list-modules

+

p11-kit extract ... +

+

p11-kit server ... +

+
+
+

Description

+

p11-kit is a command line tool that + can be used to perform operations on PKCS#11 modules configured on the + system.

+

See the various sub commands below. The following global options + can be used:

+
++++ + + + + + + + + + + +

-v, --verbose

Run in verbose mode with debug + output.

-q, --quiet

Run in quiet mode without warning or + failure messages.

+
+
+

List Modules

+

List system configured PKCS#11 modules.

+
+$ p11-kit list-modules
+
+

The modules, information about them and the tokens present in + the PKCS#11 modules will be displayed.

+
+
+

Extract

+

Extract certificates from configured PKCS#11 modules.

+

This operation has been moved to a separate command trust extract. + See trust(1) + for more information

+
+
+

Server

+

Run a server process that exposes PKCS#11 module remotely.

+
+$ p11-kit server pkcs11:token1 pkcs11:token2 ...
+$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
+
+

This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use p11-kit-client.so module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: P11_KIT_SERVER_ADDRESS and P11_KIT_SERVER_PID.

+
+
+

Extract Trust

+

Extract standard trust information files.

+

This operation has been moved to a separate command trust extract-compat. + See trust(1) + for more information

+
+
+

Remote

+

Run a PKCS#11 module remotely.

+
+$ p11-kit remote /path/to/pkcs11-module.so
+$ p11-kit remote pkcs11:token1 pkcs11:token2 ...
+
+

This is not meant to be run directly from a terminal. But rather in a + remote option in a + pkcs11.conf(5) + file.

+

This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.

+
+
+

Bugs

+

+ Please send bug reports to either the distribution bug tracker + or the upstream bug tracker at + https://github.com/p11-glue/p11-kit/issues/. +

+
+
+

See also

+pkcs11.conf(5)

+ Further details available in the p11-kit online documentation at + https://p11-glue.github.io/p11-glue/p11-kit/manual/. +

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/pkcs11-conf.html b/doc/manual/html/pkcs11-conf.html new file mode 100644 index 0000000..ea302d3 --- /dev/null +++ b/doc/manual/html/pkcs11-conf.html @@ -0,0 +1,262 @@ + + + + +pkcs11.conf: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

pkcs11.conf

+

pkcs11.conf — Configuration files for PKCS#11 modules

+
+
+

Description

+

The pkcs11.conf configuration files are a standard + way to configure PKCS#11 modules.

+
+
+

File format

+

A complete configuration consists of several files. These files are + text files. Since p11-kit is built to be used in all + sorts of environments and at very low levels of the software stack, we + cannot make use of high level configuration APIs that you may find on a + modern desktop.

+

Each setting in the config file is specified consists of a name and + a value. The name is a simple string consisting of characters and dashes. + The name consists of alpha numeric characters, dot, hyphen and + underscore.

+

The value is specified after the name on the same line, separated + from it by a : (colon). White space between the + name and value is ignored.

+

Blank lines are ignored. White space at the beginning or end of + lines is stripped. Lines that begin with a # character + are ignored as comments. Comments are not recognized when they come after + a value on a line.

+

A fictitious module configuration file might look like:

+
+module: module.so
+# Here is a comment
+
+managed: true
+setting.2: A long value with text.
+x-custom : text
+
+
+
+

Module Configuration

+

Each configured PKCS#11 module has its own config file. These files + can be placed in various locations.

+

The filename of the configuration file may consist of upper and lowercase letters + underscore, comma, dash and dots. The first characters needs to be an alphanumeric, + the filename should end with a .module extension.

+

Most importantly each config file specifies the path of the PKCS#11 module to + load. A module config file has the following fields:

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

module:

 +

The filename of the PKCS#11 module to load. + This should include an extension like .so

+

If this value is blank, then the module will be ignored. + This can be used in the user configs to override loading of a module + specified in the system configuration.

+

If this is a relative path, then the module will be loaded + from the default module directory.

+

critical:

 +

Set to yes if the module is critical and + required to load. If a critical module fails to load or initialize, + then the loading process for all registered modules will abort and + return an error code.

+

This argument is optional and defaults to no.

+

enable-in:

 +

A comma and/or space separated list of names of programs that + this module should only be loaded in. The module will not be loaded + for other programs using p11-kit. The base name of the process executable + should be used here, for example + seahorse, ssh.

+

This option can also be used to control whether the module will be loaded by the proxy module. To enable loading only from the proxy module, specify p11-kit-proxy as the value.

+

This is not a security feature. The argument is optional. If + not present, then any process will load the module.

+

disable-in:

 +

A comma and/or space separated list of names of programs that + this module should not be loaded in. The module will be loaded for any + other programs using p11-kit. The base name of the process + executable should be used here, for example + firefox, thunderbird-bin.

+

This option can also be used to control whether the module will be loaded by the proxy module. To disable loading from the proxy module, specify p11-kit-proxy as the value.

+

This is not a security feature. The argument is optional. If + not present, then any process will load the module.

+

managed:

 +

Set to no if the module is not to be managed by + p11-kit. Making a module unmanaged is not recommended, and will cause + problems if multiple callers in a single process share a PKCS#11 module.

+

This argument is optional and defaults to yes.

+

priority:

 +

The value should be an integer. When lists of modules are + returned to a caller of p11-kit, modules with a higher number are sorted + first. When applications search modules for certificates, keys and + trust policy information, this setting will affect what find + first.

+

This argument is optional, and defaults to zero. Modules + with the same priority option will be sorted + alphabetically.

+

remote:

 +

Instead of loading the PKCS#11 module locally, run the module + remotely.

+

Specify a command to run, prefixed with | a pipe. + The command must speak the p11-kit remoting protocol on its standard in + and standard out. For example:

+
+remote: |ssh user@remote p11-kit remote /path/to/module.so
+
+

Other forms of remoting will appear in later p11-kit releases.

+

trust-policy:

Set to yes to use use this module as a source + of trust policy information such as certificate anchors and black lists.

log-calls:

 +

Set to yes to write a log to stderr of all the + calls into the module. This is only supported for managed modules.

+

This argument is optional and defaults to no.

+
+

Do not specify both enable-in and disable-in + for the same module.

+

Other fields may be present, but it is recommended that field names + that are not specified in this document start with a x- + prefix.

+
+
+

Global Configuration

+

A global configuration may also be present. This file contains settings + that are not related to a single PKCS#11 module. The location(s) of the + global configuration are described below. The global configuration file + can contain the following fields:

+
++++ + + + + + + + + + + + + + + +

user-config:

This will be equal to one of the following values: + none, merge, + only.

managed:

 +

Set to yes or no to + force all modules to be managed or unmanaged by p11-kit. Setting this + setting in a global configuration file will override the + managed setting in the individual module configuration + files. Making modules unmanaged is not recommended, and will cause + problems if multiple callers in a single process share a PKCS#11 + module.

+

This argument is optional.

+

log-calls:

 +

Set to yes to write a log to stderr of all the + calls into all configured modules. This is only supported for managed + modules.

+

This argument is optional.

+
+

Other fields may be present, but it is recommended that field names + that are not specified in this document start with a x- + prefix.

+
+
+

Configuration Files

+

Each configured PKCS#11 module has its own config file. These + files are placed in a directory. In addition a global config file exists. + There is a system configuration consisting of the various module config + files and a file for global configuration. Optionally each user can provide + additional configuration or override the system configuration.

+

The system global configuration file is usually in + /usr/local/etc/pkcs11/pkcs11.conf and the user global + configuration file is in ~/.config/pkcs11/pkcs11.conf in the + user's home directory.

+

The module config files are usually located in the + /usr/local/etc/pkcs11/modules directory, with one configuration + file per module. In addition the ~/.config/pkcs11/modules directory + can be used for modules installed by the user.

+

Note that user configuration files are not loaded from the home + directory if running inside a setuid or setgid program.

+

The default system config file and module directory can be changed + when building p11-kit. Always + lookup these paths using + pkg-config.

+
+
+

See also

+p11-kit(8)

Further details available in the p11-kit online documentation at + https://p11-glue.github.io/p11-glue/p11-kit/manual/. +

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/reference.html b/doc/manual/html/reference.html new file mode 100644 index 0000000..1ea58dc --- /dev/null +++ b/doc/manual/html/reference.html @@ -0,0 +1,557 @@ + + + + +API Reference: p11-kit + + + + + + + + + + + + + + + + +
+

+API Reference

+
+
+Modules — Module loading and initializing +
+
+URIs — Parsing and formatting PKCS#11 URIs +
+
+PIN Callbacks — PIN Callbacks +
+
+Utilities — PKCS#11 utilities +
+
+Future — Future Unstable API +
+
+Deprecated — Deprecated functions +
+
API Index
+
Annotation Glossary
+
+
+

+API Index

+

K

+
+P11KitIter, typedef in Future +
+
+
+P11KitIterBehavior, enum in Future +
+
+
+P11KitIterKind, enum in Future +
+
+
+P11KitPin, typedef in PIN Callbacks +
+
+
+P11KitPinFlags, enum in PIN Callbacks +
+
+
+P11KitUri, typedef in URIs +
+
+
+P11KitUriResult, enum in URIs +
+
+
+P11KitUriType, enum in URIs +
+
+
+p11_kit_be_loud, function in Utilities +
+
+
+p11_kit_be_quiet, function in Utilities +
+
+
+p11_kit_config_option, function in Modules +
+
+
+P11_KIT_DEPRECATED_FOR, macro in Deprecated +
+
+
+p11_kit_destroyer, user_function in Future +
+
+
+p11_kit_finalize_module, function in Deprecated +
+
+
+p11_kit_finalize_registered, function in Deprecated +
+
+
+p11_kit_initialize_module, function in Deprecated +
+
+
+p11_kit_initialize_registered, function in Deprecated +
+
+
+p11_kit_iter, typedef in Future +
+
+
+p11_kit_iter_add_callback, function in Future +
+
+
+p11_kit_iter_add_filter, function in Future +
+
+
+p11_kit_iter_begin, function in Future +
+
+
+p11_kit_iter_begin_with, function in Future +
+
+
+p11_kit_iter_callback, user_function in Future +
+
+
+p11_kit_iter_destroy_object, function in Future +
+
+
+p11_kit_iter_free, function in Future +
+
+
+p11_kit_iter_get_attributes, function in Future +
+
+
+p11_kit_iter_get_kind, function in Future +
+
+
+p11_kit_iter_get_module, function in Future +
+
+
+p11_kit_iter_get_object, function in Future +
+
+
+p11_kit_iter_get_session, function in Future +
+
+
+p11_kit_iter_get_slot, function in Future +
+
+
+p11_kit_iter_get_slot_info, function in Future +
+
+
+p11_kit_iter_get_token, function in Future +
+
+
+p11_kit_iter_keep_session, function in Future +
+
+
+p11_kit_iter_load_attributes, function in Future +
+
+
+p11_kit_iter_new, function in Future +
+
+
+p11_kit_iter_next, function in Future +
+
+
+p11_kit_iter_set_uri, function in Future +
+
+
+p11_kit_load_initialize_module, function in Deprecated +
+
+
+p11_kit_message, function in Utilities +
+
+
+p11_kit_modules_finalize, function in Modules +
+
+
+p11_kit_modules_finalize_and_release, function in Modules +
+
+
+p11_kit_modules_initialize, function in Modules +
+
+
+p11_kit_modules_load, function in Modules +
+
+
+p11_kit_modules_load_and_initialize, function in Modules +
+
+
+p11_kit_modules_release, function in Modules +
+
+
+P11_KIT_MODULE_CRITICAL, macro in Modules +
+
+
+p11_kit_module_finalize, function in Modules +
+
+
+p11_kit_module_for_name, function in Modules +
+
+
+p11_kit_module_get_filename, function in Modules +
+
+
+p11_kit_module_get_flags, function in Modules +
+
+
+p11_kit_module_get_name, function in Modules +
+
+
+p11_kit_module_initialize, function in Modules +
+
+
+p11_kit_module_load, function in Modules +
+
+
+p11_kit_module_release, function in Modules +
+
+
+P11_KIT_MODULE_UNMANAGED, macro in Modules +
+
+
+p11_kit_pin_callback, user_function in PIN Callbacks +
+
+
+p11_kit_pin_destroy_func, user_function in PIN Callbacks +
+
+
+P11_KIT_PIN_FALLBACK, macro in PIN Callbacks +
+
+
+p11_kit_pin_file_callback, function in PIN Callbacks +
+
+
+p11_kit_pin_get_length, function in PIN Callbacks +
+
+
+p11_kit_pin_get_value, function in PIN Callbacks +
+
+
+p11_kit_pin_new, function in PIN Callbacks +
+
+
+p11_kit_pin_new_for_buffer, function in PIN Callbacks +
+
+
+p11_kit_pin_new_for_string, function in PIN Callbacks +
+
+
+p11_kit_pin_ref, function in PIN Callbacks +
+
+
+p11_kit_pin_register_callback, function in PIN Callbacks +
+
+
+p11_kit_pin_request, function in PIN Callbacks +
+
+
+p11_kit_pin_unref, function in PIN Callbacks +
+
+
+p11_kit_pin_unregister_callback, function in PIN Callbacks +
+
+
+p11_kit_registered_modules, function in Deprecated +
+
+
+p11_kit_registered_module_to_name, function in Deprecated +
+
+
+p11_kit_registered_name_to_module, function in Deprecated +
+
+
+p11_kit_registered_option, function in Deprecated +
+
+
+p11_kit_remote_serve_module, function in Future +
+
+
+p11_kit_remote_serve_token, function in Future +
+
+
+p11_kit_remote_serve_tokens, function in Future +
+
+
+p11_kit_set_progname, function in Future +
+
+
+p11_kit_space_strdup, function in Utilities +
+
+
+p11_kit_space_strlen, function in Utilities +
+
+
+p11_kit_strerror, function in Utilities +
+
+
+p11_kit_uri, typedef in URIs +
+
+
+p11_kit_uri_any_unrecognized, function in URIs +
+
+
+p11_kit_uri_clear_attribute, function in URIs +
+
+
+p11_kit_uri_clear_attributes, function in URIs +
+
+
+p11_kit_uri_format, function in URIs +
+
+
+p11_kit_uri_free, function in URIs +
+
+
+p11_kit_uri_get_attribute, function in URIs +
+
+
+p11_kit_uri_get_attributes, function in URIs +
+
+
+p11_kit_uri_get_module_info, function in URIs +
+
+
+p11_kit_uri_get_module_name, function in URIs +
+
+
+p11_kit_uri_get_module_path, function in URIs +
+
+
+p11_kit_uri_get_pinfile, function in URIs +
+
+
+p11_kit_uri_get_pin_source, function in URIs +
+
+
+p11_kit_uri_get_pin_value, function in URIs +
+
+
+p11_kit_uri_get_slot_id, function in URIs +
+
+
+p11_kit_uri_get_slot_info, function in URIs +
+
+
+p11_kit_uri_get_token_info, function in URIs +
+
+
+p11_kit_uri_get_vendor_query, function in URIs +
+
+
+p11_kit_uri_match_attributes, function in URIs +
+
+
+p11_kit_uri_match_module_info, function in URIs +
+
+
+p11_kit_uri_match_slot_info, function in URIs +
+
+
+p11_kit_uri_match_token_info, function in URIs +
+
+
+p11_kit_uri_message, function in URIs +
+
+
+p11_kit_uri_new, function in URIs +
+
+
+P11_KIT_URI_NO_MEMORY, macro in URIs +
+
+
+p11_kit_uri_parse, function in URIs +
+
+
+P11_KIT_URI_SCHEME, macro in URIs +
+
+
+P11_KIT_URI_SCHEME_LEN, macro in URIs +
+
+
+p11_kit_uri_set_attribute, function in URIs +
+
+
+p11_kit_uri_set_attributes, function in URIs +
+
+
+p11_kit_uri_set_module_name, function in URIs +
+
+
+p11_kit_uri_set_module_path, function in URIs +
+
+
+p11_kit_uri_set_pinfile, function in URIs +
+
+
+p11_kit_uri_set_pin_source, function in URIs +
+
+
+p11_kit_uri_set_pin_value, function in URIs +
+
+
+p11_kit_uri_set_slot_id, function in URIs +
+
+
+p11_kit_uri_set_unrecognized, function in URIs +
+
+
+p11_kit_uri_set_vendor_query, function in URIs +
+
+
+
+

+Annotation Glossary

+

A

+
allow-none
+

NULL is ok, both for passing and for returning.

+
array
+

Parameter points to an array of items.

+

E

+
element-type
+

Generics and defining elements of containers and arrays.

+

I

+
inout
+

Parameter for input and for returning results. Default is transfer full.

+

O

+
out
+

Parameter for returning results. Default is transfer full.

+

T

+
transfer full
+

Free data after the code is done.

+
type
+

Override the parsed C type with given type

+
transfer none
+

Don't free data after the code is done.

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/remoting.html b/doc/manual/html/remoting.html new file mode 100644 index 0000000..f4129f6 --- /dev/null +++ b/doc/manual/html/remoting.html @@ -0,0 +1,230 @@ + + + + +Remoting / Forwarding: p11-kit + + + + + + + + + + + + + + + + +
+

+Remoting / Forwarding

+

Smartcards or hardware security modules (HSM) are technologies to + keep private keys on devices physically isolated to a device only available + to the user. That way only the intended user can use that device to authenticate, + authorize or perform other functions that involve the private keys. These come + usually in the form of a USB device or token which is plugged into the local computer. +

+

In modern "cloud" computing, it is often desirable to virtually transfer such + a device on remote servers. For example, one can sign software or documents on a remote + server, use the local smart card to authorize itself to Kerberos, or any other + possible use. There are various approaches to tackle that problem, and on different + levels of the smart card application stack. It is possible to forward the USB + device holding the smart card, or forward the lower-level PC/SC protocol which + some smart cards talk, or forward the high-level interface used to communicate + with smart cards, the PKCS#11 interface.

+

To address that problem, in p11-kit, we allow the forwarding of + the higher level smart card interface, PKCS#11. In the following paragraphs + we describe the approach and tools needed to perform that forwarding over SSH + secure communication channels.

+
+

Scenario

+

We assume having a local workstation, and a remote server. On the local + computer we have inserted a smart card, in our examples we use a Nitrokey + card with the OpenSC drivers. We will forward the card + from the workstation to the remote server.

+
+
+

Setting up the PKCS#11 forwarding server on a local client

+

To forward a smartcard to a remote server, we first need to identify which + smartcards are available. To list the smartcards currently attached to the local + computer, use the p11tool command from the gnutls package. For example: +

+
+$ p11tool --list-tokens
+...
+Token 6:
+        URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29
+        Label: UserPIN (Daiki's token)
+        Type: Hardware token
+        Manufacturer: www.CardContact.de
+        Model: PKCS#15 emulated
+        Serial: DENK0000000
+        Module: opensc-pkcs11.so
+...
+
+

This is the entry for the card we'd like to forward to remote system. The important + pieces are the 'pkcs11:' URL listed above, and the module name. Once we determine which + smartcard to forward, we expose it to a local Unix domain socket, with the following + p11-kit server command. +

+
+$ p11-kit server --provider /usr/lib64/pkcs11/opensc-pkcs11.so "pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29"
+
+

Here we provide to the server the module location (optional) with the --provider + option, as well as the URL of the card. We copied the values from the Module and URL + lines of the p11tool output above. When the p11-kit server command starts, it will + print the address of the PKCS#11 unix domain socket and the process ID of the server. +

+
+P11_KIT_SERVER_ADDRESS=unix:path=/run/user/12345/p11-kit/pkcs11-12345
+P11_KIT_SERVER_PID=12345
+
+

For later use, set the variables output by the tool on your shell prompt + (e.g., copy and paste them or call the above p11-kit server command line with + eval $(p11-kit server ...)). +

+
+
+

Forwarding and using the PKCS#11 Unix socket on the remote server

+

On the remote server, we will initially forward the previously generated PKCS#11 + unix socket, and then access the smart card through it. To access the forwarded socket + as if it were a smart card, a dedicated PKCS#11 module p11-kit-client.so is provided as + part of the p11-kit-server package. +

+
+
+

Preparing the remote system for PKCS#11 socket forwarding

+

One important detail you should be aware of, is the file system location of the + forwarded socket. By convention, the p11-kit-client.so module utilizes the "user runtime + directory", managed by systemd; the directory is created when a user logs in, and removed + upon logout, so that the user doesn't need to manually clean up the socket file. +

+

To locate your user runtime directory, do: +

+
+$ systemd-path user-runtime
+/run/user/1000
+
+

The p11-kit-client.so module looks for the socket file under a + subdirectory (/run/user/1000/p11-kit in this example). To enable + auto-creation of the directory, do the following. +

+
+$ systemctl --user enable p11-kit-client.service
+
+
+
+

Forwarding the PKCS#11 socket

+

We will use ssh to forward the local PKCS#11 unix socket to the remote server. + Following the p11-kit-client convention, we will forward the socket to the remote user + run-time path so that cleaning up on disconnect is not required. The remote location + of the run-time path can be obtained as follows. +

+
+$ ssh [user]@[remotehost] systemd-path user-runtime
+/run/user/1000
+
+

The number at the end of the path above is your user ID in that system + (and thus will vary from user to user). You can now forward the Unix domain socket + with the -R option of the ssh command, after replacing the example path with the + actual run-time path. +

+
+$ ssh -R /run/user/[userID]/p11-kit/pkcs11:${P11_KIT_SERVER_ADDRESS#*=} [user]@[remotehost]
+
+

After successfully logging in to the remote host, you can use the forwarded + smartcard as if it were directly connected to the server using the + p11-kit-client.so. Note that if any error occurs during the forwarding + setup, you will see something like this on your terminal: +

+
+Warning: remote port forwarding failed for listen path /run/user/...
+
+
+
+

Using the forwarded PKCS#11 socket

+

Let's first make sure the smart card works on the remote system, by listing it: +

+
+$ ls -l /run/user/1000/p11-kit/pkcs11
+
+$ p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so --list-tokens
+...
+Token 0:
+        URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29
+        Label: UserPIN (Daiki's token)
+        Type: Hardware token
+        Manufacturer: www.CardContact.de
+        Model: PKCS#15 emulated
+        Serial: DENK0000000
+        Module: (null)
+...
+
+

We can similarly generate, copy objects or test certificates to the card using + the same command. Any applications which support PKCS#11 can perform cryptographic + operations through the client module. +

+
+
+

Registering the client module for use with OpenSSL and GnuTLS apps

+

To utilize the p11-kit-client module with OpenSSL (via engine_pkcs11 provided + by the libp11 package) and GnuTLS applications, you have to register it in + p11-kit. To do it for the current user, use the following commands: +

+
+$ mkdir .config/pkcs11/modules/
+$ echo "module: /usr/lib64/pkcs11/p11-kit-client.so" >.config/pkcs11/modules/p11-kit-client.module
+
+

Once this is done both OpenSSL and GnuTLS applications should work, for example: +

+
+$ URL="pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29"
+
+# Generate a key using gnutls’ p11tool
+$ p11tool --generate-ecc --login --label test-key "$URL"
+
+# generate a certificate request with the previous key using openssl
+$ openssl req -engine pkcs11 -new -key "$URL;;object=test-key;type=private;pin-value=XXXX" \
+         -keyform engine -out req.pem -text -subj "/CN=Test user"
+
+

Note that the token URL remains the same in the forwarded system as in the original one. +

+
+
+

Using the client module with OpenSSH

+

To re-use the already forwarded smartcard for authentication with another remote host, you can run ssh and provide the -I option with p11-kit-client.so. For example: +

+
+$ ssh -I /usr/lib64/pkcs11/p11-kit-client.so [user]@[anotherhost]
+
+
+
+

Using the client module with NSS applications

+

To register the forwarded smartcard in NSS applications, you can set it up with + the modutil command, as follows. +

+
+$ sudo modutil -dbdir /etc/pki/nssdb -add p11-kit-client -libfile /usr/lib64/pkcs11/p11-kit-client.so
+
+$ modutil -dbdir /etc/pki/nssdb -list
+...
+  3. p11-kit-client
+    library name: /usr/lib64/pkcs11/p11-kit-client.so
+       uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.17
+     slots: 1 slot attached
+    status: loaded
+
+     slot: Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
+    token: UserPIN (Daiki's token)
+      uri: pkcs11:token=UserPIN%20(Daiki's%20token);manufacturer=www.CardContact.de;serial=DENK0000000;model=PKCS%2315%20emulated
+
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/right-insensitive.png b/doc/manual/html/right-insensitive.png new file mode 100644 index 0000000..4c95785 Binary files /dev/null and b/doc/manual/html/right-insensitive.png differ diff --git a/doc/manual/html/right.png b/doc/manual/html/right.png new file mode 100644 index 0000000..76260ec Binary files /dev/null and b/doc/manual/html/right.png differ diff --git a/doc/manual/html/sharing-managed.html b/doc/manual/html/sharing-managed.html new file mode 100644 index 0000000..3fbd3d6 --- /dev/null +++ b/doc/manual/html/sharing-managed.html @@ -0,0 +1,78 @@ + + + + +Managed modules: p11-kit + + + + + + + + + + + + + + + + +
+

+Managed modules

+

p11-kit wraps PKCS#11 modules to manage + them and customize their functionality so that they are able + to be shared between multiple callers in the same process.

+

Each caller that uses the + p11_kit_modules_load() + or p11_kit_module_load() + function gets independent wrapped PKCS#11 module(s). This is unless a caller + or module configuration specifies that a module should be used in an + unmanaged fashion.

+

When modules are managed, the following aspects are wrapped and + coordinated:

+
    +
  • +

    Calls to C_Initialize and + C_Finalize can be called by multiple + callers.

    +

    The first time that the managed module + C_Initialize is called, the PKCS#11 module's actual + C_Initialize function is called. Subsequent calls by + other callers will cause p11-kit to increment an + internal initialization count, rather than calling + C_Initialize again.

    +

    Multiple callers can call the managed + C_Initialize function concurrently from different + threads and p11-kit will guarantee that this managed + in a thread-safe manner.

    +
    • +
  • +

    When the managed module C_Finalize is used + to finalize a module, each time it is called it decrements the internal + initialization count for that module. When the internal initialization + count reaches zero, the module's actual C_Finalize + function is called.

    +

    Multiple callers can call the managed C_Finalize + function concurrently from different threads and p11-kit + will guarantee that this managed in a thread-safe manner.

    +
    • +

  • Call to C_CloseAllSessions only close the + sessions that the caller of the managed module has opened. This allows the + C_CloseAllSessions function to be used without closing + sessions for other callers of the same PKCS#11 module.

    • +

  • Managed modules have ability to log PKCS#11 method calls for debugging + purposes. See the log-calls = yes + module configuration option.

    • +

  • Managed modules have the ability to be remoted to another machine or + isolated in their own process. + See the remote = ... + module configuration option.

    • +
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/sharing.html b/doc/manual/html/sharing.html new file mode 100644 index 0000000..6883d30 --- /dev/null +++ b/doc/manual/html/sharing.html @@ -0,0 +1,48 @@ + + + + +Proxy Module: p11-kit + + + + + + + + + + + + + + + + +
+

+Proxy Module

+

When an application is aware of the fact that coordination + is necessary between multiple consumers of a PKCS#11 module, and wants + to load standard configured PKCS#11 modules, it can link to + p11-kit and use the functions there to provide this + functionality.

+

However most current consumers of PKCS#11 are ignorant of + this problem, and do not link to p11-kit. In order to solve this + multiple initialization problem for all applications, + p11-kit provides a proxy compatibility + module.

+

This proxy module acts like a normal PKCS#11 module, but + internally loads a preconfigured set of PKCS#11 modules and + manages their features as described earlier. Each slot in the configured modules + is exposed as a slot of the p11-kit proxy module. The proxy + module is then used as a normal PKCS#11 module would be. It can be loaded by + crypto libraries like NSS and behaves as expected.

+

The C_GetFunctionList exported entry point of the + proxy module returns a new managed PKCS#11 module each time it is called. These + managed instances are released when the proxy module is unloaded.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/style.css b/doc/manual/html/style.css new file mode 100644 index 0000000..3d0f951 --- /dev/null +++ b/doc/manual/html/style.css @@ -0,0 +1,116 @@ +@import url("gtk-doc.css"); + +TABLE.navigation { + background-color: #f9b631 !important; + border-width: 0 !important; + color: white; + font-family: Georgia, "Times New Roman", Times, serif; + height: 4em !important; +} + +TABLE.navigation TH { + font-size: 30pt !important; + font-weight: normal; + text-align: left !important; + padding-left: 10pt; +} + +TABLE.navigation TH:first-child { + padding-left: 40pt; +} + +.shortcuts { + color: white !important; +} + +.shortcuts a { + color: white !important; + font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; +} + +P.title { + font-size: 30pt !important; +} + +BODY { + padding-top: 5.5em !important; +} + +DIV.book, +DIV.refentry, +DIV.chapter, +DIV.index, +DIV.footer, +DIV.section { + font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; + font-size: 9.5pt; + line-height: 150%; +} + +BODY > DIV.book, +BODY > DIV.footer { + margin-left: 1em; + margin-right: 1em; +} + +BODY > DIV.refentry, +BODY > DIV.chapter, +BODY > DIV.index, +BODY > DIV.section { + margin-left: 3em; + margin-right: 1em; +} + +DIV.variablelist TABLE { + font-size: 9.5pt; + line-height: 150%; +} + +DIV.refsect1, +DIV.refsect2, +DIV.refsynopsisdiv { + margin-bottom: 3em !important; +} + +H1 { + position: relative; + left: -1em; + font-weight: normal !important; +} + +H2 { + position: relative; + left: -1em; + font-weight: normal !important; +} + +H3 { + position: relative; + left: -1em; + font-weight: normal !important; +} + +CODE.option { + white-space: nowrap; +} + +DIV.toc DL { + margin-top: 0; + margin-bottom: 0; +} + +DIV.book > DIV.toc > DL > DT { + margin-top: 1em; +} + +DIV.toc DT { + margin-bottom: 0.3em; +} + +TABLE.variablelist SPAN.term { + padding-right: 1em; +} + +DIV.cmdsynopsis { + font-family: monospace; +} diff --git a/doc/manual/html/tools.html b/doc/manual/html/tools.html new file mode 100644 index 0000000..1285734 --- /dev/null +++ b/doc/manual/html/tools.html @@ -0,0 +1,40 @@ + + + + +Manual Pages: p11-kit + + + + + + + + + + + + + + + + +
+

+Manual Pages

+
+
+p11-kit — Tool for operating on configured PKCS#11 modules +
+
+pkcs11.conf — Configuration files for PKCS#11 modules +
+
+trust — Tool for operating on the trust policy store +
+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/trust-disable.html b/doc/manual/html/trust-disable.html new file mode 100644 index 0000000..41121b7 --- /dev/null +++ b/doc/manual/html/trust-disable.html @@ -0,0 +1,44 @@ + + + + +Disabling the Trust Policy Module: p11-kit + + + + + + + + + + + + + + + + +
+

+Disabling the Trust Policy Module

+

This module is installed and enabled by default. It may + be disabled in the following ways:

+
    +

  • Use the --disable-trust-module + during the p11-kit + build.

    • +

  • Disable loading trust policy information + from this module by adding a file to /usr/local/etc/pkcs11/modules + called p11-kit-trust.module containing a + trust-policy: no line.

    • +

  • Disable this module completely by + adding a file to /usr/local/etc/pkcs11/modules + called p11-kit-trust.module containing a + enable-in: line (without a value).

    • +
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/trust-glib-networking.html b/doc/manual/html/trust-glib-networking.html new file mode 100644 index 0000000..c60cbe2 --- /dev/null +++ b/doc/manual/html/trust-glib-networking.html @@ -0,0 +1,34 @@ + + + + +Using the Trust Policy Module with glib-networking: p11-kit + + + + + + + + + + + + + + + + +
+

+Using the Trust Policy Module with glib-networking

+

The trust policy module can be used as a source of trust + information for glib-networking's gnutls-pkcs11 backend. + The module provides PKCS#11 trust assertion objects as expected.

+

The module should work by default if the gnutls-pkcs11 + backend is selected as the glib-networking TLS backend.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/trust-module.html b/doc/manual/html/trust-module.html new file mode 100644 index 0000000..989d8f2 --- /dev/null +++ b/doc/manual/html/trust-module.html @@ -0,0 +1,95 @@ + + + + +Trust Policy Module: p11-kit + + + + + + + + + + + + + + + + +
+

+Trust Policy Module

+
+
Paths loaded by the Module
+
Using the Trust Policy Module with NSS
+
Using the Trust Policy Module with glib-networking
+
Disabling the Trust Policy Module
+
+

The trust module provides system certificate anchors, blacklists + and other trust policy to crypto libraries applications. This + information is exposed as PKCS#11 objects.

+

You can use the trust command line + tool to examine and modify the trust policy store.

+
+

+Paths loaded by the Module

+

The trust module loads certificates and trust policy information + from preconfigured paths and allows them to be looked up via PKCS#11. + The input paths can be determined with using the following command:

+
+$ pkg-config --variable p11_trust_paths p11-kit-1
+/usr/share/p11-kit/trust:/etc/pki/trust
+
+

Files in the following formats are supported for loading by the + trust policy module:

+
++++ + + + + + + + + + + + + + + +

X.509 certificates

X.509 certificates in raw DER format. Does not + automatically contain trust policy information.

PEM certificates

X.509 certificates in PEM format. These have a + BEGIN CERTIFICATE header. This file does not + automatically contain trust policy information.

OpenSSL trust certificates

OpenSSL specific certificates in PEM format + that contain trust information. These have a + BEGIN TRUSTED CERTIFICATE PEM header. Both + trust anchor and blacklist information can be loaded + from these files.

+

If the input path is a file, then it is loaded. Certificate(s) in the + file are automatically treated as anchors, unless they contain alternate + trust policy information.

+

If the input path is a directory, files inside that directory are + parsed and loaded. If the file contains trust policy information (such as the + OpenSSL trust certificates) then it will be respected. Files without trust policy + information are not automatically marked as an anchor or blacklisted.

+

In addition two optional subdirectories of the input path are loaded. Files + placed in the anchors/ subdirectory become trust anchors + when they do not contain trust policy information. Files placed in the + blacklist/ subdirectory are blacklisted whether they + contain trust information or not.

+

The first input path becomes the first PKCS#11 token of the trust + module, and has the highest priority when callers search for trust + policy information.

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/trust-nss.html b/doc/manual/html/trust-nss.html new file mode 100644 index 0000000..b4975a4 --- /dev/null +++ b/doc/manual/html/trust-nss.html @@ -0,0 +1,40 @@ + + + + +Using the Trust Policy Module with NSS: p11-kit + + + + + + + + + + + + + + + + +
+

+Using the Trust Policy Module with NSS

+

The trust policy module is a drop in replacement for the + libnssckbi.so module and thus works out of + the box with NSS. The trust policy module provides NSS style + PKCS#11 trust objects for NSS to retrieve.

+

The module may be used to replace the + libnssckbi.so file via an distribution + specific alternatives mechanism or otherwise.

+

Alternatively NSS applications like Firefox or Thunderbird + may be configured to use the trust policy module by adding + the p11-kit-trust.so PKCS#11 module via their + GUI or command line configuration.

+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/trust.html b/doc/manual/html/trust.html new file mode 100644 index 0000000..6afd355 --- /dev/null +++ b/doc/manual/html/trust.html @@ -0,0 +1,423 @@ + + + + +trust: p11-kit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

trust

+

trust — Tool for operating on the trust policy store

+
+
+

Synopsis

+

trust list

+

trust extract --filter=<what> --format=<type> /path/to/destination +

+

trust anchor /path/to/certificate.crt +

+

trust dump

+
+
+

Description

+

trust is a command line tool to examine and + modify the shared trust policy store.

+

See the various sub commands below. The following global options + can be used:

+
++++ + + + + + + + + + + +

-v, --verbose

Run in verbose mode with debug + output.

-q, --quiet

Run in quiet mode without warning or + failure messages.

+
+
+

List

+

List trust policy store items.

+
+$ trust list
+
+

List information about the various items in the trust policy store. + Each item is listed with it's PKCS#11 URI and some descriptive information.

+

You can specify the following options to control what to list.

+
--filter=<what>
+
+

Specifies what certificates to extract. You can specify the following values: +

+
++++ + + + + + + + + + + + + + + + + + + + + + + +

ca-anchors

Certificate anchors

trust-policy

Anchors and blacklist (default)

blacklist

Blacklisted certificates

certificates

All certificates

pkcs11:object=xx

A PKCS#11 URI to filter with

+

+

+

If an output format is chosen that cannot support type what has been + specified by the filter, a message will be printed.

+

None of the available formats support storage of blacklist entries + that do not contain a full certificate. Thus any certificates blacklisted by + their issuer and serial number alone, are not included in the extracted + blacklist.

+
+
--purpose=<usage>
+
+

Limit to certificates usable for the given purpose + You can specify one of the following values: +

+
++++ + + + + + + + + + + + + + + + + + + + + + + +

server-auth

For authenticating servers

client-auth

For authenticating clients

email

For email protection

code-signing

For authenticated signed code

1.2.3.4.5...

An arbitrary purpose OID

+

+

+
+
+
+

Anchor

+

Store or remove trust anchors.

+
+$ trust anchor /path/to/certificate.crt
+$ trust anchor --remove /path/to/certificate.crt
+$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert"
+
+

Store or remove trust anchors in the trust policy store. These are + usually root certificate authorities.

+

Specify either the --store or --remove + operations. If no operation is specified then --store is + assumed.

+

When storing, one or more certificate files are expected on the + command line. These are stored as anchors, unless they are already + present.

+

When removing an anchor, either specify certificate files or + PKCS#11 URI's on the command line. Matching anchors will be removed.

+

It may be that this command needs to be run as root in order to + modify the system trust policy store, if no user specific store is + available.

+

You can specify the following options.

+
++++ + + + + + + + + + + +

--remove

Remove one or more anchors from the trust + policy store. Specify certificate files or PKCS#11 URI's + on the command line.

--store

Store one or more anchors to the trust + policy store. Specify certificate files on the command + line.

+
+
+

Extract

+

Extract trust policy from the shared trust policy store.

+
+$ trust extract --format=x509-directory --filter=ca-anchors /path/to/directory
+
+

You can specify the following options to control what to extract. + The --filter and --format arguments + should be specified. By default this command will not overwrite the + destination file or directory.

+
++++ + + + + + + + + + + + + + + + + + + + + + + +

--comment

Add identifying comments to PEM bundle output files + before each certificate.

--filter=<what>

 +

Specifies what certificates to extract. You can specify the following values: +

+
++++ + + + + + + + + + + + + + + + + + + + + + + +

ca-anchors

Certificate anchors (default)

trust-policy

Anchors and blacklist

blacklist

Blacklisted certificates

certificates

All certificates

pkcs11:object=xx

A PKCS#11 URI

+

+

+

If an output format is chosen that cannot support type what has been + specified by the filter, a message will be printed.

+

None of the available formats support storage of blacklist entries + that do not contain a full certificate. Thus any certificates blacklisted by + their issuer and serial number alone, are not included in the extracted + blacklist.

+

--format=<type>

 +

The format of the destination file or directory. + You can specify one of the following values: +

+
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

x509-file

DER X.509 certificate file

x509-directory

directory of X.509 certificates

pem-bundle

File containing one or more certificate PEM blocks

pem-directory

Directory of PEM files each containing one certificate

pem-directory-hash

Directory of PEM files each containing one certificate, with hash symlinks

openssl-bundle

OpenSSL specific PEM bundle of certificates

openssl-directory

Directory of OpenSSL specific PEM files

java-cacerts

Java keystore 'cacerts' certificate bundle

+

+

+

--overwrite

Overwrite output file or directory.

--purpose=<usage>

 +

Limit to certificates usable for the given purpose + You can specify one of the following values: +

+
++++ + + + + + + + + + + + + + + + + + + + + + + +

server-auth

For authenticating servers

client-auth

For authenticating clients

email

For email protection

code-signing

For authenticated signed code

1.2.3.4.5...

An arbitrary purpose OID

+

+

+
+
+
+

Extract Compat

+

Extract compatibility trust certificate bundles.

+
+$ trust extract-compat
+
+

OpenSSL, Java and some versions of GnuTLS cannot currently read + trust information directly from the trust policy store. This command + extracts trust information such as certificate anchors for use by + these libraries.

+

What this command does, and where it extracts the files is + distribution or site specific. Packagers or administrators are expected + customize this command.

+
+
+

Dump

+

Dump PKCS#11 items in the various tokens.

+
+$ trust dump
+
+

Dump information about the various PKCS#11 items in the tokens. + Each item is dumped with it's PKCS#11 URI and information in the .p11-kit + persistence format.

+

You can specify the following options to control what to dump.

+
--filter=<what>
+
+

Specifies what certificates to extract. You can specify the following values: +

+
++++ + + + + + + + + + + +

all

All objects. This is the default

pkcs11:object=xx

A PKCS#11 URI to filter with

+

+

+
+
+
+

Bugs

+

+ Please send bug reports to either the distribution bug tracker + or the upstream bug tracker at + https://github.com/p11-glue/p11-kit/issues/. +

+
+
+

See also

+p11-kit(8)

An explanatory document about storing trust policy: + https://p11-glue.github.io/p11-glue/doc/storing-trust-policy/

+

+ Further details available in the p11-kit online documentation at + https://p11-glue.github.io/p11-glue/p11-kit/manual/. +

+
+
+
+
Generated by GTK-Doc V1.32
+ + \ No newline at end of file diff --git a/doc/manual/html/up-insensitive.png b/doc/manual/html/up-insensitive.png new file mode 100644 index 0000000..f404986 Binary files /dev/null and b/doc/manual/html/up-insensitive.png differ diff --git a/doc/manual/html/up.png b/doc/manual/html/up.png new file mode 100644 index 0000000..80b4b37 Binary files /dev/null and b/doc/manual/html/up.png differ diff --git a/doc/manual/meson.build b/doc/manual/meson.build new file mode 100644 index 0000000..6739b88 --- /dev/null +++ b/doc/manual/meson.build @@ -0,0 +1,122 @@ +if get_option('gtk_doc') + ignore_headers = [ + 'private.h', + 'pkcs11.h', + 'conf.h', + 'debug.h', + 'dict.h', + 'filter.h', + 'log.h', + 'mock.h', + 'modules.h', + 'pkcs11.h', + 'pkcs11i.h', + 'pkcs11x.h', + 'private.h', + 'client.h', + 'proxy.h', + 'rpc.h', + 'rpc-message.h', + 'util.h', + 'virtual.h', + 'virtual-fixed.h', + 'array.h', + 'compat.h' + ] + + content_files = [ + 'p11-kit-config.xml', + 'p11-kit-sharing.xml', + 'p11-kit-devel.xml', + 'p11-kit-proxy.xml', + 'p11-kit-trust.xml', + 'p11-kit-remoting.xml', + 'p11-kit.xml', + 'pkcs11.conf.xml', + 'trust.xml', + 'annotation-glossary.xml' + ] + + configure_file( + input: 'version.xml.in', + output: '@BASENAME@', + configuration: {'VERSION': meson.project_version()}) + + configure_file( + input: 'userdir.xml.in', + output: '@BASENAME@', + configuration: {'p11_user_config': p11_user_config}) + + configure_file( + input: 'sysdir.xml.in', + output: '@BASENAME@', + configuration: {'p11_system_config': p11_system_config}) + + glib_prefix = dependency('glib-2.0').get_pkgconfig_variable('prefix') + fixxref_args = [ + '--html-dir=' + (prefix / gnome.gtkdoc_html_dir(meson.project_name())), + '--extra-dir=' + (glib_prefix / gnome.gtkdoc_html_dir('glib')), + ] + + gnome.gtkdoc('p11-kit', + main_xml: 'p11-kit-docs.xml', + namespace: 'p11_kit', + src_dir: 'p11-kit', + dependencies: libffi_deps + dlopen_deps, + scan_args: [ + '--ignore-headers=' + ' '.join(ignore_headers), + '--rebuild-types', + '--deprecated-guards="P11_KIT_DISABLE_DEPRECATED"' + ], + scanobjs_args: [ + '--version' + ], + content_files: content_files, + fixxref_args: fixxref_args, + install: true) +endif + +if get_option('man') + xsltproc = find_program('xsltproc') + xsltproc_xsl = 'http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl' + if run_command([xsltproc, '--nonet', xsltproc_xsl]).returncode() != 0 + error('Docbook stylesheet for manpages is missing') + endif + + xsltproc_flags = [ + '--nonet', + '--stringparam', 'man.output.quietly', '1', + '--stringparam', 'funcsynopsis.style', 'ansi', + '--stringparam', 'man.th.extra1.suppress', '1', + '--stringparam', 'man.authors.section.enabled', '0', + '--stringparam', 'man.copyright.section.enabled', '0', + '--path', meson.current_build_dir(), + ] + + man_pages = { + '1': ['trust'], + '5': ['pkcs11.conf'], + '8': ['p11-kit'], + } + + foreach section, pages: man_pages + foreach page: pages + man_src = '@0@.xml'.format(page) + man_dst = '@0@.@1@'.format(page, section) + man_section = 'man@0@'.format(section) + custom_target(man_dst, + command: [ + xsltproc, + xsltproc_flags, + '-o', '@OUTPUT@', + xsltproc_xsl, + '@INPUT@', + ], + input: man_src, + output: man_dst, + install: true, + install_dir: join_paths(mandir, man_section), + build_by_default: true) + endforeach + endforeach +endif diff --git a/doc/manual/p11-kit-config.xml b/doc/manual/p11-kit-config.xml new file mode 100644 index 0000000..c580445 --- /dev/null +++ b/doc/manual/p11-kit-config.xml @@ -0,0 +1,98 @@ + + + +]> + + + PKCS#11 Configuration + +
+ Consistent configuration + + In order for multiple applications on the user's desktop to use + PKCS#11 modules in a consistent manner, there must be a configuration + or registry to specify which modules to load and how to use them. The + PKCS#11 specification does not specify such a configuration standard. + + + Because of the multi-library module initialization problem, use of + PKCS#11 modules must be coordinated within an application. p11-kit + provides that coordination. Since coordination is required, it follows + that p11-kit can also implement a consistent module configuration. + +
+ +
+ Example + + The following sections describe the config format in detail. But first + an example which shows the various features. The configuration below, loads + two modules called 'my-module' and 'nss'. The user settings override some + aspects of the system settings. + +Global configuration file: &sysdir;/pkcs11.conf + +# This setting controls whether to load user configuration from the +# &userdir; directory. Possible values: +# none: No user configuration +# merge: Merge the user config over the system configuration (default) +# only: Only user configuration, ignore system configuration +user-config: merge + + +One module configuration file per module: &sysdir;/modules/my-module + +# This setting controls the actual module library to load. This config file +# might be installed by the package that installs this module library. This +# is not an absolute path name. Relative path names are loaded from the +# $(libdir)/pkcs11 directory by default. +module: my-pkcs11-module.so + +# This controls whether the module is required to successfully initialize. If 'yes', then +# a failure to load or initialize this module will result in a p11-kit system failure. +critical: no + + +User configuration file: &userdir;/pkcs11.conf + +# This is an empty file. Files that do not exist are treated as empty. + + +User configuration file: &userdir;/modules/my-module + +# Merge with the settings in the system my-module config file. In this case +# a developer has overridden to load a different module for my-module instead. +module: /home/user/src/custom-module/my-module.so + + +User configuration file: &userdir;/modules/nss + +# Load the NSS libsoftokn.so.3 PKCS#11 library as a module. Note that we pass +# some custom non-standard initialization arguments, as NSS expects. +module: /usr/lib/libsoftokn3.so +x-init-reserved: configdir='sql:/home/test/.pki/nssdb' certPrefix='' keyPrefix='' secmod='socmod.db' +critical: yes + + + +
+ +
+ Configuration Files + + A complete configuration consists of several files. These files are + text files. Since p11-kit is built to be used in all + sorts of environments and at very low levels of the software stack, we + cannot make use of high level configuration APIs that you may find on a + modern desktop. + + See the manual page for more details + on the format and available options. + + Note that user configuration files are not loaded from the home + directory if running inside a setuid or setgid program. +
+ diff --git a/doc/manual/p11-kit-devel.xml b/doc/manual/p11-kit-devel.xml new file mode 100644 index 0000000..9c848a2 --- /dev/null +++ b/doc/manual/p11-kit-devel.xml @@ -0,0 +1,323 @@ + + + + + Building, Packaging, and Contributing to p11-kit + + + +
+ Packaging PKCS#11 module configs + + Developers or packagers of PKCS#11 modules need to install various + files into specific locations so that p11-kit will recognize and load the + module correctly. + + You should use pkg-config as described below + to determine configuration paths. p11-kit installs a + pkg-config file called p11-kit-1.pc. + This file contains all the information about the various paths that p11-kit + looks for files at. + +
+ Path to place module configuration + + As described in the module configuration + documentation, each PKCS#11 module should install a config file describing + that module. These config files should be installed to a specific directory which + can be determined by running: + + +$ pkg-config p11-kit-1 --variable p11_module_configs +/usr/share/p11-kit/modules +
+ +
+ Default path for modules with relative paths + + If a module configuration + contains a relative path in its module: setting, + then that module will be loaded from the default module path. This + path can be determined by running: + + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 +
+ +
+ +
+ Customizing installed commands + + The p11-kit tool provides a + extract-trust command which extracts trust + policy information such as certificate anchors and so on + into files for use with libraries that cannot read this trust + information directly. + + In order to be useful the extract-trust + command needs to be customized per distribution or site. You can + find this file in at tools/p11-kit-trust-extract.in + in the p11-kit source code. + + The command is implemented as a simple script which + performs the various p11-kit extract commands + necessary to extract the information. + + Using this script as a standard way to extract this + information allows for consistency between distributions and ease + of system administration. +
+ +
+ Compiling p11-kit from Source + This describes how to compiling the p11-kit package from + source code. This is normally only necessary for those wishing to + contribute to the project or package p11-kit. + + You can download + tarballs + of the releases of p11-kit or + check + out the source code from git. This documentation will not + go into all the details of how to get your development environment + set up and instead focus on the what's unique to compiling p11-kit. + +
+ Building on UNIX + p11-kit uses the standard GNU build system, using autoconf for package + configuration and resolving portability issues, automake for building makefiles + that comply with the GNU Coding Standards, and libtool for building shared + libraries on multiple platforms. The normal sequence for compiling and + installing the p11-kit library is thus: + + +$ ./configure --prefix=/path/to/prefix ... +$ make +$ make install + + + If you've checked out the source code from git, then the + configure script does not yet exist. So use + the following instead: + + +$ ./autogen.sh --prefix=/path/to/prefix ... +$ make +$ make install + + + The standard options provided by GNU autoconf may be passed to the configure + script. Please see the autoconf documentation or run ./configure --help + for information about the standard options. In particular you probably want to adjust + the --prefix=/xxx argument depending on your system and development + environment. +
+ +
+ Optional Dependencies + + On a modern GNU Linux system, p11-kit has no required dependencies other + than the standard C library. However on older UNIX systems, some of the following + may be required. + + + gettext is required if your system doesn't + have the gettext() functionality for handling message + translation databases. This can be provided by the libintl library from + the GNU gettext + package. + pthread is required if your (ancient) system + doesn't have this included in the base system. How this is provided is platform + specific. + + + In addition p11-kit has several optional dependencies. If these are not available + during the build, then certain features will be disabled. + + + libffi for sharing of PKCS#11 modules + between multiple callers in the same process. It is highly recommended that + this dependency be treated as a required dependency. + gtk-doc is required to build the reference + manual. Use --enable-doc to control this + dependency. + xsltproc is required to build the command + manual pages. Use --enable-doc to control this + dependency. + libtasn1 is required to build the trust + module and code that interacts with certificates. + freebl3 (developed as part of the NSS + code base) is an optional dependency that may be used to meet policy + requirements of system builders. Enabling this dependency provides no other + advantage. + + +
+ +
+ Extra Configuration Options + + In addition to the normal options, the configure script in the p11-kit library + supports these additional arguments: + + + + + Disables building of the trust policy module. + + + , + By default p11-kit is built with debug symbols assertions and + and precondition checks. Enabling the debug option configures even more + detailed debug build, including disabling optimization. Disabling the debug + option is not recommended, as it disables all assertions, preconditions and + internal consistency checks, although it may result it a slightly faster + library. + + + + Enables building of the documentation and command line manual. + The documentation is built in the doc/html/ directory of + the build. Requires the gtk-doc and xsltproc + dependencies. + + + + Enables strict checks during building of p11-kit. All + compiler warnings become errors. + + + + Instead of using internal hash code, link to the freebl3 + library and use its hash implementations. The only advantage this brings is to + meet the policy requirements of system builders. + + + + , + Build with a dependency on the libtasn1 library. This dependency + allows the trust policy module to be built as well as other code that interacts with + certificates. + + + + Specify the path to look for PKCS#11 modules which were + listed in a module config file with a relative path. + + + + Specify the files or directories to look for certificate + anchors and blacklists. Multiple files and/or directories are specified with + a : in between them. The first path has the highest + priority when searching for certificates. + + + + Specify the path to look for p11-kit config files. This + usually defaults to something like /etc/pkcs11 + + + + Specify the path to look for user specific p11-kit config files. If + specify a path that begins with ~/ then this is expanded to the + home directory of the user running p11-kit. If you specify a path that begins with + ~/.config/ then this is expanded to the $XDG_CONFIG_HOME directory, + as outlined in the + XDG Base Dir specification. + This option defaults to ~/.pkcs11 + + + +
+
+ +
+ Coding Style + + We use a code style similar to the linux kernel. Use tabs + to indent and spaces to align/wrap beyond the indentation level. + + We don't try to guarantee completely robust and problem free + behavior in cases where the caller or system isn't behaving. We + consider these to be outside of our control: + + + Broken input from callers. We use preconditions + to check input and immediately return. We don't try to provide + error codes for all the various ways callers can screw + around. + + + Out of memory. It is pretty much impossible to handle out + of memory errors correctly. Handling them alongside other errors + is naive and broken. We don't try to guarantee library state + (such as locks or memory leaks) when memory allocation fails. + We do check the results from all memory allocations, but + treat them as unexpected conditions. As a nod to the behavior + of callers of this library, we don't abort on memory allocation + failures. We use preconditions with somewhat sane results. + Exception: when reading files or allocating potentially + unbounded amounts of memory, we should respond robustly to memory + allocation failures. + + + + These unexpected conditions indicate a bug either in p11-kit or + in the system. All bets are off once this occurs. + + Use the return_val_xxx() precondition macros to + check for unexpected conditions. +
+ +
+ Testing and Code Coverage + + As a general rule changes to p11-kit should have a tests exercising + that change. Use the make check command to run all + the tests. If you run it from a subdirectory only the tests in that + directory will be run. + + To check for memory errors or memory leaks, run make memcheck + or make leakcheck respectively. This requires valgrind + be installed. + + Build p11-kit with the configure + option to build code coverage support. + + Once you've done that you can either use make coverage + to build code coverage information. Alternatively (and this is usually + easier) you can use + + git coverage to easily check whether + you've tested the lines changed by a patch. + + A code coverage report is + available online. +
+ +
+ Debugging Tips + + Unexpected conditions will produce critical warnings by p11-kit. + These are often failed internal preconditions, and usually indicate a + bug either in p11-kit or the software calling it. + + You can use the environment variable P11_KIT_STRICT=yes + to make p11-kit do an abort() (and core dump depending on + your configuration) when a critical warning occurs. +
+ diff --git a/doc/manual/p11-kit-docs.xml b/doc/manual/p11-kit-docs.xml new file mode 100644 index 0000000..c7f3400 --- /dev/null +++ b/doc/manual/p11-kit-docs.xml @@ -0,0 +1,46 @@ + + + +]> + + + p11-kit + for p11-kit &version; + + + + + + + + + + Manual Pages + + + + + + + API Reference + + + + + + + + + API Index + + + + + + + + + diff --git a/doc/manual/p11-kit-overrides.txt b/doc/manual/p11-kit-overrides.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/doc/manual/p11-kit-overrides.txt diff --git a/doc/manual/p11-kit-proxy.xml b/doc/manual/p11-kit-proxy.xml new file mode 100644 index 0000000..7cc3615 --- /dev/null +++ b/doc/manual/p11-kit-proxy.xml @@ -0,0 +1,29 @@ + + + + Proxy Module + + When an application is aware of the fact that coordination + is necessary between multiple consumers of a PKCS#11 module, and wants + to load standard configured PKCS#11 modules, it can link to + p11-kit and use the functions there to provide this + functionality. + + However most current consumers of PKCS#11 are ignorant of + this problem, and do not link to p11-kit. In order to solve this + multiple initialization problem for all applications, + p11-kit provides a proxy compatibility + module. + + This proxy module acts like a normal PKCS#11 module, but + internally loads a preconfigured set of PKCS#11 modules and + manages their features as described earlier. Each slot in the configured modules + is exposed as a slot of the p11-kit proxy module. The proxy + module is then used as a normal PKCS#11 module would be. It can be loaded by + crypto libraries like NSS and behaves as expected. + + The C_GetFunctionList exported entry point of the + proxy module returns a new managed PKCS#11 module each time it is called. These + managed instances are released when the proxy module is unloaded. + diff --git a/doc/manual/p11-kit-remoting.xml b/doc/manual/p11-kit-remoting.xml new file mode 100644 index 0000000..f7689f8 --- /dev/null +++ b/doc/manual/p11-kit-remoting.xml @@ -0,0 +1,253 @@ + + + + Remoting / Forwarding + + Smartcards or hardware security modules (HSM) are technologies to + keep private keys on devices physically isolated to a device only available + to the user. That way only the intended user can use that device to authenticate, + authorize or perform other functions that involve the private keys. These come + usually in the form of a USB device or token which is plugged into the local computer. + + In modern "cloud" computing, it is often desirable to virtually transfer such + a device on remote servers. For example, one can sign software or documents on a remote + server, use the local smart card to authorize itself to Kerberos, or any other + possible use. There are various approaches to tackle that problem, and on different + levels of the smart card application stack. It is possible to forward the USB + device holding the smart card, or forward the lower-level PC/SC protocol which + some smart cards talk, or forward the high-level interface used to communicate + with smart cards, the PKCS#11 interface. + + To address that problem, in p11-kit, we allow the forwarding of + the higher level smart card interface, PKCS#11. In the following paragraphs + we describe the approach and tools needed to perform that forwarding over SSH + secure communication channels. + + + Scenario + + We assume having a local workstation, and a remote server. On the local + computer we have inserted a smart card, in our examples we use a Nitrokey + card with the OpenSC drivers. We will forward the card + from the workstation to the remote server. + + + + Setting up the PKCS#11 forwarding server on a local client + + To forward a smartcard to a remote server, we first need to identify which + smartcards are available. To list the smartcards currently attached to the local + computer, use the p11tool command from the gnutls package. For example: + + + +$ p11tool --list-tokens +... +Token 6: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29 + Label: UserPIN (Daiki's token) + Type: Hardware token + Manufacturer: www.CardContact.de + Model: PKCS#15 emulated + Serial: DENK0000000 + Module: opensc-pkcs11.so +... + + + This is the entry for the card we'd like to forward to remote system. The important + pieces are the 'pkcs11:' URL listed above, and the module name. Once we determine which + smartcard to forward, we expose it to a local Unix domain socket, with the following + p11-kit server command. + + +$ p11-kit server --provider /usr/lib64/pkcs11/opensc-pkcs11.so "pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29" + + + Here we provide to the server the module location (optional) with the --provider + option, as well as the URL of the card. We copied the values from the Module and URL + lines of the p11tool output above. When the p11-kit server command starts, it will + print the address of the PKCS#11 unix domain socket and the process ID of the server. + + + +P11_KIT_SERVER_ADDRESS=unix:path=/run/user/12345/p11-kit/pkcs11-12345 +P11_KIT_SERVER_PID=12345 + + + For later use, set the variables output by the tool on your shell prompt + (e.g., copy and paste them or call the above p11-kit server command line with + eval $(p11-kit server ...)). + + + + + + Forwarding and using the PKCS#11 Unix socket on the remote server + + On the remote server, we will initially forward the previously generated PKCS#11 + unix socket, and then access the smart card through it. To access the forwarded socket + as if it were a smart card, a dedicated PKCS#11 module p11-kit-client.so is provided as + part of the p11-kit-server package. + + + + + Preparing the remote system for PKCS#11 socket forwarding + + One important detail you should be aware of, is the file system location of the + forwarded socket. By convention, the p11-kit-client.so module utilizes the "user runtime + directory", managed by systemd; the directory is created when a user logs in, and removed + upon logout, so that the user doesn't need to manually clean up the socket file. + + + To locate your user runtime directory, do: + + + +$ systemd-path user-runtime +/run/user/1000 + + + The p11-kit-client.so module looks for the socket file under a + subdirectory (/run/user/1000/p11-kit in this example). To enable + auto-creation of the directory, do the following. + + + +$ systemctl --user enable p11-kit-client.service + + + + + Forwarding the PKCS#11 socket + + We will use ssh to forward the local PKCS#11 unix socket to the remote server. + Following the p11-kit-client convention, we will forward the socket to the remote user + run-time path so that cleaning up on disconnect is not required. The remote location + of the run-time path can be obtained as follows. + + + +$ ssh [user]@[remotehost] systemd-path user-runtime +/run/user/1000 + + + The number at the end of the path above is your user ID in that system + (and thus will vary from user to user). You can now forward the Unix domain socket + with the -R option of the ssh command, after replacing the example path with the + actual run-time path. + + + +$ ssh -R /run/user/[userID]/p11-kit/pkcs11:${P11_KIT_SERVER_ADDRESS#*=} [user]@[remotehost] + + + After successfully logging in to the remote host, you can use the forwarded + smartcard as if it were directly connected to the server using the + p11-kit-client.so. Note that if any error occurs during the forwarding + setup, you will see something like this on your terminal: + + + +Warning: remote port forwarding failed for listen path /run/user/... + + + + + Using the forwarded PKCS#11 socket + + Let's first make sure the smart card works on the remote system, by listing it: + + + +$ ls -l /run/user/1000/p11-kit/pkcs11 + +$ p11tool --provider /usr/lib64/pkcs11/p11-kit-client.so --list-tokens +... +Token 0: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29 + Label: UserPIN (Daiki's token) + Type: Hardware token + Manufacturer: www.CardContact.de + Model: PKCS#15 emulated + Serial: DENK0000000 + Module: (null) +... + + + We can similarly generate, copy objects or test certificates to the card using + the same command. Any applications which support PKCS#11 can perform cryptographic + operations through the client module. + + + + + Registering the client module for use with OpenSSL and GnuTLS apps + + To utilize the p11-kit-client module with OpenSSL (via engine_pkcs11 provided + by the libp11 package) and GnuTLS applications, you have to register it in + p11-kit. To do it for the current user, use the following commands: + + + +$ mkdir .config/pkcs11/modules/ +$ echo "module: /usr/lib64/pkcs11/p11-kit-client.so" >.config/pkcs11/modules/p11-kit-client.module + + + Once this is done both OpenSSL and GnuTLS applications should work, for example: + + + +$ URL="pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0000000;token=UserPIN%20%28Daiki%27s%20token%29" + +# Generate a key using gnutls’ p11tool +$ p11tool --generate-ecc --login --label test-key "$URL" + +# generate a certificate request with the previous key using openssl +$ openssl req -engine pkcs11 -new -key "$URL;;object=test-key;type=private;pin-value=XXXX" \ + -keyform engine -out req.pem -text -subj "/CN=Test user" + + + Note that the token URL remains the same in the forwarded system as in the original one. + + + + + + Using the client module with OpenSSH + + To re-use the already forwarded smartcard for authentication with another remote host, you can run ssh and provide the -I option with p11-kit-client.so. For example: + + + +$ ssh -I /usr/lib64/pkcs11/p11-kit-client.so [user]@[anotherhost] + + + + + Using the client module with NSS applications + + To register the forwarded smartcard in NSS applications, you can set it up with + the modutil command, as follows. + + + +$ sudo modutil -dbdir /etc/pki/nssdb -add p11-kit-client -libfile /usr/lib64/pkcs11/p11-kit-client.so + +$ modutil -dbdir /etc/pki/nssdb -list +... + 3. p11-kit-client + library name: /usr/lib64/pkcs11/p11-kit-client.so + uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.17 + slots: 1 slot attached + status: loaded + + slot: Nitrokey Nitrokey HSM (010000000000000000000000) 00 00 + token: UserPIN (Daiki's token) + uri: pkcs11:token=UserPIN%20(Daiki's%20token);manufacturer=www.CardContact.de;serial=DENK0000000;model=PKCS%2315%20emulated + + + + + diff --git a/doc/manual/p11-kit-sections.txt b/doc/manual/p11-kit-sections.txt new file mode 100644 index 0000000..cb0cb1c --- /dev/null +++ b/doc/manual/p11-kit-sections.txt @@ -0,0 +1,159 @@ +
+p11-kit-uri +P11_KIT_URI_SCHEME +P11_KIT_URI_SCHEME_LEN +P11KitUriType +P11KitUriResult +P11KitUri +p11_kit_uri +p11_kit_uri_new +p11_kit_uri_get_module_info +p11_kit_uri_match_module_info +p11_kit_uri_get_slot_info +p11_kit_uri_match_slot_info +p11_kit_uri_get_slot_id +p11_kit_uri_set_slot_id +p11_kit_uri_get_token_info +p11_kit_uri_match_token_info +p11_kit_uri_get_attributes +p11_kit_uri_set_attributes +p11_kit_uri_clear_attributes +p11_kit_uri_match_attributes +p11_kit_uri_get_attribute +p11_kit_uri_set_attribute +p11_kit_uri_clear_attribute +p11_kit_uri_set_unrecognized +p11_kit_uri_any_unrecognized +p11_kit_uri_get_pin_value +p11_kit_uri_set_pin_value +p11_kit_uri_get_pin_source +p11_kit_uri_set_pin_source +p11_kit_uri_get_pinfile +p11_kit_uri_set_pinfile +p11_kit_uri_get_module_name +p11_kit_uri_set_module_name +p11_kit_uri_get_module_path +p11_kit_uri_set_module_path +p11_kit_uri_get_vendor_query +p11_kit_uri_set_vendor_query +p11_kit_uri_format +p11_kit_uri_parse +p11_kit_uri_free +p11_kit_uri_message +P11_KIT_URI_NO_MEMORY +
+ +
+p11-kit-pin +P11KitPin +p11_kit_pin_new +p11_kit_pin_new_for_buffer +p11_kit_pin_new_for_string +p11_kit_pin_get_value +p11_kit_pin_get_length +p11_kit_pin_ref +p11_kit_pin_unref +P11KitPinFlags +P11_KIT_PIN_FALLBACK +p11_kit_pin_register_callback +p11_kit_pin_unregister_callback +p11_kit_pin_callback +p11_kit_pin_request +p11_kit_pin_destroy_func +p11_kit_pin_file_callback +
+ +
+p11-kit +P11_KIT_MODULE_CRITICAL +P11_KIT_MODULE_UNMANAGED +p11_kit_modules_load_and_initialize +p11_kit_modules_finalize_and_release +p11_kit_modules_load +p11_kit_modules_initialize +p11_kit_modules_finalize +p11_kit_modules_release +p11_kit_module_load +p11_kit_module_initialize +p11_kit_module_finalize +p11_kit_module_release +p11_kit_module_for_name +p11_kit_module_get_name +p11_kit_module_get_flags +p11_kit_module_get_filename +p11_kit_config_option +
+ +
+p11-kit-util +p11_kit_strerror +p11_kit_message +p11_kit_space_strdup +p11_kit_space_strlen +p11_kit_be_quiet +p11_kit_be_loud + +CK_FUNCTION_LIST_PTR +CK_RV +CK_ATTRIBUTE +CK_ATTRIBUTE_PTR +CK_ATTRIBUTE_TYPE +CK_FLAGS +CK_FUNCTION_LIST +CK_INFO_PTR +CK_SLOT_INFO_PTR +CK_TOKEN_INFO_PTR +CK_SLOT_ID +CK_SESSION_HANDLE +CK_BBOOL +CK_ULONG +p11_kit_uri_result_t +p11_kit_uri_type_t +
+ +
+p11-kit-future +p11_kit_set_progname +p11_kit_destroyer +P11KitIter +p11_kit_iter +p11_kit_iter_new +p11_kit_iter_set_uri +p11_kit_iter_add_callback +p11_kit_iter_add_filter +p11_kit_iter_callback +p11_kit_iter_begin +p11_kit_iter_begin_with +p11_kit_iter_next +p11_kit_iter_get_kind +p11_kit_iter_get_module +p11_kit_iter_get_slot +p11_kit_iter_get_slot_info +p11_kit_iter_get_token +p11_kit_iter_get_session +p11_kit_iter_keep_session +p11_kit_iter_get_object +p11_kit_iter_get_attributes +p11_kit_iter_load_attributes +p11_kit_iter_destroy_object +p11_kit_iter_free +P11KitIterKind +P11KitIterBehavior +p11_kit_remote_serve_module +p11_kit_remote_serve_token +p11_kit_remote_serve_tokens +
+ +
+p11-kit-deprecated +p11_kit_initialize_registered +p11_kit_finalize_registered +p11_kit_registered_modules +p11_kit_registered_module_to_name +p11_kit_registered_name_to_module +p11_kit_registered_option +p11_kit_initialize_module +p11_kit_load_initialize_module +p11_kit_finalize_module +P11_KIT_DEPRECATED_FOR +
diff --git a/doc/manual/p11-kit-sharing.xml b/doc/manual/p11-kit-sharing.xml new file mode 100644 index 0000000..0edf36e --- /dev/null +++ b/doc/manual/p11-kit-sharing.xml @@ -0,0 +1,110 @@ + + + + + Sharing PKCS#11 modules + +
+ Multiple consumers of PKCS#11 in a process + + As more and more applications and libraries use PKCS#11 we run + into a very basic problem. The PKCS#11 modules cannot be initialized and + finalized properly without coordination between the various consumers. + + + An example: An application might use GnuTLS for + TLS connections, and use libgcr for display of certificates. Both of + these want to load (and initialize) the same PKCS#11 modules. There are + many places where this situation occurs, including large applications + like Evolution which due to their dependencies end up using both NSS and + GnuTLS. + + Consumer A loads a PKCS#11 module and uses the module's + C_Initialize function to initialize it, which works as expected. + When consumer B initializes the module (also using C_Initialize), + the error code CKR_CRYPTOKI_ALREADY_INITIALIZED + is correctly returned. This is normal PKCS#11 specification + defined behavior for when a module is initialized twice in the + same process. If consumer B is aware of this situation they may + choose to ignore this error code. + + However when the consumer A is done with its use of the + PKCS#11 module it finalizes the module using the module's + C_Finalize function. This is expected of a well behaved PKCS#11 + consumer. This then causes errors and/or crashes for consumer B, + which cannot know that the module has now been finalized out + from underneath it. + + It is necessary for the two consumers to coordinate their + initialization and finalization in some fashion. In + p11-kit we provide this coordination in a + loosely coupled, backwards compatible, and flexible way. +
+ +
+ Managed modules + + p11-kit wraps PKCS#11 modules to manage + them and customize their functionality so that they are able + to be shared between multiple callers in the same process. + + Each caller that uses the + p11_kit_modules_load() + or p11_kit_module_load() + function gets independent wrapped PKCS#11 module(s). This is unless a caller + or module configuration specifies that a module should be used in an + unmanaged fashion. + + When modules are managed, the following aspects are wrapped and + coordinated: + + + + Calls to C_Initialize and + C_Finalize can be called by multiple + callers. + + The first time that the managed module + C_Initialize is called, the PKCS#11 module's actual + C_Initialize function is called. Subsequent calls by + other callers will cause p11-kit to increment an + internal initialization count, rather than calling + C_Initialize again. + + Multiple callers can call the managed + C_Initialize function concurrently from different + threads and p11-kit will guarantee that this managed + in a thread-safe manner. + + + When the managed module C_Finalize is used + to finalize a module, each time it is called it decrements the internal + initialization count for that module. When the internal initialization + count reaches zero, the module's actual C_Finalize + function is called. + + Multiple callers can call the managed C_Finalize + function concurrently from different threads and p11-kit + will guarantee that this managed in a thread-safe manner. + + + Call to C_CloseAllSessions only close the + sessions that the caller of the managed module has opened. This allows the + C_CloseAllSessions function to be used without closing + sessions for other callers of the same PKCS#11 module. + + + Managed modules have ability to log PKCS#11 method calls for debugging + purposes. See the log-calls = yes + module configuration option. + + + Managed modules have the ability to be remoted to another machine or + isolated in their own process. + See the remote = ... + module configuration option. + + +
+ diff --git a/doc/manual/p11-kit-trust.xml b/doc/manual/p11-kit-trust.xml new file mode 100644 index 0000000..dde614c --- /dev/null +++ b/doc/manual/p11-kit-trust.xml @@ -0,0 +1,128 @@ + + + +]> + + +Trust Policy Module + + The trust module provides system certificate anchors, blacklists + and other trust policy to crypto libraries applications. This + information is exposed as PKCS#11 objects. + + You can use the trust command line + tool to examine and modify the trust policy store. + +
+ Paths loaded by the Module + + The trust module loads certificates and trust policy information + from preconfigured paths and allows them to be looked up via PKCS#11. + The input paths can be determined with using the following command: + + +$ pkg-config --variable p11_trust_paths p11-kit-1 +/usr/share/p11-kit/trust:/etc/pki/trust + + + Files in the following formats are supported for loading by the + trust policy module: + + + + X.509 certificates + X.509 certificates in raw DER format. Does not + automatically contain trust policy information. + + + PEM certificates + X.509 certificates in PEM format. These have a + BEGIN CERTIFICATE header. This file does not + automatically contain trust policy information. + + + OpenSSL trust certificates + OpenSSL specific certificates in PEM format + that contain trust information. These have a + BEGIN TRUSTED CERTIFICATE PEM header. Both + trust anchor and blacklist information can be loaded + from these files. + + + + If the input path is a file, then it is loaded. Certificate(s) in the + file are automatically treated as anchors, unless they contain alternate + trust policy information. + + If the input path is a directory, files inside that directory are + parsed and loaded. If the file contains trust policy information (such as the + OpenSSL trust certificates) then it will be respected. Files without trust policy + information are not automatically marked as an anchor or blacklisted. + + In addition two optional subdirectories of the input path are loaded. Files + placed in the anchors/ subdirectory become trust anchors + when they do not contain trust policy information. Files placed in the + blacklist/ subdirectory are blacklisted whether they + contain trust information or not. + + The first input path becomes the first PKCS#11 token of the trust + module, and has the highest priority when callers search for trust + policy information. +
+ +
+ Using the Trust Policy Module with NSS + + The trust policy module is a drop in replacement for the + libnssckbi.so module and thus works out of + the box with NSS. The trust policy module provides NSS style + PKCS#11 trust objects for NSS to retrieve. + + The module may be used to replace the + libnssckbi.so file via an distribution + specific alternatives mechanism or otherwise. + + Alternatively NSS applications like Firefox or Thunderbird + may be configured to use the trust policy module by adding + the p11-kit-trust.so PKCS#11 module via their + GUI or command line configuration. +
+ +
+ Using the Trust Policy Module with glib-networking + + The trust policy module can be used as a source of trust + information for glib-networking's gnutls-pkcs11 backend. + The module provides PKCS#11 trust assertion objects as expected. + + The module should work by default if the gnutls-pkcs11 + backend is selected as the glib-networking TLS backend. +
+ +
+ Disabling the Trust Policy Module + + This module is installed and enabled by default. It may + be disabled in the following ways: + + + Use the + during the p11-kit + build. + Disable loading trust policy information + from this module by adding a file to &sysdir;/modules + called p11-kit-trust.module containing a + trust-policy: no line. + + Disable this module completely by + adding a file to &sysdir;/modules + called p11-kit-trust.module containing a + enable-in: line (without a value). + + +
+ + diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml new file mode 100644 index 0000000..48a9201 --- /dev/null +++ b/doc/manual/p11-kit.xml @@ -0,0 +1,152 @@ + + + + + + + p11-kit + p11-kit + + + Maintainer + Stef + Walter + stef@thewalter.net + + + + + + p11-kit + 8 + System Commands + + + + p11-kit + Tool for operating on configured PKCS#11 modules + + + + + p11-kit list-modules + + + p11-kit extract ... + + + p11-kit server ... + + + + + Description + p11-kit is a command line tool that + can be used to perform operations on PKCS#11 modules configured on the + system. + + See the various sub commands below. The following global options + can be used: + + + + + Run in verbose mode with debug + output. + + + + Run in quiet mode without warning or + failure messages. + + + + + + + List Modules + + List system configured PKCS#11 modules. + + +$ p11-kit list-modules + + + The modules, information about them and the tokens present in + the PKCS#11 modules will be displayed. + + + + + Extract + + Extract certificates from configured PKCS#11 modules. + + This operation has been moved to a separate command trust extract. + See trust1 + for more information + + + + Server + + Run a server process that exposes PKCS#11 module remotely. + + +$ p11-kit server pkcs11:token1 pkcs11:token2 ... +$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ... + + + This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use p11-kit-client.so module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: P11_KIT_SERVER_ADDRESS and P11_KIT_SERVER_PID. + + + + + Extract Trust + + Extract standard trust information files. + + This operation has been moved to a separate command trust extract-compat. + See trust1 + for more information + + + + Remote + + Run a PKCS#11 module remotely. + + +$ p11-kit remote /path/to/pkcs11-module.so +$ p11-kit remote pkcs11:token1 pkcs11:token2 ... + + + This is not meant to be run directly from a terminal. But rather in a + option in a + pkcs11.conf5 + file. + This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module. + + + + Bugs + + Please send bug reports to either the distribution bug tracker + or the upstream bug tracker at + https://github.com/p11-glue/p11-kit/issues/. + + + + + See also + + pkcs11.conf5 + + + Further details available in the p11-kit online documentation at + https://p11-glue.github.io/p11-glue/p11-kit/manual/. + + + + diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml new file mode 100644 index 0000000..1ae6ef6 --- /dev/null +++ b/doc/manual/pkcs11.conf.xml @@ -0,0 +1,283 @@ + + + +]> + + + + + pkcs11.conf + p11-kit + + + Maintainer + Stef + Walter + stef@thewalter.net + + + + + + pkcs11.conf + 5 + System Files + + + + pkcs11.conf + Configuration files for PKCS#11 modules + + + + Description + The pkcs11.conf configuration files are a standard + way to configure PKCS#11 modules. + + + + File format + A complete configuration consists of several files. These files are + text files. Since p11-kit is built to be used in all + sorts of environments and at very low levels of the software stack, we + cannot make use of high level configuration APIs that you may find on a + modern desktop. + + Each setting in the config file is specified consists of a name and + a value. The name is a simple string consisting of characters and dashes. + The name consists of alpha numeric characters, dot, hyphen and + underscore. + + The value is specified after the name on the same line, separated + from it by a : (colon). White space between the + name and value is ignored. + + Blank lines are ignored. White space at the beginning or end of + lines is stripped. Lines that begin with a # character + are ignored as comments. Comments are not recognized when they come after + a value on a line. + + A fictitious module configuration file might look like: + +module: module.so +# Here is a comment + +managed: true +setting.2: A long value with text. +x-custom : text + + + + + Module Configuration + + Each configured PKCS#11 module has its own config file. These files + can be placed in various locations. + The filename of the configuration file may consist of upper and lowercase letters + underscore, comma, dash and dots. The first characters needs to be an alphanumeric, + the filename should end with a .module extension. + Most importantly each config file specifies the path of the PKCS#11 module to + load. A module config file has the following fields: + + + + + + The filename of the PKCS#11 module to load. + This should include an extension like .so + If this value is blank, then the module will be ignored. + This can be used in the user configs to override loading of a module + specified in the system configuration. + + If this is a relative path, then the module will be loaded + from the default module directory. + + + + + + Set to yes if the module is critical and + required to load. If a critical module fails to load or initialize, + then the loading process for all registered modules will abort and + return an error code. + + This argument is optional and defaults to no. + + + + + + A comma and/or space separated list of names of programs that + this module should only be loaded in. The module will not be loaded + for other programs using p11-kit. The base name of the process executable + should be used here, for example + seahorse, ssh. + This option can also be used to control whether the module will be loaded by the proxy module. To enable loading only from the proxy module, specify p11-kit-proxy as the value. + This is not a security feature. The argument is optional. If + not present, then any process will load the module. + + + + + + A comma and/or space separated list of names of programs that + this module should not be loaded in. The module will be loaded for any + other programs using p11-kit. The base name of the process + executable should be used here, for example + firefox, thunderbird-bin. + This option can also be used to control whether the module will be loaded by the proxy module. To disable loading from the proxy module, specify p11-kit-proxy as the value. + This is not a security feature. The argument is optional. If + not present, then any process will load the module. + + + + + + Set to no if the module is not to be managed by + p11-kit. Making a module unmanaged is not recommended, and will cause + problems if multiple callers in a single process share a PKCS#11 module. + + This argument is optional and defaults to yes. + + + + + + The value should be an integer. When lists of modules are + returned to a caller of p11-kit, modules with a higher number are sorted + first. When applications search modules for certificates, keys and + trust policy information, this setting will affect what find + first. + This argument is optional, and defaults to zero. Modules + with the same option will be sorted + alphabetically. + + + + + + Instead of loading the PKCS#11 module locally, run the module + remotely. + Specify a command to run, prefixed with | a pipe. + The command must speak the p11-kit remoting protocol on its standard in + and standard out. For example: + +remote: |ssh user@remote p11-kit remote /path/to/module.so + + Other forms of remoting will appear in later p11-kit releases. + + + + + + Set to yes to use use this module as a source + of trust policy information such as certificate anchors and black lists. + + + + + + Set to yes to write a log to stderr of all the + calls into the module. This is only supported for managed modules. + + This argument is optional and defaults to no. + + + + + Do not specify both enable-in and disable-in + for the same module. + + Other fields may be present, but it is recommended that field names + that are not specified in this document start with a x- + prefix. + + + + Global Configuration + + A global configuration may also be present. This file contains settings + that are not related to a single PKCS#11 module. The location(s) of the + global configuration are described below. The global configuration file + can contain the following fields: + + + + + This will be equal to one of the following values: + none, merge, + only. + + + + + Set to yes or no to + force all modules to be managed or unmanaged by p11-kit. Setting this + setting in a global configuration file will override the + managed setting in the individual module configuration + files. Making modules unmanaged is not recommended, and will cause + problems if multiple callers in a single process share a PKCS#11 + module. + + This argument is optional. + + + + + + Set to yes to write a log to stderr of all the + calls into all configured modules. This is only supported for managed + modules. + + This argument is optional. + + + + + Other fields may be present, but it is recommended that field names + that are not specified in this document start with a x- + prefix. + + + + Configuration Files + + Each configured PKCS#11 module has its own config file. These + files are placed in a directory. In addition a global config file exists. + There is a system configuration consisting of the various module config + files and a file for global configuration. Optionally each user can provide + additional configuration or override the system configuration. + + The system global configuration file is usually in + &sysdir;/pkcs11.conf and the user global + configuration file is in &userdir;/pkcs11.conf in the + user's home directory. + + The module config files are usually located in the + &sysdir;/modules directory, with one configuration + file per module. In addition the &userdir;/modules directory + can be used for modules installed by the user. + + Note that user configuration files are not loaded from the home + directory if running inside a setuid or setgid program. + + The default system config file and module directory can be changed + when building p11-kit. Always + lookup these paths using + pkg-config. + + + + See also + + p11-kit8 + + Further details available in the p11-kit online documentation at + https://p11-glue.github.io/p11-glue/p11-kit/manual/. + + + + diff --git a/doc/manual/style.css b/doc/manual/style.css new file mode 100644 index 0000000..3d0f951 --- /dev/null +++ b/doc/manual/style.css @@ -0,0 +1,116 @@ +@import url("gtk-doc.css"); + +TABLE.navigation { + background-color: #f9b631 !important; + border-width: 0 !important; + color: white; + font-family: Georgia, "Times New Roman", Times, serif; + height: 4em !important; +} + +TABLE.navigation TH { + font-size: 30pt !important; + font-weight: normal; + text-align: left !important; + padding-left: 10pt; +} + +TABLE.navigation TH:first-child { + padding-left: 40pt; +} + +.shortcuts { + color: white !important; +} + +.shortcuts a { + color: white !important; + font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; +} + +P.title { + font-size: 30pt !important; +} + +BODY { + padding-top: 5.5em !important; +} + +DIV.book, +DIV.refentry, +DIV.chapter, +DIV.index, +DIV.footer, +DIV.section { + font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; + font-size: 9.5pt; + line-height: 150%; +} + +BODY > DIV.book, +BODY > DIV.footer { + margin-left: 1em; + margin-right: 1em; +} + +BODY > DIV.refentry, +BODY > DIV.chapter, +BODY > DIV.index, +BODY > DIV.section { + margin-left: 3em; + margin-right: 1em; +} + +DIV.variablelist TABLE { + font-size: 9.5pt; + line-height: 150%; +} + +DIV.refsect1, +DIV.refsect2, +DIV.refsynopsisdiv { + margin-bottom: 3em !important; +} + +H1 { + position: relative; + left: -1em; + font-weight: normal !important; +} + +H2 { + position: relative; + left: -1em; + font-weight: normal !important; +} + +H3 { + position: relative; + left: -1em; + font-weight: normal !important; +} + +CODE.option { + white-space: nowrap; +} + +DIV.toc DL { + margin-top: 0; + margin-bottom: 0; +} + +DIV.book > DIV.toc > DL > DT { + margin-top: 1em; +} + +DIV.toc DT { + margin-bottom: 0.3em; +} + +TABLE.variablelist SPAN.term { + padding-right: 1em; +} + +DIV.cmdsynopsis { + font-family: monospace; +} diff --git a/doc/manual/sysdir.xml.in b/doc/manual/sysdir.xml.in new file mode 100644 index 0000000..8310c65 --- /dev/null +++ b/doc/manual/sysdir.xml.in @@ -0,0 +1 @@ +@p11_system_config@ diff --git a/doc/manual/trust.xml b/doc/manual/trust.xml new file mode 100644 index 0000000..b9dc018 --- /dev/null +++ b/doc/manual/trust.xml @@ -0,0 +1,411 @@ + + + + + + + trust + p11-kit + + + Maintainer + Stef + Walter + stef@thewalter.net + + + + + + trust + 1 + User Commands + + + + trust + Tool for operating on the trust policy store + + + + + trust list + + + trust extract --filter=<what> + --format=<type> /path/to/destination + + + trust anchor /path/to/certificate.crt + + + trust dump + + + + + Description + trust is a command line tool to examine and + modify the shared trust policy store. + + See the various sub commands below. The following global options + can be used: + + + + + Run in verbose mode with debug + output. + + + + Run in quiet mode without warning or + failure messages. + + + + + + + List + + List trust policy store items. + + +$ trust list + + + List information about the various items in the trust policy store. + Each item is listed with it's PKCS#11 URI and some descriptive information. + + You can specify the following options to control what to list. + + + + + Specifies what certificates to extract. You can specify the following values: + + + + Certificate anchors + + + + Anchors and blacklist (default) + + + + Blacklisted certificates + + + + All certificates + + + + A PKCS#11 URI to filter with + + + + + If an output format is chosen that cannot support type what has been + specified by the filter, a message will be printed. + + None of the available formats support storage of blacklist entries + that do not contain a full certificate. Thus any certificates blacklisted by + their issuer and serial number alone, are not included in the extracted + blacklist. + + + + + Limit to certificates usable for the given purpose + You can specify one of the following values: + + + + For authenticating servers + + + + For authenticating clients + + + + For email protection + + + + For authenticated signed code + + + + An arbitrary purpose OID + + + + + + + + + Anchor + + Store or remove trust anchors. + + +$ trust anchor /path/to/certificate.crt +$ trust anchor --remove /path/to/certificate.crt +$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert" + + + Store or remove trust anchors in the trust policy store. These are + usually root certificate authorities. + + Specify either the or + operations. If no operation is specified then is + assumed. + + When storing, one or more certificate files are expected on the + command line. These are stored as anchors, unless they are already + present. + + When removing an anchor, either specify certificate files or + PKCS#11 URI's on the command line. Matching anchors will be removed. + + It may be that this command needs to be run as root in order to + modify the system trust policy store, if no user specific store is + available. + + You can specify the following options. + + + + + Remove one or more anchors from the trust + policy store. Specify certificate files or PKCS#11 URI's + on the command line. + + + + Store one or more anchors to the trust + policy store. Specify certificate files on the command + line. + + + + + + + Extract + + Extract trust policy from the shared trust policy store. + + +$ trust extract --format=x509-directory --filter=ca-anchors /path/to/directory + + + You can specify the following options to control what to extract. + The and arguments + should be specified. By default this command will not overwrite the + destination file or directory. + + + + + Add identifying comments to PEM bundle output files + before each certificate. + + + + + Specifies what certificates to extract. You can specify the following values: + + + + Certificate anchors (default) + + + + Anchors and blacklist + + + + Blacklisted certificates + + + + All certificates + + + + A PKCS#11 URI + + + + + If an output format is chosen that cannot support type what has been + specified by the filter, a message will be printed. + + None of the available formats support storage of blacklist entries + that do not contain a full certificate. Thus any certificates blacklisted by + their issuer and serial number alone, are not included in the extracted + blacklist. + + + + + The format of the destination file or directory. + You can specify one of the following values: + + + + DER X.509 certificate file + + + + directory of X.509 certificates + + + + File containing one or more certificate PEM blocks + + + + Directory of PEM files each containing one certificate + + + + Directory of PEM files each containing one certificate, with hash symlinks + + + + OpenSSL specific PEM bundle of certificates + + + + Directory of OpenSSL specific PEM files + + + + Java keystore 'cacerts' certificate bundle + + + + + + + Overwrite output file or directory. + + + + Limit to certificates usable for the given purpose + You can specify one of the following values: + + + + For authenticating servers + + + + For authenticating clients + + + + For email protection + + + + For authenticated signed code + + + + An arbitrary purpose OID + + + + + + + + + + Extract Compat + + Extract compatibility trust certificate bundles. + + +$ trust extract-compat + + + OpenSSL, Java and some versions of GnuTLS cannot currently read + trust information directly from the trust policy store. This command + extracts trust information such as certificate anchors for use by + these libraries. + + What this command does, and where it extracts the files is + distribution or site specific. Packagers or administrators are expected + customize this command. + + + + + Dump + + Dump PKCS#11 items in the various tokens. + + +$ trust dump + + + Dump information about the various PKCS#11 items in the tokens. + Each item is dumped with it's PKCS#11 URI and information in the .p11-kit + persistence format. + + You can specify the following options to control what to dump. + + + + + Specifies what certificates to extract. You can specify the following values: + + + + All objects. This is the default + + + + A PKCS#11 URI to filter with + + + + + + + + + + + Bugs + + Please send bug reports to either the distribution bug tracker + or the upstream bug tracker at + https://github.com/p11-glue/p11-kit/issues/. + + + + + See also + + p11-kit8 + + An explanatory document about storing trust policy: + https://p11-glue.github.io/p11-glue/doc/storing-trust-policy/ + + Further details available in the p11-kit online documentation at + https://p11-glue.github.io/p11-glue/p11-kit/manual/. + + + + diff --git a/doc/manual/userdir.xml.in b/doc/manual/userdir.xml.in new file mode 100644 index 0000000..4e9eea4 --- /dev/null +++ b/doc/manual/userdir.xml.in @@ -0,0 +1 @@ +@p11_user_config@ diff --git a/doc/manual/version.xml.in b/doc/manual/version.xml.in new file mode 100644 index 0000000..d78bda9 --- /dev/null +++ b/doc/manual/version.xml.in @@ -0,0 +1 @@ +@VERSION@ diff --git a/meson.build b/meson.build new file mode 100644 index 0000000..bea3e99 --- /dev/null +++ b/meson.build @@ -0,0 +1,394 @@ +project('p11-kit', 'c', + version: '0.23.21', + meson_version: '>= 0.49') + +version_arr = meson.project_version().split('.') +major_version = version_arr[0].to_int() +minor_version = version_arr[1].to_int() +micro_version = version_arr[2].to_int() + +cc = meson.get_compiler('c') + +current = 3 +revision = 0 +age = 3 + +soversion = current - age +library_version = '@0@.@1@.@2@'.format(soversion, age, revision) + +configinc = include_directories('.') +commoninc = include_directories('common') +p11kitinc = include_directories('p11-kit') +trustinc = include_directories('trust') + +add_project_arguments(['-D_GNU_SOURCE', '-DP11_KIT_FUTURE_UNSTABLE_API'], + language: 'c') + +conf = configuration_data() + +conf.set('PACKAGE_MAJOR', major_version) +conf.set('PACKAGE_MINOR', minor_version) + +host_system = host_machine.system() +conf.set(host_system == 'windows' ? 'OS_WIN32' : 'OS_UNIX', 1) + +if host_system == 'windows' + shlext = '.dll' + exeext = '.exe' +else + shlext = '.so' + exeext = '' +endif + +conf.set_quoted('SHLEXT', shlext) +conf.set_quoted('EXEEXT', exeext) + +if host_machine.endian() == 'big' + conf.set('WORDS_BIGENDIAN', 1) +endif + +if get_option('debug') + conf.set('WITH_DEBUG', 1) + conf.set('_DEBUG', 1) +endif + +conf.set10('WITH_STRICT', get_option('strict')) + +prefix = get_option('prefix') +datadir = get_option('datadir') +bindir = get_option('bindir') +libdir = get_option('libdir') +libexecdir = get_option('libexecdir') +sysconfdir = get_option('sysconfdir') +mandir = get_option('mandir') +pkgdatadir = datadir / meson.project_name() +privatedir = libexecdir / meson.project_name() + +common_c_args = [ + '-DBINDIR="@0@"'.format(prefix / bindir), + '-DPRIVATEDIR="@0@"'.format(prefix / privatedir), + '-DSYSCONFDIR="@0@"'.format(prefix / sysconfdir) +] + +top_source_dir = meson.current_source_dir() +top_build_dir = meson.current_build_dir() + +tests_c_args = [ + '-DSRCDIR="@0@"'.format(top_source_dir), + '-DBUILDDIR="@0@"'.format(top_build_dir) +] + +conf.set('SIZEOF_UNSIGNED_LONG', cc.sizeof('unsigned long')) + +nanosleep_deps = [] +dlopen_deps = [] +socket_deps = [] +thread_deps = [] + +if host_system != 'windows' + thread_deps += dependency('threads') + if not cc.has_function('pthread_create', dependencies: thread_deps) + error('could not find pthread_create') + endif + + if not cc.has_function('nanosleep') + librt = cc.find_library('rt', required: false) + if cc.has_function('nanosleep', dependencies: librt) + nanosleep_deps += librt + else + error('could not find nanosleep') + endif + endif + + if not cc.has_function('dlopen') + libdl = cc.find_library('dl', required: false) + if cc.has_function('dlopen', dependencies: libdl) + dlopen_deps += libdl + else + error('could not find dlopen') + endif + endif + + # for Solaris we need -lsocket -lnsl for socket stuff, gethostbyname + # is just a dummy to find -lnsl + libnsl = cc.find_library('nsl', required: false) + if libnsl.found() + if cc.has_function('gethostbyname', dependencies: libnsl) + socket_deps += libnsl + endif + + libsocket = cc.find_library('socket', required: false) + if libsocket.found() + if cc.has_function('connect', dependencies: [libsocket, libnsl]) + socket_deps += libsocket + else + error('could not find socket') + endif + endif + endif + + if cc.has_header('locale.h') + conf.set('HAVE_LOCALE_H', 1) + if cc.has_type('locale_t', prefix: '#include ') + conf.set('HAVE_LOCALE_T', 1) + if cc.has_function('newlocale', prefix: '#include ') + conf.set('HAVE_NEWLOCALE', 1) + endif + if cc.has_function('strerror_l', prefix: '#include ') + conf.set('HAVE_STRERROR_L', 1) + endif + endif + endif + + # These are things we can work around + headers = [ + 'sys/resource.h', + 'ucred.h' + ] + + foreach h : headers + if cc.has_header(h) + conf.set('HAVE_' + h.underscorify().to_upper(), 1) + endif + endforeach + + functions = [ + 'fdwalk', + 'getauxval', + 'getexecname', + 'getpeereid', + 'getpeerucred', + 'getprogname', + 'getresuid', + 'issetugid', + 'mkdtemp', + 'mkstemp', + 'secure_getenv', + 'strndup' + ] + + foreach f : functions + if cc.has_function(f) + conf.set('HAVE_' + f.underscorify().to_upper(), 1) + endif + endforeach + + if cc.has_member('struct dirent', 'd_type', prefix: '#include ') + conf.set('HAVE_STRUCT_DIRENT_D_TYPE', 1) + endif + + tls_test_code_template = ''' +#include +int main (void) { +static @0@ foo; +return 0; +} +''' + foreach keyword : ['_Thread_local', '__thread'] + if cc.compiles(tls_test_code_template.format(keyword), + name: 'thread-local storage class') + conf.set('P11_TLS_KEYWORD', keyword) + break + endif + endforeach + + if cc.has_function('gmtime_r') + conf.set('HAVE_GMTIME_R', 1) + else + error('could not find required gmtime_r() function') + endif + + # Check if these are declared and/or available to link against + program_invocation_short_name_test_code = ''' +#define _GNU_SOURCE +#include +int main (void) { program_invocation_short_name = "test"; } +''' + if cc.links(program_invocation_short_name_test_code, + name: 'program_invocation_short_name_test_code') + conf.set('HAVE_PROGRAM_INVOCATION_SHORT_NAME', 1) + else + __progname_test_code = ''' +extern char *__progname; +int main (void) { __progname = (char*)0; return 0; } +''' + if cc.links(__progname_test_code, name: '__progname') + conf.set('HAVE___PROGNAME', 1) + endif + endif + + __libc_enable_secure_test_code = ''' +extern int __libc_enable_secure; +int main (void) { __libc_enable_secure = 0; return 0; } +''' + if cc.links(__libc_enable_secure_test_code, name: '__libc_enable_secure') + conf.set('HAVE___LIBC_ENABLE_SECURE', 1) + endif + + vsock_availability_test_code = ''' +#include +#include +struct sockaddr_vm sa = { .svm_family = AF_VSOCK, .svm_cid = VMADDR_CID_ANY }; +''' + if cc.compiles(vsock_availability_test_code, name: 'vsock_test') + conf.set('HAVE_VSOCK', 1) + endif + + foreach h : ['sys/types.h', 'signal.h'] + foreach t : ['sighandler_t', 'sig_t', '__sighandler_t'] + if cc.has_type(t, prefix: '#include <@0@>'.format(h)) + define = 'HAVE_' + t.underscorify().to_upper() + conf.set(define, 1) + endif + endforeach + endforeach +endif + +headers = [ + 'stdbool.h', +] + +foreach h : headers + if cc.has_header(h) + conf.set('HAVE_' + h.underscorify().to_upper(), 1) + endif +endforeach + +functions = [ + 'asprintf', + 'basename', + 'memdup', + 'reallocarray', + 'secure_getenv', + 'setenv', + 'strerror_r', + 'strnstr', + 'vasprintf' +] + +foreach f : functions + if cc.has_function(f) + conf.set('HAVE_' + f.underscorify().to_upper(), 1) + endif +endforeach + +conf.set10('HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME', + cc.has_header_symbol('errno.h', + 'program_invocation_short_name', + prefix: '#define _GNU_SOURCE')) + +conf.set10('HAVE_DECL_ASPRINTF', + cc.has_header_symbol('stdio.h', 'asprintf', + prefix: '#define _GNU_SOURCE')) + +conf.set10('HAVE_DECL_VASPRINTF', + cc.has_header_symbol('stdio.h', 'vasprintf', + prefix: '#define _GNU_SOURCE')) + +conf.set10('HAVE_DECL_REALLOCARRAY', + cc.has_header_symbol('stdlib.h', 'reallocarray')) + +# -------------------------------------------------------------------- +# libffi + +libffi_deps = [] +libffi = dependency('libffi', version: '>= 3.0.0', required: get_option('libffi')) +if libffi.found() + conf.set('WITH_FFI', 1) + libffi_deps += libffi +endif + +closures = get_option('closures') +if closures < 1 + error('at least one closure must be compiled in') +endif + +conf.set('P11_VIRTUAL_MAX_FIXED', closures) + +# ------------------------------------------------------------------------------ +# PKCS#11 Directories + +p11_package_config_modules = get_option('module_config') +if p11_package_config_modules == '' + p11_package_config_modules = pkgdatadir / 'modules' +endif + +p11_system_config = get_option('system_config') +if p11_system_config == '' + p11_system_config = sysconfdir / 'pkcs11' +endif + +p11_user_config = get_option('user_config') +p11_module_path = get_option('module_path') +if p11_module_path == '' + p11_module_path = libdir / 'pkcs11' +endif + +p11_system_config_file = p11_system_config / 'pkcs11.conf' +p11_system_config_modules = p11_system_config / 'modules' +p11_user_config_file = p11_user_config / 'pkcs11.conf' +p11_user_config_modules = p11_user_config / 'modules' + +# -------------------------------------------------------------------- +# Hash implementation + +hash_impl = get_option('hash_impl') +if hash_impl == 'freebl' + libfreebl3 = cc.find_library('freebl3', required: false) + if libfreebl3.found() and cc.has_function('NSSLOW_Init', + dependencies: libfreebl3) + conf.set('WITH_FREEBL', 1) + else + error('could not find the freebl3 library') + endif +endif + +# -------------------------------------------------------------------- +# Trust Module + +with_trust_module = false +libtasn1_deps = [] +libtasn1 = dependency('libtasn1', version: '>= 2.3', + required: get_option('trust_module')) +if libtasn1.found() + asn1Parser = find_program('asn1Parser', required: get_option('trust_module')) + if asn1Parser.found() + conf.set('WITH_ASN1', 1) + libtasn1_deps += libtasn1 + with_trust_module = true + endif +endif + +trust_paths = get_option('trust_paths') +conf.set_quoted('TRUST_PATHS', trust_paths) + +# -------------------------------------------------------------------- +# systemd + +with_systemd = false +libsystemd_deps = [] +libsystemd = dependency('libsystemd', required: get_option('systemd')) +systemd = dependency('systemd', required: get_option('systemd')) +if libsystemd.found() and systemd.found() + systemduserunitdir = systemd.get_pkgconfig_variable('systemduserunitdir') + conf.set('WITH_SYSTEMD', 1) + libsystemd_deps += libsystemd + with_systemd = true +endif + +configure_file(output: 'config.h', configuration: conf) + +gnome = import('gnome') +i18n = import('i18n') +pkg = import('pkgconfig') + +subdir('common') +subdir('p11-kit') +if with_trust_module + subdir('trust') +endif +subdir('doc/manual') +if get_option('nls') + subdir('po') +endif +subdir('bash-completion') diff --git a/meson_options.txt b/meson_options.txt new file mode 100644 index 0000000..9c3a7dc --- /dev/null +++ b/meson_options.txt @@ -0,0 +1,63 @@ +option('hash_impl', type : 'combo', + value : 'internal', choices : ['internal', 'freebl'], + description : 'Hash implementation to use') + +option('module_config', type : 'string', + value : '', + description : 'Module configuration files shipped by packages') + +option('system_config', type : 'string', + value : '', + description : 'Change PKCS#11 system config directory') + +option('user_config', type : 'string', + value : '~/.config/pkcs11', + description : 'Change PKCS#11 user config directory') + +option('module_path', type : 'string', + value : '', + description : 'Load modules with relative path names from here') + +option('libffi', type : 'feature', + value : 'auto', + description : 'Use libffi for building closures') + +option('closures', type : 'integer', + value : 64, + description : 'The number of precompiled closures, used when libffi is unavailable') + +option('trust_module', type : 'feature', + value : 'auto', + description : 'Build the trust module') + +option('trust_paths', type : 'string', + value : '', + description : 'Input paths for trust module') + +option('strict', type : 'boolean', + value : false, + description : 'Strict code compilation') + +option('systemd', type : 'feature', + value : 'auto', + description : 'Use systemd socket activation') + +option('bash_completion', type : 'feature', + value : 'auto', + description : 'Install bash completion files') + +option('gtk_doc', type : 'boolean', + value : false, + description : 'Build documentation using gtk-doc') + +option('man', type : 'boolean', + value : false, + description : 'Build manpages using xsltproc') + +option('nls', type : 'boolean', + value : true, + description : 'Enable NLS support') + +option('test', type : 'boolean', + value : true, + description : 'Enable building test programs') diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am new file mode 100644 index 0000000..e0cf65e --- /dev/null +++ b/p11-kit/Makefile.am @@ -0,0 +1,488 @@ + +inc_HEADERS += \ + p11-kit/deprecated.h \ + p11-kit/iter.h \ + p11-kit/p11-kit.h \ + p11-kit/pin.h \ + p11-kit/remote.h \ + p11-kit/uri.h \ + $(NULL) + +COMMON_SRCS = \ + p11-kit/util.c \ + p11-kit/conf.c p11-kit/conf.h \ + p11-kit/iter.c \ + p11-kit/log.c p11-kit/log.h \ + p11-kit/filter.c p11-kit/filter.h \ + p11-kit/modules.c p11-kit/modules.h \ + p11-kit/pkcs11.h \ + p11-kit/pin.c \ + p11-kit/pkcs11.h \ + p11-kit/private.h \ + p11-kit/messages.c \ + p11-kit/rpc-transport.c p11-kit/rpc.h \ + p11-kit/rpc-message.c p11-kit/rpc-message.h \ + p11-kit/rpc-client.c \ + p11-kit/uri.c \ + p11-kit/virtual.c p11-kit/virtual.h \ + p11-kit/virtual-fixed.h \ + $(inc_HEADERS) + +BUILT_SOURCES += \ + p11-kit/virtual-fixed-generated.h \ + $(NULL) + +CLEANFILES += \ + p11-kit/virtual-fixed-generated.h \ + $(NULL) + +p11-kit/virtual-fixed-generated.h: Makefile + $(AM_V_GEN)rm -f $@-t $@ && \ + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + echo; \ + counter=0; \ + while test $$counter -lt $(closures); do \ + echo "P11_VIRTUAL_FIXED_FUNCTIONS($$counter)"; \ + counter=`expr $$counter + 1`; \ + done; \ + echo; \ + echo "CK_FUNCTION_LIST p11_virtual_fixed[P11_VIRTUAL_MAX_FIXED] = {"; \ + counter=0; \ + while test $$counter -lt $(closures); do \ + echo " P11_VIRTUAL_FIXED_INITIALIZER($$counter),"; \ + counter=`expr $$counter + 1`; \ + done; \ + echo '};'; \ + echo; \ + counter=0; \ + while test $$counter -lt $(closures); do \ + echo "P11_VIRTUAL_FIXED_GET_FUNCTION_LIST($$counter)"; \ + counter=`expr $$counter + 1`; \ + done; \ + } > $@-t && \ + mv -f $@-t $@ + +lib_LTLIBRARIES += \ + libp11-kit.la + +COMMON_CFLAGS = \ + -DP11_SYSTEM_CONFIG_FILE=\""$(p11_system_config_file)"\" \ + -DP11_SYSTEM_CONFIG_MODULES=\""$(p11_system_config_modules)"\" \ + -DP11_PACKAGE_CONFIG_MODULES=\""$(p11_package_config_modules)"\" \ + -DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \ + -DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \ + -DP11_MODULE_PATH=\""$(p11_module_path)"\" \ + $(LIBFFI_CFLAGS) \ + $(NULL) + +COMMON_LIBS = \ + libp11-common.la \ + libp11-library.la \ + $(LIBFFI_LIBS) \ + $(LTLIBINTL) \ + $(NULL) + +libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) + +libp11_kit_la_LDFLAGS = \ + -no-undefined \ + -version-info $(P11KIT_LT_RELEASE) + +if HAVE_LD_VERSION_SCRIPT +libp11_kit_la_LDFLAGS += -Wl,--version-script=$(srcdir)/p11-kit/libp11-kit.map +else +libp11_kit_la_LDFLAGS += -export-symbols-regex '^C_GetFunctionList|^p11_kit_' +endif + +libp11_kit_la_SOURCES = \ + p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c \ + p11-kit/rpc-server.c \ + $(NULL) + +libp11_kit_la_LIBADD = \ + libp11-kit-internal.la \ + $(COMMON_LIBS) \ + $(NULL) + +noinst_LTLIBRARIES += \ + libp11-kit-internal.la \ + $(NULL) + +check_LTLIBRARIES += \ + libp11-kit-testable.la \ + libp11-kit-pkcs11-gnu.la \ + $(NULL) + +libp11_kit_internal_la_LDFLAGS = -no-undefined +libp11_kit_internal_la_CFLAGS = $(COMMON_CFLAGS) +libp11_kit_internal_la_SOURCES = $(COMMON_SRCS) + +libp11_kit_testable_la_LDFLAGS = -no-undefined +libp11_kit_testable_la_SOURCES = \ + $(libp11_kit_internal_la_SOURCES) \ + $(libp11_kit_la_SOURCES) \ + $(NULL) +libp11_kit_testable_la_LIBADD = $(COMMON_LIBS) + +pkcs11_gnu_sources = \ + p11-kit/uri.gnu.c \ + p11-kit/iter.gnu.c \ + p11-kit/pin.gnu.c \ + $(NULL) + +BUILT_SOURCES += $(pkcs11_gnu_sources) +CLEANFILES += $(pkcs11_gnu_sources) + +p11-kit/uri.gnu.c: p11-kit/uri.h +p11-kit/iter.gnu.c: p11-kit/iter.h +p11-kit/pin.gnu.c: p11-kit/pin.h + +SUFFIXES += .h .gnu.c +.h.gnu.c: + $(AM_V_GEN) src=$<; dst=$@; rm -f $@-t $@ && \ + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + echo; \ + echo '#include '; \ + echo '#include "p11-kit/p11-kit.h"'; \ + cat $$src; \ + echo "void *$${dst}_funcs[] = {" | sed 's/[^][ *a-z0-9_={]/_/g'; \ + sed -n -e '/^typedef/d' -e 's/.* \(p11_kit_[^ ]*\) *(.*/ \1,/p' $<; \ + echo '};'; \ + } > $@-t && \ + mv -f $@-t $@ + +libp11_kit_pkcs11_gnu_la_LDFLAGS = -no-undefined +libp11_kit_pkcs11_gnu_la_SOURCES = $(pkcs11_gnu_sources) +libp11_kit_pkcs11_gnu_la_CFLAGS = -DCRYPTOKI_GNU=1 -DP11_KIT_FUTURE_UNSTABLE_API=1 + +if OS_WIN32 + +libp11_kit_testable_la_CFLAGS = \ + -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ + -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules/win32"\" \ + -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules/win32"\" \ + -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ + -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules/win32"\" \ + -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ + $(LIBFFI_CFLAGS) \ + $(NULL) + +else + +libp11_kit_testable_la_CFLAGS = \ + -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \ + -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules"\" \ + -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules"\" \ + -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \ + -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules"\" \ + -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \ + $(LIBFFI_CFLAGS) \ + $(NULL) + +# Proxy module is actually same as library, so install a link +install-exec-hook: + for i in so dylib; do \ + test -f $(DESTDIR)$(libdir)/libp11-kit.$$i && \ + $(LN_S) -f `readlink $(DESTDIR)$(libdir)/libp11-kit.$$i` $(DESTDIR)$(libdir)/p11-kit-proxy.$$i || true; \ + done + $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules) + +uninstall-local: + for i in so dylib; do \ + rm -f $(DESTDIR)$(libdir)/p11-kit-proxy.$$i; \ + done + +endif + +if !OS_WIN32 +module_LTLIBRARIES += \ + p11-kit-client.la + +p11_kit_client_la_LDFLAGS = \ + -no-undefined -module -avoid-version \ + -version-info $(P11KIT_LT_RELEASE) \ + -export-symbols-regex '^C_GetFunctionList' \ + $(NULL) + +p11_kit_client_la_CFLAGS = $(COMMON_CFLAGS) + +p11_kit_client_la_SOURCES = \ + p11-kit/client.c p11-kit/client.h p11-kit/client-init.c \ + $(NULL) + +p11_kit_client_la_LIBADD = $(libp11_kit_la_LIBADD) +endif + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = p11-kit/p11-kit-1.pc + +exampledir = $(p11_system_config) +example_DATA = p11-kit/pkcs11.conf.example + +EXTRA_DIST += \ + p11-kit/docs.h \ + p11-kit/gen-pkcs11-gnu.sh \ + p11-kit/gen-virtual-fixed.sh \ + p11-kit/meson.build \ + p11-kit/meson_post_install.sh \ + p11-kit/libp11-kit.map \ + p11-kit/libp11-kit-0.dll.def \ + p11-kit/p11-module.map \ + p11-kit/p11-module.def \ + p11-kit/pkcs11-gnu.c \ + $(NULL) + +bin_PROGRAMS += p11-kit/p11-kit + +p11_kit_p11_kit_SOURCES = \ + p11-kit/lists.c \ + p11-kit/p11-kit.c \ + $(NULL) + +p11_kit_p11_kit_LDADD = \ + libp11-kit.la \ + libp11-tool.la \ + libp11-common.la \ + $(LTLIBINTL) \ + $(NULL) + +if WITH_BASH_COMPLETION +bashcomp_DATA += bash-completion/p11-kit +endif + +private_PROGRAMS += p11-kit/p11-kit-remote + +p11_kit_p11_kit_remote_SOURCES = \ + p11-kit/remote.c \ + $(NULL) + +p11_kit_p11_kit_remote_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit.la \ + $(NULL) + +check_PROGRAMS += p11-kit/p11-kit-remote-testable +p11_kit_p11_kit_remote_testable_SOURCES = $(p11_kit_p11_kit_remote_SOURCES) + +p11_kit_p11_kit_remote_testable_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit-testable.la \ + $(NULL) + +private_PROGRAMS += p11-kit/p11-kit-server + +p11_kit_p11_kit_server_SOURCES = \ + p11-kit/server.c \ + $(NULL) + +p11_kit_p11_kit_server_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit.la \ + $(LIBSYSTEMD_LIBS) \ + $(NULL) + +p11_kit_p11_kit_server_CFLAGS = \ + -DP11_KIT_REMOTE=\"p11-kit-remote\" \ + $(COMMON_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS) \ + $(NULL) + +check_PROGRAMS += p11-kit/p11-kit-server-testable +p11_kit_p11_kit_server_testable_SOURCES = $(p11_kit_p11_kit_server_SOURCES) + +p11_kit_p11_kit_server_testable_LDADD = \ + libp11-tool.la \ + libp11-common.la \ + libp11-kit-testable.la \ + $(LIBSYSTEMD_LIBS) \ + $(NULL) + +p11_kit_p11_kit_server_testable_CFLAGS = \ + -DP11_KIT_REMOTE=\"p11-kit-remote-testable\" \ + $(COMMON_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS) \ + $(NULL) + +if WITH_SYSTEMD +p11-kit/p11-kit-server.service: p11-kit/p11-kit-server.service.in + $(AM_V_GEN)rm -f $@-t $@ && \ + sed 's|@bindir[@]|$(bindir)|g' $< > $@-t && \ + mv -f $@-t $@ + +CLEANFILES += p11-kit/p11-kit-server.service + +systemduserunit_DATA = \ + p11-kit/p11-kit-server.socket \ + p11-kit/p11-kit-server.service \ + $(NULL) +endif + +EXTRA_DIST += p11-kit/p11-kit-server.socket p11-kit/p11-kit-server.service.in + +# Tests ---------------------------------------------------------------- + +p11_kit_LIBS = \ + libp11-kit-testable.la \ + libp11-test.la \ + libp11-common.la \ + $(LTLIBINTL) + +c_tests += \ + test-progname \ + test-util \ + test-conf \ + test-uri \ + test-pin \ + test-init \ + test-modules \ + test-deprecated \ + test-proxy \ + test-iter \ + test-rpc \ + $(NULL) + +if !OS_WIN32 +c_tests += test-server +sh_tests += p11-kit/test-server.sh +endif + +test_conf_SOURCES = p11-kit/test-conf.c +test_conf_LDADD = $(p11_kit_LIBS) + +test_deprecated_SOURCES = p11-kit/test-deprecated.c +test_deprecated_LDADD = $(p11_kit_LIBS) +test_deprecated_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) + +test_init_SOURCES = p11-kit/test-init.c +test_init_LDADD = $(p11_kit_LIBS) +test_init_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) + +test_iter_SOURCES = p11-kit/test-iter.c +test_iter_LDADD = $(p11_kit_LIBS) + +test_modules_SOURCES = p11-kit/test-modules.c +test_modules_LDADD = $(p11_kit_LIBS) + +test_pin_SOURCES = p11-kit/test-pin.c +test_pin_LDADD = $(p11_kit_LIBS) + +test_progname_SOURCES = p11-kit/test-progname.c +test_progname_LDADD = $(p11_kit_LIBS) + +test_proxy_SOURCES = p11-kit/test-proxy.c +test_proxy_LDADD = $(p11_kit_LIBS) + +test_rpc_SOURCES = p11-kit/test-rpc.c +test_rpc_LDADD = $(p11_kit_LIBS) + +test_server_SOURCES = p11-kit/test-server.c +test_server_LDADD = $(p11_kit_LIBS) +test_server_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) + +test_uri_SOURCES = p11-kit/test-uri.c +test_uri_LDADD = $(p11_kit_LIBS) + +test_util_SOURCES = p11-kit/test-util.c +test_util_LDADD = $(p11_kit_LIBS) + +check_PROGRAMS += \ + p11-kit/print-messages \ + p11-kit/frob-setuid + +p11_kit_print_messages_SOURCES = p11-kit/print-messages.c +p11_kit_print_messages_LDADD = $(p11_kit_LIBS) + +sh_tests += p11-kit/test-messages.sh + +p11_kit_frob_setuid_SOURCES = p11-kit/frob-setuid.c +p11_kit_frob_setuid_LDADD = $(p11_kit_LIBS) + +c_tests += \ + test-virtual \ + test-managed \ + test-log \ + test-filter \ + test-transport \ + $(NULL) + +test_log_SOURCES = p11-kit/test-log.c +test_log_LDADD = $(p11_kit_LIBS) + +test_filter_SOURCES = p11-kit/test-filter.c +test_filter_LDADD = $(p11_kit_LIBS) + +test_managed_SOURCES = p11-kit/test-managed.c +test_managed_LDADD = $(p11_kit_LIBS) + +test_transport_SOURCES = p11-kit/test-transport.c +test_transport_LDADD = $(p11_kit_LIBS) +test_transport_CFLAGS = $(AM_CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) + +test_virtual_SOURCES = p11-kit/test-virtual.c +test_virtual_LDADD = $(p11_kit_LIBS) + +check_LTLIBRARIES += \ + mock-one.la \ + mock-two.la \ + mock-three.la \ + mock-four.la \ + mock-five.la \ + mock-seven.la \ + mock-eight.la \ + mock-nine.la \ + mock-ten.la + +mock_one_la_SOURCES = p11-kit/mock-module-ep.c +mock_one_la_LIBADD = libp11-test.la libp11-common.la +mock_one_la_LDFLAGS = \ + -module -avoid-version -rpath /nowhere \ + -no-undefined -export-symbols-regex 'C_GetFunctionList' + +mock_two_la_SOURCES = p11-kit/mock-module-ep2.c +mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_two_la_LIBADD = $(mock_one_la_LIBADD) + +mock_three_la_SOURCES = $(mock_one_la_SOURCES) +mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_three_la_LIBADD = $(mock_one_la_LIBADD) + +mock_four_la_SOURCES = $(mock_one_la_SOURCES) +mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_four_la_LIBADD = $(mock_one_la_LIBADD) + +mock_five_la_SOURCES = p11-kit/mock-module-ep3.c +mock_five_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_five_la_LIBADD = $(mock_one_la_LIBADD) + +if !OS_WIN32 +check_LTLIBRARIES += mock-six.la +mock_six_la_SOURCES = p11-kit/mock-module-ep4.c +mock_six_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_six_la_LIBADD = $(mock_one_la_LIBADD) +endif + +mock_seven_la_SOURCES = p11-kit/mock-module-ep5.c +mock_seven_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_seven_la_LIBADD = $(mock_one_la_LIBADD) + +mock_eight_la_SOURCES = p11-kit/mock-module-ep6.c +mock_eight_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_eight_la_LIBADD = $(mock_one_la_LIBADD) + +mock_nine_la_SOURCES = p11-kit/mock-module-ep7.c +mock_nine_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_nine_la_LIBADD = $(mock_one_la_LIBADD) + +mock_ten_la_SOURCES = p11-kit/mock-module-ep8.c +mock_ten_la_LDFLAGS = $(mock_one_la_LDFLAGS) +mock_ten_la_LIBADD = $(mock_one_la_LIBADD) + +EXTRA_DIST += \ + p11-kit/fixtures \ + p11-kit/test-mock.c \ + p11-kit/test-messages.sh \ + p11-kit/test-server.sh \ + $(NULL) diff --git a/p11-kit/client-init.c b/p11-kit/client-init.c new file mode 100644 index 0000000..04d323b --- /dev/null +++ b/p11-kit/client-init.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * Copyright (c) 2012 Stef Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "client.h" +#include "pkcs11.h" + +/* p11_proxy_module_check() is defined as a weak symbol in modules.c */ +#ifndef __GNUC__ +bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module); + +bool +p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) +{ + return false; +} +#endif + +#define INIT _p11_kit_init +#define FINI _p11_kit_fini +#define CLEANUP p11_client_module_cleanup () +#include "init.h" diff --git a/p11-kit/client.c b/p11-kit/client.c new file mode 100644 index 0000000..f6878cb --- /dev/null +++ b/p11-kit/client.c @@ -0,0 +1,169 @@ +/* + * Copyright (C) 2016 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" + +#include "client.h" +#include "compat.h" +#include "library.h" +#include "runtime.h" +#include "path.h" +#include "rpc.h" + +#include +#include +#include +#include + +typedef struct _State { + p11_virtual virt; + p11_rpc_transport *rpc; + CK_FUNCTION_LIST *wrapped; + struct _State *next; +} State; + +static State *all_instances = NULL; +static CK_RV +get_server_address (char **addressp) +{ + const char *envvar; + char *path; + char *encoded; + char *address; + char *directory; + int ret; + CK_RV rv; + + envvar = secure_getenv ("P11_KIT_SERVER_ADDRESS"); + if (envvar != NULL && envvar[0] != '\0') { + address = strdup (envvar); + if (!address) + return CKR_HOST_MEMORY; + *addressp = address; + return CKR_OK; + } + + rv = p11_get_runtime_directory (&directory); + if (rv != CKR_OK) + return rv; + + ret = asprintf (&path, "%s/p11-kit/pkcs11", directory); + free (directory); + if (ret < 0) + return CKR_HOST_MEMORY; + + encoded = p11_path_encode (path); + free (path); + if (!encoded) + return CKR_HOST_MEMORY; + + ret = asprintf (&address, "unix:path=%s", encoded); + free (encoded); + if (ret < 0) + return CKR_HOST_MEMORY; + + *addressp = address; + return CKR_OK; +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + char *address = NULL; + State *state; + CK_FUNCTION_LIST_PTR module = NULL; + CK_RV rv = CKR_OK; + + p11_library_init_once (); + p11_lock (); + + rv = get_server_address (&address); + + if (rv == CKR_OK) { + state = calloc (1, sizeof (State)); + if (!state) + rv = CKR_HOST_MEMORY; + } + + if (rv == CKR_OK) { + state->rpc = p11_rpc_transport_new (&state->virt, + address, + "client"); + if (!state->rpc) { + free (state); + rv = CKR_GENERAL_ERROR; + } + } + + if (rv == CKR_OK) { + module = p11_virtual_wrap (&state->virt, (p11_destroyer)p11_virtual_uninit); + if (!module) { + p11_rpc_transport_free (state->rpc); + free (state); + rv = CKR_GENERAL_ERROR; + } + } + + if (rv == CKR_OK) { + *list = module; + state->wrapped = module; + state->next = all_instances; + all_instances = state; + } + + p11_unlock (); + + free (address); + + return rv; +} + +void +p11_client_module_cleanup (void) +{ + State *state, *next; + + state = all_instances; + all_instances = NULL; + + for (; state != NULL; state = next) { + next = state->next; + p11_rpc_transport_free (state->rpc); + p11_virtual_unwrap (state->wrapped); + free (state); + } +} diff --git a/p11-kit/client.h b/p11-kit/client.h new file mode 100644 index 0000000..65e88dc --- /dev/null +++ b/p11-kit/client.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_CLIENT_H__ +#define __P11_CLIENT_H__ + +void p11_client_module_cleanup (void); + + +#endif /* __P11_CLIENT_H__ */ diff --git a/p11-kit/conf.c b/p11-kit/conf.c new file mode 100644 index 0000000..7b9bacd --- /dev/null +++ b/p11-kit/conf.c @@ -0,0 +1,522 @@ +/* + * Copyright (c) 2005 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "conf.h" +#define P11_DEBUG_FLAG P11_DEBUG_CONF +#include "debug.h" +#include "lexer.h" +#include "message.h" +#include "path.h" +#include "private.h" + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +/* For testing, when the tests assuming user config are run as root. */ +bool p11_conf_force_user_config = false; + +static int +strequal (const char *one, const char *two) +{ + return strcmp (one, two) == 0; +} + +/* ----------------------------------------------------------------------------- + * CONFIG PARSER + */ + +bool +_p11_conf_merge_defaults (p11_dict *map, + p11_dict *defaults) +{ + p11_dictiter iter; + void *key; + void *value; + + p11_dict_iterate (defaults, &iter); + while (p11_dict_next (&iter, &key, &value)) { + /* Only override if not set */ + if (p11_dict_get (map, key)) + continue; + key = strdup (key); + return_val_if_fail (key != NULL, false); + value = strdup (value); + return_val_if_fail (key != NULL, false); + if (!p11_dict_set (map, key, value)) + return_val_if_reached (false); + } + + return true; +} + +p11_dict * +_p11_conf_parse_file (const char* filename, + struct stat *sb, + int flags) +{ + p11_dict *map = NULL; + void *data; + p11_lexer lexer; + bool failed = false; + size_t length; + p11_mmap *mmap; + int error; + + assert (filename); + + p11_debug ("reading config file: %s", filename); + + mmap = p11_mmap_open (filename, sb, &data, &length); + if (mmap == NULL) { + error = errno; + if ((flags & CONF_IGNORE_MISSING) && + (error == ENOENT || error == ENOTDIR)) { + p11_debug ("config file does not exist"); + + } else if ((flags & CONF_IGNORE_ACCESS_DENIED) && + (error == EPERM || error == EACCES)) { + p11_debug ("config file is inaccessible"); + + } else { + p11_message_err (error, "couldn't open config file: %s", filename); + errno = error; + return NULL; + } + } + + map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); + return_val_if_fail (map != NULL, NULL); + + /* Empty config fall through above */ + if (mmap == NULL) + return map; + + p11_lexer_init (&lexer, filename, data, length); + while (p11_lexer_next (&lexer, &failed)) { + switch (lexer.tok_type) { + case TOK_FIELD: + p11_debug ("config value: %s: %s", lexer.tok.field.name, + lexer.tok.field.value); + if (!p11_dict_set (map, lexer.tok.field.name, lexer.tok.field.value)) + return_val_if_reached (NULL); + lexer.tok.field.name = NULL; + lexer.tok.field.value = NULL; + break; + case TOK_PEM: + p11_message ("%s: unexpected pem block", filename); + failed = true; + break; + case TOK_SECTION: + p11_message ("%s: unexpected section header", filename); + failed = true; + break; + case TOK_EOF: + assert_not_reached (); + break; + } + + if (failed) + break; + } + + p11_lexer_done (&lexer); + p11_mmap_close (mmap); + + if (failed) { + p11_dict_free (map); + map = NULL; + errno = EINVAL; + } + + return map; +} + +static int +user_config_mode (p11_dict *config, + int defmode) +{ + const char *mode; + + /* Whether we should use or override from user directory */ + mode = p11_dict_get (config, "user-config"); + if (mode == NULL) { + return defmode; + } else if (strequal (mode, "none")) { + return CONF_USER_NONE; + } else if (strequal (mode, "merge")) { + return CONF_USER_MERGE; + } else if (strequal (mode, "only")) { + return CONF_USER_ONLY; + } else if (strequal (mode, "override")) { + return CONF_USER_ONLY; + } else { + p11_message ("invalid mode for 'user-config': %s", mode); + return CONF_USER_INVALID; + } +} + +p11_dict * +_p11_conf_load_globals (const char *system_conf, const char *user_conf, + int *user_mode) +{ + p11_dict *config = NULL; + p11_dict *uconfig = NULL; + p11_dict *result = NULL; + char *path = NULL; + int error = 0; + int flags; + int mode; + + /* + * This loads the system and user configs. This depends on the user-config + * value in both the system and user configs. A bit more complex than + * you might imagine, since user-config can be set to 'none' in the + * user configuration, essentially turning itself off. + */ + + /* Load the main configuration */ + config = _p11_conf_parse_file (system_conf, NULL, CONF_IGNORE_MISSING); + if (!config) + goto finished; + + /* Whether we should use or override from user directory */ + mode = user_config_mode (config, CONF_USER_MERGE); + if (mode == CONF_USER_INVALID) { + error = EINVAL; + goto finished; + } + + if (mode != CONF_USER_NONE && !p11_conf_force_user_config) { + if (getauxval (AT_SECURE)) { + p11_debug ("skipping user config in setuid or setgid program"); + mode = CONF_USER_NONE; +#ifdef OS_UNIX + } else if (getuid () == 0) { + p11_debug ("skipping user config in program running as root"); + mode = CONF_USER_NONE; +#endif + } else if (secure_getenv ("P11_KIT_NO_USER_CONFIG")) { + p11_debug ("skipping user config due to P11_NO_USER_CONFIG"); + mode = CONF_USER_NONE; + } + } + + if (mode != CONF_USER_NONE) { + path = p11_path_expand (user_conf); + if (!path) { + error = errno; + goto finished; + } + + /* Load up the user configuration, ignore selinux denying us access */ + flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED; + uconfig = _p11_conf_parse_file (path, NULL, flags); + if (!uconfig) { + error = errno; + goto finished; + } + + /* Figure out what the user mode is, defaulting to system mode if not set */ + mode = user_config_mode (uconfig, mode); + if (mode == CONF_USER_INVALID) { + error = EINVAL; + goto finished; + } + + /* If merging, then supplement user config with system values */ + if (mode == CONF_USER_MERGE) { + if (!_p11_conf_merge_defaults (uconfig, config)) { + error = errno; + goto finished; + } + } + + /* If user config valid at all, then replace system with what we have */ + if (mode != CONF_USER_NONE) { + p11_dict_free (config); + config = uconfig; + uconfig = NULL; + } + } + + if (user_mode) + *user_mode = mode; + + result = config; + config = NULL; + +finished: + free (path); + p11_dict_free (config); + p11_dict_free (uconfig); + errno = error; + return result; +} + +static char * +calc_name_from_filename (const char *fname) +{ + /* We eventually want to settle on .module */ + static const char *const suffix = ".module"; + static const size_t suffix_len = 7; + const char *c = fname; + size_t fname_len; + size_t name_len; + char *name; + + assert (fname); + + /* Make sure the filename starts with an alphanumeric */ + if (!isalnum(*c)) + return NULL; + ++c; + + /* Only allow alnum, _, -, and . */ + while (*c) { + if (!isalnum(*c) && *c != '_' && *c != '-' && *c != '.') + return NULL; + ++c; + } + + /* Make sure we have one of the suffixes */ + fname_len = strlen (fname); + if (suffix_len >= fname_len) + return NULL; + name_len = (fname_len - suffix_len); + if (strcmp (fname + name_len, suffix) != 0) + return NULL; + + name = malloc (name_len + 1); + return_val_if_fail (name != NULL, NULL); + memcpy (name, fname, name_len); + name[name_len] = 0; + return name; +} + +static bool +load_config_from_file (const char *configfile, + struct stat *sb, + const char *name, + p11_dict *configs, + int flags) +{ + p11_dict *config; + p11_dict *prev; + char *key; + int error = 0; + + assert (configfile); + + key = calc_name_from_filename (name); + if (key == NULL) { + p11_message ("invalid config filename, will be ignored in the future: %s", configfile); + key = strdup (name); + return_val_if_fail (key != NULL, false); + } + + config = _p11_conf_parse_file (configfile, sb, flags); + if (!config) { + free (key); + return false; + } + + prev = p11_dict_get (configs, key); + if (prev == NULL) { + if (!p11_dict_set (configs, key, config)) + return_val_if_reached (false); + config = NULL; + } else { + if (!_p11_conf_merge_defaults (prev, config)) + error = errno; + free (key); + } + + /* If still set */ + p11_dict_free (config); + + if (error) { + errno = error; + return false; + } + + return true; +} + +static bool +load_configs_from_directory (const char *directory, + p11_dict *configs, + int flags) +{ + struct dirent *dp; + struct stat st; + DIR *dir; + int error = 0; + bool is_dir; + char *path; + int count = 0; + + p11_debug ("loading module configs in: %s", directory); + + /* First we load all the modules */ + dir = opendir (directory); + if (!dir) { + error = errno; + if ((flags & CONF_IGNORE_MISSING) && + (errno == ENOENT || errno == ENOTDIR)) { + p11_debug ("module configs do not exist"); + return true; + } else if ((flags & CONF_IGNORE_ACCESS_DENIED) && + (errno == EPERM || errno == EACCES)) { + p11_debug ("couldn't list inacessible module configs"); + return true; + } + p11_message_err (error, "couldn't list directory: %s", directory); + errno = error; + return false; + } + + while ((dp = readdir(dir)) != NULL) { + path = p11_path_build (directory, dp->d_name, NULL); + return_val_if_fail (path != NULL, false); + + if (stat (path, &st) < 0) { + error = errno; + p11_message_err (error, "couldn't stat path: %s", path); + free (path); + break; + } + + is_dir = S_ISDIR (st.st_mode); + + if (!is_dir && !load_config_from_file (path, &st, dp->d_name, configs, flags)) { + error = errno; + free (path); + break; + } + + free (path); + count ++; + } + + closedir (dir); + + if (error) { + errno = error; + return false; + } + + return true; +} + +p11_dict * +_p11_conf_load_modules (int mode, + const char *package_dir, + const char *system_dir, + const char *user_dir) +{ + p11_dict *configs; + char *path; + int error = 0; + int flags; + + /* A hash table of name -> config */ + configs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, + free, (p11_destroyer)p11_dict_free); + + /* Load each user config first, if user config is allowed */ + if (mode != CONF_USER_NONE) { + flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED; + path = p11_path_expand (user_dir); + if (!path) + error = errno; + else if (!load_configs_from_directory (path, configs, flags)) + error = errno; + free (path); + if (error != 0) { + p11_dict_free (configs); + errno = error; + return NULL; + } + } + + /* + * Now unless user config is overriding, load system modules. + * Basically if a value for the same config name is not already + * loaded above (in the user configs) then they're loaded here. + */ + if (mode != CONF_USER_ONLY) { + flags = CONF_IGNORE_MISSING; + if (!load_configs_from_directory (system_dir, configs, flags) || + !load_configs_from_directory (package_dir, configs, flags)) { + error = errno; + p11_dict_free (configs); + errno = error; + return NULL; + } + } + + return configs; +} + +bool +_p11_conf_parse_boolean (const char *string, + bool default_value) +{ + if (!string) + return default_value; + + if (strcmp (string, "yes") == 0) { + return true; + } else if (strcmp (string, "no") == 0) { + return false; + } else { + p11_message ("invalid setting '%s' defaulting to '%s'", + string, default_value ? "yes" : "no"); + return default_value; + } +} diff --git a/p11-kit/conf.h b/p11-kit/conf.h new file mode 100644 index 0000000..911e650 --- /dev/null +++ b/p11-kit/conf.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2005 Stefan Walter + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __CONF_H__ +#define __CONF_H__ + +#include "dict.h" + +enum { + CONF_IGNORE_MISSING = 0x01, + CONF_IGNORE_ACCESS_DENIED = 0x02, +}; + +enum { + CONF_USER_INVALID = 0, + CONF_USER_NONE = 1, + CONF_USER_MERGE, + CONF_USER_ONLY +}; + +bool _p11_conf_merge_defaults (p11_dict *config, + p11_dict *defaults); + +/* Returns a hash of char *key -> char *value */ +p11_dict * _p11_conf_parse_file (const char *filename, + struct stat *sb, + int flags); + +/* Returns a hash of char *key -> char *value */ +p11_dict * _p11_conf_load_globals (const char *system_conf, + const char *user_conf, + int *user_mode); + +/* Returns a hash of char* name -> hash_t *config */ +p11_dict * _p11_conf_load_modules (int user_mode, + const char *package_dir, + const char *system_dir, + const char *user_dir); + +bool _p11_conf_parse_boolean (const char *string, + bool default_value); + +#endif /* __CONF_H__ */ diff --git a/p11-kit/deprecated.h b/p11-kit/deprecated.h new file mode 100644 index 0000000..ffe5d9d --- /dev/null +++ b/p11-kit/deprecated.h @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_KIT_DEPRECATED_H__ +#define __P11_KIT_DEPRECATED_H__ + +#ifndef __P11_KIT_H__ +#error "Please include instead of this file." +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef P11_KIT_NO_DEPRECATIONS +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead"))) +#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1) +#define P11_KIT_DEPRECATED_FOR(f) __attribute__((__deprecated__)) +#endif +#endif + +#ifndef P11_KIT_DEPRECATED_FOR +#define P11_KIT_DEPRECATED_FOR(f) +#endif + +#ifndef P11_KIT_DISABLE_DEPRECATED + +P11_KIT_DEPRECATED_FOR (p11_kit_modules_load) +CK_RV p11_kit_initialize_registered (void); + +P11_KIT_DEPRECATED_FOR (p11_kit_modules_release) +CK_RV p11_kit_finalize_registered (void); + +P11_KIT_DEPRECATED_FOR (p11_kit_modules_release) +CK_FUNCTION_LIST_PTR * p11_kit_registered_modules (void); + +P11_KIT_DEPRECATED_FOR (p11_kit_module_for_name) +CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name); + +P11_KIT_DEPRECATED_FOR (p11_kit_module_get_name) +char * p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module); + +P11_KIT_DEPRECATED_FOR (p11_kit_config_option) +char * p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, + const char *field); + +P11_KIT_DEPRECATED_FOR (module->C_Initialize) +CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module); + +P11_KIT_DEPRECATED_FOR (module->C_Finalize) +CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module); + +P11_KIT_DEPRECATED_FOR (p11_kit_module_load) +CK_RV p11_kit_load_initialize_module (const char *module_path, + CK_FUNCTION_LIST_PTR *module); + +#endif /* P11_KIT_DISABLE_DEPRECATED */ + +#undef P11_KIT_DEPRECATED_FOR + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* __P11_KIT_DEPRECATED_H__ */ diff --git a/p11-kit/docs.h b/p11-kit/docs.h new file mode 100644 index 0000000..7b29e3d --- /dev/null +++ b/p11-kit/docs.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +/* This header is not used by anything, and merely to help gtk-doc be sane */ + +#define P11_KIT_MODULE_UNMANAGED 1 +#define P11_KIT_MODULE_CRITICAL 1 diff --git a/p11-kit/filter.c b/p11-kit/filter.c new file mode 100644 index 0000000..8243ede --- /dev/null +++ b/p11-kit/filter.c @@ -0,0 +1,437 @@ +/* + * Copyright (c) 2016, Red Hat Inc. + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Daiki Ueno + */ + +#include "config.h" + +#include "attrs.h" +#include "buffer.h" +#include "constants.h" +#include "debug.h" +#include "filter.h" +#include "iter.h" +#include "message.h" +#include "p11-kit.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include + +typedef struct { + CK_SLOT_ID slot; + const CK_TOKEN_INFO *token; +} FilterSlot; + +typedef struct { + p11_virtual virt; + CK_X_FUNCTION_LIST *lower; + p11_destroyer destroyer; + p11_array *entries; + bool allowed; + bool initialized; + FilterSlot *slots; + CK_ULONG n_slots; + CK_ULONG max_slots; +} FilterData; + +extern int p11_match_uri_token_info (CK_TOKEN_INFO_PTR one, + CK_TOKEN_INFO_PTR two); + +static const CK_TOKEN_INFO * +filter_match_token (FilterData *filter, CK_TOKEN_INFO *token) +{ + unsigned int i; + + for (i = 0; i < filter->entries->num; i++) { + CK_TOKEN_INFO *entry = filter->entries->elem[i]; + bool matched = p11_match_uri_token_info (entry, token); + + if ((filter->allowed && matched) || + (!filter->allowed && !matched)) + return entry; + } + + return NULL; +} + +static bool +filter_add_slot (FilterData *filter, CK_SLOT_ID slot, const CK_TOKEN_INFO *token) +{ + if (filter->n_slots >= filter->max_slots) { + FilterSlot *slots; + filter->max_slots = filter->max_slots * 2 + 1; + slots = realloc (filter->slots, + filter->max_slots * sizeof (FilterSlot)); + return_val_if_fail (slots != NULL, false); + filter->slots = slots; + } + filter->slots[filter->n_slots].slot = slot; + filter->slots[filter->n_slots].token = token; + filter->n_slots++; + return true; +} + +static CK_RV +filter_ensure (FilterData *filter) +{ + CK_FUNCTION_LIST *lower = NULL; + P11KitIter *iter = NULL; + CK_RV rv = CKR_OK; + + if (filter->slots != NULL) { + free (filter->slots); + filter->slots = NULL; + } + filter->n_slots = 0; + filter->max_slots = 0; + + iter = p11_kit_iter_new (NULL, + P11_KIT_ITER_WITH_TOKENS | + P11_KIT_ITER_WITHOUT_OBJECTS); + if (iter == NULL) { + rv = CKR_HOST_MEMORY; + goto out; + } + + lower = p11_virtual_wrap (filter->virt.lower_module, NULL); + if (lower == NULL) { + rv = CKR_HOST_MEMORY; + goto out; + } + + p11_kit_iter_begin_with (iter, lower, 0, CK_INVALID_HANDLE); + while (p11_kit_iter_next (iter) == CKR_OK) { + CK_TOKEN_INFO *token; + const CK_TOKEN_INFO *match; + + token = p11_kit_iter_get_token (iter); + match = filter_match_token (filter, token); + if (match) { + CK_SLOT_ID slot; + + slot = p11_kit_iter_get_slot (iter); + if (!filter_add_slot (filter, slot, match)) { + rv = CKR_HOST_MEMORY; + goto out; + } + } + } + + rv = CKR_OK; + out: + p11_kit_iter_free (iter); + if (lower) + p11_virtual_unwrap (lower); + return rv; +} + +static void +filter_reinit (FilterData *filter) +{ + CK_RV rv; + + rv = filter_ensure (filter); + if (rv == CKR_OK) + filter->initialized = true; + else { + filter->initialized = false; + p11_message ("filter cannot be initialized"); + } +} + +static CK_RV +filter_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR pInitArgs) +{ + FilterData *filter = (FilterData *)self; + CK_RV rv; + + rv = filter->lower->C_Initialize (filter->lower, pInitArgs); + if (rv == CKR_OK) + filter_reinit (filter); + return rv; +} + +static CK_RV +filter_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR pReserved) +{ + FilterData *filter = (FilterData *)self; + + free (filter->slots); + filter->n_slots = 0; + p11_array_clear (filter->entries); + filter->initialized = false; + filter->allowed = false; + + return filter->lower->C_Finalize (filter->lower, pReserved); +} + +static CK_RV +filter_C_GetSlotList (CK_X_FUNCTION_LIST *self, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount) +{ + FilterData *filter = (FilterData *)self; + CK_ULONG count; + + if (pulCount == NULL) + return CKR_ARGUMENTS_BAD; + + count = *pulCount; + *pulCount = filter->n_slots; + + if (pSlotList == NULL) + return CKR_OK; + + if (filter->n_slots > count) + return CKR_BUFFER_TOO_SMALL; + + for (count = 0; count < filter->n_slots; count++) + pSlotList[count] = count; + *pulCount = filter->n_slots; + return CKR_OK; +} + +static CK_RV +filter_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + return filter->lower->C_GetSlotInfo (filter->lower, filter->slots[slotID].slot, pInfo); +} + +static CK_RV +filter_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + return filter->lower->C_GetTokenInfo (filter->lower, filter->slots[slotID].slot, pInfo); +} + +static CK_RV +filter_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + return filter->lower->C_GetMechanismList (filter->lower, + filter->slots[slotID].slot, + pMechanismList, + pulCount); +} + +static CK_RV +filter_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + return filter->lower->C_GetMechanismInfo (filter->lower, + filter->slots[slotID].slot, + type, + pInfo); +} + +static CK_RV +filter_C_InitToken (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_UTF8CHAR_PTR pLabel) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + if (filter->slots[slotID].token->flags & CKF_WRITE_PROTECTED) + return CKR_TOKEN_WRITE_PROTECTED; + + return filter->lower->C_InitToken (filter->lower, filter->slots[slotID].slot, + pPin, ulPinLen, pLabel); +} + +static CK_RV +filter_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +filter_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + if ((flags & CKF_RW_SESSION) && + (filter->slots[slotID].token->flags & CKF_WRITE_PROTECTED)) + return CKR_TOKEN_WRITE_PROTECTED; + + return filter->lower->C_OpenSession (filter->lower, + filter->slots[slotID].slot, flags, + pApplication, Notify, + phSession); +} + +static CK_RV +filter_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID) +{ + FilterData *filter = (FilterData *)self; + + if (slotID >= filter->n_slots) + return CKR_SLOT_ID_INVALID; + + return filter->lower->C_CloseAllSessions (filter->lower, + filter->slots[slotID].slot); +} + +void +p11_filter_release (void *data) +{ + FilterData *filter = (FilterData *)data; + + return_if_fail (data != NULL); + p11_virtual_uninit (&filter->virt); + p11_array_free (filter->entries); + free (filter); +} + +p11_virtual * +p11_filter_subclass (p11_virtual *lower, + p11_destroyer destroyer) +{ + FilterData *filter; + CK_X_FUNCTION_LIST functions; + + filter = calloc (1, sizeof (FilterData)); + return_val_if_fail (filter != NULL, NULL); + + memcpy (&functions, &p11_virtual_stack, sizeof (CK_X_FUNCTION_LIST)); + functions.C_Initialize = filter_C_Initialize; + functions.C_Finalize = filter_C_Finalize; + functions.C_GetSlotList = filter_C_GetSlotList; + functions.C_GetSlotInfo = filter_C_GetSlotInfo; + functions.C_GetTokenInfo = filter_C_GetTokenInfo; + functions.C_GetMechanismList = filter_C_GetMechanismList; + functions.C_GetMechanismInfo = filter_C_GetMechanismInfo; + functions.C_InitToken = filter_C_InitToken; + functions.C_WaitForSlotEvent = filter_C_WaitForSlotEvent; + functions.C_OpenSession = filter_C_OpenSession; + functions.C_CloseAllSessions = filter_C_CloseAllSessions; + + p11_virtual_init (&filter->virt, &functions, lower, destroyer); + filter->lower = &lower->funcs; + filter->entries = p11_array_new ((p11_destroyer)free); + return &filter->virt; +} + +void +p11_filter_allow_token (p11_virtual *virt, + CK_TOKEN_INFO *token) +{ + FilterData *filter = (FilterData *)virt; + CK_TOKEN_INFO *token_copy; + + return_if_fail (filter->allowed || filter->entries->num == 0); + filter->allowed = true; + + token_copy = memdup (token, sizeof (CK_TOKEN_INFO)); + return_if_fail (token_copy != NULL); + + if (!p11_array_push (filter->entries, token_copy)) + return_if_reached (); + + if (filter->initialized) + filter_reinit (filter); +} + +void +p11_filter_deny_token (p11_virtual *virt, + CK_TOKEN_INFO *token) +{ + FilterData *filter = (FilterData *)virt; + CK_TOKEN_INFO *token_copy; + + return_if_fail (!filter->allowed || filter->entries->num == 0); + filter->allowed = false; + + token_copy = memdup (token, sizeof (CK_TOKEN_INFO)); + return_if_fail (token_copy != NULL); + + if (!p11_array_push (filter->entries, token_copy)) + return_if_reached (); + + if (filter->initialized) + filter_reinit (filter); +} diff --git a/p11-kit/filter.h b/p11-kit/filter.h new file mode 100644 index 0000000..90cdb12 --- /dev/null +++ b/p11-kit/filter.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2016, Red Hat Inc. + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Daiki Ueno + */ + +#ifndef P11_FILTER_H_ +#define P11_FILTER_H_ + +#include "virtual.h" + +p11_virtual *p11_filter_subclass (p11_virtual *lower, + p11_destroyer destroyer); + +void p11_filter_release (void *filterger); + +void p11_filter_allow_token (p11_virtual *virt, + CK_TOKEN_INFO *token); + +void p11_filter_deny_token (p11_virtual *virt, + CK_TOKEN_INFO *token); + +#endif /* P11_FILTER_H_ */ diff --git a/p11-kit/fixtures/package-modules/four.module b/p11-kit/fixtures/package-modules/four.module new file mode 100644 index 0000000..933af2b --- /dev/null +++ b/p11-kit/fixtures/package-modules/four.module @@ -0,0 +1,5 @@ + +module: mock-four.so +disable-in: test-disable, test-other +priority: 4 +trust-policy: no \ No newline at end of file diff --git a/p11-kit/fixtures/package-modules/six.module b/p11-kit/fixtures/package-modules/six.module new file mode 100644 index 0000000..bad9379 --- /dev/null +++ b/p11-kit/fixtures/package-modules/six.module @@ -0,0 +1,7 @@ + +module: mock-six.so + +enable-in: test-proxy + +# the highest priority among others loaded by test-proxy +priority: 100 diff --git a/p11-kit/fixtures/package-modules/win32/four.module b/p11-kit/fixtures/package-modules/win32/four.module new file mode 100644 index 0000000..6dc87c9 --- /dev/null +++ b/p11-kit/fixtures/package-modules/win32/four.module @@ -0,0 +1,4 @@ + +module: mock-four.dll +disable-in: test-disable, test-other +priority: 4 \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/one.module b/p11-kit/fixtures/system-modules/one.module new file mode 100644 index 0000000..5f49a8f --- /dev/null +++ b/p11-kit/fixtures/system-modules/one.module @@ -0,0 +1,5 @@ + +module: mock-one.so +setting: system1 +trust-policy: yes +number: 18 diff --git a/p11-kit/fixtures/system-modules/seven.module b/p11-kit/fixtures/system-modules/seven.module new file mode 100644 index 0000000..933a956 --- /dev/null +++ b/p11-kit/fixtures/system-modules/seven.module @@ -0,0 +1,4 @@ + +module: mock-seven.so +critical: yes +enable-in: test-modules diff --git a/p11-kit/fixtures/system-modules/two-duplicate.module b/p11-kit/fixtures/system-modules/two-duplicate.module new file mode 100644 index 0000000..756af69 --- /dev/null +++ b/p11-kit/fixtures/system-modules/two-duplicate.module @@ -0,0 +1,4 @@ + +# This is a duplicate of the 'two' module +module: mock-two.so +# no priority, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/two.badname b/p11-kit/fixtures/system-modules/two.badname new file mode 100644 index 0000000..eec3af0 --- /dev/null +++ b/p11-kit/fixtures/system-modules/two.badname @@ -0,0 +1,6 @@ +# This module doesn't have a .module extension, but p11-kit doesn't yet +# enforce the naming, just warns, so it should still be loaded + +module: mock-two.so +setting: system2 +# no priority, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/one.module b/p11-kit/fixtures/system-modules/win32/one.module new file mode 100644 index 0000000..129d983 --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/one.module @@ -0,0 +1,6 @@ + +module: mock-one.dll +setting: system1 +trust-policy: yes +number: 18 +# no order, use name diff --git a/p11-kit/fixtures/system-modules/win32/seven.module b/p11-kit/fixtures/system-modules/win32/seven.module new file mode 100644 index 0000000..0ff473e --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/seven.module @@ -0,0 +1,4 @@ + +module: mock-seven.dll +critical: yes +enable-in: test-modules diff --git a/p11-kit/fixtures/system-modules/win32/two-duplicate.module b/p11-kit/fixtures/system-modules/win32/two-duplicate.module new file mode 100644 index 0000000..54ef1cc --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/two-duplicate.module @@ -0,0 +1,4 @@ + +# This is a duplicate of the 'two' module +module: mock-two.dll +# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-modules/win32/two.badname b/p11-kit/fixtures/system-modules/win32/two.badname new file mode 100644 index 0000000..af63cf9 --- /dev/null +++ b/p11-kit/fixtures/system-modules/win32/two.badname @@ -0,0 +1,6 @@ +# This module doesn't have a .module extension, but p11-kit doesn't yet +# enforce the naming, just warns, so it should still be loaded + +module: mock-two.dll +setting: system2 +# no order, use name \ No newline at end of file diff --git a/p11-kit/fixtures/system-pkcs11.conf b/p11-kit/fixtures/system-pkcs11.conf new file mode 100644 index 0000000..a3aa273 --- /dev/null +++ b/p11-kit/fixtures/system-pkcs11.conf @@ -0,0 +1,6 @@ + +# Merge in user config +user-config: merge + +# Another option +new: world \ No newline at end of file diff --git a/p11-kit/fixtures/test-1.conf b/p11-kit/fixtures/test-1.conf new file mode 100644 index 0000000..d4ae0a1 --- /dev/null +++ b/p11-kit/fixtures/test-1.conf @@ -0,0 +1,6 @@ +key1:value1 +with-whitespace : value-with-whitespace +with-colon: value-of-colon + +# A comment +embedded-comment: this is # not a comment diff --git a/p11-kit/fixtures/test-pinfile b/p11-kit/fixtures/test-pinfile new file mode 100644 index 0000000..f646f3d --- /dev/null +++ b/p11-kit/fixtures/test-pinfile @@ -0,0 +1 @@ +yogabbagabba \ No newline at end of file diff --git a/p11-kit/fixtures/test-pinfile-large b/p11-kit/fixtures/test-pinfile-large new file mode 100644 index 0000000..506668d --- /dev/null +++ b/p11-kit/fixtures/test-pinfile-large @@ -0,0 +1,53 @@ +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba +yogabbagabba yogabbagabba yogabbagabba yo \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-invalid.conf b/p11-kit/fixtures/test-system-invalid.conf new file mode 100644 index 0000000..344ee96 --- /dev/null +++ b/p11-kit/fixtures/test-system-invalid.conf @@ -0,0 +1,3 @@ + +# Invalid user-config setting +user-config: bad diff --git a/p11-kit/fixtures/test-system-merge.conf b/p11-kit/fixtures/test-system-merge.conf new file mode 100644 index 0000000..978427d --- /dev/null +++ b/p11-kit/fixtures/test-system-merge.conf @@ -0,0 +1,7 @@ + +# Merge in user config +user-config: merge + +key1: system1 +key2: system2 +key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-none.conf b/p11-kit/fixtures/test-system-none.conf new file mode 100644 index 0000000..2d43fa7 --- /dev/null +++ b/p11-kit/fixtures/test-system-none.conf @@ -0,0 +1,8 @@ + +# Only user config +user-config: none + +# These values will not be overridden +key1: system1 +key2: system2 +key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-system-only.conf b/p11-kit/fixtures/test-system-only.conf new file mode 100644 index 0000000..589f1c7 --- /dev/null +++ b/p11-kit/fixtures/test-system-only.conf @@ -0,0 +1,8 @@ + +# Only user config +user-config: only + +# This stuff will be ignored +key1: system1 +key2: system2 +key3: system3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-user-invalid.conf b/p11-kit/fixtures/test-user-invalid.conf new file mode 100644 index 0000000..344ee96 --- /dev/null +++ b/p11-kit/fixtures/test-user-invalid.conf @@ -0,0 +1,3 @@ + +# Invalid user-config setting +user-config: bad diff --git a/p11-kit/fixtures/test-user-only.conf b/p11-kit/fixtures/test-user-only.conf new file mode 100644 index 0000000..3224c01 --- /dev/null +++ b/p11-kit/fixtures/test-user-only.conf @@ -0,0 +1,4 @@ + +user-config: only +key2: user2 +key3: user3 \ No newline at end of file diff --git a/p11-kit/fixtures/test-user.conf b/p11-kit/fixtures/test-user.conf new file mode 100644 index 0000000..369544a --- /dev/null +++ b/p11-kit/fixtures/test-user.conf @@ -0,0 +1,3 @@ + +key2: user2 +key3: user3 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/one.module b/p11-kit/fixtures/user-modules/one.module new file mode 100644 index 0000000..5197daf --- /dev/null +++ b/p11-kit/fixtures/user-modules/one.module @@ -0,0 +1,4 @@ + +setting: user1 +managed: yes +number: 33 diff --git a/p11-kit/fixtures/user-modules/three.module b/p11-kit/fixtures/user-modules/three.module new file mode 100644 index 0000000..3a2366d --- /dev/null +++ b/p11-kit/fixtures/user-modules/three.module @@ -0,0 +1,6 @@ + +module: mock-three.so +setting: user3 + +enable-in: test-enable +priority: 3 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/one.module b/p11-kit/fixtures/user-modules/win32/one.module new file mode 100644 index 0000000..c371e4a --- /dev/null +++ b/p11-kit/fixtures/user-modules/win32/one.module @@ -0,0 +1,2 @@ + +setting: user1 \ No newline at end of file diff --git a/p11-kit/fixtures/user-modules/win32/three.module b/p11-kit/fixtures/user-modules/win32/three.module new file mode 100644 index 0000000..30a3b63 --- /dev/null +++ b/p11-kit/fixtures/user-modules/win32/three.module @@ -0,0 +1,6 @@ + +module: mock-three.dll +setting: user3 + +enable-in: test-enable +priority: 3 \ No newline at end of file diff --git a/p11-kit/frob-setuid.c b/p11-kit/frob-setuid.c new file mode 100644 index 0000000..e546ece --- /dev/null +++ b/p11-kit/frob-setuid.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include +#include + +#include "compat.h" +#include "p11-kit.h" + +int +main (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + char *field; + char *name; + int ret; + int i; + + /* + * Use 'chmod ug+s frob-setuid' to change this program + * and test the output with/without setuid or setgid. + */ + + putenv ("P11_KIT_STRICT=1"); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL); + + /* This is a system configured module */ + module = p11_kit_module_for_name (modules, "one"); + assert (module != NULL); + + field = p11_kit_config_option (module, "setting"); + printf ("'setting' on module 'one': %s\n", field ? field : "(null)"); + + assert (field != NULL); + if (getauxval (AT_SECURE)) + assert (strcmp (field, "system1") == 0); + else + assert (strcmp (field, "user1") == 0); + + free (field); + + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + printf ("%s\n", name); + free (name); + } + + field = p11_kit_config_option (module, "number"); + printf ("'number' on module 'one': %s\n", field ? field : "(null)"); + + ret = atoi (field ? field : "0"); + assert (ret != 0); + free (field); + + p11_kit_modules_finalize_and_release (modules); + return ret; +} diff --git a/p11-kit/gen-pkcs11-gnu.sh b/p11-kit/gen-pkcs11-gnu.sh new file mode 100755 index 0000000..a8b204d --- /dev/null +++ b/p11-kit/gen-pkcs11-gnu.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +source="$1" +target="$2" + +rm -f $target-t $target && \ + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + echo; \ + echo '#include '; \ + echo '#include "p11-kit/p11-kit.h"'; \ + cat $source; \ + echo "void *${target}_funcs[] = {" | sed 's/[^][ *a-z0-9_={]/_/g'; \ + sed -n -e '/^typedef/d' -e 's/.* \(p11_kit_[^ ]*\) *(.*/ \1,/p' $source; \ + echo '};'; \ + } > $target-t && \ + mv -f $target-t $target diff --git a/p11-kit/gen-virtual-fixed.sh b/p11-kit/gen-virtual-fixed.sh new file mode 100755 index 0000000..b4f0978 --- /dev/null +++ b/p11-kit/gen-virtual-fixed.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +target="$1" +closures="$2" + +rm -f $target-t $target && \ + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + echo; \ + counter=0; \ + while test $counter -lt $closures; do \ + echo "P11_VIRTUAL_FIXED_FUNCTIONS($counter)"; \ + counter=`expr $counter + 1`; \ + done; \ + echo; \ + echo "CK_FUNCTION_LIST p11_virtual_fixed[P11_VIRTUAL_MAX_FIXED] = {"; \ + counter=0; \ + while test $counter -lt $closures; do \ + echo " P11_VIRTUAL_FIXED_INITIALIZER($counter),"; \ + counter=`expr $counter + 1`; \ + done; \ + echo '};'; \ + echo; \ + counter=0; \ + while test $counter -lt $closures; do \ + echo "P11_VIRTUAL_FIXED_GET_FUNCTION_LIST($counter)"; \ + counter=`expr $counter + 1`; \ + done; \ + } > $target-t && mv -f $target-t $target diff --git a/p11-kit/iter.c b/p11-kit/iter.c new file mode 100644 index 0000000..b5a9bbf --- /dev/null +++ b/p11-kit/iter.c @@ -0,0 +1,1093 @@ +/* + * Copyright (C) 2013,2016 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "array.h" +#include "attrs.h" +#include "debug.h" +#include "iter.h" +#include "pin.h" +#include "private.h" + +#include +#include +#include + +typedef struct _Callback { + p11_kit_iter_callback func; + void *callback_data; + p11_kit_destroyer destroyer; + struct _Callback *next; +} Callback; + +/** + * P11KitIter: + * + * Used to iterate over PKCS\#11 objects, tokens, slots, and modules. + */ +struct p11_kit_iter { + + /* Iterator matching data */ + CK_INFO match_module; + CK_SLOT_INFO match_slot; + CK_TOKEN_INFO match_token; + CK_ATTRIBUTE *match_attrs; + CK_SLOT_ID match_slot_id; + Callback *callbacks; + + /* The input modules */ + p11_array *modules; + + /* The results of C_GetSlotList */ + CK_SLOT_ID *slots; + CK_ULONG num_slots; + CK_ULONG saw_slots; + + /* The results of C_FindObjects */ + CK_OBJECT_HANDLE *objects; + CK_ULONG max_objects; + CK_ULONG num_objects; + CK_ULONG saw_objects; + + /* The current iteration */ + P11KitIterKind kind; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + CK_SLOT_INFO slot_info; + CK_TOKEN_INFO token_info; + int move_next_session_state; + int iter_next_state; + + /* And various flags */ + unsigned int searching : 1; + unsigned int searched : 1; + unsigned int iterating : 1; + unsigned int match_nothing : 1; + unsigned int keep_session : 1; + unsigned int preload_results : 1; + unsigned int want_writable : 1; + unsigned int with_modules : 1; + unsigned int with_slots : 1; + unsigned int with_tokens : 1; + unsigned int with_objects : 1; +}; + +/** + * P11KitIterKind: + * @P11_KIT_ITER_KIND_MODULE: The iterator is pointing to a module. + * @P11_KIT_ITER_KIND_SLOT: The iterator is pointing to a slot. + * @P11_KIT_ITER_KIND_TOKEN: The iterator is pointing to a token. + * @P11_KIT_ITER_KIND_OBJECT: The iterator is pointing to an object. + * @P11_KIT_ITER_KIND_UNKNOWN: The iterator doesn't point to anything. + * + * The kind of the current match. + */ + +/** + * P11KitIterBehavior: + * @P11_KIT_ITER_BUSY_SESSIONS: Allow the iterator's sessions to be + * in a busy state when the iterator returns an object. + * @P11_KIT_ITER_WANT_WRITABLE: Try to open read-write sessions when + * iterating over objects. + * @P11_KIT_ITER_WITH_MODULES: Stop at each module while iterating. + * @P11_KIT_ITER_WITH_SLOTS: Stop at each slot while iterating. + * @P11_KIT_ITER_WITH_TOKENS: Stop at each token while iterating. + * @P11_KIT_ITER_WITHOUT_OBJECTS: Ignore objects while iterating. + * + * Various flags controlling the behavior of the iterator. + */ + +/** + * p11_kit_iter_new: + * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL + * @behavior: various behavior flags for iterator + * + * Create a new PKCS\#11 iterator for iterating over objects. Only + * objects that match the @uri will be returned by the iterator. + * Relevant information in @uri is copied, and you need not keep + * @uri around. + * + * If no @uri is specified then the iterator will iterate over all + * objects, unless otherwise filtered. + * + * Returns: (transfer full): a new iterator, which should be freed + * with p11_kit_iter_free() + */ +P11KitIter * +p11_kit_iter_new (P11KitUri *uri, + P11KitIterBehavior behavior) +{ + P11KitIter *iter; + + iter = calloc (1, sizeof (P11KitIter)); + return_val_if_fail (iter != NULL, NULL); + + iter->modules = p11_array_new (NULL); + if (iter->modules == NULL) { + p11_kit_iter_free (iter); + return_val_if_reached (NULL); + } + + iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE); + iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS); + iter->with_modules = !!(behavior & P11_KIT_ITER_WITH_MODULES); + iter->with_slots = !!(behavior & P11_KIT_ITER_WITH_SLOTS); + iter->with_tokens = !!(behavior & P11_KIT_ITER_WITH_TOKENS); + iter->with_objects = !(behavior & P11_KIT_ITER_WITHOUT_OBJECTS); + + p11_kit_iter_set_uri (iter, uri); + return iter; +} + +/** + * p11_kit_iter_set_uri: + * @iter: the iterator + * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL + * + * Set the PKCS\#11 uri for iterator. Only + * objects that match the @uri will be returned by the iterator. + * Relevant information in @uri is copied, and you need not keep + * @uri around. + * + * If no @uri is specified then the iterator will iterate over all + * objects, unless otherwise filtered. + * + * This function should be called at most once, and should be + * called before iterating begins. + * + */ +void +p11_kit_iter_set_uri (P11KitIter *iter, + P11KitUri *uri) +{ + CK_ATTRIBUTE *attrs; + CK_TOKEN_INFO *tinfo; + CK_SLOT_INFO *sinfo; + CK_INFO *minfo; + CK_ULONG count; + + return_if_fail (iter != NULL); + + if (uri != NULL) { + + if (p11_kit_uri_any_unrecognized (uri)) { + iter->match_nothing = 1; + + } else { + attrs = p11_kit_uri_get_attributes (uri, &count); + iter->match_attrs = p11_attrs_buildn (NULL, attrs, count); + + iter->match_slot_id = p11_kit_uri_get_slot_id (uri); + + minfo = p11_kit_uri_get_module_info (uri); + if (minfo != NULL) + memcpy (&iter->match_module, minfo, sizeof (CK_INFO)); + + sinfo = p11_kit_uri_get_slot_info (uri); + if (sinfo != NULL) + memcpy (&iter->match_slot, sinfo, sizeof (CK_SLOT_INFO)); + + tinfo = p11_kit_uri_get_token_info (uri); + if (tinfo != NULL) + memcpy (&iter->match_token, tinfo, sizeof (CK_TOKEN_INFO)); + } + } else { + /* Match any module version number and slot ID */ + memset (&iter->match_module, 0, sizeof (iter->match_module)); + iter->match_module.libraryVersion.major = (CK_BYTE)-1; + iter->match_module.libraryVersion.minor = (CK_BYTE)-1; + iter->match_slot_id = (CK_SLOT_ID)-1; + } +} + +/** + * p11_kit_destroyer: + * @data: data to destroy + * + * A callback called to free a resource. + */ + +/** + * p11_kit_iter_callback: + * @iter: the iterator + * @matches: (out): whether to match the current object + * @data: callback data + * + * A callback setup with p11_kit_iter_add_callback(). This callback is + * called for each object iterated. + * + * If the callback sets @matches to CK_FALSE, then this object is + * skipped and not matched by p11_kit_iter_next(). If you return + * anything but CKR_OK, then the iteration is stopped, and + * p11_kit_iter_next() returns the result code. + * + * Returns: CKR_OK to continue iterating, CKR_CANCEL to stop, or + * anything else to fail + */ + +/** + * p11_kit_iter_add_callback: + * @iter: the iterator + * @callback: a function to call for each iteration + * @callback_data: (allow-none): data to pass to the function + * @callback_destroy: (allow-none): used to cleanup the data + * + * Adds a callback to the iterator which will be called each time + * that an object is iterated. + * + * These callbacks can also perform filtering. If any callback + * indicates through it's matches argument that + * the object should not match, then that object will not be iterated + * as far as p11_kit_iter_next() is concerned. + * + * The callbacks will be called with the matches + * set to CK_TRUE and it's up to filters to change + * it to CK_FALSE when necessary. + */ +void +p11_kit_iter_add_callback (P11KitIter *iter, + p11_kit_iter_callback callback, + void *callback_data, + p11_kit_destroyer callback_destroy) +{ + Callback *cb; + + return_if_fail (iter != NULL); + return_if_fail (callback != NULL); + + cb = calloc (1, sizeof (Callback)); + return_if_fail (cb != NULL); + + cb->func = callback; + cb->destroyer = callback_destroy; + cb->callback_data = callback_data; + cb->next = iter->callbacks; + iter->callbacks = cb; +} + +/** + * p11_kit_iter_add_filter: + * @iter: the iterator + * @matching: (array length=count): the attributes that the objects should match + * @count: the number of attributes + * + * Add a filter to limit the objects that the iterator iterates over. + * + * Only objects matching the passed in attributes will be iterated. + * This function can be called multiple times. + * + * The @matching attributes are copied. + */ +void +p11_kit_iter_add_filter (P11KitIter *iter, + CK_ATTRIBUTE *matching, + CK_ULONG count) +{ + return_if_fail (iter != NULL); + return_if_fail (!iter->iterating); + + iter->match_attrs = p11_attrs_buildn (iter->match_attrs, matching, count); + return_if_fail (iter->match_attrs != NULL); +} + +static void +finish_object (P11KitIter *iter) +{ + iter->object = 0; +} + +static void +finish_slot (P11KitIter *iter) +{ + if (iter->session && !iter->keep_session) { + assert (iter->module != NULL); + (iter->module->C_CloseSession) (iter->session); + } + + iter->keep_session = 0; + iter->session = 0; + iter->searched = 0; + iter->searching = 0; + iter->slot = 0; +} + +static void +finish_module (P11KitIter *iter) +{ + iter->num_slots = 0; + iter->saw_slots = 0; + iter->module = NULL; +} + +static CK_RV +finish_iterating (P11KitIter *iter, + CK_RV rv) +{ + finish_object (iter); + finish_slot (iter); + finish_module (iter); + p11_array_clear (iter->modules); + + iter->iterating = 0; + iter->move_next_session_state = 0; + iter->iter_next_state = 0; + iter->kind = P11_KIT_ITER_KIND_UNKNOWN; + return rv; +} + +/** + * p11_kit_iter_begin: + * @iter: the iterator + * @modules: (array zero-terminated=1): null-terminated list of + * modules to iterate over + * + * Begin iterating PKCS\#11 objects in the given @modules. + * + * The @modules arguments should be a null-terminated list of + * pointers to the modules' PKCS\#11 function pointers. + * + * For each module, all initialized slots will be iterated over, + * having sessions opened for each of them in turn, and searched + * for objects matching the search criteria. + */ +void +p11_kit_iter_begin (P11KitIter *iter, + CK_FUNCTION_LIST_PTR *modules) +{ + int i; + + return_if_fail (modules != NULL); + + finish_iterating (iter, CKR_OK); + + /* Use this module */ + for (i = 0; modules[i] != NULL; i++) { + if (!p11_array_push (iter->modules, modules[i])) + return_if_reached (); + } + + iter->iterating = 1; + iter->searched = 1; +} + +/** + * p11_kit_iter_begin_with: + * @iter: the iterator + * @module: the module to iterate over + * @slot: (allow-none): the slot to iterate objects in, or zero + * @session: (allow-none): the session to search for objects on, or zero + * + * Begin iterating PKCS\#11 objects in the given @module. + * + * If @slot is non-zero then the iteration will be limited to that + * slot. + * + * If @session is non-zero then the iteration will be limited to + * objects visible through that session, which implies that they + * are also limited to the slot which the session was opened for. + */ +void +p11_kit_iter_begin_with (P11KitIter *iter, + CK_FUNCTION_LIST_PTR module, + CK_SLOT_ID slot, + CK_SESSION_HANDLE session) +{ + CK_SESSION_INFO info; + CK_RV rv; + + finish_iterating (iter, CKR_OK); + + return_if_fail (module != NULL); + + if (session != 0) { + /* + * A currently active session. Initialize as if we're ready + * to search using this session. + */ + + /* If we have a session, but no slot, then look it up */ + if (slot == 0) { + assert (module != NULL); + rv = (module->C_GetSessionInfo) (session, &info); + if (rv == CKR_OK) + slot = info.slotID; + } + + /* So initialize as if we're ready to search */ + iter->session = session; + iter->slot = slot; + iter->module = module; + iter->keep_session = 1; + + } else if (slot != 0) { + CK_SLOT_ID *slots; + + /* + * Limit to this slot. Initialize as if we're ready to use the + * slot from the slots list. + */ + + iter->module = module; + slots = realloc (iter->slots, sizeof (CK_SLOT_ID)); + return_if_fail (slots != NULL); + iter->slots = slots; + iter->slots[0] = slot; + iter->num_slots = 1; + iter->searched = 1; + + } else { + + /* + * Limit to this module. Initialize as if we're ready to use + * the module from the modules array. + */ + + assert (module != NULL); + p11_array_push (iter->modules, module); + iter->session = 0; + iter->slot = 0; + iter->searched = 1; + } + + iter->iterating = 1; +} + +static CK_RV +call_all_filters (P11KitIter *iter, + CK_BBOOL *matches) +{ + Callback *cb; + CK_RV rv; + + *matches = CK_TRUE; + + for (cb = iter->callbacks; cb != NULL; cb = cb->next) { + rv = (cb->func) (iter, matches, cb->callback_data); + if (rv != CKR_OK || !*matches) + return rv; + } + + return CKR_OK; +} + +#define COROUTINE_BEGIN(name) switch (iter->name ## _state) { case 0: +#define COROUTINE_RETURN(name,i,x) do { iter->name ## _state = i; return x; case i:; } while (0) +#define COROUTINE_END(name) } + +static CK_RV +move_next_session (P11KitIter *iter) +{ + CK_ULONG session_flags; + CK_ULONG num_slots; + CK_INFO minfo; + CK_RV rv; + + COROUTINE_BEGIN (move_next_session); + + finish_slot (iter); + + /* If we have no more slots, then move to next module */ + while (iter->saw_slots >= iter->num_slots) { + finish_module (iter); + + /* Iter is finished */ + if (iter->modules->num == 0) + return finish_iterating (iter, CKR_CANCEL); + + iter->module = iter->modules->elem[0]; + p11_array_remove (iter->modules, 0); + + /* Skip module if it doesn't match uri */ + assert (iter->module != NULL); + rv = (iter->module->C_GetInfo) (&minfo); + if (rv != CKR_OK || !p11_match_uri_module_info (&iter->match_module, &minfo)) + continue; + + if (iter->with_modules) { + iter->kind = P11_KIT_ITER_KIND_MODULE; + COROUTINE_RETURN (move_next_session, 1, CKR_OK); + } + + if (iter->with_slots || iter->with_tokens || iter->with_objects) { + CK_SLOT_ID *slots; + + rv = (iter->module->C_GetSlotList) (CK_TRUE, NULL, &num_slots); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + + slots = realloc (iter->slots, sizeof (CK_SLOT_ID) * (num_slots + 1)); + return_val_if_fail (slots != NULL, CKR_HOST_MEMORY); + iter->slots = slots; + + rv = (iter->module->C_GetSlotList) (CK_TRUE, iter->slots, &num_slots); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + + iter->num_slots = num_slots; + assert (iter->saw_slots == 0); + } + } + + /* Move to the next slot, and open a session on it */ + while ((iter->with_slots || iter->with_tokens || iter->with_objects) && + iter->saw_slots < iter->num_slots) { + iter->slot = iter->slots[iter->saw_slots++]; + + assert (iter->module != NULL); + if (iter->match_slot_id != (CK_SLOT_ID)-1 && iter->slot != iter->match_slot_id) + continue; + rv = (iter->module->C_GetSlotInfo) (iter->slot, &iter->slot_info); + if (rv != CKR_OK || !p11_match_uri_slot_info (&iter->match_slot, &iter->slot_info)) + continue; + if (iter->with_slots) { + iter->kind = P11_KIT_ITER_KIND_SLOT; + COROUTINE_RETURN (move_next_session, 2, CKR_OK); + } + rv = (iter->module->C_GetTokenInfo) (iter->slot, &iter->token_info); + if (rv != CKR_OK || !p11_match_uri_token_info (&iter->match_token, &iter->token_info)) + continue; + if (iter->with_tokens) { + iter->kind = P11_KIT_ITER_KIND_TOKEN; + COROUTINE_RETURN (move_next_session, 3, CKR_OK); + } + + session_flags = CKF_SERIAL_SESSION; + + /* Skip if the read/write on a read-only token */ + if (iter->want_writable && (iter->token_info.flags & CKF_WRITE_PROTECTED) == 0) + session_flags |= CKF_RW_SESSION; + + rv = (iter->module->C_OpenSession) (iter->slot, session_flags, + NULL, NULL, &iter->session); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + + if (iter->session != 0) { + iter->move_next_session_state = 0; + iter->kind = P11_KIT_ITER_KIND_UNKNOWN; + return CKR_OK; + } + } + + COROUTINE_END (move_next_session); + + /* Otherwise try again */ + iter->move_next_session_state = 0; + return move_next_session (iter); +} + +/** + * p11_kit_iter_next: + * @iter: the iterator + * + * Iterate to the next matching object. + * + * To access the object, session and so on, use the p11_kit_iter_get_object(), + * p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions. + * + * This call must only be called after either p11_kit_iter_begin() + * or p11_kit_iter_begin_with() have been called. + * + * Objects which are skipped by callbacks will not be returned here + * as matching objects. + * + * Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error + */ +CK_RV +p11_kit_iter_next (P11KitIter *iter) +{ + CK_ULONG batch; + CK_ULONG count; + CK_BBOOL matches; + CK_RV rv; + + return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED); + + COROUTINE_BEGIN (iter_next); + + iter->object = 0; + + if (iter->match_nothing) + return finish_iterating (iter, CKR_CANCEL); + + if (!(iter->with_modules || iter->with_slots || iter->with_tokens || iter->with_objects)) + return finish_iterating (iter, CKR_CANCEL); + + /* + * If we have outstanding objects, then iterate one through those + * Note that we pass each object through the filters, and only + * assume it's iterated if it matches + */ + while (iter->with_objects && iter->saw_objects < iter->num_objects) { + iter->object = iter->objects[iter->saw_objects++]; + + rv = call_all_filters (iter, &matches); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + + if (matches && iter->with_objects) { + iter->kind = P11_KIT_ITER_KIND_OBJECT; + COROUTINE_RETURN (iter_next, 1, CKR_OK); + } + } + + /* Move to next session, if we have finished searching + * objects, or we are looking for modules/slots/tokens */ + if ((iter->with_objects && iter->searched) || + (!iter->with_objects && + (iter->with_modules || iter->with_slots || iter->with_tokens))) { + /* Use iter->kind as the sentinel to detect the case where + * any match (except object) is successful in + * move_next_session() */ + do { + iter->kind = P11_KIT_ITER_KIND_UNKNOWN; + rv = move_next_session (iter); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + if (iter->kind != P11_KIT_ITER_KIND_UNKNOWN) + COROUTINE_RETURN (iter_next, 2, CKR_OK); + } while (iter->move_next_session_state > 0); + } + + /* Ready to start searching */ + if (iter->with_objects && !iter->searching && !iter->searched) { + count = p11_attrs_count (iter->match_attrs); + rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + iter->searching = 1; + iter->searched = 0; + } + + /* If we have searched on this session then try to continue */ + if (iter->with_objects && iter->searching) { + assert (iter->module != NULL); + assert (iter->session != 0); + iter->num_objects = 0; + iter->saw_objects = 0; + + for (;;) { + if (iter->max_objects - iter->num_objects == 0) { + CK_OBJECT_HANDLE *objects; + + iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64; + objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG)); + return_val_if_fail (objects != NULL, CKR_HOST_MEMORY); + iter->objects = objects; + } + + batch = iter->max_objects - iter->num_objects; + rv = (iter->module->C_FindObjects) (iter->session, + iter->objects + iter->num_objects, + batch, &count); + if (rv != CKR_OK) + return finish_iterating (iter, rv); + + iter->num_objects += count; + + /* + * Done searching on this session, although there are still + * objects outstanding, which will be returned on next + * iterations. + */ + if (batch != count) { + iter->searching = 0; + iter->searched = 1; + (iter->module->C_FindObjectsFinal) (iter->session); + break; + } + + if (!iter->preload_results) + break; + } + } + + COROUTINE_END (iter_next); + + /* Try again */ + iter->iter_next_state = 0; + iter->move_next_session_state = 0; + iter->kind = P11_KIT_ITER_KIND_UNKNOWN; + return p11_kit_iter_next (iter); +} + +/** + * p11_kit_iter_get_kind: + * @iter: the iterator + * + * Get the kind of the current match (a module, slot, token, or an + * object). + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: a #P11KitIterKind value + */ +P11KitIterKind +p11_kit_iter_get_kind (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, P11_KIT_ITER_KIND_UNKNOWN); + return_val_if_fail (iter->iterating, P11_KIT_ITER_KIND_UNKNOWN); + return iter->kind; +} + +/** + * p11_kit_iter_get_module: + * @iter: the iterator + * + * Get the module function pointers for the current matching object. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: the module which the current matching object is in + */ +CK_FUNCTION_LIST_PTR +p11_kit_iter_get_module (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, NULL); + return_val_if_fail (iter->iterating, 0); + return iter->module; +} + +/** + * p11_kit_iter_get_slot: + * @iter: the iterator + * + * Get the slot which the current matching object is on. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: the slot of the current matching object + */ +CK_SLOT_ID +p11_kit_iter_get_slot (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, 0); + return_val_if_fail (iter->iterating, 0); + return iter->slot; +} + +/** + * p11_kit_iter_get_slot_info: + * @iter: the iterator + * + * Get the slot info for the slot which the current matching object is on. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: the slot of the current matching object. + */ +CK_SLOT_INFO * +p11_kit_iter_get_slot_info (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, NULL); + return &iter->slot_info; +} + +/** + * p11_kit_iter_get_token: + * @iter: the iterator + * + * Get the token info for the token which the current matching object is on. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: the slot of the current matching object. + */ +CK_TOKEN_INFO * +p11_kit_iter_get_token (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, NULL); + return &iter->token_info; +} + +/** + * p11_kit_iter_get_session: + * @iter: the iterator + * + * Get the session which the current matching object is accessible + * through. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * The session may be closed after the next p11_kit_iter_next() call + * unless p11_kit_iter_keep_session() is called. + * + * Returns: the session used to find the current matching object + */ +CK_SESSION_HANDLE +p11_kit_iter_get_session (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, 0); + return_val_if_fail (iter->iterating, 0); + return iter->session; +} + +/** + * p11_kit_iter_get_object: + * @iter: the iterator + * + * Get the current matching object. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: the current matching object + */ +CK_OBJECT_HANDLE +p11_kit_iter_get_object (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, 0); + return iter->object; +} + +/** + * p11_kit_iter_destroy_object: + * @iter: the iterator + * + * Destroy the current matching object. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: CKR_OK or a failure code + */ +CK_RV +p11_kit_iter_destroy_object (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); + return (iter->module->C_DestroyObject) (iter->session, iter->object); +} + +/** + * p11_kit_iter_get_attributes: + * @iter: the iterator + * @template: (array length=count) (inout): the attributes to get + * @count: the number of attributes + * + * Get attributes for the current matching object. + * + * This calls C_GetAttributeValue for the object + * currently iterated to. Return value and attribute memory behavior + * is identical to the PKCS\#11 C_GetAttributeValue + * function. + * + * You might choose to use p11_kit_iter_load_attributes() for a more + * helpful variant. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: The result from C_GetAttributeValue. + */ +CK_RV +p11_kit_iter_get_attributes (P11KitIter *iter, + CK_ATTRIBUTE *template, + CK_ULONG count) +{ + return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); + return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR); + return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR); + + return (iter->module->C_GetAttributeValue) (iter->session, iter->object, + template, count); +} + +/** + * p11_kit_iter_load_attributes: + * @iter: the iterator + * @template: (array length=count) (inout): the attributes to load + * @count: the number of attributes + * + * Retrieve attributes for the current matching object. + * + * Each attribute in the array will be filled in with the value + * of that attribute retrieved from the object. After use the + * attribute value memory pointed to by the pValue + * of each attribute should be freed with the free() + * function. + * + * If the pValue of an attribute is not %NULL passed + * to this function, then it will be passed to + * realloc() to allocate the correct amount + * of space for the attribute value. + * + * If any attribute is not present on the object, or is sensitive and + * cannot be retrieved, then the pValue will be NULL. + * If pValue was not %NULL when passed to this function + * then it will be freed with free(). In these + * cases CKR_OK is returned. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: CKR_OK or a failure code + */ +CK_RV +p11_kit_iter_load_attributes (P11KitIter *iter, + CK_ATTRIBUTE *template, + CK_ULONG count) +{ + CK_ATTRIBUTE *original = NULL; + CK_ULONG i; + CK_RV rv; + + return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR); + return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR); + return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR); + + if (count == 0) + return CKR_OK; + + original = memdup (template, count * sizeof (CK_ATTRIBUTE)); + return_val_if_fail (original != NULL, CKR_HOST_MEMORY); + + for (i = 0; i < count; i++) + template[i].pValue = NULL; + + rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count); + + switch (rv) { + case CKR_OK: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_BUFFER_TOO_SMALL: + break; + default: + free (original); + return rv; + } + + for (i = 0; i < count; i++) { + if (template[i].ulValueLen == (CK_ULONG)-1 || + template[i].ulValueLen == 0) { + free (original[i].pValue); + + } else if (original[i].pValue != NULL && + template[i].ulValueLen == original[i].ulValueLen) { + template[i].pValue = original[i].pValue; + + } else { + template[i].pValue = realloc (original[i].pValue, template[i].ulValueLen); + return_val_if_fail (template[i].pValue != NULL, CKR_HOST_MEMORY); + } + } + + free (original); + + rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count); + + switch (rv) { + case CKR_OK: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_ATTRIBUTE_SENSITIVE: + rv = CKR_OK; + break; + default: + return_val_if_fail (rv != CKR_BUFFER_TOO_SMALL, rv); + return rv; + } + + for (i = 0; i < count; i++) { + if (template[i].ulValueLen == (CK_ULONG)-1 || + template[i].ulValueLen == 0) { + free (template[i].pValue); + template[i].pValue = NULL; + } + } + + return rv; +} + +/** + * p11_kit_iter_keep_session: + * @iter: the iterator + * + * After calling this function the session open for iterating + * the current object will not be automatically closed by + * the iterator after later calls to p11_kit_iter_next() or + * p11_kit_iter_free(). + * + * It is the callers responsibility to close this session, + * after the iterator has been freed. The session may still be + * used by the iterator if further iterations are performed. + * + * This can only be called after p11_kit_iter_next() succeeds. + * + * Returns: the current session + */ +CK_SESSION_HANDLE +p11_kit_iter_keep_session (P11KitIter *iter) +{ + return_val_if_fail (iter != NULL, 0); + return_val_if_fail (iter->iterating, 0); + return_val_if_fail (iter->session != 0, 0); + + iter->keep_session = 1; + return iter->session; +} + +/** + * p11_kit_iter_free: + * @iter: the iterator + * + * Frees the iterator and all resources, such as sessions + * or callbacks held by the iterator. + */ +void +p11_kit_iter_free (P11KitIter *iter) +{ + Callback *cb, *next; + + if (iter == NULL) + return; + + finish_iterating (iter, CKR_OK); + p11_array_free (iter->modules); + p11_attrs_free (iter->match_attrs); + free (iter->objects); + free (iter->slots); + + for (cb = iter->callbacks; cb != NULL; cb = next) { + next = cb->next; + if (cb->destroyer) + (cb->destroyer) (cb->callback_data); + free (cb); + } + + free (iter); +} diff --git a/p11-kit/iter.gnu.c b/p11-kit/iter.gnu.c new file mode 100644 index 0000000..da06905 --- /dev/null +++ b/p11-kit/iter.gnu.c @@ -0,0 +1,166 @@ +/* DO NOT EDIT! GENERATED AUTOMATICALLY! */ + +#include +#include "p11-kit/p11-kit.h" +/* + * Copyright (c) 2013,2016 Red Hat, Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_KIT_ITER_H +#define P11_KIT_ITER_H + +#include "p11-kit/p11-kit.h" +#include "p11-kit/pkcs11.h" +#include "p11-kit/uri.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef P11_KIT_FUTURE_UNSTABLE_API + +/* + * If the caller is using the PKCS#11 GNU calling convention, then we cater + * to that here. + */ +#ifdef CRYPTOKI_GNU +typedef unsigned char CK_BBOOL; +typedef ck_object_handle_t CK_OBJECT_HANDLE; +typedef ck_session_handle_t CK_SESSION_HANDLE; +#endif + +typedef struct p11_kit_iter P11KitIter; +typedef P11KitIter p11_kit_iter; + +typedef enum { + P11_KIT_ITER_KIND_MODULE, + P11_KIT_ITER_KIND_SLOT, + P11_KIT_ITER_KIND_TOKEN, + P11_KIT_ITER_KIND_OBJECT, + P11_KIT_ITER_KIND_UNKNOWN = -1, +} P11KitIterKind; + +typedef enum { + P11_KIT_ITER_BUSY_SESSIONS = 1 << 1, + P11_KIT_ITER_WANT_WRITABLE = 1 << 2, + P11_KIT_ITER_WITH_MODULES = 1 << 3, + P11_KIT_ITER_WITH_SLOTS = 1 << 4, + P11_KIT_ITER_WITH_TOKENS = 1 << 5, + P11_KIT_ITER_WITHOUT_OBJECTS = 1 << 6, +} P11KitIterBehavior; + +typedef CK_RV (* p11_kit_iter_callback) (P11KitIter *iter, + CK_BBOOL *matches, + void *data); + +P11KitIter * p11_kit_iter_new (P11KitUri *uri, + P11KitIterBehavior behavior); + +void p11_kit_iter_free (P11KitIter *iter); + +void p11_kit_iter_add_callback (P11KitIter *iter, + p11_kit_iter_callback callback, + void *callback_data, + p11_kit_destroyer callback_destroy); + +void p11_kit_iter_add_filter (P11KitIter *iter, + CK_ATTRIBUTE *matching, + CK_ULONG count); + +void p11_kit_iter_set_uri (P11KitIter *iter, + P11KitUri *uri); + +void p11_kit_iter_begin (P11KitIter *iter, + CK_FUNCTION_LIST_PTR *modules); + +void p11_kit_iter_begin_with (P11KitIter *iter, + CK_FUNCTION_LIST_PTR module, + CK_SLOT_ID slot, + CK_SESSION_HANDLE session); + +CK_RV p11_kit_iter_next (P11KitIter *iter); + +P11KitIterKind p11_kit_iter_get_kind (P11KitIter *iter); + +CK_FUNCTION_LIST_PTR p11_kit_iter_get_module (P11KitIter *iter); + +CK_SLOT_ID p11_kit_iter_get_slot (P11KitIter *iter); + +CK_SLOT_INFO * p11_kit_iter_get_slot_info (P11KitIter *iter); + +CK_TOKEN_INFO * p11_kit_iter_get_token (P11KitIter *iter); + +CK_SESSION_HANDLE p11_kit_iter_get_session (P11KitIter *iter); + +CK_OBJECT_HANDLE p11_kit_iter_get_object (P11KitIter *iter); + +CK_RV p11_kit_iter_get_attributes (P11KitIter *iter, + CK_ATTRIBUTE *template, + CK_ULONG count); + +CK_RV p11_kit_iter_load_attributes (P11KitIter *iter, + CK_ATTRIBUTE *template, + CK_ULONG count); + +CK_SESSION_HANDLE p11_kit_iter_keep_session (P11KitIter *iter); + +CK_RV p11_kit_iter_destroy_object (P11KitIter *iter); + +#endif /* P11_KIT_FUTURE_UNSTABLE_API */ + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* P11_KIT_ITER_H */ +void *p11_kit_iter_gnu_c_funcs[] = { + p11_kit_iter_new, + p11_kit_iter_free, + p11_kit_iter_add_callback, + p11_kit_iter_add_filter, + p11_kit_iter_set_uri, + p11_kit_iter_begin, + p11_kit_iter_begin_with, + p11_kit_iter_next, + p11_kit_iter_get_kind, + p11_kit_iter_get_module, + p11_kit_iter_get_slot, + p11_kit_iter_get_slot_info, + p11_kit_iter_get_token, + p11_kit_iter_get_session, + p11_kit_iter_get_object, + p11_kit_iter_get_attributes, + p11_kit_iter_load_attributes, + p11_kit_iter_keep_session, + p11_kit_iter_destroy_object, +}; diff --git a/p11-kit/iter.h b/p11-kit/iter.h new file mode 100644 index 0000000..991dcc9 --- /dev/null +++ b/p11-kit/iter.h @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2013,2016 Red Hat, Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_KIT_ITER_H +#define P11_KIT_ITER_H + +#include "p11-kit/p11-kit.h" +#include "p11-kit/pkcs11.h" +#include "p11-kit/uri.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef P11_KIT_FUTURE_UNSTABLE_API + +/* + * If the caller is using the PKCS#11 GNU calling convention, then we cater + * to that here. + */ +#ifdef CRYPTOKI_GNU +typedef unsigned char CK_BBOOL; +typedef ck_object_handle_t CK_OBJECT_HANDLE; +typedef ck_session_handle_t CK_SESSION_HANDLE; +#endif + +typedef struct p11_kit_iter P11KitIter; +typedef P11KitIter p11_kit_iter; + +typedef enum { + P11_KIT_ITER_KIND_MODULE, + P11_KIT_ITER_KIND_SLOT, + P11_KIT_ITER_KIND_TOKEN, + P11_KIT_ITER_KIND_OBJECT, + P11_KIT_ITER_KIND_UNKNOWN = -1, +} P11KitIterKind; + +typedef enum { + P11_KIT_ITER_BUSY_SESSIONS = 1 << 1, + P11_KIT_ITER_WANT_WRITABLE = 1 << 2, + P11_KIT_ITER_WITH_MODULES = 1 << 3, + P11_KIT_ITER_WITH_SLOTS = 1 << 4, + P11_KIT_ITER_WITH_TOKENS = 1 << 5, + P11_KIT_ITER_WITHOUT_OBJECTS = 1 << 6, +} P11KitIterBehavior; + +typedef CK_RV (* p11_kit_iter_callback) (P11KitIter *iter, + CK_BBOOL *matches, + void *data); + +P11KitIter * p11_kit_iter_new (P11KitUri *uri, + P11KitIterBehavior behavior); + +void p11_kit_iter_free (P11KitIter *iter); + +void p11_kit_iter_add_callback (P11KitIter *iter, + p11_kit_iter_callback callback, + void *callback_data, + p11_kit_destroyer callback_destroy); + +void p11_kit_iter_add_filter (P11KitIter *iter, + CK_ATTRIBUTE *matching, + CK_ULONG count); + +void p11_kit_iter_set_uri (P11KitIter *iter, + P11KitUri *uri); + +void p11_kit_iter_begin (P11KitIter *iter, + CK_FUNCTION_LIST_PTR *modules); + +void p11_kit_iter_begin_with (P11KitIter *iter, + CK_FUNCTION_LIST_PTR module, + CK_SLOT_ID slot, + CK_SESSION_HANDLE session); + +CK_RV p11_kit_iter_next (P11KitIter *iter); + +P11KitIterKind p11_kit_iter_get_kind (P11KitIter *iter); + +CK_FUNCTION_LIST_PTR p11_kit_iter_get_module (P11KitIter *iter); + +CK_SLOT_ID p11_kit_iter_get_slot (P11KitIter *iter); + +CK_SLOT_INFO * p11_kit_iter_get_slot_info (P11KitIter *iter); + +CK_TOKEN_INFO * p11_kit_iter_get_token (P11KitIter *iter); + +CK_SESSION_HANDLE p11_kit_iter_get_session (P11KitIter *iter); + +CK_OBJECT_HANDLE p11_kit_iter_get_object (P11KitIter *iter); + +CK_RV p11_kit_iter_get_attributes (P11KitIter *iter, + CK_ATTRIBUTE *template, + CK_ULONG count); + +CK_RV p11_kit_iter_load_attributes (P11KitIter *iter, + CK_ATTRIBUTE *template, + CK_ULONG count); + +CK_SESSION_HANDLE p11_kit_iter_keep_session (P11KitIter *iter); + +CK_RV p11_kit_iter_destroy_object (P11KitIter *iter); + +#endif /* P11_KIT_FUTURE_UNSTABLE_API */ + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* P11_KIT_ITER_H */ diff --git a/p11-kit/libp11-kit-0.dll.def b/p11-kit/libp11-kit-0.dll.def new file mode 100644 index 0000000..777d56a --- /dev/null +++ b/p11-kit/libp11-kit-0.dll.def @@ -0,0 +1,101 @@ +EXPORTS +C_GetFunctionList +p11_kit_be_loud +p11_kit_be_quiet +p11_kit_config_option +p11_kit_finalize_module +p11_kit_finalize_registered +p11_kit_initialize_module +p11_kit_initialize_registered +p11_kit_iter_add_callback +p11_kit_iter_add_filter +p11_kit_iter_begin +p11_kit_iter_begin_with +p11_kit_iter_destroy_object +p11_kit_iter_free +p11_kit_iter_get_attributes +p11_kit_iter_get_kind +p11_kit_iter_get_module +p11_kit_iter_get_object +p11_kit_iter_get_session +p11_kit_iter_get_slot +p11_kit_iter_get_slot_info +p11_kit_iter_get_token +p11_kit_iter_keep_session +p11_kit_iter_load_attributes +p11_kit_iter_new +p11_kit_iter_next +p11_kit_iter_set_uri +p11_kit_load_initialize_module +p11_kit_message +p11_kit_module_finalize +p11_kit_module_for_name +p11_kit_module_get_filename +p11_kit_module_get_flags +p11_kit_module_get_name +p11_kit_module_initialize +p11_kit_module_load +p11_kit_module_release +p11_kit_modules_finalize +p11_kit_modules_finalize_and_release +p11_kit_modules_initialize +p11_kit_modules_load +p11_kit_modules_load_and_initialize +p11_kit_modules_release +p11_kit_override_system_files +p11_kit_pin_file_callback +p11_kit_pin_get_length +p11_kit_pin_get_value +p11_kit_pin_new +p11_kit_pin_new_for_buffer +p11_kit_pin_new_for_string +p11_kit_pin_ref +p11_kit_pin_register_callback +p11_kit_pin_request +p11_kit_pin_unref +p11_kit_pin_unregister_callback +p11_kit_registered_module_to_name +p11_kit_registered_modules +p11_kit_registered_name_to_module +p11_kit_registered_option +p11_kit_remote_serve_module +p11_kit_remote_serve_token +p11_kit_remote_serve_tokens +p11_kit_set_progname +p11_kit_space_strdup +p11_kit_space_strlen +p11_kit_strerror +p11_kit_uri_any_unrecognized +p11_kit_uri_clear_attribute +p11_kit_uri_clear_attributes +p11_kit_uri_format +p11_kit_uri_free +p11_kit_uri_get_attribute +p11_kit_uri_get_attributes +p11_kit_uri_get_module_info +p11_kit_uri_get_module_name +p11_kit_uri_get_module_path +p11_kit_uri_get_pin_source +p11_kit_uri_get_pin_value +p11_kit_uri_get_pinfile +p11_kit_uri_get_slot_id +p11_kit_uri_get_slot_info +p11_kit_uri_get_token_info +p11_kit_uri_get_vendor_query +p11_kit_uri_match_attributes +p11_kit_uri_match_module_info +p11_kit_uri_match_slot_info +p11_kit_uri_match_token_info +p11_kit_uri_message +p11_kit_uri_new +p11_kit_uri_parse +p11_kit_uri_set_attribute +p11_kit_uri_set_attributes +p11_kit_uri_set_module_name +p11_kit_uri_set_module_path +p11_kit_uri_set_pin_source +p11_kit_uri_set_pin_value +p11_kit_uri_set_pinfile +p11_kit_uri_set_slot_id +p11_kit_uri_set_unrecognized +p11_kit_uri_set_vendor_query diff --git a/p11-kit/libp11-kit.map b/p11-kit/libp11-kit.map new file mode 100644 index 0000000..6a661f3 --- /dev/null +++ b/p11-kit/libp11-kit.map @@ -0,0 +1,105 @@ +LIBP11_KIT_1.0 { + global: + C_GetFunctionList; + p11_kit_be_loud; + p11_kit_be_quiet; + p11_kit_config_option; + p11_kit_finalize_module; + p11_kit_finalize_registered; + p11_kit_initialize_module; + p11_kit_initialize_registered; + p11_kit_iter_add_callback; + p11_kit_iter_add_filter; + p11_kit_iter_begin; + p11_kit_iter_begin_with; + p11_kit_iter_destroy_object; + p11_kit_iter_free; + p11_kit_iter_get_attributes; + p11_kit_iter_get_kind; + p11_kit_iter_get_module; + p11_kit_iter_get_object; + p11_kit_iter_get_session; + p11_kit_iter_get_slot; + p11_kit_iter_get_slot_info; + p11_kit_iter_get_token; + p11_kit_iter_keep_session; + p11_kit_iter_load_attributes; + p11_kit_iter_new; + p11_kit_iter_next; + p11_kit_iter_set_uri; + p11_kit_load_initialize_module; + p11_kit_message; + p11_kit_module_finalize; + p11_kit_module_for_name; + p11_kit_module_get_filename; + p11_kit_module_get_flags; + p11_kit_module_get_name; + p11_kit_module_initialize; + p11_kit_module_load; + p11_kit_module_release; + p11_kit_modules_finalize; + p11_kit_modules_finalize_and_release; + p11_kit_modules_initialize; + p11_kit_modules_load; + p11_kit_modules_load_and_initialize; + p11_kit_modules_release; + p11_kit_override_system_files; + p11_kit_pin_file_callback; + p11_kit_pin_get_length; + p11_kit_pin_get_value; + p11_kit_pin_new; + p11_kit_pin_new_for_buffer; + p11_kit_pin_new_for_string; + p11_kit_pin_ref; + p11_kit_pin_register_callback; + p11_kit_pin_request; + p11_kit_pin_unref; + p11_kit_pin_unregister_callback; + p11_kit_registered_modules; + p11_kit_registered_module_to_name; + p11_kit_registered_name_to_module; + p11_kit_registered_option; + p11_kit_remote_serve_module; + p11_kit_remote_serve_token; + p11_kit_remote_serve_tokens; + p11_kit_set_progname; + p11_kit_space_strdup; + p11_kit_space_strlen; + p11_kit_strerror; + p11_kit_uri_any_unrecognized; + p11_kit_uri_clear_attribute; + p11_kit_uri_clear_attributes; + p11_kit_uri_format; + p11_kit_uri_free; + p11_kit_uri_get_attribute; + p11_kit_uri_get_attributes; + p11_kit_uri_get_module_info; + p11_kit_uri_get_module_name; + p11_kit_uri_get_module_path; + p11_kit_uri_get_pinfile; + p11_kit_uri_get_pin_source; + p11_kit_uri_get_pin_value; + p11_kit_uri_get_slot_id; + p11_kit_uri_get_slot_info; + p11_kit_uri_get_token_info; + p11_kit_uri_get_vendor_query; + p11_kit_uri_match_attributes; + p11_kit_uri_match_module_info; + p11_kit_uri_match_slot_info; + p11_kit_uri_match_token_info; + p11_kit_uri_message; + p11_kit_uri_new; + p11_kit_uri_parse; + p11_kit_uri_set_attribute; + p11_kit_uri_set_attributes; + p11_kit_uri_set_module_name; + p11_kit_uri_set_module_path; + p11_kit_uri_set_pinfile; + p11_kit_uri_set_pin_source; + p11_kit_uri_set_pin_value; + p11_kit_uri_set_slot_id; + p11_kit_uri_set_unrecognized; + p11_kit_uri_set_vendor_query; + local: + *; +}; diff --git a/p11-kit/lists.c b/p11-kit/lists.c new file mode 100644 index 0000000..5804be2 --- /dev/null +++ b/p11-kit/lists.c @@ -0,0 +1,290 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "debug.h" + +#include +#include +#include +#include +#include +#include + +#include "message.h" +#include "p11-kit.h" +#include "tool.h" +#include "uri.h" + +int p11_kit_list_modules (int argc, + char *argv[]); + +bool verbose = false; + +static const char HEXC_LOWER[] = "0123456789abcdef"; + +static char * +hex_encode (const unsigned char *data, + size_t n_data) +{ + char *result; + size_t i; + size_t o; + + result = malloc (n_data * 3 + 1); + if (result == NULL) + return NULL; + + for (i = 0, o = 0; i < n_data; i++) { + if (i > 0) + result[o++] = ':'; + result[o++] = HEXC_LOWER[data[i] >> 4 & 0xf]; + result[o++] = HEXC_LOWER[data[i] & 0xf]; + } + + result[o] = 0; + return result; +} + +static bool +is_ascii_string (const unsigned char *data, + size_t n_data) +{ + size_t i; + + for (i = 0; i < n_data; i++) { + if (!isascii (data[i]) && + (data[i] < 0x20 && !isspace (data[i]))) + return false; + } + + return true; +} + +static void +print_token_info (CK_FUNCTION_LIST_PTR module, CK_SLOT_ID slot_id) +{ + CK_TOKEN_INFO info; + char *value; + CK_RV rv; + + rv = (module->C_GetTokenInfo) (slot_id, &info); + if (rv != CKR_OK) { + p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); + return; + } + + value = p11_kit_space_strdup (info.label, sizeof (info.label)); + printf (" token: %s\n", value); + free (value); + + value = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + printf (" manufacturer: %s\n", value); + free (value); + + value = p11_kit_space_strdup (info.model, sizeof (info.model)); + printf (" model: %s\n", value); + free (value); + + if (is_ascii_string (info.serialNumber, sizeof (info.serialNumber))) + value = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); + else + value = hex_encode (info.serialNumber, sizeof (info.serialNumber)); + printf (" serial-number: %s\n", value); + free (value); + + if (info.hardwareVersion.major || info.hardwareVersion.minor) + printf (" hardware-version: %d.%d\n", + info.hardwareVersion.major, + info.hardwareVersion.minor); + + if (info.firmwareVersion.major || info.firmwareVersion.minor) + printf (" firmware-version: %d.%d\n", + info.firmwareVersion.major, + info.firmwareVersion.minor); + + printf (" flags:\n"); + #define X(x, y) if (info.flags & (x)) printf (" %s\n", (y)) + X(CKF_RNG, "rng"); + X(CKF_WRITE_PROTECTED, "write-protected"); + X(CKF_LOGIN_REQUIRED, "login-required"); + X(CKF_USER_PIN_INITIALIZED, "user-pin-initialized"); + X(CKF_RESTORE_KEY_NOT_NEEDED, "restore-key-not-needed"); + X(CKF_CLOCK_ON_TOKEN, "clock-on-token"); + X(CKF_PROTECTED_AUTHENTICATION_PATH, "protected-authentication-path"); + X(CKF_DUAL_CRYPTO_OPERATIONS, "dual-crypto-operations"); + X(CKF_TOKEN_INITIALIZED, "token-initialized"); + X(CKF_SECONDARY_AUTHENTICATION, "secondary-authentication"); + X(CKF_USER_PIN_COUNT_LOW, "user-pin-count-low"); + X(CKF_USER_PIN_FINAL_TRY, "user-pin-final-try"); + X(CKF_USER_PIN_LOCKED, "user-pin-locked"); + X(CKF_USER_PIN_TO_BE_CHANGED, "user-pin-to-be-changed"); + X(CKF_SO_PIN_COUNT_LOW, "so-pin-count-low"); + X(CKF_SO_PIN_FINAL_TRY, "so-pin-final-try"); + X(CKF_SO_PIN_LOCKED, "so-pin-locked"); + X(CKF_SO_PIN_TO_BE_CHANGED, "so-pin-to-be-changed"); + #undef X +} + +static void +print_module_info (CK_FUNCTION_LIST_PTR module) +{ + CK_SLOT_ID slot_list[256]; + CK_ULONG i, count; + CK_INFO info; + char *value; + CK_RV rv; + + rv = (module->C_GetInfo) (&info); + if (rv != CKR_OK) { + p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); + return; + } + + value = p11_kit_space_strdup (info.libraryDescription, + sizeof (info.libraryDescription)); + printf (" library-description: %s\n", value); + free (value); + + value = p11_kit_space_strdup (info.manufacturerID, + sizeof (info.manufacturerID)); + printf (" library-manufacturer: %s\n", value); + free (value); + + printf (" library-version: %d.%d\n", + info.libraryVersion.major, + info.libraryVersion.minor); + + count = sizeof (slot_list) / sizeof (slot_list[0]); + rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); + if (rv != CKR_OK) { + p11_message ("couldn't load module info: %s", p11_kit_strerror (rv)); + return; + } + + for (i = 0; i < count; i++) + print_token_info (module, slot_list[i]); +} + +static int +print_modules (void) +{ + CK_FUNCTION_LIST_PTR *module_list; + char *name; + char *path; + int i; + + module_list = p11_kit_modules_load_and_initialize (0); + if (!module_list) + return 1; + + for (i = 0; module_list[i]; i++) { + name = p11_kit_module_get_name (module_list[i]); + path = p11_kit_config_option (module_list[i], "module"); + + printf ("%s: %s\n", + name ? name : "(null)", + path ? path : "(null)"); + print_module_info (module_list[i]); + + free (name); + free (path); + } + + p11_kit_modules_finalize_and_release (module_list); + return 0; +} + +int +p11_kit_list_modules (int argc, + char *argv[]) +{ + int opt; + + enum { + opt_verbose = 'v', + opt_quiet = 'q', + opt_list = 'l', + opt_help = 'h', + }; + + struct option options[] = { + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "list", no_argument, NULL, opt_list }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: p11-kit list" }, + { opt_verbose, "show verbose debug output", }, + { opt_quiet, "suppress command output", }, + { 0 }, + }; + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + + case opt_verbose: + p11_kit_be_loud (); + break; + + case opt_quiet: + p11_kit_be_quiet (); + break; + + case opt_list: + break; + + case opt_help: + p11_tool_usage (usages, options); + return 0; + case '?': + return 2; + default: + assert_not_reached (); + break; + } + } + + if (argc - optind != 0) { + p11_message ("extra arguments specified"); + return 2; + } + + return print_modules (); +} diff --git a/p11-kit/log.c b/p11-kit/log.c new file mode 100644 index 0000000..19377b2 --- /dev/null +++ b/p11-kit/log.c @@ -0,0 +1,2022 @@ +/* + * Copyright (c) 2007, Stefan Walter + * Copyright (c) 2013, Red Hat Inc. + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "buffer.h" +#include "constants.h" +#include "debug.h" +#include "log.h" +#include "p11-kit.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include + +bool p11_log_force = false; +bool p11_log_output = true; + +typedef struct { + p11_virtual virt; + CK_X_FUNCTION_LIST *lower; + p11_destroyer destroyer; +} LogData; + +#define LOG_FLAG(buf, flags, had, flag) \ + if ((flags & flag) == flag) { \ + p11_buffer_add (buf, had ? " | " : " = ", 3); \ + p11_buffer_add (buf, #flag, -1); \ + had++; \ + } + +static void +log_CKM (p11_buffer *buf, + CK_MECHANISM_TYPE v) +{ + char temp[32]; + const char *string; + + string = p11_constant_name (p11_constant_mechanisms, v); + if (string == NULL) { + snprintf (temp, sizeof (temp), "CKM_0x%08lX", v); + p11_buffer_add (buf, temp, -1); + } else { + p11_buffer_add (buf, string, -1); + } +} + +static void +log_CKS (p11_buffer *buf, + CK_STATE v) +{ + char temp[32]; + const char *string; + + string = p11_constant_name (p11_constant_states, v); + if (string == NULL) { + snprintf (temp, sizeof (temp), "CKS_0x%08lX", v); + p11_buffer_add (buf, temp, -1); + } else { + p11_buffer_add (buf, string, -1); + } +} + +static void +log_CKU (p11_buffer *buf, + CK_USER_TYPE v) +{ + char temp[32]; + const char *string; + + string = p11_constant_name (p11_constant_users, v); + if (string == NULL) { + snprintf (temp, sizeof (temp), "CKU_0x%08lX", v); + p11_buffer_add (buf, temp, -1); + } else { + p11_buffer_add (buf, string, -1); + } +} + +static void +log_CKR (p11_buffer *buf, + CK_RV v) +{ + char temp[32]; + const char *string; + + string = p11_constant_name (p11_constant_returns, v); + if (string == NULL) { + snprintf (temp, sizeof (temp), "CKR_0x%08lX", v); + p11_buffer_add (buf, temp, -1); + } else { + p11_buffer_add (buf, string, -1); + } +} + +static void +log_some_bytes (p11_buffer *buf, + CK_BYTE_PTR arr, + CK_ULONG num) +{ + CK_ULONG i; + char temp[128]; + char *p, *e; + CK_BYTE ch; + + if(!arr) { + p11_buffer_add (buf, "NULL", 4); + return; + } else if (num == (CK_ULONG)-1) { + p11_buffer_add (buf, "????", 4); + return; + } + + temp[0] = '\"'; + p = temp + 1; + e = temp + (sizeof (temp) - 8); + + for(i = 0; i < num && p < e; ++i, ++p) { + ch = arr[i]; + if (ch == '\t') { + p[0] = '\\'; p[1] = 't'; + ++p; + } else if (ch == '\n') { + p[0] = '\\'; p[1] = 'n'; + ++p; + } else if (ch == '\r') { + p[0] = '\\'; p[1] = 'r'; + ++p; + } else if (ch >= 32 && ch < 127) { + *p = ch; + } else { + p[0] = '\\'; + p[1] = 'x'; + sprintf(p + 2, "%02X", ch); + p += 3; + } + } + + *p = 0; + if (p >= e) + strcpy (e, "..."); + strcat (p, "\""); + p11_buffer_add (buf, temp, -1); +} + +static void +log_pointer (p11_buffer *buf, + const char *pref, + const char *name, + CK_VOID_PTR val, + CK_RV status) +{ + char temp[32]; + + if (status != CKR_OK) + return; + + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (val == NULL) { + p11_buffer_add (buf, "NULL\n", 5); + } else { + snprintf (temp, sizeof (temp), "0x%08lX\n", (unsigned long)(size_t)val); + p11_buffer_add (buf, temp, -1); + } +} + +static void +log_attribute_types (p11_buffer *buf, + const char *pref, + const char *name, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num, + CK_RV status) +{ + const char *string; + char temp[32]; + CK_ULONG i; + + if (status == CKR_BUFFER_TOO_SMALL) { + arr = NULL; + status = CKR_OK; + } + if (status != CKR_OK) + return; + + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (arr == NULL) { + snprintf (temp, sizeof (temp), "(%lu) NONE\n", num); + p11_buffer_add (buf, temp, -1); + } else { + snprintf (temp, sizeof (temp), "(%lu) [ ", num); + p11_buffer_add (buf, temp, -1); + for (i = 0; i < num; i++) { + if (i > 0) + p11_buffer_add (buf, ", ", 2); + string = p11_constant_name (p11_constant_types, arr[i].type); + if (string != NULL) { + p11_buffer_add (buf, string, -1); + } else { + snprintf (temp, sizeof (temp), "CKA_0x%08lX", arr[i].type); + p11_buffer_add (buf, temp, -1); + } + } + + p11_buffer_add (buf, " ]\n", 3); + } +} + +static void +log_attribute_array (p11_buffer *buf, + const char *pref, + const char *name, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num, + CK_RV status) +{ + char temp[32]; + + if (status == CKR_BUFFER_TOO_SMALL) { + arr = NULL; + status = CKR_OK; + } + if (status != CKR_OK) + return; + + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (arr == NULL) { + snprintf (temp, sizeof (temp), "(%lu) NONE\n", num); + p11_buffer_add (buf, temp, -1); + } else { + p11_attrs_format (buf, arr, num); + p11_buffer_add (buf, "\n", 1); + } +} + +static void +log_bool (p11_buffer *buf, + const char *pref, + const char *name, + CK_BBOOL val, + CK_RV status) +{ + if (status == CKR_OK) { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + p11_buffer_add (buf, val ? "CK_TRUE" : "CK_FALSE", -1); + p11_buffer_add (buf, "\n", 1); + } +} + +static void +log_byte_array (p11_buffer *buf, + const char *pref, + const char *name, + CK_BYTE_PTR arr, + CK_ULONG_PTR num, + CK_RV status) +{ + char temp[32]; + + if (status == CKR_BUFFER_TOO_SMALL) { + arr = NULL; + status = CKR_OK; + } + + if (status != CKR_OK) + return; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (num == NULL) { + p11_buffer_add (buf, "(?) NOTHING\n", -1); + } else if (arr == NULL) { + snprintf (temp, sizeof (temp), "(%lu) NOTHING\n", *num); + p11_buffer_add (buf, temp, -1); + } else { + snprintf (temp, sizeof (temp), "(%lu) ", *num); + p11_buffer_add (buf, temp, -1); + log_some_bytes (buf, arr, *num); + p11_buffer_add (buf, "\n", 1); + } +} + +static void +log_info (p11_buffer *buf, + const char *pref, + const char *name, + CK_INFO_PTR info, + CK_RV status) +{ + char temp[32]; + + if (status != CKR_OK) + return; + if (info == NULL) { + log_pointer (buf, pref, name, info, status); + } else { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tcryptokiVersion: ", -1); + snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->cryptokiVersion.major, + (unsigned int)info->cryptokiVersion.minor); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tmanufacturerID: \"", -1); + p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); + p11_buffer_add (buf, "\"\n\tflags: ", -1); + snprintf (temp, sizeof (temp), "%lX", info->flags); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tlibraryDescription: \"", -1); + p11_buffer_add (buf, info->libraryDescription, p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription))); + p11_buffer_add (buf, "\"\n\tlibraryVersion: ", -1); + snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->libraryVersion.major, + (unsigned int)info->libraryVersion.minor); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n }\n", -1); + } +} + +static void +log_pInitArgs (p11_buffer *buf, + const char *pref, + const char *name, + CK_VOID_PTR pInitArgs, + CK_RV status) +{ + char temp[32]; + int had = 0; + + if (status != CKR_OK) + return; + if (pInitArgs == NULL) + log_pointer (buf, pref, name, pInitArgs, status); + else { + CK_C_INITIALIZE_ARGS *args = (CK_C_INITIALIZE_ARGS*)pInitArgs; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tCreateMutex: ", -1); + snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->CreateMutex); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tDestroyMutex: ", -1); + snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->DestroyMutex); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tLockMutex: ", -1); + snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->LockMutex); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tUnlockMutex: ", -1); + snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->UnlockMutex); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tflags: ", -1); + snprintf (temp, sizeof (temp), "%lX", args->flags); + LOG_FLAG (buf, args->flags, had, CKF_OS_LOCKING_OK); + p11_buffer_add (buf, "\n\treserved: ", -1); + snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->pReserved); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n }\n", -1); + } +} + +static void +log_mechanism_info (p11_buffer *buf, + const char *pref, + const char *name, + CK_MECHANISM_INFO_PTR info, + CK_RV status) +{ + char temp[32]; + int had = 0; + + if (status != CKR_OK) + return; + if (info == NULL) { + log_pointer (buf, pref, name, info, status); + } else { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tulMinKeySize: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulMinKeySize); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tulMaxKeySize: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulMaxKeySize); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tflags: ", -1); + snprintf (temp, sizeof (temp), "%lX", info->flags); + p11_buffer_add (buf, temp, -1); + LOG_FLAG (buf, info->flags, had, CKF_HW); + LOG_FLAG (buf, info->flags, had, CKF_ENCRYPT); + LOG_FLAG (buf, info->flags, had, CKF_DECRYPT); + LOG_FLAG (buf, info->flags, had, CKF_DIGEST); + LOG_FLAG (buf, info->flags, had, CKF_SIGN); + LOG_FLAG (buf, info->flags, had, CKF_SIGN_RECOVER); + LOG_FLAG (buf, info->flags, had, CKF_VERIFY); + LOG_FLAG (buf, info->flags, had, CKF_VERIFY_RECOVER); + LOG_FLAG (buf, info->flags, had, CKF_GENERATE); + LOG_FLAG (buf, info->flags, had, CKF_GENERATE_KEY_PAIR); + LOG_FLAG (buf, info->flags, had, CKF_WRAP); + LOG_FLAG (buf, info->flags, had, CKF_UNWRAP); + LOG_FLAG (buf, info->flags, had, CKF_DERIVE); + LOG_FLAG (buf, info->flags, had, CKF_EXTENSION); + p11_buffer_add (buf, "\n }\n", -1); + } +} + +static void +log_mechanism (p11_buffer *buf, + const char *pref, + const char *name, + CK_MECHANISM_PTR mech, + CK_RV status) +{ + char temp[32]; + + if (status != CKR_OK) + return; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tmechanism: ", -1); + log_CKM (buf, mech->mechanism); + p11_buffer_add (buf, "\n\tpParameter: ", -1); + snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen); + p11_buffer_add (buf, temp, -1); + log_some_bytes (buf, mech->pParameter, mech->ulParameterLen); + p11_buffer_add (buf, "\n }\n", -1); +} + +static void +log_mechanism_type (p11_buffer *buf, + const char *pref, + const char *name, + CK_MECHANISM_TYPE val, + CK_RV status) +{ + if (status != CKR_OK) + return; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + log_CKM (buf, val); + p11_buffer_add (buf, "\n", 1); +} + +static void +log_mechanism_type_array (p11_buffer *buf, + const char *pref, + const char *name, + CK_MECHANISM_TYPE_PTR arr, + CK_ULONG_PTR num, + CK_RV status) +{ + char temp[32]; + CK_ULONG i; + + if (status == CKR_BUFFER_TOO_SMALL) { + arr = NULL; + status = CKR_OK; + } + if (status != CKR_OK) + return; + + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (num == NULL) { + p11_buffer_add (buf, "(?) NO-VALUES\n", -1); + } else if (arr == NULL) { + snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num); + p11_buffer_add (buf, temp, -1); + } else { + snprintf (temp, sizeof (temp), "(%lu) [ ", *num); + p11_buffer_add (buf, temp, -1); + for(i = 0; i < *num; ++i) { + if (i > 0) + p11_buffer_add (buf, ", ", 2); + log_CKM (buf, arr[i]); + } + p11_buffer_add (buf, " ]\n", 3); + } +} + +static void +log_session_info (p11_buffer *buf, + const char *pref, + const char *name, + CK_SESSION_INFO_PTR info, + CK_RV status) +{ + char temp[32]; + int had = 0; + + if (status != CKR_OK) + return; + if (info == NULL) { + log_pointer (buf, pref, name, info, status); + } else { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tslotID: ", -1); + snprintf (temp, sizeof (temp), "SL%lu", info->slotID); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tstate: ", -1); + log_CKS (buf, info->state); + p11_buffer_add (buf, "\n\tflags: ", -1); + snprintf (temp, sizeof (temp), "%lX", info->flags); + p11_buffer_add (buf, temp, -1); + LOG_FLAG (buf, info->flags, had, CKF_SERIAL_SESSION); + LOG_FLAG (buf, info->flags, had, CKF_RW_SESSION); + p11_buffer_add (buf, "\n\tulDeviceError: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulDeviceError); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n }\n", -1); + } +} + +static void +log_slot_info (p11_buffer *buf, + const char *pref, + const char *name, + CK_SLOT_INFO_PTR info, + CK_RV status) +{ + char temp[32]; + int had = 0; + + if (status != CKR_OK) + return; + if (info == NULL) { + log_pointer (buf, pref, name, info, status); + } else { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tslotDescription: \"", -1); + p11_buffer_add (buf, info->slotDescription, p11_kit_space_strlen (info->slotDescription, sizeof (info->slotDescription))); + p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1); + p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); + p11_buffer_add (buf, "\"\n\tflags: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->flags); + p11_buffer_add (buf, temp, -1); + LOG_FLAG (buf, info->flags, had, CKF_TOKEN_PRESENT); + LOG_FLAG (buf, info->flags, had, CKF_REMOVABLE_DEVICE); + LOG_FLAG (buf, info->flags, had, CKF_HW_SLOT); + p11_buffer_add (buf, "\n\thardwareVersion: ", -1); + snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major, + (unsigned int)info->hardwareVersion.minor); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1); + snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major, + (unsigned int)info->firmwareVersion.minor); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n }\n", -1); + } +} + +static void +log_string (p11_buffer *buf, + const char *pref, + const char *name, + CK_UTF8CHAR_PTR str, + const CK_RV status) +{ + if (status != CKR_OK) + return; + if (str == NULL) { + log_pointer (buf, pref, name, str, status); + } else { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = \"", 4); + p11_buffer_add (buf, str, -1); + p11_buffer_add (buf, "\"\n", 2); + } +} + +static void +log_token_number (p11_buffer *buf, + CK_ULONG number) +{ + char temp[32]; + + if (number == 0) { + p11_buffer_add (buf, "CK_UNAVAILABLE_INFORMATION", -1); + } else if (number == (CK_ULONG)-1) { + p11_buffer_add (buf, "CK_EFFECTIVELY_INFINITE", -1); + } else { + snprintf (temp, sizeof (temp), "%lu", number); + p11_buffer_add (buf, temp, -1); + } +} + +static void +log_token_info (p11_buffer *buf, + const char *pref, + const char *name, + CK_TOKEN_INFO_PTR info, + CK_RV status) +{ + char temp[32]; + int had = 0; + + if (status != CKR_OK) + return; + if (info == NULL) { + log_pointer (buf, pref, name, info, status); + } else { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = {\n", 5); + p11_buffer_add (buf, "\tlabel: \"", -1); + p11_buffer_add (buf, info->label, p11_kit_space_strlen (info->label, sizeof (info->label))); + p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1); + p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID))); + p11_buffer_add (buf, "\"\n\tmodel: \"", -1); + p11_buffer_add (buf, info->model, p11_kit_space_strlen (info->model, sizeof (info->model))); + p11_buffer_add (buf, "\"\n\tserialNumber: \"", -1); + p11_buffer_add (buf, info->serialNumber, p11_kit_space_strlen (info->serialNumber, sizeof (info->serialNumber))); + p11_buffer_add (buf, "\"\n\tflags: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->flags); + p11_buffer_add (buf, temp, -1); + LOG_FLAG (buf, info->flags, had, CKF_RNG); + LOG_FLAG (buf, info->flags, had, CKF_WRITE_PROTECTED); + LOG_FLAG (buf, info->flags, had, CKF_LOGIN_REQUIRED); + LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_INITIALIZED); + LOG_FLAG (buf, info->flags, had, CKF_RESTORE_KEY_NOT_NEEDED); + LOG_FLAG (buf, info->flags, had, CKF_CLOCK_ON_TOKEN); + LOG_FLAG (buf, info->flags, had, CKF_PROTECTED_AUTHENTICATION_PATH); + LOG_FLAG (buf, info->flags, had, CKF_DUAL_CRYPTO_OPERATIONS); + LOG_FLAG (buf, info->flags, had, CKF_TOKEN_INITIALIZED); + LOG_FLAG (buf, info->flags, had, CKF_SECONDARY_AUTHENTICATION); + LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_COUNT_LOW); + LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_FINAL_TRY); + LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_LOCKED); + LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_TO_BE_CHANGED); + LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_COUNT_LOW); + LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_FINAL_TRY); + LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_LOCKED); + LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_TO_BE_CHANGED); + if (!had) { + snprintf (temp, sizeof (temp), "%lu", info->flags); + p11_buffer_add (buf, temp, -1); + } + + p11_buffer_add (buf, "\n\tulMaxSessionCount: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\tulSessionCount: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulSessionCount); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tulMaxRwSessionCount: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\tulRwSessionCount: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulRwSessionCount); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tulMaxPinLen: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulMaxPinLen); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tulMinPinLen: ", -1); + snprintf (temp, sizeof (temp), "%lu", info->ulMinPinLen); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tulTotalPublicMemory: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\tulFreePublicMemory: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\tulTotalPrivateMemory: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1); + log_token_number (buf, info->ulMaxSessionCount); + p11_buffer_add (buf, "\n\thardwareVersion: ", -1); + snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major, + (unsigned int)info->hardwareVersion.minor); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1); + snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major, + (unsigned int)info->firmwareVersion.minor); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n\tutcTime: ", -1); + p11_buffer_add (buf, (info->flags & CKF_CLOCK_ON_TOKEN) ? (const char*)info->utcTime : "", -1); + p11_buffer_add (buf, "\n }\n", -1); + } +} + +static void +log_ulong (p11_buffer *buf, + const char *pref, + const char *name, + CK_ULONG val, + const char* npref, + CK_RV status) +{ + char temp[32]; + + if (!npref) + npref = ""; + if (status == CKR_OK) { + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + p11_buffer_add (buf, npref, -1); + snprintf (temp, sizeof (temp), "%lu", val); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n", 1); + } +} + +static void +log_ulong_array (p11_buffer *buf, + const char *pref, + const char *name, + CK_ULONG_PTR arr, + CK_ULONG_PTR num, + const char *npref, + CK_RV status) +{ + char temp[32]; + CK_ULONG i; + + if (status == CKR_BUFFER_TOO_SMALL) { + arr = NULL; + status = CKR_OK; + } + + if (status != CKR_OK) + return; + if (npref == NULL) + npref = ""; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (num == NULL) { + p11_buffer_add (buf, "(?) NO-VALUES\n", -1); + } else if (arr == NULL) { + snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num); + p11_buffer_add (buf, temp, -1); + } else { + snprintf (temp, sizeof (temp), "(%lu) [ ", *num); + p11_buffer_add (buf, temp, -1); + for (i = 0; i < *num; ++i) { + if (i > 0) + p11_buffer_add (buf, ", ", 2); + p11_buffer_add (buf, npref, -1); + snprintf (temp, sizeof (temp), "%lu", arr[i]); + p11_buffer_add (buf, temp, -1); + } + p11_buffer_add (buf, " ]\n", 3); + } +} + +static void +log_ulong_pointer (p11_buffer *buf, + const char *pref, + const char *name, + CK_ULONG_PTR val, + const char *npref, + CK_RV status) +{ + char temp[32]; + + if (status != CKR_OK) + return; + if (npref == NULL) + npref = ""; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + if (val == NULL) { + p11_buffer_add (buf, "NULL\n", 5); + } else { + snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)val); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, " = ", 3); + p11_buffer_add (buf, npref, -1); + snprintf (temp, sizeof (temp), "%lu", *val); + p11_buffer_add (buf, temp, -1); + p11_buffer_add (buf, "\n", 1); + } +} + +static void +log_user_type (p11_buffer *buf, + const char *pref, + const char *name, + CK_USER_TYPE val, + CK_RV status) +{ + if (status != CKR_OK) + return; + p11_buffer_add (buf, pref, -1); + p11_buffer_add (buf, name, -1); + p11_buffer_add (buf, " = ", 3); + log_CKU (buf, val); + p11_buffer_add (buf, "\n", 1); +} + +static void +flush_buffer (p11_buffer *buf) +{ + if (p11_log_output) { + fwrite (buf->data, 1, buf->len, stderr); + fflush (stderr); + } + p11_buffer_reset (buf, 128); +} + +#define BEGIN_CALL(name) \ + { \ + LogData *_log = (LogData *)self; \ + const char* _name = "C_" #name; \ + p11_buffer _buf; \ + CK_X_##name _func = _log->lower->C_##name; \ + CK_RV _ret = CKR_OK; \ + p11_buffer_init_null (&_buf, 128); \ + return_val_if_fail (_func != NULL, CKR_DEVICE_ERROR); \ + p11_buffer_add (&_buf, _name, -1); \ + p11_buffer_add (&_buf, "\n", 1); \ + self = _log->lower; + +#define PROCESS_CALL(args) \ + flush_buffer (&_buf); \ + _ret = (_func) args; + +#define DONE_CALL \ + p11_buffer_add (&_buf, _name, -1); \ + p11_buffer_add (&_buf, " = ", 3); \ + log_CKR (&_buf, _ret); \ + p11_buffer_add (&_buf, "\n", 1); \ + flush_buffer (&_buf); \ + p11_buffer_uninit (&_buf); \ + return _ret; \ + } + +#define LIN " IN: " +#define LOUT " OUT: " + +#define IN_ATTRIBUTE_ARRAY(a, n) \ + log_attribute_types (&_buf, LIN, #a, a, n, CKR_OK); + +#define IN_BOOL(a) \ + log_bool (&_buf, LIN, #a, a, CKR_OK); + +#define IN_BYTE_ARRAY(a, n) \ + log_byte_array (&_buf, LIN, #a, a, &n, CKR_OK); + +#define IN_HANDLE(a) \ + log_ulong (&_buf, LIN, #a, a, "H", CKR_OK); + +#define IN_INIT_ARGS(a) \ + log_pInitArgs (&_buf, LIN, #a, a, CKR_OK); + +#define IN_POINTER(a) \ + log_pointer (&_buf, LIN, #a, a, CKR_OK); + +#define IN_MECHANISM(a) \ + log_mechanism (&_buf, LIN, #a, a, CKR_OK); + +#define IN_MECHANISM_TYPE(a) \ + log_mechanism_type (&_buf, LIN, #a, a, CKR_OK); + +#define IN_SESSION(a) \ + log_ulong (&_buf, LIN, #a, a, "S", CKR_OK); + +#define IN_SLOT_ID(a) \ + log_ulong (&_buf, LIN, #a, a, "SL", CKR_OK); + +#define IN_STRING(a) \ + log_string (&_buf, LIN, #a, a, CKR_OK); + +#define IN_ULONG(a) \ + log_ulong (&_buf, LIN, #a, a, NULL, CKR_OK); + +#define IN_ULONG_PTR(a) \ + log_ulong_pointer (&_buf, LIN, #a, a, NULL, CKR_OK); + +#define IN_USER_TYPE(a) \ + log_user_type (&_buf, LIN, #a, a, CKR_OK); + +#define OUT_ATTRIBUTE_ARRAY(a, n) \ + log_attribute_array (&_buf, LOUT, #a, a, n, _ret); + +#define OUT_BYTE_ARRAY(a, n) \ + log_byte_array(&_buf, LOUT, #a, a, n, _ret); + +#define OUT_HANDLE(a) \ + log_ulong_pointer (&_buf, LOUT, #a, a, "H", _ret); + +#define OUT_HANDLE_ARRAY(a, n) \ + log_ulong_array (&_buf, LOUT, #a, a, n, "H", _ret); + +#define OUT_INFO(a) \ + log_info (&_buf, LOUT, #a, a, _ret); + +#define OUT_MECHANISM_INFO(a) \ + log_mechanism_info (&_buf, LOUT, #a, a, _ret); + +#define OUT_MECHANISM_TYPE_ARRAY(a, n) \ + log_mechanism_type_array (&_buf, LOUT, #a, a, n, _ret); + +#define OUT_POINTER(a) \ + log_pointer (&_buf, LOUT, #a, a, _ret); + +#define OUT_SESSION(a) \ + log_ulong_pointer (&_buf, LOUT, #a, a, "S", _ret); + +#define OUT_SESSION_INFO(a) \ + log_session_info (&_buf, LOUT, #a, a, _ret); + +#define OUT_SLOT_ID_ARRAY(a, n) \ + log_ulong_array (&_buf, LOUT, #a, a, n, "SL", _ret); + +#define OUT_SLOT_ID(a) \ + log_ulong_pointer (&_buf, LOUT, #a, a, "SL", _ret); + +#define OUT_SLOT_INFO(a) \ + log_slot_info (&_buf, LOUT, #a, a, _ret); + +#define OUT_TOKEN_INFO(a) \ + log_token_info (&_buf, LOUT, #a, a, _ret); + +#define OUT_ULONG(a) \ + log_ulong_pointer (&_buf, LOUT, #a, a, NULL, _ret); + +#define OUT_ULONG_ARRAY(a, n) \ + log_ulong_array (&_buf, LOUT, #a, a, n, NULL, _ret); + + + +/* ---------------------------------------------------------------- */ + +static CK_RV +log_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR pInitArgs) +{ + BEGIN_CALL (Initialize) + IN_INIT_ARGS (pInitArgs) + PROCESS_CALL ((self, pInitArgs)) + DONE_CALL +} + +static CK_RV +log_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR pReserved) +{ + BEGIN_CALL (Finalize) + IN_POINTER (pReserved) + PROCESS_CALL ((self, pReserved)) + DONE_CALL +} + +static CK_RV +log_C_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR pInfo) +{ + BEGIN_CALL (GetInfo) + PROCESS_CALL ((self, pInfo)) + OUT_INFO (pInfo) + DONE_CALL +} + +static CK_RV +log_C_GetSlotList (CK_X_FUNCTION_LIST *self, + CK_BBOOL tokenPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount) +{ + BEGIN_CALL (GetSlotList) + IN_BOOL (tokenPresent) + IN_ULONG_PTR (pulCount) + PROCESS_CALL ((self, tokenPresent, pSlotList, pulCount)) + OUT_SLOT_ID_ARRAY (pSlotList, pulCount) + DONE_CALL +} + +static CK_RV +log_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) +{ + BEGIN_CALL (GetSlotInfo) + IN_SLOT_ID (slotID) + PROCESS_CALL ((self, slotID, pInfo)) + OUT_SLOT_INFO (pInfo) + DONE_CALL +} + +static CK_RV +log_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_TOKEN_INFO_PTR pInfo) +{ + BEGIN_CALL (GetTokenInfo) + IN_SLOT_ID (slotID) + PROCESS_CALL ((self, slotID, pInfo)) + OUT_TOKEN_INFO (pInfo) + DONE_CALL +} + +static CK_RV +log_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) +{ + BEGIN_CALL (GetMechanismList) + IN_SLOT_ID (slotID) + IN_ULONG_PTR (pulCount) + PROCESS_CALL ((self, slotID, pMechanismList, pulCount)) + OUT_MECHANISM_TYPE_ARRAY (pMechanismList, pulCount) + DONE_CALL +} + +static CK_RV +log_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo) +{ + BEGIN_CALL (GetMechanismInfo) + IN_SLOT_ID (slotID) + IN_MECHANISM_TYPE (type) + PROCESS_CALL ((self, slotID, type, pInfo)) + OUT_MECHANISM_INFO (pInfo) + DONE_CALL +} + +static CK_RV +log_C_InitToken (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, + CK_UTF8CHAR_PTR pLabel) +{ + BEGIN_CALL (InitToken) + IN_SLOT_ID (slotID) + IN_BYTE_ARRAY (pPin, ulPinLen) + IN_STRING (pLabel) + PROCESS_CALL ((self, slotID, pPin, ulPinLen, pLabel)) + DONE_CALL +} + +static CK_RV +log_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved) +{ + char temp[32]; + int had = 0; + + BEGIN_CALL (WaitForSlotEvent) + p11_buffer_add (&_buf, " IN: flags = ", -1); + snprintf (temp, sizeof (temp), "%lu", flags); + p11_buffer_add (&_buf, temp, -1); + LOG_FLAG (&_buf, flags, had, CKF_DONT_BLOCK); + p11_buffer_add (&_buf, "\n", 1); + PROCESS_CALL ((self, flags, pSlot, pReserved)) + OUT_SLOT_ID (pSlot) + OUT_POINTER (pReserved) + DONE_CALL +} + +static CK_RV +log_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID, + CK_FLAGS flags, + CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession) +{ + char temp[32]; + int had = 0; + + BEGIN_CALL (OpenSession) + IN_SLOT_ID (slotID) + p11_buffer_add (&_buf, " IN: flags = ", -1); + snprintf (temp, sizeof (temp), "%lu", flags); + p11_buffer_add (&_buf, temp, -1); + LOG_FLAG (&_buf, flags, had, CKF_SERIAL_SESSION); + LOG_FLAG (&_buf, flags, had, CKF_RW_SESSION); + p11_buffer_add (&_buf, "\n", 1); + IN_POINTER (pApplication); + IN_POINTER (Notify); + PROCESS_CALL ((self, slotID, flags, pApplication, Notify, phSession)); + OUT_SESSION (phSession) + DONE_CALL +} + +static CK_RV +log_C_CloseSession (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession) +{ + BEGIN_CALL (CloseSession) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession)) + DONE_CALL +} + +static CK_RV +log_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slotID) +{ + BEGIN_CALL (CloseAllSessions) + IN_SLOT_ID (slotID) + PROCESS_CALL ((self, slotID)) + DONE_CALL +} + +static CK_RV +log_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) +{ + BEGIN_CALL (GetSessionInfo) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession, pInfo)) + OUT_SESSION_INFO (pInfo) + DONE_CALL +} + +static CK_RV +log_C_InitPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen) +{ + BEGIN_CALL (InitPIN) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPin, ulPinLen) + PROCESS_CALL ((self, hSession, pPin, ulPinLen)) + DONE_CALL +} + +static CK_RV +log_C_SetPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_UTF8CHAR_PTR pOldPin, + CK_ULONG ulOldLen, + CK_UTF8CHAR_PTR pNewPin, + CK_ULONG ulNewLen) +{ + BEGIN_CALL (SetPIN) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pOldPin, ulOldLen) + IN_BYTE_ARRAY (pNewPin, ulNewLen); + PROCESS_CALL ((self, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen)) + DONE_CALL +} + +static CK_RV +log_C_GetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen) +{ + BEGIN_CALL (GetOperationState) + IN_SESSION (hSession) + IN_ULONG_PTR (pulOperationStateLen) + PROCESS_CALL ((self, hSession, pOperationState, pulOperationStateLen)) + OUT_BYTE_ARRAY (pOperationState, pulOperationStateLen) + DONE_CALL +} + +static CK_RV +log_C_SetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey) +{ + BEGIN_CALL (SetOperationState) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pOperationState, ulOperationStateLen) + IN_HANDLE (hEncryptionKey) + IN_HANDLE (hAuthenticationKey) + PROCESS_CALL ((self, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey)) + DONE_CALL +} + +static CK_RV +log_C_Login (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen) +{ + BEGIN_CALL (Login) + IN_SESSION (hSession) + IN_USER_TYPE (userType) + IN_BYTE_ARRAY (pPin, ulPinLen); + PROCESS_CALL ((self, hSession, userType, pPin, ulPinLen)) + DONE_CALL +} + +static CK_RV +log_C_Logout (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession) +{ + BEGIN_CALL (Logout) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession)) + DONE_CALL +} + +static CK_RV +log_C_CreateObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject) +{ + BEGIN_CALL (CreateObject) + IN_SESSION (hSession) + IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) + PROCESS_CALL ((self, hSession, pTemplate, ulCount, phObject)) + OUT_HANDLE (phObject) + DONE_CALL +} + +static CK_RV +log_C_CopyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject) +{ + BEGIN_CALL (CopyObject) + IN_SESSION (hSession) + IN_HANDLE (hObject) + IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) + PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount, phNewObject)) + OUT_HANDLE (phNewObject) + DONE_CALL +} + + +static CK_RV +log_C_DestroyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject) +{ + BEGIN_CALL (DestroyObject); + IN_SESSION (hSession) + IN_HANDLE (hObject) + PROCESS_CALL ((self, hSession, hObject)) + DONE_CALL +} + +static CK_RV +log_C_GetObjectSize (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG_PTR size) +{ + BEGIN_CALL (GetObjectSize); + IN_SESSION (hSession) + IN_HANDLE (hObject) + PROCESS_CALL ((self, hSession, hObject, size)) + OUT_ULONG (size) + DONE_CALL +} + +static CK_RV +log_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) +{ + BEGIN_CALL (GetAttributeValue) + IN_SESSION (hSession) + IN_HANDLE (hObject) + IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) + PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount)) + OUT_ATTRIBUTE_ARRAY (pTemplate, ulCount) + DONE_CALL +} + +static CK_RV +log_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) +{ + BEGIN_CALL (SetAttributeValue) + IN_SESSION (hSession) + IN_HANDLE (hObject) + IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) + PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount)) + DONE_CALL +} + +static CK_RV +log_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount) +{ + BEGIN_CALL (FindObjectsInit) + IN_SESSION (hSession) + IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) + PROCESS_CALL ((self, hSession, pTemplate, ulCount)) + DONE_CALL +} + +static CK_RV +log_C_FindObjects (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR object, + CK_ULONG max_object_count, + CK_ULONG_PTR object_count) +{ + BEGIN_CALL (FindObjects) + IN_SESSION (hSession) + IN_ULONG (max_object_count) + PROCESS_CALL ((self, hSession, object, max_object_count, object_count)) + OUT_HANDLE_ARRAY (object, object_count) + DONE_CALL +} + +static CK_RV +log_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession) +{ + BEGIN_CALL (FindObjectsFinal) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession)) + DONE_CALL +} + +static CK_RV +log_C_EncryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (EncryptInit) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hKey)) + DONE_CALL +} + +static CK_RV +log_C_Encrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen) +{ + BEGIN_CALL (Encrypt) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pData, ulDataLen) + PROCESS_CALL ((self, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen)) + OUT_BYTE_ARRAY (pEncryptedData, pulEncryptedDataLen) + DONE_CALL +} + +static CK_RV +log_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) +{ + BEGIN_CALL (EncryptUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPart, ulPartLen) + PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) + OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) + DONE_CALL +} + +static CK_RV +log_C_EncryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen) +{ + BEGIN_CALL (EncryptFinal) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession, pLastEncryptedPart, pulLastEncryptedPartLen)) + OUT_BYTE_ARRAY (pLastEncryptedPart, pulLastEncryptedPartLen) + DONE_CALL +} + +static CK_RV +log_C_DecryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (DecryptInit) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hKey)) + DONE_CALL +} + +static CK_RV +log_C_Decrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) +{ + BEGIN_CALL (Decrypt) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pEncryptedData, ulEncryptedDataLen) + PROCESS_CALL ((self, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen)) + OUT_BYTE_ARRAY (pData, pulDataLen) + DONE_CALL +} + +static CK_RV +log_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) +{ + BEGIN_CALL (DecryptUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) + PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) + OUT_BYTE_ARRAY (pPart, pulPartLen) + DONE_CALL +} + +static CK_RV +log_C_DecryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen) +{ + BEGIN_CALL (DecryptFinal) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession, pLastPart, pulLastPartLen)) + OUT_BYTE_ARRAY (pLastPart, pulLastPartLen) + DONE_CALL +} + +static CK_RV +log_C_DigestInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism) +{ + BEGIN_CALL (DigestInit) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + PROCESS_CALL ((self, hSession, pMechanism)) + DONE_CALL +} + +static CK_RV +log_C_Digest (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) +{ + BEGIN_CALL (Digest) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pData, ulDataLen) + PROCESS_CALL ((self, hSession, pData, ulDataLen, pDigest, pulDigestLen)) + OUT_BYTE_ARRAY (pDigest, pulDigestLen) + DONE_CALL +} + +static CK_RV +log_C_DigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) +{ + BEGIN_CALL (DigestUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPart, ulPartLen) + PROCESS_CALL ((self, hSession, pPart, ulPartLen)) + DONE_CALL +} + +static CK_RV +log_C_DigestKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (DigestKey) + IN_SESSION (hSession) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, hKey)) + DONE_CALL +} + +static CK_RV +log_C_DigestFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen) +{ + BEGIN_CALL (DigestFinal) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession, pDigest, pulDigestLen)) + OUT_BYTE_ARRAY (pDigest, pulDigestLen) + DONE_CALL +} + +static CK_RV +log_C_SignInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (SignInit) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hKey)) + DONE_CALL +} + +static CK_RV +log_C_Sign (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) +{ + BEGIN_CALL (Sign) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pData, ulDataLen) + PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen)) + OUT_BYTE_ARRAY (pSignature, pulSignatureLen) + DONE_CALL +} + +static CK_RV +log_C_SignUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) +{ + BEGIN_CALL (SignUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPart, ulPartLen) + PROCESS_CALL ((self, hSession, pPart, ulPartLen)) + DONE_CALL +} + +static CK_RV +log_C_SignFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) +{ + BEGIN_CALL (SignFinal) + IN_SESSION (hSession) + PROCESS_CALL ((self, hSession, pSignature, pulSignatureLen)) + OUT_BYTE_ARRAY (pSignature, pulSignatureLen) + DONE_CALL +} + +static CK_RV +log_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (SignRecoverInit) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hKey)) + DONE_CALL +} + +static CK_RV +log_C_SignRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen) +{ + BEGIN_CALL (SignRecover) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pData, ulDataLen) + PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen)) + OUT_BYTE_ARRAY (pSignature, pulSignatureLen) + DONE_CALL +} + +static CK_RV +log_C_VerifyInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (VerifyInit); + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hKey)) + DONE_CALL +} + +static CK_RV +log_C_Verify (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pData, + CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) +{ + BEGIN_CALL (Verify) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pData, ulDataLen) + IN_BYTE_ARRAY (pSignature, ulSignatureLen) + PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, ulSignatureLen)) + DONE_CALL +} + +static CK_RV +log_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen) +{ + BEGIN_CALL (VerifyUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPart, ulPartLen) + PROCESS_CALL ((self, hSession, pPart, ulPartLen)) + DONE_CALL +} + +static CK_RV +log_C_VerifyFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen) +{ + BEGIN_CALL (VerifyFinal) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pSignature, ulSignatureLen); + PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen)) + DONE_CALL +} + +static CK_RV +log_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey) +{ + BEGIN_CALL (VerifyRecoverInit) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hKey)) + DONE_CALL +} + +static CK_RV +log_C_VerifyRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen) +{ + BEGIN_CALL (VerifyRecover) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pSignature, ulSignatureLen) + PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen, pData, pulDataLen)) + OUT_BYTE_ARRAY (pData, pulDataLen) + DONE_CALL +} + +static CK_RV +log_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) +{ + BEGIN_CALL (DigestEncryptUpdate); + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPart, ulPartLen) + PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) + OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) + DONE_CALL +} + +static CK_RV +log_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) +{ + BEGIN_CALL (DecryptDigestUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) + PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) + OUT_BYTE_ARRAY (pPart, pulPartLen) + DONE_CALL +} + +static CK_RV +log_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen) +{ + BEGIN_CALL (SignEncryptUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pPart, ulPartLen) + PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen)) + OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen) + DONE_CALL +} + +static CK_RV +log_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen) +{ + BEGIN_CALL (DecryptVerifyUpdate) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen) + PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen)) + OUT_BYTE_ARRAY (pPart, pulPartLen) + DONE_CALL +} + +static CK_RV +log_C_GenerateKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey) +{ + BEGIN_CALL (GenerateKey) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_ATTRIBUTE_ARRAY (pTemplate, ulCount) + PROCESS_CALL ((self, hSession, pMechanism, pTemplate, ulCount, phKey)) + OUT_HANDLE (phKey) + DONE_CALL +} + +static CK_RV +log_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey) +{ + BEGIN_CALL (GenerateKeyPair) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_ATTRIBUTE_ARRAY (pPublicKeyTemplate, ulPublicKeyAttributeCount) + IN_ATTRIBUTE_ARRAY (pPrivateKeyTemplate, ulPrivateKeyAttributeCount) + PROCESS_CALL ((self, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, + pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey)) + OUT_HANDLE (phPublicKey) + OUT_HANDLE (phPrivateKey) + DONE_CALL +} + +static CK_RV +log_C_WrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, + CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen) +{ + BEGIN_CALL (WrapKey) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hWrappingKey) + IN_HANDLE (hKey) + PROCESS_CALL ((self, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen)) + OUT_BYTE_ARRAY (pWrappedKey, pulWrappedKeyLen) + DONE_CALL +} + +static CK_RV +log_C_UnwrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey) +{ + BEGIN_CALL (UnwrapKey) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hUnwrappingKey) + IN_BYTE_ARRAY (pWrappedKey, ulWrappedKeyLen) + IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount) + PROCESS_CALL ((self, hSession, pMechanism, hUnwrappingKey, pWrappedKey, + ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey)) + OUT_HANDLE (phKey) + DONE_CALL +} + +static CK_RV +log_C_DeriveKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phObject) +{ + BEGIN_CALL (DeriveKey) + IN_SESSION (hSession) + IN_MECHANISM (pMechanism) + IN_HANDLE (hBaseKey) + IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount) + PROCESS_CALL ((self, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phObject)) + OUT_HANDLE (phObject) + DONE_CALL +} + +static CK_RV +log_C_SeedRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen) +{ + BEGIN_CALL (SeedRandom) + IN_SESSION (hSession) + IN_BYTE_ARRAY (pSeed, ulSeedLen); + PROCESS_CALL ((self, hSession, pSeed, ulSeedLen)) + DONE_CALL +} + +static CK_RV +log_C_GenerateRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, + CK_ULONG ulRandomLen) +{ + BEGIN_CALL (GenerateRandom) + IN_SESSION (hSession) + IN_ULONG (ulRandomLen) + PROCESS_CALL ((self, hSession, pRandomData, ulRandomLen)) + OUT_BYTE_ARRAY (pRandomData, &ulRandomLen) + DONE_CALL +} + +static CK_X_FUNCTION_LIST log_functions = { + { -1, -1 }, + log_C_Initialize, + log_C_Finalize, + log_C_GetInfo, + log_C_GetSlotList, + log_C_GetSlotInfo, + log_C_GetTokenInfo, + log_C_GetMechanismList, + log_C_GetMechanismInfo, + log_C_InitToken, + log_C_InitPIN, + log_C_SetPIN, + log_C_OpenSession, + log_C_CloseSession, + log_C_CloseAllSessions, + log_C_GetSessionInfo, + log_C_GetOperationState, + log_C_SetOperationState, + log_C_Login, + log_C_Logout, + log_C_CreateObject, + log_C_CopyObject, + log_C_DestroyObject, + log_C_GetObjectSize, + log_C_GetAttributeValue, + log_C_SetAttributeValue, + log_C_FindObjectsInit, + log_C_FindObjects, + log_C_FindObjectsFinal, + log_C_EncryptInit, + log_C_Encrypt, + log_C_EncryptUpdate, + log_C_EncryptFinal, + log_C_DecryptInit, + log_C_Decrypt, + log_C_DecryptUpdate, + log_C_DecryptFinal, + log_C_DigestInit, + log_C_Digest, + log_C_DigestUpdate, + log_C_DigestKey, + log_C_DigestFinal, + log_C_SignInit, + log_C_Sign, + log_C_SignUpdate, + log_C_SignFinal, + log_C_SignRecoverInit, + log_C_SignRecover, + log_C_VerifyInit, + log_C_Verify, + log_C_VerifyUpdate, + log_C_VerifyFinal, + log_C_VerifyRecoverInit, + log_C_VerifyRecover, + log_C_DigestEncryptUpdate, + log_C_DecryptDigestUpdate, + log_C_SignEncryptUpdate, + log_C_DecryptVerifyUpdate, + log_C_GenerateKey, + log_C_GenerateKeyPair, + log_C_WrapKey, + log_C_UnwrapKey, + log_C_DeriveKey, + log_C_SeedRandom, + log_C_GenerateRandom, + log_C_WaitForSlotEvent, +}; + +void +p11_log_release (void *data) +{ + LogData *log = (LogData *)data; + + return_if_fail (data != NULL); + p11_virtual_uninit (&log->virt); + free (log); +} + +p11_virtual * +p11_log_subclass (p11_virtual *lower, + p11_destroyer destroyer) +{ + LogData *log; + + log = calloc (1, sizeof (LogData)); + return_val_if_fail (log != NULL, NULL); + + p11_virtual_init (&log->virt, &log_functions, lower, destroyer); + log->lower = &lower->funcs; + return &log->virt; +} diff --git a/p11-kit/log.h b/p11-kit/log.h new file mode 100644 index 0000000..d8169e8 --- /dev/null +++ b/p11-kit/log.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#ifndef P11_LOG_H_ +#define P11_LOG_H_ + +#include "virtual.h" + +p11_virtual * p11_log_subclass (p11_virtual *lower, + p11_destroyer destroyer); + +void p11_log_release (void *logger); + +extern bool p11_log_force; + +extern bool p11_log_output; + +#endif /* P11_LOG_H_ */ diff --git a/p11-kit/meson.build b/p11-kit/meson.build new file mode 100644 index 0000000..7d57cd7 --- /dev/null +++ b/p11-kit/meson.build @@ -0,0 +1,333 @@ +install_headers('deprecated.h', + 'iter.h', + 'p11-kit.h', + 'pin.h', + 'remote.h', + 'uri.h', + subdir: 'p11-kit-1/p11-kit') + +libp11_kit_internal_sources = [ + 'conf.c', + 'log.c', + 'filter.c', + 'rpc-transport.c', + 'rpc-message.c', + 'rpc-client.c' +] + +libp11_kit_internal_sources += custom_target('generate virtual-fixed-generated.h', + output: 'virtual-fixed-generated.h', + command: [ + meson.current_source_dir() / 'gen-virtual-fixed.sh', + '@OUTPUT@', '64' + ]) +libp11_kit_internal_sources += 'virtual.c' + +libp11_kit_internal_c_args = [ + '-DP11_SYSTEM_CONFIG_FILE="@0@"'.format(prefix / p11_system_config_file), + '-DP11_SYSTEM_CONFIG_MODULES="@0@"'.format(prefix / p11_system_config_modules), + '-DP11_PACKAGE_CONFIG_MODULES="@0@"'.format(prefix / p11_package_config_modules), + '-DP11_USER_CONFIG_FILE="@0@"'.format(p11_user_config_file), + '-DP11_USER_CONFIG_MODULES="@0@"'.format(p11_user_config_modules), + '-DP11_MODULE_PATH="@0@"'.format(prefix / p11_module_path) +] + +libp11_kit_internal = static_library('p11-kit-internal', + libp11_kit_internal_sources, + dependencies: [libp11_library_dep] + libffi_deps, + c_args: libp11_kit_internal_c_args, + implicit_include_directories: false, + gnu_symbol_visibility: 'hidden') + +libp11_kit_sources = [ + 'iter.c', + 'messages.c', + 'modules.c', + 'pin.c', + 'proxy.c', + 'proxy-init.c', + 'rpc-server.c', + 'uri.c', + 'util.c' +] + +libp11_kit_symbol_map = meson.current_source_dir() / 'libp11-kit.map' +libp11_kit_ldflags = cc.get_supported_link_arguments([ + '-Wl,--version-script,' + libp11_kit_symbol_map +]) +libp11_kit_symbol_def = meson.current_source_dir() / 'libp11-kit-@0@.dll.def'.format(soversion) + +libp11_kit = shared_library('p11-kit', + libp11_kit_sources, + install: true, + version: library_version, + soversion: soversion, + dependencies: libffi_deps + dlopen_deps, + include_directories: [configinc, commoninc], + implicit_include_directories: false, + c_args: libp11_kit_internal_c_args, + link_args: libp11_kit_ldflags, + link_depends: [libp11_kit_symbol_map, + libp11_kit_symbol_def], + link_with: libp11_kit_internal, + vs_module_defs: libp11_kit_symbol_def) + +libp11_kit_dep = declare_dependency(link_with: libp11_kit, + include_directories: [configinc, commoninc]) + +meson.add_install_script( + 'meson_post_install.sh', + libdir, + datadir / 'p11-kit' / 'modules' +) + +p11_module_symbol_map = meson.current_source_dir() / 'p11-module.map' +p11_module_ldflags = cc.get_supported_link_arguments([ + '-Wl,--version-script,' + p11_module_symbol_map +]) +p11_module_symbol_def = meson.current_source_dir() / 'p11-module.def' + +if host_system != 'windows' + shared_module('p11-kit-client', + 'client.c', 'client-init.c', + name_prefix: '', + include_directories: [configinc, commoninc], + link_args: p11_module_ldflags, + link_depends: [p11_module_symbol_map, + p11_module_symbol_def], + link_with: [libp11_kit_internal], + vs_module_defs: p11_module_symbol_def, + install: true, + install_dir: p11_module_path) +endif + +if get_option('test') + fixtures_dir = meson.current_source_dir() / 'fixtures' + + if host_system == 'windows' + libp11_kit_testable_c_args = [ + '-DP11_SYSTEM_CONFIG_FILE="@0@"'.format(fixtures_dir / 'system-pkcs11.conf'), + '-DP11_SYSTEM_CONFIG_MODULES="@0@"'.format(fixtures_dir / 'system-modules' / 'win32'), + '-DP11_PACKAGE_CONFIG_MODULES="@0@"'.format(fixtures_dir / 'package-modules' / 'win32'), + '-DP11_USER_CONFIG_FILE="@0@"'.format(fixtures_dir / 'user-pkcs11.conf'), + '-DP11_USER_CONFIG_MODULES="@0@"'.format(fixtures_dir / 'user-modules' / 'win32') + ] + else + libp11_kit_testable_c_args = [ + '-DP11_SYSTEM_CONFIG_FILE="@0@"'.format(fixtures_dir / 'system-pkcs11.conf'), + '-DP11_SYSTEM_CONFIG_MODULES="@0@"'.format(fixtures_dir / 'system-modules'), + '-DP11_PACKAGE_CONFIG_MODULES="@0@"'.format(fixtures_dir / 'package-modules'), + '-DP11_USER_CONFIG_FILE="@0@"'.format(fixtures_dir / 'user-pkcs11.conf'), + '-DP11_USER_CONFIG_MODULES="@0@"'.format(fixtures_dir / 'user-modules') + ] + endif + + libp11_kit_testable_c_args += '-DP11_MODULE_PATH="@0@"'.format(meson.current_build_dir()) + + libp11_kit_testable = static_library('p11-kit-testable', + libp11_kit_internal_sources, + libp11_kit_sources, + c_args: libp11_kit_testable_c_args, + implicit_include_directories: false, + dependencies: [libp11_library_dep] + libffi_deps + dlopen_deps) +endif + +p11_kit_sources = [ + 'lists.c', + 'p11-kit.c' +] + +executable('p11-kit', + p11_kit_sources, + c_args: common_c_args, + dependencies: [libp11_tool_dep] + libffi_deps + dlopen_deps, + link_with: libp11_kit, + install: true) + +executable('p11-kit-remote', + 'remote.c', + c_args: common_c_args, + dependencies: [libp11_tool_dep] + libffi_deps + dlopen_deps, + link_with: libp11_kit, + install: true, + install_dir: prefix / privatedir) + +if get_option('test') + executable('p11-kit-remote-testable', + 'remote.c', + c_args: common_c_args, + dependencies: [libp11_tool_dep] + libffi_deps + dlopen_deps, + link_with: libp11_kit_testable) +endif + +executable('p11-kit-server', + 'server.c', + c_args: common_c_args + [ + '-DP11_KIT_REMOTE="p11-kit-remote"' + ], + dependencies: [libp11_tool_dep] + libsystemd_deps + libffi_deps + dlopen_deps, + implicit_include_directories: false, + link_with: libp11_kit, + install: true, + install_dir: prefix / privatedir) + +if get_option('test') + executable('p11-kit-server-testable', + 'server.c', + c_args: common_c_args + [ + '-DP11_KIT_REMOTE="p11-kit-remote-testable"' + ], + implicit_include_directories: false, + dependencies: [libp11_tool_dep] + libsystemd_deps + libffi_deps + dlopen_deps, + link_with: libp11_kit_testable) +endif + +if with_systemd + p11_kit_server_service_conf = configuration_data({ + 'bindir': prefix / bindir + }) + p11_kit_server_service = configure_file(input: 'p11-kit-server.service.in', + output: '@BASENAME@', + configuration: p11_kit_server_service_conf) + install_data([p11_kit_server_service, 'p11-kit-server.socket'], + install_dir: systemduserunitdir) +endif + +# Check if compilation succeeds with CRYPTOKI_GNU=1 + +pkcs11_gnu_headers = [ + 'iter.h', + 'pin.h', + 'uri.h' +] + +gnu_h_gen = generator(find_program('gen-pkcs11-gnu.sh'), + output: 'pkcs11-gnu-@BASENAME@.h', + arguments: ['@INPUT@', '@OUTPUT@']) + +gnu_h = gnu_h_gen.process(pkcs11_gnu_headers) + +static_library('p11-kit-pkcs11-gnu', + gnu_h, + 'pkcs11-gnu.c', + include_directories: [configinc, commoninc]) + +# Tests ---------------------------------------------------------------- + +if get_option('test') + p11_kit_tests = [ + 'test-progname', + 'test-util', + 'test-conf', + 'test-uri', + 'test-pin', + 'test-init', + 'test-modules', + 'test-deprecated', + 'test-proxy', + 'test-iter', + 'test-rpc', + 'test-virtual', + 'test-managed', + 'test-log', + 'test-filter', + 'test-transport' + ] + + if host_system != 'windows' + p11_kit_tests += 'test-server' + endif + + foreach name : p11_kit_tests + t = executable(name, '@0@.c'.format(name), + c_args: tests_c_args + libp11_kit_testable_c_args, + include_directories: [configinc, commoninc], + dependencies: [libp11_test_dep] + libffi_deps + dlopen_deps, + link_with: libp11_kit_testable) + test(name, t) + endforeach + + p11_kit_progs = [ + 'print-messages', + 'frob-setuid' + ] + + foreach name : p11_kit_progs + t = executable(name, '@0@.c'.format(name), + c_args: tests_c_args, + include_directories: [configinc, commoninc], + dependencies: [libp11_test_dep] + libffi_deps + dlopen_deps, + link_with: libp11_kit_testable) + endforeach + + p11_kit_tests_env = environment() + p11_kit_tests_env.set('abs_top_builddir', top_build_dir) + p11_kit_tests_env.set('P11_MODULE_PATH', meson.current_build_dir()) + + if host_system != 'windows' + test('test-messages.sh', + find_program('test-messages.sh'), + env: p11_kit_tests_env) + + test('test-server.sh', + find_program('test-server.sh'), + env: p11_kit_tests_env) + endif + + mock_sources = { + 'mock-one': ['mock-module-ep.c'], + 'mock-two': ['mock-module-ep2.c'], + 'mock-three': ['mock-module-ep.c'], + 'mock-four': ['mock-module-ep.c'], + 'mock-five': ['mock-module-ep3.c'], + 'mock-seven': ['mock-module-ep5.c'], + 'mock-eight': ['mock-module-ep6.c'], + 'mock-nine': ['mock-module-ep7.c'], + 'mock-ten': ['mock-module-ep8.c'] + } + + if host_system != 'windows' + mock_sources += {'mock-six': ['mock-module-ep4.c']} + endif + + foreach name, sources : mock_sources + shared_module(name, + sources, + name_prefix: '', + link_args: p11_module_ldflags, + link_depends: [p11_module_symbol_map, + p11_module_symbol_def], + vs_module_defs: p11_module_symbol_def, + dependencies: [libp11_test_dep]) + endforeach +endif + +p11_kit_pc_variables = [ + 'p11_module_configs=@0@'.format(prefix / p11_package_config_modules), + 'p11_module_path=@0@'.format(prefix / p11_module_path), + 'proxy_module=@0@/p11-kit-proxy.so'.format(prefix / libdir), + 'p11_system_config_modules=@0@'.format(prefix / p11_package_config_modules) +] + +if trust_paths != '' + p11_kit_pc_variables += [ + 'p11_trust_paths=@0@'.format(trust_paths) + ] +endif + +pkg.generate(libraries: libp11_kit, + filebase: 'p11-kit-1', + name: 'p11-kit', + description: 'Library and proxy module for properly loading and sharing PKCS#11 modules.', + subdirs: 'p11-kit-1', + variables: p11_kit_pc_variables) + +pkcs11_conf_example_conf = configuration_data({ + 'p11_system_config_file': prefix / p11_system_config_file, + 'p11_user_config': p11_user_config +}) +pkcs11_conf_example = configure_file(input: 'pkcs11.conf.example.in', + output: '@BASENAME@', + configuration: pkcs11_conf_example_conf) +install_data(pkcs11_conf_example, + install_dir: prefix / p11_system_config) diff --git a/p11-kit/meson_post_install.sh b/p11-kit/meson_post_install.sh new file mode 100755 index 0000000..9a59db8 --- /dev/null +++ b/p11-kit/meson_post_install.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set +x + +libdir="$1" +p11_package_config_modules="$2" + +# Proxy module is actually same as library, so install a link +for i in so dylib; do + test -f "$MESON_INSTALL_DESTDIR_PREFIX/$libdir/libp11-kit.$i" && + ln -sf `readlink $MESON_INSTALL_DESTDIR_PREFIX/$libdir/libp11-kit.$i` \ + "$MESON_INSTALL_DESTDIR_PREFIX/$libdir/p11-kit-proxy.$i" || true; +done + +mkdir -p "$MESON_INSTALL_DESTDIR_PREFIX/$p11_package_config_modules" diff --git a/p11-kit/messages.c b/p11-kit/messages.c new file mode 100644 index 0000000..3190fce --- /dev/null +++ b/p11-kit/messages.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "pkcs11.h" +#include "p11-kit.h" + +/** + * SECTION:p11-kit-util + * @title: Utilities + * @short_description: PKCS\#11 utilities + * + * Utility functions for working with PKCS\#11. + */ + +#ifdef ENABLE_NLS +#include +#define _(x) dgettext(PACKAGE_NAME, x) +#else +#define _(x) x +#endif + +/** + * p11_kit_strerror: + * @rv: The code to get a message for. + * + * Get a message for a PKCS\#11 return value or error code. Do not + * pass CKR_OK or other such non errors to this function. + * + * Returns: The user readable and localized message. + **/ +const char* +p11_kit_strerror (CK_RV rv) +{ + switch (rv) { + + /* These are not really errors, or not current */ + case CKR_OK: + case CKR_NO_EVENT: + case CKR_FUNCTION_NOT_PARALLEL: + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + return ""; + + case CKR_CANCEL: + case CKR_FUNCTION_CANCELED: + return _("The operation was cancelled"); + + case CKR_HOST_MEMORY: + return _("Insufficient memory available"); + case CKR_SLOT_ID_INVALID: + return _("The specified slot ID is not valid"); + case CKR_GENERAL_ERROR: + return _("Internal error"); + case CKR_FUNCTION_FAILED: + return _("The operation failed"); + case CKR_ARGUMENTS_BAD: + return _("Invalid arguments"); + case CKR_NEED_TO_CREATE_THREADS: + return _("The module cannot create needed threads"); + case CKR_CANT_LOCK: + return _("The module cannot lock data properly"); + case CKR_ATTRIBUTE_READ_ONLY: + return _("The field is read-only"); + case CKR_ATTRIBUTE_SENSITIVE: + return _("The field is sensitive and cannot be revealed"); + case CKR_ATTRIBUTE_TYPE_INVALID: + return _("The field is invalid or does not exist"); + case CKR_ATTRIBUTE_VALUE_INVALID: + return _("Invalid value for field"); + case CKR_DATA_INVALID: + return _("The data is not valid or unrecognized"); + case CKR_DATA_LEN_RANGE: + return _("The data is too long"); + case CKR_DEVICE_ERROR: + return _("An error occurred on the device"); + case CKR_DEVICE_MEMORY: + return _("Insufficient memory available on the device"); + case CKR_DEVICE_REMOVED: + return _("The device was removed or unplugged"); + case CKR_ENCRYPTED_DATA_INVALID: + return _("The encrypted data is not valid or unrecognized"); + case CKR_ENCRYPTED_DATA_LEN_RANGE: + return _("The encrypted data is too long"); + case CKR_FUNCTION_NOT_SUPPORTED: + return _("This operation is not supported"); + case CKR_KEY_HANDLE_INVALID: + return _("The key is missing or invalid"); + case CKR_KEY_SIZE_RANGE: + return _("The key is the wrong size"); + case CKR_KEY_TYPE_INCONSISTENT: + return _("The key is of the wrong type"); + case CKR_KEY_NOT_NEEDED: + return _("No key is needed"); + case CKR_KEY_CHANGED: + return _("The key is different than before"); + case CKR_KEY_NEEDED: + return _("A key is needed"); + case CKR_KEY_INDIGESTIBLE: + return _("Cannot include the key in the digest"); + case CKR_KEY_FUNCTION_NOT_PERMITTED: + return _("This operation cannot be done with this key"); + case CKR_KEY_NOT_WRAPPABLE: + return _("The key cannot be wrapped"); + case CKR_KEY_UNEXTRACTABLE: + return _("Cannot export this key"); + case CKR_MECHANISM_INVALID: + return _("The crypto mechanism is invalid or unrecognized"); + case CKR_MECHANISM_PARAM_INVALID: + return _("The crypto mechanism has an invalid argument"); + case CKR_OBJECT_HANDLE_INVALID: + return _("The object is missing or invalid"); + case CKR_OPERATION_ACTIVE: + return _("Another operation is already taking place"); + case CKR_OPERATION_NOT_INITIALIZED: + return _("No operation is taking place"); + case CKR_PIN_INCORRECT: + return _("The password or PIN is incorrect"); + case CKR_PIN_INVALID: + return _("The password or PIN is invalid"); + case CKR_PIN_LEN_RANGE: + return _("The password or PIN is of an invalid length"); + case CKR_PIN_EXPIRED: + return _("The password or PIN has expired"); + case CKR_PIN_LOCKED: + return _("The password or PIN is locked"); + case CKR_SESSION_CLOSED: + return _("The session is closed"); + case CKR_SESSION_COUNT: + return _("Too many sessions are active"); + case CKR_SESSION_HANDLE_INVALID: + return _("The session is invalid"); + case CKR_SESSION_READ_ONLY: + return _("The session is read-only"); + case CKR_SESSION_EXISTS: + return _("An open session exists"); + case CKR_SESSION_READ_ONLY_EXISTS: + return _("A read-only session exists"); + case CKR_SESSION_READ_WRITE_SO_EXISTS: + return _("An administrator session exists"); + case CKR_SIGNATURE_INVALID: + return _("The signature is bad or corrupted"); + case CKR_SIGNATURE_LEN_RANGE: + return _("The signature is unrecognized or corrupted"); + case CKR_TEMPLATE_INCOMPLETE: + return _("Certain required fields are missing"); + case CKR_TEMPLATE_INCONSISTENT: + return _("Certain fields have invalid values"); + case CKR_TOKEN_NOT_PRESENT: + return _("The device is not present or unplugged"); + case CKR_TOKEN_NOT_RECOGNIZED: + return _("The device is invalid or unrecognizable"); + case CKR_TOKEN_WRITE_PROTECTED: + return _("The device is write protected"); + case CKR_UNWRAPPING_KEY_HANDLE_INVALID: + return _("Cannot import because the key is invalid"); + case CKR_UNWRAPPING_KEY_SIZE_RANGE: + return _("Cannot import because the key is of the wrong size"); + case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: + return _("Cannot import because the key is of the wrong type"); + case CKR_USER_ALREADY_LOGGED_IN: + return _("You are already logged in"); + case CKR_USER_NOT_LOGGED_IN: + return _("No user has logged in"); + case CKR_USER_PIN_NOT_INITIALIZED: + return _("The user's password or PIN is not set"); + case CKR_USER_TYPE_INVALID: + return _("The user is of an invalid type"); + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + return _("Another user is already logged in"); + case CKR_USER_TOO_MANY_TYPES: + return _("Too many users of different types are logged in"); + case CKR_WRAPPED_KEY_INVALID: + return _("Cannot import an invalid key"); + case CKR_WRAPPED_KEY_LEN_RANGE: + return _("Cannot import a key of the wrong size"); + case CKR_WRAPPING_KEY_HANDLE_INVALID: + return _("Cannot export because the key is invalid"); + case CKR_WRAPPING_KEY_SIZE_RANGE: + return _("Cannot export because the key is of the wrong size"); + case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: + return _("Cannot export because the key is of the wrong type"); + case CKR_RANDOM_SEED_NOT_SUPPORTED: + return _("Unable to initialize the random number generator"); + case CKR_RANDOM_NO_RNG: + return _("No random number generator available"); + case CKR_DOMAIN_PARAMS_INVALID: + return _("The crypto mechanism has an invalid parameter"); + case CKR_BUFFER_TOO_SMALL: + return _("Not enough space to store the result"); + case CKR_SAVED_STATE_INVALID: + return _("The saved state is invalid"); + case CKR_INFORMATION_SENSITIVE: + return _("The information is sensitive and cannot be revealed"); + case CKR_STATE_UNSAVEABLE: + return _("The state cannot be saved"); + case CKR_CRYPTOKI_NOT_INITIALIZED: + return _("The module has not been initialized"); + case CKR_CRYPTOKI_ALREADY_INITIALIZED: + return _("The module has already been initialized"); + case CKR_MUTEX_BAD: + return _("Cannot lock data"); + case CKR_MUTEX_NOT_LOCKED: + return _("The data cannot be locked"); + case CKR_FUNCTION_REJECTED: + return _("The request was rejected by the user"); + + default: + return _("Unknown error"); + } +} diff --git a/p11-kit/mock-module-ep.c b/p11-kit/mock-module-ep.c new file mode 100644 index 0000000..4324433 --- /dev/null +++ b/p11-kit/mock-module-ep.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep2.c b/p11-kit/mock-module-ep2.c new file mode 100644 index 0000000..ee71711 --- /dev/null +++ b/p11-kit/mock-module-ep2.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" + +#include + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep3.c b/p11-kit/mock-module-ep3.c new file mode 100644 index 0000000..4bf403c --- /dev/null +++ b/p11-kit/mock-module-ep3.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" +#include "test.h" + +#include + +static CK_RV +override_initialize (CK_VOID_PTR init_args) +{ + CK_C_INITIALIZE_ARGS_PTR args = init_args; + + assert_str_eq ("initialize-arg", args->pReserved); + + return mock_C_Initialize (init_args); +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + mock_module.C_Initialize = override_initialize; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep4.c b/p11-kit/mock-module-ep4.c new file mode 100644 index 0000000..5170b6b --- /dev/null +++ b/p11-kit/mock-module-ep4.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" +#include "test.h" + +#include + +static pid_t init_pid; + +static CK_RV +override_initialize (CK_VOID_PTR init_args) +{ + if (init_pid != getpid ()) + return CKR_GENERAL_ERROR; + return mock_C_Initialize (init_args); +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + init_pid = getpid (); + mock_module.C_Initialize = override_initialize; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep5.c b/p11-kit/mock-module-ep5.c new file mode 100644 index 0000000..ae8ddcc --- /dev/null +++ b/p11-kit/mock-module-ep5.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2018 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter , Daiki Ueno + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" +#include "test.h" + +static bool initialized = false; + +static CK_RV +override_initialize (CK_VOID_PTR init_args) +{ + CK_RV rv; + + if (initialized) + return CKR_CRYPTOKI_ALREADY_INITIALIZED; + rv = mock_C_Initialize (init_args); + if (rv == CKR_OK) + initialized = true; + return rv; +} + +static CK_RV +override_finalize (CK_VOID_PTR reserved) +{ + initialized = false; + return mock_C_Finalize (reserved); +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + mock_module.C_Initialize = override_initialize; + mock_module.C_Finalize = override_finalize; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep6.c b/p11-kit/mock-module-ep6.c new file mode 100644 index 0000000..9821b3d --- /dev/null +++ b/p11-kit/mock-module-ep6.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2019 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter , Daiki Ueno + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" +#include "test.h" + +static size_t called = 0; + +static CK_RV +override_get_slot_list (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + /* Return 0 on the first attempt to retrieve slot list. Note + * that this function is typically called twice: first to get + * the number of slots, and then to retrieve the slot list. + */ + if (called++ < 2) { + *count = 0; + return CKR_OK; + } + + return mock_C_GetSlotList (token_present, slot_list, count); +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + mock_module.C_GetSlotList = override_get_slot_list; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep7.c b/p11-kit/mock-module-ep7.c new file mode 100644 index 0000000..51fad06 --- /dev/null +++ b/p11-kit/mock-module-ep7.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2019 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter , Daiki Ueno + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" +#include "test.h" + +static CK_RV +override_wait_for_slot_event (CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + if (flags & CKF_DONT_BLOCK) { + *slot = MOCK_SLOT_ONE_ID; + return CKR_OK; + } + + return mock_C_WaitForSlotEvent(flags, slot, reserved); +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + mock_module.C_WaitForSlotEvent = override_wait_for_slot_event; + *list = &mock_module; + return CKR_OK; +} diff --git a/p11-kit/mock-module-ep8.c b/p11-kit/mock-module-ep8.c new file mode 100644 index 0000000..40f210f --- /dev/null +++ b/p11-kit/mock-module-ep8.c @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2020 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter , Daiki Ueno, Anderson Sasaki + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS 1 +#include "pkcs11.h" + +#include "mock.h" +#include "test.h" + +#define MOCK_SLOT_THREE_ID 792 + +/* Update mock-module.h URIs when updating this */ + +static int called = 0; +static CK_SLOT_ID last_id = 1; + +static CK_RV +override_get_slot_list (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + if (count == NULL) + return CKR_ARGUMENTS_BAD; + + /* For odd numbered calls, the module will return 1 slot with a slot ID + * returned previously. + * + * For even numbered calls, the module will return 2 slots, being the new + * slot put first in the list */ + if (called % 2) { + if (slot_list == NULL) { + *count = 1; + return CKR_OK; + } + if (*count < 1) { + return CKR_BUFFER_TOO_SMALL; + } + + slot_list[0] = last_id; + *count = 1; + } else { + if (slot_list == NULL) { + *count = 2; + return CKR_OK; + } + + if (*count < 2) { + return CKR_BUFFER_TOO_SMALL; + } + + slot_list[1] = last_id; + slot_list[0] = ++last_id; + + *count = 2; + } + + ++called; + + return CKR_OK; +} + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + mock_module_init (); + mock_module.C_GetFunctionList = C_GetFunctionList; + if (list == NULL) + return CKR_ARGUMENTS_BAD; + mock_module.C_GetSlotList= override_get_slot_list; + *list = &mock_module; + return CKR_OK; +} + diff --git a/p11-kit/modules.c b/p11-kit/modules.c new file mode 100644 index 0000000..22f1740 --- /dev/null +++ b/p11-kit/modules.c @@ -0,0 +1,2814 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2017 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +/* We use and define deprecated functions here */ +#define P11_KIT_NO_DEPRECATIONS +#define P11_DEBUG_FLAG P11_DEBUG_LIB + +#include "conf.h" +#include "debug.h" +#include "dict.h" +#include "library.h" +#include "log.h" +#include "message.h" +#include "modules.h" +#include "path.h" +#include "pkcs11.h" +#include "p11-kit.h" +#include "private.h" +#include "proxy.h" +#include "rpc.h" +#include "virtual.h" + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * SECTION:p11-kit + * @title: Modules + * @short_description: Module loading and initializing + * + * PKCS\#11 modules are used by crypto libraries and applications to access + * crypto objects (like keys and certificates) and to perform crypto operations. + * + * In order for applications to behave consistently with regard to the user's + * installed PKCS\#11 modules, each module must be configured so that applications + * or libraries know that they should load it. + * + * When multiple consumers of a module (such as libraries or applications) are + * in the same process, coordination of the initialization and finalization + * of PKCS\#11 modules is required. To do this modules are managed by p11-kit. + * This means that various unsafe methods are coordinated between callers. Unmanaged + * modules are simply the raw PKCS\#11 module pointers without p11-kit getting in the + * way. It is highly recommended that the default managed behavior is used. + * + * The functions here provide support for initializing configured modules. The + * p11_kit_modules_load() function should be used to load and initialize + * the configured modules. When done, the p11_kit_modules_release() function + * should be used to release those modules and associated resources. + * + * In addition p11_kit_config_option() can be used to access other parts + * of the module configuration. + * + * If a consumer wishes to load an arbitrary PKCS\#11 module that's not + * configured use p11_kit_module_load() to do so. And use p11_kit_module_release() + * to later release it. + * + * Modules are represented by a pointer to their CK_FUNCTION_LIST + * entry points. + */ + +/** + * SECTION:p11-kit-deprecated + * @title: Deprecated + * @short_description: Deprecated functions + * + * These functions have been deprecated from p11-kit and are not recommended for + * general usage. In large part they were deprecated because they did not adequately + * insulate multiple callers of a PKCS\#11 module from another, and could not + * support the 'managed' mode needed to do this. + */ + +/** + * P11_KIT_MODULE_UNMANAGED: + * + * Module is loaded in non 'managed' mode. This is not recommended, + * disables many features, and prevents coordination between multiple + * callers of the same module. + */ + +/** + * P11_KIT_MODULE_CRITICAL: + * + * Flag to load a module in 'critical' mode. Failure to load a critical module + * will prevent all other modules from loading. A failure when loading a + * non-critical module skips that module. + */ + +typedef struct _Module { + /* + * When using managed modules, this forms the base of the + * virtual stack into which all the other modules call. This is also + * the first field in this structure so we can cast between them. + */ + p11_virtual virt; + + /* The initialize args built from configuration */ + CK_C_INITIALIZE_ARGS init_args; + int ref_count; + int init_count; + + /* Registered modules */ + char *name; + char *filename; + p11_dict *config; + bool critical; + + /* + * This is a pointer to the actual dl shared module, or perhaps + * the RPC client context. + */ + void *loaded_module; + p11_kit_destroyer loaded_destroy; + + /* Initialization, mutex must be held */ + p11_mutex_t initialize_mutex; + unsigned int initialize_called; + p11_thread_id_t initialize_thread; +} Module; + +/* + * Shared data between threads, protected by the mutex, a structure so + * we can audit thread safety easier. + */ +static struct _Shared { + p11_dict *modules; + p11_dict *unmanaged_by_funcs; + p11_dict *managed_by_closure; + p11_dict *config; +} gl = { NULL, NULL }; + +/* These are global variables to be overridden in tests */ +const char *p11_config_system_file = P11_SYSTEM_CONFIG_FILE; +const char *p11_config_user_file = P11_USER_CONFIG_FILE; +const char *p11_config_package_modules = P11_PACKAGE_CONFIG_MODULES; +const char *p11_config_system_modules = P11_SYSTEM_CONFIG_MODULES; +const char *p11_config_user_modules = P11_USER_CONFIG_MODULES; + +/* ----------------------------------------------------------------------------- + * P11-KIT FUNCTIONALITY + */ + +/** + * p11_kit_override_system_files: + * @system_conf: the system configuration file (default: system_config_dir/pkcs11.conf) + * @user_conf: the user configuration file (default: ~/.config/pkcs11/pkcs11.conf) + * @package_modules: location of modules shipped by p11-kit (default: system_config/modules) + * @system_modules: location of system pkcs11 modules (default: system_config/modules) + * @user_modules: location of user modules (default: ~/.config/pkcs11/modules) + * + * Overrides the default system configuration files. The + * provided values should be accessible for the lifetime + * of p11-kit usage. + * + * When the value %NULL is provided for any of the locations, + * it will not be updated. + * + * This is function intended to be used in test suites and + * not production, and as such %P11_KIT_FUTURE_UNSTABLE_API + * must be defined before including p11-kit.h. + * + * Since: 0.23.10 + * + */ +void +p11_kit_override_system_files (const char *system_conf, + const char *user_conf, + const char *package_modules, + const char *system_modules, + const char *user_modules) +{ + if (system_conf) + p11_config_system_file = system_conf; + + if (user_conf) + p11_config_user_file = user_conf; + + if (package_modules) + p11_config_package_modules = package_modules; + + if (system_modules) + p11_config_system_modules = system_modules; + + if (user_modules) + p11_config_user_modules = user_modules; +} + +static CK_RV +create_mutex (CK_VOID_PTR_PTR mut) +{ + p11_mutex_t *pmutex; + + return_val_if_fail (mut != NULL, CKR_ARGUMENTS_BAD); + + pmutex = malloc (sizeof (p11_mutex_t)); + return_val_if_fail (pmutex != NULL, CKR_HOST_MEMORY); + + p11_mutex_init (pmutex); + *mut = pmutex; + return CKR_OK; +} + +static CK_RV +destroy_mutex (CK_VOID_PTR mut) +{ + p11_mutex_t *pmutex = mut; + + return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); + + p11_mutex_uninit (pmutex); + free (pmutex); + return CKR_OK; +} + +static CK_RV +lock_mutex (CK_VOID_PTR mut) +{ + p11_mutex_t *pmutex = mut; + + return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); + + p11_mutex_lock (pmutex); + return CKR_OK; +} + +static CK_RV +unlock_mutex (CK_VOID_PTR mut) +{ + p11_mutex_t *pmutex = mut; + + return_val_if_fail (mut != NULL, CKR_MUTEX_BAD); + + p11_mutex_unlock (pmutex); + return CKR_OK; +} + +static void +free_module_unlocked (void *data) +{ + Module *mod = data; + + assert (mod != NULL); + + /* Module must have no outstanding references */ + assert (mod->ref_count == 0); + + if (mod->init_count > 0) { + p11_debug_precond ("module unloaded without C_Finalize having been " + "called for each C_Initialize"); + } else { + assert (mod->initialize_thread == 0); + } + + p11_virtual_uninit (&mod->virt); + + if (mod->loaded_destroy) + mod->loaded_destroy (mod->loaded_module); + + p11_mutex_uninit (&mod->initialize_mutex); + p11_dict_free (mod->config); + free (mod->name); + free (mod->filename); + free (mod->init_args.pReserved); + free (mod); +} + +static Module * +alloc_module_unlocked (void) +{ + Module *mod; + + mod = calloc (1, sizeof (Module)); + return_val_if_fail (mod != NULL, NULL); + + mod->init_args.CreateMutex = create_mutex; + mod->init_args.DestroyMutex = destroy_mutex; + mod->init_args.LockMutex = lock_mutex; + mod->init_args.UnlockMutex = unlock_mutex; + mod->init_args.flags = CKF_OS_LOCKING_OK; + p11_mutex_init (&mod->initialize_mutex); + + /* + * The default for configured modules is non-critical, but for + * modules loaded explicitly, and not from config, we treat them + * as critical. So this gets overridden for configured modules + * later when the config is loaded. + */ + mod->critical = true; + + return mod; +} + +#ifdef __GNUC__ +bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) __attribute__((weak)); + +bool +p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) +{ + return false; +} +#endif + +static CK_RV +dlopen_and_get_function_list (Module *mod, + const char *path, + CK_FUNCTION_LIST **funcs) +{ + CK_C_GetFunctionList gfl; + dl_module_t dl; + char *error; + CK_RV rv; + + assert (mod != NULL); + assert (path != NULL); + assert (funcs != NULL); + + dl = p11_dl_open (path); + if (dl == NULL) { + error = p11_dl_error (); + p11_message ("couldn't load module: %s: %s", path, error); + free (error); + return CKR_GENERAL_ERROR; + } + + /* When the Module goes away, dlclose the loaded module */ + mod->loaded_destroy = (p11_kit_destroyer)p11_dl_close; + mod->loaded_module = dl; + + gfl = p11_dl_symbol (dl, "C_GetFunctionList"); + if (!gfl) { + error = p11_dl_error (); + p11_message ("couldn't find C_GetFunctionList entry point in module: %s: %s", + path, error); + free (error); + return CKR_GENERAL_ERROR; + } + + rv = gfl (funcs); + if (rv != CKR_OK) { + p11_message ("call to C_GetFunctiontList failed in module: %s: %s", + path, p11_kit_strerror (rv)); + return rv; + } + + if (p11_proxy_module_check (*funcs)) { + p11_message ("refusing to load the p11-kit-proxy.so module as a registered module"); + return CKR_FUNCTION_FAILED; + } + + p11_virtual_init (&mod->virt, &p11_virtual_base, *funcs, NULL); + p11_debug ("opened module: %s", path); + return CKR_OK; +} + +static CK_RV +load_module_from_file_inlock (const char *name, + const char *path, + Module **result) +{ + CK_FUNCTION_LIST *funcs; + char *expand = NULL; + Module *mod; + Module *prev; + CK_RV rv; + + assert (path != NULL); + assert (result != NULL); + + mod = alloc_module_unlocked (); + return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); + + if (!p11_path_absolute (path)) { + p11_debug ("module path is relative, loading from: %s", P11_MODULE_PATH); + path = expand = p11_path_build (P11_MODULE_PATH, path, NULL); + return_val_if_fail (path != NULL, CKR_HOST_MEMORY); + } + + p11_debug ("loading module %s%sfrom path: %s", + name ? name : "", name ? " " : "", path); + + mod->filename = strdup (path); + + rv = dlopen_and_get_function_list (mod, path, &funcs); + free (expand); + + if (rv != CKR_OK) { + free_module_unlocked (mod); + return rv; + } + + /* Do we have a previous one like this, if so ignore load */ + prev = p11_dict_get (gl.unmanaged_by_funcs, funcs); + + /* If same module was loaded previously, just take over config */ + if (prev != NULL) { + if (!name || prev->name || prev->config) + p11_debug ("duplicate module %s, using previous", name); + free_module_unlocked (mod); + mod = prev; + + /* This takes ownership of the module */ + } else if (!p11_dict_set (gl.modules, mod, mod) || + !p11_dict_set (gl.unmanaged_by_funcs, funcs, mod)) { + return_val_if_reached (CKR_HOST_MEMORY); + } + + *result= mod; + return CKR_OK; +} + +static CK_RV +setup_module_for_remote_inlock (const char *name, + const char *remote, + Module **result) +{ + p11_rpc_transport *rpc; + Module *mod; + + p11_debug ("remoting module %s using: %s", name, remote); + + mod = alloc_module_unlocked (); + return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); + + rpc = p11_rpc_transport_new (&mod->virt, remote, name); + if (rpc == NULL) { + free_module_unlocked (mod); + return CKR_DEVICE_ERROR; + } + + mod->filename = NULL; + mod->loaded_module = rpc; + mod->loaded_destroy = p11_rpc_transport_free; + + /* This takes ownership of the module */ + if (!p11_dict_set (gl.modules, mod, mod)) + return_val_if_reached (CKR_HOST_MEMORY); + + *result = mod; + return CKR_OK; +} + +static int +is_list_delimiter (char ch) +{ + return ch == ',' || isspace (ch); +} + +static bool +is_string_in_list (const char *list, + const char *string) +{ + const char *where; + const char *start = list; + + while (*start != '\0') { + where = strstr (start, string); + if (where == NULL) + return false; + + /* Has to be at beginning/end of string, and delimiter before/after */ + if (where != list && !is_list_delimiter (*(where - 1))) { + start += strlen (string); + continue; + } + + where += strlen (string); + if (*where == '\0' || is_list_delimiter (*where)) { + return true; + } + start = where; + } + + return false; +} + +static bool +is_module_enabled_unlocked (const char *name, + p11_dict *config, + int flags) +{ + const char *progname; + const char *enable_in; + const char *disable_in; + bool enable = false; + + enable_in = p11_dict_get (config, "enable-in"); + disable_in = p11_dict_get (config, "disable-in"); + + /* Defaults to enabled if neither of these are set */ + if (!enable_in && !disable_in) + return true; + + progname = _p11_get_progname_unlocked (); + if (enable_in && disable_in) + p11_message ("module '%s' has both enable-in and disable-in options", name); + if (enable_in) { + enable = (progname != NULL && + is_string_in_list (enable_in, progname)) || + ((flags & P11_KIT_MODULE_LOADED_FROM_PROXY) != 0 && + is_string_in_list (enable_in, "p11-kit-proxy")); + } else if (disable_in) { + enable = (progname == NULL || + !is_string_in_list (disable_in, progname)) && + ((flags & P11_KIT_MODULE_LOADED_FROM_PROXY) == 0 || + !is_string_in_list (disable_in, "p11-kit-proxy")); + } + + p11_debug ("%s module '%s' running in '%s'", + enable ? "enabled" : "disabled", + name, + progname ? progname : "(null)"); + return enable; +} + +static CK_RV +take_config_and_load_module_inlock (char **name, + p11_dict **config, + bool critical, + bool verbose) +{ + const char *filename = NULL; + const char *remote = NULL; + char *init_reserved = NULL; + CK_RV rv = CKR_OK; + Module *mod; + + assert (name); + assert (*name); + assert (config); + assert (*config); + + if (!is_module_enabled_unlocked (*name, *config, 0)) + goto out; + + remote = p11_dict_get (*config, "remote"); + if (remote == NULL) { + filename = p11_dict_get (*config, "module"); + if (filename == NULL) { + p11_debug ("no module path for module, skipping: %s", *name); + goto out; + } + } + + if (remote != NULL) { + rv = setup_module_for_remote_inlock (*name, remote, &mod); + if (rv != CKR_OK) + goto out; + + } else { + + rv = load_module_from_file_inlock (*name, filename, &mod); + if (rv != CKR_OK) + goto out; + } + + /* + * We support setting of CK_C_INITIALIZE_ARGS.pReserved from + * 'x-init-reserved' setting in the config. This only works with specific + * PKCS#11 modules, and is non-standard use of that field. + */ + init_reserved = p11_dict_get (*config, "x-init-reserved"); + if (init_reserved) { + if (verbose) { + init_reserved = strconcat (init_reserved, " verbose=yes", NULL); + } else { + init_reserved = strdup (init_reserved); + } + if (init_reserved == NULL) { + rv = CKR_HOST_MEMORY; + goto out; + } + } + mod->init_args.pReserved = init_reserved; + + /* Take ownership of these variables */ + p11_dict_free (mod->config); + mod->config = *config; + *config = NULL; + free (mod->name); + mod->name = *name; + *name = NULL; + mod->critical = critical; + +out: + return rv; +} + +static CK_RV +load_registered_modules_unlocked (int flags) +{ + p11_dictiter iter; + p11_dict *configs; + void *key; + char *name; + p11_dict *config; + int mode; + CK_RV rv; + bool critical; + bool verbose; + + if (gl.config) + return CKR_OK; + + /* Load the global configuration files */ + config = _p11_conf_load_globals (p11_config_system_file, p11_config_user_file, &mode); + if (config == NULL) + return CKR_GENERAL_ERROR; + + assert (mode != CONF_USER_INVALID); + + configs = _p11_conf_load_modules (mode, + p11_config_package_modules, + p11_config_system_modules, + p11_config_user_modules); + if (configs == NULL) { + rv = CKR_GENERAL_ERROR; + p11_dict_free (config); + return rv; + } + + assert (gl.config == NULL); + gl.config = config; + + /* + * Now go through each config and turn it into a module. As we iterate + * we steal the values of the config. + */ + p11_dict_iterate (configs, &iter); + while (p11_dict_next (&iter, &key, NULL)) { + if (!p11_dict_steal (configs, key, (void**)&name, (void**)&config)) + assert_not_reached (); + + /* Is this a critical module, should abort loading of others? */ + critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false); + verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0; + rv = take_config_and_load_module_inlock (&name, &config, critical, verbose); + + /* + * These variables will be cleared if ownership is transeferred + * by the above function call. + */ + p11_dict_free (config); + + if (critical && rv != CKR_OK) { + p11_message ("aborting initialization because module '%s' was marked as critical", + name); + p11_dict_free (configs); + free (name); + return rv; + } + + free (name); + } + + p11_dict_free (configs); + return CKR_OK; +} + +static CK_RV +initialize_module_inlock_reentrant (Module *mod, CK_C_INITIALIZE_ARGS *init_args) +{ + CK_RV rv = CKR_OK; + p11_thread_id_t self; + + assert (mod); + + self = p11_thread_id_self (); + + if (mod->initialize_thread == self) { + p11_message ("p11-kit initialization called recursively"); + return CKR_FUNCTION_FAILED; + } + + /* + * Increase ref first, so module doesn't get freed out from + * underneath us when the mutex is unlocked below. + */ + ++mod->ref_count; + mod->initialize_thread = self; + + /* Change over to the module specific mutex */ + p11_unlock (); + p11_mutex_lock (&mod->initialize_mutex); + + if (mod->initialize_called != p11_forkid) { + p11_debug ("C_Initialize: calling"); + + /* The init_args argument takes precedence over mod->init_args */ + if (init_args == NULL) + init_args = &mod->init_args; + + rv = mod->virt.funcs.C_Initialize (&mod->virt.funcs, + init_args); + + p11_debug ("C_Initialize: result: %lu", rv); + + /* Module was initialized and C_Finalize should be called */ + if (rv == CKR_OK) + mod->initialize_called = p11_forkid; + else + mod->initialize_called = 0; + + /* Module was already initialized, we don't call C_Finalize */ + if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) + rv = CKR_OK; + + /* Matches the init count in finalize_module_inlock_reentrant() */ + if (rv == CKR_OK) + mod->init_count = 0; + } + + p11_mutex_unlock (&mod->initialize_mutex); + p11_lock (); + + if (rv == CKR_OK) { + /* Matches the ref count in finalize_module_inlock_reentrant() */ + if (mod->init_count == 0) + mod->ref_count++; + mod->init_count++; + } + + mod->ref_count--; + mod->initialize_thread = 0; + return rv; +} + +static CK_RV +init_globals_unlocked (void) +{ + static bool once = false; + + if (!gl.modules) { + gl.modules = p11_dict_new (p11_dict_direct_hash, + p11_dict_direct_equal, + free_module_unlocked, NULL); + return_val_if_fail (gl.modules != NULL, CKR_HOST_MEMORY); + } + + if (!gl.unmanaged_by_funcs) { + gl.unmanaged_by_funcs = p11_dict_new (p11_dict_direct_hash, + p11_dict_direct_equal, + NULL, NULL); + return_val_if_fail (gl.unmanaged_by_funcs != NULL, CKR_HOST_MEMORY); + } + + if (!gl.managed_by_closure) { + gl.managed_by_closure = p11_dict_new (p11_dict_direct_hash, + p11_dict_direct_equal, + NULL, NULL); + return_val_if_fail (gl.managed_by_closure != NULL, CKR_HOST_MEMORY); + } + + if (once) + return CKR_OK; + + once = true; + + return CKR_OK; +} + +static void +free_modules_when_no_refs_unlocked (void) +{ + if (gl.modules) { + Module *mod; + p11_dictiter iter; + + /* Check if any modules have a ref count */ + p11_dict_iterate (gl.modules, &iter); + while (p11_dict_next (&iter, (void **)&mod, NULL)) { + if (mod->ref_count) + return; + } + } + + p11_dict_free (gl.unmanaged_by_funcs); + gl.unmanaged_by_funcs = NULL; + + p11_dict_free (gl.managed_by_closure); + gl.managed_by_closure = NULL; + + p11_dict_free (gl.modules); + gl.modules = NULL; + + p11_dict_free (gl.config); + gl.config = NULL; +} + +static CK_RV +finalize_module_inlock_reentrant (Module *mod) +{ + assert (mod); + + /* + * We leave module info around until all are finalized + * so we can encounter these zombie Module structures. + */ + if (mod->ref_count == 0) + return CKR_ARGUMENTS_BAD; + + if (--mod->init_count > 0) + return CKR_OK; + + /* + * Because of the mutex unlock below, we temporarily increase + * the ref count. This prevents module from being freed out + * from ounder us. + */ + + p11_unlock (); + p11_mutex_lock (&mod->initialize_mutex); + + if (mod->initialize_called == p11_forkid) { + mod->virt.funcs.C_Finalize (&mod->virt.funcs, NULL); + mod->initialize_called = 0; + } + + p11_mutex_unlock (&mod->initialize_mutex); + p11_lock (); + + /* Match the ref increment in initialize_module_inlock_reentrant() */ + mod->ref_count--; + + free_modules_when_no_refs_unlocked (); + return CKR_OK; +} + +static CK_RV +initialize_registered_inlock_reentrant (void) +{ + p11_dictiter iter; + Module *mod; + CK_RV rv; + + /* + * This is only called by deprecated code. The caller expects all + * configured and enabled modules to be initialized. + */ + + rv = init_globals_unlocked (); + if (rv != CKR_OK) + return rv; + + rv = load_registered_modules_unlocked (0); + if (rv == CKR_OK) { + p11_dict_iterate (gl.unmanaged_by_funcs, &iter); + while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) { + + /* Skip all modules that aren't registered or enabled */ + if (mod->name == NULL || !is_module_enabled_unlocked (mod->name, mod->config, 0)) + continue; + + rv = initialize_module_inlock_reentrant (mod, NULL); + if (rv != CKR_OK) { + if (mod->critical) { + p11_message ("initialization of critical module '%s' failed: %s", + mod->name, p11_kit_strerror (rv)); + } else { + p11_message ("skipping module '%s' whose initialization failed: %s", + mod->name, p11_kit_strerror (rv)); + rv = CKR_OK; + } + } + } + } + + return rv; +} + +static Module * +module_for_functions_inlock (CK_FUNCTION_LIST *funcs) +{ + if (p11_virtual_is_wrapper (funcs)) + return p11_dict_get (gl.managed_by_closure, funcs); + else + return p11_dict_get (gl.unmanaged_by_funcs, funcs); +} + +static CK_FUNCTION_LIST * +unmanaged_for_module_inlock (Module *mod) +{ + CK_FUNCTION_LIST *funcs; + + funcs = mod->virt.lower_module; + if (p11_dict_get (gl.unmanaged_by_funcs, funcs) == mod) + return funcs; + + return NULL; +} + +/** + * p11_kit_initialize_registered: + * + * Initialize all the registered PKCS\#11 modules. + * + * If this is the first time this function is called multiple times + * consecutively within a single process, then it merely increments an + * initialization reference count for each of these modules. + * + * Use p11_kit_finalize_registered() to finalize these registered modules once + * the caller is done with them. + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Deprecated: Since: 0.19.0: Use p11_kit_modules_load() instead. + * + * Returns: CKR_OK if the initialization succeeded, or an error code. + */ +CK_RV +p11_kit_initialize_registered (void) +{ + CK_RV rv; + + p11_library_init_once (); + + /* WARNING: This function must be reentrant */ + p11_debug ("in"); + + p11_lock (); + + p11_message_clear (); + + /* WARNING: Reentrancy can occur here */ + rv = initialize_registered_inlock_reentrant (); + + _p11_kit_default_message (rv); + + p11_unlock (); + + /* Cleanup any partial initialization */ + if (rv != CKR_OK) + p11_kit_finalize_registered (); + + p11_debug ("out: %lu", rv); + return rv; +} + +static CK_RV +finalize_registered_inlock_reentrant (void) +{ + Module *mod; + p11_dictiter iter; + Module **to_finalize; + int i, count; + + /* + * This is only called from deprecated code. The caller expects all + * modules initialized earlier to be finalized (once). If non-critical + * modules failed to initialize, then it is not possible to completely + * guarantee the internal state. + */ + + if (!gl.modules) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + /* WARNING: This function must be reentrant */ + + to_finalize = calloc (p11_dict_size (gl.unmanaged_by_funcs) + 1, sizeof (Module *)); + if (!to_finalize) + return CKR_HOST_MEMORY; + + count = 0; + p11_dict_iterate (gl.unmanaged_by_funcs, &iter); + while (p11_dict_next (&iter, NULL, (void **)&mod)) { + + /* Skip all modules that aren't registered */ + if (mod->name && mod->init_count) + to_finalize[count++] = mod; + } + + p11_debug ("finalizing %d modules", count); + + for (i = 0; i < count; ++i) { + /* WARNING: Reentrant calls can occur here */ + finalize_module_inlock_reentrant (to_finalize[i]); + } + + free (to_finalize); + + /* In case nothing loaded, free up internal memory */ + if (count == 0) + free_modules_when_no_refs_unlocked (); + + return CKR_OK; +} + +/** + * p11_kit_finalize_registered: + * + * Finalize all the registered PKCS\#11 modules. These should have been + * initialized with p11_kit_initialize_registered(). + * + * If p11_kit_initialize_registered() has been called more than once in this + * process, then this function must be called the same number of times before + * actual finalization will occur. + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Deprecated: Since 0.19.0: Use p11_kit_modules_release() instead. + * + * Returns: CKR_OK if the finalization succeeded, or an error code. + */ + +CK_RV +p11_kit_finalize_registered (void) +{ + CK_RV rv; + + p11_library_init_once (); + + /* WARNING: This function must be reentrant */ + p11_debug ("in"); + + p11_lock (); + + p11_message_clear (); + + /* WARNING: Reentrant calls can occur here */ + rv = finalize_registered_inlock_reentrant (); + + _p11_kit_default_message (rv); + + p11_unlock (); + + p11_debug ("out: %lu", rv); + return rv; +} + +static int +compar_priority (const void *one, + const void *two) +{ + CK_FUNCTION_LIST_PTR f1 = *((CK_FUNCTION_LIST_PTR *)one); + CK_FUNCTION_LIST_PTR f2 = *((CK_FUNCTION_LIST_PTR *)two); + Module *m1, *m2; + const char *v1, *v2; + int o1, o2; + + m1 = module_for_functions_inlock (f1); + m2 = module_for_functions_inlock (f2); + assert (m1 != NULL && m2 != NULL); + + v1 = p11_dict_get (m1->config, "priority"); + v2 = p11_dict_get (m2->config, "priority"); + + o1 = atoi (v1 ? v1 : "0"); + o2 = atoi (v2 ? v2 : "0"); + + /* Priority is in descending order, highest first */ + if (o1 != o2) + return o1 > o2 ? -1 : 1; + + /* + * Otherwise use the names alphabetically in ascending order. This + * is really just to provide consistency between various loads of + * the configuration. + */ + if (m1->name == m2->name) + return 0; + if (!m1->name) + return -1; + if (!m2->name) + return 1; + return strcmp (m1->name, m2->name); +} + +static void +sort_modules_by_priority (CK_FUNCTION_LIST_PTR *modules, + int count) +{ + qsort (modules, count, sizeof (CK_FUNCTION_LIST_PTR), compar_priority); +} + +static CK_FUNCTION_LIST ** +list_registered_modules_inlock (void) +{ + CK_FUNCTION_LIST **result = NULL; + CK_FUNCTION_LIST *funcs; + Module *mod; + p11_dictiter iter; + int i = 0; + + /* + * This is only called by deprecated code. The caller expects to get + * a list of all registered enabled modules that have been initialized. + */ + + if (gl.unmanaged_by_funcs) { + result = calloc (p11_dict_size (gl.unmanaged_by_funcs) + 1, + sizeof (CK_FUNCTION_LIST *)); + return_val_if_fail (result != NULL, NULL); + + p11_dict_iterate (gl.unmanaged_by_funcs, &iter); + while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) { + + /* + * We don't include unreferenced modules. We don't include + * modules that have been initialized but aren't in the + * registry. These have a NULL name. + * + * In addition we check again that the module isn't disabled + * using enable-in or disable-in. This is because a caller + * can change the progname we recognize the process as after + * having initialized. This is a corner case, but want to make + * sure to cover it. + */ + if (mod->ref_count && mod->name && mod->init_count && + is_module_enabled_unlocked (mod->name, mod->config, 0)) { + result[i++] = funcs; + } + } + + sort_modules_by_priority (result, i); + } + + return result; +} + +/** + * p11_kit_registered_modules: + * + * Get a list of all the registered PKCS\#11 modules. This list will be valid + * once the p11_kit_initialize_registered() function has been called. + * + * The returned value is a NULL terminated array of + * CK_FUNCTION_LIST_PTR pointers. + * + * The returned modules are unmanaged. + * + * Deprecated: Since 0.19.0: Use p11_kit_modules_load() instead. + * + * Returns: A list of all the registered modules. Use the free() function to + * free the list. + */ +CK_FUNCTION_LIST_PTR_PTR +p11_kit_registered_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR result; + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + result = list_registered_modules_inlock (); + + p11_unlock (); + + return result; +} + +/** + * p11_kit_registered_module_to_name: + * @module: pointer to a registered module + * + * Get the name of a registered PKCS\#11 module. + * + * You can use p11_kit_registered_modules() to get a list of all the registered + * modules. This name is specified by the registered module configuration. + * + * Deprecated: Since 0.19.0: Use p11_kit_module_get_name() instead. + * + * Returns: A newly allocated string containing the module name, or + * NULL if no such registered module exists. Use free() to + * free this string. + */ +char* +p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module) +{ + return_val_if_fail (module != NULL, NULL); + return p11_kit_module_get_name (module); +} + +/** + * p11_kit_module_get_name: + * @module: pointer to a loaded module + * + * Get the configured name of the PKCS\#11 module. + * + * Configured modules are loaded by p11_kit_modules_load(). The module + * passed to this function can be either managed or unmanaged. Non + * configured modules will return %NULL. + * + * Use free() to release the return value when you're done with it. + * + * Returns: a newly allocated string containing the module name, or + * NULL if the module is not a configured module + */ +char * +p11_kit_module_get_name (CK_FUNCTION_LIST *module) +{ + Module *mod; + char *name = NULL; + + return_val_if_fail (module != NULL, NULL); + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + if (gl.modules) { + mod = module_for_functions_inlock (module); + if (mod && mod->name) + name = strdup (mod->name); + } + + p11_unlock (); + + return name; +} + +/** + * p11_kit_module_get_filename: + * @module: pointer to a loaded module + * + * Get the configured name of the PKCS\#11 module. + * + * Configured modules are loaded by p11_kit_modules_load(). The module + * passed to this function can be either managed or unmanaged. Non + * configured modules will return %NULL. + * + * Use free() to release the return value when you're done with it. + * + * Returns: a newly allocated string containing the module name, or + * NULL if the module is not a configured module + */ +char * +p11_kit_module_get_filename (CK_FUNCTION_LIST *module) +{ + Module *mod; + char *name = NULL; + + return_val_if_fail (module != NULL, NULL); + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + if (gl.modules) { + mod = module_for_functions_inlock (module); + if (mod && mod->filename) + name = strdup (mod->filename); + } + + p11_unlock (); + + return name; +} + +static const char * +module_get_option_inlock (Module *mod, + const char *option) +{ + p11_dict *config; + + if (mod == NULL) + config = gl.config; + else + config = mod->config; + if (config == NULL) + return NULL; + return p11_dict_get (config, option); +} + +/** + * p11_kit_module_get_flags: + * @module: the module + * + * Get the flags for this module. + * + * The %P11_KIT_MODULE_UNMANAGED flag will be set if the module is not + * managed by p11-kit. It is a raw PKCS\#11 module function list. + * + * The %P11_KIT_MODULE_CRITICAL flag will be set if the module is configured + * to be critical, and not be skipped over if it fails to initialize or + * load. This flag is also set for modules that are not configured, but have + * been loaded in another fashion. + * + * Returns: the flags for the module + */ +int +p11_kit_module_get_flags (CK_FUNCTION_LIST *module) +{ + const char *trusted; + Module *mod; + int flags = 0; + + return_val_if_fail (module != NULL, 0); + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + if (gl.modules) { + if (p11_virtual_is_wrapper (module)) { + mod = p11_dict_get (gl.managed_by_closure, module); + } else { + flags |= P11_KIT_MODULE_UNMANAGED; + mod = p11_dict_get (gl.unmanaged_by_funcs, module); + } + if (!mod || mod->critical) + flags |= P11_KIT_MODULE_CRITICAL; + if (mod) { + trusted = module_get_option_inlock (mod, "trust-policy"); + if (_p11_conf_parse_boolean (trusted, false)) + flags |= P11_KIT_MODULE_TRUSTED; + } + } + + p11_unlock (); + + return flags; +} + +/** + * p11_kit_registered_name_to_module: + * @name: name of a registered module + * + * Lookup a registered PKCS\#11 module by its name. This name is specified by + * the registered module configuration. + * + * Deprecated: Since 0.19.0: Use p11_kit_module_for_name() instead. + * + * Returns: a pointer to a PKCS\#11 module, or NULL if this name was + * not found. + */ +CK_FUNCTION_LIST_PTR +p11_kit_registered_name_to_module (const char *name) +{ + CK_FUNCTION_LIST_PTR module = NULL; + CK_FUNCTION_LIST_PTR funcs; + p11_dictiter iter; + Module *mod; + + return_val_if_fail (name != NULL, NULL); + + p11_lock (); + + p11_message_clear (); + + if (gl.modules) { + + assert (name); + + p11_dict_iterate (gl.unmanaged_by_funcs, &iter); + while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) { + if (mod->ref_count && mod->name && strcmp (name, mod->name) == 0) { + module = funcs; + break; + } + } + } + + p11_unlock (); + + return module; +} + +/** + * p11_kit_module_for_name: + * @modules: a list of modules to look through + * @name: the name of the module to find + * + * Look through the list of @modules and return the module whose @name + * matches. + * + * Only configured modules have names. Configured modules are loaded by + * p11_kit_modules_load(). The module passed to this function can be either + * managed or unmanaged. + * + * The return value is not copied or duplicated in anyway. It is still + * 'owned' by the @modules list. + * + * Returns: the module which matches the name, or %NULL if no match. + */ +CK_FUNCTION_LIST * +p11_kit_module_for_name (CK_FUNCTION_LIST **modules, + const char *name) +{ + CK_FUNCTION_LIST *ret = NULL; + Module *mod; + int i; + + return_val_if_fail (name != NULL, NULL); + + if (!modules) + return NULL; + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + for (i = 0; gl.modules && modules[i] != NULL; i++) { + mod = module_for_functions_inlock (modules[i]); + if (mod && mod->name && strcmp (mod->name, name) == 0) { + ret = modules[i]; + break; + } + } + + p11_unlock (); + + return ret; +} + +/** + * p11_kit_registered_option: + * @module: a pointer to a registered module + * @field: the name of the option to lookup. + * + * Lookup a configured option for a registered PKCS\#11 module. If a + * NULL module argument is specified, then this will lookup + * the configuration option in the global config file. + * + * Deprecated: Since 0.19.0: Use p11_kit_config_option() instead. + * + * Returns: A newly allocated string containing the option value, or + * NULL if the registered module or the option were not found. + * Use free() to free the returned string. + */ +char* +p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field) +{ + Module *mod = NULL; + char *option = NULL; + const char *value; + + return_val_if_fail (field != NULL, NULL); + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + if (module == NULL) + mod = NULL; + else + mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL; + + value = module_get_option_inlock (mod, field); + if (value) + option = strdup (value); + + p11_unlock (); + + return option; +} + +/** + * p11_kit_config_option: + * @module: the module to retrieve the option for, or %NULL for global options + * @option: the option to retrieve + * + * Retrieve the value for a configured option. + * + * If @module is %NULL, then the global option with the given name will + * be retrieved. Otherwise @module should point to a configured loaded module. + * If no such @option or configured @module exists, then %NULL will be returned. + * + * Use free() to release the returned value. + * + * Returns: the option value or %NULL + */ +char * +p11_kit_config_option (CK_FUNCTION_LIST *module, + const char *option) +{ + Module *mod = NULL; + const char *value = NULL; + char *ret = NULL; + + return_val_if_fail (option != NULL, NULL); + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + if (gl.modules) { + if (module != NULL) { + mod = module_for_functions_inlock (module); + if (mod == NULL) + goto cleanup; + } + + value = module_get_option_inlock (mod, option); + if (value) + ret = strdup (value); + } + + +cleanup: + p11_unlock (); + return ret; +} + +typedef struct { + p11_virtual virt; + Module *mod; + unsigned int initialized; + p11_dict *sessions; +} Managed; + +static CK_RV +managed_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + Managed *managed = ((Managed *)self); + p11_dict *sessions; + CK_RV rv; + + p11_debug ("in"); + p11_lock (); + + if (managed->initialized == p11_forkid) { + rv = CKR_CRYPTOKI_ALREADY_INITIALIZED; + + } else { + sessions = p11_dict_new (p11_dict_ulongptr_hash, + p11_dict_ulongptr_equal, + free, free); + if (!sessions) + rv = CKR_HOST_MEMORY; + else + rv = initialize_module_inlock_reentrant (managed->mod, init_args); + if (rv == CKR_OK) { + if (managed->sessions) + p11_dict_free (managed->sessions); + managed->sessions = sessions; + managed->initialized = p11_forkid; + } else { + p11_dict_free (sessions); + } + } + + p11_unlock (); + p11_debug ("out: %lu", rv); + + return rv; +} + +static CK_RV +managed_track_session_inlock (p11_dict *sessions, + CK_SLOT_ID slot_id, + CK_SESSION_HANDLE session) +{ + void *key; + void *value; + + key = memdup (&session, sizeof (CK_SESSION_HANDLE)); + return_val_if_fail (key != NULL, CKR_HOST_MEMORY); + + value = memdup (&slot_id, sizeof (CK_SESSION_HANDLE)); + return_val_if_fail (value != NULL, CKR_HOST_MEMORY); + + if (!p11_dict_set (sessions, key, value)) + return_val_if_reached (CKR_HOST_MEMORY); + + return CKR_OK; +} + +static void +managed_untrack_session_inlock (p11_dict *sessions, + CK_SESSION_HANDLE session) +{ + p11_dict_remove (sessions, &session); +} + +static CK_SESSION_HANDLE * +managed_steal_sessions_inlock (p11_dict *sessions, + bool matching_slot_id, + CK_SLOT_ID slot_id, + int *count) +{ + CK_SESSION_HANDLE *stolen; + CK_SESSION_HANDLE *key; + CK_SLOT_ID *value; + p11_dictiter iter; + int at, i; + + assert (sessions != NULL); + assert (count != NULL); + + stolen = calloc (p11_dict_size (sessions) + 1, sizeof (CK_SESSION_HANDLE)); + return_val_if_fail (stolen != NULL, NULL); + + at = 0; + p11_dict_iterate (sessions, &iter); + while (p11_dict_next (&iter, (void **)&key, (void **)&value)) { + if (!matching_slot_id || slot_id == *value) + stolen[at++] = *key; + } + + /* Removed them all, clear the whole array */ + if (at == p11_dict_size (sessions)) { + p11_dict_clear (sessions); + + /* Only removed some, go through and remove those */ + } else { + for (i = 0; i < at; i++) { + if (!p11_dict_remove (sessions, stolen + i)) + assert_not_reached (); + } + } + + *count = at; + return stolen; +} + +static void +managed_close_sessions (CK_X_FUNCTION_LIST *funcs, + CK_SESSION_HANDLE *stolen, + int count) +{ + CK_RV rv; + int i; + + for (i = 0; i < count; i++) { + rv = funcs->C_CloseSession (funcs, stolen[i]); + if (rv != CKR_OK) + p11_message ("couldn't close session: %s", p11_kit_strerror (rv)); + } +} + +static CK_RV +managed_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + Managed *managed = ((Managed *)self); + CK_SESSION_HANDLE *sessions; + int count; + CK_RV rv; + + p11_debug ("in"); + p11_lock (); + + if (managed->initialized == 0) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + } else if (managed->initialized != p11_forkid) { + /* + * In theory we should be returning CKR_CRYPTOKI_NOT_INITIALIZED here + * but enough callers are not completely aware of their forking. + * So we just clean up any state we have, rather than forcing callers + * to initialize just to finalize. + */ + p11_debug ("finalizing module in wrong process, skipping C_Finalize"); + rv = CKR_OK; + + } else { + sessions = managed_steal_sessions_inlock (managed->sessions, false, 0, &count); + + if (sessions && count) { + /* WARNING: reentrancy can occur here */ + p11_unlock (); + managed_close_sessions (&managed->mod->virt.funcs, sessions, count); + p11_lock (); + } + + free (sessions); + + /* WARNING: reentrancy can occur here */ + rv = finalize_module_inlock_reentrant (managed->mod); + } + + if (rv == CKR_OK) { + managed->initialized = 0; + p11_dict_free (managed->sessions); + managed->sessions = NULL; + } + + p11_unlock (); + p11_debug ("out: %lu", rv); + + return rv; +} + +static CK_RV +managed_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR application, + CK_NOTIFY notify, + CK_SESSION_HANDLE_PTR session) +{ + Managed *managed = ((Managed *)self); + CK_RV rv; + + return_val_if_fail (session != NULL, CKR_ARGUMENTS_BAD); + + self = &managed->mod->virt.funcs; + rv = self->C_OpenSession (self, slot_id, flags, application, notify, session); + + if (rv == CKR_OK) { + p11_lock (); + rv = managed_track_session_inlock (managed->sessions, slot_id, *session); + p11_unlock (); + } + + return rv; +} + +static CK_RV +managed_C_CloseSession (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + Managed *managed = ((Managed *)self); + CK_RV rv; + + self = &managed->mod->virt.funcs; + rv = self->C_CloseSession (self, session); + + if (rv == CKR_OK) { + p11_lock (); + managed_untrack_session_inlock (managed->sessions, session); + p11_unlock (); + } + + return rv; +} + +static CK_RV +managed_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id) +{ + Managed *managed = ((Managed *)self); + CK_SESSION_HANDLE *stolen; + int count; + + p11_lock (); + stolen = managed_steal_sessions_inlock (managed->sessions, true, slot_id, &count); + p11_unlock (); + + self = &managed->mod->virt.funcs; + managed_close_sessions (self, stolen, count); + if (stolen) { + free (stolen); + return CKR_OK; + } else { + return CKR_GENERAL_ERROR; + } + +} + +static void +managed_free_inlock (void *data) +{ + Managed *managed = data; + managed->mod->ref_count--; + free (managed); +} + +static p11_virtual * +managed_create_inlock (Module *mod) +{ + Managed *managed; + + managed = calloc (1, sizeof (Managed)); + return_val_if_fail (managed != NULL, NULL); + + p11_virtual_init (&managed->virt, &p11_virtual_stack, + &mod->virt, NULL); + managed->virt.funcs.C_Initialize = managed_C_Initialize; + managed->virt.funcs.C_Finalize = managed_C_Finalize; + managed->virt.funcs.C_CloseAllSessions = managed_C_CloseAllSessions; + managed->virt.funcs.C_CloseSession = managed_C_CloseSession; + managed->virt.funcs.C_OpenSession = managed_C_OpenSession; + managed->mod = mod; + mod->ref_count++; + + return &managed->virt; +} + +static bool +lookup_managed_option (Module *mod, + bool supported, + const char *option, + bool def_value) +{ + const char *string; + bool value; + + string = module_get_option_inlock (NULL, option); + if (!string) + string = module_get_option_inlock (mod, option); + if (!string) { + if (!supported) + return false; + return def_value; + } + + value = _p11_conf_parse_boolean (string, def_value); + + if (!supported && value != supported) { + /* + * This is because the module is running in unmanaged mode, so turn off the + */ + p11_message ("the '%s' option for module '%s' is only supported for managed modules", + option, mod->name); + } + + return value; +} + +static CK_RV +release_module_inlock_rentrant (CK_FUNCTION_LIST *module, + const char *caller_func) +{ + Module *mod; + + assert (module != NULL); + + /* See if a managed module, and finalize if so */ + if (p11_virtual_is_wrapper (module)) { + mod = p11_dict_get (gl.managed_by_closure, module); + if (mod != NULL) { + if (!p11_dict_remove (gl.managed_by_closure, module)) + assert_not_reached (); + p11_virtual_unwrap (module); + } + + /* If an unmanaged module then caller should have finalized */ + } else { + mod = p11_dict_get (gl.unmanaged_by_funcs, module); + } + + if (mod == NULL) { + p11_debug_precond ("invalid module pointer passed to %s", caller_func); + return CKR_ARGUMENTS_BAD; + } + + /* Matches the ref in prepare_module_inlock_reentrant() */ + mod->ref_count--; + return CKR_OK; +} + +CK_RV +p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST **modules) +{ + CK_RV ret = CKR_OK; + CK_RV rv; + int i; + + for (i = 0; modules[i] != NULL; i++) { + rv = release_module_inlock_rentrant (modules[i], __PRETTY_FUNCTION__); + if (rv != CKR_OK) + ret = rv; + } + + free (modules); + + /* In case nothing loaded, free up internal memory */ + free_modules_when_no_refs_unlocked (); + + return ret; +} + +static CK_RV +prepare_module_inlock_reentrant (Module *mod, + int flags, + CK_FUNCTION_LIST **module) +{ + p11_destroyer destroyer; + const char *trusted; + p11_virtual *virt; + bool is_managed; + bool with_log; + + assert (module != NULL); + + if (flags & P11_KIT_MODULE_TRUSTED) { + trusted = module_get_option_inlock (mod, "trust-policy"); + if (!_p11_conf_parse_boolean (trusted, false)) + return CKR_FUNCTION_NOT_SUPPORTED; + } + + if (flags & P11_KIT_MODULE_UNMANAGED) { + is_managed = false; + with_log = false; + } else { + is_managed = lookup_managed_option (mod, true, "managed", true); + with_log = lookup_managed_option (mod, is_managed, "log-calls", false); + } + + if (is_managed) { + virt = managed_create_inlock (mod); + return_val_if_fail (virt != NULL, CKR_HOST_MEMORY); + destroyer = managed_free_inlock; + + /* Add the logger if configured */ + if (p11_log_force || with_log) { + virt = p11_log_subclass (virt, destroyer); + destroyer = p11_log_release; + } + + *module = p11_virtual_wrap (virt, destroyer); + if (*module == NULL) + return CKR_GENERAL_ERROR; + + if (!p11_dict_set (gl.managed_by_closure, *module, mod)) + return_val_if_reached (CKR_HOST_MEMORY); + + } else { + *module = unmanaged_for_module_inlock (mod); + if (*module == NULL) + return CKR_FUNCTION_NOT_SUPPORTED; + } + + /* Matches the deref in release_module_inlock_rentrant() */ + mod->ref_count++; + return CKR_OK; +} + +CK_RV +p11_modules_load_inlock_reentrant (int flags, + CK_FUNCTION_LIST ***results) +{ + CK_FUNCTION_LIST **modules; + Module *mod; + p11_dictiter iter; + CK_RV rv; + int at; + + rv = init_globals_unlocked (); + if (rv != CKR_OK) + return rv; + + rv = load_registered_modules_unlocked (flags); + if (rv != CKR_OK) + return rv; + + modules = calloc (p11_dict_size (gl.modules) + 1, sizeof (CK_FUNCTION_LIST *)); + return_val_if_fail (modules != NULL, CKR_HOST_MEMORY); + + at = 0; + rv = CKR_OK; + + p11_dict_iterate (gl.modules, &iter); + while (p11_dict_next (&iter, NULL, (void **)&mod)) { + + /* + * We don't include unreferenced modules. We don't include + * modules that have been initialized but aren't in the + * registry. These have a NULL name. + * + * In addition we check again that the module isn't disabled + * using enable-in or disable-in. This is because a caller + * can change the progname we recognize the process as after + * having initialized. This is a corner case, but want to make + * sure to cover it. + */ + if (!mod->name || !is_module_enabled_unlocked (mod->name, mod->config, flags)) + continue; + + rv = prepare_module_inlock_reentrant (mod, flags, modules + at); + if (rv == CKR_OK) + at++; + else if (rv == CKR_FUNCTION_NOT_SUPPORTED) + rv = CKR_OK; + else + break; + } + + modules[at] = NULL; + + if (rv != CKR_OK) { + p11_modules_release_inlock_reentrant (modules); + return rv; + } + + sort_modules_by_priority (modules, at); + *results = modules; + return CKR_OK; +} + +/** + * p11_kit_modules_load: + * @reserved: set to %NULL + * @flags: flags to use to load the module + * + * Load the configured PKCS\#11 modules. + * + * If @flags contains the %P11_KIT_MODULE_UNMANAGED flag, then the + * modules will be not be loaded in 'managed' mode regardless of its + * configuration. This is not recommended for general usage. + * + * If @flags contains the %P11_KIT_MODULE_CRITICAL flag then the + * modules will all be treated as 'critical', regardless of the module + * configuration. This means that a failure to load any module will + * cause this function to fail. + * + * For unmanaged modules there is no guarantee to the state of the + * modules. Other callers may be using the modules. Using unmanaged + * modules haphazardly is not recommended for this reason. Some + * modules (such as those configured with RPC) cannot be loaded in + * unmanaged mode, and will be skipped. + * + * If @flags contains the %P11_KIT_MODULE_TRUSTED flag then only the + * marked as trusted modules will be loaded. + * + * Use p11_kit_modules_release() to release the modules returned by + * this function. + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Returns: a null terminated list of modules represented as PKCS\#11 + * function lists, or %NULL on failure + */ +CK_FUNCTION_LIST ** +p11_kit_modules_load (const char *reserved, + int flags) +{ + CK_FUNCTION_LIST **modules; + CK_RV rv; + + /* progname attribute not implemented yet */ + return_val_if_fail (reserved == NULL, NULL); + + p11_library_init_once (); + + /* WARNING: This function must be reentrant */ + p11_debug ("in"); + + /* mask out internal flags */ + flags &= P11_KIT_MODULE_MASK; + + p11_lock (); + + p11_message_clear (); + + /* WARNING: Reentrancy can occur here */ + rv = p11_modules_load_inlock_reentrant (flags, &modules); + + p11_unlock (); + + if (rv != CKR_OK) + modules = NULL; + + p11_debug ("out: %s", modules ? "success" : "fail"); + return modules; +} + +/** + * p11_kit_modules_initialize: + * @modules: a %NULL terminated list of modules + * @failure_callback: called with modules that fail to initialize + * + * Initialize all the modules in the @modules list by calling their + * C_Initialize function. + * + * For managed modules the C_Initialize function + * is overridden so that multiple callers can initialize the same + * modules. In addition for managed modules multiple callers can + * initialize from different threads, and still guarantee consistent + * thread-safe behavior. + * + * For unmanaged modules if multiple callers try to initialize + * a module, then one of the calls will return + * CKR_CRYPTOKI_ALREADY_INITIALIZED according to the + * PKCS\#11 specification. In addition there are no guarantees that + * thread-safe behavior will occur if multiple callers initialize from + * different threads. + * + * When a module fails to initialize it is removed from the @modules list. + * If the @failure_callback is not %NULL then it is called with the modules that + * fail to initialize. For example, you may pass p11_kit_module_release() + * as a @failure_callback if the @modules list was loaded wit p11_kit_modules_load(). + * + * The return value will return the failure code of the last critical + * module that failed to initialize. Non-critical module failures do not affect + * the return value. If no critical modules failed to initialize then the + * return value will be CKR_OK. + * + * When modules are removed, the list will be %NULL terminated at the + * appropriate place so it can continue to be used as a modules list. + * + * This function does not accept a CK_C_INITIALIZE_ARGS argument. + * Custom initialization arguments cannot be supported when multiple consumers + * load the same module. + * + * Returns: CKR_OK or the failure code of the last critical + * module that failed to initialize. + */ +CK_RV +p11_kit_modules_initialize (CK_FUNCTION_LIST **modules, + p11_kit_destroyer failure_callback) +{ + CK_RV ret = CKR_OK; + CK_RV rv; + bool critical; + char *name; + int i, out; + + return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD); + + for (i = 0, out = 0; modules[i] != NULL; i++, out++) { + rv = modules[i]->C_Initialize (NULL); + if (rv != CKR_OK && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { + name = p11_kit_module_get_name (modules[i]); + if (name == NULL) + name = strdup ("(unknown)"); + return_val_if_fail (name != NULL, CKR_HOST_MEMORY); + critical = (p11_kit_module_get_flags (modules[i]) & P11_KIT_MODULE_CRITICAL); + p11_message ("%s: module failed to initialize%s: %s", + name, critical ? "" : ", skipping", p11_kit_strerror (rv)); + if (critical) + ret = rv; + if (failure_callback) + failure_callback (modules[i]); + out--; + free (name); + } else { + if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) { + name = p11_kit_module_get_name (modules[i]); + p11_message ("%s: module was already initialized", + name ? name : "(unknown)"); + free (name); + } + modules[out] = modules[i]; + } + } + + /* NULL terminate after above changes */ + modules[out] = NULL; + return ret; +} + +/** + * p11_kit_modules_load_and_initialize: + * @flags: flags to use to load the modules + * + * Load and initialize configured modules. + * + * If a critical module fails to load or initialize then the function will + * return NULL. Non-critical modules will be skipped + * and not included in the returned module list. + * + * Use p11_kit_modules_finalize_and_release() when you're done with the + * modules returned by this function. + * + * The @flags allowed by this function, as well as their meaning, are the + * same as with p11_kit_modules_load(). + * + * Returns: a NULL terminated list of modules, or + * NULL on failure + */ +CK_FUNCTION_LIST ** +p11_kit_modules_load_and_initialize (int flags) +{ + CK_FUNCTION_LIST **modules; + CK_RV rv; + + /* mask out internal flags */ + flags &= P11_KIT_MODULE_MASK; + + modules = p11_kit_modules_load (NULL, flags); + if (modules == NULL) + return NULL; + + rv = p11_kit_modules_initialize (modules, (p11_destroyer)p11_kit_module_release); + if (rv != CKR_OK) { + p11_kit_modules_release (modules); + modules = NULL; + } + + return modules; +} + +/** + * p11_kit_modules_finalize: + * @modules: a NULL terminated list of modules + * + * Finalize each module in the @modules list by calling its + * C_Finalize function. Regardless of failures, all + * @modules will have their C_Finalize function called. + * + * If a module returns a failure from its C_Finalize + * method it will be returned. If multiple modules fail, the last failure + * will be returned. + * + * For managed modules the C_Finalize function + * is overridden so that multiple callers can finalize the same + * modules. In addition for managed modules multiple callers can + * finalize from different threads, and still guarantee consistent + * thread-safe behavior. + * + * For unmanaged modules if multiple callers try to finalize + * a module, then one of the calls will return + * CKR_CRYPTOKI_NOT_INITIALIZED according to the + * PKCS\#11 specification. In addition there are no guarantees that + * thread-safe behavior will occur if multiple callers finalize from + * different threads. + * + * Returns: CKR_OK or the failure code of the last + * module that failed to finalize + */ +CK_RV +p11_kit_modules_finalize (CK_FUNCTION_LIST **modules) +{ + CK_RV ret = CKR_OK; + CK_RV rv; + char *name; + int i; + + return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD); + + for (i = 0; modules[i] != NULL; i++) { + rv = modules[i]->C_Finalize (NULL); + if (rv != CKR_OK) { + name = p11_kit_module_get_name (modules[i]); + p11_message ("%s: module failed to finalize: %s", + name ? name : "(unknown)", p11_kit_strerror (rv)); + free (name); + ret = rv; + } + } + + return ret; +} + +/** + * p11_kit_modules_release: + * @modules: the modules to release + * + * Release the a set of loaded PKCS\#11 modules. + * + * The modules may be either managed or unmanaged. The array containing + * the module pointers is also freed by this function. + * + * Managed modules will not be actually released until all + * callers using them have done so. If the modules were initialized, they + * should have been finalized first. + */ +void +p11_kit_modules_release (CK_FUNCTION_LIST **modules) +{ + p11_library_init_once (); + + return_if_fail (modules != NULL); + + /* WARNING: This function must be reentrant */ + p11_debug ("in"); + + p11_lock (); + + p11_message_clear (); + p11_modules_release_inlock_reentrant (modules); + + p11_unlock (); + + p11_debug ("out"); +} + +/** + * p11_kit_modules_finalize_and_release: + * @modules: the modules to release + * + * Finalize and then release the a set of loaded PKCS\#11 modules. + * + * The modules may be either managed or unmanaged. The array containing + * the module pointers is also freed by this function. + * + * Modules are released even if their finalization returns an error code. + * Managed modules will not be actually finalized or released until all + * callers using them have done so. + * + * For managed modules the C_Finalize function + * is overridden so that multiple callers can finalize the same + * modules. In addition for managed modules multiple callers can + * finalize from different threads, and still guarantee consistent + * thread-safe behavior. + * + * For unmanaged modules if multiple callers try to finalize + * a module, then one of the calls will return + * CKR_CRYPTOKI_NOT_INITIALIZED according to the + * PKCS\#11 specification. In addition there are no guarantees that + * thread-safe behavior will occur if multiple callers initialize from + * different threads. + */ +void +p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules) +{ + return_if_fail (modules != NULL); + p11_kit_modules_finalize (modules); + p11_kit_modules_release (modules); +} + +/** + * p11_kit_initialize_module: + * @module: loaded module to initialize. + * + * Initialize an arbitrary PKCS\#11 module. Normally using the + * p11_kit_initialize_registered() is preferred. + * + * Using this function to initialize modules allows coordination between + * multiple users of the same module in a single process. It should be called + * on modules that have been loaded (with dlopen() for example) but not yet + * initialized. The caller should not yet have called the module's + * C_Initialize method. This function will call + * C_Initialize as necessary. + * + * Subsequent calls to this function for the same module will result in an + * initialization count being incremented for the module. It is safe (although + * usually unnecessary) to use this function on registered modules. + * + * The module must be finalized with p11_kit_finalize_module() instead of + * calling its C_Finalize method directly. + * + * This function does not accept a CK_C_INITIALIZE_ARGS argument. + * Custom initialization arguments cannot be supported when multiple consumers + * load the same module. + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Deprecated: Since 0.19.0: Use p11_kit_module_initialize() instead. + * + * Returns: CKR_OK if the initialization was successful. + */ +CK_RV +p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module) +{ + CK_FUNCTION_LIST_PTR result; + Module *mod; + int flags; + CK_RV rv; + + return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); + + p11_library_init_once (); + + /* WARNING: This function must be reentrant for the same arguments */ + p11_debug ("in"); + + p11_lock (); + + p11_message_clear (); + + flags = P11_KIT_MODULE_CRITICAL | P11_KIT_MODULE_UNMANAGED; + rv = p11_module_load_inlock_reentrant (module, flags, &result); + + /* An unmanaged module should return the same pointer */ + assert (rv != CKR_OK || result == module); + + if (rv == CKR_OK) { + mod = p11_dict_get (gl.unmanaged_by_funcs, module); + assert (mod != NULL); + rv = initialize_module_inlock_reentrant (mod, NULL); + if (rv != CKR_OK) { + p11_message ("module initialization failed: %s", p11_kit_strerror (rv)); + p11_module_release_inlock_reentrant (module); + } + } + + p11_unlock (); + + p11_debug ("out: %lu", rv); + return rv; +} + +CK_RV +p11_module_load_inlock_reentrant (CK_FUNCTION_LIST *module, + int flags, + CK_FUNCTION_LIST **result) +{ + Module *allocated = NULL; + Module *mod; + CK_RV rv = CKR_OK; + + rv = init_globals_unlocked (); + if (rv == CKR_OK) { + + mod = p11_dict_get (gl.unmanaged_by_funcs, module); + if (mod == NULL) { + p11_debug ("allocating new module"); + allocated = mod = alloc_module_unlocked (); + return_val_if_fail (mod != NULL, CKR_HOST_MEMORY); + p11_virtual_init (&mod->virt, &p11_virtual_base, module, NULL); + } + + /* If this was newly allocated, add it to the list */ + if (allocated) { + if (!p11_dict_set (gl.modules, allocated, allocated) || + !p11_dict_set (gl.unmanaged_by_funcs, module, allocated)) + return_val_if_reached (CKR_HOST_MEMORY); + allocated = NULL; + } + + /* WARNING: Reentrancy can occur here */ + rv = prepare_module_inlock_reentrant (mod, flags, result); + + free (allocated); + } + + /* + * If initialization failed, we may need to cleanup. + * If we added this module above, then this will + * clean things up as expected. + */ + if (rv != CKR_OK) + free_modules_when_no_refs_unlocked (); + + _p11_kit_default_message (rv); + return rv; +} + +/** + * p11_kit_module_load: + * @module_path: relative or full file path of module library + * @flags: flags to use when loading the module + * + * Load an arbitrary PKCS\#11 module from a dynamic library file, and + * initialize it. Normally using the p11_kit_modules_load() function + * is preferred. + * + * A full file path or just (path/)filename relative to + * P11_MODULE_PATH are accepted. + * + * Using this function to load modules allows coordination between multiple + * callers of the same module in a single process. If @flags contains the + * %P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded + * in 'managed' mode and not be coordinated. This is not recommended + * for general usage. + * + * Subsequent calls to this function for the same module will result in an + * initialization count being incremented for the module. It is safe (although + * usually unnecessary) to use this function on registered modules. + * + * The module should be released with p11_kit_module_release(). + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Returns: the loaded module PKCS\#11 functions or %NULL on failure + */ +CK_FUNCTION_LIST * +p11_kit_module_load (const char *module_path, + int flags) +{ + CK_FUNCTION_LIST *module = NULL; + CK_RV rv; + Module *mod; + + return_val_if_fail (module_path != NULL, NULL); + + p11_library_init_once (); + + /* WARNING: This function must be reentrant for the same arguments */ + p11_debug ("in: %s", module_path); + + /* mask out internal flags */ + flags &= P11_KIT_MODULE_MASK; + + p11_lock (); + + p11_message_clear (); + + rv = init_globals_unlocked (); + if (rv == CKR_OK) { + + rv = load_module_from_file_inlock (NULL, module_path, &mod); + if (rv == CKR_OK) { + /* WARNING: Reentrancy can occur here */ + rv = prepare_module_inlock_reentrant (mod, flags, &module); + if (rv != CKR_OK) + module = NULL; + } + } + + /* + * If initialization failed, we may need to cleanup. + * If we added this module above, then this will + * clean things up as expected. + */ + if (rv != CKR_OK) + free_modules_when_no_refs_unlocked (); + + p11_unlock (); + + p11_debug ("out: %s", module ? "success" : "fail"); + return module; + +} + +/** + * p11_kit_finalize_module: + * @module: loaded module to finalize. + * + * Finalize an arbitrary PKCS\#11 module. The module must have been initialized + * using p11_kit_initialize_module(). In most cases callers will want to use + * p11_kit_finalize_registered() instead of this function. + * + * Using this function to finalize modules allows coordination between + * multiple users of the same module in a single process. The caller should not + * call the module's C_Finalize method. This function will call + * C_Finalize as necessary. + * + * If the module was initialized more than once, then this function will + * decrement an initialization count for the module. When the count reaches zero + * the module will be truly finalized. It is safe (although usually unnecessary) + * to use this function on registered modules if (and only if) they were + * initialized using p11_kit_initialize_module() for some reason. + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Deprecated: Since 0.19.0: Use p11_kit_module_finalize() and + * p11_kit_module_release() instead. + * + * Returns: CKR_OK if the finalization was successful. + */ +CK_RV +p11_kit_finalize_module (CK_FUNCTION_LIST *module) +{ + Module *mod; + CK_RV rv = CKR_OK; + + return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); + + p11_library_init_once (); + + /* WARNING: This function must be reentrant for the same arguments */ + p11_debug ("in"); + + p11_lock (); + + p11_message_clear (); + + mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL; + if (mod == NULL) { + p11_debug ("module not found"); + rv = CKR_ARGUMENTS_BAD; + } else { + /* WARNING: Rentrancy can occur here */ + rv = finalize_module_inlock_reentrant (mod); + } + + _p11_kit_default_message (rv); + + p11_unlock (); + + p11_debug ("out: %lu", rv); + return rv; +} + +/** + * p11_kit_module_initialize: + * @module: the module to initialize + * + * Initialize a PKCS\#11 module by calling its C_Initialize + * function. + * + * For managed modules the C_Initialize function + * is overridden so that multiple callers can initialize the same + * modules. In addition for managed modules multiple callers can + * initialize from different threads, and still guarantee consistent + * thread-safe behavior. + * + * For unmanaged modules if multiple callers try to initialize + * a module, then one of the calls will return + * CKR_CRYPTOKI_ALREADY_INITIALIZED according to the + * PKCS\#11 specification. In addition there are no guarantees that + * thread-safe behavior will occur if multiple callers initialize from + * different threads. + * + * This function does not accept a CK_C_INITIALIZE_ARGS argument. + * Custom initialization arguments cannot be supported when multiple consumers + * load the same module. + * + * Returns: CKR_OK or a failure code + */ +CK_RV +p11_kit_module_initialize (CK_FUNCTION_LIST *module) +{ + char *name; + CK_RV rv; + + return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); + + rv = module->C_Initialize (NULL); + if (rv != CKR_OK) { + name = p11_kit_module_get_name (module); + p11_message ("%s: module failed to initialize: %s", + name ? name : "(unknown)", p11_kit_strerror (rv)); + free (name); + } + + return rv; +} + +/** + * p11_kit_module_finalize: + * @module: the module to finalize + * + * Finalize a PKCS\#11 module by calling its C_Finalize + * function. + * + * For managed modules the C_Finalize function + * is overridden so that multiple callers can finalize the same + * modules. In addition for managed modules multiple callers can + * finalize from different threads, and still guarantee consistent + * thread-safe behavior. + * + * For unmanaged modules if multiple callers try to finalize + * a module, then one of the calls will return + * CKR_CRYPTOKI_NOT_INITIALIZED according to the + * PKCS\#11 specification. In addition there are no guarantees that + * thread-safe behavior will occur if multiple callers finalize from + * different threads. + * + * Returns: CKR_OK or a failure code + */ +CK_RV +p11_kit_module_finalize (CK_FUNCTION_LIST *module) +{ + char *name; + CK_RV rv; + + return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); + + rv = module->C_Finalize (NULL); + if (rv != CKR_OK) { + name = p11_kit_module_get_name (module); + p11_message ("%s: module failed to finalize: %s", + name ? name : "(unknown)", p11_kit_strerror (rv)); + free (name); + } + + return rv; + +} + + +/** + * p11_kit_module_release: + * @module: the module to release + * + * Release the a loaded PKCS\#11 modules. + * + * The module may be either managed or unmanaged. The C_Finalize + * function will be called if no other callers are using this module. + */ +void +p11_kit_module_release (CK_FUNCTION_LIST *module) +{ + return_if_fail (module != NULL); + + p11_library_init_once (); + + /* WARNING: This function must be reentrant for the same arguments */ + p11_debug ("in"); + + p11_lock (); + + p11_message_clear (); + + release_module_inlock_rentrant (module, __PRETTY_FUNCTION__); + + p11_unlock (); + + p11_debug ("out"); +} + +CK_RV +p11_module_release_inlock_reentrant (CK_FUNCTION_LIST *module) +{ + return release_module_inlock_rentrant (module, __PRETTY_FUNCTION__); +} + +/** + * p11_kit_load_initialize_module: + * @module_path: full file path of module library + * @module: location to place loaded module pointer + * + * Load an arbitrary PKCS\#11 module from a dynamic library file, and + * initialize it. Normally using the p11_kit_initialize_registered() function + * is preferred. + * + * Using this function to load and initialize modules allows coordination between + * multiple users of the same module in a single process. The caller should not + * call the module's C_Initialize method. This function will call + * C_Initialize as necessary. + * + * If a module has already been loaded, then use of this function is unnecesasry. + * Instead use the p11_kit_initialize_module() function to initialize it. + * + * Subsequent calls to this function for the same module will result in an + * initialization count being incremented for the module. It is safe (although + * usually unnecessary) to use this function on registered modules. + * + * The module must be finalized with p11_kit_finalize_module() instead of + * calling its C_Finalize method directly. + * + * This function does not accept a CK_C_INITIALIZE_ARGS argument. + * Custom initialization arguments cannot be supported when multiple consumers + * load the same module. + * + * If this function fails, then an error message will be available via the + * p11_kit_message() function. + * + * Deprecated: Since 0.19.0: Use p11_kit_module_load() instead. + * + * Returns: CKR_OK if the initialization was successful. + */ +CK_RV +p11_kit_load_initialize_module (const char *module_path, + CK_FUNCTION_LIST_PTR_PTR module) +{ + Module *mod; + CK_RV rv = CKR_OK; + + return_val_if_fail (module_path != NULL, CKR_ARGUMENTS_BAD); + return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD); + + p11_library_init_once (); + + /* WARNING: This function must be reentrant for the same arguments */ + p11_debug ("in: %s", module_path); + + p11_lock (); + + p11_message_clear (); + + rv = init_globals_unlocked (); + if (rv == CKR_OK) { + + rv = load_module_from_file_inlock (NULL, module_path, &mod); + if (rv == CKR_OK) { + + /* WARNING: Reentrancy can occur here */ + rv = initialize_module_inlock_reentrant (mod, NULL); + } + } + + if (rv == CKR_OK) { + *module = unmanaged_for_module_inlock (mod); + assert (*module != NULL); + } + + /* + * If initialization failed, we may need to cleanup. + * If we added this module above, then this will + * clean things up as expected. + */ + if (rv != CKR_OK) + free_modules_when_no_refs_unlocked (); + + _p11_kit_default_message (rv); + + p11_unlock (); + + p11_debug ("out: %lu", rv); + return rv; +} diff --git a/p11-kit/modules.h b/p11-kit/modules.h new file mode 100644 index 0000000..ca8dac3 --- /dev/null +++ b/p11-kit/modules.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_MODULES_H__ +#define __P11_MODULES_H__ + +#include "pkcs11.h" + +CK_RV p11_modules_load_inlock_reentrant (int flags, + CK_FUNCTION_LIST_PTR **results); + +CK_RV p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST_PTR *modules); + +CK_RV p11_module_load_inlock_reentrant (CK_FUNCTION_LIST_PTR module, + int flags, + CK_FUNCTION_LIST_PTR *result); + +CK_RV p11_module_release_inlock_reentrant (CK_FUNCTION_LIST_PTR module); + +#endif /* __P11_MODULES_H__ */ diff --git a/p11-kit/p11-kit-1.pc.in b/p11-kit/p11-kit-1.pc.in new file mode 100644 index 0000000..392b8ea --- /dev/null +++ b/p11-kit/p11-kit-1.pc.in @@ -0,0 +1,23 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +datarootdir=@datarootdir@ +datadir=@datadir@ +pkgdatadir=@datadir@/p11-kit +sysconfdir=@sysconfdir@ +p11_module_configs=@p11_package_config_modules@ +p11_module_path=@p11_module_path@ +p11_trust_paths=@with_trust_paths@ +proxy_module=@libdir@/p11-kit-proxy.so + +# This is for compatibility. Other packages were using this to determine +# the directory they should install their module configs to, so override +# this and redirect them to the new location +p11_system_config_modules=@p11_package_config_modules@ + +Name: p11-kit +Description: Library and proxy module for properly loading and sharing PKCS#11 modules. +Version: @VERSION@ +Libs: -L${libdir} -lp11-kit +Cflags: -I${includedir}/p11-kit-1 diff --git a/p11-kit/p11-kit-server.service.in b/p11-kit/p11-kit-server.service.in new file mode 100644 index 0000000..975111e --- /dev/null +++ b/p11-kit/p11-kit-server.service.in @@ -0,0 +1,15 @@ +[Unit] +Description=p11-kit server +Documentation=man:p11-kit(8) + +Requires=p11-kit-server.socket + +[Service] +Type=simple +StandardError=journal +ExecStart=@bindir@/p11-kit server -f -n %t/p11-kit/pkcs11 pkcs11: +Restart=on-failure + +[Install] +Also=p11-kit-server.socket +WantedBy=default.target diff --git a/p11-kit/p11-kit-server.socket b/p11-kit/p11-kit-server.socket new file mode 100644 index 0000000..31a3d4c --- /dev/null +++ b/p11-kit/p11-kit-server.socket @@ -0,0 +1,11 @@ +[Unit] +Description=p11-kit server + +[Socket] +Priority=6 +Backlog=5 +ListenStream=%t/p11-kit/pkcs11 +SocketMode=0600 + +[Install] +WantedBy=sockets.target diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c new file mode 100644 index 0000000..37ffc79 --- /dev/null +++ b/p11-kit/p11-kit.c @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "path.h" +#include "p11-kit.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "tool.h" + +int p11_kit_list_modules (int argc, + char *argv[]); + +int p11_kit_trust (int argc, + char *argv[]); + +int p11_kit_external (int argc, + char *argv[]); + +static const p11_tool_command commands[] = { + { "list-modules", p11_kit_list_modules, "List modules and tokens" }, + { "remote", p11_kit_external, "Run a specific PKCS#11 module remotely" }, + { "server", p11_kit_external, "Run a server process that exposes PKCS#11 module remotely" }, + { P11_TOOL_FALLBACK, p11_kit_external, NULL }, + { 0, } +}; + +int +p11_kit_trust (int argc, + char *argv[]) +{ + char **args; + + args = calloc (argc + 2, sizeof (char *)); + return_val_if_fail (args != NULL, 1); + + args[0] = BINDIR "/trust"; + memcpy (args + 1, argv, sizeof (char *) * argc); + args[argc + 1] = NULL; + + execv (args[0], args); + + /* At this point we have no command */ + p11_message_err (errno, "couldn't run trust tool"); + + free (args); + return 2; +} + +int +p11_kit_external (int argc, + char *argv[]) +{ + const char *private_dir; + char *filename; + char *path; + + /* These are trust commands, send them to that tool */ + if (strcmp (argv[0], "extract") == 0) { + return p11_kit_trust (argc, argv); + } else if (strcmp (argv[0], "extract-trust") == 0) { + argv[0] = "extract-compat"; + return p11_kit_trust (argc, argv); + } + + if (asprintf (&filename, "p11-kit-%s%s", argv[0], EXEEXT) < 0) + return_val_if_reached (1); + + private_dir = secure_getenv ("P11_KIT_PRIVATEDIR"); + if (!private_dir || !private_dir[0]) + private_dir = PRIVATEDIR; + + /* Add our libexec directory to the path */ + path = p11_path_build (private_dir, filename, NULL); + return_val_if_fail (path != NULL, 1); + + /* Windows execv() requires the first element of ARGV must be + * the executable name */ +#ifdef OS_WIN32 + argv[0] = path; +#endif + argv[argc] = NULL; + execv (path, argv); + + /* At this point we have no command */ + p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); + + free (filename); + free (path); + return 2; +} + +int +main (int argc, + char *argv[]) +{ + return p11_tool_main (argc, argv, commands); +} diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h new file mode 100644 index 0000000..cc89595 --- /dev/null +++ b/p11-kit/p11-kit.h @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_KIT_H__ +#define __P11_KIT_H__ + +#include "p11-kit/pkcs11.h" + +/* + * If the caller is using the PKCS#11 GNU calling convention, then we cater + * to that here. + */ +#ifdef CRYPTOKI_GNU +typedef ck_rv_t CK_RV; +typedef struct ck_function_list* CK_FUNCTION_LIST_PTR; +typedef struct ck_function_list CK_FUNCTION_LIST; +#endif + +#include "p11-kit/deprecated.h" + +#ifdef __cplusplus +extern "C" { +#endif + +enum { + P11_KIT_MODULE_UNMANAGED = 1 << 0, + P11_KIT_MODULE_CRITICAL = 1 << 1, + P11_KIT_MODULE_TRUSTED = 1 << 2, + P11_KIT_MODULE_VERBOSE = 1 << 3, + P11_KIT_MODULE_MASK = (1 << 4) - 1 +}; + +typedef void (* p11_kit_destroyer) (void *data); + +CK_FUNCTION_LIST ** p11_kit_modules_load (const char *reserved, + int flags); + +CK_RV p11_kit_modules_initialize (CK_FUNCTION_LIST **modules, + p11_kit_destroyer failure_callback); + +CK_FUNCTION_LIST ** p11_kit_modules_load_and_initialize (int flags); + +CK_RV p11_kit_modules_finalize (CK_FUNCTION_LIST **modules); + +void p11_kit_modules_release (CK_FUNCTION_LIST **modules); + +void p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules); + +CK_FUNCTION_LIST * p11_kit_module_for_name (CK_FUNCTION_LIST **modules, + const char *name); + +char * p11_kit_module_get_filename (CK_FUNCTION_LIST *module); +char * p11_kit_module_get_name (CK_FUNCTION_LIST *module); + +int p11_kit_module_get_flags (CK_FUNCTION_LIST *module); + +CK_FUNCTION_LIST * p11_kit_module_load (const char *module_path, + int flags); + +CK_RV p11_kit_module_initialize (CK_FUNCTION_LIST *module); + +CK_RV p11_kit_module_finalize (CK_FUNCTION_LIST *module); + +void p11_kit_module_release (CK_FUNCTION_LIST *module); + +char * p11_kit_config_option (CK_FUNCTION_LIST *module, + const char *option); + +const char* p11_kit_strerror (CK_RV rv); + +size_t p11_kit_space_strlen (const unsigned char *string, + size_t max_length); + +char* p11_kit_space_strdup (const unsigned char *string, + size_t max_length); + +void p11_kit_be_quiet (void); + +void p11_kit_be_loud (void); + +#ifdef P11_KIT_FUTURE_UNSTABLE_API + +void p11_kit_set_progname (const char *progname); + +void p11_kit_override_system_files (const char *system_conf, + const char *user_conf, + const char *package_modules, + const char *system_modules, + const char *user_modules); +#endif + +const char * p11_kit_message (void); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* __P11_KIT_H__ */ diff --git a/p11-kit/p11-module.def b/p11-kit/p11-module.def new file mode 100644 index 0000000..c4a8158 --- /dev/null +++ b/p11-kit/p11-module.def @@ -0,0 +1,2 @@ +EXPORTS +C_GetFunctionList diff --git a/p11-kit/p11-module.map b/p11-kit/p11-module.map new file mode 100644 index 0000000..8b9c384 --- /dev/null +++ b/p11-kit/p11-module.map @@ -0,0 +1,6 @@ +{ + global: + C_GetFunctionList; + local: + *; +}; diff --git a/p11-kit/pin.c b/p11-kit/pin.c new file mode 100644 index 0000000..2fca6bc --- /dev/null +++ b/p11-kit/pin.c @@ -0,0 +1,704 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_PIN +#include "debug.h" +#include "dict.h" +#include "library.h" +#include "message.h" +#include "pkcs11.h" +#include "p11-kit.h" +#include "pin.h" +#include "private.h" +#include "array.h" + +#include +#include +#include +#include +#include +#include + +/** + * SECTION:p11-kit-pin + * @title: PIN Callbacks + * @short_description: PIN Callbacks + * + * Applications can register a callback which will be called to provide a + * password associated with a given pin source. + * + * PKCS\#11 URIs can contain a 'pin-source' attribute. The value of this attribute + * is application dependent, but often references a file containing a PIN to + * use. + * + * Using these functions, an applications or libraries can register a + * callback with p11_kit_pin_register_callback() to be called when a given + * 'pin-source' attribute value is requested. The application can then prompt + * the user or retrieve a PIN for the given context. These registered + * callbacks are only relevant and valid within the current process. + * + * A fallback callback can be registered by passing the %P11_KIT_PIN_FALLBACK + * value to p11_kit_pin_register_callback(). This fallback callback will be + * called for every 'pin-source' attribute request for which no callback has been + * directly registered. + * + * To request a PIN for a given 'pin-source' attribute, use the + * p11_kit_pin_request() function. If this function returns %NULL then either + * no callbacks were registered or none of them could handle the request. + * + * If multiple callbacks are registered for the same PIN source, then they are + * called in last-registered-first-called order. They are called in turn until + * one of them can handle the request. Fallback callbacks are not called if + * a callback was registered specifically for a requested 'pin-source' attribute. + * + * PINs themselves are handled inside of P11KitPin structures. These are thread + * safe and allow the callback to specify how the PIN is stored in memory + * and freed. A callback can use p11_kit_pin_new_for_string() or related + * functions to create a PIN to be returned. + * + * For example in order to handle the following PKCS\#11 URI with a 'pin-source' + * attribute + * + * + * pkcs11:id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91;pin-source=my-application + * + * + * an application could register a callback like this: + * + * + * static P11KitPin* + * my_application_pin_callback (const char *pin_source, P11KitUri *pin_uri, + * const char *pin_description, P11KitPinFlags pin_flags, + * void *callback_data) + * { + * return p11_kit_pin_new_from_string ("pin-value"); + * } + * + * p11_kit_pin_register_callback ("my-application", my_application_pin_callback, + * NULL, NULL); + * + */ + +/** + * P11KitPinFlags: + * @P11_KIT_PIN_FLAGS_USER_LOGIN: The PIN is for a PKCS\#11 user type login. + * @P11_KIT_PIN_FLAGS_SO_LOGIN: The PIN is for a PKCS\#11 security officer type login. + * @P11_KIT_PIN_FLAGS_CONTEXT_LOGIN: The PIN is for a PKCS\#11 contect specific type login. + * @P11_KIT_PIN_FLAGS_RETRY: The PIN is being requested again, due to an invalid previous PIN. + * @P11_KIT_PIN_FLAGS_MANY_TRIES: The PIN has failed too many times, and few tries are left. + * @P11_KIT_PIN_FLAGS_FINAL_TRY: The PIN has failed too many times, and this is the last try. + * + * Flags that are passed to p11_kit_pin_request() and registered callbacks. + */ + +/** + * P11_KIT_PIN_FALLBACK: + * + * Used with p11_kit_pin_register_callback() to register a fallback callback. + * This callback will be called if no other callback is registered for a 'pin-source'. + */ + +typedef struct _PinCallback { + /* Only used/modified within the lock */ + int refs; + + /* Readonly after construct */ + p11_kit_pin_callback func; + void *user_data; + p11_kit_pin_destroy_func destroy; +} PinCallback; + +/* + * Shared data between threads, protected by the mutex, a structure so + * we can audit thread safety easier. + */ +static struct _Shared { + p11_dict *pin_sources; +} gl = { NULL }; + +static void* +ref_pin_callback (void *pointer) +{ + PinCallback *cb = pointer; + cb->refs++; + return pointer; +} + +static void +unref_pin_callback (void *pointer) +{ + PinCallback *cb = pointer; + assert (cb->refs >= 1); + + cb->refs--; + if (cb->refs == 0) { + if (cb->destroy) + (cb->destroy) (cb->user_data); + free (cb); + } +} + +static bool +register_callback_unlocked (const char *pin_source, + PinCallback *cb) +{ + p11_array *callbacks = NULL; + char *name; + + name = strdup (pin_source); + return_val_if_fail (name != NULL, false); + + if (gl.pin_sources == NULL) { + gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, + free, (p11_destroyer)p11_array_free); + return_val_if_fail (gl.pin_sources != NULL, false); + } + + if (gl.pin_sources != NULL) + callbacks = p11_dict_get (gl.pin_sources, name); + + if (callbacks == NULL) { + callbacks = p11_array_new (unref_pin_callback); + return_val_if_fail (callbacks != NULL, false); + if (!p11_dict_set (gl.pin_sources, name, callbacks)) + return_val_if_reached (false); + name = NULL; + } + + if (!p11_array_push (callbacks, cb)) + return_val_if_reached (false); + + free (name); + return true; +} + +/** + * p11_kit_pin_register_callback: + * @pin_source: the 'pin-source' attribute this this callback is for + * @callback: the callback function + * @callback_data: data that will be passed to the callback + * @callback_destroy: a function that will be called with @callback_data when + * the callback is unregistered. + * + * Register a callback to handle PIN requests for a given 'pin-source' attribute. + * If @pin_source is set to P11_KIT_PIN_FALLBACK then this will be a fallback + * callback and will be called for requests for which no other callback has + * been specifically registered. + * + * If multiple callbacks are registered for the same @pin_source value, then + * the last registered callback will be the first to be called. + * + * Returns: Returns negative if registering fails. + */ +int +p11_kit_pin_register_callback (const char *pin_source, + p11_kit_pin_callback callback, + void *callback_data, + p11_kit_pin_destroy_func callback_destroy) +{ + PinCallback *cb; + bool ret; + + return_val_if_fail (pin_source != NULL, -1); + return_val_if_fail (callback != NULL, -1); + + cb = calloc (1, sizeof (PinCallback)); + return_val_if_fail (cb != NULL, -1); + + cb->refs = 1; + cb->func = callback; + cb->user_data = callback_data; + cb->destroy = callback_destroy; + + p11_lock (); + + ret = register_callback_unlocked (pin_source, cb); + + p11_unlock (); + + return ret ? 0 : -1; +} + +/** + * p11_kit_pin_unregister_callback: + * @pin_source: the 'pin-source' attribute the callback was registered for + * @callback: the callback function that was registered + * @callback_data: data that was registered for the callback + * + * Unregister a callback that was previously registered with the + * p11_kit_pin_register_callback() function. If more than one registered + * callback matches the given arguments, then only one of those will be + * removed. + */ +void +p11_kit_pin_unregister_callback (const char *pin_source, + p11_kit_pin_callback callback, + void *callback_data) +{ + PinCallback *cb; + p11_array *callbacks; + unsigned int i; + + return_if_fail (pin_source != NULL); + return_if_fail (callback != NULL); + + p11_lock (); + + if (gl.pin_sources) { + callbacks = p11_dict_get (gl.pin_sources, pin_source); + if (callbacks) { + for (i = 0; i < callbacks->num; i++) { + cb = callbacks->elem[i]; + if (cb->func == callback && cb->user_data == callback_data) { + p11_array_remove (callbacks, i); + break; + } + } + + if (callbacks->num == 0) + p11_dict_remove (gl.pin_sources, pin_source); + } + + /* When there are no more pin sources, get rid of the hash table */ + if (p11_dict_size (gl.pin_sources) == 0) { + p11_dict_free (gl.pin_sources); + gl.pin_sources = NULL; + } + } + + p11_unlock (); +} + +/** + * p11_kit_pin_request: + * @pin_source: the 'pin-source' attribute that is being requested + * @pin_uri: a PKCS\#11 URI that the PIN is being requested for, optionally %NULL. + * @pin_description: a description of what the PIN is for, must not be %NULL. + * @pin_flags: various flags for this request + * + * Request a PIN for a given 'pin-source' attribute. The result depends on the + * registered callbacks. + * + * If not %NULL, then the @pin_uri attribute should point to the thing that the + * PIN is being requested for. In most use cases this should be a PKCS\#11 URI + * pointing to a token. + * + * The @pin_description should always be specified. It is a string describing + * what the PIN is for. For example this would be the token label, if the PIN + * is for a token. + * + * If more than one callback is registered for the @pin_source, then the latest + * registered one will be called first. If that callback does not return a + * PIN, then the next will be called in turn. + * + * If no callback is registered for @pin_source, then the fallback callbacks will + * be invoked in the same way. The fallback callbacks will not be called if any + * callback has been registered specifically for @pin_source. + * + * The PIN returned should be released with p11_kit_pin_unref(). + * + * Returns: the PIN which should be released with p11_kit_pin_unref(), or %NULL + * if no callback was registered or could proivde a PIN + */ +P11KitPin * +p11_kit_pin_request (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags) +{ + PinCallback **snapshot = NULL; + unsigned int snapshot_count = 0; + p11_array *callbacks; + P11KitPin *pin; + unsigned int i; + + return_val_if_fail (pin_source != NULL, NULL); + + p11_lock (); + + /* Find and ref the pin source data */ + if (gl.pin_sources) { + callbacks = p11_dict_get (gl.pin_sources, pin_source); + + /* If we didn't find any snapshots try the global ones */ + if (callbacks == NULL) + callbacks = p11_dict_get (gl.pin_sources, P11_KIT_PIN_FALLBACK); + + if (callbacks != NULL && callbacks->num) { + snapshot = memdup (callbacks->elem, sizeof (void *) * callbacks->num); + snapshot_count = callbacks->num; + for (i = 0; snapshot && i < snapshot_count; i++) + ref_pin_callback (snapshot[i]); + } + } + + p11_unlock (); + + if (snapshot == NULL) + return NULL; + + for (pin = NULL, i = snapshot_count; pin == NULL && i > 0; i--) { + pin = (snapshot[i - 1]->func) (pin_source, pin_uri, pin_description, pin_flags, + snapshot[i - 1]->user_data); + } + + p11_lock (); + for (i = 0; i < snapshot_count; i++) + unref_pin_callback (snapshot[i]); + free (snapshot); + p11_unlock (); + + return pin; +} + +/** + * p11_kit_pin_callback: + * @pin_source: a 'pin-source' attribute string + * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL + * @pin_description: a descrption of what the PIN is for + * @pin_flags: flags describing the PIN request + * @callback_data: data that was provided when registering this callback + * + * Represents a PIN callback function. + * + * The various arguments are the same as the ones passed to + * p11_kit_pin_request(). The @callback_data argument was the one passed to + * p11_kit_pin_register_callback() when registering this callback. + * + * The function should return %NULL if it could not provide a PIN, either + * because of an error or a user cancellation. + * + * If a PIN is returned, it will be unreferenced by the caller. So it should be + * either newly allocated, or referenced before returning. + * + * Returns: A PIN or %NULL + */ + +/** + * p11_kit_pin_destroy_func: + * @data: the data to destroy + * + * A function called to free or cleanup @data. + */ + +/** + * p11_kit_pin_file_callback: + * @pin_source: a 'pin-source' attribute string + * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL + * @pin_description: a descrption of what the PIN is for + * @pin_flags: flags describing the PIN request + * @callback_data: unused, should be %NULL + * + * This is a PIN callback function that looks up the 'pin-source' attribute in + * a file with that name. This can be used to enable the normal PKCS\#11 URI + * behavior described in the RFC. + * + * If @pin_flags contains the %P11_KIT_PIN_FLAGS_RETRY flag, then this + * callback will always return %NULL. This is to prevent endless loops + * where an application is expecting to interact with a prompter, but + * instead is interacting with this callback reading a file over and over. + * + * This callback fails on files larger than 4 Kilobytes. + * + * This callback is not registered by default. It may have security + * implications depending on the source of the PKCS\#11 URI and the PKCS\#11 + * in use. To register it, use code like the following: + * + * + * p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + * NULL, NULL); + * + * + * Returns: a referenced PIN with the file contents, or %NULL if the file + * could not be read + */ +P11KitPin * +p11_kit_pin_file_callback (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data) +{ + const size_t block = 1024; + unsigned char *buffer; + unsigned char *memory; + size_t used, allocated; + int error = 0; + int fd; + int res; + + return_val_if_fail (pin_source != NULL, NULL); + + /* We don't support retries */ + if (pin_flags & P11_KIT_PIN_FLAGS_RETRY) + return NULL; + + fd = open (pin_source, O_BINARY | O_RDONLY | O_CLOEXEC); + if (fd == -1) + return NULL; + + buffer = NULL; + used = 0; + allocated = 0; + + for (;;) { + if (used + block > 4096) { + error = EFBIG; + break; + } + if (used + block > allocated) { + memory = realloc (buffer, used + block); + if (memory == NULL) { + error = ENOMEM; + break; + } + buffer = memory; + allocated = used + block; + } + + res = read (fd, buffer + used, allocated - used); + if (res < 0) { + if (errno == EAGAIN) + continue; + error = errno; + break; + } else if (res == 0) { + break; + } else { + used += res; + } + } + + close (fd); + + if (error != 0) { + free (buffer); + errno = error; + return NULL; + } + + return p11_kit_pin_new_for_buffer (buffer, used, free); +} + +/** + * P11KitPin: + * + * A structure representing a PKCS\#11 PIN. There are no public fields + * visible in this structure. Use the various accessor functions. + */ +struct p11_kit_pin { + int ref_count; + unsigned char *buffer; + size_t length; + p11_kit_pin_destroy_func destroy; +}; + +/** + * p11_kit_pin_new: + * @value: the value of the PIN + * @length: the length of @value + * + * Create a new P11KitPin with the given PIN value. This function is + * usually used from within registered PIN callbacks. + * + * Exactly @length bytes from @value are used. Null terminated strings, + * or encodings are not considered. A copy of the @value will be made. + * + * Returns: The newly allocated P11KitPin, which should be freed with + * p11_kit_pin_unref() when no longer needed. + */ +P11KitPin * +p11_kit_pin_new (const unsigned char *value, size_t length) +{ + unsigned char *copy; + P11KitPin *pin; + + copy = malloc (length); + return_val_if_fail (copy != NULL, NULL); + + memcpy (copy, value, length); + pin = p11_kit_pin_new_for_buffer (copy, length, free); + return_val_if_fail (pin != NULL, NULL); + + return pin; +} + +/** + * p11_kit_pin_new_for_string: + * @value: the value of the PIN + * + * Create a new P11KitPin for the given null-terminated string, such as a + * password. This function is usually used from within registered + * PIN callbacks. + * + * The PIN will consist of the string not including the null terminator. + * String encoding is not considered. A copy of the @value will be made. + * + * Returns: The newly allocated P11KitPin, which should be freed with + * p11_kit_pin_unref() when no longer needed. + */ +P11KitPin * +p11_kit_pin_new_for_string (const char *value) +{ + return p11_kit_pin_new ((const unsigned char *)value, strlen (value)); +} + +/** + * p11_kit_pin_new_for_buffer: + * @buffer: the value of the PIN + * @length: the length of @buffer + * @destroy: if not %NULL, then called when PIN is destroyed. + * + * Create a new P11KitPin which will use @buffer for the PIN value. + * This function is usually used from within registered PIN callbacks. + * + * The buffer will not be copied. String encodings and null characters + * are not considered. + * + * When the last reference to this PIN is lost, then the @destroy callback + * function will be called passing @buffer as an argument. This allows the + * caller to use a buffer as a PIN without copying it. + * + * + * char *buffer = malloc (128); + * P11KitPin *pin; + * .... + * pin = p11_kit_pin_new_for_buffer (buffer, 128, free); + * + * + * Returns: The newly allocated P11KitPin, which should be freed with + * p11_kit_pin_unref() when no longer needed. + */ +P11KitPin * +p11_kit_pin_new_for_buffer (unsigned char *buffer, size_t length, + p11_kit_pin_destroy_func destroy) +{ + P11KitPin *pin; + + pin = calloc (1, sizeof (P11KitPin)); + return_val_if_fail (pin != NULL, NULL); + + pin->ref_count = 1; + pin->buffer = buffer; + pin->length = length; + pin->destroy = destroy; + + return pin; +} + +/** + * p11_kit_pin_get_value: + * @pin: the P11KitPin + * @length: a location to return the value length + * + * Get the PIN value from a P11KitPin. @length will be set to the + * length of the value. + * + * The value returned is owned by the P11KitPin and should not be modified. + * It remains valid as long as a reference to the PIN is held. The PIN value + * will not contain an extra null-terminator character. + * + * Returns: the value for the PIN. + */ +const unsigned char * +p11_kit_pin_get_value (P11KitPin *pin, size_t *length) +{ + if (length) + *length = pin->length; + return pin->buffer; +} + +/** + * p11_kit_pin_get_length + * @pin: the P11KitPin + * + * Get the length of the PIN value from a P11KitPin. + * + * Returns: the length of the PIN value. + */ +size_t +p11_kit_pin_get_length (P11KitPin *pin) +{ + return pin->length; +} + +/** + * p11_kit_pin_ref: + * @pin: the P11KitPin + * + * Add a reference to a P11KitPin. This should be matched with a later call + * to p11_kit_pin_unref(). As long as at least one reference is held, the PIN + * will remain valid and in memory. + * + * Returns: the @pin pointer, for convenience sake. + */ +P11KitPin * +p11_kit_pin_ref (P11KitPin *pin) +{ + p11_lock (); + + pin->ref_count++; + + p11_unlock (); + + return pin; +} + +/** + * p11_kit_pin_unref: + * @pin: the P11KitPin + * + * Remove a reference from a P11KitPin. When all references have been removed + * then the PIN will be freed and will no longer be in memory. + */ +void +p11_kit_pin_unref (P11KitPin *pin) +{ + bool last = false; + + p11_lock (); + + last = (pin->ref_count == 1); + pin->ref_count--; + + p11_unlock (); + + if (last) { + if (pin->destroy) + (pin->destroy) (pin->buffer); + free (pin); + } +} diff --git a/p11-kit/pin.gnu.c b/p11-kit/pin.gnu.c new file mode 100644 index 0000000..6c88792 --- /dev/null +++ b/p11-kit/pin.gnu.c @@ -0,0 +1,124 @@ +/* DO NOT EDIT! GENERATED AUTOMATICALLY! */ + +#include +#include "p11-kit/p11-kit.h" +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_KIT_PIN_H +#define P11_KIT_PIN_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct p11_kit_pin P11KitPin; + +typedef enum { + P11_KIT_PIN_FLAGS_USER_LOGIN = 1<<0, + P11_KIT_PIN_FLAGS_SO_LOGIN = 1<<1, + P11_KIT_PIN_FLAGS_CONTEXT_LOGIN = 1<<2, + P11_KIT_PIN_FLAGS_RETRY = 1<<3, + P11_KIT_PIN_FLAGS_MANY_TRIES = 1<<4, + P11_KIT_PIN_FLAGS_FINAL_TRY = 1<<5 +} P11KitPinFlags; + +#define P11_KIT_PIN_FALLBACK "" + +typedef void (*p11_kit_pin_destroy_func) (void *data); + +P11KitPin* p11_kit_pin_new (const unsigned char *value, + size_t length); + +P11KitPin* p11_kit_pin_new_for_string (const char *value); + +P11KitPin* p11_kit_pin_new_for_buffer (unsigned char *buffer, + size_t length, + p11_kit_pin_destroy_func destroy); + +P11KitPin* p11_kit_pin_ref (P11KitPin *pin); + +void p11_kit_pin_unref (P11KitPin *pin); + +const unsigned char * p11_kit_pin_get_value (P11KitPin *pin, + size_t *length); + +size_t p11_kit_pin_get_length (P11KitPin *pin); + +typedef P11KitPin* (*p11_kit_pin_callback) (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data); + +int p11_kit_pin_register_callback (const char *pin_source, + p11_kit_pin_callback callback, + void *callback_data, + p11_kit_pin_destroy_func callback_destroy); + +void p11_kit_pin_unregister_callback (const char *pin_source, + p11_kit_pin_callback callback, + void *callback_data); + +P11KitPin* p11_kit_pin_request (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags); + +P11KitPin* p11_kit_pin_file_callback (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* P11_KIT_URI_H */ +void *p11_kit_pin_gnu_c_funcs[] = { + p11_kit_pin_new, + p11_kit_pin_new_for_string, + p11_kit_pin_new_for_buffer, + p11_kit_pin_ref, + p11_kit_pin_unref, + p11_kit_pin_get_value, + p11_kit_pin_get_length, + p11_kit_pin_register_callback, + p11_kit_pin_unregister_callback, + p11_kit_pin_request, + p11_kit_pin_file_callback, +}; diff --git a/p11-kit/pin.h b/p11-kit/pin.h new file mode 100644 index 0000000..3b6806d --- /dev/null +++ b/p11-kit/pin.h @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_KIT_PIN_H +#define P11_KIT_PIN_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct p11_kit_pin P11KitPin; + +typedef enum { + P11_KIT_PIN_FLAGS_USER_LOGIN = 1<<0, + P11_KIT_PIN_FLAGS_SO_LOGIN = 1<<1, + P11_KIT_PIN_FLAGS_CONTEXT_LOGIN = 1<<2, + P11_KIT_PIN_FLAGS_RETRY = 1<<3, + P11_KIT_PIN_FLAGS_MANY_TRIES = 1<<4, + P11_KIT_PIN_FLAGS_FINAL_TRY = 1<<5 +} P11KitPinFlags; + +#define P11_KIT_PIN_FALLBACK "" + +typedef void (*p11_kit_pin_destroy_func) (void *data); + +P11KitPin* p11_kit_pin_new (const unsigned char *value, + size_t length); + +P11KitPin* p11_kit_pin_new_for_string (const char *value); + +P11KitPin* p11_kit_pin_new_for_buffer (unsigned char *buffer, + size_t length, + p11_kit_pin_destroy_func destroy); + +P11KitPin* p11_kit_pin_ref (P11KitPin *pin); + +void p11_kit_pin_unref (P11KitPin *pin); + +const unsigned char * p11_kit_pin_get_value (P11KitPin *pin, + size_t *length); + +size_t p11_kit_pin_get_length (P11KitPin *pin); + +typedef P11KitPin* (*p11_kit_pin_callback) (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data); + +int p11_kit_pin_register_callback (const char *pin_source, + p11_kit_pin_callback callback, + void *callback_data, + p11_kit_pin_destroy_func callback_destroy); + +void p11_kit_pin_unregister_callback (const char *pin_source, + p11_kit_pin_callback callback, + void *callback_data); + +P11KitPin* p11_kit_pin_request (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags); + +P11KitPin* p11_kit_pin_file_callback (const char *pin_source, + P11KitUri *pin_uri, + const char *pin_description, + P11KitPinFlags pin_flags, + void *callback_data); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* P11_KIT_URI_H */ diff --git a/p11-kit/pkcs11-gnu.c b/p11-kit/pkcs11-gnu.c new file mode 100644 index 0000000..86d9374 --- /dev/null +++ b/p11-kit/pkcs11-gnu.c @@ -0,0 +1,3 @@ +#include "pkcs11-gnu-iter.h" +#include "pkcs11-gnu-pin.h" +#include "pkcs11-gnu-uri.h" diff --git a/p11-kit/pkcs11.conf.example.in b/p11-kit/pkcs11.conf.example.in new file mode 100644 index 0000000..96d0a08 --- /dev/null +++ b/p11-kit/pkcs11.conf.example.in @@ -0,0 +1,9 @@ +# This is an example @p11_system_config_file@ file. Copy it into +# place before use. + +# This setting controls whether to load user configuration from the +# @p11_user_config@ directory. Possible values: +# none: No user configuration +# merge: Merge the user config over the system configuration (default) +# only: Only user configuration, ignore system configuration +user-config: merge diff --git a/p11-kit/pkcs11.h b/p11-kit/pkcs11.h new file mode 100644 index 0000000..245f379 --- /dev/null +++ b/p11-kit/pkcs11.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2012 Red Hat, Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +/* + * This is so that we can use the path in our installed + * headers, but still have the actual file live in our common/ subdirectory. + */ + +#include "common/pkcs11.h" diff --git a/p11-kit/print-messages.c b/p11-kit/print-messages.c new file mode 100644 index 0000000..5870ad1 --- /dev/null +++ b/p11-kit/print-messages.c @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met); + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include +#include +#include +#include + +#include "p11-kit.h" + +int +main (int argc, char *argv[]) +{ + if (argc != 1) { + fprintf (stderr, "usage: print-messages\n"); + exit (2); + } + + #define X(x) printf ("%s: %s\n", #x, p11_kit_strerror (x)) + X(CKR_CANCEL); + X(CKR_FUNCTION_CANCELED); + X(CKR_HOST_MEMORY); + X(CKR_SLOT_ID_INVALID); + X(CKR_GENERAL_ERROR); + X(CKR_FUNCTION_FAILED); + X(CKR_ARGUMENTS_BAD); + X(CKR_NEED_TO_CREATE_THREADS); + X(CKR_CANT_LOCK); + X(CKR_ATTRIBUTE_READ_ONLY); + X(CKR_ATTRIBUTE_SENSITIVE); + X(CKR_ATTRIBUTE_TYPE_INVALID); + X(CKR_ATTRIBUTE_VALUE_INVALID); + X(CKR_DATA_INVALID); + X(CKR_DATA_LEN_RANGE); + X(CKR_DEVICE_ERROR); + X(CKR_DEVICE_MEMORY); + X(CKR_DEVICE_REMOVED); + X(CKR_ENCRYPTED_DATA_INVALID); + X(CKR_ENCRYPTED_DATA_LEN_RANGE); + X(CKR_FUNCTION_NOT_SUPPORTED); + X(CKR_KEY_HANDLE_INVALID); + X(CKR_KEY_SIZE_RANGE); + X(CKR_KEY_TYPE_INCONSISTENT); + X(CKR_KEY_NOT_NEEDED); + X(CKR_KEY_CHANGED); + X(CKR_KEY_NEEDED); + X(CKR_KEY_INDIGESTIBLE); + X(CKR_KEY_FUNCTION_NOT_PERMITTED); + X(CKR_KEY_NOT_WRAPPABLE); + X(CKR_KEY_UNEXTRACTABLE); + X(CKR_MECHANISM_INVALID); + X(CKR_MECHANISM_PARAM_INVALID); + X(CKR_OBJECT_HANDLE_INVALID); + X(CKR_OPERATION_ACTIVE); + X(CKR_OPERATION_NOT_INITIALIZED); + X(CKR_PIN_INCORRECT); + X(CKR_PIN_INVALID); + X(CKR_PIN_LEN_RANGE); + X(CKR_PIN_EXPIRED); + X(CKR_PIN_LOCKED); + X(CKR_SESSION_CLOSED); + X(CKR_SESSION_COUNT); + X(CKR_SESSION_HANDLE_INVALID); + X(CKR_SESSION_READ_ONLY); + X(CKR_SESSION_EXISTS); + X(CKR_SESSION_READ_ONLY_EXISTS); + X(CKR_SESSION_READ_WRITE_SO_EXISTS); + X(CKR_SIGNATURE_INVALID); + X(CKR_SIGNATURE_LEN_RANGE); + X(CKR_TEMPLATE_INCOMPLETE); + X(CKR_TEMPLATE_INCONSISTENT); + X(CKR_TOKEN_NOT_PRESENT); + X(CKR_TOKEN_NOT_RECOGNIZED); + X(CKR_TOKEN_WRITE_PROTECTED); + X(CKR_UNWRAPPING_KEY_HANDLE_INVALID); + X(CKR_UNWRAPPING_KEY_SIZE_RANGE); + X(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT); + X(CKR_USER_ALREADY_LOGGED_IN); + X(CKR_USER_NOT_LOGGED_IN); + X(CKR_USER_PIN_NOT_INITIALIZED); + X(CKR_USER_TYPE_INVALID); + X(CKR_USER_ANOTHER_ALREADY_LOGGED_IN); + X(CKR_USER_TOO_MANY_TYPES); + X(CKR_WRAPPED_KEY_INVALID); + X(CKR_WRAPPED_KEY_LEN_RANGE); + X(CKR_WRAPPING_KEY_HANDLE_INVALID); + X(CKR_WRAPPING_KEY_SIZE_RANGE); + X(CKR_WRAPPING_KEY_TYPE_INCONSISTENT); + X(CKR_RANDOM_SEED_NOT_SUPPORTED); + X(CKR_RANDOM_NO_RNG); + X(CKR_DOMAIN_PARAMS_INVALID); + X(CKR_BUFFER_TOO_SMALL); + X(CKR_SAVED_STATE_INVALID); + X(CKR_INFORMATION_SENSITIVE); + X(CKR_STATE_UNSAVEABLE); + X(CKR_CRYPTOKI_NOT_INITIALIZED); + X(CKR_CRYPTOKI_ALREADY_INITIALIZED); + X(CKR_MUTEX_BAD); + X(CKR_MUTEX_NOT_LOCKED); + X(CKR_FUNCTION_REJECTED); + #undef X + + return 0; +} diff --git a/p11-kit/private.h b/p11-kit/private.h new file mode 100644 index 0000000..f8b258e --- /dev/null +++ b/p11-kit/private.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_KIT_PRIVATE_H__ +#define __P11_KIT_PRIVATE_H__ + +#include "compat.h" +#include "pkcs11.h" + +/* These are global variables to be overridden in tests */ +extern const char *p11_config_system_file; +extern const char *p11_config_user_file; +extern const char *p11_config_package_modules; +extern const char *p11_config_system_modules; +extern const char *p11_config_user_modules; + +/* These are flags used only internally */ +enum { + P11_KIT_MODULE_LOADED_FROM_PROXY = 1 << 16 +}; + +CK_RV _p11_load_config_files_unlocked (const char *system_conf, + const char *user_conf, + int *user_mode); + +void _p11_kit_default_message (CK_RV rv); + +const char * _p11_get_progname_unlocked (void); + +void _p11_set_progname_unlocked (const char *progname); + +int p11_match_uri_module_info (CK_INFO const *one, + CK_INFO const *two); + +int p11_match_uri_slot_info (CK_SLOT_INFO const *one, + CK_SLOT_INFO const *two); + +int p11_match_uri_token_info (CK_TOKEN_INFO const *one, + CK_TOKEN_INFO const *two); + +#endif /* __P11_KIT_PRIVATE_H__ */ diff --git a/p11-kit/proxy-init.c b/p11-kit/proxy-init.c new file mode 100644 index 0000000..b0b9550 --- /dev/null +++ b/p11-kit/proxy-init.c @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * Copyright (c) 2012 Stef Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "library.h" +#include "p11-kit.h" +#include "proxy.h" + +#define INIT _p11_kit_init +#define FINI _p11_kit_fini +#define CLEANUP p11_proxy_module_cleanup () +#include "init.h" diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c new file mode 100644 index 0000000..97c9b09 --- /dev/null +++ b/p11-kit/proxy.c @@ -0,0 +1,1860 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#define P11_DEBUG_FLAG P11_DEBUG_PROXY +#define CRYPTOKI_EXPORTS + +#include "debug.h" +#include "dict.h" +#include "library.h" +#include "message.h" +#include "modules.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "p11-kit.h" +#include "private.h" +#include "proxy.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Start wrap slots slightly higher for testing */ +#define MAPPING_OFFSET 0x10 +#define FIRST_HANDLE 0x10 + +typedef struct _Mapping { + CK_SLOT_ID wrap_slot; + CK_SLOT_ID real_slot; + CK_FUNCTION_LIST_PTR funcs; +} Mapping; + +typedef struct _Session { + CK_SESSION_HANDLE wrap_session; + CK_SESSION_HANDLE real_session; + CK_SLOT_ID wrap_slot; +} Session; + +typedef struct { + int refs; + Mapping *mappings; + unsigned int n_mappings; + p11_dict *sessions; + CK_FUNCTION_LIST **inited; + unsigned int forkid; + CK_SLOT_ID last_id; +} Proxy; + +typedef struct _State { + p11_virtual virt; + struct _State *next; + CK_FUNCTION_LIST **loaded; + CK_FUNCTION_LIST *wrapped; + CK_ULONG last_handle; + Proxy *px; +} State; + +static State *all_instances = NULL; + +#define PROXY_VALID(px) ((px) && (px)->forkid == p11_forkid) +#define PROXY_FORKED(px) ((px) && (px)->forkid != p11_forkid) + +#define MANUFACTURER_ID "PKCS#11 Kit " +#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " +#define LIBRARY_VERSION_MAJOR 1 +#define LIBRARY_VERSION_MINOR 1 + +/* ----------------------------------------------------------------------------- + * PKCS#11 PROXY MODULE + */ + +static CK_RV +map_slot_unlocked (Proxy *px, + CK_SLOT_ID slot, + Mapping *mapping) +{ + unsigned int i; + + assert (px != NULL); + assert (mapping != NULL); + + for (i = 0; i < px->n_mappings; i++) { + assert (px->mappings != NULL); + if (px->mappings[i].wrap_slot == slot) { + memcpy (mapping, &px->mappings[i], sizeof(Mapping)); + return CKR_OK; + } + } + + return CKR_SLOT_ID_INVALID; +} + +static CK_RV +map_slot_to_real (Proxy *px, + CK_SLOT_ID_PTR slot, + Mapping *mapping) +{ + CK_RV rv; + + assert (mapping != NULL); + + p11_lock (); + + if (!PROXY_VALID (px)) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + else + rv = map_slot_unlocked (px, *slot, mapping); + if (rv == CKR_OK) + *slot = mapping->real_slot; + + p11_unlock (); + + return rv; +} + +static CK_RV +map_session_to_real (Proxy *px, + CK_SESSION_HANDLE_PTR handle, + Mapping *mapping, + Session *session) +{ + CK_RV rv = CKR_OK; + Session *sess; + + assert (handle != NULL); + assert (mapping != NULL); + + p11_lock (); + + if (!PROXY_VALID (px)) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + assert (px->sessions); + sess = p11_dict_get (px->sessions, handle); + if (sess != NULL) { + *handle = sess->real_session; + rv = map_slot_unlocked (px, sess->wrap_slot, mapping); + if (session != NULL) + memcpy (session, sess, sizeof (Session)); + } else { + rv = CKR_SESSION_HANDLE_INVALID; + } + } + + p11_unlock (); + + return rv; +} + +static void +proxy_free (Proxy *py, unsigned finalize) +{ + if (py) { + if (finalize) + p11_kit_modules_finalize (py->inited); + free (py->inited); + p11_dict_free (py->sessions); + free (py->mappings); + free (py); + } +} + +static CK_RV +proxy_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + Proxy *py = NULL; + State *state = (State *)self; + CK_RV rv = CKR_OK; + + p11_debug ("in"); + + /* WARNING: This function must be reentrant */ + + if (reserved) { + rv = CKR_ARGUMENTS_BAD; + + } else { + p11_lock (); + + if (!PROXY_VALID (state->px)) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + py = state->px; + state->px = NULL; + } else if (state->px->refs-- == 1) { + py = state->px; + state->px = NULL; + } + + p11_unlock (); + + proxy_free (py, 1); + } + + p11_debug ("out: %lu", rv); + return rv; +} + +static CK_FUNCTION_LIST ** +modules_dup (CK_FUNCTION_LIST **modules) +{ + int count = 0; + + while (modules[count] != NULL) + count++; + + return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1)); +} + +static CK_RV +proxy_list_slots (Proxy *py, Mapping *mappings, unsigned int n_mappings) +{ + CK_FUNCTION_LIST_PTR *f; + CK_FUNCTION_LIST_PTR funcs; + CK_SLOT_ID_PTR slots; + CK_ULONG i, count; + unsigned int j; + CK_RV rv = CKR_OK; + + for (f = py->inited; *f; ++f) { + funcs = *f; + assert (funcs != NULL); + slots = NULL; + + /* Ask module for its slots */ + rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); + if (rv == CKR_OK && count) { + slots = calloc (sizeof (CK_SLOT_ID), count); + rv = (funcs->C_GetSlotList) (FALSE, slots, &count); + } + + if (rv != CKR_OK) { + free (slots); + break; + } + + return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR); + + if (count > 0) { + Mapping *new_mappings; + CK_SLOT_ID_PTR new_slots; + int new_slots_count = 0; + + new_slots = calloc (count, sizeof(CK_SLOT_ID)); + return_val_if_fail (new_slots != NULL, CKR_HOST_MEMORY); + new_mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + count)); + return_val_if_fail (new_mappings != NULL, CKR_HOST_MEMORY); + py->mappings = new_mappings; + + /* Reuse the existing mapping if any */ + for (i = 0; i < count; ++i) { + for (j = 0; j < n_mappings; ++j) { + /* cppcheck-suppress nullPointer symbolName=mappings */ + /* false-positive: https://trac.cppcheck.net/ticket/9573 */ + if (mappings[j].funcs == funcs && + mappings[j].real_slot == slots[i]) { + py->mappings[py->n_mappings].funcs = funcs; + py->mappings[py->n_mappings].real_slot = slots[i]; + py->mappings[py->n_mappings].wrap_slot = + mappings[j].wrap_slot; + ++py->n_mappings; + break; + } + } + if (n_mappings == 0 || j == n_mappings) { + new_slots[new_slots_count] = slots[i]; + ++new_slots_count; + } + } + + /* And now add a mapping for each new slot */ + for (i = 0; i < new_slots_count; ++i) { + ++py->last_id; + py->mappings[py->n_mappings].funcs = funcs; + py->mappings[py->n_mappings].wrap_slot = + py->last_id + MAPPING_OFFSET; + py->mappings[py->n_mappings].real_slot = new_slots[i]; + ++py->n_mappings; + } + + free(new_slots); + } + + free (slots); + } + return rv; +} + +static CK_RV +proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded, + Mapping *mappings, unsigned int n_mappings) +{ + CK_RV rv = CKR_OK; + Proxy *py; + + py = calloc (1, sizeof (Proxy)); + return_val_if_fail (py != NULL, CKR_HOST_MEMORY); + + py->forkid = p11_forkid; + py->last_id = 0; + + py->inited = modules_dup (loaded); + if (py->inited == NULL) { + proxy_free (py, 0); + return_val_if_reached (CKR_HOST_MEMORY); + } + + rv = p11_kit_modules_initialize (py->inited, NULL); + + if (rv == CKR_OK) { + rv = proxy_list_slots (py, mappings, n_mappings); + } + + if (rv != CKR_OK) { + proxy_free (py, 1); + return rv; + } + + py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free); + if (py->sessions == NULL) { + proxy_free (py, 1); + return_val_if_reached (CKR_HOST_MEMORY); + } + py->refs = 1; + + *res = py; + return CKR_OK; +} + +static CK_RV +proxy_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + State *state = (State *)self; + bool initialize = false; + Mapping *mappings = NULL; + unsigned int n_mappings = 0; + Proxy *py; + CK_RV rv; + + p11_library_init_once (); + + /* WARNING: This function must be reentrant */ + + p11_debug ("in"); + + p11_lock (); + + if (!PROXY_VALID (state->px)) { + unsigned call_finalize = 1; + + initialize = true; + if (PROXY_FORKED(state->px)) { + call_finalize = 0; + if (state->px->mappings) { + mappings = state->px->mappings; + n_mappings = state->px->n_mappings; + state->px->mappings = NULL; + state->px->n_mappings = 0; + } + } + proxy_free (state->px, call_finalize); + + state->px = NULL; + } else { + state->px->refs++; + } + + p11_unlock (); + + if (!initialize) { + p11_debug ("out: already: %lu", CKR_OK); + return CKR_OK; + } + + rv = proxy_create (&py, state->loaded, mappings, n_mappings); + free (mappings); + if (rv != CKR_OK) { + p11_debug ("out: %lu", rv); + return rv; + } + + p11_lock (); + + if (state->px == NULL) { + state->px = py; + py = NULL; + } + + p11_unlock (); + + proxy_free (py, 1); + p11_debug ("out: 0"); + return rv; +} + +static CK_RV +proxy_C_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info) +{ + State *state = (State *)self; + CK_RV rv = CKR_OK; + + p11_library_init_once (); + + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + p11_lock (); + + if (!PROXY_VALID (state->px)) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + p11_unlock (); + + if (rv != CKR_OK) + return rv; + + memset (info, 0, sizeof (CK_INFO)); + info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; + info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; + info->libraryVersion.major = LIBRARY_VERSION_MAJOR; + info->libraryVersion.minor = LIBRARY_VERSION_MINOR; + info->flags = 0; + memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + memcpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); + return CKR_OK; +} + +static CK_RV +proxy_C_GetSlotList (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + State *state = (State *)self; + CK_SLOT_INFO info; + Mapping *mapping; + CK_ULONG index; + CK_RV rv = CKR_OK; + unsigned int i; + + return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); + + p11_lock (); + + if (!PROXY_VALID (state->px)) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } + + if (rv == CKR_OK) { + Mapping *mappings = NULL; + unsigned int n_mappings = 0; + + if (state->px->mappings) { + mappings = state->px->mappings; + n_mappings = state->px->n_mappings; + state->px->mappings = NULL; + state->px->n_mappings = 0; + } + rv = proxy_list_slots (state->px, mappings, n_mappings); + if (rv == CKR_OK) { + free (mappings); + } else { + p11_debug ("failed to list slots: %lu", rv); + state->px->mappings = mappings; + state->px->n_mappings = n_mappings; + } + } + + if (rv == CKR_OK) { + index = 0; + + /* Go through and build up a map */ + for (i = 0; i < state->px->n_mappings; ++i) { + mapping = &state->px->mappings[i]; + + /* Skip ones without a token if requested */ + if (token_present) { + rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); + if (rv != CKR_OK) + break; + if (!(info.flags & CKF_TOKEN_PRESENT)) + continue; + } + + /* Fill in the slot if we can */ + if (slot_list && *count > index) + slot_list[index] = mapping->wrap_slot; + + ++index; + } + + if (slot_list && *count < index) + rv = CKR_BUFFER_TOO_SMALL; + + *count = index; + } + + p11_unlock (); + + return rv; +} + +static CK_RV +proxy_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_SLOT_INFO_PTR info) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (state->px, &id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetSlotInfo) (id, info); +} + +static CK_RV +proxy_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_TOKEN_INFO_PTR info) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (state->px, &id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetTokenInfo) (id, info); +} + +static CK_RV +proxy_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (state->px, &id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); +} + +static CK_RV +proxy_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (state->px, &id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetMechanismInfo) (id, type, info); +} + +static CK_RV +proxy_C_InitToken (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (state->px, &id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_InitToken) (id, pin, pin_len, label); +} + +static CK_RV +proxy_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + State *state = (State *)self; + Proxy *py = state->px; + CK_FUNCTION_LIST_PTR *f; + CK_FUNCTION_LIST_PTR funcs; + CK_SLOT_ID real_slot; + unsigned int i; + CK_RV rv = CKR_NO_EVENT; + + /* Only the non-blocking case is supported. */ + if ((flags & CKF_DONT_BLOCK) == 0) + return CKR_FUNCTION_NOT_SUPPORTED; + + p11_lock (); + + for (f = py->inited; *f; ++f) { + funcs = *f; + assert (funcs != NULL); + + rv = (funcs->C_WaitForSlotEvent) (flags, &real_slot, reserved); + if (rv == CKR_NO_EVENT) + continue; + if (rv != CKR_OK) + break; + for (i = 0; i < py->n_mappings; i++) + if (py->mappings[i].funcs == funcs && + py->mappings[i].real_slot == real_slot) { + *slot = py->mappings[i].wrap_slot; + break; + } + } + + p11_unlock (); + + return rv; +} + +static CK_RV +proxy_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR handle) +{ + State *state = (State *)self; + Session *sess; + Mapping map; + CK_RV rv; + + return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD); + + rv = map_slot_to_real (state->px, &id, &map); + if (rv != CKR_OK) + return rv; + + rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); + + if (rv == CKR_OK) { + p11_lock (); + + if (!PROXY_VALID (state->px)) { + /* + * The underlying module should have returned an error, so this + * code should never be reached with properly behaving modules. + * That's why we don't cleanup and close the newly opened session here + * or anything like that. + */ + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + } else { + sess = calloc (1, sizeof (Session)); + return_val_if_fail (sess != NULL, CKR_HOST_MEMORY); + sess->wrap_slot = map.wrap_slot; + sess->real_session = *handle; + sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */ + if (!p11_dict_set (state->px->sessions, &sess->wrap_session, sess)) + warn_if_reached (); + *handle = sess->wrap_session; + } + + p11_unlock (); + } + + return rv; +} + +static CK_RV +proxy_C_CloseSession (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle) +{ + State *state = (State *)self; + CK_SESSION_HANDLE key; + Mapping map; + CK_RV rv; + + key = handle; + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + rv = (map.funcs->C_CloseSession) (handle); + + if (rv == CKR_OK) { + p11_lock (); + + if (state->px) + p11_dict_remove (state->px->sessions, &key); + + p11_unlock (); + } + + return rv; +} + +static CK_RV +proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id) +{ + State *state = (State *)self; + CK_SESSION_HANDLE_PTR to_close; + CK_RV rv = CKR_OK; + Session *sess; + CK_ULONG i, count = 0; + p11_dictiter iter; + + p11_lock (); + + if (!PROXY_VALID (state->px)) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + assert (state->px->sessions != NULL); + to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions)); + if (!to_close) { + rv = CKR_HOST_MEMORY; + } else { + p11_dict_iterate (state->px->sessions, &iter); + count = 0; + while (p11_dict_next (&iter, NULL, (void**)&sess)) { + if (sess->wrap_slot == id) + to_close[count++] = sess->wrap_session; + } + } + } + + p11_unlock (); + + if (rv != CKR_OK) + return rv; + + for (i = 0; i < count; ++i) + proxy_C_CloseSession (self, to_close[i]); + + free (to_close); + return CKR_OK; +} + +static CK_RV +proxy_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_SESSION_INFO_PTR info) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + if (info == NULL) + return CKR_ARGUMENTS_BAD; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + rv = (map.funcs->C_GetSessionInfo) (handle, info); + if (rv == CKR_OK) + info->slotID = map.wrap_slot; + + return rv; +} + +static CK_RV +proxy_C_InitPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_InitPIN) (handle, pin, pin_len); +} + +static CK_RV +proxy_C_SetPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); +} + +static CK_RV +proxy_C_GetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); +} + +static CK_RV +proxy_C_SetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); +} + +static CK_RV +proxy_C_Login (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_Login) (handle, user_type, pin, pin_len); +} + +static CK_RV +proxy_C_Logout (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Logout) (handle); +} + +static CK_RV +proxy_C_CreateObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_CreateObject) (handle, template, count, new_object); +} + +static CK_RV +proxy_C_CopyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); +} + +static CK_RV +proxy_C_DestroyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DestroyObject) (handle, object); +} + +static CK_RV +proxy_C_GetObjectSize (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetObjectSize) (handle, object, size); +} + +static CK_RV +proxy_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetAttributeValue) (handle, object, template, count); +} + +static CK_RV +proxy_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SetAttributeValue) (handle, object, template, count); +} + +static CK_RV +proxy_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjectsInit) (handle, template, count); +} + +static CK_RV +proxy_C_FindObjects (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjects) (handle, objects, max_count, count); +} + +static CK_RV +proxy_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjectsFinal) (handle); +} + +static CK_RV +proxy_C_EncryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Encrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Encrypt) (handle, input, input_len, encrypted_data, encrypted_data_len); +} + +static CK_RV +proxy_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); +} + +static CK_RV +proxy_C_EncryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); +} + +static CK_RV +proxy_C_DecryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Decrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR output, + CK_ULONG_PTR output_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, output, output_len); +} + +static CK_RV +proxy_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +proxy_C_DecryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); +} + +static CK_RV +proxy_C_DigestInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestInit) (handle, mechanism); +} + +static CK_RV +proxy_C_Digest (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Digest) (handle, input, input_len, digest, digest_len); +} + +static CK_RV +proxy_C_DigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestUpdate) (handle, part, part_len); +} + +static CK_RV +proxy_C_DigestKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestKey) (handle, key); +} + +static CK_RV +proxy_C_DigestFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestFinal) (handle, digest, digest_len); +} + +static CK_RV +proxy_C_SignInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Sign (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Sign) (handle, input, input_len, signature, signature_len); +} + +static CK_RV +proxy_C_SignUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignUpdate) (handle, part, part_len); +} + +static CK_RV +proxy_C_SignFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignFinal) (handle, signature, signature_len); +} + +static CK_RV +proxy_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_SignRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignRecover) (handle, input, input_len, signature, signature_len); +} + +static CK_RV +proxy_C_VerifyInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Verify (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Verify) (handle, input, input_len, signature, signature_len); +} + +static CK_RV +proxy_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyUpdate) (handle, part, part_len); +} + +static CK_RV +proxy_C_VerifyFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); +} + +static CK_RV +proxy_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_VerifyRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR output, + CK_ULONG_PTR output_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, output, output_len); +} + +static CK_RV +proxy_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); +} + +static CK_RV +proxy_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +proxy_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); +} + +static CK_RV +proxy_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +proxy_C_GenerateKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); +} + +static CK_RV +proxy_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); +} + +static CK_RV +proxy_C_WrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); +} + +static CK_RV +proxy_C_UnwrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); +} + +static CK_RV +proxy_C_DeriveKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); +} + +static CK_RV +proxy_C_SeedRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SeedRandom) (handle, seed, seed_len); +} + +static CK_RV +proxy_C_GenerateRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE handle, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + State *state = (State *)self; + Mapping map; + CK_RV rv; + + rv = map_session_to_real (state->px, &handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); +} + +/* -------------------------------------------------------------------- + * MODULE ENTRY POINT + */ + +static CK_X_FUNCTION_LIST proxy_functions = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + proxy_C_Initialize, + proxy_C_Finalize, + proxy_C_GetInfo, + proxy_C_GetSlotList, + proxy_C_GetSlotInfo, + proxy_C_GetTokenInfo, + proxy_C_GetMechanismList, + proxy_C_GetMechanismInfo, + proxy_C_InitToken, + proxy_C_InitPIN, + proxy_C_SetPIN, + proxy_C_OpenSession, + proxy_C_CloseSession, + proxy_C_CloseAllSessions, + proxy_C_GetSessionInfo, + proxy_C_GetOperationState, + proxy_C_SetOperationState, + proxy_C_Login, + proxy_C_Logout, + proxy_C_CreateObject, + proxy_C_CopyObject, + proxy_C_DestroyObject, + proxy_C_GetObjectSize, + proxy_C_GetAttributeValue, + proxy_C_SetAttributeValue, + proxy_C_FindObjectsInit, + proxy_C_FindObjects, + proxy_C_FindObjectsFinal, + proxy_C_EncryptInit, + proxy_C_Encrypt, + proxy_C_EncryptUpdate, + proxy_C_EncryptFinal, + proxy_C_DecryptInit, + proxy_C_Decrypt, + proxy_C_DecryptUpdate, + proxy_C_DecryptFinal, + proxy_C_DigestInit, + proxy_C_Digest, + proxy_C_DigestUpdate, + proxy_C_DigestKey, + proxy_C_DigestFinal, + proxy_C_SignInit, + proxy_C_Sign, + proxy_C_SignUpdate, + proxy_C_SignFinal, + proxy_C_SignRecoverInit, + proxy_C_SignRecover, + proxy_C_VerifyInit, + proxy_C_Verify, + proxy_C_VerifyUpdate, + proxy_C_VerifyFinal, + proxy_C_VerifyRecoverInit, + proxy_C_VerifyRecover, + proxy_C_DigestEncryptUpdate, + proxy_C_DecryptDigestUpdate, + proxy_C_SignEncryptUpdate, + proxy_C_DecryptVerifyUpdate, + proxy_C_GenerateKey, + proxy_C_GenerateKeyPair, + proxy_C_WrapKey, + proxy_C_UnwrapKey, + proxy_C_DeriveKey, + proxy_C_SeedRandom, + proxy_C_GenerateRandom, + proxy_C_WaitForSlotEvent, +}; + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + CK_FUNCTION_LIST_PTR module = NULL; + CK_FUNCTION_LIST **loaded = NULL; + State *state; + CK_RV rv = CKR_OK; + + p11_library_init_once (); + p11_lock (); + + /* WARNING: Reentrancy can occur here */ + rv = p11_modules_load_inlock_reentrant (P11_KIT_MODULE_LOADED_FROM_PROXY, &loaded); + if (rv == CKR_OK) { + state = calloc (1, sizeof (State)); + if (!state) { + rv = CKR_HOST_MEMORY; + + } else { + p11_virtual_init (&state->virt, &proxy_functions, state, NULL); + state->last_handle = FIRST_HANDLE; + state->loaded = loaded; + loaded = NULL; + + module = p11_virtual_wrap (&state->virt, free); + if (module == NULL) { + rv = CKR_GENERAL_ERROR; + + } else { + state->wrapped = module; + state->next = all_instances; + all_instances = state; + } + } + } + + if (rv == CKR_OK) + *list = module; + + if (loaded) + p11_kit_modules_release (loaded); + + p11_unlock (); + + return rv; +} + +void +p11_proxy_module_cleanup (void) +{ + State *state, *next; + + state = all_instances; + all_instances = NULL; + + for (; state != NULL; state = next) { + next = state->next; + p11_kit_modules_release (state->loaded); + p11_virtual_unwrap (state->wrapped); + } +} + +bool +p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) +{ + State *state; + bool ret = false; + + if (!p11_virtual_is_wrapper (module)) + return false; + + p11_lock (); + for (state = all_instances; state != NULL; state = state->next) + if (state->wrapped == module) { + ret = true; + break; + } + p11_unlock (); + + return ret; +} + +CK_RV +p11_proxy_module_create (CK_FUNCTION_LIST_PTR *module, + CK_FUNCTION_LIST_PTR *modules) +{ + State *state; + CK_RV rv = CKR_OK; + + assert (module != NULL); + assert (modules != NULL); + + state = calloc (1, sizeof (State)); + if (!state) + return CKR_HOST_MEMORY; + + p11_virtual_init (&state->virt, &proxy_functions, state, NULL); + state->last_handle = FIRST_HANDLE; + state->loaded = modules_dup (modules); + state->wrapped = p11_virtual_wrap (&state->virt, (p11_destroyer)p11_virtual_uninit); + if (state->wrapped == NULL) { + p11_kit_modules_release (state->loaded); + free (state); + return CKR_GENERAL_ERROR; + } + + *module = state->wrapped; + + return rv; +} diff --git a/p11-kit/proxy.h b/p11-kit/proxy.h new file mode 100644 index 0000000..81926bd --- /dev/null +++ b/p11-kit/proxy.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_PROXY_H__ +#define __P11_PROXY_H__ + +bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module); + +void p11_proxy_module_cleanup (void); + +CK_RV p11_proxy_module_create (CK_FUNCTION_LIST_PTR *module, + CK_FUNCTION_LIST_PTR *modules); + + +#endif /* __P11_PROXY_H__ */ diff --git a/p11-kit/remote.c b/p11-kit/remote.c new file mode 100644 index 0000000..1642c7b --- /dev/null +++ b/p11-kit/remote.c @@ -0,0 +1,146 @@ +/* + * Copyright (C) 2014,2016 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "debug.h" +#include "iter.h" +#include "message.h" +#include "p11-kit.h" +#include "remote.h" +#include "tool.h" + +#include +#include +#include +#include +#include +#include + +int +main (int argc, + char *argv[]) +{ + int opt; + char *provider = NULL; + + enum { + opt_verbose = 'v', + opt_help = 'h', + opt_provider = 'p' + }; + + struct option options[] = { + { "verbose", no_argument, NULL, opt_verbose }, + { "help", no_argument, NULL, opt_help }, + { "provider", required_argument, NULL, opt_provider }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: p11-kit remote \n" + " p11-kit remote [-p ] ..." }, + { opt_provider, "specify the module to use" }, + { 0 }, + }; + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + p11_kit_be_loud (); + break; + case opt_help: + case '?': + p11_tool_usage (usages, options); + return 0; + case opt_provider: + provider = optarg; + break; + default: + assert_not_reached (); + break; + } + } + + argc -= optind; + argv += optind; + + if (argc < 1) { + p11_message ("specify a module or tokens to remote"); + return 2; + } + + if (isatty (0)) { + p11_message ("the 'remote' tool is not meant to be run from a terminal"); + return 2; + } + + if (strncmp (argv[0], "pkcs11:", 7) == 0) { + CK_FUNCTION_LIST *module = NULL; + int ret; + + if (provider) { + module = p11_kit_module_load (provider, 0); + if (module == NULL) + return 1; + } + + ret = p11_kit_remote_serve_tokens ((const char **)argv, argc, + module, + STDIN_FILENO, STDOUT_FILENO); + if (module) + p11_kit_module_release (module); + + return ret; + } else { + CK_FUNCTION_LIST *module; + int ret; + + if (argc != 1) { + p11_message ("only one module can be specified"); + return 2; + } + + module = p11_kit_module_load (argv[0], 0); + if (module == NULL) + return 1; + + ret = p11_kit_remote_serve_module (module, + STDIN_FILENO, STDOUT_FILENO); + p11_kit_module_release (module); + + return ret; + } +} diff --git a/p11-kit/remote.h b/p11-kit/remote.h new file mode 100644 index 0000000..c5a94a1 --- /dev/null +++ b/p11-kit/remote.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2014 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_KIT_REMOTE_H__ +#define __P11_KIT_REMOTE_H__ + +#include "p11-kit/p11-kit.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef P11_KIT_FUTURE_UNSTABLE_API + +int p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, + int in_fd, + int out_fd); + +#ifndef P11_KIT_DISABLE_DEPRECATED + +int p11_kit_remote_serve_token (CK_FUNCTION_LIST *module, + CK_TOKEN_INFO *token, + int in_fd, + int out_fd); + +#endif /* P11_KIT_DISABLE_DEPRECATED */ + +int p11_kit_remote_serve_tokens (const char **tokens, + size_t n_tokens, + CK_FUNCTION_LIST *provider, + int in_fd, + int out_fd); + +#endif + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* __P11_KIT_REMOTE_H__ */ diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c new file mode 100644 index 0000000..a72c1d1 --- /dev/null +++ b/p11-kit/rpc-client.c @@ -0,0 +1,1945 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_RPC +#include "debug.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "library.h" +#include "message.h" +#include "private.h" +#include "rpc.h" +#include "rpc-message.h" +#include "virtual.h" + +#include +#include +#include + +/* The error used by us when parsing of rpc message fails */ +#define PARSE_ERROR CKR_DEVICE_ERROR + +typedef struct { + p11_mutex_t mutex; + p11_rpc_client_vtable *vtable; + unsigned int initialized_forkid; + bool initialize_done; +} rpc_client; + +/* Allocator for call session buffers */ +static void * +log_allocator (void *pointer, + size_t size) +{ + void *result = realloc (pointer, (size_t)size); + return_val_if_fail (!size || result != NULL, NULL); + return result; +} + +static CK_RV +call_prepare (rpc_client *module, + p11_rpc_message *msg, + int call_id) +{ + p11_buffer *buffer; + + assert (module != NULL); + assert (msg != NULL); + + if (module->initialized_forkid != p11_forkid) + return CKR_CRYPTOKI_NOT_INITIALIZED; + if (!module->initialize_done) + return CKR_DEVICE_REMOVED; + + buffer = p11_rpc_buffer_new_full (64, log_allocator, free); + return_val_if_fail (buffer != NULL, CKR_GENERAL_ERROR); + + /* We use the same buffer for reading and writing */ + p11_rpc_message_init (msg, buffer, buffer); + + /* Put in the Call ID and signature */ + if (!p11_rpc_message_prep (msg, call_id, P11_RPC_REQUEST)) + return_val_if_reached (CKR_HOST_MEMORY); + + p11_debug ("prepared call: %d", call_id); + return CKR_OK; +} + +static CK_RV +call_run (rpc_client *module, + p11_rpc_message *msg) +{ + CK_RV ret = CKR_OK; + CK_ULONG ckerr; + + int call_id; + + assert (module != NULL); + assert (msg != NULL); + + /* Did building the call fail? */ + if (p11_buffer_failed (msg->output)) + return_val_if_reached (CKR_HOST_MEMORY); + + /* Make sure that the signature is valid */ + assert (p11_rpc_message_is_verified (msg)); + call_id = msg->call_id; + + /* Do the transport send and receive */ + assert (module->vtable->transport != NULL); + ret = (module->vtable->transport) (module->vtable, + msg->output, + msg->input); + + if (ret != CKR_OK) + return ret; + + if (!p11_rpc_message_parse (msg, P11_RPC_RESPONSE)) + return CKR_DEVICE_ERROR; + + /* If it's an error code then return it */ + if (msg->call_id == P11_RPC_CALL_ERROR) { + if (!p11_rpc_message_read_ulong (msg, &ckerr)) { + p11_message ("invalid rpc error response: too short"); + return CKR_DEVICE_ERROR; + } + + if (ckerr <= CKR_OK) { + p11_message ("invalid rpc error response: bad error code"); + return CKR_DEVICE_ERROR; + } + + /* An error code from the other side */ + return (CK_RV)ckerr; + } + + /* Make sure other side answered the right call */ + if (call_id != msg->call_id) { + p11_message ("invalid rpc response: call mismatch"); + return CKR_DEVICE_ERROR; + } + + assert (!p11_buffer_failed (msg->input)); + + p11_debug ("parsing response values"); + return CKR_OK; +} + +static CK_RV +call_done (rpc_client *module, + p11_rpc_message *msg, + CK_RV ret) +{ + assert (module != NULL); + assert (msg != NULL); + + /* Check for parsing errors that were not caught elsewhere */ + if (ret == CKR_OK) { + if (p11_buffer_failed (msg->input)) { + p11_message ("invalid rpc response: bad argument data"); + ret = CKR_GENERAL_ERROR; + } else { + /* Double check that the signature matched our decoding */ + assert (p11_rpc_message_is_verified (msg)); + } + } + + /* We used the same buffer for input/output, so this frees both */ + assert (msg->input == msg->output); + p11_rpc_buffer_free (msg->input); + + p11_rpc_message_clear (msg); + + return ret; +} + +/* ----------------------------------------------------------------------------- + * MODULE SPECIFIC PROTOCOL CODE + */ + +static CK_RV +proto_read_attribute_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG len) +{ + uint32_t i, num; + CK_RV ret; + + assert (len != 0); + assert (msg != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); + + /* Get the number of items. We need this value to be correct */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num)) + return PARSE_ERROR; + + /* + * This should never happen in normal operation. It denotes a goof up + * on the other side of our RPC. We should be indicating the exact number + * of attributes to the other side. And it should respond with the same + * number. + */ + if (len != num) { + p11_message ("received an attribute array with wrong number of attributes"); + return PARSE_ERROR; + } + + ret = CKR_OK; + + /* We need to go ahead and read everything in all cases */ + for (i = 0; i < num; ++i) { + size_t offset = msg->parsed; + CK_ATTRIBUTE temp; + + memset (&temp, 0, sizeof (temp)); + if (!p11_rpc_buffer_get_attribute (msg->input, &offset, &temp)) { + msg->parsed = offset; + return PARSE_ERROR; + } + + /* Try and stuff it in the output data */ + if (arr) { + CK_ATTRIBUTE *attr = &(arr[i]); + + if (temp.type != attr->type) { + p11_message ("returned attributes in invalid order"); + msg->parsed = offset; + return PARSE_ERROR; + } + + if (temp.ulValueLen != ((CK_ULONG)-1)) { + /* Just requesting the attribute size */ + if (!attr->pValue) { + attr->ulValueLen = temp.ulValueLen; + + /* Wants attribute data, but too small */ + } else if (attr->ulValueLen < temp.ulValueLen) { + attr->ulValueLen = temp.ulValueLen; + ret = CKR_BUFFER_TOO_SMALL; + + /* Wants attribute data, enough space */ + } else { + size_t offset2 = msg->parsed; + if (!p11_rpc_buffer_get_attribute (msg->input, &offset2, attr)) { + msg->parsed = offset2; + return PARSE_ERROR; + } + } + } else { + attr->ulValueLen = temp.ulValueLen; + } + } + + msg->parsed = offset; + } + + if (p11_buffer_failed (msg->input)) + return PARSE_ERROR; + + /* Read in the code that goes along with these attributes */ + if (!p11_rpc_message_read_ulong (msg, &ret)) + return PARSE_ERROR; + + return ret; +} + +static CK_RV +proto_read_byte_array (p11_rpc_message *msg, + CK_BYTE_PTR arr, + CK_ULONG_PTR len, + CK_ULONG max) +{ + const unsigned char *val; + unsigned char valid; + uint32_t length; + size_t vlen; + + assert (len != NULL); + assert (msg != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); + + /* A single byte which determines whether valid or not */ + if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) + return PARSE_ERROR; + + /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */ + if (!valid) { + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) + return PARSE_ERROR; + + *len = length; + + if (arr) + return CKR_BUFFER_TOO_SMALL; + else + return CKR_OK; + } + + /* Get the actual bytes */ + if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &vlen)) + return PARSE_ERROR; + + *len = vlen; + + /* Just asking us for size */ + if (!arr) + return CKR_OK; + + if (max < vlen) + return CKR_BUFFER_TOO_SMALL; + + /* Enough space, yay */ + memcpy (arr, val, vlen); + return CKR_OK; +} + +static CK_RV +proto_read_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr, + CK_ULONG_PTR len, CK_ULONG max) +{ + uint32_t i, num; + uint64_t val; + unsigned char valid; + + assert (len != NULL); + assert (msg != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "au")); + + /* A single byte which determines whether valid or not */ + if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) + return PARSE_ERROR; + + /* Get the number of items. */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num)) + return PARSE_ERROR; + + *len = num; + + /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */ + if (!valid) { + if (arr) + return CKR_BUFFER_TOO_SMALL; + else + return CKR_OK; + } + + if (max < num) + return CKR_BUFFER_TOO_SMALL; + + /* We need to go ahead and read everything in all cases */ + for (i = 0; i < num; ++i) { + if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val)) + return PARSE_ERROR; + if (arr) + arr[i] = (CK_ULONG)val; + } + + return p11_buffer_failed (msg->input) ? PARSE_ERROR : CKR_OK; +} + +static void +mechanism_list_purge (CK_MECHANISM_TYPE_PTR mechs, + CK_ULONG *n_mechs) +{ + int i; + + assert (mechs != NULL); + assert (n_mechs != NULL); + + for (i = 0; i < (int)(*n_mechs); ++i) { + if (!p11_rpc_mechanism_is_supported (mechs[i])) { + + /* Remove the mechanism from the list */ + memmove (&mechs[i], &mechs[i + 1], + (*n_mechs - i) * sizeof (CK_MECHANISM_TYPE)); + + --(*n_mechs); + --i; + } + } +} + +static CK_RV +proto_write_mechanism (p11_rpc_message *msg, + CK_MECHANISM_PTR mech) +{ + assert (msg != NULL); + assert (mech != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); + + if (!p11_rpc_mechanism_is_supported (mech->mechanism)) + return CKR_MECHANISM_INVALID; + + /* + * PKCS#11 mechanism parameters are not easy to serialize. They're + * completely different for so many mechanisms, they contain + * pointers to arbitrary memory, and many callers don't initialize + * them completely or properly. + * + * We only support certain mechanisms. + * + * Also callers do yucky things like leaving parts of the structure + * pointing to garbage if they don't think it's going to be used. + */ + + p11_rpc_buffer_add_mechanism (msg->output, mech); + + return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK; +} + +static CK_RV +proto_read_info (p11_rpc_message *msg, + CK_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_read_version (msg, &info->cryptokiVersion) || + !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || + !p11_rpc_message_read_ulong (msg, &info->flags) || + !p11_rpc_message_read_space_string (msg, info->libraryDescription, 32) || + !p11_rpc_message_read_version (msg, &info->libraryVersion)) + return PARSE_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_slot_info (p11_rpc_message *msg, + CK_SLOT_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_read_space_string (msg, info->slotDescription, 64) || + !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || + !p11_rpc_message_read_ulong (msg, &info->flags) || + !p11_rpc_message_read_version (msg, &info->hardwareVersion) || + !p11_rpc_message_read_version (msg, &info->firmwareVersion)) + return PARSE_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_token_info (p11_rpc_message *msg, + CK_TOKEN_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_read_space_string (msg, info->label, 32) || + !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) || + !p11_rpc_message_read_space_string (msg, info->model, 16) || + !p11_rpc_message_read_space_string (msg, info->serialNumber, 16) || + !p11_rpc_message_read_ulong (msg, &info->flags) || + !p11_rpc_message_read_ulong (msg, &info->ulMaxSessionCount) || + !p11_rpc_message_read_ulong (msg, &info->ulSessionCount) || + !p11_rpc_message_read_ulong (msg, &info->ulMaxRwSessionCount) || + !p11_rpc_message_read_ulong (msg, &info->ulRwSessionCount) || + !p11_rpc_message_read_ulong (msg, &info->ulMaxPinLen) || + !p11_rpc_message_read_ulong (msg, &info->ulMinPinLen) || + !p11_rpc_message_read_ulong (msg, &info->ulTotalPublicMemory) || + !p11_rpc_message_read_ulong (msg, &info->ulFreePublicMemory) || + !p11_rpc_message_read_ulong (msg, &info->ulTotalPrivateMemory) || + !p11_rpc_message_read_ulong (msg, &info->ulFreePrivateMemory) || + !p11_rpc_message_read_version (msg, &info->hardwareVersion) || + !p11_rpc_message_read_version (msg, &info->firmwareVersion) || + !p11_rpc_message_read_space_string (msg, info->utcTime, 16)) + return PARSE_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_mechanism_info (p11_rpc_message *msg, + CK_MECHANISM_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_read_ulong (msg, &info->ulMinKeySize) || + !p11_rpc_message_read_ulong (msg, &info->ulMaxKeySize) || + !p11_rpc_message_read_ulong (msg, &info->flags)) + return PARSE_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_sesssion_info (p11_rpc_message *msg, + CK_SESSION_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_read_ulong (msg, &info->slotID) || + !p11_rpc_message_read_ulong (msg, &info->state) || + !p11_rpc_message_read_ulong (msg, &info->flags) || + !p11_rpc_message_read_ulong (msg, &info->ulDeviceError)) + return PARSE_ERROR; + + return CKR_OK; +} + +/* ------------------------------------------------------------------- + * CALL MACROS + */ + +#define BEGIN_CALL_OR(call_id, self, if_no_daemon) \ + p11_debug (#call_id ": enter"); \ + { \ + rpc_client *_mod = ((p11_virtual *)self)->lower_module; p11_rpc_message _msg; \ + CK_RV _ret = call_prepare (_mod, &_msg, P11_RPC_CALL_##call_id); \ + if (_ret == CKR_DEVICE_REMOVED) return (if_no_daemon); \ + if (_ret != CKR_OK) return _ret; + +#define PROCESS_CALL \ + _ret = call_run (_mod, &_msg); \ + if (_ret != CKR_OK) goto _cleanup; + +#define RETURN(ret) \ + _ret = ret; \ + goto _cleanup; + +#define END_CALL \ + _cleanup: \ + _ret = call_done (_mod, &_msg, _ret); \ + p11_debug ("ret: %lu", _ret); \ + return _ret; \ + } + +#define IN_BYTE(val) \ + if (!p11_rpc_message_write_byte (&_msg, val)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_ULONG(val) \ + if (!p11_rpc_message_write_ulong (&_msg, val)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_STRING(val) \ + if (!p11_rpc_message_write_zero_string (&_msg, val)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_BYTE_BUFFER(arr, len) \ + if (len == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ + if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? *len : 0)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_BYTE_ARRAY(arr, len) \ + if (len != 0 && arr == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ + if (!p11_rpc_message_write_byte_array (&_msg, arr, len)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_ULONG_BUFFER(arr, len) \ + if (len == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ + if (!p11_rpc_message_write_ulong_buffer (&_msg, arr ? *len : 0)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_ULONG_ARRAY(arr, len) \ + if (len != 0 && arr == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; }\ + if (!p11_rpc_message_write_ulong_array (&_msg, arr, len)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_ATTRIBUTE_BUFFER(arr, num) \ + if (num != 0 && arr == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ + if (!p11_rpc_message_write_attribute_buffer (&_msg, (arr), (num))) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_ATTRIBUTE_ARRAY(arr, num) \ + if (num != 0 && arr == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ + if (!p11_rpc_message_write_attribute_array (&_msg, (arr), (num))) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_MECHANISM_TYPE(val) \ + if(!p11_rpc_mechanism_is_supported (val)) \ + { _ret = CKR_MECHANISM_INVALID; goto _cleanup; } \ + if (!p11_rpc_message_write_ulong (&_msg, val)) \ + { _ret = CKR_HOST_MEMORY; goto _cleanup; } + +#define IN_MECHANISM(val) \ + if (val == NULL) \ + { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \ + _ret = proto_write_mechanism (&_msg, val); \ + if (_ret != CKR_OK) goto _cleanup; + + + +#define OUT_ULONG(val) \ + if (val == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK && !p11_rpc_message_read_ulong (&_msg, val)) \ + _ret = PARSE_ERROR; + +#define OUT_BYTE_ARRAY(arr, len) \ + if (len == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_byte_array (&_msg, (arr), (len), *(len)); + +#define OUT_ULONG_ARRAY(a, len) \ + if (len == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_ulong_array (&_msg, (a), (len), *(len)); + +#define OUT_ATTRIBUTE_ARRAY(arr, num) \ + if (_ret == CKR_OK) \ + _ret = proto_read_attribute_array (&_msg, (arr), (num)); + +#define OUT_INFO(info) \ + if (info == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_info (&_msg, info); + +#define OUT_SLOT_INFO(info) \ + if (info == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_slot_info (&_msg, info); + +#define OUT_TOKEN_INFO(info) \ + if (info == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_token_info (&_msg, info); + +#define OUT_SESSION_INFO(info) \ + if (info == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_sesssion_info (&_msg, info); + +#define OUT_MECHANISM_TYPE_ARRAY(arr, len) \ + if (len == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_ulong_array (&_msg, (arr), (len), *(len)); \ + if (_ret == CKR_OK && arr) \ + mechanism_list_purge (arr, len); + +#define OUT_MECHANISM_INFO(info) \ + if (info == NULL) \ + _ret = CKR_ARGUMENTS_BAD; \ + if (_ret == CKR_OK) \ + _ret = proto_read_mechanism_info (&_msg, info); + + +/* ------------------------------------------------------------------- + * INITIALIZATION and 'GLOBAL' CALLS + */ + +static CK_RV +rpc_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + rpc_client *module = ((p11_virtual *)self)->lower_module; + CK_C_INITIALIZE_ARGS_PTR args = NULL; + void *reserved = NULL; + CK_RV ret = CKR_OK; + p11_rpc_message msg; + + assert (module != NULL); + p11_debug ("C_Initialize: enter"); + + if (init_args != NULL) { + int supplied_ok; + + /* + * pReserved is either a string or NULL. Other cases + * should be rejected by the caller of this function. + */ + args = init_args; + + /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ + supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && + args->LockMutex == NULL && args->UnlockMutex == NULL) || + (args->CreateMutex != NULL && args->DestroyMutex != NULL && + args->LockMutex != NULL && args->UnlockMutex != NULL); + if (!supplied_ok) { + p11_message ("invalid set of mutex calls supplied"); + return CKR_ARGUMENTS_BAD; + } + + /* + * When the CKF_OS_LOCKING_OK flag isn't set return an error. + * We must be able to use our mutex functionality. + */ + if (!(args->flags & CKF_OS_LOCKING_OK)) { + p11_message ("can't do without os locking"); + return CKR_CANT_LOCK; + } + + if (args->pReserved) + reserved = args->pReserved; + } + + p11_mutex_lock (&module->mutex); + + if (module->initialized_forkid != 0) { + /* This process has called C_Initialize already */ + if (p11_forkid == module->initialized_forkid) { + p11_message ("C_Initialize called twice for same process"); + ret = CKR_CRYPTOKI_ALREADY_INITIALIZED; + goto done; + } + } + + /* Call out to initialize client callback */ + assert (module->vtable->connect != NULL); + ret = (module->vtable->connect) (module->vtable, reserved); + + /* Successfully initialized */ + if (ret == CKR_OK) { + module->initialized_forkid = p11_forkid; + module->initialize_done = true; + + /* Server doesn't exist, initialize but don't call */ + } else if (ret == CKR_DEVICE_REMOVED) { + module->initialized_forkid = p11_forkid; + module->initialize_done = false; + ret = CKR_OK; + goto done; + + } else { + goto done; + } + + /* If we don't have read and write fds now, then initialize other side */ + ret = call_prepare (module, &msg, P11_RPC_CALL_C_Initialize); + if (ret == CKR_OK) + if (!p11_rpc_message_write_byte_array (&msg, P11_RPC_HANDSHAKE, P11_RPC_HANDSHAKE_LEN)) + ret = CKR_HOST_MEMORY; + if (ret == CKR_OK) { + if (!p11_rpc_message_write_byte (&msg, reserved != NULL)) + ret = CKR_HOST_MEMORY; + } + if (ret == CKR_OK) { + char *reserved_string = ""; + if (reserved != NULL) + reserved_string = (char *) reserved; + if (!p11_rpc_message_write_byte_array (&msg, (CK_BYTE_PTR) reserved_string, strlen (reserved_string) + 1)) + ret = CKR_HOST_MEMORY; + } + if (ret == CKR_OK) + ret = call_run (module, &msg); + call_done (module, &msg, ret); + +done: + /* If failed then unmark initialized */ + if (ret != CKR_OK && ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) + module->initialized_forkid = 0; + + /* If we told our caller that we're initialized, but not really, then finalize */ + if (ret != CKR_OK && ret != CKR_CRYPTOKI_ALREADY_INITIALIZED && module->initialize_done) { + module->initialize_done = false; + assert (module->vtable->disconnect != NULL); + (module->vtable->disconnect) (module->vtable, reserved); + } + + p11_mutex_unlock (&module->mutex); + + p11_debug ("C_Initialize: %lu", ret); + return ret; +} + +static CK_RV +rpc_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + rpc_client *module = ((p11_virtual *)self)->lower_module; + CK_RV ret = CKR_OK; + p11_rpc_message msg; + + p11_debug ("C_Finalize: enter"); + return_val_if_fail (module->initialized_forkid == p11_forkid, CKR_CRYPTOKI_NOT_INITIALIZED); + return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD); + + p11_mutex_lock (&module->mutex); + + if (module->initialize_done) { + ret = call_prepare (module, &msg, P11_RPC_CALL_C_Finalize); + if (ret == CKR_OK) + ret = call_run (module, &msg); + call_done (module, &msg, ret); + if (ret != CKR_OK) + p11_message ("finalizing rpc module returned an error: %lu", ret); + + module->initialize_done = false; + assert (module->vtable->disconnect != NULL); + (module->vtable->disconnect) (module->vtable, reserved); + } + + module->initialized_forkid = 0; + + p11_mutex_unlock (&module->mutex); + + p11_debug ("C_Finalize: %lu", CKR_OK); + return CKR_OK; +} + +static CK_RV +fill_stand_in_info (CK_INFO_PTR info) +{ + static CK_INFO stand_in_info = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + "p11-kit ", + 0, + "p11-kit (no connection) ", + { 1, 1 }, + }; + memcpy (info, &stand_in_info, sizeof (CK_INFO)); + return CKR_OK; + +} + +static CK_RV +rpc_C_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetInfo, self, fill_stand_in_info (info)); + PROCESS_CALL; + OUT_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetSlotList, self, (*count = 0, CKR_OK)); + IN_BYTE (token_present); + IN_ULONG_BUFFER (slot_list, count); + PROCESS_CALL; + OUT_ULONG_ARRAY (slot_list, count); + END_CALL; +} + +static CK_RV +rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetSlotInfo, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + PROCESS_CALL; + OUT_SLOT_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetTokenInfo, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + PROCESS_CALL; + OUT_TOKEN_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetMechanismList, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + IN_ULONG_BUFFER (mechanism_list, count); + PROCESS_CALL; + OUT_MECHANISM_TYPE_ARRAY (mechanism_list, count); + END_CALL; +} + +static CK_RV +rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetMechanismInfo, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + IN_MECHANISM_TYPE (type); + PROCESS_CALL; + OUT_MECHANISM_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_InitToken (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + BEGIN_CALL_OR (C_InitToken, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + IN_BYTE_ARRAY (pin, pin_len); + IN_STRING (label); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + return_val_if_fail (slot, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_WaitForSlotEvent, self, CKR_DEVICE_REMOVED); + IN_ULONG (flags); + PROCESS_CALL; + OUT_ULONG (slot); + END_CALL; +} + +static CK_RV +rpc_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session) +{ + return_val_if_fail (session, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_OpenSession, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + IN_ULONG (flags); + PROCESS_CALL; + OUT_ULONG (session); + END_CALL; +} + +static CK_RV +rpc_C_CloseSession (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + BEGIN_CALL_OR (C_CloseSession, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id) +{ + BEGIN_CALL_OR (C_CloseAllSessions, self, CKR_SLOT_ID_INVALID); + IN_ULONG (slot_id); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetSessionInfo, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + PROCESS_CALL; + OUT_SESSION_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_InitPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + BEGIN_CALL_OR (C_InitPIN, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (pin, pin_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_SetPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + BEGIN_CALL_OR (C_SetPIN, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (old_pin, old_pin_len); + IN_BYTE_ARRAY (new_pin, new_pin_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetOperationState, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_BUFFER (operation_state, operation_state_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (operation_state, operation_state_len); + END_CALL; +} + +static CK_RV +rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + BEGIN_CALL_OR (C_SetOperationState, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (operation_state, operation_state_len); + IN_ULONG (encryption_key); + IN_ULONG (authentication_key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Login (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + BEGIN_CALL_OR (C_Login, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (user_type); + IN_BYTE_ARRAY (pin, pin_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Logout (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + BEGIN_CALL_OR (C_Logout, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_CreateObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_CreateObject, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + OUT_ULONG (new_object); + END_CALL; +} + +static CK_RV +rpc_C_CopyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_CopyObject, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (object); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + OUT_ULONG (new_object); + END_CALL; +} + + +static CK_RV +rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + BEGIN_CALL_OR (C_DestroyObject, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (object); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + return_val_if_fail (size, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_GetObjectSize, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (object); + PROCESS_CALL; + OUT_ULONG (size); + END_CALL; +} + +static CK_RV +rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + BEGIN_CALL_OR (C_GetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (object); + IN_ATTRIBUTE_BUFFER (template, count); + PROCESS_CALL; + OUT_ATTRIBUTE_ARRAY (template, count); + END_CALL; +} + +static CK_RV +rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + BEGIN_CALL_OR (C_SetAttributeValue, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (object); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + BEGIN_CALL_OR (C_FindObjectsInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_FindObjects (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + /* HACK: To fix a stupid gcc warning */ + CK_ULONG_PTR address_of_max_count = &max_count; + + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_FindObjects, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG_BUFFER (objects, address_of_max_count); + PROCESS_CALL; + *count = max_count; + OUT_ULONG_ARRAY (objects, count); + END_CALL; +} + +static CK_RV +rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + BEGIN_CALL_OR (C_FindObjectsFinal, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_EncryptInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Encrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_Encrypt, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (encrypted_data, encrypted_data_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len); + END_CALL; +} + +static CK_RV +rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_EncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); + END_CALL; +} + +static CK_RV +rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_EncryptFinal, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_BUFFER (last_part, last_part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (last_part, last_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_DecryptInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Decrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_Decrypt, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (enc_data, enc_data_len); + IN_BYTE_BUFFER (data, data_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (data, data_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_DecryptUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (enc_part, enc_part_len); + IN_BYTE_BUFFER (part, part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (part, part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_DecryptFinal, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_BUFFER (last_part, last_part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (last_part, last_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + BEGIN_CALL_OR (C_DigestInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Digest (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_Digest, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (digest, digest_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (digest, digest_len); + END_CALL; +} + +static CK_RV +rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + BEGIN_CALL_OR (C_DigestUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_DigestKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_DigestKey, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_DigestFinal, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_BUFFER (digest, digest_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (digest, digest_len); + END_CALL; +} + +static CK_RV +rpc_C_SignInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_SignInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Sign (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_Sign, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (signature, signature_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (signature, signature_len); + END_CALL; +} + +static CK_RV +rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_SignUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_SignFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_SignFinal, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_BUFFER (signature, signature_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (signature, signature_len); + END_CALL; +} + +static CK_RV +rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_SignRecoverInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_SignRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_SignRecover, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (signature, signature_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (signature, signature_len); + END_CALL; +} + +static CK_RV +rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_VerifyInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_Verify (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + BEGIN_CALL_OR (C_Verify, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_ARRAY (signature, signature_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + BEGIN_CALL_OR (C_VerifyUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + BEGIN_CALL_OR (C_VerifyFinal, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (signature, signature_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + BEGIN_CALL_OR (C_VerifyRecoverInit, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_VerifyRecover, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (signature, signature_len); + IN_BYTE_BUFFER (data, data_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (data, data_len); + END_CALL; +} + +static CK_RV +rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_DigestEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (enc_part, enc_part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (enc_part, enc_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_DecryptDigestUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (enc_part, enc_part_len); + IN_BYTE_BUFFER (part, part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (part, part_len); + END_CALL; +} + +static CK_RV +rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_SignEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (enc_part, enc_part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (enc_part, enc_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_DecryptVerifyUpdate, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (enc_part, enc_part_len); + IN_BYTE_BUFFER (part, part_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (part, part_len); + END_CALL; +} + +static CK_RV +rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + BEGIN_CALL_OR (C_GenerateKey, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + OUT_ULONG (key); + END_CALL; +} + +static CK_RV +rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key) +{ + BEGIN_CALL_OR (C_GenerateKeyPair, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ATTRIBUTE_ARRAY (pub_template, pub_count); + IN_ATTRIBUTE_ARRAY (priv_template, priv_count); + PROCESS_CALL; + OUT_ULONG (pub_key); + OUT_ULONG (priv_key); + END_CALL; +} + +static CK_RV +rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); + + BEGIN_CALL_OR (C_WrapKey, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (wrapping_key); + IN_ULONG (key); + IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); + PROCESS_CALL; + OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); + END_CALL; +} + +static CK_RV +rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + BEGIN_CALL_OR (C_UnwrapKey, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (unwrapping_key); + IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + OUT_ULONG (key); + END_CALL; +} + +static CK_RV +rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + BEGIN_CALL_OR (C_DeriveKey, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (base_key); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL; + OUT_ULONG (key); + END_CALL; +} + +static CK_RV +rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + BEGIN_CALL_OR (C_SeedRandom, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_ARRAY (seed, seed_len); + PROCESS_CALL; + END_CALL; +} + +static CK_RV +rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + CK_ULONG_PTR address = &random_len; + + BEGIN_CALL_OR (C_GenerateRandom, self, CKR_SESSION_HANDLE_INVALID); + IN_ULONG (session); + IN_BYTE_BUFFER (random_data, address); + PROCESS_CALL; + OUT_BYTE_ARRAY (random_data, address); + END_CALL; +} + +static CK_X_FUNCTION_LIST rpc_functions = { + { -1, -1 }, + rpc_C_Initialize, + rpc_C_Finalize, + rpc_C_GetInfo, + rpc_C_GetSlotList, + rpc_C_GetSlotInfo, + rpc_C_GetTokenInfo, + rpc_C_GetMechanismList, + rpc_C_GetMechanismInfo, + rpc_C_InitToken, + rpc_C_InitPIN, + rpc_C_SetPIN, + rpc_C_OpenSession, + rpc_C_CloseSession, + rpc_C_CloseAllSessions, + rpc_C_GetSessionInfo, + rpc_C_GetOperationState, + rpc_C_SetOperationState, + rpc_C_Login, + rpc_C_Logout, + rpc_C_CreateObject, + rpc_C_CopyObject, + rpc_C_DestroyObject, + rpc_C_GetObjectSize, + rpc_C_GetAttributeValue, + rpc_C_SetAttributeValue, + rpc_C_FindObjectsInit, + rpc_C_FindObjects, + rpc_C_FindObjectsFinal, + rpc_C_EncryptInit, + rpc_C_Encrypt, + rpc_C_EncryptUpdate, + rpc_C_EncryptFinal, + rpc_C_DecryptInit, + rpc_C_Decrypt, + rpc_C_DecryptUpdate, + rpc_C_DecryptFinal, + rpc_C_DigestInit, + rpc_C_Digest, + rpc_C_DigestUpdate, + rpc_C_DigestKey, + rpc_C_DigestFinal, + rpc_C_SignInit, + rpc_C_Sign, + rpc_C_SignUpdate, + rpc_C_SignFinal, + rpc_C_SignRecoverInit, + rpc_C_SignRecover, + rpc_C_VerifyInit, + rpc_C_Verify, + rpc_C_VerifyUpdate, + rpc_C_VerifyFinal, + rpc_C_VerifyRecoverInit, + rpc_C_VerifyRecover, + rpc_C_DigestEncryptUpdate, + rpc_C_DecryptDigestUpdate, + rpc_C_SignEncryptUpdate, + rpc_C_DecryptVerifyUpdate, + rpc_C_GenerateKey, + rpc_C_GenerateKeyPair, + rpc_C_WrapKey, + rpc_C_UnwrapKey, + rpc_C_DeriveKey, + rpc_C_SeedRandom, + rpc_C_GenerateRandom, + rpc_C_WaitForSlotEvent, +}; + +static void +rpc_client_free (void *data) +{ + rpc_client *client = data; + p11_mutex_uninit (&client->mutex); + free (client); +} + +bool +p11_rpc_client_init (p11_virtual *virt, + p11_rpc_client_vtable *vtable) +{ + rpc_client *client; + + p11_message_clear (); + + return_val_if_fail (vtable != NULL, false); + return_val_if_fail (vtable->connect != NULL, false); + return_val_if_fail (vtable->transport != NULL, false); + return_val_if_fail (vtable->disconnect != NULL, false); + + P11_RPC_CHECK_CALLS (); + + client = calloc (1, sizeof (rpc_client)); + return_val_if_fail (client != NULL, false); + + p11_mutex_init (&client->mutex); + client->vtable = vtable; + + p11_virtual_init (virt, &rpc_functions, client, rpc_client_free); + return true; +} diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c new file mode 100644 index 0000000..be45c18 --- /dev/null +++ b/p11-kit/rpc-message.c @@ -0,0 +1,1592 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_RPC +#include "debug.h" +#include "library.h" +#include "message.h" +#include "private.h" +#include "rpc-message.h" + +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +void +p11_rpc_message_init (p11_rpc_message *msg, + p11_buffer *input, + p11_buffer *output) +{ + assert (input != NULL); + assert (output != NULL); + assert (output->ffree != NULL); + assert (output->frealloc != NULL); + + memset (msg, 0, sizeof (*msg)); + + msg->output = output; + msg->input = input; +} + +void +p11_rpc_message_clear (p11_rpc_message *msg) +{ + void *allocated; + void **data; + + assert (msg != NULL); + + /* Free up the extra allocated memory */ + allocated = msg->extra; + while (allocated != NULL) { + data = (void **)allocated; + + /* Pointer to the next allocation */ + allocated = *data; + assert (msg->output->ffree); + (msg->output->ffree) (data); + } + + msg->output = NULL; + msg->input = NULL; + msg->extra = NULL; +} + +void * +p11_rpc_message_alloc_extra (p11_rpc_message *msg, + size_t length) +{ + void **data; + + assert (msg != NULL); + + if (length > 0x7fffffff) + return NULL; + + assert (msg->output->frealloc != NULL); + data = (msg->output->frealloc) (NULL, sizeof (void *) + length); + if (data == NULL) + return NULL; + + /* Munch up the memory to help catch bugs */ + memset (data, 0xff, sizeof (void *) + length); + + /* Store pointer to next allocated block at beginning */ + *data = msg->extra; + msg->extra = data; + + /* Data starts after first pointer */ + return (void *)(data + 1); +} + +bool +p11_rpc_message_prep (p11_rpc_message *msg, + int call_id, + p11_rpc_message_type type) +{ + int len; + + assert (type != 0); + assert (call_id >= P11_RPC_CALL_ERROR); + assert (call_id < P11_RPC_CALL_MAX); + + p11_buffer_reset (msg->output, 0); + msg->signature = NULL; + + /* The call id and signature */ + if (type == P11_RPC_REQUEST) + msg->signature = p11_rpc_calls[call_id].request; + else if (type == P11_RPC_RESPONSE) + msg->signature = p11_rpc_calls[call_id].response; + else + assert_not_reached (); + assert (msg->signature != NULL); + msg->sigverify = msg->signature; + + msg->call_id = call_id; + msg->call_type = type; + + /* Encode the two of them */ + p11_rpc_buffer_add_uint32 (msg->output, call_id); + if (msg->signature) { + len = strlen (msg->signature); + p11_rpc_buffer_add_byte_array (msg->output, (unsigned char*)msg->signature, len); + } + + msg->parsed = 0; + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_parse (p11_rpc_message *msg, + p11_rpc_message_type type) +{ + const unsigned char *val; + size_t len; + uint32_t call_id; + + assert (msg != NULL); + assert (msg->input != NULL); + + msg->parsed = 0; + + /* Pull out the call identifier */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &call_id)) { + p11_message ("invalid message: couldn't read call identifier"); + return false; + } + + msg->signature = msg->sigverify = NULL; + + /* The call id and signature */ + if (call_id >= P11_RPC_CALL_MAX || + (type == P11_RPC_REQUEST && call_id == P11_RPC_CALL_ERROR)) { + p11_message ("invalid message: bad call id: %d", call_id); + return false; + } + if (type == P11_RPC_REQUEST) + msg->signature = p11_rpc_calls[call_id].request; + else if (type == P11_RPC_RESPONSE) + msg->signature = p11_rpc_calls[call_id].response; + else + assert_not_reached (); + assert (msg->signature != NULL); + msg->call_id = call_id; + msg->call_type = type; + msg->sigverify = msg->signature; + + /* Verify the incoming signature */ + if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &len) || + /* This can happen if the length header == 0xffffffff */ + val == NULL) { + p11_message ("invalid message: couldn't read signature"); + return false; + } + + if ((strlen (msg->signature) != len) || (memcmp (val, msg->signature, len) != 0)) { + p11_message ("invalid message: signature doesn't match"); + return false; + } + + return true; +} + +bool +p11_rpc_message_verify_part (p11_rpc_message *msg, + const char* part) +{ + int len; + bool ok; + + if (!msg->sigverify) + return true; + + len = strlen (part); + ok = (strncmp (msg->sigverify, part, len) == 0); + if (ok) + msg->sigverify += len; + return ok; +} + +bool +p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num) +{ + CK_ATTRIBUTE_PTR attr; + CK_ULONG i; + + assert (num == 0 || arr != NULL); + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); + + /* Write the number of items */ + p11_rpc_buffer_add_uint32 (msg->output, num); + + for (i = 0; i < num; ++i) { + attr = &(arr[i]); + + /* The attribute type */ + p11_rpc_buffer_add_uint32 (msg->output, attr->type); + + /* And the attribute buffer length */ + p11_rpc_buffer_add_uint32 (msg->output, attr->pValue ? attr->ulValueLen : 0); + } + + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_write_attribute_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num) +{ + CK_ULONG i; + + assert (num == 0 || arr != NULL); + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); + + /* Write the number of items */ + p11_rpc_buffer_add_uint32 (msg->output, num); + + for (i = 0; i < num; ++i) + p11_rpc_buffer_add_attribute (msg->output, &(arr[i])); + + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_read_byte (p11_rpc_message *msg, + CK_BYTE *val) +{ + assert (msg != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "y")); + return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, val); +} + +bool +p11_rpc_message_write_byte (p11_rpc_message *msg, + CK_BYTE val) +{ + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "y")); + p11_rpc_buffer_add_byte (msg->output, val); + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_read_ulong (p11_rpc_message *msg, + CK_ULONG *val) +{ + uint64_t v; + + assert (msg != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "u")); + + if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &v)) + return false; + if (val) + *val = (CK_ULONG)v; + return true; +} + +bool +p11_rpc_message_write_ulong (p11_rpc_message *msg, + CK_ULONG val) +{ + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "u")); + p11_rpc_buffer_add_uint64 (msg->output, val); + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_write_byte_buffer (p11_rpc_message *msg, + CK_ULONG count) +{ + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy")); + p11_rpc_buffer_add_uint32 (msg->output, count); + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_write_byte_array (p11_rpc_message *msg, + CK_BYTE_PTR arr, + CK_ULONG num) +{ + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); + + /* No array, no data, just length */ + if (!arr) { + p11_rpc_buffer_add_byte (msg->output, 0); + p11_rpc_buffer_add_uint32 (msg->output, num); + } else { + p11_rpc_buffer_add_byte (msg->output, 1); + p11_rpc_buffer_add_byte_array (msg->output, arr, num); + } + + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg, + CK_ULONG count) +{ + assert (msg != NULL); + assert (msg->output != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu")); + p11_rpc_buffer_add_uint32 (msg->output, count); + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_write_ulong_array (p11_rpc_message *msg, + CK_ULONG_PTR array, + CK_ULONG n_array) +{ + CK_ULONG i; + + assert (msg != NULL); + assert (msg->output != NULL); + + /* Check that we're supposed to have this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "au")); + + /* We send a byte which determines whether there's actual data present or not */ + p11_rpc_buffer_add_byte (msg->output, array ? 1 : 0); + p11_rpc_buffer_add_uint32 (msg->output, n_array); + + /* Now send the data if valid */ + if (array) { + for (i = 0; i < n_array; ++i) + p11_rpc_buffer_add_uint64 (msg->output, array[i]); + } + + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_read_version (p11_rpc_message *msg, + CK_VERSION *version) +{ + assert (msg != NULL); + assert (msg->input != NULL); + assert (version != NULL); + + /* Check that we're supposed to have this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "v")); + + return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->major) && + p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->minor); +} + +bool +p11_rpc_message_write_version (p11_rpc_message *msg, + CK_VERSION *version) +{ + assert (msg != NULL); + assert (msg->output != NULL); + assert (version != NULL); + + /* Check that we're supposed to have this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "v")); + + p11_rpc_buffer_add_byte (msg->output, version->major); + p11_rpc_buffer_add_byte (msg->output, version->minor); + + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_read_space_string (p11_rpc_message *msg, + CK_UTF8CHAR *buffer, + CK_ULONG length) +{ + const unsigned char *data; + size_t n_data; + + assert (msg != NULL); + assert (msg->input != NULL); + assert (buffer != NULL); + assert (length != 0); + + assert (!msg->signature || p11_rpc_message_verify_part (msg, "s")); + + if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) + return false; + + if (n_data != length) { + p11_message ("invalid length space padded string received: %d != %d", + (int)length, (int)n_data); + return false; + } + + memcpy (buffer, data, length); + return true; +} + +bool +p11_rpc_message_write_space_string (p11_rpc_message *msg, + CK_UTF8CHAR *data, + CK_ULONG length) +{ + assert (msg != NULL); + assert (msg->output != NULL); + assert (data != NULL); + assert (length != 0); + + assert (!msg->signature || p11_rpc_message_verify_part (msg, "s")); + + p11_rpc_buffer_add_byte_array (msg->output, data, length); + return !p11_buffer_failed (msg->output); +} + +bool +p11_rpc_message_write_zero_string (p11_rpc_message *msg, + CK_UTF8CHAR *string) +{ + assert (msg != NULL); + assert (msg->output != NULL); + assert (string != NULL); + + assert (!msg->signature || p11_rpc_message_verify_part (msg, "z")); + + p11_rpc_buffer_add_byte_array (msg->output, string, + string ? strlen ((char *)string) : 0); + return !p11_buffer_failed (msg->output); +} + +static void * +log_allocator (void *pointer, + size_t size) +{ + void *result = realloc (pointer, (size_t)size); + return_val_if_fail (!size || result != NULL, NULL); + return result; +} + +p11_buffer * +p11_rpc_buffer_new (size_t reserve) +{ + return p11_rpc_buffer_new_full (reserve, log_allocator, free); +} + +p11_buffer * +p11_rpc_buffer_new_full (size_t reserve, + void * (* frealloc) (void *data, size_t size), + void (* ffree) (void *data)) +{ + p11_buffer *buffer; + + buffer = calloc (1, sizeof (p11_buffer)); + return_val_if_fail (buffer != NULL, NULL); + + p11_buffer_init_full (buffer, NULL, 0, 0, frealloc, ffree); + if (!p11_buffer_reset (buffer, reserve)) + return_val_if_reached (NULL); + + return buffer; +} + +void +p11_rpc_buffer_free (p11_buffer *buf) +{ + if (buf == NULL) + return; + + p11_buffer_uninit (buf); + free (buf); +} + +void +p11_rpc_buffer_add_byte (p11_buffer *buf, + unsigned char value) +{ + p11_buffer_add (buf, &value, 1); +} + +int +p11_rpc_buffer_get_byte (p11_buffer *buf, + size_t *offset, + unsigned char *val) +{ + unsigned char *ptr; + if (buf->len < 1 || *offset > buf->len - 1) { + p11_buffer_fail (buf); + return 0; + } + ptr = (unsigned char *)buf->data + *offset; + if (val != NULL) + *val = *ptr; + *offset = *offset + 1; + return 1; +} + +void +p11_rpc_buffer_encode_uint16 (unsigned char* data, + uint16_t value) +{ + data[0] = (value >> 8) & 0xff; + data[1] = (value >> 0) & 0xff; +} + +uint16_t +p11_rpc_buffer_decode_uint16 (unsigned char* data) +{ + uint16_t value = data[0] << 8 | data[1]; + return value; +} + +void +p11_rpc_buffer_add_uint16 (p11_buffer *buffer, + uint16_t value) +{ + size_t offset = buffer->len; + if (!p11_buffer_append (buffer, 2)) + return_if_reached (); + p11_rpc_buffer_set_uint16 (buffer, offset, value); +} + +bool +p11_rpc_buffer_set_uint16 (p11_buffer *buffer, + size_t offset, + uint16_t value) +{ + unsigned char *ptr; + if (buffer->len < 2 || offset > buffer->len - 2) { + p11_buffer_fail (buffer); + return false; + } + ptr = (unsigned char *)buffer->data + offset; + p11_rpc_buffer_encode_uint16 (ptr, value); + return true; +} + +bool +p11_rpc_buffer_get_uint16 (p11_buffer *buf, + size_t *offset, + uint16_t *value) +{ + unsigned char *ptr; + if (buf->len < 2 || *offset > buf->len - 2) { + p11_buffer_fail (buf); + return false; + } + ptr = (unsigned char*)buf->data + *offset; + if (value != NULL) + *value = p11_rpc_buffer_decode_uint16 (ptr); + *offset = *offset + 2; + return true; +} + +void +p11_rpc_buffer_encode_uint32 (unsigned char* data, + uint32_t value) +{ + data[0] = (value >> 24) & 0xff; + data[1] = (value >> 16) & 0xff; + data[2] = (value >> 8) & 0xff; + data[3] = (value >> 0) & 0xff; +} + +uint32_t +p11_rpc_buffer_decode_uint32 (unsigned char* ptr) +{ + uint32_t val = (uint32_t) ptr[0] << 24 | ptr[1] << 16 | ptr[2] << 8 | ptr[3]; + return val; +} + +void +p11_rpc_buffer_add_uint32 (p11_buffer *buffer, + uint32_t value) +{ + size_t offset = buffer->len; + if (!p11_buffer_append (buffer, 4)) + return_val_if_reached (); + p11_rpc_buffer_set_uint32 (buffer, offset, value); +} + +bool +p11_rpc_buffer_set_uint32 (p11_buffer *buffer, + size_t offset, + uint32_t value) +{ + unsigned char *ptr; + if (buffer->len < 4 || offset > buffer->len - 4) { + p11_buffer_fail (buffer); + return false; + } + ptr = (unsigned char*)buffer->data + offset; + p11_rpc_buffer_encode_uint32 (ptr, value); + return true; +} + +bool +p11_rpc_buffer_get_uint32 (p11_buffer *buf, + size_t *offset, + uint32_t *value) +{ + unsigned char *ptr; + if (buf->len < 4 || *offset > buf->len - 4) { + p11_buffer_fail (buf); + return false; + } + ptr = (unsigned char*)buf->data + *offset; + if (value != NULL) + *value = p11_rpc_buffer_decode_uint32 (ptr); + *offset = *offset + 4; + return true; +} + +void +p11_rpc_buffer_add_uint64 (p11_buffer *buffer, + uint64_t value) +{ + p11_rpc_buffer_add_uint32 (buffer, ((value >> 32) & 0xffffffff)); + p11_rpc_buffer_add_uint32 (buffer, (value & 0xffffffff)); +} + +bool +p11_rpc_buffer_get_uint64 (p11_buffer *buf, + size_t *offset, + uint64_t *value) +{ + size_t off = *offset; + uint32_t a, b; + if (!p11_rpc_buffer_get_uint32 (buf, &off, &a) || + !p11_rpc_buffer_get_uint32 (buf, &off, &b)) + return false; + if (value != NULL) + *value = ((uint64_t)a) << 32 | b; + *offset = off; + return true; +} + +void +p11_rpc_buffer_add_byte_array (p11_buffer *buffer, + const unsigned char *data, + size_t length) +{ + if (data == NULL) { + p11_rpc_buffer_add_uint32 (buffer, 0xffffffff); + return; + } else if (length >= 0x7fffffff) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint32 (buffer, length); + p11_buffer_add (buffer, data, length); +} + +bool +p11_rpc_buffer_get_byte_array (p11_buffer *buf, + size_t *offset, + const unsigned char **data, + size_t *length) +{ + size_t off = *offset; + uint32_t len; + if (!p11_rpc_buffer_get_uint32 (buf, &off, &len)) + return false; + if (len == 0xffffffff) { + *offset = off; + if (data) + *data = NULL; + if (length) + *length = 0; + return true; + } else if (len >= 0x7fffffff) { + p11_buffer_fail (buf); + return false; + } + + if (buf->len < len || *offset > buf->len - len) { + p11_buffer_fail (buf); + return false; + } + + if (data) + *data = (unsigned char *)buf->data + off; + if (length) + *length = len; + *offset = off + len; + + return true; +} + +static p11_rpc_value_type +map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type) +{ + switch (type) { + case CKA_TOKEN: + case CKA_PRIVATE: + case CKA_TRUSTED: + case CKA_SENSITIVE: + case CKA_ENCRYPT: + case CKA_DECRYPT: + case CKA_WRAP: + case CKA_UNWRAP: + case CKA_SIGN: + case CKA_SIGN_RECOVER: + case CKA_VERIFY: + case CKA_VERIFY_RECOVER: + case CKA_DERIVE: + case CKA_EXTRACTABLE: + case CKA_LOCAL: + case CKA_NEVER_EXTRACTABLE: + case CKA_ALWAYS_SENSITIVE: + case CKA_MODIFIABLE: + case CKA_COPYABLE: + case CKA_SECONDARY_AUTH: /* Deprecated */ + case CKA_ALWAYS_AUTHENTICATE: + case CKA_WRAP_WITH_TRUSTED: + case CKA_RESET_ON_INIT: + case CKA_HAS_RESET: + case CKA_COLOR: + return P11_RPC_VALUE_BYTE; + case CKA_CLASS: + case CKA_CERTIFICATE_TYPE: + case CKA_CERTIFICATE_CATEGORY: + case CKA_JAVA_MIDP_SECURITY_DOMAIN: + case CKA_KEY_TYPE: + case CKA_MODULUS_BITS: + case CKA_PRIME_BITS: + case CKA_SUB_PRIME_BITS: + case CKA_VALUE_BITS: + case CKA_VALUE_LEN: + case CKA_KEY_GEN_MECHANISM: + case CKA_AUTH_PIN_FLAGS: /* Deprecated */ + case CKA_HW_FEATURE_TYPE: + case CKA_PIXEL_X: + case CKA_PIXEL_Y: + case CKA_RESOLUTION: + case CKA_CHAR_ROWS: + case CKA_CHAR_COLUMNS: + case CKA_BITS_PER_PIXEL: + case CKA_MECHANISM_TYPE: + return P11_RPC_VALUE_ULONG; + case CKA_WRAP_TEMPLATE: + case CKA_UNWRAP_TEMPLATE: + return P11_RPC_VALUE_ATTRIBUTE_ARRAY; + case CKA_ALLOWED_MECHANISMS: + return P11_RPC_VALUE_MECHANISM_TYPE_ARRAY; + case CKA_START_DATE: + case CKA_END_DATE: + return P11_RPC_VALUE_DATE; + default: + p11_debug ("cannot determine the type of attribute value for %lu; assuming byte array", + type); + /* fallthrough */ + case CKA_LABEL: + case CKA_APPLICATION: + case CKA_VALUE: + case CKA_OBJECT_ID: + case CKA_ISSUER: + case CKA_SERIAL_NUMBER: + case CKA_AC_ISSUER: + case CKA_OWNER: + case CKA_ATTR_TYPES: + case CKA_URL: + case CKA_HASH_OF_SUBJECT_PUBLIC_KEY: + case CKA_HASH_OF_ISSUER_PUBLIC_KEY: + case CKA_CHECK_VALUE: + case CKA_SUBJECT: + case CKA_ID: + case CKA_MODULUS: + case CKA_PUBLIC_EXPONENT: + case CKA_PRIVATE_EXPONENT: + case CKA_PRIME_1: + case CKA_PRIME_2: + case CKA_EXPONENT_1: + case CKA_EXPONENT_2: + case CKA_COEFFICIENT: + case CKA_PRIME: + case CKA_SUBPRIME: + case CKA_BASE: + case CKA_EC_PARAMS: + /* same as CKA_ECDSA_PARAMS */ + case CKA_EC_POINT: + case CKA_CHAR_SETS: + case CKA_ENCODING_METHODS: + case CKA_MIME_TYPES: + case CKA_REQUIRED_CMS_ATTRIBUTES: + case CKA_DEFAULT_CMS_ATTRIBUTES: + case CKA_SUPPORTED_CMS_ATTRIBUTES: + return P11_RPC_VALUE_BYTE_ARRAY; + } +} + +typedef struct { + p11_rpc_value_type type; + p11_rpc_value_encoder encode; + p11_rpc_value_decoder decode; +} p11_rpc_attribute_serializer; + +static p11_rpc_attribute_serializer p11_rpc_attribute_serializers[] = { + { P11_RPC_VALUE_BYTE, p11_rpc_buffer_add_byte_value, p11_rpc_buffer_get_byte_value }, + { P11_RPC_VALUE_ULONG, p11_rpc_buffer_add_ulong_value, p11_rpc_buffer_get_ulong_value }, + { P11_RPC_VALUE_ATTRIBUTE_ARRAY, p11_rpc_buffer_add_attribute_array_value, p11_rpc_buffer_get_attribute_array_value }, + { P11_RPC_VALUE_MECHANISM_TYPE_ARRAY, p11_rpc_buffer_add_mechanism_type_array_value, p11_rpc_buffer_get_mechanism_type_array_value }, + { P11_RPC_VALUE_DATE, p11_rpc_buffer_add_date_value, p11_rpc_buffer_get_date_value }, + { P11_RPC_VALUE_BYTE_ARRAY, p11_rpc_buffer_add_byte_array_value, p11_rpc_buffer_get_byte_array_value } +}; + +P11_STATIC_ASSERT(sizeof(CK_BYTE) <= sizeof(uint8_t)); + +void +p11_rpc_buffer_add_byte_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_BYTE byte_value = 0; + + /* Check if value can be converted to CK_BYTE. */ + if (value_length > sizeof (CK_BYTE)) { + p11_buffer_fail (buffer); + return; + } + if (value) + memcpy (&byte_value, value, value_length); + + p11_rpc_buffer_add_byte (buffer, byte_value); +} + +void +p11_rpc_buffer_add_ulong_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_ULONG ulong_value = 0; + + /* Check if value can be converted to CK_ULONG. */ + if (value_length > sizeof (CK_ULONG)) { + p11_buffer_fail (buffer); + return; + } + if (value) + memcpy (&ulong_value, value, value_length); + + /* Check if ulong_value can be converted to uint64_t. */ + if (ulong_value > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + + p11_rpc_buffer_add_uint64 (buffer, ulong_value); +} + +void +p11_rpc_buffer_add_attribute_array_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + const CK_ATTRIBUTE *attrs = value; + size_t count = value_length / sizeof (CK_ATTRIBUTE); + size_t i; + + /* Check if count can be converted to uint32_t. */ + if (count > UINT32_MAX) { + p11_buffer_fail (buffer); + return; + } + + /* Write the number of items */ + p11_rpc_buffer_add_uint32 (buffer, count); + + /* Actually write the attributes. */ + for (i = 0; i < count; i++) { + const CK_ATTRIBUTE *attr = &(attrs[i]); + p11_rpc_buffer_add_attribute (buffer, attr); + } +} + +void +p11_rpc_buffer_add_mechanism_type_array_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + size_t count = value_length / sizeof (CK_MECHANISM_TYPE); + + /* Check if count can be converted to uint32_t. */ + if (count > UINT32_MAX) { + p11_buffer_fail (buffer); + return; + } + + /* Write the number of items */ + p11_rpc_buffer_add_uint32 (buffer, count); + + if (value) { + const CK_MECHANISM_TYPE *mechs = value; + size_t i; + + for (i = 0; i < count; i++) { + if (mechs[i] > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint64 (buffer, mechs[i]); + } + } +} + +void +p11_rpc_buffer_add_date_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_DATE date_value; + unsigned char array[8]; + unsigned char *ptr = NULL; + + /* Check if value is empty or can be converted to CK_DATE. */ + if (value_length != 0 && value_length != sizeof (CK_DATE)) { + p11_buffer_fail (buffer); + return; + } + + if (value && value_length == sizeof (CK_DATE)) { + memcpy (&date_value, value, value_length); + memcpy (array, date_value.year, 4); + memcpy (array + 4, date_value.month, 2); + memcpy (array + 6, date_value.day, 2); + ptr = array; + } + + p11_rpc_buffer_add_byte_array (buffer, ptr, value_length); +} + +void +p11_rpc_buffer_add_byte_array_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + /* Check if value length can be converted to uint32_t, as + * p11_rpc_buffer_add_byte_array expects. */ + if (value_length > UINT32_MAX) { + p11_buffer_fail (buffer); + return; + } + + p11_rpc_buffer_add_byte_array (buffer, value, value_length); +} + +void +p11_rpc_buffer_add_attribute (p11_buffer *buffer, const CK_ATTRIBUTE *attr) +{ + unsigned char validity; + p11_rpc_attribute_serializer *serializer; + p11_rpc_value_type value_type; + + /* The attribute type */ + if (attr->type > UINT32_MAX) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint32 (buffer, attr->type); + + /* Write out the attribute validity */ + validity = (((CK_LONG)attr->ulValueLen) == -1) ? 0 : 1; + p11_rpc_buffer_add_byte (buffer, validity); + + if (!validity) + return; + + /* The attribute length */ + if (attr->ulValueLen > UINT32_MAX) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint32 (buffer, attr->ulValueLen); + + /* The attribute value */ + value_type = map_attribute_to_value_type (attr->type); + assert (value_type < ELEMS (p11_rpc_attribute_serializers)); + serializer = &p11_rpc_attribute_serializers[value_type]; + assert (serializer != NULL); + serializer->encode (buffer, attr->pValue, attr->ulValueLen); +} + +bool +p11_rpc_buffer_get_byte_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + unsigned char val; + + if (!p11_rpc_buffer_get_byte (buffer, offset, &val)) + return false; + + if (value) { + CK_BYTE byte_value = val; + memcpy (value, &byte_value, sizeof (CK_BYTE)); + } + + if (value_length) + *value_length = sizeof (CK_BYTE); + + return true; +} + +bool +p11_rpc_buffer_get_ulong_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint64_t val; + + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val)) + return false; + + if (value) { + CK_ULONG ulong_value = val; + memcpy (value, &ulong_value, sizeof (CK_ULONG)); + } + + if (value_length) + *value_length = sizeof (CK_ULONG); + + return true; +} + +bool +p11_rpc_buffer_get_attribute_array_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint32_t count, i; + CK_ATTRIBUTE *attr, temp; + + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &count)) + return false; + + if (!value) { + memset (&temp, 0, sizeof (CK_ATTRIBUTE)); + attr = &temp; + } else + attr = value; + + for (i = 0; i < count; i++) { + if (!p11_rpc_buffer_get_attribute (buffer, offset, attr)) + return false; + if (value) + attr++; + } + + if (value_length) + *value_length = count * sizeof (CK_ATTRIBUTE); + + return true; +} + +bool +p11_rpc_buffer_get_mechanism_type_array_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint32_t count, i; + CK_MECHANISM_TYPE *mech, temp; + + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &count)) + return false; + + if (!value) { + memset (&temp, 0, sizeof (CK_MECHANISM_TYPE)); + mech = &temp; + } else + mech = value; + + for (i = 0; i < count; i++) { + CK_ULONG len; + if (!p11_rpc_buffer_get_ulong_value (buffer, offset, mech, &len)) + return false; + if (value) + mech++; + } + + if (value_length) + *value_length = count * sizeof (CK_MECHANISM_TYPE); + + return true; +} + +bool +p11_rpc_buffer_get_date_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + CK_DATE date_value; + const unsigned char *array; + size_t array_length; + + /* The encoded date may be empty. */ + if (!p11_rpc_buffer_get_byte_array (buffer, offset, + &array, &array_length) || + (array_length != 0 && array_length != sizeof (CK_DATE))) + return false; + + if (value && array_length == sizeof (CK_DATE)) { + memcpy (date_value.year, array, 4); + memcpy (date_value.month, array + 4, 2); + memcpy (date_value.day, array + 6, 2); + memcpy (value, &date_value, sizeof (CK_DATE)); + } + + if (value_length) + *value_length = array_length; + + return true; +} + +bool +p11_rpc_buffer_get_byte_array_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + const unsigned char *val; + size_t len; + + if (!p11_rpc_buffer_get_byte_array (buffer, offset, &val, &len)) + return false; + + if (val && value) + memcpy (value, val, len); + + if (value_length) + *value_length = len; + + return true; +} + +bool +p11_rpc_buffer_get_attribute (p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr) +{ + uint32_t type, length; + unsigned char validity; + p11_rpc_attribute_serializer *serializer; + p11_rpc_value_type value_type; + + /* The attribute type */ + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &type)) + return false; + + /* Attribute validity */ + if (!p11_rpc_buffer_get_byte (buffer, offset, &validity)) + return false; + + /* Not a valid attribute */ + if (!validity) { + attr->ulValueLen = ((CK_ULONG)-1); + attr->type = type; + return true; + } + + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &length)) + return false; + + /* Decode the attribute value */ + value_type = map_attribute_to_value_type (type); + assert (value_type < ELEMS (p11_rpc_attribute_serializers)); + serializer = &p11_rpc_attribute_serializers[value_type]; + assert (serializer != NULL); + if (!serializer->decode (buffer, offset, attr->pValue, &attr->ulValueLen)) + return false; + if (!attr->pValue) + attr->ulValueLen = length; + attr->type = type; + return true; +} + +/* Used to override the supported mechanisms in tests */ +CK_MECHANISM_TYPE *p11_rpc_mechanisms_override_supported = NULL; + +typedef struct { + CK_MECHANISM_TYPE type; + p11_rpc_value_encoder encode; + p11_rpc_value_decoder decode; +} p11_rpc_mechanism_serializer; + +void +p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_RSA_PKCS_PSS_PARAMS params; + + /* Check if value can be converted to CK_RSA_PKCS_PSS_PARAMS. */ + if (value_length != sizeof (CK_RSA_PKCS_PSS_PARAMS)) { + p11_buffer_fail (buffer); + return; + } + + memcpy (¶ms, value, value_length); + + /* Check if params.hashAlg, params.mgf, and params.sLen can be + * converted to uint64_t. */ + if (params.hashAlg > UINT64_MAX || params.mgf > UINT64_MAX || + params.sLen > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + + p11_rpc_buffer_add_uint64 (buffer, params.hashAlg); + p11_rpc_buffer_add_uint64 (buffer, params.mgf); + p11_rpc_buffer_add_uint64 (buffer, params.sLen); +} + +bool +p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint64_t val[3]; + + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val[0])) + return false; + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val[1])) + return false; + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val[2])) + return false; + + if (value) { + CK_RSA_PKCS_PSS_PARAMS params; + + params.hashAlg = val[0]; + params.mgf = val[1]; + params.sLen = val[2]; + + memcpy (value, ¶ms, sizeof (CK_RSA_PKCS_PSS_PARAMS)); + } + + if (value_length) + *value_length = sizeof (CK_RSA_PKCS_PSS_PARAMS); + + return true; +} + +void +p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_RSA_PKCS_OAEP_PARAMS params; + + /* Check if value can be converted to CK_RSA_PKCS_OAEP_PARAMS. */ + if (value_length != sizeof (CK_RSA_PKCS_OAEP_PARAMS)) { + p11_buffer_fail (buffer); + return; + } + + memcpy (¶ms, value, value_length); + + /* Check if params.hashAlg, params.mgf, and params.source can be + * converted to uint64_t. */ + if (params.hashAlg > UINT64_MAX || params.mgf > UINT64_MAX || + params.source > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + + p11_rpc_buffer_add_uint64 (buffer, params.hashAlg); + p11_rpc_buffer_add_uint64 (buffer, params.mgf); + p11_rpc_buffer_add_uint64 (buffer, params.source); + + /* parmas.pSourceData can only be an array of CK_BYTE or + * NULL */ + p11_rpc_buffer_add_byte_array (buffer, + (unsigned char *)params.pSourceData, + params.ulSourceDataLen); +} + +bool +p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint64_t val[3]; + const unsigned char *data; + size_t len; + + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val[0])) + return false; + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val[1])) + return false; + if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val[2])) + return false; + if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data, &len)) + return false; + + if (value) { + CK_RSA_PKCS_OAEP_PARAMS params; + + params.hashAlg = val[0]; + params.mgf = val[1]; + params.source = val[2]; + params.pSourceData = (void *) data; + params.ulSourceDataLen = len; + + memcpy (value, ¶ms, sizeof (CK_RSA_PKCS_OAEP_PARAMS)); + } + + if (value_length) + *value_length = sizeof (CK_RSA_PKCS_OAEP_PARAMS); + + return true; +} + +static p11_rpc_mechanism_serializer p11_rpc_mechanism_serializers[] = { + { CKM_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, + { CKM_RSA_PKCS_OAEP, p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value } +}; + +static p11_rpc_mechanism_serializer p11_rpc_byte_array_mechanism_serializer = { + 0, p11_rpc_buffer_add_byte_array_value, p11_rpc_buffer_get_byte_array_value +}; + +static bool +mechanism_has_sane_parameters (CK_MECHANISM_TYPE type) +{ + int i; + + /* This can be set from tests, to override default set of supported */ + if (p11_rpc_mechanisms_override_supported) { + for (i = 0; p11_rpc_mechanisms_override_supported[i] != 0; i++) { + if (p11_rpc_mechanisms_override_supported[i] == type) + return true; + } + + return false; + } + + for (i = 0; i < ELEMS(p11_rpc_mechanism_serializers); i++) { + if (p11_rpc_mechanism_serializers[i].type == type) + return true; + } + + return false; +} + +static bool +mechanism_has_no_parameters (CK_MECHANISM_TYPE mech) +{ + /* This list is incomplete */ + + switch (mech) { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + case CKM_RSA_X9_31_KEY_PAIR_GEN: + case CKM_RSA_PKCS: + case CKM_RSA_9796: + case CKM_RSA_X_509: + case CKM_RSA_X9_31: + case CKM_MD2_RSA_PKCS: + case CKM_MD5_RSA_PKCS: + case CKM_SHA1_RSA_PKCS: + case CKM_SHA256_RSA_PKCS: + case CKM_SHA384_RSA_PKCS: + case CKM_SHA512_RSA_PKCS: + case CKM_RIPEMD128_RSA_PKCS: + case CKM_RIPEMD160_RSA_PKCS: + case CKM_SHA1_RSA_X9_31: + case CKM_DSA_KEY_PAIR_GEN: + case CKM_DSA_PARAMETER_GEN: + case CKM_DSA: + case CKM_DSA_SHA1: + case CKM_FORTEZZA_TIMESTAMP: + case CKM_EC_KEY_PAIR_GEN: + case CKM_ECDSA: + case CKM_ECDSA_SHA1: + case CKM_DH_PKCS_KEY_PAIR_GEN: + case CKM_DH_PKCS_PARAMETER_GEN: + case CKM_X9_42_DH_KEY_PAIR_GEN: + case CKM_X9_42_DH_PARAMETER_GEN: + case CKM_KEA_KEY_PAIR_GEN: + case CKM_GENERIC_SECRET_KEY_GEN: + case CKM_RC2_KEY_GEN: + case CKM_RC4_KEY_GEN: + case CKM_RC4: + case CKM_RC5_KEY_GEN: + case CKM_AES_KEY_GEN: + case CKM_AES_ECB: + case CKM_AES_MAC: + case CKM_DES_KEY_GEN: + case CKM_DES2_KEY_GEN: + case CKM_DES3_KEY_GEN: + case CKM_CDMF_KEY_GEN: + case CKM_CAST_KEY_GEN: + case CKM_CAST3_KEY_GEN: + case CKM_CAST128_KEY_GEN: + case CKM_IDEA_KEY_GEN: + case CKM_SSL3_PRE_MASTER_KEY_GEN: + case CKM_TLS_PRE_MASTER_KEY_GEN: + case CKM_SKIPJACK_KEY_GEN: + case CKM_BATON_KEY_GEN: + case CKM_JUNIPER_KEY_GEN: + case CKM_RC2_ECB: + case CKM_DES_ECB: + case CKM_DES3_ECB: + case CKM_CDMF_ECB: + case CKM_CAST_ECB: + case CKM_CAST3_ECB: + case CKM_CAST128_ECB: + case CKM_RC5_ECB: + case CKM_IDEA_ECB: + case CKM_RC2_MAC: + case CKM_DES_MAC: + case CKM_DES3_MAC: + case CKM_CDMF_MAC: + case CKM_CAST_MAC: + case CKM_CAST3_MAC: + case CKM_RC5_MAC: + case CKM_IDEA_MAC: + case CKM_SSL3_MD5_MAC: + case CKM_SSL3_SHA1_MAC: + case CKM_SKIPJACK_WRAP: + case CKM_BATON_WRAP: + case CKM_JUNIPER_WRAP: + case CKM_MD2: + case CKM_MD2_HMAC: + case CKM_MD5: + case CKM_MD5_HMAC: + case CKM_SHA_1: + case CKM_SHA_1_HMAC: + case CKM_SHA256: + case CKM_SHA256_HMAC: + case CKM_SHA384: + case CKM_SHA384_HMAC: + case CKM_SHA512: + case CKM_SHA512_HMAC: + case CKM_FASTHASH: + case CKM_RIPEMD128: + case CKM_RIPEMD128_HMAC: + case CKM_RIPEMD160: + case CKM_RIPEMD160_HMAC: + case CKM_KEY_WRAP_LYNKS: + return true; + default: + return false; + }; +} + +bool +p11_rpc_mechanism_is_supported (CK_MECHANISM_TYPE mech) +{ + if (mechanism_has_no_parameters (mech) || + mechanism_has_sane_parameters (mech)) + return true; + return false; +} + +void +p11_rpc_buffer_add_mechanism (p11_buffer *buffer, const CK_MECHANISM *mech) +{ + p11_rpc_mechanism_serializer *serializer = NULL; + size_t i; + + /* The mechanism type */ + p11_rpc_buffer_add_uint32 (buffer, mech->mechanism); + + if (mechanism_has_no_parameters (mech->mechanism)) { + p11_rpc_buffer_add_byte_array (buffer, NULL, 0); + return; + } + + assert (mechanism_has_sane_parameters (mech->mechanism)); + + for (i = 0; i < ELEMS (p11_rpc_mechanism_serializers); i++) { + if (p11_rpc_mechanism_serializers[i].type == mech->mechanism) { + serializer = &p11_rpc_mechanism_serializers[i]; + break; + } + } + + if (serializer == NULL) + serializer = &p11_rpc_byte_array_mechanism_serializer; + + serializer->encode (buffer, mech->pParameter, mech->ulParameterLen); +} + +bool +p11_rpc_buffer_get_mechanism (p11_buffer *buffer, + size_t *offset, + CK_MECHANISM *mech) +{ + uint32_t mechanism; + p11_rpc_mechanism_serializer *serializer = NULL; + size_t i; + + /* The mechanism type */ + if (!p11_rpc_buffer_get_uint32 (buffer, offset, &mechanism)) + return false; + + mech->mechanism = mechanism; + + for (i = 0; i < ELEMS (p11_rpc_mechanism_serializers); i++) { + if (p11_rpc_mechanism_serializers[i].type == mech->mechanism) { + serializer = &p11_rpc_mechanism_serializers[i]; + break; + } + } + + if (serializer == NULL) + serializer = &p11_rpc_byte_array_mechanism_serializer; + + if (!serializer->decode (buffer, offset, + mech->pParameter, &mech->ulParameterLen)) + return false; + + return true; +} diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h new file mode 100644 index 0000000..989bbc0 --- /dev/null +++ b/p11-kit/rpc-message.h @@ -0,0 +1,478 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef _RPC_MESSAGE_H +#define _RPC_MESSAGE_H + +#include +#include +#include + +#include "buffer.h" +#include "pkcs11.h" + +/* The calls, must be in sync with array below */ +enum { + P11_RPC_CALL_ERROR = 0, + + P11_RPC_CALL_C_Initialize, + P11_RPC_CALL_C_Finalize, + P11_RPC_CALL_C_GetInfo, + P11_RPC_CALL_C_GetSlotList, + P11_RPC_CALL_C_GetSlotInfo, + P11_RPC_CALL_C_GetTokenInfo, + P11_RPC_CALL_C_GetMechanismList, + P11_RPC_CALL_C_GetMechanismInfo, + P11_RPC_CALL_C_InitToken, + P11_RPC_CALL_C_OpenSession, + P11_RPC_CALL_C_CloseSession, + P11_RPC_CALL_C_CloseAllSessions, + P11_RPC_CALL_C_GetSessionInfo, + P11_RPC_CALL_C_InitPIN, + P11_RPC_CALL_C_SetPIN, + P11_RPC_CALL_C_GetOperationState, + P11_RPC_CALL_C_SetOperationState, + P11_RPC_CALL_C_Login, + P11_RPC_CALL_C_Logout, + P11_RPC_CALL_C_CreateObject, + P11_RPC_CALL_C_CopyObject, + P11_RPC_CALL_C_DestroyObject, + P11_RPC_CALL_C_GetObjectSize, + P11_RPC_CALL_C_GetAttributeValue, + P11_RPC_CALL_C_SetAttributeValue, + P11_RPC_CALL_C_FindObjectsInit, + P11_RPC_CALL_C_FindObjects, + P11_RPC_CALL_C_FindObjectsFinal, + P11_RPC_CALL_C_EncryptInit, + P11_RPC_CALL_C_Encrypt, + P11_RPC_CALL_C_EncryptUpdate, + P11_RPC_CALL_C_EncryptFinal, + P11_RPC_CALL_C_DecryptInit, + P11_RPC_CALL_C_Decrypt, + P11_RPC_CALL_C_DecryptUpdate, + P11_RPC_CALL_C_DecryptFinal, + P11_RPC_CALL_C_DigestInit, + P11_RPC_CALL_C_Digest, + P11_RPC_CALL_C_DigestUpdate, + P11_RPC_CALL_C_DigestKey, + P11_RPC_CALL_C_DigestFinal, + P11_RPC_CALL_C_SignInit, + P11_RPC_CALL_C_Sign, + P11_RPC_CALL_C_SignUpdate, + P11_RPC_CALL_C_SignFinal, + P11_RPC_CALL_C_SignRecoverInit, + P11_RPC_CALL_C_SignRecover, + P11_RPC_CALL_C_VerifyInit, + P11_RPC_CALL_C_Verify, + P11_RPC_CALL_C_VerifyUpdate, + P11_RPC_CALL_C_VerifyFinal, + P11_RPC_CALL_C_VerifyRecoverInit, + P11_RPC_CALL_C_VerifyRecover, + P11_RPC_CALL_C_DigestEncryptUpdate, + P11_RPC_CALL_C_DecryptDigestUpdate, + P11_RPC_CALL_C_SignEncryptUpdate, + P11_RPC_CALL_C_DecryptVerifyUpdate, + P11_RPC_CALL_C_GenerateKey, + P11_RPC_CALL_C_GenerateKeyPair, + P11_RPC_CALL_C_WrapKey, + P11_RPC_CALL_C_UnwrapKey, + P11_RPC_CALL_C_DeriveKey, + P11_RPC_CALL_C_SeedRandom, + P11_RPC_CALL_C_GenerateRandom, + P11_RPC_CALL_C_WaitForSlotEvent, + + P11_RPC_CALL_MAX +}; + +typedef struct { + int call_id; + const char* name; + const char* request; + const char* response; +} p11_rpc_call; + +/* + * a_ = prefix denotes array of _ + * A = CK_ATTRIBUTE + * f_ = prefix denotes buffer for _ + * M = CK_MECHANISM + * u = CK_ULONG + * s = space padded string + * v = CK_VERSION + * y = CK_BYTE + * z = null terminated string + */ + +static const p11_rpc_call p11_rpc_calls[] = { + { P11_RPC_CALL_ERROR, "ERROR", NULL, "u" }, + { P11_RPC_CALL_C_Initialize, "C_Initialize", "ayyay", "" }, + { P11_RPC_CALL_C_Finalize, "C_Finalize", "", "" }, + { P11_RPC_CALL_C_GetInfo, "C_GetInfo", "", "vsusv" }, + { P11_RPC_CALL_C_GetSlotList, "C_GetSlotList", "yfu", "au" }, + { P11_RPC_CALL_C_GetSlotInfo, "C_GetSlotInfo", "u", "ssuvv" }, + { P11_RPC_CALL_C_GetTokenInfo, "C_GetTokenInfo", "u", "ssssuuuuuuuuuuuvvs" }, + { P11_RPC_CALL_C_GetMechanismList, "C_GetMechanismList", "ufu", "au" }, + { P11_RPC_CALL_C_GetMechanismInfo, "C_GetMechanismInfo", "uu", "uuu" }, + { P11_RPC_CALL_C_InitToken, "C_InitToken", "uayz", "" }, + { P11_RPC_CALL_C_OpenSession, "C_OpenSession", "uu", "u" }, + { P11_RPC_CALL_C_CloseSession, "C_CloseSession", "u", "" }, + { P11_RPC_CALL_C_CloseAllSessions, "C_CloseAllSessions", "u", "" }, + { P11_RPC_CALL_C_GetSessionInfo, "C_GetSessionInfo", "u", "uuuu" }, + { P11_RPC_CALL_C_InitPIN, "C_InitPIN", "uay", "" }, + { P11_RPC_CALL_C_SetPIN, "C_SetPIN", "uayay", "" }, + { P11_RPC_CALL_C_GetOperationState, "C_GetOperationState", "ufy", "ay" }, + { P11_RPC_CALL_C_SetOperationState, "C_SetOperationState", "uayuu", "" }, + { P11_RPC_CALL_C_Login, "C_Login", "uuay", "" }, + { P11_RPC_CALL_C_Logout, "C_Logout", "u", "" }, + { P11_RPC_CALL_C_CreateObject, "C_CreateObject", "uaA", "u" }, + { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uuaA", "u" }, + { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "uu", "" }, + { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "uu", "u" }, + { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uufA", "aAu" }, + { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uuaA", "" }, + { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "uaA", "" }, + { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "ufu", "au" }, + { P11_RPC_CALL_C_FindObjectsFinal, "C_FindObjectsFinal", "u", "" }, + { P11_RPC_CALL_C_EncryptInit, "C_EncryptInit", "uMu", "" }, + { P11_RPC_CALL_C_Encrypt, "C_Encrypt", "uayfy", "ay" }, + { P11_RPC_CALL_C_EncryptUpdate, "C_EncryptUpdate", "uayfy", "ay" }, + { P11_RPC_CALL_C_EncryptFinal, "C_EncryptFinal", "ufy", "ay" }, + { P11_RPC_CALL_C_DecryptInit, "C_DecryptInit", "uMu", "" }, + { P11_RPC_CALL_C_Decrypt, "C_Decrypt", "uayfy", "ay" }, + { P11_RPC_CALL_C_DecryptUpdate, "C_DecryptUpdate", "uayfy", "ay" }, + { P11_RPC_CALL_C_DecryptFinal, "C_DecryptFinal", "ufy", "ay" }, + { P11_RPC_CALL_C_DigestInit, "C_DigestInit", "uM", "" }, + { P11_RPC_CALL_C_Digest, "C_Digest", "uayfy", "ay" }, + { P11_RPC_CALL_C_DigestUpdate, "C_DigestUpdate", "uay", "" }, + { P11_RPC_CALL_C_DigestKey, "C_DigestKey", "uu", "" }, + { P11_RPC_CALL_C_DigestFinal, "C_DigestFinal", "ufy", "ay" }, + { P11_RPC_CALL_C_SignInit, "C_SignInit", "uMu", "" }, + { P11_RPC_CALL_C_Sign, "C_Sign", "uayfy", "ay" }, + { P11_RPC_CALL_C_SignUpdate, "C_SignUpdate", "uay", "" }, + { P11_RPC_CALL_C_SignFinal, "C_SignFinal", "ufy", "ay" }, + { P11_RPC_CALL_C_SignRecoverInit, "C_SignRecoverInit", "uMu", "" }, + { P11_RPC_CALL_C_SignRecover, "C_SignRecover", "uayfy", "ay" }, + { P11_RPC_CALL_C_VerifyInit, "C_VerifyInit", "uMu", "" }, + { P11_RPC_CALL_C_Verify, "C_Verify", "uayay", "" }, + { P11_RPC_CALL_C_VerifyUpdate, "C_VerifyUpdate", "uay", "" }, + { P11_RPC_CALL_C_VerifyFinal, "C_VerifyFinal", "uay", "" }, + { P11_RPC_CALL_C_VerifyRecoverInit, "C_VerifyRecoverInit", "uMu", "" }, + { P11_RPC_CALL_C_VerifyRecover, "C_VerifyRecover", "uayfy", "ay" }, + { P11_RPC_CALL_C_DigestEncryptUpdate, "C_DigestEncryptUpdate", "uayfy", "ay" }, + { P11_RPC_CALL_C_DecryptDigestUpdate, "C_DecryptDigestUpdate", "uayfy", "ay" }, + { P11_RPC_CALL_C_SignEncryptUpdate, "C_SignEncryptUpdate", "uayfy", "ay" }, + { P11_RPC_CALL_C_DecryptVerifyUpdate, "C_DecryptVerifyUpdate", "uayfy", "ay" }, + { P11_RPC_CALL_C_GenerateKey, "C_GenerateKey", "uMaA", "u" }, + { P11_RPC_CALL_C_GenerateKeyPair, "C_GenerateKeyPair", "uMaAaA", "uu" }, + { P11_RPC_CALL_C_WrapKey, "C_WrapKey", "uMuufy", "ay" }, + { P11_RPC_CALL_C_UnwrapKey, "C_UnwrapKey", "uMuayaA", "u" }, + { P11_RPC_CALL_C_DeriveKey, "C_DeriveKey", "uMuaA", "u" }, + { P11_RPC_CALL_C_SeedRandom, "C_SeedRandom", "uay", "" }, + { P11_RPC_CALL_C_GenerateRandom, "C_GenerateRandom", "ufy", "ay" }, + { P11_RPC_CALL_C_WaitForSlotEvent, "C_WaitForSlotEvent", "u", "u" }, +}; + +#ifdef _DEBUG +#define P11_RPC_CHECK_CALLS() \ + { int i; for (i = 0; i < P11_RPC_CALL_MAX; ++i) assert (p11_rpc_calls[i].call_id == i); } +#else +#define P11_RPC_CHECK_CALLS() +#endif + +#define P11_RPC_HANDSHAKE \ + ((unsigned char *)"PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1") +#define P11_RPC_HANDSHAKE_LEN \ + (strlen ((char *)P11_RPC_HANDSHAKE)) + +typedef enum _p11_rpc_value_type { + P11_RPC_VALUE_BYTE = 0, + P11_RPC_VALUE_ULONG, + P11_RPC_VALUE_ATTRIBUTE_ARRAY, + P11_RPC_VALUE_MECHANISM_TYPE_ARRAY, + P11_RPC_VALUE_DATE, + P11_RPC_VALUE_BYTE_ARRAY +} p11_rpc_value_type; + +typedef void (*p11_rpc_value_encoder) (p11_buffer *, const void *, CK_ULONG); +typedef bool (*p11_rpc_value_decoder) (p11_buffer *, size_t *, void *, CK_ULONG *); + +typedef enum _p11_rpc_message_type { + P11_RPC_REQUEST = 1, + P11_RPC_RESPONSE +} p11_rpc_message_type; + +typedef struct { + int call_id; + p11_rpc_message_type call_type; + const char *signature; + p11_buffer *input; + p11_buffer *output; + size_t parsed; + const char *sigverify; + void *extra; +} p11_rpc_message; + +void p11_rpc_message_init (p11_rpc_message *msg, + p11_buffer *input, + p11_buffer *output); + +void p11_rpc_message_clear (p11_rpc_message *msg); + +#define p11_rpc_message_is_verified(msg) (!(msg)->sigverify || (msg)->sigverify[0] == 0) + +void * p11_rpc_message_alloc_extra (p11_rpc_message *msg, + size_t length); + +bool p11_rpc_message_prep (p11_rpc_message *msg, + int call_id, + p11_rpc_message_type type); + +bool p11_rpc_message_parse (p11_rpc_message *msg, + p11_rpc_message_type type); + +bool p11_rpc_message_verify_part (p11_rpc_message *msg, + const char* part); + +bool p11_rpc_message_write_byte (p11_rpc_message *msg, + CK_BYTE val); + +bool p11_rpc_message_write_ulong (p11_rpc_message *msg, + CK_ULONG val); + +bool p11_rpc_message_write_zero_string (p11_rpc_message *msg, + CK_UTF8CHAR *string); + +bool p11_rpc_message_write_space_string (p11_rpc_message *msg, + CK_UTF8CHAR *buffer, + CK_ULONG length); + +bool p11_rpc_message_write_byte_buffer (p11_rpc_message *msg, + CK_ULONG count); + +bool p11_rpc_message_write_byte_array (p11_rpc_message *msg, + CK_BYTE_PTR arr, + CK_ULONG num); + +bool p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg, + CK_ULONG count); + +bool p11_rpc_message_write_ulong_array (p11_rpc_message *msg, + CK_ULONG_PTR arr, + CK_ULONG num); + +bool p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num); + +bool p11_rpc_message_write_attribute_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR arr, + CK_ULONG num); + +bool p11_rpc_message_write_version (p11_rpc_message *msg, + CK_VERSION* version); + +bool p11_rpc_message_read_byte (p11_rpc_message *msg, + CK_BYTE* val); + +bool p11_rpc_message_read_ulong (p11_rpc_message *msg, + CK_ULONG* val); + +bool p11_rpc_message_read_space_string (p11_rpc_message *msg, + CK_UTF8CHAR* buffer, + CK_ULONG length); + +bool p11_rpc_message_read_version (p11_rpc_message *msg, + CK_VERSION* version); + +p11_buffer * p11_rpc_buffer_new (size_t reserve); + +p11_buffer * p11_rpc_buffer_new_full (size_t reserve, + void * (* frealloc) (void *data, size_t size), + void (* ffree) (void *data)); + +void p11_rpc_buffer_free (p11_buffer *buf); + +void p11_rpc_buffer_add_byte (p11_buffer *buf, + unsigned char value); + +int p11_rpc_buffer_get_byte (p11_buffer *buf, + size_t *offset, + unsigned char *val); + +void p11_rpc_buffer_encode_uint32 (unsigned char *data, + uint32_t value); + +uint32_t p11_rpc_buffer_decode_uint32 (unsigned char *data); + +void p11_rpc_buffer_add_uint32 (p11_buffer *buffer, + uint32_t value); + +bool p11_rpc_buffer_set_uint32 (p11_buffer *buffer, + size_t offset, + uint32_t value); + +bool p11_rpc_buffer_get_uint32 (p11_buffer *buf, + size_t *offset, + uint32_t *value); + +void p11_rpc_buffer_encode_uint16 (unsigned char *data, + uint16_t value); + +uint16_t p11_rpc_buffer_decode_uint16 (unsigned char *data); + +void p11_rpc_buffer_add_uint16 (p11_buffer *buffer, + uint16_t val); + +bool p11_rpc_buffer_set_uint16 (p11_buffer *buffer, + size_t offset, + uint16_t val); + +bool p11_rpc_buffer_get_uint16 (p11_buffer *buf, + size_t *offset, + uint16_t *val); + +void p11_rpc_buffer_add_byte_array (p11_buffer *buffer, + const unsigned char *val, + size_t len); + +bool p11_rpc_buffer_get_byte_array (p11_buffer *buf, + size_t *offset, + const unsigned char **val, + size_t *vlen); + +void p11_rpc_buffer_add_uint64 (p11_buffer *buffer, + uint64_t val); + +bool p11_rpc_buffer_get_uint64 (p11_buffer *buf, + size_t *offset, + uint64_t *val); + +void p11_rpc_buffer_add_attribute (p11_buffer *buffer, + const CK_ATTRIBUTE *attr); + +bool p11_rpc_buffer_get_attribute (p11_buffer *buffer, + size_t *offset, + CK_ATTRIBUTE *attr); + +void p11_rpc_buffer_add_byte_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_byte_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_ulong_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_ulong_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_attribute_array_value + (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_attribute_array_value + (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_mechanism_type_array_value + (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_mechanism_type_array_value + (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_date_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_date_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_byte_array_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_byte_array_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +bool p11_rpc_mechanism_is_supported (CK_MECHANISM_TYPE mech); + +void p11_rpc_buffer_add_mechanism (p11_buffer *buffer, + const CK_MECHANISM *mech); + +bool p11_rpc_buffer_get_mechanism (p11_buffer *buffer, + size_t *offset, + CK_MECHANISM *mech); + +void p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value + (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value + (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_rsa_pkcs_oaep_mechanism_value + (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_rsa_pkcs_oaep_mechanism_value + (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +#endif /* _RPC_MESSAGE_H */ diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c new file mode 100644 index 0000000..846ee94 --- /dev/null +++ b/p11-kit/rpc-server.c @@ -0,0 +1,2299 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "conf.h" +#define P11_DEBUG_FLAG P11_DEBUG_RPC +#include "debug.h" +#include "filter.h" +#include "iter.h" +#include "pkcs11.h" +#include "library.h" +#include "private.h" +#include "message.h" +#include "proxy.h" +#include "remote.h" +#include "rpc.h" +#include "rpc-message.h" +#include "uri.h" + +#include +#include +#include +#include +#include +#include +#include + +/* The error returned on protocol failures */ +#define PARSE_ERROR CKR_DEVICE_ERROR +#define PREP_ERROR CKR_DEVICE_MEMORY + +static CK_RV +proto_read_byte_buffer (p11_rpc_message *msg, + CK_BYTE_PTR *buffer, + CK_ULONG *n_buffer) +{ + uint32_t length; + + assert (msg != NULL); + assert (buffer != NULL); + assert (n_buffer != NULL); + assert (msg->input != NULL); + + /* Check that we're supposed to be reading this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy")); + + /* The number of ulongs there's room for on the other end */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) + return PARSE_ERROR; + + *n_buffer = length; + *buffer = NULL; + + /* If set to zero, then they just want the length */ + if (length == 0) + return CKR_OK; + + *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_BYTE)); + if (*buffer == NULL) + return CKR_DEVICE_MEMORY; + + return CKR_OK; +} + +static CK_RV +proto_read_byte_array (p11_rpc_message *msg, + CK_BYTE_PTR *array, + CK_ULONG *n_array) +{ + const unsigned char *data; + unsigned char valid; + size_t n_data; + + assert (msg != NULL); + assert (msg->input != NULL); + + /* Check that we're supposed to have this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay")); + + /* Read out the byte which says whether data is present or not */ + if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid)) + return PARSE_ERROR; + + if (!valid) { + *array = NULL; + *n_array = 0; + return CKR_OK; + } + + /* Point our arguments into the buffer */ + if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) + return PARSE_ERROR; + + *array = (CK_BYTE_PTR)data; + *n_array = n_data; + return CKR_OK; +} + +static CK_RV +proto_write_byte_array (p11_rpc_message *msg, + CK_BYTE_PTR array, + CK_ULONG len, + CK_RV ret) +{ + assert (msg != NULL); + + /* + * When returning an byte array, in many cases we need to pass + * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL. + */ + + switch (ret) { + case CKR_BUFFER_TOO_SMALL: + array = NULL; + /* fall through */ + case CKR_OK: + break; + + /* Pass all other errors straight through */ + default: + return ret; + }; + + if (!p11_rpc_message_write_byte_array (msg, array, len)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_ulong_buffer (p11_rpc_message *msg, + CK_ULONG_PTR *buffer, + CK_ULONG *n_buffer) +{ + uint32_t length; + + assert (msg != NULL); + assert (buffer != NULL); + assert (n_buffer != NULL); + assert (msg->input != NULL); + + /* Check that we're supposed to be reading this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu")); + + /* The number of ulongs there's room for on the other end */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length)) + return PARSE_ERROR; + + *n_buffer = length; + *buffer = NULL; + + /* If set to zero, then they just want the length */ + if (length == 0) + return CKR_OK; + + *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_ULONG)); + if (!*buffer) + return CKR_DEVICE_MEMORY; + + return CKR_OK; +} + +static CK_RV +proto_write_ulong_array (p11_rpc_message *msg, + CK_ULONG_PTR array, + CK_ULONG len, + CK_RV ret) +{ + assert (msg != NULL); + + /* + * When returning an ulong array, in many cases we need to pass + * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL. + */ + + switch (ret) { + case CKR_BUFFER_TOO_SMALL: + array = NULL; + /* fall through */ + case CKR_OK: + break; + + /* Pass all other errors straight through */ + default: + return ret; + }; + + if (!p11_rpc_message_write_ulong_array (msg, array, len)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_attribute_buffer (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR *result, + CK_ULONG *n_result) +{ + CK_ATTRIBUTE_PTR attrs; + uint32_t n_attrs, i; + uint32_t value; + + assert (msg != NULL); + assert (result != NULL); + assert (n_result != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA")); + + /* Read the number of attributes */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) + return PARSE_ERROR; + + /* Allocate memory for the attribute structures */ + attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE)); + if (attrs == NULL) + return CKR_DEVICE_MEMORY; + + /* Now go through and fill in each one */ + for (i = 0; i < n_attrs; ++i) { + + /* The attribute type */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) + return PARSE_ERROR; + + attrs[i].type = value; + + /* The number of bytes to allocate */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value)) + return PARSE_ERROR; + + if (value == 0) { + attrs[i].pValue = NULL; + attrs[i].ulValueLen = 0; + } else { + attrs[i].pValue = p11_rpc_message_alloc_extra (msg, value); + if (!attrs[i].pValue) + return CKR_DEVICE_MEMORY; + attrs[i].ulValueLen = value; + } + } + + *result = attrs; + *n_result = n_attrs; + return CKR_OK; +} + +static CK_RV +proto_read_attribute_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR *result, + CK_ULONG *n_result) +{ + CK_ATTRIBUTE_PTR attrs; + uint32_t n_attrs, i; + + assert (msg != NULL); + assert (result != NULL); + assert (n_result != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA")); + + /* Read the number of attributes */ + if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs)) + return PARSE_ERROR; + + /* Allocate memory for the attribute structures */ + attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE)); + if (attrs == NULL) + return CKR_DEVICE_MEMORY; + + /* Now go through and fill in each one */ + for (i = 0; i < n_attrs; ++i) { + size_t offset = msg->parsed; + CK_ATTRIBUTE temp; + + /* Check the length needed to store the value */ + memset (&temp, 0, sizeof (temp)); + if (!p11_rpc_buffer_get_attribute (msg->input, &offset, &temp)) { + msg->parsed = offset; + return PARSE_ERROR; + } + + attrs[i].type = temp.type; + + /* Whether this one is valid or not */ + if (temp.ulValueLen != ((CK_ULONG)-1)) { + size_t offset2 = msg->parsed; + attrs[i].pValue = p11_rpc_message_alloc_extra (msg, temp.ulValueLen); + if (!p11_rpc_buffer_get_attribute (msg->input, &offset2, &attrs[i])) { + msg->parsed = offset2; + return PARSE_ERROR; + } + } else { + attrs[i].pValue = NULL; + attrs[i].ulValueLen = -1; + } + + msg->parsed = offset; + } + + *result = attrs; + *n_result = n_attrs; + return CKR_OK; +} + +static CK_RV +proto_write_attribute_array (p11_rpc_message *msg, + CK_ATTRIBUTE_PTR array, + CK_ULONG len, + CK_RV ret) +{ + assert (msg != NULL); + + /* + * When returning an attribute array, certain errors aren't + * actually real errors, these are passed through to the other + * side along with the attribute array. + */ + + switch (ret) { + case CKR_ATTRIBUTE_SENSITIVE: + case CKR_ATTRIBUTE_TYPE_INVALID: + case CKR_BUFFER_TOO_SMALL: + case CKR_OK: + break; + + /* Pass all other errors straight through */ + default: + return ret; + }; + + if (!p11_rpc_message_write_attribute_array (msg, array, len) || + !p11_rpc_message_write_ulong (msg, ret)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_read_null_string (p11_rpc_message *msg, + CK_UTF8CHAR_PTR *val) +{ + const unsigned char *data; + size_t n_data; + + assert (msg != NULL); + assert (val != NULL); + assert (msg->input != NULL); + + /* Check that we're supposed to have this at this point */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "z")); + + if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data)) + return PARSE_ERROR; + + /* Allocate a block of memory for it */ + *val = p11_rpc_message_alloc_extra (msg, n_data + 1); + if (*val == NULL) + return CKR_DEVICE_MEMORY; + + memcpy (*val, data, n_data); + (*val)[n_data] = 0; + + return CKR_OK; +} + +static CK_RV +proto_read_mechanism (p11_rpc_message *msg, + CK_MECHANISM_PTR mech) +{ + size_t offset; + CK_MECHANISM temp; + + assert (msg != NULL); + assert (mech != NULL); + assert (msg->input != NULL); + + /* Make sure this is in the right order */ + assert (!msg->signature || p11_rpc_message_verify_part (msg, "M")); + + /* Check the length needed to store the parameter */ + memset (&temp, 0, sizeof (temp)); + offset = msg->parsed; + if (!p11_rpc_buffer_get_mechanism (msg->input, &offset, &temp)) { + msg->parsed = offset; + return PARSE_ERROR; + } + + mech->mechanism = temp.mechanism; + + /* The mechanism doesn't require parameter */ + if (temp.ulParameterLen == 0) { + mech->pParameter = NULL; + mech->ulParameterLen = 0; + msg->parsed = offset; + return CKR_OK; + } + + /* Actually retrieve the parameter */ + mech->pParameter = p11_rpc_message_alloc_extra (msg, temp.ulParameterLen); + if (!p11_rpc_buffer_get_mechanism (msg->input, &msg->parsed, mech)) + return PARSE_ERROR; + + assert (msg->parsed == offset); + + return CKR_OK; +} + +static CK_RV +proto_write_info (p11_rpc_message *msg, + CK_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_write_version (msg, &info->cryptokiVersion) || + !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || + !p11_rpc_message_write_ulong (msg, info->flags) || + !p11_rpc_message_write_space_string (msg, info->libraryDescription, 32) || + !p11_rpc_message_write_version (msg, &info->libraryVersion)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_write_slot_info (p11_rpc_message *msg, + CK_SLOT_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_write_space_string (msg, info->slotDescription, 64) || + !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || + !p11_rpc_message_write_ulong (msg, info->flags) || + !p11_rpc_message_write_version (msg, &info->hardwareVersion) || + !p11_rpc_message_write_version (msg, &info->firmwareVersion)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_write_token_info (p11_rpc_message *msg, + CK_TOKEN_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_write_space_string (msg, info->label, 32) || + !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) || + !p11_rpc_message_write_space_string (msg, info->model, 16) || + !p11_rpc_message_write_space_string (msg, info->serialNumber, 16) || + !p11_rpc_message_write_ulong (msg, info->flags) || + !p11_rpc_message_write_ulong (msg, info->ulMaxSessionCount) || + !p11_rpc_message_write_ulong (msg, info->ulSessionCount) || + !p11_rpc_message_write_ulong (msg, info->ulMaxRwSessionCount) || + !p11_rpc_message_write_ulong (msg, info->ulRwSessionCount) || + !p11_rpc_message_write_ulong (msg, info->ulMaxPinLen) || + !p11_rpc_message_write_ulong (msg, info->ulMinPinLen) || + !p11_rpc_message_write_ulong (msg, info->ulTotalPublicMemory) || + !p11_rpc_message_write_ulong (msg, info->ulFreePublicMemory) || + !p11_rpc_message_write_ulong (msg, info->ulTotalPrivateMemory) || + !p11_rpc_message_write_ulong (msg, info->ulFreePrivateMemory) || + !p11_rpc_message_write_version (msg, &info->hardwareVersion) || + !p11_rpc_message_write_version (msg, &info->firmwareVersion) || + !p11_rpc_message_write_space_string (msg, info->utcTime, 16)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_write_mechanism_info (p11_rpc_message *msg, + CK_MECHANISM_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_write_ulong (msg, info->ulMinKeySize) || + !p11_rpc_message_write_ulong (msg, info->ulMaxKeySize) || + !p11_rpc_message_write_ulong (msg, info->flags)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +proto_write_session_info (p11_rpc_message *msg, + CK_SESSION_INFO_PTR info) +{ + assert (msg != NULL); + assert (info != NULL); + + if (!p11_rpc_message_write_ulong (msg, info->slotID) || + !p11_rpc_message_write_ulong (msg, info->state) || + !p11_rpc_message_write_ulong (msg, info->flags) || + !p11_rpc_message_write_ulong (msg, info->ulDeviceError)) + return PREP_ERROR; + + return CKR_OK; +} + +static CK_RV +call_ready (p11_rpc_message *msg) +{ + assert (msg->output); + + /* + * Called right before invoking the actual PKCS#11 function + * Reading out of data is complete, get ready to write return values. + */ + + if (p11_buffer_failed (msg->output)) { + p11_message ("invalid request from module, probably too short"); \ + return PARSE_ERROR; + } + + assert (p11_rpc_message_is_verified (msg)); + + /* All done parsing input */ + msg->input = NULL; + + if (!p11_rpc_message_prep (msg, msg->call_id, P11_RPC_RESPONSE)) { + p11_message ("couldn't initialize rpc response"); + return CKR_DEVICE_MEMORY; + } + + return CKR_OK; +} + +/* ------------------------------------------------------------------- + * CALL MACROS + */ + +#define BEGIN_CALL(call_id) \ + p11_debug (#call_id ": enter"); \ + assert (msg != NULL); \ + assert (self != NULL); \ + { \ + CK_X_##call_id _func = self->C_##call_id; \ + CK_RV _ret = CKR_OK; \ + if (!_func) { _ret = CKR_GENERAL_ERROR; goto _cleanup; } + +#define PROCESS_CALL(args) \ + _ret = call_ready (msg); \ + if (_ret != CKR_OK) { goto _cleanup; } \ + _ret = _func args + +#define END_CALL \ + _cleanup: \ + p11_debug ("ret: %d", (int)_ret); \ + return _ret; \ + } + +#define IN_BYTE(val) \ + if (!p11_rpc_message_read_byte (msg, &val)) \ + { _ret = PARSE_ERROR; goto _cleanup; } + +#define IN_ULONG(val) \ + if (!p11_rpc_message_read_ulong (msg, &val)) \ + { _ret = PARSE_ERROR; goto _cleanup; } + +#define IN_STRING(val) \ + _ret = proto_read_null_string (msg, &val); \ + if (_ret != CKR_OK) goto _cleanup; + +#define IN_BYTE_BUFFER(buffer, buffer_len) \ + _ret = proto_read_byte_buffer (msg, &buffer, &buffer_len); \ + if (_ret != CKR_OK) goto _cleanup; + +#define IN_BYTE_ARRAY(buffer, buffer_len) \ + _ret = proto_read_byte_array (msg, &buffer, &buffer_len); \ + if (_ret != CKR_OK) goto _cleanup; + +#define IN_ULONG_BUFFER(buffer, buffer_len) \ + _ret = proto_read_ulong_buffer (msg, &buffer, &buffer_len); \ + if (_ret != CKR_OK) goto _cleanup; + +#define IN_ATTRIBUTE_BUFFER(buffer, buffer_len) \ + _ret = proto_read_attribute_buffer (msg, &buffer, &buffer_len); \ + if (_ret != CKR_OK) goto _cleanup; + +#define IN_ATTRIBUTE_ARRAY(attrs, n_attrs) \ + _ret = proto_read_attribute_array (msg, &attrs, &n_attrs); \ + if (_ret != CKR_OK) goto _cleanup; + +#define IN_MECHANISM(mech) \ + _ret = proto_read_mechanism (msg, &mech); \ + if (_ret != CKR_OK) goto _cleanup; + + +#define OUT_ULONG(val) \ + if (_ret == CKR_OK && !p11_rpc_message_write_ulong (msg, val)) \ + _ret = PREP_ERROR; + +#define OUT_BYTE_ARRAY(array, len) \ + /* Note how we filter return codes */ \ + _ret = proto_write_byte_array (msg, array, len, _ret); + +#define OUT_ULONG_ARRAY(array, len) \ + /* Note how we filter return codes */ \ + _ret = proto_write_ulong_array (msg, array, len, _ret); + +#define OUT_ATTRIBUTE_ARRAY(array, len) \ + /* Note how we filter return codes */ \ + _ret = proto_write_attribute_array (msg, array, len, _ret); + +#define OUT_INFO(val) \ + if (_ret == CKR_OK) \ + _ret = proto_write_info (msg, &val); + +#define OUT_SLOT_INFO(val) \ + if (_ret == CKR_OK) \ + _ret = proto_write_slot_info (msg, &val); + +#define OUT_TOKEN_INFO(val) \ + if (_ret == CKR_OK) \ + _ret = proto_write_token_info (msg, &val); + +#define OUT_MECHANISM_INFO(val) \ + if (_ret == CKR_OK) \ + _ret = proto_write_mechanism_info (msg, &val); + +#define OUT_SESSION_INFO(val) \ + if (_ret == CKR_OK) \ + _ret = proto_write_session_info (msg, &val); + +/* --------------------------------------------------------------------------- + * DISPATCH SPECIFIC CALLS + */ + +static CK_RV +rpc_C_Initialize (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_X_Initialize func; + CK_C_INITIALIZE_ARGS init_args; + CK_BYTE_PTR handshake; + CK_ULONG n_handshake; + CK_BYTE reserved_present = 0; + CK_BYTE_PTR reserved = NULL; + CK_ULONG n_reserved; + CK_RV ret = CKR_OK; + + p11_debug ("C_Initialize: enter"); + + assert (msg != NULL); + assert (self != NULL); + + ret = proto_read_byte_array (msg, &handshake, &n_handshake); + if (ret == CKR_OK) { + + /* Check to make sure the header matches */ + if (n_handshake != P11_RPC_HANDSHAKE_LEN || + memcmp (handshake, P11_RPC_HANDSHAKE, n_handshake) != 0) { + p11_message ("invalid handshake received from connecting module"); + ret = CKR_GENERAL_ERROR; + } + } + + if (ret == CKR_OK) { + if (!p11_rpc_message_read_byte (msg, &reserved_present)) + ret = PARSE_ERROR; + } + + if (ret == CKR_OK) { + ret = proto_read_byte_array (msg, &reserved, &n_reserved); + + assert (p11_rpc_message_is_verified (msg)); + } + + if (ret == CKR_OK) { + memset (&init_args, 0, sizeof (init_args)); + init_args.flags = CKF_OS_LOCKING_OK; + init_args.pReserved = reserved_present ? reserved : NULL; + + func = self->C_Initialize; + assert (func != NULL); + ret = (func) (self, &init_args); + + /* Empty response */ + if (ret == CKR_OK) + ret = call_ready (msg); + } + + p11_debug ("ret: %d", (int)ret); + return ret; +} + +static CK_RV +rpc_C_Finalize (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + BEGIN_CALL (Finalize); + PROCESS_CALL ((self, NULL)); + END_CALL; +} + +static CK_RV +rpc_C_GetInfo (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_INFO info; + + BEGIN_CALL (GetInfo); + PROCESS_CALL ((self, &info)); + OUT_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_BBOOL token_present; + CK_SLOT_ID_PTR slot_list; + CK_ULONG count; + + BEGIN_CALL (GetSlotList); + IN_BYTE (token_present); + IN_ULONG_BUFFER (slot_list, count); + PROCESS_CALL ((self, token_present, slot_list, &count)); + OUT_ULONG_ARRAY (slot_list, count); + END_CALL; +} + +static CK_RV +rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + CK_SLOT_INFO info; + + BEGIN_CALL (GetSlotInfo); + IN_ULONG (slot_id); + PROCESS_CALL ((self, slot_id, &info)); + OUT_SLOT_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + CK_TOKEN_INFO info; + + BEGIN_CALL (GetTokenInfo); + IN_ULONG (slot_id); + PROCESS_CALL ((self, slot_id, &info)); + OUT_TOKEN_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + CK_MECHANISM_TYPE_PTR mechanism_list; + CK_ULONG count; + + BEGIN_CALL (GetMechanismList); + IN_ULONG (slot_id); + IN_ULONG_BUFFER (mechanism_list, count); + PROCESS_CALL ((self, slot_id, mechanism_list, &count)); + OUT_ULONG_ARRAY (mechanism_list, count); + END_CALL; +} + +static CK_RV +rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + CK_MECHANISM_TYPE type; + CK_MECHANISM_INFO info; + + BEGIN_CALL (GetMechanismInfo); + IN_ULONG (slot_id); + IN_ULONG (type); + PROCESS_CALL ((self, slot_id, type, &info)); + OUT_MECHANISM_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_InitToken (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + CK_UTF8CHAR_PTR pin; + CK_ULONG pin_len; + CK_UTF8CHAR_PTR label; + + BEGIN_CALL (InitToken); + IN_ULONG (slot_id); + IN_BYTE_ARRAY (pin, pin_len); + IN_STRING (label); + PROCESS_CALL ((self, slot_id, pin, pin_len, label)); + END_CALL; +} + +static CK_RV +rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_FLAGS flags; + CK_SLOT_ID slot_id; + + BEGIN_CALL (WaitForSlotEvent); + IN_ULONG (flags); + PROCESS_CALL ((self, flags, &slot_id, NULL)); + OUT_ULONG (slot_id); + END_CALL; +} + +static CK_RV +rpc_C_OpenSession (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + CK_FLAGS flags; + CK_SESSION_HANDLE session; + + BEGIN_CALL (OpenSession); + IN_ULONG (slot_id); + IN_ULONG (flags); + PROCESS_CALL ((self, slot_id, flags, NULL, NULL, &session)); + OUT_ULONG (session); + END_CALL; +} + + +static CK_RV +rpc_C_CloseSession (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + + BEGIN_CALL (CloseSession); + IN_ULONG (session); + PROCESS_CALL ((self, session)); + END_CALL; +} + +static CK_RV +rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SLOT_ID slot_id; + + /* Slot id becomes apartment so lower layers can tell clients apart. */ + + BEGIN_CALL (CloseAllSessions); + IN_ULONG (slot_id); + PROCESS_CALL ((self, slot_id)); + END_CALL; +} + +static CK_RV +rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_SESSION_INFO info; + + BEGIN_CALL (GetSessionInfo); + IN_ULONG (session); + PROCESS_CALL ((self, session, &info)); + OUT_SESSION_INFO (info); + END_CALL; +} + +static CK_RV +rpc_C_InitPIN (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_UTF8CHAR_PTR pin; + CK_ULONG pin_len; + + BEGIN_CALL (InitPIN); + IN_ULONG (session); + IN_BYTE_ARRAY (pin, pin_len); + PROCESS_CALL ((self, session, pin, pin_len)); + END_CALL; +} + +static CK_RV +rpc_C_SetPIN (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_UTF8CHAR_PTR old_pin; + CK_ULONG old_len; + CK_UTF8CHAR_PTR new_pin; + CK_ULONG new_len; + + BEGIN_CALL (SetPIN); + IN_ULONG (session); + IN_BYTE_ARRAY (old_pin, old_len); + IN_BYTE_ARRAY (new_pin, new_len); + PROCESS_CALL ((self, session, old_pin, old_len, new_pin, new_len)); + END_CALL; +} + +static CK_RV +rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR operation_state; + CK_ULONG operation_state_len; + + BEGIN_CALL (GetOperationState); + IN_ULONG (session); + IN_BYTE_BUFFER (operation_state, operation_state_len); + PROCESS_CALL ((self, session, operation_state, &operation_state_len)); + OUT_BYTE_ARRAY (operation_state, operation_state_len); + END_CALL; +} + +static CK_RV +rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR operation_state; + CK_ULONG operation_state_len; + CK_OBJECT_HANDLE encryption_key; + CK_OBJECT_HANDLE authentication_key; + + BEGIN_CALL (SetOperationState); + IN_ULONG (session); + IN_BYTE_ARRAY (operation_state, operation_state_len); + IN_ULONG (encryption_key); + IN_ULONG (authentication_key); + PROCESS_CALL ((self, session, operation_state, operation_state_len, encryption_key, authentication_key)); + END_CALL; +} + +static CK_RV +rpc_C_Login (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_USER_TYPE user_type; + CK_UTF8CHAR_PTR pin; + CK_ULONG pin_len; + + BEGIN_CALL (Login); + IN_ULONG (session); + IN_ULONG (user_type); + IN_BYTE_ARRAY (pin, pin_len); + PROCESS_CALL ((self, session, user_type, pin, pin_len)); + END_CALL; +} + +static CK_RV +rpc_C_Logout (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + + BEGIN_CALL (Logout); + IN_ULONG (session); + PROCESS_CALL ((self, session)); + END_CALL; +} + +static CK_RV +rpc_C_CreateObject (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + CK_OBJECT_HANDLE new_object; + + BEGIN_CALL (CreateObject); + IN_ULONG (session); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL ((self, session, template, count, &new_object)); + OUT_ULONG (new_object); + END_CALL; +} + +static CK_RV +rpc_C_CopyObject (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + CK_OBJECT_HANDLE new_object; + + BEGIN_CALL (CopyObject); + IN_ULONG (session); + IN_ULONG (object); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL ((self, session, object, template, count, &new_object)); + OUT_ULONG (new_object); + END_CALL; +} + +static CK_RV +rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + + BEGIN_CALL (DestroyObject); + IN_ULONG (session); + IN_ULONG (object); + PROCESS_CALL ((self, session, object)); + END_CALL; +} + +static CK_RV +rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + CK_ULONG size; + + BEGIN_CALL (GetObjectSize); + IN_ULONG (session); + IN_ULONG (object); + PROCESS_CALL ((self, session, object, &size)); + OUT_ULONG (size); + END_CALL; +} + +static CK_RV +rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + + BEGIN_CALL (GetAttributeValue); + IN_ULONG (session); + IN_ULONG (object); + IN_ATTRIBUTE_BUFFER (template, count); + PROCESS_CALL ((self, session, object, template, count)); + OUT_ATTRIBUTE_ARRAY (template, count); + END_CALL; +} + +static CK_RV +rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + + BEGIN_CALL (SetAttributeValue); + IN_ULONG (session); + IN_ULONG (object); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL ((self, session, object, template, count)); + END_CALL; +} + +static CK_RV +rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + + BEGIN_CALL (FindObjectsInit); + IN_ULONG (session); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL ((self, session, template, count)); + END_CALL; +} + +static CK_RV +rpc_C_FindObjects (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE_PTR objects; + CK_ULONG max_object_count; + CK_ULONG object_count; + + BEGIN_CALL (FindObjects); + IN_ULONG (session); + IN_ULONG_BUFFER (objects, max_object_count); + PROCESS_CALL ((self, session, objects, max_object_count, &object_count)); + OUT_ULONG_ARRAY (objects, object_count); + END_CALL; +} + +static CK_RV +rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + + BEGIN_CALL (FindObjectsFinal); + IN_ULONG (session); + PROCESS_CALL ((self, session)); + END_CALL; +} + +static CK_RV +rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (EncryptInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL ((self, session, &mechanism, key)); + END_CALL; + +} + +static CK_RV +rpc_C_Encrypt (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR data; + CK_ULONG data_len; + CK_BYTE_PTR encrypted_data; + CK_ULONG encrypted_data_len; + + BEGIN_CALL (Encrypt); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (encrypted_data, encrypted_data_len); + PROCESS_CALL ((self, session, data, data_len, encrypted_data, &encrypted_data_len)); + OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len); + END_CALL; +} + +static CK_RV +rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + CK_BYTE_PTR encrypted_part; + CK_ULONG encrypted_part_len; + + BEGIN_CALL (EncryptUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); + PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); + OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); + END_CALL; +} + +static CK_RV +rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR last_encrypted_part; + CK_ULONG last_encrypted_part_len; + + BEGIN_CALL (EncryptFinal); + IN_ULONG (session); + IN_BYTE_BUFFER (last_encrypted_part, last_encrypted_part_len); + PROCESS_CALL ((self, session, last_encrypted_part, &last_encrypted_part_len)); + OUT_BYTE_ARRAY (last_encrypted_part, last_encrypted_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (DecryptInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL ((self, session, &mechanism, key)); + END_CALL; +} + +static CK_RV +rpc_C_Decrypt (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR encrypted_data; + CK_ULONG encrypted_data_len; + CK_BYTE_PTR data; + CK_ULONG data_len; + + BEGIN_CALL (Decrypt); + IN_ULONG (session); + IN_BYTE_ARRAY (encrypted_data, encrypted_data_len); + IN_BYTE_BUFFER (data, data_len); + PROCESS_CALL ((self, session, encrypted_data, encrypted_data_len, data, &data_len)); + OUT_BYTE_ARRAY (data, data_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR encrypted_part; + CK_ULONG encrypted_part_len; + CK_BYTE_PTR part; + CK_ULONG part_len; + + BEGIN_CALL (DecryptUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); + IN_BYTE_BUFFER (part, part_len); + PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); + OUT_BYTE_ARRAY (part, part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR last_part; + CK_ULONG last_part_len; + + BEGIN_CALL (DecryptFinal); + IN_ULONG (session); + IN_BYTE_BUFFER (last_part, last_part_len); + PROCESS_CALL ((self, session, last_part, &last_part_len)); + OUT_BYTE_ARRAY (last_part, last_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DigestInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + + BEGIN_CALL (DigestInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + PROCESS_CALL ((self, session, &mechanism)); + END_CALL; +} + +static CK_RV +rpc_C_Digest (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR data; + CK_ULONG data_len; + CK_BYTE_PTR digest; + CK_ULONG digest_len; + + BEGIN_CALL (Digest); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (digest, digest_len); + PROCESS_CALL ((self, session, data, data_len, digest, &digest_len)); + OUT_BYTE_ARRAY (digest, digest_len); + END_CALL; +} + +static CK_RV +rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + + BEGIN_CALL (DigestUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + PROCESS_CALL ((self, session, part, part_len)); + END_CALL; +} + +static CK_RV +rpc_C_DigestKey (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (DigestKey); + IN_ULONG (session); + IN_ULONG (key); + PROCESS_CALL ((self, session, key)); + END_CALL; +} + +static CK_RV +rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR digest; + CK_ULONG digest_len; + + BEGIN_CALL (DigestFinal); + IN_ULONG (session); + IN_BYTE_BUFFER (digest, digest_len); + PROCESS_CALL ((self, session, digest, &digest_len)); + OUT_BYTE_ARRAY (digest, digest_len); + END_CALL; +} + +static CK_RV +rpc_C_SignInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (SignInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL ((self, session, &mechanism, key)); + END_CALL; +} + +static CK_RV +rpc_C_Sign (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + CK_BYTE_PTR signature; + CK_ULONG signature_len; + + BEGIN_CALL (Sign); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (signature, signature_len); + PROCESS_CALL ((self, session, part, part_len, signature, &signature_len)); + OUT_BYTE_ARRAY (signature, signature_len); + END_CALL; + +} + +static CK_RV +rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + + BEGIN_CALL (SignUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + PROCESS_CALL ((self, session, part, part_len)); + END_CALL; +} + +static CK_RV +rpc_C_SignFinal (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR signature; + CK_ULONG signature_len; + + BEGIN_CALL (SignFinal); + IN_ULONG (session); + IN_BYTE_BUFFER (signature, signature_len); + PROCESS_CALL ((self, session, signature, &signature_len)); + OUT_BYTE_ARRAY (signature, signature_len); + END_CALL; +} + +static CK_RV +rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (SignRecoverInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL ((self, session, &mechanism, key)); + END_CALL; +} + +static CK_RV +rpc_C_SignRecover (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR data; + CK_ULONG data_len; + CK_BYTE_PTR signature; + CK_ULONG signature_len; + + BEGIN_CALL (SignRecover); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_BUFFER (signature, signature_len); + PROCESS_CALL ((self, session, data, data_len, signature, &signature_len)); + OUT_BYTE_ARRAY (signature, signature_len); + END_CALL; +} + +static CK_RV +rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (VerifyInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL ((self, session, &mechanism, key)); + END_CALL; +} + +static CK_RV +rpc_C_Verify (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR data; + CK_ULONG data_len; + CK_BYTE_PTR signature; + CK_ULONG signature_len; + + BEGIN_CALL (Verify); + IN_ULONG (session); + IN_BYTE_ARRAY (data, data_len); + IN_BYTE_ARRAY (signature, signature_len); + PROCESS_CALL ((self, session, data, data_len, signature, signature_len)); + END_CALL; +} + +static CK_RV +rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + + BEGIN_CALL (VerifyUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + PROCESS_CALL ((self, session, part, part_len)); + END_CALL; +} + +static CK_RV +rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR signature; + CK_ULONG signature_len; + + BEGIN_CALL (VerifyFinal); + IN_ULONG (session); + IN_BYTE_ARRAY (signature, signature_len); + PROCESS_CALL ((self, session, signature, signature_len)); + END_CALL; +} + +static CK_RV +rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (VerifyRecoverInit); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (key); + PROCESS_CALL ((self, session, &mechanism, key)); + END_CALL; +} + +static CK_RV +rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR signature; + CK_ULONG signature_len; + CK_BYTE_PTR data; + CK_ULONG data_len; + + BEGIN_CALL (VerifyRecover); + IN_ULONG (session); + IN_BYTE_ARRAY (signature, signature_len); + IN_BYTE_BUFFER (data, data_len); + PROCESS_CALL ((self, session, signature, signature_len, data, &data_len)); + OUT_BYTE_ARRAY (data, data_len); + END_CALL; +} + +static CK_RV +rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + CK_BYTE_PTR encrypted_part; + CK_ULONG encrypted_part_len; + + BEGIN_CALL (DigestEncryptUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); + PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); + OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR encrypted_part; + CK_ULONG encrypted_part_len; + CK_BYTE_PTR part; + CK_ULONG part_len; + + BEGIN_CALL (DecryptDigestUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); + IN_BYTE_BUFFER (part, part_len); + PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); + OUT_BYTE_ARRAY (part, part_len); + END_CALL; +} + +static CK_RV +rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR part; + CK_ULONG part_len; + CK_BYTE_PTR encrypted_part; + CK_ULONG encrypted_part_len; + + BEGIN_CALL (SignEncryptUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (part, part_len); + IN_BYTE_BUFFER (encrypted_part, encrypted_part_len); + PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len)); + OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len); + END_CALL; +} + +static CK_RV +rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR encrypted_part; + CK_ULONG encrypted_part_len; + CK_BYTE_PTR part; + CK_ULONG part_len; + + BEGIN_CALL (DecryptVerifyUpdate); + IN_ULONG (session); + IN_BYTE_ARRAY (encrypted_part, encrypted_part_len); + IN_BYTE_BUFFER (part, part_len); + PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len)); + OUT_BYTE_ARRAY (part, part_len); + END_CALL; +} + +static CK_RV +rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_ATTRIBUTE_PTR template; + CK_ULONG count; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (GenerateKey); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ATTRIBUTE_ARRAY (template, count); + PROCESS_CALL ((self, session, &mechanism, template, count, &key)); + OUT_ULONG (key); + END_CALL; +} + +static CK_RV +rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_ATTRIBUTE_PTR public_key_template; + CK_ULONG public_key_attribute_count; + CK_ATTRIBUTE_PTR private_key_template; + CK_ULONG private_key_attribute_count; + CK_OBJECT_HANDLE public_key; + CK_OBJECT_HANDLE private_key; + + BEGIN_CALL (GenerateKeyPair); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ATTRIBUTE_ARRAY (public_key_template, public_key_attribute_count); + IN_ATTRIBUTE_ARRAY (private_key_template, private_key_attribute_count); + PROCESS_CALL ((self, session, &mechanism, public_key_template, public_key_attribute_count, private_key_template, private_key_attribute_count, &public_key, &private_key)); + OUT_ULONG (public_key); + OUT_ULONG (private_key); + END_CALL; +} + +static CK_RV +rpc_C_WrapKey (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE wrapping_key; + CK_OBJECT_HANDLE key; + CK_BYTE_PTR wrapped_key; + CK_ULONG wrapped_key_len; + + BEGIN_CALL (WrapKey); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (wrapping_key); + IN_ULONG (key); + IN_BYTE_BUFFER (wrapped_key, wrapped_key_len); + PROCESS_CALL ((self, session, &mechanism, wrapping_key, key, wrapped_key, &wrapped_key_len)); + OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len); + END_CALL; +} + +static CK_RV +rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE unwrapping_key; + CK_BYTE_PTR wrapped_key; + CK_ULONG wrapped_key_len; + CK_ATTRIBUTE_PTR template; + CK_ULONG attribute_count; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (UnwrapKey); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (unwrapping_key); + IN_BYTE_ARRAY (wrapped_key, wrapped_key_len); + IN_ATTRIBUTE_ARRAY (template, attribute_count); + PROCESS_CALL ((self, session, &mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, attribute_count, &key)); + OUT_ULONG (key); + END_CALL; +} + +static CK_RV +rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE base_key; + CK_ATTRIBUTE_PTR template; + CK_ULONG attribute_count; + CK_OBJECT_HANDLE key; + + BEGIN_CALL (DeriveKey); + IN_ULONG (session); + IN_MECHANISM (mechanism); + IN_ULONG (base_key); + IN_ATTRIBUTE_ARRAY (template, attribute_count); + PROCESS_CALL ((self, session, &mechanism, base_key, template, attribute_count, &key)); + OUT_ULONG (key); + END_CALL; +} + +static CK_RV +rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR seed; + CK_ULONG seed_len; + + BEGIN_CALL (SeedRandom); + IN_ULONG (session); + IN_BYTE_ARRAY (seed, seed_len); + PROCESS_CALL ((self, session, seed, seed_len)); + END_CALL; +} + +static CK_RV +rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self, + p11_rpc_message *msg) +{ + CK_SESSION_HANDLE session; + CK_BYTE_PTR random_data; + CK_ULONG random_len; + + BEGIN_CALL (GenerateRandom); + IN_ULONG (session); + IN_BYTE_BUFFER (random_data, random_len); + PROCESS_CALL ((self, session, random_data, random_len)); + OUT_BYTE_ARRAY (random_data, random_len); + END_CALL; +} + +bool +p11_rpc_server_handle (CK_X_FUNCTION_LIST *self, + p11_buffer *request, + p11_buffer *response) +{ + p11_rpc_message msg; + CK_RV ret; + int req_id; + + return_val_if_fail (self != NULL, false); + return_val_if_fail (request != NULL, false); + return_val_if_fail (response != NULL, false); + + p11_message_clear (); + + p11_rpc_message_init (&msg, request, response); + + if (!p11_rpc_message_parse (&msg, P11_RPC_REQUEST)) { + p11_rpc_message_clear (&msg); + p11_message ("couldn't parse pkcs11 rpc message"); + return false; + } + + /* This should have been checked by the parsing code */ + assert (msg.call_id > P11_RPC_CALL_ERROR); + assert (msg.call_id < P11_RPC_CALL_MAX); + req_id = msg.call_id; + + switch(req_id) { + #define CASE_CALL(name) \ + case P11_RPC_CALL_##name: \ + ret = rpc_##name (self, &msg); \ + break; + CASE_CALL (C_Initialize) + CASE_CALL (C_Finalize) + CASE_CALL (C_GetInfo) + CASE_CALL (C_GetSlotList) + CASE_CALL (C_GetSlotInfo) + CASE_CALL (C_GetTokenInfo) + CASE_CALL (C_GetMechanismList) + CASE_CALL (C_GetMechanismInfo) + CASE_CALL (C_InitToken) + CASE_CALL (C_OpenSession) + CASE_CALL (C_CloseSession) + CASE_CALL (C_CloseAllSessions) + CASE_CALL (C_GetSessionInfo) + CASE_CALL (C_InitPIN) + CASE_CALL (C_SetPIN) + CASE_CALL (C_GetOperationState) + CASE_CALL (C_SetOperationState) + CASE_CALL (C_Login) + CASE_CALL (C_Logout) + CASE_CALL (C_CreateObject) + CASE_CALL (C_CopyObject) + CASE_CALL (C_DestroyObject) + CASE_CALL (C_GetObjectSize) + CASE_CALL (C_GetAttributeValue) + CASE_CALL (C_SetAttributeValue) + CASE_CALL (C_FindObjectsInit) + CASE_CALL (C_FindObjects) + CASE_CALL (C_FindObjectsFinal) + CASE_CALL (C_EncryptInit) + CASE_CALL (C_Encrypt) + CASE_CALL (C_EncryptUpdate) + CASE_CALL (C_EncryptFinal) + CASE_CALL (C_DecryptInit) + CASE_CALL (C_Decrypt) + CASE_CALL (C_DecryptUpdate) + CASE_CALL (C_DecryptFinal) + CASE_CALL (C_DigestInit) + CASE_CALL (C_Digest) + CASE_CALL (C_DigestUpdate) + CASE_CALL (C_DigestKey) + CASE_CALL (C_DigestFinal) + CASE_CALL (C_SignInit) + CASE_CALL (C_Sign) + CASE_CALL (C_SignUpdate) + CASE_CALL (C_SignFinal) + CASE_CALL (C_SignRecoverInit) + CASE_CALL (C_SignRecover) + CASE_CALL (C_VerifyInit) + CASE_CALL (C_Verify) + CASE_CALL (C_VerifyUpdate) + CASE_CALL (C_VerifyFinal) + CASE_CALL (C_VerifyRecoverInit) + CASE_CALL (C_VerifyRecover) + CASE_CALL (C_DigestEncryptUpdate) + CASE_CALL (C_DecryptDigestUpdate) + CASE_CALL (C_SignEncryptUpdate) + CASE_CALL (C_DecryptVerifyUpdate) + CASE_CALL (C_GenerateKey) + CASE_CALL (C_GenerateKeyPair) + CASE_CALL (C_WrapKey) + CASE_CALL (C_UnwrapKey) + CASE_CALL (C_DeriveKey) + CASE_CALL (C_SeedRandom) + CASE_CALL (C_GenerateRandom) + CASE_CALL (C_WaitForSlotEvent) + #undef CASE_CALL + default: + /* This should have been caught by the parse code */ + assert (0 && "Unchecked call"); + break; + }; + + if (p11_buffer_failed (msg.output)) { + p11_message ("out of memory error putting together message"); + p11_rpc_message_clear (&msg); + return false; + } + + /* A filled in response */ + if (ret == CKR_OK) { + + /* + * Since we're dealing with many many functions above generating + * these messages we want to make sure each of them actually + * does what it's supposed to. + */ + assert (p11_rpc_message_is_verified (&msg)); + assert (msg.call_type == P11_RPC_RESPONSE); + assert (msg.call_id == req_id); + assert (p11_rpc_calls[msg.call_id].response); + assert (strcmp (p11_rpc_calls[msg.call_id].response, msg.signature) == 0); + + /* Fill in an error respnose */ + } else { + if (!p11_rpc_message_prep (&msg, P11_RPC_CALL_ERROR, P11_RPC_RESPONSE) || + !p11_rpc_message_write_ulong (&msg, (uint32_t)ret) || + p11_buffer_failed (msg.output)) { + p11_message ("out of memory responding with error"); + p11_rpc_message_clear (&msg); + return false; + } + } + + p11_rpc_message_clear (&msg); + return true; +} + +/** + * p11_kit_remote_serve_module: + * @module: a pointer to a loaded module + * @in_fd: input fd + * @out_fd: output fd + * + * Run a module on a given pair of input/output FDs. + * + * Returns: 0 if success, non-zero otherwise. + */ +int +p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, + int in_fd, + int out_fd) +{ + p11_rpc_status status; + unsigned char version; + p11_virtual virt; + p11_buffer options; + p11_buffer buffer; + size_t state; + int ret = 1; + int code; + + return_val_if_fail (module != NULL, 1); + + p11_buffer_init (&options, 0); + p11_buffer_init (&buffer, 0); + + p11_virtual_init (&virt, &p11_virtual_base, module, NULL); + + switch (read (in_fd, &version, 1)) { + case 0: + goto out; + case 1: + if (version != 0) { + p11_message ("unsupported version received: %d", (int)version); + goto out; + } + break; + default: + p11_message_err (errno, "couldn't read credential byte"); + goto out; + } + + version = 0; + switch (write (out_fd, &version, 1)) { + case 1: + break; + default: + p11_message_err (errno, "couldn't write credential byte"); + goto out; + } + + status = P11_RPC_OK; + while (status == P11_RPC_OK) { + state = 0; + code = 0; + + do { + status = p11_rpc_transport_read (in_fd, &state, &code, + &options, &buffer); + } while (status == P11_RPC_AGAIN); + + switch (status) { + case P11_RPC_OK: + break; + case P11_RPC_EOF: + ret = 0; + continue; + case P11_RPC_AGAIN: + assert_not_reached (); + case P11_RPC_ERROR: + p11_message_err (errno, "failed to read rpc message"); + goto out; + } + + if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { + p11_message ("unexpected error handling rpc message"); + goto out; + } + + state = 0; + options.len = 0; + do { + status = p11_rpc_transport_write (out_fd, &state, code, + &options, &buffer); + } while (status == P11_RPC_AGAIN); + + switch (status) { + case P11_RPC_OK: + break; + case P11_RPC_EOF: + case P11_RPC_AGAIN: + assert_not_reached (); + case P11_RPC_ERROR: + p11_message_err (errno, "failed to write rpc message"); + goto out; + } + } + +out: + p11_buffer_uninit (&buffer); + p11_buffer_uninit (&options); + + p11_virtual_uninit (&virt); + + return ret; +} + +/** + * p11_kit_remote_serve_token: + * @module: a pointer to a loaded module + * @token: a token info + * @in_fd: input fd + * @out_fd: output fd + * + * Run a token wrapped in a module on a given pair of input/output FDs. + * + * Returns: 0 if success, non-zero otherwise. + * + * Deprecated: use p11_kit_remote_serve_tokens() + */ +int +p11_kit_remote_serve_token (CK_FUNCTION_LIST *module, + CK_TOKEN_INFO *token, + int in_fd, + int out_fd) +{ + p11_virtual virt; + p11_virtual *filter = NULL; + CK_FUNCTION_LIST *filtered = NULL; + int ret = 1; + + return_val_if_fail (module != NULL, 1); + return_val_if_fail (token != NULL, 1); + + p11_virtual_init (&virt, &p11_virtual_base, module, NULL); + filter = p11_filter_subclass (&virt, NULL); + if (filter == NULL) + goto out; + + filtered = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit); + if (filtered == NULL) + goto out; + + p11_filter_allow_token (filter, token); + + ret = p11_kit_remote_serve_module (filtered, in_fd, out_fd); + + out: + if (filtered != NULL) + p11_virtual_unwrap (filtered); + if (filter != NULL) + p11_filter_release (filter); + + return ret; +} + +static void +token_set_write_protected (CK_TOKEN_INFO *token, P11KitUri *uri) +{ + const char *write_protected = + p11_kit_uri_get_vendor_query (uri, "write-protected"); + if (write_protected && + _p11_conf_parse_boolean (write_protected, false)) + token->flags |= CKF_WRITE_PROTECTED; + else + token->flags &= ~CKF_WRITE_PROTECTED; +} + +static void +module_unwrap (CK_FUNCTION_LIST *module) +{ + if (module) + p11_virtual_unwrap (module); +} + +/** + * p11_kit_remote_serve_tokens: + * @tokens: a list of token URIs + * @n_tokens: the length of @tokens + * @provider: (nullable): a PKCS\#11 module that provides the tokens + * @in_fd: input fd + * @out_fd: output fd + * + * Expose tokens on a given pair of input/output FDs. If @provider is + * not NULL, all the tokens must be provided by the same module. + * + * Returns: 0 if success, non-zero otherwise. + */ +int +p11_kit_remote_serve_tokens (const char **tokens, + size_t n_tokens, + CK_FUNCTION_LIST *provider, + int in_fd, + int out_fd) +{ + p11_virtual *lower = NULL; + p11_virtual *filter = NULL; + CK_FUNCTION_LIST *proxy = NULL; + CK_FUNCTION_LIST **modules = NULL; + CK_FUNCTION_LIST *provider_modules[2] = { NULL, NULL }; + CK_FUNCTION_LIST *module; + p11_dict *filters = NULL; + p11_dictiter filters_iter; + p11_array *filtered = NULL; + P11KitIter *iter; + P11KitUri **uris = NULL; + void *value; + int ret = 1; + int error = 0; + size_t i; + + return_val_if_fail (tokens != NULL, 2); + return_val_if_fail (n_tokens > 0, 2); + return_val_if_fail (in_fd >= 0, 2); + return_val_if_fail (out_fd >= 0, 2); + + uris = calloc (n_tokens, sizeof (P11KitUri *)); + if (uris == NULL) { + error = ENOMEM; + goto out; + } + + for (i = 0; i < n_tokens; i++) { + uris[i] = p11_kit_uri_new (); + if (uris[i] == NULL) { + error = ENOMEM; + goto out; + } + if (p11_kit_uri_parse (tokens[i], P11_KIT_URI_FOR_TOKEN, uris[i]) != + P11_KIT_URI_OK) { + error = EINVAL; + goto out; + } + } + + if (provider) { + if (p11_kit_module_initialize (provider) != CKR_OK) { + error = EINVAL; + goto out; + } + provider_modules[0] = provider; + modules = provider_modules; + } else { + modules = p11_kit_modules_load_and_initialize (0); + if (modules == NULL) { + error = EINVAL; + goto out; + } + } + + filters = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, + NULL, p11_filter_release); + if (filters == NULL) { + error = ENOMEM; + goto out; + } + + iter = p11_kit_iter_new (NULL, + P11_KIT_ITER_WITH_TOKENS | + P11_KIT_ITER_WITHOUT_OBJECTS); + if (iter == NULL) { + error = ENOMEM; + goto out; + } + + p11_kit_iter_begin (iter, modules); + while (p11_kit_iter_next (iter) == CKR_OK) { + CK_TOKEN_INFO *token; + + assert (p11_kit_iter_get_kind (iter) == P11_KIT_ITER_KIND_TOKEN); + + token = p11_kit_iter_get_token (iter); + + /* Check if the token is the one we want to export */ + for (i = 0; i < n_tokens; i++) + if (p11_kit_uri_match_token_info (uris[i], token)) + break; + if (i == n_tokens) + continue; + + module = p11_kit_iter_get_module (iter); + assert (module != NULL); + + /* Create a virtual module that provides only the + * specified tokens */ + filter = p11_dict_get (filters, module); + if (filter == NULL) { + lower = calloc (1, sizeof (p11_virtual)); + if (lower == NULL) { + error = ENOMEM; + goto out; + } + p11_virtual_init (lower, &p11_virtual_base, module, NULL); + filter = p11_filter_subclass (lower, NULL); + if (filter == NULL) { + error = EINVAL; + p11_message_err (error, "couldn't subclass filter"); + goto out; + } + if (!p11_dict_set (filters, module, filter)) { + error = EINVAL; + p11_message_err (error, "couldn't register filter"); + goto out; + } + } + + for (i = 0; i < n_tokens; i++) { + if (p11_kit_uri_match_token_info (uris[i], token)) { + token_set_write_protected (token, uris[i]); + p11_filter_allow_token (filter, token); + } + } + } + p11_kit_iter_free (iter); + + filtered = p11_array_new ((p11_destroyer)module_unwrap); + p11_dict_iterate (filters, &filters_iter); + while (p11_dict_next (&filters_iter, NULL, &value)) { + module = p11_virtual_wrap ((p11_virtual *)value, + (p11_destroyer)p11_virtual_uninit); + if (module == NULL) { + error = EINVAL; + p11_message_err (error, "couldn't wrap filter module"); + goto out; + } + if (!p11_array_push (filtered, module)) { + error = ENOMEM; + goto out; + } + } + + /* NULL terminate the array */ + if (!p11_array_push (filtered, NULL)) { + error = ENOMEM; + goto out; + } + + /* Need to finalize the modules that we initialized for iteration */ + p11_kit_modules_finalize (modules); + + if (p11_proxy_module_create (&proxy, (CK_FUNCTION_LIST **)filtered->elem) + != CKR_OK) { + error = EINVAL; + p11_message_err (error, "couldn't create a proxy module"); + goto out; + } + + ret = p11_kit_remote_serve_module (proxy, in_fd, out_fd); + + out: + if (filtered != NULL) + p11_array_free (filtered); + if (filters != NULL) + p11_dict_free (filters); + if (modules != provider_modules) + p11_kit_modules_release (modules); + if (error != 0) + errno = error; + if (uris) { + for (i = 0; i < n_tokens; i++) + p11_kit_uri_free (uris[i]); + free (uris); + } + + return ret; +} diff --git a/p11-kit/rpc-transport.c b/p11-kit/rpc-transport.c new file mode 100644 index 0000000..049ba37 --- /dev/null +++ b/p11-kit/rpc-transport.c @@ -0,0 +1,1290 @@ +/* + * Copyright (C) 2012 Stefan Walter + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "argv.h" +#include "compat.h" +#define P11_DEBUG_FLAG P11_DEBUG_RPC +#include "debug.h" +#include "message.h" +#include "pkcs11.h" +#include "private.h" +#include "rpc.h" +#include "rpc-message.h" +#include "path.h" + +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifdef OS_UNIX +#include +#include +#include +#include +#include +#include +#include +#endif + +#ifdef OS_WIN32 +#include +#include +#include +#ifndef EWOULDBLOCK +#define EWOULDBLOCK WSAEWOULDBLOCK +#endif +#endif + +#ifndef EPROTO +#define EPROTO EIO +#endif + +typedef struct { + /* Never changes. On Unix, these are identical, as it is + * backed by a socket. On Windows, it is another file + * descriptor, as they are backed by two pipes */ + int read_fd; + int write_fd; + + /* Protected by the lock */ + p11_mutex_t write_lock; + int refs; + int last_code; + bool sent_creds; + + /* This data is protected by read mutex */ + p11_mutex_t read_lock; +#ifdef OS_UNIX + /* Signalled when read_code changes */ + p11_cond_t read_code_cond; +#endif + bool read_creds; + uint32_t read_code; + uint32_t read_olen; + uint32_t read_dlen; +} rpc_socket; + +static rpc_socket * +rpc_socket_new (int fd) +{ + rpc_socket *sock; + + sock = calloc (1, sizeof (rpc_socket)); + return_val_if_fail (sock != NULL, NULL); + + sock->read_fd = fd; + sock->write_fd = fd; + sock->last_code = 0x10; + sock->read_creds = false; + sock->sent_creds = false; + sock->refs = 1; + + p11_mutex_init (&sock->write_lock); + p11_mutex_init (&sock->read_lock); + +#ifdef OS_UNIX + p11_cond_init (&sock->read_code_cond); +#endif + + return sock; +} + +#if 0 +static rpc_socket * +rpc_socket_ref (rpc_socket *sock) +{ + assert (sock != NULL); + + p11_mutex_lock (&sock->write_lock); + sock->refs++; + p11_mutex_unlock (&sock->write_lock); + + return sock; +} + +static bool +rpc_socket_is_open (rpc_socket *sock) +{ + assert (sock != NULL); + return sock->read_fd >= 0; +} +#endif + +static void +rpc_socket_close (rpc_socket *sock) +{ + assert (sock != NULL); + if (sock->read_fd != -1) + close (sock->read_fd); + sock->read_fd = -1; +#ifdef OS_WIN32 + if (sock->write_fd != -1) + close (sock->write_fd); + sock->write_fd = -1; +#endif +} + +static void +rpc_socket_unref (rpc_socket *sock) +{ + int release = 0; + + assert (sock != NULL); + + p11_mutex_lock (&sock->write_lock); + if (--sock->refs == 0) + release = 1; + p11_mutex_unlock (&sock->write_lock); + + if (!release) + return; + + assert (sock != NULL); + assert (sock->refs == 0); + + rpc_socket_close (sock); + p11_mutex_uninit (&sock->write_lock); + p11_mutex_uninit (&sock->read_lock); +#ifdef OS_UNIX + p11_cond_uninit (&sock->read_code_cond); +#endif + free (sock); +} + +static bool +write_all (int fd, + unsigned char* data, + size_t len) +{ + int r; + + while (len > 0) { + r = write (fd, data, len); + if (r == -1) { + if (errno == EPIPE) { + p11_message ("couldn't send data: closed connection"); + return false; + } else if (errno != EAGAIN && errno != EINTR) { + p11_message_err (errno, "couldn't send data"); + return false; + } + } else { + p11_debug ("wrote %d bytes", r); + data += r; + len -= r; + } + } + + return true; +} + +static bool +read_all (int fd, + unsigned char* data, + size_t len) +{ + int r; + + while (len > 0) { + r = read (fd, data, len); + if (r == 0) { + p11_message ("couldn't receive data: closed connection"); + return false; + } else if (r == -1) { + if (errno != EAGAIN && errno != EINTR) { + p11_message_err (errno, "couldn't receive data"); + return false; + } + } else { + p11_debug ("read %d bytes", r); + data += r; + len -= r; + } + } + + return true; +} + +static CK_RV +rpc_socket_write_inlock (rpc_socket *sock, + int code, + p11_buffer *options, + p11_buffer *buffer) +{ + unsigned char header[12]; + unsigned char dummy = '\0'; + + /* The socket is locked and referenced at this point */ + assert (buffer != NULL); + + /* Place holder byte, will later carry unix credentials (on some systems) */ + if (!sock->sent_creds) { + if (write_all (sock->write_fd, &dummy, 1) != 1) { + p11_message_err (errno, "couldn't send socket credentials"); + return CKR_DEVICE_ERROR; + } + sock->sent_creds = true; + } + + p11_rpc_buffer_encode_uint32 (header, code); + p11_rpc_buffer_encode_uint32 (header + 4, options->len); + p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); + + if (!write_all (sock->write_fd, header, 12) || + !write_all (sock->write_fd, options->data, options->len) || + !write_all (sock->write_fd, buffer->data, buffer->len)) + return CKR_DEVICE_ERROR; + + return CKR_OK; +} + +static p11_rpc_status +write_at (int fd, + unsigned char *data, + size_t len, + size_t offset, + size_t *at) +{ + p11_rpc_status status; + ssize_t num; + size_t from; + int errn; + + assert (*at >= offset); + + if (*at >= offset + len) + return P11_RPC_OK; + + from = *at - offset; + assert (from < len); + + num = write (fd, data + from, len - from); + errn = errno; + + /* Update state */ + if (num > 0) + *at += num; + + /* Completely written out this block */ + if (num == len - from) { + p11_debug ("ok: wrote block of %d", (int)num); + status = P11_RPC_OK; + + /* Partially written out this block */ + } else if (num >= 0) { + p11_debug ("again: partial read of %d", (int)num); + status = P11_RPC_AGAIN; + + /* Didn't write out block due to transient issue */ + } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) { + p11_debug ("again: due to %d", errn); + status = P11_RPC_AGAIN; + + /* Failure */ + } else { + p11_debug ("error: due to %d", errn); + status = P11_RPC_ERROR; + } + + errno = errn; + return status; +} + +p11_rpc_status +p11_rpc_transport_write (int fd, + size_t *state, + int call_code, + p11_buffer *options, + p11_buffer *buffer) +{ + unsigned char header[12] = { 0, }; + p11_rpc_status status; + + assert (state != NULL); + assert (options != NULL); + assert (buffer != NULL); + + if (*state < 12) { + p11_rpc_buffer_encode_uint32 (header, call_code); + p11_rpc_buffer_encode_uint32 (header + 4, options->len); + p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); + } + + status = write_at (fd, header, 12, 0, state); + + if (status == P11_RPC_OK) { + status = write_at (fd, options->data, options->len, + 12, state); + } + + if (status == P11_RPC_OK) { + status = write_at (fd, buffer->data, buffer->len, + 12 + options->len, state); + } + + /* All done */ + if (status == P11_RPC_OK) + *state = 0; + + return status; +} + +static void +rpc_socket_set_read_code_inlock (rpc_socket *sock, + int code) +{ + sock->read_code = code; +#ifdef OS_UNIX + p11_cond_broadcast (&sock->read_code_cond); +#endif +} + +#ifdef OS_UNIX +static void +rpc_socket_wait_for_read_code_change_inlock (rpc_socket *sock) +{ + p11_cond_wait (&sock->read_code_cond, &sock->read_lock); +} +#endif + +static int +rpc_socket_read (rpc_socket *sock, + int *code, + p11_buffer *buffer) +{ + CK_RV ret = CKR_DEVICE_ERROR; + unsigned char header[12]; + unsigned char dummy; +#ifdef OS_WIN32 + HANDLE handle; + DWORD mode; +#endif + + assert (code != NULL); + assert (buffer != NULL); + + /* + * We are not in the main socket lock here, but the socket + * is referenced, and won't go away + */ + + p11_mutex_lock (&sock->read_lock); + + if (!sock->read_creds) { + if (read_all (sock->read_fd, &dummy, 1) != 1) { + p11_mutex_unlock (&sock->read_lock); + return CKR_DEVICE_ERROR; + } + sock->read_creds = true; + } + + for (;;) { + /* No message header has been read yet? ... read one in */ + if (sock->read_code == 0) { + if (!read_all (sock->read_fd, header, 12)) + break; + + /* Decode and check the message header */ + rpc_socket_set_read_code_inlock (sock, p11_rpc_buffer_decode_uint32 (header)); + sock->read_olen = p11_rpc_buffer_decode_uint32 (header + 4); + sock->read_dlen = p11_rpc_buffer_decode_uint32 (header + 8); + if (sock->read_code == 0) { + p11_message ("received invalid rpc header values: perhaps wrong protocol"); + break; + } + } + + /* If it's our header (or caller doesn't care), then yay! */ + if (*code == -1 || sock->read_code == *code) { + + /* We ignore the options, so read into the same as buffer */ + if (!p11_buffer_reset (buffer, sock->read_olen) || + !p11_buffer_reset (buffer, sock->read_dlen)) { + warn_if_reached (); + break; + } + + /* Read in the the options first, and then data */ + if (!read_all (sock->read_fd, buffer->data, sock->read_olen) || + !read_all (sock->read_fd, buffer->data, sock->read_dlen)) + break; + + buffer->len = sock->read_dlen; + *code = sock->read_code; + + /* Yay, we got our data, off we go */ + rpc_socket_set_read_code_inlock (sock, 0); + sock->read_olen = 0; + sock->read_dlen = 0; + ret = CKR_OK; + break; + } + + /* Give another thread the chance to read data for this header */ + if (sock->read_code != 0) { + p11_debug ("received header in wrong thread"); + +#ifdef OS_UNIX + rpc_socket_wait_for_read_code_change_inlock (sock); +#endif +#ifdef OS_WIN32 + /* Used as a simple wait */ + p11_mutex_unlock (&sock->read_lock); + handle = (HANDLE) _get_osfhandle (sock->read_fd); + if (!ReadFile (handle, NULL, 0, &mode, NULL)) + p11_message ("couldn't use select to wait on rpc pipe"); + p11_mutex_lock (&sock->read_lock); +#endif + } + } + + p11_mutex_unlock (&sock->read_lock); + return ret; +} + +static p11_rpc_status +read_at (int fd, + unsigned char *data, + size_t len, + size_t offset, + size_t *at) +{ + p11_rpc_status status; + int errn; + ssize_t num; + size_t from; + + assert (*at >= offset); + + if (*at >= offset + len) + return P11_RPC_OK; + + from = *at - offset; + assert (from < len); + + num = read (fd, data + from, len - from); + errn = errno; + + /* Update state */ + if (num > 0) + *at += num; + + /* Completely read out this block */ + if (num == len - from) { + p11_debug ("ok: read block of %d", (int)num); + status = P11_RPC_OK; + + /* Partially read out this block */ + } else if (num > 0) { + p11_debug ("again: partial read of %d", (int)num); + status = P11_RPC_AGAIN; + + /* End of file, valid if at offset zero */ + } else if (num == 0) { + if (offset == 0) { + p11_debug ("eof: read zero bytes"); + status = P11_RPC_EOF; + } else { + p11_debug ("error: early truncate"); + errn = EPROTO; + status = P11_RPC_ERROR; + } + + /* Didn't read out block due to transient issue */ + } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) { + p11_debug ("again: due to %d", errn); + status = P11_RPC_AGAIN; + + /* Failure */ + } else { + p11_debug ("error: due to %d", errn); + status = P11_RPC_ERROR; + } + + errno = errn; + return status; +} + +p11_rpc_status +p11_rpc_transport_read (int fd, + size_t *state, + int *call_code, + p11_buffer *options, + p11_buffer *buffer) +{ + unsigned char *header; + p11_rpc_status status; + size_t len; + + assert (state != NULL); + assert (call_code != NULL); + assert (options != NULL); + assert (buffer != NULL); + + /* Reading the header, we read it into @buffer */ + if (*state < 12) { + if (!p11_buffer_reset (buffer, 12)) + return_val_if_reached (P11_RPC_ERROR); + status = read_at (fd, buffer->data, 12, 0, state); + if (status != P11_RPC_OK) + return status; + + /* Parse out the header */ + header = buffer->data; + *call_code = p11_rpc_buffer_decode_uint32 (header); + len = p11_rpc_buffer_decode_uint32 (header + 4); + if (!p11_buffer_reset (options, len)) + return_val_if_reached (P11_RPC_ERROR); + options->len = len; + len = p11_rpc_buffer_decode_uint32 (header + 8); + if (!p11_buffer_reset (buffer, len)) + return_val_if_reached (P11_RPC_ERROR); + buffer->len = len; + } + + /* At this point options has a valid len field */ + status = read_at (fd, options->data, options->len, 12, state); + if (status == P11_RPC_OK) { + status = read_at (fd, buffer->data, buffer->len, + 12 + options->len, state); + } + + if (status == P11_RPC_OK) + *state = 0; + + return status; +} + +struct _p11_rpc_transport { + p11_rpc_client_vtable vtable; + p11_destroyer destroyer; + rpc_socket *socket; + p11_buffer options; +}; + +static void +rpc_transport_disconnect (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; + + if (rpc->socket) { + rpc_socket_close (rpc->socket); + rpc_socket_unref (rpc->socket); + rpc->socket = NULL; + } +} + +static bool +rpc_transport_init (p11_rpc_transport *rpc, + const char *module_name, + p11_destroyer destroyer) +{ + rpc->destroyer = destroyer; + + p11_buffer_init_null (&rpc->options, 0); + p11_buffer_add (&rpc->options, module_name, -1); + return_val_if_fail (p11_buffer_ok (&rpc->options), false); + + return true; +} + +static void +rpc_transport_uninit (p11_rpc_transport *rpc) +{ + p11_buffer_uninit (&rpc->options); +} + +static CK_RV +rpc_transport_buffer (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; + CK_RV rv = CKR_OK; + rpc_socket *sock; + int call_code; + + assert (rpc != NULL); + assert (request != NULL); + assert (response != NULL); + + sock = rpc->socket; + assert (sock != NULL); + + p11_mutex_lock (&sock->write_lock); + assert (sock->refs > 0); + sock->refs++; + + /* Get the next socket reply code */ + call_code = sock->last_code++; + + if (sock->read_fd == -1) + rv = CKR_DEVICE_ERROR; +#ifdef OS_WIN32 + if (sock->write_fd == -1) + rv = CKR_DEVICE_ERROR; +#endif + if (rv == CKR_OK) + rv = rpc_socket_write_inlock (sock, call_code, &rpc->options, request); + + /* We unlock the socket mutex while reading a response */ + if (rv == CKR_OK) { + p11_mutex_unlock (&sock->write_lock); + + rv = rpc_socket_read (sock, &call_code, response); + + p11_mutex_lock (&sock->write_lock); + } + + if (rv != CKR_OK && sock->read_fd != -1) { + p11_message ("closing socket due to protocol failure"); + close (sock->read_fd); + sock->read_fd = -1; + } +#ifdef OS_WIN32 + if (rv != CKR_OK && sock->write_fd != -1) { + p11_message ("closing socket due to protocol failure"); + close (sock->write_fd); + sock->write_fd = -1; + } +#endif + + sock->refs--; + assert (sock->refs > 0); + p11_mutex_unlock (&sock->write_lock); + + return rv; +} + +#ifdef OS_UNIX + +typedef struct { + p11_rpc_transport base; + p11_array *argv; + pid_t pid; +} rpc_exec; + +static void +rpc_exec_wait_or_terminate (pid_t pid) +{ + bool terminated = false; + int status; + int sig; + int ret; + int i; + + + for (i = 0; i < 3 * 1000; i += 100) { + ret = waitpid (pid, &status, WNOHANG); + if (ret != 0) + break; + p11_sleep_ms (100); + } + + if (ret == 0) { + p11_message ("process %d did not exit, terminating", (int)pid); + kill (pid, SIGTERM); + terminated = true; + ret = waitpid (pid, &status, 0); + } + + if (ret < 0) { + p11_message_err (errno, "failed to wait for executed child: %d", (int)pid); + status = 0; + } else if (WIFEXITED (status)) { + status = WEXITSTATUS (status); + if (status == 0) + p11_debug ("process %d exited with status 0", (int)pid); + else + p11_message ("process %d exited with status %d", (int)pid, status); + } else if (WIFSIGNALED (status)) { + sig = WTERMSIG (status); + if (!terminated || sig != SIGTERM) + p11_message ("process %d was terminated with signal %d", (int)pid, sig); + } +} + +static void +rpc_exec_disconnect (p11_rpc_client_vtable *vtable, + void *fini_reserved) +{ + rpc_exec *rex = (rpc_exec *)vtable; + + if (rex->base.socket) + rpc_socket_close (rex->base.socket); + + if (rex->pid) + rpc_exec_wait_or_terminate (rex->pid); + rex->pid = 0; + + /* Do the common disconnect stuff */ + rpc_transport_disconnect (vtable, fini_reserved); +} + +static int +set_cloexec_on_fd (void *data, + int fd) +{ + int *max_fd = data; + if (fd >= *max_fd) + fcntl (fd, F_SETFD, FD_CLOEXEC); + return 0; +} + +static CK_RV +rpc_exec_connect (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + rpc_exec *rex = (rpc_exec *)vtable; + pid_t pid; + int max_fd; + int fds[2]; + int errn; + + p11_debug ("executing rpc transport: %s", (char *)rex->argv->elem[0]); + + if (socketpair (AF_UNIX, SOCK_STREAM, 0, fds) < 0) { + p11_message_err (errno, "failed to create pipe for remote"); + return CKR_DEVICE_ERROR; + } + + pid = fork (); + switch (pid) { + + /* Failure */ + case -1: + close (fds[0]); + close (fds[1]); + p11_message_err (errno, "failed to fork for remote"); + return CKR_DEVICE_ERROR; + + /* Child */ + case 0: + if (dup2 (fds[1], STDIN_FILENO) < 0 || + dup2 (fds[1], STDOUT_FILENO) < 0) { + errn = errno; + p11_message_err (errn, "couldn't dup file descriptors in remote child"); + _exit (errn); + } + + /* Close file descriptors, except for above on exec */ + max_fd = STDERR_FILENO + 1; + fdwalk (set_cloexec_on_fd, &max_fd); + execvp (rex->argv->elem[0], (char **)rex->argv->elem); + + errn = errno; + p11_message_err (errn, "couldn't execute program for rpc: %s", + (char *)rex->argv->elem[0]); + _exit (errn); + + /* The parent */ + default: + break; + } + + close (fds[1]); + rex->pid = pid; + rex->base.socket = rpc_socket_new (fds[0]); + return_val_if_fail (rex->base.socket != NULL, CKR_GENERAL_ERROR); + + return CKR_OK; +} + +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + +typedef struct { + p11_rpc_transport base; + p11_array *argv; + HANDLE pid; +} rpc_exec; + +static void +rpc_exec_wait_or_terminate (HANDLE pid) +{ + DWORD status; + int ret; + int i; + + + for (i = 0; i < 3 * 1000; i += 100) { + ret = WaitForSingleObject (pid, 10000); + if (ret == WAIT_OBJECT_0) + break; + } + + if (ret != WAIT_OBJECT_0) { + p11_message ("process %p did not exit, terminating", pid); + if (!TerminateProcess (pid, SIGTERM)) + p11_message ("couldn't terminate process %p", pid); + ret = WaitForSingleObject (pid, 0); + } + + if (ret != WAIT_OBJECT_0) { + p11_message ("failed to wait for executed child: %p", pid); + status = 0; + } else if (!GetExitCodeProcess (pid, &status)) { + p11_message ("failed to get the exit status of %p", pid); + } else if (status == 0) { + p11_debug ("process %p exited with status 0", pid); + } else { + p11_message ("process %p exited with status %lu", pid, status); + } + + CloseHandle (pid); +} + +static void +rpc_exec_disconnect (p11_rpc_client_vtable *vtable, + void *fini_reserved) +{ + rpc_exec *rex = (rpc_exec *)vtable; + + if (rex->base.socket) + rpc_socket_close (rex->base.socket); + + if (rex->pid != INVALID_HANDLE_VALUE) + rpc_exec_wait_or_terminate (rex->pid); + rex->pid = INVALID_HANDLE_VALUE; + + /* Do the common disconnect stuff */ + rpc_transport_disconnect (vtable, fini_reserved); +} + +static int +set_cloexec_on_fd (int fd) +{ + HANDLE handle; + + handle = (HANDLE) _get_osfhandle (fd); + if (!SetHandleInformation (handle, HANDLE_FLAG_INHERIT, 0)) + return -1; + + return 0; +} + +static CK_RV +rpc_exec_connect (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + rpc_exec *rex = (rpc_exec *)vtable; + intptr_t pid = -1; + int pw[2] = { -1, -1 }, pr[2] = { -1, -1 }; + int fds[2] = { -1, -1 }; + CK_RV rv = CKR_OK; + + p11_debug ("executing rpc transport: %s", (char *)rex->argv->elem[0]); + + setvbuf (stdout, NULL, _IONBF, 0 ); + + if (_pipe (pw, 256, _O_BINARY) == -1 || + set_cloexec_on_fd (pw[1]) == -1) { + p11_message_err (errno, "failed to create pipe for remote"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + if (_pipe (pr, 256, _O_BINARY) == -1 || + set_cloexec_on_fd (pr[0]) == -1) { + p11_message_err (errno, "failed to create pipe for remote"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + /* Save the original stdin and stdout */ + fds[0] = dup (STDIN_FILENO); + if (fds[0] == -1) { + p11_message_err (errno, "failed to duplicate stdin"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + fds[1] = dup (STDOUT_FILENO); + if (fds[1] == -1) { + p11_message_err (errno, "failed to duplicate stdout"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + /* Temporarily redirect pipe descriptors to stdin/stdout for child */ + if (dup2 (pw[0], STDIN_FILENO) == -1 || + dup2 (pr[1], STDOUT_FILENO) == -1) { + p11_message_err (errno, "failed to duplicate child end of pipe"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + pid = _spawnv (P_NOWAIT, + rex->argv->elem[0], + (const char * const *)rex->argv->elem); + + if (pid == -1) { + p11_message_err (errno, "failed to spawn remote"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + close (pw[0]); + pw[0] = -1; + close (pr[1]); + pr[1] = -1; + + /* Restore the original stdin and stdout */ + if (dup2 (fds[0], STDIN_FILENO) == -1 || + dup2 (fds[1], STDOUT_FILENO) == -1) { + p11_message_err (errno, "failed to restore file descriptors"); + rv = CKR_DEVICE_ERROR; + goto out; + } + + close (fds[0]); + fds[0] = -1; + close (fds[1]); + fds[1] = -1; + + rex->pid = (HANDLE) pid; + rex->base.socket = rpc_socket_new (pr[0]); + return_val_if_fail (rex->base.socket != NULL, CKR_GENERAL_ERROR); + rex->base.socket->write_fd = pw[1]; + + out: + if (rv != CKR_OK) { + if (pid != -1) { + TerminateProcess ((HANDLE) pid, SIGTERM); + CloseHandle ((HANDLE) pid); + } + if (pw[0] != -1) + close (pw[0]); + if (pw[1] != -1) + close (pw[1]); + if (pr[0] != -1) + close (pr[0]); + if (pr[1] != -1) + close (pr[1]); + if (fds[0] != -1) + close (fds[0]); + if (fds[1] != -1) + close (fds[1]); + } + + return rv; +} + +#endif /* OS_WIN32 */ + +static void +rpc_exec_free (void *data) +{ + rpc_exec *rex = data; + rpc_exec_disconnect (data, NULL); + rpc_transport_uninit (&rex->base); + p11_array_free (rex->argv); + free (rex); +} + +static void +on_argv_parsed (char *argument, + void *data) +{ + p11_array *argv = data; + + if (!p11_array_push (argv, strdup (argument))) + return_if_reached (); +} + +static p11_rpc_transport * +rpc_exec_init (const char *remote, + const char *name) +{ + p11_array *argv; + rpc_exec *rex; + + argv = p11_array_new (free); + if (!p11_argv_parse (remote, on_argv_parsed, argv) || argv->num < 1) { + p11_message ("invalid remote command line: %s", remote); + p11_array_free (argv); + return NULL; + } + + rex = calloc (1, sizeof (rpc_exec)); + return_val_if_fail (rex != NULL, NULL); + + p11_array_push (argv, NULL); + rex->argv = argv; +#ifdef OS_WIN32 + rex->pid = INVALID_HANDLE_VALUE; +#endif + + rex->base.vtable.connect = rpc_exec_connect; + rex->base.vtable.disconnect = rpc_exec_disconnect; + rex->base.vtable.transport = rpc_transport_buffer; + rpc_transport_init (&rex->base, name, rpc_exec_free); + + p11_debug ("initialized rpc exec: %s", remote); + return &rex->base; +} + +#ifdef OS_UNIX + +typedef struct { + p11_rpc_transport base; + struct sockaddr_un sa; +} rpc_unix; + +static CK_RV +rpc_unix_connect (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + rpc_unix *run = (rpc_unix *)vtable; + int fd; + + fd = socket (AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + p11_message_err (errno, "failed to create socket for remote"); + return CKR_GENERAL_ERROR; + } + + if (connect (fd, (struct sockaddr *)&run->sa, sizeof (run->sa)) < 0) { + p11_debug_err (errno, "failed to connect to socket"); + close (fd); + return CKR_DEVICE_REMOVED; + } + + run->base.socket = rpc_socket_new (fd); + return_val_if_fail (run->base.socket != NULL, CKR_GENERAL_ERROR); + + return CKR_OK; +} + +static void +rpc_unix_disconnect (p11_rpc_client_vtable *vtable, + void *fini_reserved) +{ + rpc_unix *run = (rpc_unix *)vtable; + + if (run->base.socket) + rpc_socket_close (run->base.socket); + + /* Do the common disconnect stuff */ + rpc_transport_disconnect (vtable, fini_reserved); +} + +static void +rpc_unix_free (void *data) +{ + rpc_unix *run = data; + rpc_unix_disconnect (data, NULL); + rpc_transport_uninit (&run->base); + free (run); +} + +static p11_rpc_transport * +rpc_unix_init (const char *remote, + const char *name) +{ + rpc_unix *run; + + run = calloc (1, sizeof (rpc_unix)); + return_val_if_fail (run != NULL, NULL); + + memset (&run->sa, 0, sizeof (run->sa)); + run->sa.sun_family = AF_UNIX; + snprintf (run->sa.sun_path, sizeof (run->sa.sun_path), "%s", remote); + + run->base.vtable.connect = rpc_unix_connect; + run->base.vtable.disconnect = rpc_unix_disconnect; + run->base.vtable.transport = rpc_transport_buffer; + rpc_transport_init (&run->base, name, rpc_unix_free); + + p11_debug ("initialized rpc socket: %s", remote); + return &run->base; +} + +#endif /* OS_UNIX */ + +#ifdef HAVE_VSOCK +#include +#include + +typedef struct { + p11_rpc_transport base; + struct sockaddr_vm sa; +} rpc_vsock; + +static CK_RV +rpc_vsock_connect (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + rpc_vsock *run = (rpc_vsock *)vtable; + int fd; + + fd = socket (AF_VSOCK, SOCK_STREAM, 0); + if (fd < 0) { + p11_message_err (errno, "failed to create socket for remote"); + return CKR_GENERAL_ERROR; + } + + if (connect (fd, (struct sockaddr *)&run->sa, sizeof (run->sa)) < 0) { + p11_debug_err (errno, "failed to connect to socket"); + close (fd); + return CKR_DEVICE_REMOVED; + } + + run->base.socket = rpc_socket_new (fd); + return_val_if_fail (run->base.socket != NULL, CKR_GENERAL_ERROR); + + return CKR_OK; +} + +static void +rpc_vsock_disconnect (p11_rpc_client_vtable *vtable, + void *fini_reserved) +{ + rpc_vsock *run = (rpc_vsock *)vtable; + + if (run->base.socket) + rpc_socket_close (run->base.socket); + + /* Do the common disconnect stuff */ + rpc_transport_disconnect (vtable, fini_reserved); +} + +static void +rpc_vsock_free (void *data) +{ + rpc_vsock *run = data; + rpc_vsock_disconnect (data, NULL); + rpc_transport_uninit (&run->base); + free (run); +} + +static p11_rpc_transport * +rpc_vsock_init (unsigned int cid, + unsigned int port, + const char *name) +{ + rpc_vsock *run; + + run = calloc (1, sizeof (rpc_vsock)); + return_val_if_fail (run != NULL, NULL); + + memset (&run->sa, 0, sizeof (run->sa)); + run->sa.svm_family = AF_VSOCK; + run->sa.svm_cid = cid; + run->sa.svm_port = port; + + run->base.vtable.connect = rpc_vsock_connect; + run->base.vtable.disconnect = rpc_vsock_disconnect; + run->base.vtable.transport = rpc_transport_buffer; + rpc_transport_init (&run->base, name, rpc_vsock_free); + + p11_debug ("initialized rpc socket: vsock:cid=%u;port=%u", + cid, port); + return &run->base; +} + +#endif /* HAVE_VSOCK */ + +p11_rpc_transport * +p11_rpc_transport_new (p11_virtual *virt, + const char *remote, + const char *name) +{ + p11_rpc_transport *rpc = NULL; + + return_val_if_fail (virt != NULL, NULL); + return_val_if_fail (remote != NULL, NULL); + return_val_if_fail (name != NULL, NULL); + + /* This is a command we can execute */ + if (remote[0] == '|') { + rpc = rpc_exec_init (remote + 1, name); + +#ifdef OS_UNIX + } else if (strncmp (remote, "unix:path=/", 11) == 0) { + /* Only absolute path is supported */ + char *path; + + path = p11_path_decode (remote + 10); + return_val_if_fail (path != NULL, NULL); + rpc = rpc_unix_init (path, name); + free (path); +#endif /* OS_UNIX */ +#ifdef HAVE_VSOCK + } else if (strncmp (remote, "vsock:", 6) == 0) { + unsigned int cid = 0, port = 0; + + if (!p11_vsock_parse_addr (remote + 6, &cid, &port) || + cid == VMADDR_CID_ANY) { + p11_message ("failed to parse vsock address: '%s'", + remote + 6); + return NULL; + } + + rpc = rpc_vsock_init (cid, port, name); +#endif /* HAVE_VSOCK */ + } else { + p11_message ("remote not supported: %s", remote); + return NULL; + } + + return_val_if_fail (rpc != NULL, NULL); + + if (!p11_rpc_client_init (virt, &rpc->vtable)) + return_val_if_reached (NULL); + + return rpc; +} + +void +p11_rpc_transport_free (void *data) +{ + p11_rpc_transport *rpc = data; + + if (rpc != NULL) { + assert (rpc->destroyer); + (rpc->destroyer) (data); + } +} diff --git a/p11-kit/rpc.h b/p11-kit/rpc.h new file mode 100644 index 0000000..b129e61 --- /dev/null +++ b/p11-kit/rpc.h @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2012 Stefan Walter + * Copyright (C) 2013 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_RPC_H__ +#define __P11_RPC_H__ + +#include "pkcs11.h" +#include "buffer.h" +#include "virtual.h" + +typedef struct _p11_rpc_client_vtable p11_rpc_client_vtable; + +struct _p11_rpc_client_vtable { + void *data; + + CK_RV (* connect) (p11_rpc_client_vtable *vtable, + void *init_reserved); + + CK_RV (* transport) (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response); + + void (* disconnect) (p11_rpc_client_vtable *vtable, + void *fini_reserved); +}; + +bool p11_rpc_client_init (p11_virtual *virt, + p11_rpc_client_vtable *vtable); + +bool p11_rpc_server_handle (CK_X_FUNCTION_LIST *funcs, + p11_buffer *request, + p11_buffer *response); + +extern CK_MECHANISM_TYPE * p11_rpc_mechanisms_override_supported; + +typedef struct _p11_rpc_transport p11_rpc_transport; + +p11_rpc_transport * p11_rpc_transport_new (p11_virtual *virt, + const char *remote, + const char *name); + +void p11_rpc_transport_free (void *transport); + +typedef enum { + P11_RPC_OK, + P11_RPC_EOF, + P11_RPC_AGAIN, + P11_RPC_ERROR +} p11_rpc_status; + +p11_rpc_status p11_rpc_transport_read (int fd, + size_t *state, + int *call_code, + p11_buffer *options, + p11_buffer *buffer); + +p11_rpc_status p11_rpc_transport_write (int fd, + size_t *state, + int call_code, + p11_buffer *options, + p11_buffer *buffer); + +#endif /* __P11_RPC_H__ */ diff --git a/p11-kit/server.c b/p11-kit/server.c new file mode 100644 index 0000000..ce5bee3 --- /dev/null +++ b/p11-kit/server.c @@ -0,0 +1,1406 @@ +/* + * Copyright (C) 2014 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "path.h" +#include "p11-kit.h" +#include "remote.h" +#include "tool.h" + +#include +#include +#include +#include +#include +#include +#include + +#ifdef OS_UNIX + +#include "unix-peer.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef WITH_SYSTEMD +#include +#endif + +#ifdef HAVE_VSOCK +#include "vsock.h" +#include +#endif + +#ifdef HAVE_SIGHANDLER_T +#define SIGHANDLER_T sighandler_t +#elif HAVE_SIG_T +#define SIGHANDLER_T sig_t +#elif HAVE___SIGHANDLER_T +#define SIGHANDLER_T __sighandler_t +#else +typedef void (*sighandler_t)(int); +#define SIGHANDLER_T sighandler_t +#endif + +#endif /* OS_UNIX */ + +typedef struct { + const char **tokens; + size_t n_tokens; + const char *provider; + + const char *socket_name; + +#ifdef OS_UNIX + uid_t uid; + gid_t gid; + +#ifdef HAVE_VSOCK + unsigned int vsock_cid; + unsigned int vsock_port; +#endif /* HAVE_VSOCK */ + + int socket; +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + CK_FUNCTION_LIST *module; +#endif /* OS_WIN32 */ +} Server; + +static void +server_free (Server *server) +{ + if (server == NULL) + return; + +#ifdef OS_UNIX + if (server->socket >= 0) + close (server->socket); +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + if (server->module) + p11_kit_module_release (server->module); +#endif /* OS_WIN32 */ + + free (server); +} + +static Server * +server_new (const char **tokens, size_t n_tokens, const char *provider, + const char *socket_name) +{ + Server *server; + + return_val_if_fail (tokens, NULL); + return_val_if_fail (n_tokens > 0, NULL); + return_val_if_fail (socket_name, NULL); + + server = calloc (1, sizeof (Server)); + + if (server == NULL) + return NULL; + + server->tokens = tokens; + server->n_tokens = n_tokens; + server->provider = provider; + server->socket_name = socket_name; + +#ifdef OS_UNIX + if (strncmp (socket_name, "unix:path=", 10) == 0) { + server->socket_name = socket_name + 10; +#ifdef HAVE_VSOCK + } else if (strncmp (socket_name, "vsock:", 6) == 0) { + if (!p11_vsock_parse_addr(socket_name + 6, + &server->vsock_cid, + &server->vsock_port)) { + p11_message ("failed to parse vsock address: '%s'", + socket_name + 6); + free (server); + return NULL; + } + if (server->vsock_cid == VMADDR_CID_ANY) { + /* We need to print the right CID so that clients can + * know the address to connect to. Just binding to + * VMADDR_CID_ANY isn't stunningly useful unless the + * client knows the CID through other means */ + p11_vsock_get_local_cid (&server->vsock_cid); + /* On error, we'll just report 0xFFFFFFFF */ + } + server->socket_name = NULL; +#endif /* HAVE_VSOCK */ + } + + server->socket = -1; +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + /* On Windows, we need to load module by ourselves as we don't + * launch "p11-kit remote" */ + if (strncmp (tokens[0], "pkcs11:", 7) == 0) { + if (server->provider) { + server->module = p11_kit_module_load (server->provider, 0); + if (server->module == NULL) { + free (server); + return NULL; + } + } + } else { + server->module = p11_kit_module_load (tokens[0], 0); + if (server->module == NULL) { + free (server); + return NULL; + } + } +#endif /* OS_WIN32 */ + + return server; +} + +#ifdef OS_UNIX + +static bool need_children_cleanup = false; +static bool terminate = false; +static unsigned children_avail = 0; +static bool quiet = false; +static bool csh_opt = false; + +#define P11_KIT_SERVER_ADDRESS_ENV "P11_KIT_SERVER_ADDRESS" +#define P11_KIT_SERVER_PID_ENV "P11_KIT_SERVER_PID" + +static SIGHANDLER_T +ocsignal (int signum, SIGHANDLER_T handler) +{ + struct sigaction new_action, old_action; + + new_action.sa_handler = handler; + sigemptyset (&new_action.sa_mask); + new_action.sa_flags = 0; + + sigaction (signum, &new_action, &old_action); + return old_action.sa_handler; +} + +static void +cleanup_children (void) +{ + int status; + pid_t pid; + + while ((pid = waitpid (-1, &status, WNOHANG)) > 0) { + if (children_avail > 0) + children_avail--; + if (WIFSIGNALED (status)) { + if (WTERMSIG (status) == SIGSEGV) + p11_message ("child %u died with sigsegv", (unsigned)pid); + else + p11_message ("child %u died with signal %d", (unsigned)pid, (int)WTERMSIG (status)); + } + } + need_children_cleanup = false; +} + +static void +handle_children (int signo) +{ + need_children_cleanup = true; +} + +static void +handle_term (int signo) +{ + terminate = true; +} + +static int +set_cloexec_on_fd (void *data, + int fd) +{ + int *max_fd = data; + if (fd >= *max_fd) + fcntl (fd, F_SETFD, FD_CLOEXEC); + return 0; +} + +static int +exec_external (int argc, + char *argv[]) +{ + const char *private_dir; + char *path; + int rc; + + return_val_if_fail (argc >= 1, -1); + + private_dir = secure_getenv ("P11_KIT_PRIVATEDIR"); + if (!private_dir || !private_dir[0]) + private_dir = PRIVATEDIR; + + /* Add our libexec directory to the path */ + path = p11_path_build (private_dir, argv[0], NULL); + return_val_if_fail (path != NULL, -1); + + argv[argc] = NULL; + rc = execv (path, argv); + + free (path); + return rc; +} + +static int +create_unix_socket (const char *address, + uid_t uid, + gid_t gid) +{ + int rc, sd; + struct sockaddr_un sa; + const char *socket_file; + + memset (&sa, 0, sizeof(sa)); + sa.sun_family = AF_UNIX; + + return_val_if_fail (strlen (address) < sizeof (sa.sun_path), -1); + strncpy (sa.sun_path, address, sizeof (sa.sun_path)); + socket_file = sa.sun_path; + + remove (sa.sun_path); + + sd = socket (AF_UNIX, SOCK_STREAM, 0); + if (sd == -1) { + p11_message_err (errno, "could not create socket %s", socket_file); + return -1; + } + + umask (066); + rc = bind (sd, (struct sockaddr *)&sa, SUN_LEN (&sa)); + if (rc == -1) { + close (sd); + p11_message_err (errno, "could not bind socket %s", socket_file); + return -1; + } + + rc = listen (sd, 1024); + if (rc == -1) { + close (sd); + p11_message_err (errno, "could not listen to socket %s", socket_file); + return 1; + } + + if (uid != -1 && gid != -1) { + rc = chown (socket_file, uid, gid); + if (rc == -1) { + close (sd); + p11_message_err (errno, "could not chown socket %s", socket_file); + return -1; + } + } + + return sd; +} + +#ifdef HAVE_VSOCK +static int +create_vsock_socket (unsigned int cid, + unsigned int port) +{ + int rc, sd; + struct sockaddr_vm sa; + + memset (&sa, 0, sizeof(sa)); + sa.svm_family = AF_VSOCK; + sa.svm_cid = cid; + sa.svm_port = port; + + sd = socket (AF_VSOCK, SOCK_STREAM, 0); + if (sd == -1) { + p11_message_err (errno, "could not create socket %u:%u", cid, port); + return -1; + } + + rc = bind (sd, (struct sockaddr *)&sa, sizeof(sa)); + if (rc == -1) { + close (sd); + p11_message_err (errno, "could not bind socket %u:%u", cid, port); + return -1; + } + + rc = listen (sd, 1024); + if (rc == -1) { + close (sd); + p11_message_err (errno, "could not listen to socket %u:%u", cid, port); + return 1; + } + + return sd; +} +#endif /* HAVE_VSOCK */ + +static bool +check_credentials (int fd, + uid_t uid, + gid_t gid) +{ + int rc; + uid_t tuid; + gid_t tgid; + + rc = p11_get_upeer_id (fd, &tuid, &tgid, NULL); + if (rc == -1) { + p11_message_err (errno, "could not check uid from socket"); + close (fd); + return false; + } + + if (uid != -1 && uid != tuid) { + p11_message ("connecting uid (%u) doesn't match expected (%u)", + (unsigned)tuid, (unsigned)uid); + close (fd); + return false; + } + + if (gid != -1 && gid != tgid) { + p11_message ("connecting gid (%u) doesn't match expected (%u)", + (unsigned)tgid, (unsigned)gid); + close (fd); + return false; + } + + return true; +} + +static bool +print_environment (pid_t pid, Server *server, bool csh) +{ + char *path, *address; + int rc = -1; + + if (server->socket_name) { + path = p11_path_encode (server->socket_name); + rc = asprintf (&address, "unix:path=%s", path); + free (path); +#ifdef HAVE_VSOCK + } else if (server->vsock_cid || server->vsock_port) { + if (server->vsock_cid == VMADDR_CID_ANY) { + rc = asprintf (&address, "vsock:port=%u", + server->vsock_port); + } else { + rc = asprintf (&address, "vsock:cid=%u;port=%u", + server->vsock_cid, server->vsock_port); + } +#endif + } + if (rc < 0) + return false; + if (csh) { + printf ("setenv %s %s;\n", + P11_KIT_SERVER_ADDRESS_ENV, + address); + printf ("setenv %s %d;\n", + P11_KIT_SERVER_PID_ENV, + pid); + } else { + printf ("%s=%s; export %s;\n", + P11_KIT_SERVER_ADDRESS_ENV, address, + P11_KIT_SERVER_ADDRESS_ENV); + printf ("%s=%d; export %s;\n", + P11_KIT_SERVER_PID_ENV, pid, + P11_KIT_SERVER_PID_ENV); + } + free (address); + return true; +} + +static int +server_loop (Server *server, + bool foreground, + struct timespec *timeout) +{ + int ret; + int cfd; + pid_t pid; + socklen_t sa_len; + struct sockaddr_un sa; + fd_set rd_set; + sigset_t emptyset, blockset; + char **args; + size_t n_args, i; + int max_fd; + int errn; + + sigemptyset (&blockset); + sigemptyset (&emptyset); + sigaddset (&blockset, SIGCHLD); + sigaddset (&blockset, SIGTERM); + sigaddset (&blockset, SIGINT); + ocsignal (SIGCHLD, handle_children); + ocsignal (SIGTERM, handle_term); + ocsignal (SIGINT, handle_term); + + /* run as daemon */ + if (!foreground) { + pid = fork (); + if (pid == -1) { + p11_message_err (errno, "could not fork() to daemonize"); + return 1; + } + if (pid == 0) { + close (STDIN_FILENO); + close (STDOUT_FILENO); + } + if (pid != 0) { + if (!print_environment (pid, server, csh_opt)) + return 1; + exit (0); + } + if (setsid () == -1) { + p11_message_err (errno, "could not create a new session"); + return 1; + } + } + +#ifdef WITH_SYSTEMD + ret = sd_listen_fds (0); + if (ret > 1) { + p11_message ("too many file descriptors received"); + return 1; + } else if (ret == 1) { + server->socket = SD_LISTEN_FDS_START + 0; + } else +#endif + if (server->socket_name) { + server->socket = create_unix_socket (server->socket_name, server->uid, server->gid); +#ifdef HAVE_VSOCK + } else if (server->vsock_cid || server->vsock_port) { + server->socket = create_vsock_socket (server->vsock_cid, server->vsock_port); +#endif + } + if (server->socket == -1) + return 1; + + sigprocmask (SIG_BLOCK, &blockset, NULL); + + /* for testing purposes, even when started in foreground, + * print the envvars */ + if (foreground) { + if (!print_environment (getpid (), server, csh_opt)) + return 1; + fflush (stdout); + } + + /* accept connections */ + ret = 0; + for (;;) { + if (need_children_cleanup) + cleanup_children (); + + if (terminate) + break; + + FD_ZERO (&rd_set); + FD_SET (server->socket, &rd_set); + + ret = pselect (server->socket + 1, &rd_set, NULL, NULL, timeout, &emptyset); + if (ret == -1 && errno == EINTR) + continue; + + /* timeout */ + if (ret == 0 && children_avail == 0 && timeout != NULL) { + p11_message ("no connections to %s for %lu secs, exiting", server->socket_name, timeout->tv_sec); + break; + } + + if (FD_ISSET (server->socket, &rd_set)) { + sa_len = sizeof (sa); + cfd = accept (server->socket, (struct sockaddr *)&sa, &sa_len); + if (cfd == -1) { + if (errno != EINTR) + p11_message_err (errno, "could not accept from socket %s", server->socket_name); + continue; + } + + if (server->socket_name && + !check_credentials (cfd, server->uid, server->gid)) + continue; + + pid = fork (); + switch (pid) { + case -1: + p11_message_err (errno, "failed to fork for accept"); + continue; + /* Child */ + case 0: + sigprocmask (SIG_UNBLOCK, &blockset, NULL); + if (dup2 (cfd, STDIN_FILENO) < 0 || + dup2 (cfd, STDOUT_FILENO) < 0) { + errn = errno; + p11_message_err (errn, "couldn't dup file descriptors in remote child"); + _exit (errn); + } + + /* Close file descriptors, except for above on exec */ + max_fd = STDERR_FILENO + 1; + fdwalk (set_cloexec_on_fd, &max_fd); + + /* Execute 'p11-kit remote'; this shouldn't return */ + args = calloc (3 + server->n_tokens + 1, sizeof (char *)); + if (args == NULL) { + errn = errno; + p11_message_err (errn, "couldn't allocate memory for 'p11-kit remote' arguments"); + _exit (errn); + } + + n_args = 0; + args[n_args] = P11_KIT_REMOTE; + n_args++; + + if (server->provider) { + args[n_args] = "--provider"; + n_args++; + args[n_args] = (char *)server->provider; + n_args++; + } + + for (i = 0; i < server->n_tokens; i++, n_args++) + args[n_args] = (char *)server->tokens[i]; + + exec_external (n_args, args); + free (args); + + errn = errno; + p11_message_err (errn, "couldn't execute 'p11-kit remote'"); + _exit (errn); + default: + children_avail++; + break; + } + close (cfd); + } + } + + remove (server->socket_name); + + return ret; +} + +int +main (int argc, + char *argv[]) +{ + char *socket_base = NULL, *socket_name = NULL; + uid_t uid = -1, run_as_uid = -1; + gid_t gid = -1, run_as_gid = -1; + int opt; + const struct passwd *pwd; + const struct group *grp; + bool foreground = false; + bool kill_opt = false; + struct timespec *timeout = NULL, ts; + char *name = NULL; + char *provider = NULL; + Server *server = NULL; + int ret = 0; + + enum { + opt_verbose = 'v', + opt_quiet = 'q', + opt_help = 'h', + opt_user = 'u', + opt_group = 'g', + opt_run_as_user = 'a', + opt_run_as_group = 'z', + opt_foreground = 'f', + opt_timeout = 't', + opt_name = 'n', + opt_provider = 'p', + opt_kill = 'k', + opt_csh = 'c', + opt_sh = 's' + }; + + struct option options[] = { + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "help", no_argument, NULL, opt_help }, + { "foreground", no_argument, NULL, opt_foreground }, + { "user", required_argument, NULL, opt_user }, + { "group", required_argument, NULL, opt_group }, + { "run-as-user", required_argument, NULL, opt_run_as_user }, + { "run-as-group", required_argument, NULL, opt_run_as_group }, + { "timeout", required_argument, NULL, opt_timeout }, + { "name", required_argument, NULL, opt_name }, + { "provider", required_argument, NULL, opt_provider }, + { "kill", no_argument, NULL, opt_kill }, + { "csh", no_argument, NULL, opt_csh }, + { "sh", no_argument, NULL, opt_sh }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: p11-kit server ..." }, + { opt_foreground, "run the server in foreground" }, + { opt_user, "specify user who can connect to the socket" }, + { opt_group, "specify group who can connect to the socket" }, + { opt_run_as_user, "specify user who runs the server" }, + { opt_run_as_group, "specify group who runs the server" }, + { opt_timeout, "exit if no connection until the given timeout" }, + { opt_name, "specify name of the socket (default: pkcs11-)" }, + { opt_provider, "specify the module to use" }, + { opt_kill, "terminate the running server" }, + { opt_csh, "generate C-shell commands on stdout" }, + { opt_sh, "generate Bourne shell commands on stdout" }, + { 0 }, + }; + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + p11_kit_be_loud (); + break; + case opt_quiet: + quiet = true; + break; + case opt_timeout: + ts.tv_sec = atoi (optarg); + ts.tv_nsec = 0; + timeout = &ts; + break; + case opt_name: + name = optarg; + break; + case opt_group: + grp = getgrnam (optarg); + if (grp == NULL) { + p11_message ("unknown group: %s", optarg); + return 2; + } + gid = grp->gr_gid; + break; + case opt_user: + pwd = getpwnam (optarg); + if (pwd == NULL) { + p11_message ("unknown user: %s", optarg); + return 2; + } + uid = pwd->pw_uid; + break; + case opt_run_as_group: + grp = getgrnam (optarg); + if (grp == NULL) { + p11_message ("unknown group: %s", optarg); + return 2; + } + run_as_gid = grp->gr_gid; + break; + case opt_run_as_user: + pwd = getpwnam (optarg); + if (pwd == NULL) { + p11_message ("unknown user: %s", optarg); + return 2; + } + run_as_uid = pwd->pw_uid; + break; + case opt_foreground: + foreground = true; + break; + case opt_provider: + provider = optarg; + break; + case opt_kill: + kill_opt = true; + break; + case opt_csh: + csh_opt = true; + break; + case opt_sh: + csh_opt = false; + break; + case opt_help: + case '?': + p11_tool_usage (usages, options); + return 0; + default: + assert_not_reached (); + break; + } + } + + argc -= optind; + argv += optind; + + if (argc < 1 && !kill_opt) { + p11_tool_usage (usages, options); + return 2; + } + + if (!csh_opt) { + const char *shell = secure_getenv ("SHELL"); + size_t len; + if (shell != NULL && (len = strlen (shell)) > 2 && + strncmp (shell + len - 3, "csh", 3) == 0) + csh_opt = true; + } + + if (kill_opt) { + const char *pidstr = secure_getenv (P11_KIT_SERVER_PID_ENV); + char *endptr; + long pidval; + + if (pidstr == NULL) { + fprintf (stderr, "%s not set, cannot kill server", + P11_KIT_SERVER_PID_ENV); + exit (1); + } + pidval = strtol (pidstr, &endptr, 10); + if (errno == ERANGE && + (pidval == LONG_MAX || pidval == LONG_MIN)) { + perror ("strtol"); + exit (1); + } + if (kill ((pid_t) pidval, SIGTERM) == -1) { + perror ("kill"); + exit (1); + } + + if (csh_opt) { + printf ("unsetenv %s;\n", + P11_KIT_SERVER_ADDRESS_ENV); + printf ("unsetenv %s;\n", + P11_KIT_SERVER_PID_ENV); + } else { + printf ("unset %s;\n", + P11_KIT_SERVER_ADDRESS_ENV); + printf ("unset %s;\n", + P11_KIT_SERVER_PID_ENV); + } + exit (0); + } + + if (run_as_gid != -1) { + if (setgid (run_as_gid) == -1) { + p11_message_err (errno, "cannot set gid to %u", (unsigned)run_as_gid); + ret = 1; + goto out; + } + + if (setgroups (1, &run_as_gid) == -1) { + p11_message_err (errno, "cannot setgroups to %u", (unsigned)run_as_gid); + ret = 1; + goto out; + } + } + + if (run_as_uid != -1) { + if (setuid (run_as_uid) == -1) { + p11_message_err (errno, "cannot set uid to %u", (unsigned)run_as_uid); + ret = 1; + goto out; + } + } + + if (name == NULL) { + const char *runtime_dir; + + if (asprintf (&name, "pkcs11-%d", getpid ()) < 0) { + ret = 1; + goto out; + } + + runtime_dir = secure_getenv ("XDG_RUNTIME_DIR"); + if (!runtime_dir || !runtime_dir[0]) { + p11_message_err (errno, "cannot determine runtime directory"); + ret = 1; + goto out; + } + + socket_base = p11_path_build (runtime_dir, "p11-kit", NULL); + if (socket_base == NULL) { + ret = 1; + goto out; + } + + if (mkdir (socket_base, 0700) == -1 && errno != EEXIST) { + p11_message_err (errno, "cannot create %s", socket_base); + ret = 1; + goto out; + } + + socket_name = p11_path_build (socket_base, name, NULL); + free (name); + } else { + socket_name = strdup (name); + } + + server = server_new ((const char **)argv, argc, provider, socket_name); + if (server == NULL) { + ret = 1; + goto out; + } + + server->uid = uid; + server->gid = gid; + ret = server_loop (server, foreground, timeout); + + out: + server_free (server); + + if (socket_name) + free (socket_name); + if (socket_base) { + remove (socket_base); + free (socket_base); + } + + return ret; +} + +#endif /* OS_UNIX */ + +#ifdef OS_WIN32 + +#include +#include +#include +#include + +#define DYN_ADVAPI32 + +typedef DWORD (WINAPI *GetSecurityInfoFunc) + (HANDLE handle, + SE_OBJECT_TYPE ObjectType, + SECURITY_INFORMATION SecurityInfo, + PSID *ppsidOwner, + PSID *ppsidGroup, + PACL *ppDacl, + PACL *ppSacl, + PSECURITY_DESCRIPTOR *ppSecurityDescriptor); +typedef DWORD (WINAPI *SetSecurityInfoFunc) + (HANDLE handle, + SE_OBJECT_TYPE ObjectType, + SECURITY_INFORMATION SecurityInfo, + PSID psidOwner, + PSID psidGroup, + PACL pDacl, + PACL pSacl); +typedef WINBOOL (WINAPI *OpenProcessTokenFunc) + (HANDLE ProcessHandle, + DWORD DesiredAccess, + PHANDLE TokenHandle); +typedef WINBOOL (WINAPI *GetTokenInformationFunc) + (HANDLE TokenHandle, + TOKEN_INFORMATION_CLASS TokenInformationClass, + LPVOID TokenInformation, + DWORD TokenInformationLength, + PDWORD ReturnLength); +typedef WINBOOL (WINAPI *InitializeSecurityDescriptorFunc) + (PSECURITY_DESCRIPTOR pSecurityDescriptor, + DWORD dwRevision); +typedef WINBOOL (WINAPI *SetSecurityDescriptorOwnerFunc) + (PSECURITY_DESCRIPTOR pSecurityDescriptor, + PSID pOwner, + WINBOOL bOwnerDefaulted); +typedef DWORD (WINAPI *SetEntriesInAclAFunc) + (ULONG cCountOfExplicitEntries, + PEXPLICIT_ACCESS_A pListOfExplicitEntries, + PACL OldAcl, + PACL *NewAcl); + +#ifdef DYN_ADVAPI32 +static GetSecurityInfoFunc pGetSecurityInfo; +static SetSecurityInfoFunc pSetSecurityInfo; +static OpenProcessTokenFunc pOpenProcessToken; +static GetTokenInformationFunc pGetTokenInformation; +static InitializeSecurityDescriptorFunc pInitializeSecurityDescriptor; +static SetSecurityDescriptorOwnerFunc pSetSecurityDescriptorOwner; +static SetEntriesInAclAFunc pSetEntriesInAclA; +#else +#define pGetSecurityInfo GetSecurityInfo +#define pSetSecurityInfo SetSecurityInfo +#define pOpenProcessToken OpenProcessToken +#define pGetTokenInformation GetTokenInformation +#define pInitializeSecurityDescriptor InitializeSecurityDescriptor +#define pSetSecurityDescriptorOwner SetSecurityDescriptorOwner +#define pSetEntriesInAclA SetEntriesInAclA +#endif + +#define BUFSIZE 4096 + +static bool quiet = false; + +struct ThreadData { + HANDLE handle; + Server *server; +}; + +static DWORD WINAPI +server_thread (LPVOID lpvParam) +{ + struct ThreadData *data = lpvParam; + Server *server = data->server; + int fd; + + fd = _open_osfhandle ((intptr_t) data->handle, _O_BINARY); + if (fd < 0) { + free (data); + return 1; + } + + if (server->module != NULL && server->provider == NULL) { + p11_kit_remote_serve_module (server->module, fd, fd); + } else { + p11_kit_remote_serve_tokens ((const char **)server->tokens, + server->n_tokens, + server->module, + fd, fd); + } + + free (data); + _close (fd); + return 1; +} + +static bool +make_private_security_descriptor (DWORD permissions, + PSECURITY_DESCRIPTOR *psd, + PACL *acl); + +static int +server_loop (Server *server) +{ + HANDLE hpipe, hthread; + BOOL connected = FALSE; + DWORD thread_id = 0; + SECURITY_ATTRIBUTES sa; + PACL acl; + struct ThreadData *data; + + memset (&sa, 0, sizeof (SECURITY_ATTRIBUTES)); + sa.nLength = sizeof (sa); + sa.bInheritHandle = FALSE; + + if (!make_private_security_descriptor (GENERIC_READ | GENERIC_WRITE, + &sa.lpSecurityDescriptor, + &acl)) + return 1; + + if (!quiet) { + char *path; + + path = p11_path_encode (server->socket_name); + printf ("P11_KIT_SERVER_ADDRESS=windows:pipe=%s\n", path); + free (path); + printf ("P11_KIT_SERVER_PID=%d\n", getpid ()); + } + + while (1) { + hpipe = CreateNamedPipe (server->socket_name, + PIPE_ACCESS_DUPLEX, + PIPE_TYPE_BYTE | + PIPE_READMODE_BYTE | + PIPE_WAIT +#ifdef PIPE_REJECT_REMOTE_CLIENTS + | PIPE_REJECT_REMOTE_CLIENTS +#endif + , + PIPE_UNLIMITED_INSTANCES, + BUFSIZE, + BUFSIZE, + 0, + &sa); + if (hpipe == INVALID_HANDLE_VALUE) + return 1; + connected = ConnectNamedPipe (hpipe, NULL); + if (!connected) + connected = GetLastError () == ERROR_PIPE_CONNECTED; + if (connected) { + data = malloc (sizeof (struct ThreadData)); + data->handle = hpipe; + data->server = server; + hthread = CreateThread (NULL, 0, server_thread, data, 0, + &thread_id); + if (hthread == NULL) { + free (data); + return 1; + } else + CloseHandle(hthread); + } else { + CloseHandle(hpipe); + } + } + + return 0; +} + +static HMODULE advapi32_lib; + +static bool +load_windows_functions (void) +{ + advapi32_lib = LoadLibraryA ("advapi32.dll"); + return_val_if_fail (advapi32_lib != NULL, false); + +#define GET_WINDOWS_FUNCTION(func) \ + p ## func = (func ## Func) GetProcAddress (advapi32_lib, # func); \ + return_val_if_fail (p ## func != NULL, false) + + GET_WINDOWS_FUNCTION (GetSecurityInfo); + GET_WINDOWS_FUNCTION (SetSecurityInfo); + GET_WINDOWS_FUNCTION (OpenProcessToken); + GET_WINDOWS_FUNCTION (GetTokenInformation); + GET_WINDOWS_FUNCTION (InitializeSecurityDescriptor); + GET_WINDOWS_FUNCTION (SetSecurityDescriptorOwner); + GET_WINDOWS_FUNCTION (SetEntriesInAclA); + + return true; +} + +int +main (int argc, + char *argv[]) +{ + const char *pipe_base = "\\\\.\\pipe\\"; + char *pipe_name; + int opt; + const char *name = NULL; + char *provider = NULL; + Server *server = NULL; + int ret = 0; + + enum { + opt_verbose = 'v', + opt_quiet = 'q', + opt_help = 'h', + opt_name = 'n', + opt_provider = 'p' + }; + + struct option options[] = { + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "help", no_argument, NULL, opt_help }, + { "name", required_argument, NULL, opt_name }, + { "provider", required_argument, NULL, opt_provider }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: p11-kit server ..." }, + { opt_name, "specify name of the pipe (default: pkcs11-)" }, + { opt_provider, "specify the module to use" }, + { 0 }, + }; + + if (!load_windows_functions ()) { + p11_message ("couldn't initialize Windows security functions"); + return 1; + } + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + p11_kit_be_loud (); + break; + case opt_quiet: + quiet = true; + break; + case opt_name: + name = optarg; + break; + case opt_provider: + provider = optarg; + break; + case opt_help: + case '?': + p11_tool_usage (usages, options); + return 0; + default: + assert_not_reached (); + break; + } + } + + argc -= optind; + argv += optind; + + if (argc < 1) { + p11_tool_usage (usages, options); + return 2; + } + + if (name == NULL) { + if (asprintf (&pipe_name, "%spkcs11-%d", + pipe_base, _getpid ()) < 0) { + ret = 1; + goto out; + } + } else { + pipe_name = strdup (name); + } + + server = server_new ((const char **)argv, argc, provider, pipe_name); + if (server == NULL) { + ret = 1; + goto out; + } + + ret = server_loop (server); + + out: + server_free (server); + + if (pipe_name) + free (pipe_name); + + if (advapi32_lib) + FreeLibrary (advapi32_lib); + + return ret; +} + +/* make_private_security_descriptor() and the helper functions were + * copied from putty/windows/winsecur.c in the PuTTY source code as of + * git commit 12bd5a6c722152aa27f24598785593e72b3284ea. + * + * PuTTY is copyright 1997-2017 Simon Tatham. + * + * Portions copyright Robert de Bath, Joris van Rantwijk, Delian + * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, + * Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa, Markus + * Kuhn, Colin Watson, Christopher Staite, and CORE SDI S.A. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation files + * (the "Software"), to deal in the Software without restriction, + * including without limitation the rights to use, copy, modify, merge, + * publish, distribute, sublicense, and/or sell copies of the Software, + * and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + */ + +/* Initialised once, then kept around to reuse forever */ +static PSID world_sid, network_sid, user_sid; + +static PSID +get_user_sid (void) +{ + HANDLE proc = NULL, tok = NULL; + TOKEN_USER *user = NULL; + DWORD toklen, sidlen; + PSID sid = NULL, ret = NULL; + + if (user_sid) + return user_sid; + + if ((proc = OpenProcess (MAXIMUM_ALLOWED, FALSE, + GetCurrentProcessId ())) == NULL) + goto cleanup; + + if (!OpenProcessToken (proc, TOKEN_QUERY, &tok)) + goto cleanup; + + if (!GetTokenInformation (tok, TokenUser, NULL, 0, &toklen) && + GetLastError () != ERROR_INSUFFICIENT_BUFFER) + goto cleanup; + + if ((user = (TOKEN_USER *)LocalAlloc (LPTR, toklen)) == NULL) + goto cleanup; + + if (!GetTokenInformation (tok, TokenUser, user, toklen, &toklen)) + goto cleanup; + + sidlen = GetLengthSid (user->User.Sid); + + sid = (PSID)malloc (sidlen); + + if (!CopySid (sidlen, sid, user->User.Sid)) + goto cleanup; + + /* Success. Move sid into the return value slot, and null it out + * to stop the cleanup code freeing it. */ + ret = user_sid = sid; + sid = NULL; + + cleanup: + if (proc != NULL) + CloseHandle (proc); + if (tok != NULL) + CloseHandle (tok); + if (user != NULL) + LocalFree (user); + if (sid != NULL) + free (sid); + + return ret; +} + +static bool +get_sids (void) +{ +#ifdef __clang__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wmissing-braces" +#endif + SID_IDENTIFIER_AUTHORITY world_auth = { SECURITY_WORLD_SID_AUTHORITY }; + SID_IDENTIFIER_AUTHORITY nt_auth = { SECURITY_NT_AUTHORITY }; +#ifdef __clang__ +#pragma clang diagnostic pop +#endif + + if (!user_sid) { + user_sid = get_user_sid (); + if (user_sid == NULL) { + p11_message ("unable to construct SID for %s: %lu", + "current user", + GetLastError ()); + return false; + } + } + + if (!world_sid) { + if (!AllocateAndInitializeSid (&world_auth, 1, + SECURITY_WORLD_RID, + 0, 0, 0, 0, 0, 0, 0, + &world_sid)) { + p11_message ("unable to construct SID for %s: %lu", + "world", + GetLastError ()); + return false; + } + } + + if (!network_sid) { + if (!AllocateAndInitializeSid (&nt_auth, 1, + SECURITY_NETWORK_RID, + 0, 0, 0, 0, 0, 0, 0, + &network_sid)) { + p11_message ("unable to construct SID for %s: %lu", + "local same-user access only", + GetLastError ()); + return false; + } + } + + return true; +} + +static bool +make_private_security_descriptor (DWORD permissions, + PSECURITY_DESCRIPTOR *psd, + PACL *acl) +{ + EXPLICIT_ACCESS ea[3]; + int acl_err; + + *psd = NULL; + *acl = NULL; + + if (!get_sids ()) + goto cleanup; + + memset (ea, 0, sizeof(ea)); + ea[0].grfAccessPermissions = permissions; + ea[0].grfAccessMode = REVOKE_ACCESS; + ea[0].grfInheritance = NO_INHERITANCE; + ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[0].Trustee.ptstrName = (LPTSTR)world_sid; + ea[1].grfAccessPermissions = permissions; + ea[1].grfAccessMode = GRANT_ACCESS; + ea[1].grfInheritance = NO_INHERITANCE; + ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[1].Trustee.ptstrName = (LPTSTR)user_sid; + ea[2].grfAccessPermissions = permissions; + ea[2].grfAccessMode = REVOKE_ACCESS; + ea[2].grfInheritance = NO_INHERITANCE; + ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[2].Trustee.ptstrName = (LPTSTR)network_sid; + + acl_err = SetEntriesInAclA (3, ea, NULL, acl); + if (acl_err != ERROR_SUCCESS || *acl == NULL) { + p11_message ("unable to construct ACL: %d", acl_err); + goto cleanup; + } + + *psd = (PSECURITY_DESCRIPTOR) LocalAlloc (LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); + if (!*psd) { + p11_message ("unable to allocate security descriptor: %lu", + GetLastError ()); + goto cleanup; + } + + if (!InitializeSecurityDescriptor (*psd, SECURITY_DESCRIPTOR_REVISION)) { + p11_message ("unable to initialise security descriptor: %lu", + GetLastError ()); + goto cleanup; + } + + if (!SetSecurityDescriptorOwner (*psd, user_sid, FALSE)) { + p11_message ("unable to set owner in security descriptor: %lu", + GetLastError ()); + goto cleanup; + } + + if (!SetSecurityDescriptorDacl (*psd, TRUE, *acl, FALSE)) { + p11_message ("unable to set DACL in security descriptor: %lu", + GetLastError ()); + goto cleanup; + } + + return true; + + cleanup: + if (*psd) { + LocalFree (*psd); + *psd = NULL; + } + if (*acl) { + LocalFree (*acl); + *acl = NULL; + } + + return false; +} + +#endif /* OS_WIN32 */ diff --git a/p11-kit/test-conf.c b/p11-kit/test-conf.c new file mode 100644 index 0000000..34d411b --- /dev/null +++ b/p11-kit/test-conf.c @@ -0,0 +1,464 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include + +#include "conf.h" +#include "debug.h" +#include "message.h" +#include "p11-kit.h" +#include "private.h" + +#ifdef OS_UNIX +#include +#include +#include +#endif + +static void +test_parse_conf_1 (void) +{ + p11_dict *map; + const char *value; + + map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/test-1.conf", NULL, 0); + assert_ptr_not_null (map); + + value = p11_dict_get (map, "key1"); + assert_str_eq ("value1", value); + + value = p11_dict_get (map, "with-colon"); + assert_str_eq ("value-of-colon", value); + + value = p11_dict_get (map, "with-whitespace"); + assert_str_eq ("value-with-whitespace", value); + + value = p11_dict_get (map, "embedded-comment"); + assert_str_eq ("this is # not a comment", value); + + p11_dict_free (map); +} + +static void +test_parse_ignore_missing (void) +{ + p11_dict *map; + + map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, CONF_IGNORE_MISSING); + assert_ptr_not_null (map); + + assert_num_eq (0, p11_dict_size (map)); + assert (p11_message_last () == NULL); + p11_dict_free (map); +} + +static void +test_parse_fail_missing (void) +{ + p11_dict *map; + + map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, 0); + assert (map == NULL); + assert_ptr_not_null (p11_message_last ()); +} + +static void +test_merge_defaults (void) +{ + p11_dict *values; + p11_dict *defaults; + + values = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); + defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); + + p11_dict_set (values, strdup ("one"), strdup ("real1")); + p11_dict_set (values, strdup ("two"), strdup ("real2")); + + p11_dict_set (defaults, strdup ("two"), strdup ("default2")); + p11_dict_set (defaults, strdup ("three"), strdup ("default3")); + + if (!_p11_conf_merge_defaults (values, defaults)) + assert_not_reached (); + + p11_dict_free (defaults); + + assert_str_eq (p11_dict_get (values, "one"), "real1"); + assert_str_eq (p11_dict_get (values, "two"), "real2"); + assert_str_eq (p11_dict_get (values, "three"), "default3"); + + p11_dict_free (values); +} + +static void +test_load_globals_merge (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", + SRCDIR "/p11-kit/fixtures/test-user.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_MERGE, user_mode); + + assert_str_eq (p11_dict_get (config, "key1"), "system1"); + assert_str_eq (p11_dict_get (config, "key2"), "user2"); + assert_str_eq (p11_dict_get (config, "key3"), "user3"); + + p11_dict_free (config); +} + +static void +test_load_globals_no_user (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-none.conf", + SRCDIR "/p11-kit/fixtures/test-user.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_NONE, user_mode); + + assert_str_eq (p11_dict_get (config, "key1"), "system1"); + assert_str_eq (p11_dict_get (config, "key2"), "system2"); + assert_str_eq (p11_dict_get (config, "key3"), "system3"); + + p11_dict_free (config); +} + +static void +test_load_globals_user_sets_only (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", + SRCDIR "/p11-kit/fixtures/test-user-only.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_ONLY, user_mode); + + assert (p11_dict_get (config, "key1") == NULL); + assert_str_eq (p11_dict_get (config, "key2"), "user2"); + assert_str_eq (p11_dict_get (config, "key3"), "user3"); + + p11_dict_free (config); +} + +static void +test_load_globals_system_sets_only (void) +{ + int user_mode = -1; + p11_dict *config; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-only.conf", + SRCDIR "/p11-kit/fixtures/test-user.conf", + &user_mode); + assert_ptr_not_null (config); + assert (NULL == p11_message_last ()); + assert_num_eq (CONF_USER_ONLY, user_mode); + + assert (p11_dict_get (config, "key1") == NULL); + assert_str_eq (p11_dict_get (config, "key2"), "user2"); + assert_str_eq (p11_dict_get (config, "key3"), "user3"); + + p11_dict_free (config); +} + +static void +test_load_globals_system_sets_invalid (void) +{ + int user_mode = -1; + p11_dict *config; + int error; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-invalid.conf", + SRCDIR "/p11-kit/fixtures/non-existant.conf", + &user_mode); + error = errno; + assert_ptr_eq (NULL, config); + assert_num_eq (EINVAL, error); + assert_ptr_not_null (p11_message_last ()); + + p11_dict_free (config); +} + +static void +test_load_globals_user_sets_invalid (void) +{ + int user_mode = -1; + p11_dict *config; + int error; + + p11_message_clear (); + + config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf", + SRCDIR "/p11-kit/fixtures/test-user-invalid.conf", + &user_mode); + error = errno; + assert_ptr_eq (NULL, config); + assert_num_eq (EINVAL, error); + assert_ptr_not_null (p11_message_last ()); + + p11_dict_free (config); +} + +static bool +assert_msg_contains (const char *msg, + const char *text) +{ + return (msg && strstr (msg, text)) ? true : false; +} + +static void +test_load_modules_merge (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_MERGE, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/user-modules"); + assert_ptr_not_null (configs); + assert (assert_msg_contains (p11_message_last (), "invalid config filename")); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "user1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_not_null (config); + assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system2"); + + config = p11_dict_get (configs, "three"); + assert_ptr_not_null (config); + assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "user3"); + + p11_dict_free (configs); +} + +static void +test_load_modules_user_none (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_NONE, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/user-modules"); + assert_ptr_not_null (configs); + assert (assert_msg_contains (p11_message_last (), "invalid config filename")); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_not_null (config); + assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system2"); + + config = p11_dict_get (configs, "three"); + assert_ptr_eq (NULL, config); + + p11_dict_free (configs); +} + +static void +test_load_modules_user_only (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_ONLY, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/user-modules"); + assert_ptr_not_null (configs); + assert_ptr_eq (NULL, (void *)p11_message_last ()); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert (p11_dict_get (config, "module") == NULL); + assert_str_eq (p11_dict_get (config, "setting"), "user1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_eq (NULL, config); + + config = p11_dict_get (configs, "three"); + assert_ptr_not_null (config); + assert_str_eq ("mock-three.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "user3"); + + p11_dict_free (configs); +} + +static void +test_load_modules_no_user (void) +{ + p11_dict *configs; + p11_dict *config; + + p11_message_clear (); + + configs = _p11_conf_load_modules (CONF_USER_MERGE, + SRCDIR "/p11-kit/fixtures/package-modules", + SRCDIR "/p11-kit/fixtures/system-modules", + SRCDIR "/p11-kit/fixtures/non-existant"); + assert_ptr_not_null (configs); + assert (assert_msg_contains (p11_message_last (), "invalid config filename")); + + config = p11_dict_get (configs, "one"); + assert_ptr_not_null (config); + assert_str_eq ("mock-one.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system1"); + + config = p11_dict_get (configs, "two.badname"); + assert_ptr_not_null (config); + assert_str_eq ("mock-two.so", p11_dict_get (config, "module")); + assert_str_eq (p11_dict_get (config, "setting"), "system2"); + + config = p11_dict_get (configs, "three"); + assert_ptr_eq (NULL, config); + + p11_dict_free (configs); +} + +static void +test_parse_boolean (void) +{ + p11_message_quiet (); + + assert_num_eq (true, _p11_conf_parse_boolean ("yes", false)); + assert_num_eq (false, _p11_conf_parse_boolean ("no", true)); + assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true)); +} + +#ifdef OS_UNIX + +static void +test_setuid (void) +{ + const char *args[] = { BUILDDIR "/p11-kit/frob-setuid", NULL, }; + char *path; + int ret; + + if (getuid () == 0) + assert_skip ("cannot perform setuid test as root", NULL); + + /* This is the 'number' setting set in one.module user configuration. */ + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 33); + + path = p11_test_copy_setgid (args[0], BUILDDIR); + if (path == NULL) + return; + + args[0] = path; + + /* This is the 'number' setting set in one.module system configuration. */ + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 18); + + if (unlink (path) < 0) + assert_fail ("unlink failed", strerror (errno)); + free (path); +} + +#endif /* OS_UNIX */ + +extern bool p11_conf_force_user_config; + +int +main (int argc, + char *argv[]) +{ + p11_conf_force_user_config = true; + + p11_test (test_parse_conf_1, "/conf/test_parse_conf_1"); + p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing"); + p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing"); + p11_test (test_merge_defaults, "/conf/test_merge_defaults"); + p11_test (test_load_globals_merge, "/conf/test_load_globals_merge"); + p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user"); + p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only"); + p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only"); + p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid"); + p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid"); + p11_test (test_load_modules_merge, "/conf/test_load_modules_merge"); + p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user"); + p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only"); + p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none"); + p11_test (test_parse_boolean, "/conf/test_parse_boolean"); +#ifdef OS_UNIX + /* Don't run this test when under fakeroot, or the binary is + * written under /tmp */ + if (!getenv ("FAKED_MODE") && strncmp (BUILDDIR, "/tmp/", 5) != 0) { + p11_test (test_setuid, "/conf/setuid"); + } +#endif + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-deprecated.c b/p11-kit/test-deprecated.c new file mode 100644 index 0000000..81d6029 --- /dev/null +++ b/p11-kit/test-deprecated.c @@ -0,0 +1,518 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_NO_DEPRECATIONS + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "p11-kit.h" +#include "private.h" +#include "mock.h" + +#include + +#include +#include +#include +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR_PTR +initialize_and_get_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_RV rv; + + rv = p11_kit_initialize_registered (); + assert_num_eq (CKR_OK, rv); + modules = p11_kit_registered_modules (); + assert (modules != NULL && modules[0] != NULL); + + return modules; +} + +static void +finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) +{ + CK_RV rv; + + free (modules); + rv = p11_kit_finalize_registered (); + assert_num_eq (CKR_OK, rv); + +} + +static void +test_no_duplicates (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + p11_dict *paths; + p11_dict *funcs; + char *path; + int i; + + modules = initialize_and_get_modules (); + paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + path = p11_kit_registered_option (modules[i], "module"); + + if (p11_dict_get (funcs, modules[i])) + assert_fail ("found duplicate function list pointer", NULL); + if (p11_dict_get (paths, path)) + assert_fail ("found duplicate path name", NULL); + + if (!p11_dict_set (funcs, modules[i], "")) + assert_not_reached (); + if (!p11_dict_set (paths, path, "")) + assert_not_reached (); + + free (path); + } + + p11_dict_free (paths); + p11_dict_free (funcs); + finalize_and_free_modules (modules); +} + +static CK_FUNCTION_LIST_PTR +lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, + const char *name) +{ + CK_FUNCTION_LIST_PTR match = NULL; + CK_FUNCTION_LIST_PTR module; + char *module_name; + int i; + + for (i = 0; match == NULL && modules[i] != NULL; i++) { + module_name = p11_kit_registered_module_to_name (modules[i]); + assert_ptr_not_null (module_name); + if (strcmp (module_name, name) == 0) + match = modules[i]; + free (module_name); + } + + /* + * As a side effect, we should check that the results of this function + * matches the above search. + */ + module = p11_kit_registered_name_to_module (name); + if (module != match) + assert_fail ("different result from p11_kit_registered_name_to_module()", NULL); + + return match; +} + +static void +test_disable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module four should be present, as we don't match any prognames + * that it has disabled. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") != NULL); + finalize_and_free_modules (modules); + + /* + * The module two shouldn't have been loaded, because in its config + * file we have: + * + * disable-in: test-disable + */ + + p11_kit_set_progname ("test-disable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_disable_later (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_RV rv; + + /* + * The module two shouldn't be matched, because in its config + * file we have: + * + * disable-in: test-disable + */ + + rv = p11_kit_initialize_registered (); + assert_num_eq (CKR_OK, rv); + + p11_kit_set_progname ("test-disable"); + + modules = p11_kit_registered_modules (); + assert (modules != NULL && modules[0] != NULL); + + assert (lookup_module_with_name (modules, "two") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_enable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") == NULL); + finalize_and_free_modules (modules); + + /* + * The module three should be loaded here , because in its config + * file we have: + * + * enable-in: test-enable + */ + + p11_kit_set_progname ("test-enable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") != NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +CK_FUNCTION_LIST module; + +#ifdef OS_UNIX + +#include + +static CK_RV +mock_C_Initialize__with_fork (CK_VOID_PTR init_args) +{ + struct timespec ts = { 0, 100 * 1000 * 1000 }; + CK_RV rv; + pid_t child; + pid_t ret; + int status; + + rv = mock_C_Initialize (init_args); + assert (rv == CKR_OK); + + /* Fork during the initialization */ + child = fork (); + if (child == 0) { + close (1); + nanosleep (&ts, NULL); + exit (66); + } + + ret = waitpid (child, &status, 0); + assert (ret == child); + assert (WIFEXITED (status)); + assert (WEXITSTATUS (status) == 66); + + return CKR_OK; +} + +static void +test_fork_initialization (void) +{ + CK_RV rv; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_fork; + + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_OK); + + rv = p11_kit_finalize_module (&module); + assert (rv == CKR_OK); + + assert (!mock_module_initialized ()); +} + +#endif /* OS_UNIX */ + +static CK_RV +mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) +{ + /* Recursively initialize, this is broken */ + return p11_kit_initialize_module (&module); +} + +static void +test_recursive_initialization (void) +{ + CK_RV rv; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_recursive; + + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_FUNCTION_FAILED); + + assert (!mock_module_initialized ()); +} + +static p11_mutex_t race_mutex; +static int initialization_count = 0; +static int finalization_count = 0; + +static CK_RV +mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + initialization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static CK_RV +mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + finalization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static void * +initialization_thread (void *data) +{ + CK_RV rv; + + assert_str_eq (data, "thread-data"); + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_OK); + + return "thread-data"; +} + +static void * +finalization_thread (void *data) +{ + CK_RV rv; + + assert_str_eq (data, "thread-data"); + rv = p11_kit_finalize_module (&module); + assert (rv == CKR_OK); + + return "thread-data"; +} + +static void +test_threaded_initialization (void) +{ + static const int num_threads = 2; + p11_thread_t threads[num_threads]; + int ret; + int i; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__threaded_race; + module.C_Finalize = mock_C_Finalize__threaded_race; + + p11_mutex_lock (&race_mutex); + initialization_count = 0; + finalization_count = 0; + p11_mutex_unlock (&race_mutex); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], initialization_thread, "thread-data"); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], finalization_thread, "thread-data"); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + /* C_Initialize should have been called exactly once */ + p11_mutex_lock (&race_mutex); + assert_num_eq (1, initialization_count); + assert_num_eq (1, finalization_count); + p11_mutex_unlock (&race_mutex); + + assert (!mock_module_initialized ()); +} + +static CK_RV +mock_C_Initialize__test_mutexes (CK_VOID_PTR args) +{ + CK_C_INITIALIZE_ARGS_PTR init_args; + void *mutex = NULL; + CK_RV rv; + + rv = mock_C_Initialize (NULL); + if (rv != CKR_OK) + return rv; + + assert (args != NULL); + init_args = args; + + rv = (init_args->CreateMutex) (&mutex); + assert (rv == CKR_OK); + + rv = (init_args->LockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->UnlockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->DestroyMutex) (mutex); + assert (rv == CKR_OK); + + return CKR_OK; +} + +static void +test_mutexes (void) +{ + CK_RV rv; + + assert (!mock_module_initialized ()); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__test_mutexes; + + rv = p11_kit_initialize_module (&module); + assert (rv == CKR_OK); + + rv = p11_kit_finalize_module (&module); + assert (rv == CKR_OK); + + assert (!mock_module_initialized ()); +} + +static void +test_load_and_initialize (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_INFO info; + CK_RV rv; + int ret; + + rv = p11_kit_load_initialize_module (P11_MODULE_PATH "/mock-one" SHLEXT, &module); + assert (rv == CKR_OK); + assert (module != NULL); + + memset (&info, 0, sizeof(info)); + rv = (module->C_GetInfo) (&info); + assert (rv == CKR_OK); + + ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); + assert (ret == 0); + + rv = p11_kit_finalize_module (module); + assert_num_eq (rv, CKR_OK); +} + +extern bool p11_conf_force_user_config; + +int +main (int argc, + char *argv[]) +{ + p11_conf_force_user_config = true; + + p11_mutex_init (&race_mutex); + mock_module_init (); + p11_library_init (); + + p11_test (test_no_duplicates, "/deprecated/test_no_duplicates"); + p11_test (test_disable, "/deprecated/test_disable"); + p11_test (test_disable_later, "/deprecated/test_disable_later"); + p11_test (test_enable, "/deprecated/test_enable"); + +#ifdef OS_UNIX + p11_test (test_fork_initialization, "/deprecated/test_fork_initialization"); +#endif + + p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization"); + p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization"); + p11_test (test_mutexes, "/deprecated/test_mutexes"); + p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize"); + + p11_kit_be_quiet (); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-filter.c b/p11-kit/test-filter.c new file mode 100644 index 0000000..a22f0e1 --- /dev/null +++ b/p11-kit/test-filter.c @@ -0,0 +1,312 @@ +/* + * Copyright (c) 2016 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "filter.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "virtual.h" + +#include +#include +#include +#include + +static CK_TOKEN_INFO TOKEN_ONE = { + "TEST LABEL ", + "TEST MANUFACTURER ", + "TEST MODEL ", + "TEST SERIAL ", + CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + { 75, 175 }, + { 85, 185 }, + { '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' } +}; + +static void +test_allowed (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slots[1], slot; + CK_SLOT_INFO slot_info; + CK_TOKEN_INFO token_info; + CK_MECHANISM_TYPE mechs[8]; + CK_MECHANISM_INFO mech; + CK_SESSION_HANDLE session = 0; + p11_virtual virt; + p11_virtual *filter; + CK_ULONG count; + CK_RV rv; + + p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL); + filter = p11_filter_subclass (&virt, NULL); + module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit); + assert_ptr_not_null (module); + + p11_filter_allow_token (filter, &TOKEN_ONE); + + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetSlotList) (CK_TRUE, NULL, NULL); + assert_num_eq (CKR_ARGUMENTS_BAD, rv); + + rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (count, 1); + + count = 0; + rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); + assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); + + count = 1; + rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (count, 1); + + rv = (module->C_GetSlotInfo) (99, &slot_info); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetSlotInfo) (slots[0], &slot_info); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetTokenInfo) (99, &token_info); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetTokenInfo) (slots[0], &token_info); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetMechanismList) (99, NULL, &count); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetMechanismList) (slots[0], NULL, &count); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetMechanismList) (slots[0], mechs, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (2, count); + + rv = (module->C_GetMechanismInfo) (99, mechs[0], &mech); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetMechanismInfo) (slots[0], mechs[0], &mech); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_InitToken) (99, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_InitToken) (slots[0], (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); + assert_num_eq (CKR_FUNCTION_NOT_SUPPORTED, rv); + + rv = (module->C_OpenSession) (99, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_OpenSession) (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_CloseAllSessions) (99); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_CloseAllSessions) (slots[0]); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + p11_virtual_unwrap (module); + p11_filter_release (filter); +} + +static void +test_denied (void) +{ + CK_FUNCTION_LIST_PTR module; + p11_virtual virt; + p11_virtual *filter; + CK_ULONG count; + CK_RV rv; + + p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL); + filter = p11_filter_subclass (&virt, NULL); + module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit); + assert_ptr_not_null (module); + + p11_filter_deny_token (filter, &TOKEN_ONE); + + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (count, 0); + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + p11_virtual_unwrap (module); + p11_filter_release (filter); +} + +static void +test_write_protected (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slots[1], slot; + CK_SLOT_INFO slot_info; + CK_TOKEN_INFO token_info; + CK_TOKEN_INFO token_one; + CK_MECHANISM_TYPE mechs[8]; + CK_MECHANISM_INFO mech; + CK_SESSION_HANDLE session = 0; + p11_virtual virt; + p11_virtual *filter; + CK_ULONG count; + CK_RV rv; + + p11_virtual_init (&virt, &p11_virtual_base, &mock_module, NULL); + filter = p11_filter_subclass (&virt, NULL); + module = p11_virtual_wrap (filter, (p11_destroyer)p11_virtual_uninit); + assert_ptr_not_null (module); + + memcpy (&token_one, &TOKEN_ONE, sizeof (CK_TOKEN_INFO)); + token_one.flags |= CKF_WRITE_PROTECTED; + + p11_filter_allow_token (filter, &token_one); + + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetSlotList) (CK_TRUE, NULL, NULL); + assert_num_eq (CKR_ARGUMENTS_BAD, rv); + + rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (count, 1); + + count = 0; + rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); + assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); + + count = 1; + rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (count, 1); + + rv = (module->C_GetSlotInfo) (99, &slot_info); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetSlotInfo) (slots[0], &slot_info); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetTokenInfo) (99, &token_info); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetTokenInfo) (slots[0], &token_info); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetMechanismList) (99, NULL, &count); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetMechanismList) (slots[0], NULL, &count); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetMechanismList) (slots[0], mechs, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (2, count); + + rv = (module->C_GetMechanismInfo) (99, mechs[0], &mech); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_GetMechanismInfo) (slots[0], mechs[0], &mech); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_InitToken) (99, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_InitToken) (slots[0], (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert_num_eq (CKR_TOKEN_WRITE_PROTECTED, rv); + + rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); + assert_num_eq (CKR_FUNCTION_NOT_SUPPORTED, rv); + + rv = (module->C_OpenSession) (99, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_OpenSession) (slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_TOKEN_WRITE_PROTECTED, rv); + + rv = (module->C_CloseAllSessions) (99); + assert_num_eq (CKR_SLOT_ID_INVALID, rv); + + rv = (module->C_CloseAllSessions) (slots[0]); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + p11_virtual_unwrap (module); + p11_filter_release (filter); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + mock_module_init (); + + p11_test (test_allowed, "/filter/test_allowed"); + p11_test (test_denied, "/filter/test_denied"); + p11_test (test_write_protected, "/filter/test_write_protected"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-init.c b/p11-kit/test-init.c new file mode 100644 index 0000000..9cc691f --- /dev/null +++ b/p11-kit/test-init.c @@ -0,0 +1,418 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include + +#include "library.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "private.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include + +static CK_FUNCTION_LIST module; +static p11_mutex_t race_mutex; + +#ifdef OS_UNIX + +#include + +static CK_RV +mock_C_Initialize__with_fork (CK_VOID_PTR init_args) +{ + struct timespec ts = { 0, 100 * 1000 * 1000 }; + CK_RV rv; + pid_t child; + pid_t ret; + int status; + + rv = mock_C_Initialize (init_args); + assert (rv == CKR_OK); + + /* Fork during the initialization */ + child = fork (); + if (child == 0) { + close (1); + nanosleep (&ts, NULL); + exit (66); + } + + ret = waitpid (child, &status, 0); + assert (ret == child); + assert (WIFEXITED (status)); + assert (WEXITSTATUS (status) == 66); + + return CKR_OK; +} + +static void +test_fork_initialization (void) +{ + CK_FUNCTION_LIST_PTR result; + CK_RV rv; + + mock_module_reset (); + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_fork; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&module, 0, &result); + assert (rv == CKR_OK); + + p11_unlock (); + + rv = p11_kit_module_initialize (result); + assert (rv == CKR_OK); + + rv = p11_kit_module_finalize (result); + assert (rv == CKR_OK); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (result); + assert (rv == CKR_OK); + + p11_unlock (); +} + +#endif /* OS_UNIX */ + +static CK_FUNCTION_LIST *recursive_managed; + +static CK_RV +mock_C_Initialize__with_recursive (CK_VOID_PTR init_args) +{ + CK_RV rv; + + rv = mock_C_Initialize (init_args); + assert (rv == CKR_OK); + + return p11_kit_module_initialize (recursive_managed); +} + +static void +test_recursive_initialization (void) +{ + CK_RV rv; + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__with_recursive; + + p11_kit_be_quiet (); + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed); + assert (rv == CKR_OK); + + p11_unlock (); + + rv = p11_kit_module_initialize (recursive_managed); + assert_num_eq (CKR_FUNCTION_FAILED, rv); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (recursive_managed); + assert (rv == CKR_OK); + + p11_unlock (); + + p11_kit_be_loud (); +} + +static int initialization_count = 0; +static int finalization_count = 0; + +static CK_RV +mock_C_Initialize__threaded_race (CK_VOID_PTR init_args) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + initialization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static CK_RV +mock_C_Finalize__threaded_race (CK_VOID_PTR reserved) +{ + /* Atomically increment value */ + p11_mutex_lock (&race_mutex); + finalization_count += 1; + p11_mutex_unlock (&race_mutex); + + p11_sleep_ms (100); + return CKR_OK; +} + +static void * +initialization_thread (void *data) +{ + CK_FUNCTION_LIST *module = data; + CK_RV rv; + + assert (module != NULL); + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + return module; +} + +static void * +finalization_thread (void *data) +{ + CK_FUNCTION_LIST *module = data; + CK_RV rv; + + assert (module != NULL); + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + return module; +} + +static void +test_threaded_initialization (void) +{ + static const int num_threads = 1; + CK_FUNCTION_LIST *data[num_threads]; + p11_thread_t threads[num_threads]; + CK_RV rv; + int ret; + int i; + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__threaded_race; + module.C_Finalize = mock_C_Finalize__threaded_race; + + memset (&data, 0, sizeof (data)); + + p11_mutex_lock (&race_mutex); + initialization_count = 0; + finalization_count = 0; + p11_mutex_unlock (&race_mutex); + + p11_lock (); + + for (i = 0; i < num_threads; i++) { + assert (data[i] == NULL); + rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]); + assert (rv == CKR_OK); + } + + p11_unlock (); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], initialization_thread, data[i]); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (&threads[i], finalization_thread, data[i]); + assert_num_eq (0, ret); + assert (threads[i] != 0); + } + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_join (threads[i]); + assert_num_eq (0, ret); + threads[i] = 0; + } + + p11_lock (); + + for (i = 0; i < num_threads; i++) { + assert (data[i] != NULL); + rv = p11_module_release_inlock_reentrant (data[i]); + assert (rv == CKR_OK); + } + + p11_unlock (); + + /* C_Initialize should have been called exactly once */ + assert_num_eq (1, initialization_count); + assert_num_eq (1, finalization_count); +} + +static CK_RV +mock_C_Initialize__test_mutexes (CK_VOID_PTR args) +{ + CK_C_INITIALIZE_ARGS_PTR init_args; + void *mutex = NULL; + CK_RV rv; + + assert (args != NULL); + init_args = args; + + rv = (init_args->CreateMutex) (&mutex); + assert (rv == CKR_OK); + + rv = (init_args->LockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->UnlockMutex) (mutex); + assert (rv == CKR_OK); + + rv = (init_args->DestroyMutex) (mutex); + assert (rv == CKR_OK); + + return CKR_OK; +} + +static void +test_mutexes (void) +{ + CK_FUNCTION_LIST_PTR result; + CK_RV rv; + + /* Build up our own function list */ + memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + module.C_Initialize = mock_C_Initialize__test_mutexes; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&module, 0, &result); + assert (rv == CKR_OK); + + rv = p11_module_release_inlock_reentrant (result); + assert (rv == CKR_OK); + + p11_unlock (); +} + +static void +test_load_and_initialize (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_INFO info; + CK_RV rv; + int ret; + + module = p11_kit_module_load (P11_MODULE_PATH "/mock-one" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + rv = (module->C_GetInfo) (&info); + assert (rv == CKR_OK); + + ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32); + assert (ret == 0); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + +static void +test_initalize_fail (void) +{ + CK_FUNCTION_LIST failer; + CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL }; + CK_RV rv; + + memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST)); + failer.C_Initialize = mock_C_Initialize__fails; + + mock_module_reset (); + p11_kit_be_quiet (); + + rv = p11_kit_modules_initialize (modules, NULL); + assert_num_eq (CKR_FUNCTION_FAILED, rv); + + p11_kit_be_loud (); + + /* Failed modules get removed from the list */ + assert_ptr_eq (&mock_module_no_slots, modules[0]); + assert_ptr_eq (NULL, modules[1]); + assert_ptr_eq (NULL, modules[2]); + + p11_kit_modules_finalize (modules); +} + +static void +test_finalize_fail (void) +{ + +} + +int +main (int argc, + char *argv[]) +{ + p11_mutex_init (&race_mutex); + mock_module_init (); + p11_library_init (); + + /* These only work when managed */ + p11_test (test_recursive_initialization, "/init/test_recursive_initialization"); + p11_test (test_threaded_initialization, "/init/test_threaded_initialization"); + p11_test (test_mutexes, "/init/test_mutexes"); + p11_test (test_load_and_initialize, "/init/test_load_and_initialize"); + +#ifdef OS_UNIX + p11_test (test_fork_initialization, "/init/test_fork_initialization"); +#endif + + p11_test (test_initalize_fail, "/init/test_initalize_fail"); + p11_test (test_finalize_fail, "/init/test_finalize_fail"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-iter.c b/p11-kit/test-iter.c new file mode 100644 index 0000000..ac31fbe --- /dev/null +++ b/p11-kit/test-iter.c @@ -0,0 +1,1667 @@ +/* + * Copyright (c) 2013,2016 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#define P11_KIT_FUTURE_UNSTABLE_API 1 + +#include "attrs.h" +#include "dict.h" +#include "iter.h" +#include "library.h" +#include "message.h" +#include "mock.h" + +#include +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +static CK_FUNCTION_LIST_PTR_PTR +initialize_and_get_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + p11_message_quiet (); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL && modules[0] != NULL); + + p11_message_loud (); + + return modules; +} + +static void +finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) +{ + p11_kit_modules_finalize (modules); + p11_kit_modules_release (modules); +} + +static int +has_handle (CK_ULONG *objects, + int count, + CK_ULONG handle) +{ + int i; + for (i = 0; i < count; i++) { + if (objects[i] == handle) + return 1; + } + + return 0; +} + + +static void +test_all (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session; + CK_ULONG size; + P11KitIter *iter; + CK_RV rv; + int at; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, P11_KIT_ITER_BUSY_SESSIONS); + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + module = p11_kit_iter_get_module (iter); + assert_ptr_not_null (module); + + session = p11_kit_iter_get_session (iter); + assert (session != 0); + + /* Do something with the object */ + size = 0; + rv = (module->C_GetObjectSize) (session, objects[at], &size); + assert (rv == CKR_OK); + assert (size > 0); + + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static CK_RV +on_iter_callback (P11KitIter *iter, + CK_BBOOL *matches, + void *data) +{ + CK_OBJECT_HANDLE object; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session; + CK_ULONG size; + CK_RV rv; + + assert_str_eq (data, "callback"); + + object = p11_kit_iter_get_object (iter); + if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) { + *matches = CK_FALSE; + return CKR_OK; + } + + module = p11_kit_iter_get_module (iter); + assert_ptr_not_null (module); + + session = p11_kit_iter_get_session (iter); + assert (session != 0); + + /* Do something with the object */ + size = 0; + rv = (module->C_GetObjectSize) (session, object, &size); + assert (rv == CKR_OK); + assert (size > 0); + + return CKR_OK; +} + +static void +test_callback (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int at; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL); + p11_kit_iter_begin (iter, modules); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 2 public keys */ + assert_num_eq (6, at); + + assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static CK_RV +on_callback_fail (P11KitIter *iter, + CK_BBOOL *matches, + void *data) +{ + return CKR_DATA_INVALID; +} + +static void +test_callback_fails (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int at; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL); + p11_kit_iter_begin (iter, modules); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DATA_INVALID); + + /* Shouldn't have succeeded at all */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + finalize_and_free_modules (modules); +} + +static void +on_destroy_increment (void *data) +{ + int *value = data; + (*value)++; +} + +static void +test_callback_destroyer (void) +{ + P11KitIter *iter; + int value = 1; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment); + p11_kit_iter_free (iter); + + assert_num_eq (2, value); +} + +static void +test_with_session (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, 0, session); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + slot = p11_kit_iter_get_slot (iter); + assert (slot == MOCK_SLOT_ONE_ID); + + module = p11_kit_iter_get_module (iter); + assert_ptr_eq (module, &mock_module); + + assert (session == p11_kit_iter_get_session (iter)); + at++; + } + + assert (rv == CKR_CANCEL); + + /* 1 modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + /* The session is still valid ... */ + rv = mock_module.C_CloseSession (session); + assert (rv == CKR_OK); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_with_slot (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + slot = p11_kit_iter_get_slot (iter); + assert (slot == MOCK_SLOT_ONE_ID); + + module = p11_kit_iter_get_module (iter); + assert_ptr_eq (module, &mock_module); + at++; + } + + assert (rv == CKR_CANCEL); + + /* 1 modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + rv = (mock_module.C_Finalize) (NULL); + assert (rv == CKR_OK); +} + +static void +test_with_module (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + + module = p11_kit_iter_get_module (iter); + assert_ptr_eq (module, &mock_module); + at++; + } + + assert (rv == CKR_CANCEL); + + /* 1 modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, at); + + assert (has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_keep_session (void) +{ + CK_SESSION_HANDLE session; + P11KitIter *iter; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &mock_module, 0, 0); + + rv = p11_kit_iter_next (iter); + assert (rv == CKR_OK); + + session = p11_kit_iter_keep_session (iter); + p11_kit_iter_free (iter); + + /* The session is still valid ... */ + rv = mock_module.C_CloseSession (session); + assert (rv == CKR_OK); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_unrecognized (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + p11_kit_uri_set_unrecognized (uri, 1); + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_uri_with_type (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int at; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (ret, P11_KIT_URI_OK); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 2 public keys */ + assert_num_eq (6, at); + + assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_set_uri (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + p11_kit_uri_set_unrecognized (uri, 1); + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_set_uri (iter, uri); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + /* Nothing should have matched */ + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_CANCEL); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_filter (void) +{ + CK_OBJECT_HANDLE objects[128]; + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int at; + + CK_BBOOL vfalse = CK_FALSE; + CK_OBJECT_CLASS public_key = CKO_PUBLIC_KEY; + CK_ATTRIBUTE attrs[] = { + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_CLASS, &public_key, sizeof (public_key) }, + }; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, attrs, 2); + + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (at < 128); + objects[at] = p11_kit_iter_get_object (iter); + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 2 public keys */ + assert_num_eq (6, at); + + assert (!has_handle (objects, at, MOCK_DATA_OBJECT)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE)); + assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX)); + assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX)); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_session_flags (void) +{ + CK_FUNCTION_LIST_PTR *modules; + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session; + CK_SESSION_INFO info; + P11KitIter *iter; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); + p11_kit_iter_begin (iter, modules); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + module = p11_kit_iter_get_module (iter); + assert_ptr_not_null (module); + + session = p11_kit_iter_get_session (iter); + assert (session != 0); + + rv = (module->C_GetSessionInfo) (session, &info); + assert (rv == CKR_OK); + + assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_module_match (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_module_mismatch (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_module_only (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_MODULES | P11_KIT_ITER_WITHOUT_OBJECTS); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + P11KitIterKind kind = p11_kit_iter_get_kind (iter); + assert_num_eq (P11_KIT_ITER_KIND_MODULE, kind); + count++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_slot_match (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_SLOT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_slot_mismatch (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=blah", P11_KIT_URI_FOR_SLOT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_slot_only (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_SLOT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_SLOTS | P11_KIT_ITER_WITHOUT_OBJECTS); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + P11KitIterKind kind = p11_kit_iter_get_kind (iter); + assert_num_eq (P11_KIT_ITER_KIND_SLOT, kind); + count++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_slot_match_by_id (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + char *string; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = asprintf (&string, "pkcs11:slot-id=%d", MOCK_SLOT_ONE_ID); + assert (ret > 0); + ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, uri); + free (string); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_slot_mismatch_by_id (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:slot-id=0", P11_KIT_URI_FOR_SLOT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_slot_info (void) +{ + CK_FUNCTION_LIST_PTR *modules; + CK_SLOT_INFO *info; + P11KitIter *iter; + char *string; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_OK); + + info = p11_kit_iter_get_slot_info (iter); + assert_ptr_not_null (info); + + string = p11_kit_space_strdup (info->slotDescription, + sizeof (info->slotDescription)); + assert_ptr_not_null (string); + + assert_str_eq (string, "TEST SLOT"); + + free (string); + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_match (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_mismatch (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, 0); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + /* Nothing should have matched */ + assert_num_eq (0, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_only (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + P11KitUri *uri; + CK_RV rv; + int count; + int ret; + + modules = initialize_and_get_modules (); + + uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS); + p11_kit_uri_free (uri); + + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + P11KitIterKind kind = p11_kit_iter_get_kind (iter); + assert_num_eq (P11_KIT_ITER_KIND_TOKEN, kind); + count++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (3, count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_token_info (void) +{ + CK_FUNCTION_LIST_PTR *modules; + CK_TOKEN_INFO *info; + P11KitIter *iter; + char *string; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_OK); + + info = p11_kit_iter_get_token (iter); + assert_ptr_not_null (info); + + string = p11_kit_space_strdup (info->label, sizeof (info->label)); + assert_ptr_not_null (string); + + assert_str_eq (string, "TEST LABEL"); + + free (string); + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_getslotlist_fail_first (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetSlotList = mock_C_GetSlotList__fail_first; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_VENDOR_DEFINED); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_getslotlist_fail_late (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetSlotList = mock_C_GetSlotList__fail_late; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_VENDOR_DEFINED); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_open_session_fail (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_OpenSession = mock_C_OpenSession__fails; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DEVICE_ERROR); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_find_init_fail (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_FindObjectsInit = mock_C_FindObjectsInit__fails; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DEVICE_MEMORY); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_find_objects_fail (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_RV rv; + int at; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_FindObjects = mock_C_FindObjects__fails; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + at= 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + at++; + + assert (rv == CKR_DEVICE_REMOVED); + + /* Should fail on the first iteration */ + assert_num_eq (0, at); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_get_attributes (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_OBJECT_HANDLE object; + char label[128]; + CK_ULONG klass; + CK_ULONG ulong; + CK_RV rv; + int at; + + CK_ATTRIBUTE template[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_LABEL, label, sizeof (label) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE attrs[3]; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + assert (sizeof (attrs) == sizeof (template)); + memcpy (&attrs, &template, sizeof (attrs)); + + rv = p11_kit_iter_get_attributes (iter, attrs, 2); + assert (rv == CKR_OK); + + object = p11_kit_iter_get_object (iter); + switch (object) { + case MOCK_DATA_OBJECT: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); + break; + case MOCK_PUBLIC_KEY_CAPITALIZE: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); + break; + case MOCK_PUBLIC_KEY_PREFIX: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); + break; + default: + assert_fail ("Unknown object matched", NULL); + break; + } + + at++; + } + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, at); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + + + +static void +test_load_attributes (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE object; + CK_ULONG ulong; + CK_RV rv; + int at; + + CK_ATTRIBUTE types[] = { + { CKA_CLASS }, + { CKA_LABEL }, + }; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin (iter, modules); + + attrs = p11_attrs_buildn (NULL, types, 2); + + at = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + rv = p11_kit_iter_load_attributes (iter, attrs, 2); + assert (rv == CKR_OK); + + object = p11_kit_iter_get_object (iter); + switch (object) { + case MOCK_DATA_OBJECT: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1)); + break; + case MOCK_PUBLIC_KEY_CAPITALIZE: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1)); + break; + case MOCK_PUBLIC_KEY_PREFIX: + assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY); + assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1)); + break; + default: + assert_fail ("Unknown object matched", NULL); + break; + } + + at++; + } + + p11_attrs_free (attrs); + + assert (rv == CKR_CANCEL); + + /* Three modules, each with 1 slot, and 3 public objects */ + assert_num_eq (9, at); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +static void +test_load_attributes_none (void) +{ + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_buildn (NULL, NULL, 0); + rv = p11_kit_iter_load_attributes (iter, attrs, 0); + assert (rv == CKR_OK); + p11_attrs_free (attrs); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_load_attributes_fail_first (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, }; + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_build (NULL, &label, NULL); + rv = p11_kit_iter_load_attributes (iter, attrs, 1); + assert (rv == CKR_FUNCTION_REJECTED); + p11_attrs_free (attrs); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_load_attributes_fail_late (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, }; + CK_FUNCTION_LIST module; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert (rv == CKR_OK); + + memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST)); + module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_begin_with (iter, &module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_build (NULL, &label, NULL); + rv = p11_kit_iter_load_attributes (iter, attrs, 1); + assert (rv == CKR_FUNCTION_FAILED); + p11_attrs_free (attrs); + } + + assert (rv == CKR_CANCEL); + + p11_kit_iter_free (iter); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_many (void *flags) +{ + P11KitIterBehavior behavior; + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_dict *seen; + P11KitIter *iter; + CK_RV rv; + int count; + int i; + + static CK_OBJECT_CLASS data = CKO_DATA; + static CK_ATTRIBUTE object[] = { + { CKA_VALUE, "blah", 4 }, + { CKA_CLASS, &data, sizeof (data) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, + }; + + behavior = 0; + if (strstr (flags, "busy-sessions")) + behavior |= P11_KIT_ITER_BUSY_SESSIONS; + + mock_module_reset (); + rv = mock_module.C_Initialize (NULL); + assert_num_eq (rv, CKR_OK); + + rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + for (i = 0; i < 10000; i++) + mock_module_add_object (MOCK_SLOT_ONE_ID, object); + + seen = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, free, NULL); + iter = p11_kit_iter_new (NULL, behavior); + p11_kit_iter_add_filter (iter, object, 3); + p11_kit_iter_begin_with (iter, &mock_module, 0, session); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + handle = p11_kit_iter_get_object (iter); + assert (p11_dict_get (seen, &handle) == NULL); + if (!p11_dict_set (seen, memdup (&handle, sizeof (handle)), "x")) + assert_not_reached (); + count++; + } + + assert_num_eq (rv, CKR_CANCEL); + assert_num_eq (count, 10000); + + p11_kit_iter_free (iter); + p11_dict_free (seen); + + rv = mock_module.C_Finalize (NULL); + assert (rv == CKR_OK); +} + +static void +test_destroy_object (void) +{ + CK_FUNCTION_LIST **modules; + P11KitIter *iter; + CK_OBJECT_HANDLE object; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST *module; + CK_ULONG size; + CK_RV rv; + + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE); + + p11_kit_iter_begin (iter, modules); + + /* Should have matched */ + rv = p11_kit_iter_next (iter); + assert_num_eq (rv, CKR_OK); + + object = p11_kit_iter_get_object (iter); + session = p11_kit_iter_get_session (iter); + module = p11_kit_iter_get_module (iter); + + rv = (module->C_GetObjectSize) (session, object, &size); + assert_num_eq (rv, CKR_OK); + + rv = p11_kit_iter_destroy_object (iter); + assert_num_eq (rv, CKR_OK); + + rv = (module->C_GetObjectSize) (session, object, &size); + assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); +} + +/* Test all combinations of P11_KIT_ITER_WITH_{TOKENS,SLOTS,MODULES} + * and P11_KIT_ITER_WITHOUT_OBJECTS, against three modules, each + * with 1 slot, and 3 public objects */ +static void +test_exhaustive_match (void) +{ + CK_FUNCTION_LIST_PTR *modules; + P11KitIter *iter; + CK_RV rv; + int counts[] = { + 9, 12, 12, 15, 12, 15, 15, 18, 0, 3, 3, 6, 3, 6, 6, 9 + }; + int count; + int i; + + for (i = 0; i < ELEMS (counts); i++) { + modules = initialize_and_get_modules (); + + iter = p11_kit_iter_new (NULL, (P11KitIterBehavior) i << 3); + p11_kit_iter_begin (iter, modules); + + count = 0; + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) + count++; + + assert (rv == CKR_CANCEL); + + assert_num_eq (counts[i], count); + + p11_kit_iter_free (iter); + + finalize_and_free_modules (modules); + } +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + mock_module_init (); + + p11_test (test_all, "/iter/test_all"); + p11_test (test_unrecognized, "/iter/test_unrecognized"); + p11_test (test_uri_with_type, "/iter/test_uri_with_type"); + p11_test (test_set_uri, "/iter/set-uri"); + p11_test (test_session_flags, "/iter/test_session_flags"); + p11_test (test_callback, "/iter/test_callback"); + p11_test (test_callback_fails, "/iter/test_callback_fails"); + p11_test (test_callback_destroyer, "/iter/test_callback_destroyer"); + p11_test (test_filter, "/iter/test_filter"); + p11_test (test_with_session, "/iter/test_with_session"); + p11_test (test_with_slot, "/iter/test_with_slot"); + p11_test (test_with_module, "/iter/test_with_module"); + p11_test (test_keep_session, "/iter/test_keep_session"); + p11_test (test_token_match, "/iter/test_token_match"); + p11_test (test_token_mismatch, "/iter/test_token_mismatch"); + p11_test (test_token_info, "/iter/token-info"); + p11_test (test_token_only, "/iter/test_token_only"); + p11_test (test_slot_match, "/iter/test_slot_match"); + p11_test (test_slot_mismatch, "/iter/test_slot_mismatch"); + p11_test (test_slot_match_by_id, "/iter/test_slot_match_by_id"); + p11_test (test_slot_mismatch_by_id, "/iter/test_slot_mismatch_by_id"); + p11_test (test_slot_info, "/iter/slot-info"); + p11_test (test_slot_only, "/iter/test_slot_only"); + p11_test (test_module_match, "/iter/test_module_match"); + p11_test (test_module_mismatch, "/iter/test_module_mismatch"); + p11_test (test_module_only, "/iter/test_module_only"); + p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first"); + p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late"); + p11_test (test_open_session_fail, "/iter/test_open_session_fail"); + p11_test (test_find_init_fail, "/iter/test_find_init_fail"); + p11_test (test_find_objects_fail, "/iter/test_find_objects_fail"); + p11_test (test_get_attributes, "/iter/get-attributes"); + p11_test (test_load_attributes, "/iter/test_load_attributes"); + p11_test (test_load_attributes_none, "/iter/test_load_attributes_none"); + p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first"); + p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late"); + p11_testx (test_many, "", "/iter/test-many"); + p11_testx (test_many, "busy-sessions", "/iter/test-many-busy"); + p11_test (test_destroy_object, "/iter/destroy-object"); + p11_test (test_exhaustive_match, "/iter/test_exhaustive_match"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-log.c b/p11-kit/test-log.c new file mode 100644 index 0000000..e7dab70 --- /dev/null +++ b/p11-kit/test-log.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2013 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "log.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "virtual.h" + +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + p11_lock (); + p11_log_force = true; + + rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); + assert (rv == CKR_OK); + assert_ptr_not_null (module); + assert (p11_virtual_is_wrapper (module)); + + p11_unlock (); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + if (session) { + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, + CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return module; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST_PTR module) +{ + CK_RV rv; + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (module); + assert (rv == CKR_OK); + + p11_unlock (); +} + +/* Bring in all the mock module tests */ +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + mock_module_init (); + + test_mock_add_tests ("/log"); + + p11_kit_be_quiet (); + p11_log_output = false; + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-managed.c b/p11-kit/test-managed.c new file mode 100644 index 0000000..27c52e3 --- /dev/null +++ b/p11-kit/test-managed.c @@ -0,0 +1,312 @@ +/* + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "dict.h" +#include "library.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "virtual.h" +#include "virtual-fixed.h" + +#include +#ifdef OS_UNIX +#include +#endif +#include +#include +#include +#include + +static CK_FUNCTION_LIST_PTR +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST_PTR module = NULL; + CK_RV rv; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); + + p11_unlock (); + + if (rv == CKR_OK) { + assert_ptr_not_null (module); + assert (p11_virtual_is_wrapper (module)); + } else { + assert_ptr_eq (NULL, module); + return NULL; + } + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + if (session) { + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, + CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return module; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST_PTR module) +{ + CK_RV rv; + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (module); + assert (rv == CKR_OK); + + p11_unlock (); +} + +static CK_RV +fail_C_Initialize (void *init_reserved) +{ + return CKR_FUNCTION_FAILED; +} + +static void +test_initialize_finalize (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module); + assert (rv == CKR_OK); + assert_ptr_not_null (module); + assert (p11_virtual_is_wrapper (module)); + + p11_unlock (); + + rv = module->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = module->C_Initialize (NULL); + assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED); + + rv = module->C_Finalize (NULL); + assert (rv == CKR_OK); + + rv = module->C_Finalize (NULL); + assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); + + p11_lock (); + + rv = p11_module_release_inlock_reentrant (module); + assert (rv == CKR_OK); + + p11_unlock (); +} + +static void +test_initialize_fail (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_FUNCTION_LIST base; + CK_RV rv; + + memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST)); + base.C_Initialize = fail_C_Initialize; + + p11_lock (); + + rv = p11_module_load_inlock_reentrant (&base, 0, &module); + assert (rv == CKR_OK); + + p11_unlock (); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_FUNCTION_FAILED); +} + +static void +test_separate_close_all_sessions (void) +{ + CK_FUNCTION_LIST *first; + CK_FUNCTION_LIST *second; + CK_SESSION_HANDLE s1; + CK_SESSION_HANDLE s2; + CK_SESSION_INFO info; + CK_RV rv; + + first = setup_mock_module (&s1); + assert_ptr_not_null (first); + second = setup_mock_module (&s2); + assert_ptr_not_null (second); + + rv = first->C_GetSessionInfo (s1, &info); + assert (rv == CKR_OK); + + rv = second->C_GetSessionInfo (s2, &info); + assert (rv == CKR_OK); + + first->C_CloseAllSessions (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + + rv = first->C_GetSessionInfo (s1, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = second->C_GetSessionInfo (s2, &info); + assert (rv == CKR_OK); + + second->C_CloseAllSessions (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + + rv = first->C_GetSessionInfo (s1, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = second->C_GetSessionInfo (s2, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (first); + teardown_mock_module (second); +} + +#define MAX_MODS (P11_VIRTUAL_MAX_FIXED+10) +static void +test_max_session_load (void) +{ + CK_FUNCTION_LIST *list[MAX_MODS]; + CK_SESSION_HANDLE s1; + CK_SESSION_INFO info; + CK_RV rv; + unsigned i; + unsigned registered = 0; + + for (i = 0; i < MAX_MODS; i++) { + list[i] = setup_mock_module (&s1); + if (list[i] != NULL) + registered++; + } + + assert_num_cmp (registered + 1, >=, P11_VIRTUAL_MAX_FIXED); + + for (i = 0; i < registered; i++) { + rv = list[i]->C_GetSessionInfo (s1, &info); + assert (rv == CKR_OK); + + list[i]->C_CloseAllSessions (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + } + + for (i = 0; i < registered; i++) { + teardown_mock_module (list[i]); + } +} + +#ifdef OS_UNIX + +static void +test_fork_and_reinitialize (void) +{ + CK_FUNCTION_LIST *module; + CK_INFO info; + int status; + CK_RV rv; + pid_t pid; + int i; + + module = setup_mock_module (NULL); + assert_ptr_not_null (module); + + pid = fork (); + assert_num_cmp (pid, >=, 0); + + /* The child */ + if (pid == 0) { + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + for (i = 0; i < 32; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + _exit (66); + } + + for (i = 0; i < 128; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + assert_num_eq (waitpid (pid, &status, 0), pid); + assert_num_eq (WEXITSTATUS (status), 66); + + teardown_mock_module (module); +} + +#endif /* OS_UNIX */ + +/* Bring in all the mock module tests */ +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + p11_library_init (); + + p11_test (test_initialize_finalize, "/managed/test_initialize_finalize"); + p11_test (test_initialize_fail, "/managed/test_initialize_fail"); + p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions"); + p11_test (test_max_session_load, "/managed/test_max_session_load"); + +#ifdef OS_UNIX + p11_test (test_fork_and_reinitialize, "/managed/fork-and-reinitialize"); +#endif + + test_mock_add_tests ("/managed"); + + p11_kit_be_quiet (); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-messages.sh b/p11-kit/test-messages.sh new file mode 100755 index 0000000..7283e77 --- /dev/null +++ b/p11-kit/test-messages.sh @@ -0,0 +1,110 @@ +#!/bin/sh + +set -e + +testdir=$PWD/test-messages-$$ +test -d "$testdir" || mkdir "$testdir" + +cleanup () { + rm -rf "$testdir" +} +trap cleanup 0 + +cd "$testdir" + +cat > messages.exp < messages.out + +echo 1..1 + +: ${DIFF=diff} +if ${DIFF} messages.exp messages.out > messages.diff; then + echo "ok 1 /messages/return-code" +else + echo "not ok 1 /messages/return-code" + sed 's/^/# /' messages.diff + exit 1 +fi diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c new file mode 100644 index 0000000..6cc690c --- /dev/null +++ b/p11-kit/test-mock.c @@ -0,0 +1,1685 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012-2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "p11-kit.h" + +#include +#include +#include +#include + +static void +test_get_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_INFO info; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetInfo) (&info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major); + assert_num_eq (MOCK_INFO.cryptokiVersion.minor, info.cryptokiVersion.minor); + assert (memcmp (MOCK_INFO.manufacturerID, info.manufacturerID, sizeof (info.manufacturerID)) == 0); + assert_num_eq (MOCK_INFO.flags, info.flags); + assert (memcmp (MOCK_INFO.libraryDescription, info.libraryDescription, sizeof (info.libraryDescription)) == 0); + assert_num_eq (MOCK_INFO.libraryVersion.major, info.libraryVersion.major); + assert_num_eq (MOCK_INFO.libraryVersion.minor, info.libraryVersion.minor); + + teardown_mock_module (module); +} + +static void +test_get_slot_list (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot_list[8]; + CK_ULONG count = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + /* Normal module has 2 slots, one with token present */ + rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_PRESENT, count); + rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_ALL, count); + + count = 8; + rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_PRESENT, count); + assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); + + count = 8; + rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOTS_ALL, count); + assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]); + assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]); + + teardown_mock_module (module); +} + +static void +test_get_slot_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_INFO info; + char *string; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info); + assert (rv == CKR_OK); + string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription)); + assert_str_eq ("TEST SLOT", string); + free (string); + string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + assert_str_eq ("TEST MANUFACTURER", string); + free (string); + assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags); + assert_num_eq (55, info.hardwareVersion.major); + assert_num_eq (155, info.hardwareVersion.minor); + assert_num_eq (65, info.firmwareVersion.major); + assert_num_eq (165, info.firmwareVersion.minor); + + rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info); + assert (rv == CKR_OK); + assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags); + + rv = (module->C_GetSlotInfo) (0, &info); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_token_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_TOKEN_INFO info; + char *string; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info); + assert (rv == CKR_OK); + + string = p11_kit_space_strdup (info.label, sizeof (info.label)); + assert_str_eq ("TEST LABEL", string); + free (string); + string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + assert_str_eq ("TEST MANUFACTURER", string); + free (string); + string = p11_kit_space_strdup (info.model, sizeof (info.model)); + assert_str_eq ("TEST MODEL", string); + free (string); + string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber)); + assert_str_eq ("TEST SERIAL", string); + free (string); + assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags); + assert_num_eq (1, info.ulMaxSessionCount); + assert_num_eq (2, info.ulSessionCount); + assert_num_eq (3, info.ulMaxRwSessionCount); + assert_num_eq (4, info.ulRwSessionCount); + assert_num_eq (5, info.ulMaxPinLen); + assert_num_eq (6, info.ulMinPinLen); + assert_num_eq (7, info.ulTotalPublicMemory); + assert_num_eq (8, info.ulFreePublicMemory); + assert_num_eq (9, info.ulTotalPrivateMemory); + assert_num_eq (10, info.ulFreePrivateMemory); + assert_num_eq (75, info.hardwareVersion.major); + assert_num_eq (175, info.hardwareVersion.minor); + assert_num_eq (85, info.firmwareVersion.major); + assert_num_eq (185, info.firmwareVersion.minor); + assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0); + + rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info); + assert (rv == CKR_TOKEN_NOT_PRESENT); + + rv = (module->C_GetTokenInfo) (0, &info); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_mechanism_list (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_MECHANISM_TYPE mechs[8]; + CK_ULONG count = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (2, count); + rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_GetMechanismList) (0, NULL, &count); + assert (rv == CKR_SLOT_ID_INVALID); + + count = 8; + rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count); + assert (rv == CKR_OK); + assert_num_eq (2, count); + assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE); + assert_num_eq (mechs[1], CKM_MOCK_PREFIX); + + teardown_mock_module (module); +} + +static void +test_get_mechanism_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_MECHANISM_INFO info; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (512, info.ulMinKeySize); + assert_num_eq (4096, info.ulMaxKeySize); + assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags); + + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info); + assert (rv == CKR_OK); + assert_num_eq (2048, info.ulMinKeySize); + assert_num_eq (2048, info.ulMaxKeySize); + assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags); + + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info); + assert (rv == CKR_MECHANISM_INVALID); + rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_init_token (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_OK); + + rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_PIN_INVALID); + rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL"); + assert (rv == CKR_SLOT_ID_INVALID); + + teardown_mock_module (module); +} + +static void +test_wait_for_slot_event (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slot; + CK_RV rv; + +#ifdef MOCK_SKIP_WAIT_TEST + return; +#endif + + module = setup_mock_module (NULL); + + rv = (module->C_WaitForSlotEvent) (0, &slot, NULL); + assert (rv == CKR_OK); + assert_num_eq (slot, MOCK_SLOT_TWO_ID); + + rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL); + assert (rv == CKR_NO_EVENT); + + teardown_mock_module (module); +} + +static void +test_open_close_session (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_TOKEN_NOT_PRESENT); + rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_SLOT_ID_INVALID); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_CloseSession) (session); + assert (rv == CKR_OK); + + rv = (module->C_CloseSession) (session); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_close_all_sessions (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID); + assert (rv == CKR_OK); + + rv = (module->C_CloseSession) (session); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_function_status (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_GetFunctionStatus) (session); + assert (rv == CKR_FUNCTION_NOT_PARALLEL); + + teardown_mock_module (module); +} + +static void +test_cancel_function (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_CancelFunction) (session); + assert (rv == CKR_FUNCTION_NOT_PARALLEL); + + teardown_mock_module (module); +} + +static void +test_get_session_info (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_SESSION_INFO info; + CK_RV rv; + + module = setup_mock_module (NULL); + + rv = (module->C_GetSessionInfo) (0, &info); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_GetSessionInfo) (session, &info); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); + assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state); + assert_num_eq (CKF_SERIAL_SESSION, info.flags); + assert_num_eq (1414, info.ulDeviceError); + + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + assert (session != 0); + + rv = (module->C_GetSessionInfo) (session, &info); + assert (rv == CKR_OK); + assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID); + assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state); + assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags); + assert_num_eq (1414, info.ulDeviceError); + + teardown_mock_module (module); +} + +static void +test_init_pin (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_OK); + + rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5); + assert (rv == CKR_PIN_INVALID); + + teardown_mock_module (module); +} + +static void +test_set_pin (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8); + assert (rv == CKR_OK); + + rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5); + assert (rv == CKR_PIN_INCORRECT); + + teardown_mock_module (module); +} + +static void +test_operation_state (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_BYTE state[128]; + CK_ULONG state_len; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + state_len = sizeof (state); + rv = (module->C_GetOperationState) (0, state, &state_len); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + state_len = sizeof (state); + rv = (module->C_GetOperationState) (session, state, &state_len); + assert (rv == CKR_OK); + + rv = (module->C_SetOperationState) (session, state, state_len, 355, 455); + assert (rv == CKR_OK); + + rv = (module->C_SetOperationState) (0, state, state_len, 355, 455); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_login_logout (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2); + assert (rv == CKR_PIN_INCORRECT); + + rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_Logout) (session); + assert (rv == CKR_OK); + + rv = (module->C_Logout) (session); + assert (rv == CKR_USER_NOT_LOGGED_IN); + + teardown_mock_module (module); +} + +static void +test_get_attribute_value (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_OBJECT_CLASS klass; + CK_RV rv; + + module = setup_mock_module (&session); + + attrs[0].type = CKA_CLASS; + attrs[0].pValue = &klass; + attrs[0].ulValueLen = sizeof (klass); + attrs[1].type = CKA_LABEL; + attrs[1].pValue = label; + attrs[1].ulValueLen = 2; /* too small */ + attrs[2].type = CKA_BITS_PER_PIXEL; + attrs[2].pValue = NULL; + attrs[2].ulValueLen = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3); + assert (rv == CKR_USER_NOT_LOGGED_IN); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_BUFFER_TOO_SMALL); + + /* Get right size */ + attrs[1].pValue = NULL; + attrs[1].ulValueLen = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_OK); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); + assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); + + assert_num_eq (CKO_PUBLIC_KEY, klass); + assert_num_eq (21, attrs[1].ulValueLen); + assert_ptr_eq (NULL, attrs[1].pValue); + attrs[1].pValue = label; + attrs[1].ulValueLen = sizeof (label); + assert ((CK_ULONG)-1 == attrs[2].ulValueLen); + assert_ptr_eq (NULL, attrs[2].pValue); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3); + assert (rv == CKR_ATTRIBUTE_TYPE_INVALID); + + assert_num_eq (CKO_PUBLIC_KEY, klass); + assert_num_eq (21, attrs[1].ulValueLen); + assert_ptr_eq (label, attrs[1].pValue); + assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); + assert ((CK_ULONG)-1 == attrs[2].ulValueLen); + assert_ptr_eq (NULL, attrs[2].pValue); + + teardown_mock_module (module); +} + +static void +test_set_attribute_value (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_USER_NOT_LOGGED_IN); + + rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_OK); + + memset (label, 0, sizeof (label)); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_create_object (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_CreateObject) (0, attrs, 2, &object); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_CreateObject) (session, attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, object, attrs, 2); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_copy_object (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + bits = 1555; + + attrs[0].type = CKA_BITS_PER_PIXEL; + attrs[0].pValue = &bits; + attrs[0].ulValueLen = sizeof (bits); + + rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object); + assert (rv == CKR_OK); + + attrs[1].type = CKA_LABEL; + attrs[1].pValue = label; + attrs[1].ulValueLen = sizeof (label); + bits = 0; + + rv = (module->C_GetAttributeValue) (session, object, attrs, 2); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (21, attrs[1].ulValueLen); + assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_destroy_object (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ATTRIBUTE attrs[8]; + char label[32]; + CK_RV rv; + + module = setup_mock_module (&session); + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = sizeof (label); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); + assert (rv == CKR_OK); + + rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + teardown_mock_module (module); +} + +static void +test_get_object_size (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_ULONG size; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_GetObjectSize) (session, 1333, &size); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size); + assert (rv == CKR_OK); + + /* The number here is the length of all attributes added up */ + assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size); + + teardown_mock_module (module); +} + +static void +test_find_objects (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) }; + CK_OBJECT_HANDLE objects[16]; + CK_ULONG count = 0; + CK_ULONG i; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_FindObjectsInit) (0, &attr, 1); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_FindObjectsInit) (session, &attr, 1); + assert (rv == CKR_OK); + + rv = (module->C_FindObjects) (0, objects, 16, &count); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_FindObjects) (session, objects, 16, &count); + assert (rv == CKR_OK); + + assert (count < 16); + + /* Make sure we get the capitalize public key */ + for (i = 0; i < count; i++) { + if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE) + break; + } + assert (i != count); + + /* Make sure we get the prefix public key */ + for (i = 0; i < count; i++) { + if (objects[i] == MOCK_PUBLIC_KEY_PREFIX) + break; + } + assert (i != count); + + /* Make sure all public keys */ + for (i = 0; i < count; i++) { + klass = (CK_ULONG)-1; + rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1); + assert (rv == CKR_OK); + assert_num_eq (CKO_PUBLIC_KEY, klass); + } + + rv = (module->C_FindObjectsFinal) (session); + assert (rv == CKR_OK); + + rv = (module->C_FindObjectsFinal) (session); + assert (rv == CKR_OPERATION_NOT_INITIALIZED); + + teardown_mock_module (module); +} + +static void +test_encrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_KEY_HANDLE_INVALID); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLAH", 4) == 0); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (5, length); + assert (memcmp (data, "SLURM", 5) == 0); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (0, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_decrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_KEY_HANDLE_INVALID); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "blah", 4) == 0); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (5, length); + assert (memcmp (data, "slurm", 5) == 0); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (0, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_digest (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_BYTE digest[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_DigestInit) (0, &mech); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DigestInit) (session, &mech); + assert (rv == CKR_OK); + + length = sizeof (digest); + rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (digest); + rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length); + assert (rv == CKR_OK); + + assert_num_eq (1, length); + assert (memcmp (digest, "4", 1) == 0); + + rv = (module->C_DigestInit) (session, &mech); + assert (rv == CKR_OK); + + rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); + assert (rv == CKR_OK); + + /* Adds the the value of object handle to hash: 6 */ + assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX); + rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5); + assert (rv == CKR_OK); + + length = sizeof (digest); + rv = (module->C_DigestFinal) (0, digest, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (digest); + rv = (module->C_DigestFinal) (session, digest, &length); + assert (rv == CKR_OK); + + assert_num_eq (2, length); + assert (memcmp (digest, "16", 2) == 0); + + teardown_mock_module (module); +} + +static void +test_sign (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE signature[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + length = sizeof (signature); + rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (signature); + rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert (rv == CKR_OK); + + assert_num_eq (13, length); + assert (memcmp (signature, "prefix:value4", 13) == 0); + + rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); + assert (rv == CKR_OK); + + rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5); + assert (rv == CKR_OK); + + length = sizeof (signature); + rv = (module->C_SignFinal) (0, signature, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (signature); + rv = (module->C_SignFinal) (session, signature, &length); + assert (rv == CKR_OK); + + assert_num_eq (14, length); + assert (memcmp (signature, "prefix:value10", 2) == 0); + + teardown_mock_module (module); +} + +static void +test_sign_recover (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE signature[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + length = sizeof (signature); + rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (signature); + rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length); + assert (rv == CKR_OK); + + assert_num_eq (16, length); + assert (memcmp (signature, "prefix:valueBLAh", 16) == 0); + + teardown_mock_module (module); +} + +static void +test_verify (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE signature[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + length = 13; + memcpy (signature, "prefix:value4", length); + rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length); + assert (rv == CKR_OK); + + rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5); + assert (rv == CKR_OK); + + rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5); + assert (rv == CKR_OK); + + length = 14; + memcpy (signature, "prefix:value10", length); + + rv = (module->C_VerifyFinal) (session, signature, 5); + assert (rv == CKR_SIGNATURE_LEN_RANGE); + + rv = (module->C_VerifyFinal) (session, signature, length); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_verify_recover (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLah", 4) == 0); + + teardown_mock_module (module); +} + +static void +test_digest_encrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_DigestInit) (session, &dmech); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLAH", 4) == 0); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DigestFinal) (session, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (1, length); + assert (memcmp (data, "4", 1) == 0); + + teardown_mock_module (module); +} + +static void +test_decrypt_digest (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_DigestInit) (session, &dmech); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "blah", 4) == 0); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DigestFinal) (session, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (1, length); + assert (memcmp (data, "4", 1) == 0); + + teardown_mock_module (module); +} + +static void +test_sign_encrypt (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX); + assert (rv == CKR_OK); + + rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "BLAH", 4) == 0); + + length = sizeof (data); + rv = (module->C_EncryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_SignFinal) (session, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (8, length); + assert (memcmp (data, "p:value4", 1) == 0); + + teardown_mock_module (module); +} + +static void +test_decrypt_verify (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 }; + CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4); + assert (rv == CKR_OK); + + rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE); + assert (rv == CKR_OK); + + rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX); + assert (rv == CKR_OK); + + length = sizeof (data); + rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + length = sizeof (data); + rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (4, length); + assert (memcmp (data, "blah", 4) == 0); + + length = sizeof (data); + rv = (module->C_DecryptFinal) (session, data, &length); + assert (rv == CKR_OK); + + rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8); + assert (rv == CKR_OK); + + teardown_mock_module (module); +} + +static void +test_generate_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 }; + CK_ATTRIBUTE attrs[8]; + char label[32]; + char value[64]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "generate"; + mech.ulParameterLen = 9; + + rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + attrs[2].type = CKA_VALUE; + attrs[2].pValue = value; + attrs[2].ulValueLen = sizeof (value); + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (9, attrs[2].ulValueLen); + assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_generate_key_pair (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE pub_object; + CK_OBJECT_HANDLE priv_object; + CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 }; + CK_ATTRIBUTE pub_attrs[8]; + CK_ATTRIBUTE priv_attrs[8]; + char pub_label[32]; + char pub_value[64]; + char priv_label[32]; + char priv_value[64]; + CK_ULONG pub_bits; + CK_ULONG priv_bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (pub_label, "Blahooo"); + pub_bits = 1555; + pub_attrs[0].type = CKA_LABEL; + pub_attrs[0].pValue = pub_label; + pub_attrs[0].ulValueLen = strlen (pub_label); + pub_attrs[1].type = CKA_BITS_PER_PIXEL; + pub_attrs[1].pValue = &pub_bits; + pub_attrs[1].ulValueLen = sizeof (pub_bits); + + strcpy (priv_label, "Private"); + priv_bits = 1666; + priv_attrs[0].type = CKA_LABEL; + priv_attrs[0].pValue = priv_label; + priv_attrs[0].ulValueLen = strlen (priv_label); + priv_attrs[1].type = CKA_BITS_PER_PIXEL; + priv_attrs[1].pValue = &priv_bits; + priv_attrs[1].ulValueLen = sizeof (priv_bits); + + rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2, + &pub_object, &priv_object); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + mech.pParameter = "generate"; + mech.ulParameterLen = 9; + + rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2, + &pub_object, &priv_object); + assert (rv == CKR_OK); + + pub_bits = 0; + pub_attrs[0].ulValueLen = sizeof (pub_label); + memset (pub_label, 0, sizeof (pub_label)); + pub_attrs[2].type = CKA_VALUE; + pub_attrs[2].pValue = pub_value; + pub_attrs[2].ulValueLen = sizeof (pub_value); + + rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (1555, pub_bits); + assert_num_eq (7, pub_attrs[0].ulValueLen); + assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0); + assert_num_eq (9, pub_attrs[2].ulValueLen); + assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0); + + priv_bits = 0; + priv_attrs[0].ulValueLen = sizeof (priv_label); + memset (priv_label, 0, sizeof (priv_label)); + priv_attrs[2].type = CKA_VALUE; + priv_attrs[2].pValue = priv_value; + priv_attrs[2].ulValueLen = sizeof (priv_value); + + rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (1666, priv_bits); + assert_num_eq (7, priv_attrs[0].ulValueLen); + assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0); + assert_num_eq (9, priv_attrs[2].ulValueLen); + assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_wrap_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; + CK_BYTE data[128]; + CK_ULONG length; + CK_RV rv; + + module = setup_mock_module (&session); + + length = sizeof (data); + rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "wrap"; + mech.ulParameterLen = 4; + + rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length); + assert (rv == CKR_OK); + + assert_num_eq (5, length); + assert (memcmp (data, "value", 5) == 0); + + teardown_mock_module (module); +} + +static void +test_unwrap_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 }; + CK_ATTRIBUTE attrs[8]; + char label[32]; + char value[64]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "wrap"; + mech.ulParameterLen = 4; + + rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + attrs[2].type = CKA_VALUE; + attrs[2].pValue = value; + attrs[2].ulValueLen = sizeof (value); + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_derive_key (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_OBJECT_HANDLE object; + CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 }; + CK_ATTRIBUTE attrs[8]; + char label[32]; + char value[64]; + CK_ULONG bits; + CK_RV rv; + + module = setup_mock_module (&session); + + strcpy (label, "Blahooo"); + bits = 1555; + + attrs[0].type = CKA_LABEL; + attrs[0].pValue = label; + attrs[0].ulValueLen = strlen (label); + attrs[1].type = CKA_BITS_PER_PIXEL; + attrs[1].pValue = &bits; + attrs[1].ulValueLen = sizeof (bits); + + rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + attrs, 2, &object); + assert (rv == CKR_MECHANISM_PARAM_INVALID); + + mech.pParameter = "derive"; + mech.ulParameterLen = 6; + + rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, + attrs, 2, &object); + assert (rv == CKR_OK); + + attrs[0].ulValueLen = sizeof (label); + memset (label, 0, sizeof (label)); + bits = 0; + attrs[2].type = CKA_VALUE; + attrs[2].pValue = value; + attrs[2].ulValueLen = sizeof (value); + + rv = (module->C_GetAttributeValue) (session, object, attrs, 3); + assert (rv == CKR_OK); + + assert_num_eq (bits, 1555); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0); + assert_num_eq (7, attrs[2].ulValueLen); + assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0); + + teardown_mock_module (module); +} + +static void +test_random (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_SESSION_HANDLE session = 0; + CK_BYTE data[10]; + CK_RV rv; + + module = setup_mock_module (&session); + + rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4); + assert (rv == CKR_OK); + + rv = (module->C_GenerateRandom) (0, data, sizeof (data)); + assert (rv == CKR_SESSION_HANDLE_INVALID); + + rv = (module->C_GenerateRandom) (session, data, sizeof (data)); + assert (rv == CKR_OK); + + assert (memcmp (data, "seedseedse", sizeof (data)) == 0); + + teardown_mock_module (module); +} + +static void +test_mock_add_tests (const char *prefix) +{ + p11_fixture (NULL, NULL); + p11_test (test_get_info, "%s/test_get_info", prefix); + p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix); + p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix); + p11_test (test_get_token_info, "%s/test_get_token_info", prefix); + p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix); + p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix); + p11_test (test_init_token, "%s/test_init_token", prefix); + p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix); + p11_test (test_open_close_session, "%s/test_open_close_session", prefix); + p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix); + p11_test (test_get_function_status, "%s/test_get_function_status", prefix); + p11_test (test_cancel_function, "%s/test_cancel_function", prefix); + p11_test (test_get_session_info, "%s/test_get_session_info", prefix); + p11_test (test_init_pin, "%s/test_init_pin", prefix); + p11_test (test_set_pin, "%s/test_set_pin", prefix); + p11_test (test_operation_state, "%s/test_operation_state", prefix); + p11_test (test_login_logout, "%s/test_login_logout", prefix); + p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix); + p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix); + p11_test (test_create_object, "%s/test_create_object", prefix); + p11_test (test_copy_object, "%s/test_copy_object", prefix); + p11_test (test_destroy_object, "%s/test_destroy_object", prefix); + p11_test (test_get_object_size, "%s/test_get_object_size", prefix); + p11_test (test_find_objects, "%s/test_find_objects", prefix); + p11_test (test_encrypt, "%s/test_encrypt", prefix); + p11_test (test_decrypt, "%s/test_decrypt", prefix); + p11_test (test_digest, "%s/test_digest", prefix); + p11_test (test_sign, "%s/test_sign", prefix); + p11_test (test_sign_recover, "%s/test_sign_recover", prefix); + p11_test (test_verify, "%s/test_verify", prefix); + p11_test (test_verify_recover, "%s/test_verify_recover", prefix); + p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix); + p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix); + p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix); + p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix); + p11_test (test_generate_key, "%s/test_generate_key", prefix); + p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix); + p11_test (test_wrap_key, "%s/test_wrap_key", prefix); + p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix); + p11_test (test_derive_key, "%s/test_derive_key", prefix); + p11_test (test_random, "%s/test_random", prefix); +} diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c new file mode 100644 index 0000000..317a54f --- /dev/null +++ b/p11-kit/test-modules.c @@ -0,0 +1,516 @@ +/* + * Copyright (c) 2012, 2015, 2016 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#include "debug.h" +#include "library.h" +#include "p11-kit.h" +#include "private.h" +#include "dict.h" + +static CK_FUNCTION_LIST_PTR_PTR +initialize_and_get_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL && modules[0] != NULL); + + return modules; +} + +static void +finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules) +{ + p11_kit_modules_finalize_and_release (modules); +} + +static void +test_no_duplicates (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + p11_dict *paths; + p11_dict *funcs; + char *path; + int i; + + modules = initialize_and_get_modules (); + paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + path = p11_kit_config_option (modules[i], "module"); + + if (p11_dict_get (funcs, modules[i])) + assert_fail ("found duplicate function list pointer", NULL); + if (p11_dict_get (paths, path)) + assert_fail ("found duplicate path name", NULL); + + if (!p11_dict_set (funcs, modules[i], "")) + assert_not_reached (); + if (!p11_dict_set (paths, path, "")) + assert_not_reached (); + + free (path); + } + + p11_dict_free (paths); + p11_dict_free (funcs); + finalize_and_free_modules (modules); +} + +static void +test_exceed_max (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + p11_dict *paths; + p11_dict *funcs; + char *path; + int i; + + modules = initialize_and_get_modules (); + paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + path = p11_kit_config_option (modules[i], "module"); + + if (p11_dict_get (funcs, modules[i])) + assert_fail ("found duplicate function list pointer", NULL); + if (p11_dict_get (paths, path)) + assert_fail ("found duplicate path name", NULL); + + if (!p11_dict_set (funcs, modules[i], "")) + assert_not_reached (); + if (!p11_dict_set (paths, path, "")) + assert_not_reached (); + + free (path); + } + + p11_dict_free (paths); + p11_dict_free (funcs); + finalize_and_free_modules (modules); +} + +static CK_FUNCTION_LIST_PTR +lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, + const char *name) +{ + CK_FUNCTION_LIST_PTR match = NULL; + CK_FUNCTION_LIST_PTR module; + char *module_name; + int i; + + for (i = 0; match == NULL && modules[i] != NULL; i++) { + module_name = p11_kit_module_get_name (modules[i]); + assert_ptr_not_null (module_name); + if (strcmp (module_name, name) == 0) + match = modules[i]; + free (module_name); + } + + /* + * As a side effect, we should check that the results of this function + * matches the above search. + */ + module = p11_kit_module_for_name (modules, name); + if (module != match) + assert_fail ("different result from p11_kit_module_for_name ()", NULL); + + return match; +} + +static CK_FUNCTION_LIST_PTR +lookup_module_with_filename (CK_FUNCTION_LIST_PTR_PTR modules, + const char *name) +{ + CK_FUNCTION_LIST_PTR match = NULL; + char *module_name; + int i; + + for (i = 0; match == NULL && modules[i] != NULL; i++) { + module_name = p11_kit_module_get_filename (modules[i]); + assert_ptr_not_null (module_name); + if (strcmp (basename(module_name), name) == 0) + match = modules[i]; + free (module_name); + } + + return match; +} + +static void +test_disable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module four should be present, as we don't match any prognames + * that it has disabled. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") != NULL); + finalize_and_free_modules (modules); + + /* + * The module two shouldn't have been loaded, because in its config + * file we have: + * + * disable-in: test-disable + */ + + p11_kit_set_progname ("test-disable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "four") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_filename (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module four should be present, as we don't match any prognames + * that it has disabled. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_filename (modules, "mock-four" SHLEXT) != NULL); + finalize_and_free_modules (modules); +} + +static void +test_disable_later (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module two shouldn't be matched, because in its config + * file we have: + * + * disable-in: test-disable + */ + + p11_kit_set_progname ("test-disable"); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL && modules[0] != NULL); + + assert (lookup_module_with_name (modules, "two") == NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_enable (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") == NULL); + finalize_and_free_modules (modules); + + /* + * The module three should be loaded here , because in its config + * file we have: + * + * enable-in: test-enable + */ + + p11_kit_set_progname ("test-enable"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "three") != NULL); + finalize_and_free_modules (modules); + + p11_kit_set_progname (NULL); +} + +static void +test_priority (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + char *name; + int i; + + /* + * The expected order. + * - four is marked with a priority of 4, the highest therefore first + * - three is marked with a priority of 3, next highest + * - one and two do not have priority marked, so they default to zero + * and fallback to sorting alphabetically. 'o' comes before 't' + */ + + const char *expected[] = { "four", "three", "one", "two.badname" }; + + /* This enables module three */ + p11_kit_set_progname ("test-enable"); + + modules = initialize_and_get_modules (); + + /* The loaded modules should not contain duplicates */ + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + assert_ptr_not_null (name); + + /* Either one of these can be loaded, as this is a duplicate module */ + if (strcmp (name, "two-duplicate") == 0) { + free (name); + name = strdup ("two.badname"); + } + + assert_str_eq (expected[i], name); + free (name); + } + + assert_num_eq (4, i); + finalize_and_free_modules (modules); +} + +static void +test_module_name (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_FUNCTION_LIST_PTR module; + char *name; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + + module = p11_kit_module_for_name (modules, "one"); + assert_ptr_not_null (module); + name = p11_kit_module_get_name (module); + assert_str_eq ("one", name); + free (name); + + module = p11_kit_module_for_name (modules, "invalid"); + assert_ptr_eq (NULL, module); + + module = p11_kit_module_for_name (NULL, "one"); + assert_ptr_eq (NULL, module); + + finalize_and_free_modules (modules); +} + +static void +test_module_flags (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST **unmanaged; + int flags; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + + flags = p11_kit_module_get_flags (modules[0]); + assert_num_eq (0, flags); + + unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED); + assert (unmanaged != NULL && unmanaged[0] != NULL); + + flags = p11_kit_module_get_flags (unmanaged[0]); + assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags); + + finalize_and_free_modules (modules); + p11_kit_modules_release (unmanaged); +} + +static void +test_module_trusted_only (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + char *name; + + modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); + assert_ptr_not_null (modules); + assert_ptr_not_null (modules[0]); + assert (modules[1] == NULL); + + name = p11_kit_module_get_name (modules[0]); + assert_str_eq (name, "one"); + free (name); + + assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED); + + finalize_and_free_modules (modules); +} + +static void +test_module_trust_flags (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + char *name; + int flags; + int i; + + modules = initialize_and_get_modules (); + assert_ptr_not_null (modules); + + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + assert_ptr_not_null (name); + + flags = p11_kit_module_get_flags (modules[i]); + if (strcmp (name, "one") == 0) { + assert_num_eq (flags, P11_KIT_MODULE_TRUSTED); + } else { + assert_num_eq (flags, 0); + } + + free (name); + } + + finalize_and_free_modules (modules); +} + +static void +test_config_option (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_FUNCTION_LIST_PTR module; + char *value; + + /* + * The module three should not be present, as we don't match the current + * program. + */ + + modules = initialize_and_get_modules (); + + value = p11_kit_config_option (NULL, "new"); + assert_str_eq ("world", value); + free (value); + + module = p11_kit_module_for_name (modules, "one"); + assert_ptr_not_null (module); + + value = p11_kit_config_option (module, "setting"); + assert_str_eq ("user1", value); + free (value); + + value = p11_kit_config_option (NULL, "invalid"); + assert_ptr_eq (NULL, value); + + value = p11_kit_config_option (module, "invalid"); + assert_ptr_eq (NULL, value); + + /* Invalid but non-NULL module pointer */ + value = p11_kit_config_option (module + 1, "setting"); + assert_ptr_eq (NULL, value); + + finalize_and_free_modules (modules); +} + +static void +test_already_initialized (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + CK_RV rv; + + /* This enables module seven */ + p11_kit_set_progname ("test-modules"); + + modules = initialize_and_get_modules (); + assert (lookup_module_with_name (modules, "seven") != NULL); + + rv = p11_kit_modules_initialize (modules, NULL); + if (rv != CKR_OK) { + finalize_and_free_modules (modules); + assert_todo ("not implemented", "CKR_CRYPTOKI_ALREADY_INITIALIZED handling"); + } + if (!lookup_module_with_name (modules, "seven")) { + finalize_and_free_modules (modules); + assert_todo ("not implemented", "CKR_CRYPTOKI_ALREADY_INITIALIZED handling"); + } + finalize_and_free_modules (modules); +} + +extern bool p11_conf_force_user_config; + +int +main (int argc, + char *argv[]) +{ + p11_conf_force_user_config = true; + + p11_library_init (); + + p11_test (test_filename, "/modules/test_filename"); + p11_test (test_no_duplicates, "/modules/test_no_duplicates"); + p11_test (test_exceed_max, "/modules/test_exceed_max"); + p11_test (test_disable, "/modules/test_disable"); + p11_test (test_disable_later, "/modules/test_disable_later"); + p11_test (test_enable, "/modules/test_enable"); + p11_test (test_priority, "/modules/test_priority"); + p11_test (test_module_name, "/modules/test_module_name"); + p11_test (test_module_flags, "/modules/test_module_flags"); + p11_test (test_config_option, "/modules/test_config_option"); + p11_test (test_module_trusted_only, "/modules/trusted-only"); + p11_test (test_module_trust_flags, "/modules/trust-flags"); + p11_test (test_already_initialized, "/modules/already-initialized"); + + p11_kit_be_quiet (); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-pin.c b/p11-kit/test-pin.c new file mode 100644 index 0000000..a63bb45 --- /dev/null +++ b/p11-kit/test-pin.c @@ -0,0 +1,313 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "library.h" + +#include +#include +#include +#include +#include + +#include "p11-kit/pin.h" +#include "p11-kit/private.h" + +static P11KitPin * +callback_one (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, + P11KitPinFlags pin_flags, void *callback_data) +{ + int *data = callback_data; + assert (*data == 33); + return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free); +} + +static P11KitPin* +callback_other (const char *pin_source, P11KitUri *pin_uri, const char *pin_description, + P11KitPinFlags pin_flags, void *callback_data) +{ + char *data = callback_data; + return p11_kit_pin_new_for_string (data); +} + +static void +destroy_data (void *callback_data) +{ + int *data = callback_data; + (*data)++; +} + +static void +test_pin_register_unregister (void) +{ + int data = 33; + + p11_kit_pin_register_callback ("/the/pin_source", callback_one, + &data, destroy_data); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, + &data); + + assert_num_eq (34, data); +} + +static void +test_pin_read (void) +{ + P11KitUri *uri; + P11KitPin *pin; + int data = 33; + size_t length; + const unsigned char *ptr; + + p11_kit_pin_register_callback ("/the/pin_source", callback_one, + &data, destroy_data); + + uri = p11_kit_uri_new (); + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + p11_kit_uri_free (uri); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (3, length); + assert (memcmp (ptr, "one", 3) == 0); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, + &data); + + p11_kit_pin_unref (pin); +} + +static void +test_pin_read_no_match (void) +{ + P11KitUri *uri; + P11KitPin *pin; + + uri = p11_kit_uri_new (); + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + p11_kit_uri_free (uri); + + assert_ptr_eq (NULL, pin); +} + +static void +test_pin_register_duplicate (void) +{ + P11KitUri *uri; + P11KitPin *pin; + char *value = "secret"; + int data = 33; + size_t length; + const unsigned char *ptr; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback ("/the/pin_source", callback_one, + &data, destroy_data); + + p11_kit_pin_register_callback ("/the/pin_source", callback_other, + value, NULL); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (6, length); + assert (memcmp (ptr, "secret", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, + value); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (3, length); + assert (memcmp (ptr, "one", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_one, + &data); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_eq (NULL, pin); + + p11_kit_uri_free (uri); +} + +static void +test_pin_register_fallback (void) +{ + char *value = "secret"; + P11KitUri *uri; + P11KitPin *pin; + int data = 33; + size_t length; + const unsigned char *ptr; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, callback_one, + &data, destroy_data); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (3, length); + assert (memcmp (ptr, "one", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_register_callback ("/the/pin_source", callback_other, + value, NULL); + + pin = p11_kit_pin_request ("/the/pin_source", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (6, length); + assert (memcmp (ptr, "secret", length) == 0); + p11_kit_pin_unref (pin); + + p11_kit_pin_unregister_callback ("/the/pin_source", callback_other, + value); + + p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, callback_one, + &data); + + p11_kit_uri_free (uri); +} + +static void +test_pin_file (void) +{ + P11KitUri *uri; + P11KitPin *pin; + size_t length; + const unsigned char *ptr; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL, NULL); + + pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_not_null (pin); + ptr = p11_kit_pin_get_value (pin, &length); + assert_num_eq (12, length); + assert (memcmp (ptr, "yogabbagabba", length) == 0); + p11_kit_pin_unref (pin); + + pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/nonexistent", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + assert_ptr_eq (NULL, pin); + + p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL); + + p11_kit_uri_free (uri); +} + +static void +test_pin_file_large (void) +{ + P11KitUri *uri; + P11KitPin *pin; + int error; + + uri = p11_kit_uri_new (); + + p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL, NULL); + + pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile-large", uri, "The token", + P11_KIT_PIN_FLAGS_USER_LOGIN); + + error = errno; + assert_ptr_eq (NULL, pin); + assert_num_eq (EFBIG, error); + + p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback, + NULL); + + p11_kit_uri_free (uri); +} + +static void +test_pin_ref_unref (void) +{ + P11KitPin *pin; + P11KitPin *check; + + pin = p11_kit_pin_new_for_string ("crack of lies"); + + check = p11_kit_pin_ref (pin); + assert_ptr_eq (pin, check); + + p11_kit_pin_unref (pin); + p11_kit_pin_unref (check); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister"); + p11_test (test_pin_read, "/pin/test_pin_read"); + p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match"); + p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate"); + p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback"); + p11_test (test_pin_file, "/pin/test_pin_file"); + p11_test (test_pin_file_large, "/pin/test_pin_file_large"); + p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-progname.c b/p11-kit/test-progname.c new file mode 100644 index 0000000..76b136d --- /dev/null +++ b/p11-kit/test-progname.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2012 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "library.h" + +#include +#include +#include +#include + +#include "p11-kit/uri.h" +#include "p11-kit/p11-kit.h" +#include "p11-kit/private.h" + +static void +test_progname_default (void) +{ + const char *progname; + + progname = _p11_get_progname_unlocked (); + assert_str_eq ("test-progname", progname); +} + +static void +test_progname_set (void) +{ + const char *progname; + + p11_kit_set_progname ("love-generation"); + + progname = _p11_get_progname_unlocked (); + assert_str_eq ("love-generation", progname); + + _p11_set_progname_unlocked (NULL); + + progname = _p11_get_progname_unlocked (); + assert_str_eq ("test-progname", progname); +} + +/* Defined in util.c */ +extern char p11_my_progname[]; + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_test (test_progname_default, "/progname/test_progname_default"); + p11_test (test_progname_set, "/progname/test_progname_set"); + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-proxy.c b/p11-kit/test-proxy.c new file mode 100644 index 0000000..39ccb4d --- /dev/null +++ b/p11-kit/test-proxy.c @@ -0,0 +1,527 @@ +/* + * Copyright (c) 2013 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define CRYPTOKI_EXPORTS + +#include "config.h" +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "p11-kit.h" +#include "pkcs11.h" +#include "proxy.h" + +#include + +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +#include +#endif + +/* This is the proxy module entry point in proxy.c, and linked to this test */ +CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); + +static CK_SLOT_ID mock_slot_one_id; +static CK_SLOT_ID mock_slot_two_id; +static CK_ULONG mock_slots_present; +static CK_ULONG mock_slots_all; + +static void +test_initialize_finalize (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); +} + +static void +test_initialize_multiple (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); + + p11_proxy_module_cleanup (); +} + +#ifndef _WIN32 +static void +test_initialize_child (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_RV rv; + pid_t pid; + int st; + CK_SLOT_ID slots[32], last_slot; + CK_ULONG count, last_count; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize(NULL); + assert_num_eq (rv, CKR_OK); + + count = 32; + rv = proxy->C_GetSlotList (CK_FALSE, slots, &count); + assert_num_cmp (count, >=, 2); + last_slot = slots[count - 1]; + last_count = count; + + pid = fork (); + if (!pid) { + /* The PKCS#11 Usage Guide (v2.40) advocates in §2.5.2 that + * a child should call C_Initialize() after forking, and + * then immediately C_Finalize() if it's not going to do + * anything more with the PKCS#11 token. In a multi-threaded + * program this is a violation of the POSIX standard, which + * puts strict limits on what you're allowed to do between + * fork and an eventual exec or exit. But some things (like + * pkcs11-helper and thus OpenVPN) do it anyway, and we + * need to cope... */ + + /* https://bugs.freedesktop.org/show_bug.cgi?id=90289 reports + * a deadlock when this happens. Catch it with SIGALRM... */ + alarm(1); + + rv = proxy->C_Initialize(NULL); + assert_num_eq (rv, CKR_OK); + + rv = proxy->C_GetSlotList (CK_FALSE, slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_cmp (count, >=, 2); + + /* One of the module initializations should fail after + * fork (see mock-module-ep4.c) and the total number + * of slots should be less than last_count. */ + assert_num_cmp (count, <, last_count); + /* Check if the last valid slot ID is preserved */ + assert_num_eq (slots[count - 1], last_slot); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + _exit (0); + } + assert (pid != -1); + waitpid(pid, &st, 0); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); + + /* If the assertion fails, p11_kit_failed() doesn't return. So make + * sure we do all the cleanup before the (expected) failure, or it + * causes all the *later* tests to fail too! */ + if (!WIFEXITED (st) || WEXITSTATUS(st) != 0) + assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL); + +} +#endif + +struct { + char *directory; + const char *system_file; + const char *package_modules; + const char *system_modules; + const char *user_modules; +} test; + +extern const char *p11_config_system_file; +extern const char *p11_config_package_modules; +extern const char *p11_config_system_modules; +extern const char *p11_config_user_modules; + +static void +setup (void *unused) +{ + test.directory = p11_test_directory ("test-proxy"); + test.system_file = p11_config_system_file; + p11_config_system_file = SRCDIR "/p11-kit/fixtures/test-system-none.conf"; + test.package_modules = p11_config_package_modules; + test.system_modules = p11_config_system_modules; + test.user_modules = p11_config_user_modules; + + p11_config_package_modules = SRCDIR "/p11-kit/fixtures/nonexistent"; + p11_config_system_modules = test.directory; + p11_config_user_modules = SRCDIR "/p11-kit/fixtures/nonexistent"; +} + +static void +teardown (void *unused) +{ + p11_test_directory_delete (test.directory); + free (test.directory); + p11_config_system_file = test.system_file; + p11_config_package_modules = test.package_modules; + p11_config_system_modules = test.system_modules; + p11_config_user_modules = test.user_modules; +} + +#define ONE_MODULE "module: mock-one" SHLEXT "\n" +#define TWO_MODULE "module: mock-two" SHLEXT "\n" +#define ENABLED "enable-in: test-proxy, p11-kit-proxy\n" +#define DISABLED "disable-in: p11-kit-proxy\n" +#define ENABLED_PREFIX "enable-in: test-proxy-suffix, p11-kit-proxy-suffix, test-proxy, p11-kit-proxy\n" +#define EIGHT_MODULE "module: mock-eight" SHLEXT "\n" +#define NINE_MODULE "module: mock-nine" SHLEXT "\n" +#define TEN_MODULE "module: mock-ten" SHLEXT "\n" + +static CK_ULONG +load_modules_and_count_slots (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_ULONG count; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_GetSlotList (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); + + return count; +} + +static void +test_no_slot (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_ULONG count; + CK_SESSION_HANDLE session; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_GetSlotList (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (count, 0); + + /* 0x10 == MAPPING_OFFSET, defined in proxy.c */ + rv = proxy->C_OpenSession (0x10, CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_SLOT_ID_INVALID); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); +} + +static void +test_disable (void) +{ + CK_ULONG count, enabled, disabled; + + p11_test_file_write (test.directory, "one.module", ONE_MODULE, strlen (ONE_MODULE)); + p11_test_file_write (test.directory, "two.module", TWO_MODULE, strlen (TWO_MODULE)); + count = load_modules_and_count_slots (); + assert_num_cmp (count, >, 1); + + p11_test_file_write (test.directory, "one.module", ONE_MODULE ENABLED, strlen (ONE_MODULE ENABLED)); + p11_test_file_write (test.directory, "two.module", TWO_MODULE, strlen (TWO_MODULE)); + enabled = load_modules_and_count_slots (); + assert_num_eq (enabled, count); + + p11_test_file_write (test.directory, "one.module", ONE_MODULE, strlen (ONE_MODULE)); + p11_test_file_write (test.directory, "two.module", TWO_MODULE DISABLED, strlen (TWO_MODULE DISABLED)); + disabled = load_modules_and_count_slots (); + assert_num_cmp (disabled, <, count); + + p11_test_file_write (test.directory, "one.module", ONE_MODULE ENABLED_PREFIX, strlen (ONE_MODULE ENABLED_PREFIX)); + p11_test_file_write (test.directory, "two.module", TWO_MODULE, strlen (TWO_MODULE)); + enabled = load_modules_and_count_slots (); + assert_num_eq (enabled, count); + +} + +static void +test_slot_appear (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_ULONG count; + CK_RV rv; + + p11_test_file_write (test.directory, "eight.module", EIGHT_MODULE, strlen (EIGHT_MODULE)); + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_GetSlotList (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (count, 0); + + rv = proxy->C_GetSlotList (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (count, 1); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); +} + +static void +test_slot_event (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_SLOT_ID slot; + CK_SLOT_ID slots[32]; + CK_ULONG count; + CK_RV rv; + + p11_test_file_write (test.directory, "nine.module", NINE_MODULE, strlen (NINE_MODULE)); + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_GetSlotList (CK_FALSE, NULL, &count); + assert (rv == CKR_OK); + assert (count == 2); + + rv = proxy->C_GetSlotList (CK_FALSE, slots, &count); + assert (rv == CKR_OK); + assert (count == 2); + + slot = 0; + rv = proxy->C_WaitForSlotEvent (0, &slot, NULL); + assert_num_eq (rv, CKR_FUNCTION_NOT_SUPPORTED); + assert_num_eq (slot, 0); + + rv = proxy->C_WaitForSlotEvent (CKF_DONT_BLOCK, &slot, NULL); + assert_num_eq (rv, CKR_OK); + assert_num_eq (slot, slots[0]); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); +} + +static void +test_reuse_slots (void) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_SLOT_ID slots[32]; + CK_ULONG count = 32; + CK_RV rv; + + p11_test_file_write (test.directory, "ten.module", TEN_MODULE, strlen (TEN_MODULE)); + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + rv = proxy->C_GetSlotList (CK_FALSE, slots, &count); + assert (rv == CKR_OK); + assert_num_eq (count, 1); + + count = 32; + + rv = proxy->C_GetSlotList (CK_FALSE, slots, &count); + assert (rv == CKR_OK); + assert_num_eq (count, 2); + + /* Make sure the assigned slot IDs are different */ + assert_num_cmp (slots[0], !=, slots[1]); + + rv = proxy->C_Finalize (NULL); + assert_num_eq (rv, CKR_OK); + + p11_proxy_module_cleanup (); +} + +static CK_FUNCTION_LIST_PTR +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST_PTR proxy; + CK_SLOT_ID slots[32]; + CK_RV rv; + + rv = C_GetFunctionList (&proxy); + assert (rv == CKR_OK); + + assert (p11_proxy_module_check (proxy)); + + rv = proxy->C_Initialize (NULL); + assert (rv == CKR_OK); + + mock_slots_all = 32; + rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all); + assert (rv == CKR_OK); + assert_num_cmp (mock_slots_all, >=, 2); + + /* Assume this is the slot we want to deal with */ + mock_slot_one_id = slots[0]; + mock_slot_two_id = slots[1]; + + rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present); + assert (rv == CKR_OK); + assert (mock_slots_present > 1); + + if (session) { + rv = (proxy->C_OpenSession) (mock_slot_one_id, + CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return proxy; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST_PTR module) +{ + CK_RV rv; + + rv = module->C_Finalize (NULL); + assert (rv == CKR_OK); + + p11_proxy_module_cleanup (); +} + +/* + * We redefine the mock module slot id so that the tests in test-mock.c + * use the proxy mapped slot id rather than the hard coded one + */ +#define MOCK_SLOT_ONE_ID mock_slot_one_id +#define MOCK_SLOT_TWO_ID mock_slot_two_id +#define MOCK_SLOTS_PRESENT mock_slots_present +#define MOCK_SLOTS_ALL mock_slots_all +#define MOCK_INFO mock_info +#define MOCK_SKIP_WAIT_TEST + +static const CK_INFO mock_info = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + "PKCS#11 Kit ", + 0, + "PKCS#11 Kit Proxy Module ", + { 1, 1 } +}; + +/* Bring in all the mock module tests */ +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + p11_kit_be_quiet (); + p11_test (test_initialize_finalize, "/proxy/initialize-finalize"); + p11_test (test_initialize_multiple, "/proxy/initialize-multiple"); +#ifndef _WIN32 + p11_test (test_initialize_child, "/proxy/initialize-child"); +#endif + + p11_fixture (setup, teardown); + p11_test (test_disable, "/proxy/disable"); + p11_test (test_no_slot, "/proxy/no-slot"); + p11_test (test_slot_appear, "/proxy/slot-appear"); + p11_test (test_slot_event, "/proxy/slot-event"); + p11_test (test_reuse_slots, "/proxy/reuse-slots"); + + test_mock_add_tests ("/proxy"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-rpc.c b/p11-kit/test-rpc.c new file mode 100644 index 0000000..1a1f840 --- /dev/null +++ b/p11-kit/test-rpc.c @@ -0,0 +1,1409 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (C) 2012-2017 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "debug.h" +#include "library.h" +#include "message.h" +#include "mock.h" +#include "p11-kit.h" +#include "private.h" +#include "rpc.h" +#include "rpc-message.h" +#include "virtual.h" + +#include +#ifdef OS_UNIX +#include +#endif +#include +#include +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +#if SIZEOF_UNSIGNED_LONG == 8 +#define ULONG_VAL 0x0123456708ABCDEF +#elif SIZEOF_UNSIGNED_LONG == 4 +#define ULONG_VAL 0x01234567 +#else +#error "unsupported size of CK_ULONG" +#endif + +static void +test_new_free (void) +{ + p11_buffer *buf; + + buf = p11_rpc_buffer_new (0); + + assert_ptr_not_null (buf->data); + assert_num_eq (0, buf->len); + assert_num_eq (0, buf->flags); + assert (buf->size == 0); + assert_ptr_not_null (buf->ffree); + assert_ptr_not_null (buf->frealloc); + + p11_rpc_buffer_free (buf); +} + +static void +test_uint16 (void) +{ + p11_buffer buffer; + uint16_t val = UINT16_MAX; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + next = 0; + ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (UINT16_MAX, val); + + p11_buffer_reset (&buffer, 0); + + ret = p11_rpc_buffer_set_uint16 (&buffer, 0, 0x6789); + assert_num_eq (false, ret); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_uint16 (&buffer, 0x6789); + assert_num_eq (9, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (9, next); + assert_num_eq (0x6789, val); + + p11_buffer_uninit (&buffer); +} + +static void +test_uint16_static (void) +{ + p11_buffer buf = { (unsigned char *)"pad0\x67\x89", 6, }; + uint16_t val = UINT16_MAX; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_uint16 (&buf, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (6, next); + assert_num_eq (0x6789, val); +} + +static void +test_uint32 (void) +{ + p11_buffer buffer; + uint32_t val = UINT32_MAX; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + next = 0; + ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (UINT32_MAX, val); + + p11_buffer_reset (&buffer, 0); + + ret = p11_rpc_buffer_set_uint32 (&buffer, 0, 0x12345678); + assert_num_eq (false, ret); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_uint32 (&buffer, 0x12345678); + assert_num_eq (11, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (11, next); + assert_num_eq (0x12345678, val); + + p11_buffer_uninit (&buffer); +} + +static void +test_uint32_static (void) +{ + p11_buffer buf = { (unsigned char *)"pad0\x23\x45\x67\x89", 8, }; + uint32_t val = UINT32_MAX; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_uint32 (&buf, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (8, next); + assert_num_eq (0x23456789, val); +} + +static void +test_uint64 (void) +{ + p11_buffer buffer; + uint64_t val = UINT64_MAX; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + next = 0; + ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); + assert_num_eq (0, ret); + assert_num_eq (0, next); + assert (UINT64_MAX == val); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_uint64 (&buffer, 0x0123456708ABCDEFull); + assert_num_eq (15, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (15, next); + assert (0x0123456708ABCDEFull == val); + + p11_buffer_uninit (&buffer); +} + +static void +test_uint64_static (void) +{ + p11_buffer buf = { (unsigned char *)"pad0\x89\x67\x45\x23\x11\x22\x33\x44", 12, }; + uint64_t val = UINT64_MAX; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_uint64 (&buf, &next, &val); + assert_num_eq (true, ret); + assert_num_eq (12, next); + assert (0x8967452311223344ull == val); +} + +static void +test_byte_array (void) +{ + p11_buffer buffer; + unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; + + const unsigned char *val; + size_t length = ~0; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + /* Invalid read */ + + next = 0; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (~0, length); + + /* Test full array */ + + p11_buffer_reset (&buffer, 0); + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_byte_array (&buffer, bytes, 32); + assert_num_eq (43, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (true, ret); + assert_num_eq (43, next); + assert_num_eq (32, length); + assert (memcmp (val, bytes, 32) == 0); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_null (void) +{ + p11_buffer buffer; + const unsigned char *val; + size_t length = ~0; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_buffer_reset (&buffer, 0); + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + p11_rpc_buffer_add_byte_array (&buffer, NULL, 0); + assert_num_eq (11, buffer.len); + assert (!p11_buffer_failed (&buffer)); + + next = 7; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (true, ret); + assert_num_eq (11, next); + assert_num_eq (0, length); + assert_ptr_eq (NULL, (void*)val); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_too_long (void) +{ + p11_buffer buffer; + const unsigned char *val = NULL; + size_t length = ~0; + size_t next; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_buffer_reset (&buffer, 0); + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + assert (!p11_buffer_failed (&buffer)); + + /* Passing a too short buffer here shouldn't matter, as length is checked for sanity */ + p11_rpc_buffer_add_byte_array (&buffer, (unsigned char *)"", 0x9fffffff); + assert (p11_buffer_failed (&buffer)); + + /* Force write a too long byte arary to buffer */ + p11_buffer_reset (&buffer, 0); + p11_rpc_buffer_add_uint32 (&buffer, 0x9fffffff); + + next = 0; + ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length); + assert_num_eq (false, ret); + assert_num_eq (0, next); + assert_num_eq (~0, length); + assert_ptr_eq (NULL, (void*)val); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_static (void) +{ + unsigned char data[] = { 'p', 'a', 'd', 0x00, 0x00, 0x00, 0x00, 0x20, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; + p11_buffer buf = { data, 0x40, }; + const unsigned char *val; + size_t length = ~0; + size_t next; + bool ret; + + next = 4; + ret = p11_rpc_buffer_get_byte_array (&buf, &next, &val, &length); + assert_num_eq (true, ret); + assert_num_eq (40, next); + assert_num_eq (32, length); + assert (memcmp (data + 8, val, 32) == 0); +} + +static void +test_byte_value (void) +{ + p11_buffer buffer; + unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; + + char val[16]; + size_t offset = 0; + CK_ULONG val_size; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_rpc_buffer_add_byte_value (&buffer, bytes, sizeof(bytes)); + assert (p11_buffer_failed (&buffer)); + + p11_buffer_reset (&buffer, 0); + + p11_rpc_buffer_add_byte_value (&buffer, bytes, 1); + assert (!p11_buffer_failed (&buffer)); + + ret = p11_rpc_buffer_get_byte_value (&buffer, &offset, val, &val_size); + assert_num_eq (true, ret); + + assert_num_eq (bytes[0], val[0]); + + /* Read out of bound */ + ret = p11_rpc_buffer_get_byte_value (&buffer, &offset, val, &val_size); + assert_num_eq (false, ret); + + p11_buffer_uninit (&buffer); +} + +static void +test_ulong_value (void) +{ + p11_buffer buffer; + p11_buffer buf = { (unsigned char *)"pad0\x00\x00\x00\x00\x23\x45\x67\x89", 12, }; + CK_ULONG val = ULONG_MAX; + size_t offset = 0; + CK_ULONG val_size; + bool ret; + + offset = 4; + ret = p11_rpc_buffer_get_ulong_value (&buf, &offset, &val, &val_size); + assert_num_eq (true, ret); + assert_num_eq (12, offset); + assert_num_eq (sizeof(val), val_size); + assert_num_eq (0x23456789, val); + + p11_buffer_init (&buffer, 0); + + val = ULONG_MAX; + offset = 0; + val_size = SIZEOF_UNSIGNED_LONG; + ret = p11_rpc_buffer_get_ulong_value (&buffer, &offset, &val, &val_size); + assert_num_eq (0, ret); + assert_num_eq (0, offset); + assert_num_eq (SIZEOF_UNSIGNED_LONG, val_size); + assert_num_eq (ULONG_MAX, val); + + p11_buffer_reset (&buffer, 0); + + p11_buffer_add (&buffer, (unsigned char *)"padding", 7); + + val = ULONG_VAL; + p11_rpc_buffer_add_ulong_value (&buffer, &val, SIZEOF_UNSIGNED_LONG); + assert (!p11_buffer_failed (&buffer)); + /* The value is always stored as 64-bit integer */ + assert_num_eq (7 + 8, buffer.len); + + val = ULONG_MAX; + offset = 7; + ret = p11_rpc_buffer_get_ulong_value (&buffer, &offset, &val, &val_size); + assert_num_eq (true, ret); + /* The value is always stored as 64-bit integer */ + assert_num_eq (7 + 8, offset); + assert_num_eq (ULONG_VAL, *(CK_ULONG *)&val); + + /* Read out of bound */ + val = ULONG_MAX; + ret = p11_rpc_buffer_get_ulong_value (&buffer, &offset, &val, &val_size); + assert_num_eq (false, ret); + + p11_buffer_uninit (&buffer); +} + +static void +test_attribute_array_value (void) +{ + p11_buffer buffer; + CK_BBOOL truev = CK_TRUE; + char labelv[] = "label"; + CK_ATTRIBUTE attrs[] = { + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_LABEL, labelv, sizeof (labelv) } + }; + CK_BBOOL boolv = CK_FALSE; + char strv[] = "\0\0\0\0\0"; + CK_ATTRIBUTE val[] = { + { CKA_MODIFIABLE, &boolv, sizeof (boolv) }, + { CKA_LABEL, strv, sizeof (strv) } + }; + CK_ULONG val_size; + size_t offset = 0, offset2; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_rpc_buffer_add_attribute_array_value(&buffer, attrs, sizeof(attrs)); + assert (!p11_buffer_failed (&buffer)); + + offset2 = offset; + ret = p11_rpc_buffer_get_attribute_array_value(&buffer, &offset, NULL, &val_size); + assert_num_eq (true, ret); + + offset = offset2; + ret = p11_rpc_buffer_get_attribute_array_value(&buffer, &offset, val, &val_size); + assert_num_eq (true, ret); + assert_num_eq (val[0].type, CKA_MODIFIABLE); + assert_num_eq (*(CK_BBOOL *)val[0].pValue, CK_TRUE); + assert_num_eq (val[0].ulValueLen, sizeof (truev)); + assert_num_eq (val[1].type, CKA_LABEL); + assert_str_eq (val[1].pValue, "label"); + assert_num_eq (val[1].ulValueLen, sizeof (labelv)); + + p11_buffer_uninit (&buffer); +} + +static void +test_mechanism_type_array_value (void) +{ + p11_buffer buffer; + CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_DSA, CKM_SHA256_RSA_PKCS }; + CK_MECHANISM_TYPE val[3]; + CK_ULONG val_size; + size_t offset = 0, offset2; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_rpc_buffer_add_mechanism_type_array_value(&buffer, mechs, sizeof(mechs)); + assert (!p11_buffer_failed (&buffer)); + + offset2 = offset; + ret = p11_rpc_buffer_get_mechanism_type_array_value(&buffer, &offset, NULL, &val_size); + assert_num_eq (true, ret); + + offset = offset2; + ret = p11_rpc_buffer_get_mechanism_type_array_value(&buffer, &offset, val, &val_size); + assert_num_eq (true, ret); + assert_num_eq (val[0], CKM_RSA_PKCS); + assert_num_eq (val[1], CKM_DSA); + assert_num_eq (val[2], CKM_SHA256_RSA_PKCS); + + p11_buffer_uninit (&buffer); +} + +static void +test_date_value (void) +{ + p11_buffer buffer; + CK_DATE date, val; + size_t offset = 0; + CK_ULONG val_size; + bool ret; + + memcpy (date.year, "2017", 4); + memcpy (date.month, "05", 2); + memcpy (date.day, "16", 2); + + p11_buffer_init (&buffer, 0); + + p11_rpc_buffer_add_date_value(&buffer, &date, sizeof(date)); + assert (!p11_buffer_failed (&buffer)); + + ret = p11_rpc_buffer_get_date_value(&buffer, &offset, &val, &val_size); + assert_num_eq (true, ret); + + assert (memcmp (val.year, date.year, 4) == 0); + assert (memcmp (val.month, date.month, 2) == 0); + assert (memcmp (val.day, date.day, 2) == 0); + + p11_buffer_uninit (&buffer); +} + +static void +test_date_value_empty (void) +{ + p11_buffer buffer; + CK_DATE val; + size_t offset = 0; + CK_ULONG val_size; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_rpc_buffer_add_date_value(&buffer, NULL, 0); + assert (!p11_buffer_failed (&buffer)); + + ret = p11_rpc_buffer_get_date_value(&buffer, &offset, &val, &val_size); + assert_num_eq (true, ret); + + assert_num_eq (0, val_size); + + p11_buffer_uninit (&buffer); +} + +static void +test_byte_array_value (void) +{ + p11_buffer buffer; + unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; + + unsigned char val[32]; + size_t offset = 0; + CK_ULONG val_size; + bool ret; + + p11_buffer_init (&buffer, 0); + + p11_rpc_buffer_add_byte_array_value(&buffer, bytes, sizeof(bytes)); + assert (!p11_buffer_failed (&buffer)); + + ret = p11_rpc_buffer_get_byte_array_value(&buffer, &offset, val, &val_size); + assert_num_eq (true, ret); + + assert_num_eq (bytes[0], val[0]); + + p11_buffer_uninit (&buffer); +} + +static void +test_mechanism_value (void) +{ + p11_buffer buffer; + CK_MECHANISM_TYPE *mechanisms; + CK_RSA_PKCS_PSS_PARAMS pss_params = { + CKM_SHA256, + CKG_MGF1_SHA256, + 32 + }; + CK_RSA_PKCS_OAEP_PARAMS oaep_params = { + CKM_SHA384, + CKG_MGF1_SHA384, + 0, + NULL, + 0 + }; + CK_MECHANISM mechs[] = { + { CKM_RSA_PKCS_PSS, &pss_params, sizeof (pss_params) }, + { CKM_RSA_PKCS_OAEP, &oaep_params, sizeof (oaep_params) } + }; + + CK_MECHANISM val; + size_t offset = 0; + bool ret; + size_t i; + + mechanisms = p11_rpc_mechanisms_override_supported; + p11_rpc_mechanisms_override_supported = NULL; + + p11_buffer_init (&buffer, 0); + + for (i = 0; i < ELEMS (mechs); i++) { + size_t offset2 = offset; + + p11_rpc_buffer_add_mechanism (&buffer, &mechs[i]); + assert (!p11_buffer_failed (&buffer)); + + memset (&val, 0, sizeof (val)); + ret = p11_rpc_buffer_get_mechanism (&buffer, &offset, &val); + assert_num_eq (true, ret); + assert_num_eq (mechs[i].mechanism, val.mechanism); + assert_ptr_eq (NULL, val.pParameter); + assert_num_eq (mechs[i].ulParameterLen, val.ulParameterLen); + + val.pParameter = malloc (val.ulParameterLen); + assert_ptr_not_null (val.pParameter); + + offset = offset2; + ret = p11_rpc_buffer_get_mechanism (&buffer, &offset, &val); + assert_num_eq (true, ret); + assert_num_eq (mechs[i].mechanism, val.mechanism); + assert_num_eq (mechs[i].ulParameterLen, val.ulParameterLen); + assert (memcmp (val.pParameter, mechs[i].pParameter, val.ulParameterLen) == 0); + + free (val.pParameter); + } + + p11_buffer_uninit (&buffer); + + p11_rpc_mechanisms_override_supported = mechanisms; +} + +static void +test_message_write (void) +{ + p11_rpc_message msg; + p11_buffer buffer; + CK_BBOOL truev = CK_TRUE; + CK_ULONG zerov = (CK_ULONG)0; + char labelv[] = "label"; + CK_ATTRIBUTE attrs[] = { + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_LABEL, labelv, sizeof (labelv) }, + /* These are cases when C_GetAttributeValue is called + * to obtain the length */ + { CKA_COPYABLE, NULL, sizeof (truev) }, + { CKA_BITS_PER_PIXEL, NULL, sizeof (zerov) } + }; + bool ret; + + ret = p11_buffer_init (&buffer, 0); + assert_num_eq (true, ret); + p11_rpc_message_init (&msg, &buffer, &buffer); + ret = p11_rpc_message_write_attribute_array (&msg, attrs, ELEMS(attrs)); + assert_num_eq (true, ret); + p11_rpc_message_clear (&msg); + p11_buffer_uninit (&buffer); +} + +static p11_virtual base; +static unsigned int rpc_initialized = 0; + +static CK_RV +rpc_initialize (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (p11_forkid, !=, rpc_initialized); + rpc_initialized = p11_forkid; + + return CKR_OK; +} + +static CK_RV +rpc_initialize_fails (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (p11_forkid, !=, rpc_initialized); + return CKR_FUNCTION_FAILED; +} + +static CK_RV +rpc_initialize_device_removed (p11_rpc_client_vtable *vtable, + void *init_reserved) +{ + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (p11_forkid, !=, rpc_initialized); + return CKR_DEVICE_REMOVED; +} + +static CK_RV +rpc_transport (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + bool ret; + + assert_str_eq (vtable->data, "vtable-data"); + + /* Just pass directly to the server code */ + ret = p11_rpc_server_handle (&base.funcs, request, response); + assert (ret == true); + + return CKR_OK; +} + +static void +rpc_finalize (p11_rpc_client_vtable *vtable, + void *fini_reserved) +{ + assert_str_eq (vtable->data, "vtable-data"); + assert_num_cmp (p11_forkid, ==, rpc_initialized); + rpc_initialized = 0; +} + +static void +test_initialize (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL); + assert (rv == CKR_OK); + assert_num_eq (p11_forkid, rpc_initialized); + + rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL); + assert (rv == CKR_OK); + assert_num_cmp (p11_forkid, !=, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static void +test_not_initialized (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_virtual mixin; + CK_INFO info; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_GetInfo) (&mixin.funcs, &info); + assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); + + p11_virtual_uninit (&mixin); +} + +static void +test_initialize_fails_on_client (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_FUNCTION_FAILED); + assert_num_eq (0, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_fails (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + return CKR_FUNCTION_REJECTED; +} + +static void +test_transport_fails (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_FUNCTION_REJECTED); + assert_num_eq (0, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static void +test_initialize_fails_on_server (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + base.funcs.C_Initialize = mock_X_Initialize__fails; + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_FUNCTION_FAILED); + assert_num_eq (0, rpc_initialized); + + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_bad_parse (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + assert_str_eq (vtable->data, "vtable-data"); + + /* Just zero bytes is an invalid message */ + rc = p11_buffer_reset (response, 2); + assert (rc >= 0); + + memset (response->data, 0, 2); + response->len = 2; + return CKR_OK; +} + +static void +test_transport_bad_parse (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + rpc_initialized = 0; + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_short_error (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ + 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ + 0x00, 0x01, /* short error */ + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_short_error (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_invalid_error (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */ + 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */ + 0x00, 0x00, 0x00, 0x00, /* a CKR_OK error*/ + 0x00, 0x00, 0x00, 0x00, + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_invalid_error (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_wrong_response (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_Finalize */ + 0x00, 0x00, 0x00, 0x00, /* signature '' */ + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_wrong_response (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static CK_RV +rpc_transport_bad_contents (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) +{ + int rc; + + unsigned char data[] = { + 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_GetInfo */ + 0x00, 0x00, 0x00, 0x05, /* signature 'vsusv' */ + 'v', 's', 'u', 's', 'v', + 0x00, 0x00, 0x00, 0x00, /* invalid data */ + }; + + assert_str_eq (vtable->data, "vtable-data"); + + rc = p11_buffer_reset (response, sizeof (data)); + assert (rc >= 0); + memcpy (response->data, data, sizeof (data)); + response->len = sizeof (data); + return CKR_OK; +} + +static void +test_transport_bad_contents (void) +{ + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; + p11_virtual mixin; + bool ret; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + + ret = p11_rpc_client_init (&mixin, &vtable); + assert_num_eq (true, ret); + + p11_kit_be_quiet (); + + rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL); + assert (rv == CKR_DEVICE_ERROR); + assert_num_eq (0, rpc_initialized); + + p11_message_loud (); + p11_virtual_uninit (&mixin); +} + +static p11_rpc_client_vtable test_normal_vtable = { + NULL, + rpc_initialize, + rpc_transport, + rpc_finalize, +}; + +static p11_rpc_client_vtable test_device_removed_vtable = { + NULL, + rpc_initialize_device_removed, + rpc_transport, + rpc_finalize, +}; + +static void +mixin_free (void *data) +{ + p11_virtual *mixin = data; + p11_virtual_uninit (mixin); + free (mixin); +} + +static CK_FUNCTION_LIST_PTR +setup_test_rpc_module (p11_rpc_client_vtable *vtable, + CK_FUNCTION_LIST *module_template, + CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST *rpc_module; + p11_virtual *mixin; + CK_RV rv; + + /* Build up our own function list */ + p11_virtual_init (&base, &p11_virtual_base, module_template, NULL); + + mixin = calloc (1, sizeof (p11_virtual)); + assert (mixin != NULL); + + vtable->data = "vtable-data"; + if (!p11_rpc_client_init (mixin, vtable)) + assert_not_reached (); + + rpc_module = p11_virtual_wrap (mixin, mixin_free); + assert_ptr_not_null (rpc_module); + + rv = p11_kit_module_initialize (rpc_module); + assert (rv == CKR_OK); + + if (session) { + rv = (rpc_module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + return rpc_module; +} + +static CK_FUNCTION_LIST * +setup_mock_module (CK_SESSION_HANDLE *session) +{ + return setup_test_rpc_module (&test_normal_vtable, &mock_module, session); +} + +static void +teardown_mock_module (CK_FUNCTION_LIST *rpc_module) +{ + p11_kit_module_finalize (rpc_module); + p11_virtual_unwrap (rpc_module); +} + +static void +test_get_info_stand_in (void) +{ + CK_FUNCTION_LIST_PTR rpc_module; + CK_INFO info; + CK_RV rv; + char *string; + + rpc_module = setup_test_rpc_module (&test_device_removed_vtable, + &mock_module_no_slots, NULL); + + rv = (rpc_module->C_GetInfo) (&info); + assert (rv == CKR_OK); + + assert_num_eq (CRYPTOKI_VERSION_MAJOR, info.cryptokiVersion.major); + assert_num_eq (CRYPTOKI_VERSION_MINOR, info.cryptokiVersion.minor); + string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID)); + assert_str_eq ("p11-kit", string); + free (string); + string = p11_kit_space_strdup (info.libraryDescription, sizeof (info.libraryDescription)); + assert_str_eq ("p11-kit (no connection)", string); + free (string); + assert_num_eq (0, info.flags); + assert_num_eq (1, info.libraryVersion.major); + assert_num_eq (1, info.libraryVersion.minor); + + teardown_mock_module (rpc_module); +} + +static void +test_get_slot_list_no_device (void) +{ + CK_FUNCTION_LIST_PTR rpc_module; + CK_SLOT_ID slot_list[8]; + CK_ULONG count; + CK_RV rv; + + rpc_module = setup_test_rpc_module (&test_device_removed_vtable, + &mock_module_no_slots, NULL); + + rv = (rpc_module->C_GetSlotList) (CK_TRUE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + rv = (rpc_module->C_GetSlotList) (CK_FALSE, NULL, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + + count = 8; + rv = (rpc_module->C_GetSlotList) (CK_TRUE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + + count = 8; + rv = (rpc_module->C_GetSlotList) (CK_FALSE, slot_list, &count); + assert (rv == CKR_OK); + assert_num_eq (0, count); + + teardown_mock_module (rpc_module); +} + +static void * +invoke_in_thread (void *arg) +{ + CK_FUNCTION_LIST *rpc_module = arg; + CK_INFO info; + CK_RV rv; + + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (rv, CKR_OK); + + assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, + sizeof (info.manufacturerID)) == 0); + + return NULL; +} + +static p11_mutex_t delay_mutex; + +static CK_RV +delayed_C_GetInfo (CK_INFO_PTR info) +{ + CK_RV rv; + + p11_sleep_ms (rand () % 100); + + p11_mutex_lock (&delay_mutex); + rv = mock_C_GetInfo (info); + p11_mutex_unlock (&delay_mutex); + + return rv; +} + +static void +test_simultaneous_functions (void) +{ + CK_FUNCTION_LIST real_module; + CK_FUNCTION_LIST *rpc_module; + const int num_threads = 128; + p11_thread_t threads[num_threads]; + int i, ret; + + p11_mutex_init (&delay_mutex); + + memcpy (&real_module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST)); + real_module.C_GetInfo = delayed_C_GetInfo; + + rpc_module = setup_test_rpc_module (&test_normal_vtable, + &real_module, NULL); + + /* Make the invoked function (above) wait */ + p11_mutex_lock (&delay_mutex); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (threads + i, invoke_in_thread, rpc_module); + assert_num_eq (0, ret); + } + + /* Let the invoked functions return */ + p11_mutex_unlock (&delay_mutex); + + for (i = 0; i < num_threads; i++) + p11_thread_join (threads[i]); + + teardown_mock_module (rpc_module); + p11_mutex_uninit (&delay_mutex); +} + +#ifdef OS_UNIX + +static void +test_fork_and_reinitialize (void) +{ + CK_FUNCTION_LIST *rpc_module; + CK_INFO info; + int status; + CK_RV rv; + pid_t pid; + int i; + + rpc_module = setup_test_rpc_module (&test_normal_vtable, + &mock_module_no_slots, NULL); + + pid = fork (); + assert_num_cmp (pid, >=, 0); + + /* The child */ + if (pid == 0) { + rv = (rpc_module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + for (i = 0; i < 32; i++) { + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + rv = (rpc_module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + _exit (66); + } + + for (i = 0; i < 128; i++) { + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + assert_num_eq (waitpid (pid, &status, 0), pid); + assert_num_eq (WEXITSTATUS (status), 66); + + teardown_mock_module (rpc_module); +} + +#endif /* OS_UNIX */ + +#include "test-mock.c" + +int +main (int argc, + char *argv[]) +{ + CK_MECHANISM_TYPE mechanisms[] = { + CKM_MOCK_CAPITALIZE, + CKM_MOCK_PREFIX, + CKM_MOCK_GENERATE, + CKM_MOCK_WRAP, + CKM_MOCK_DERIVE, + CKM_MOCK_COUNT, + 0, + }; + + mock_module_init (); + p11_library_init (); + + /* Override the mechanisms that the RPC mechanism will handle */ + p11_rpc_mechanisms_override_supported = mechanisms; + + p11_test (test_new_free, "/rpc/new-free"); + p11_test (test_uint16, "/rpc/uint16"); + p11_test (test_uint16_static, "/rpc/uint16-static"); + p11_test (test_uint32, "/rpc/uint32"); + p11_test (test_uint32_static, "/rpc/uint32-static"); + p11_test (test_uint64, "/rpc/uint64"); + p11_test (test_uint64_static, "/rpc/uint64-static"); + p11_test (test_byte_array, "/rpc/byte-array"); + p11_test (test_byte_array_null, "/rpc/byte-array-null"); + p11_test (test_byte_array_too_long, "/rpc/byte-array-too-long"); + p11_test (test_byte_array_static, "/rpc/byte-array-static"); + p11_test (test_byte_value, "/rpc/byte-value"); + p11_test (test_ulong_value, "/rpc/ulong-value"); + p11_test (test_attribute_array_value, "/rpc/attribute-array-value"); + p11_test (test_mechanism_type_array_value, "/rpc/mechanism-type-array-value"); + p11_test (test_date_value, "/rpc/date-value"); + p11_test (test_date_value_empty, "/rpc/date-value-empty"); + p11_test (test_byte_array_value, "/rpc/byte-array-value"); + p11_test (test_mechanism_value, "/rpc/mechanism-value"); + p11_test (test_message_write, "/rpc/message-write"); + + p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client"); + p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server"); + p11_test (test_initialize, "/rpc/initialize"); + p11_test (test_not_initialized, "/rpc/not-initialized"); + p11_test (test_transport_fails, "/rpc/transport-fails"); + p11_test (test_transport_bad_parse, "/rpc/transport-bad-parse"); + p11_test (test_transport_short_error, "/rpc/transport-short-error"); + p11_test (test_transport_invalid_error, "/rpc/transport-invalid-error"); + p11_test (test_transport_wrong_response, "/rpc/transport-wrong-response"); + p11_test (test_transport_bad_contents, "/rpc/transport-bad-contents"); + p11_test (test_get_info_stand_in, "/rpc/get-info-stand-in"); + p11_test (test_get_slot_list_no_device, "/rpc/get-slot-list-no-device"); + p11_test (test_simultaneous_functions, "/rpc/simultaneous-functions"); + +#ifdef OS_UNIX + p11_test (test_fork_and_reinitialize, "/rpc/fork-and-reinitialize"); +#endif + + test_mock_add_tests ("/rpc"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-server.c b/p11-kit/test-server.c new file mode 100644 index 0000000..a1fbcb7 --- /dev/null +++ b/p11-kit/test-server.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) 2018 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" +#include "test.h" + +#include "array.h" +#include "dict.h" +#include "library.h" +#include "filter.h" +#include "mock.h" +#include "modules.h" +#include "p11-kit.h" +#include "remote.h" +#include "virtual.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct { + char *directory; + char *socket_path; + pid_t pid; +} test; + +struct fixture { + char *provider; + char *token; + int slots; +}; + +static void +setup_server (void *arg) +{ + struct fixture *fixture = arg; + p11_array *args; + char *address; + int fds[2]; + struct pollfd pfd; + int ret; + const char *envvar; + char *path; + + args = p11_array_new (NULL); + if (!p11_array_push (args, "p11-kit-server-testable")) + assert_not_reached (); + if (!p11_array_push (args, "-f")) + assert_not_reached (); + if (fixture->provider) { + if (!p11_array_push (args, "--provider")) + assert_not_reached (); + if (!p11_array_push (args, fixture->provider)) + assert_not_reached (); + } + + test.directory = p11_test_directory ("p11-test-server"); + if (asprintf (&path, "%s/p11-kit", test.directory) < 0) + assert_not_reached (); + if (mkdir (path, 0700) < 0) + assert_not_reached (); + if (asprintf (&test.socket_path, "%s/pkcs11", path) < 0) + assert_not_reached (); + free (path); + unlink (test.socket_path); + + ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fds); + assert_num_cmp (-1, !=, ret); + + setenv ("P11_KIT_PRIVATEDIR", BUILDDIR "/p11-kit", 1); + + /* Allow the child process to preload libasan.so */ + envvar = secure_getenv ("P11_KIT_TEST_LD_PRELOAD"); + if (envvar) + setenv ("LD_PRELOAD", envvar, 1); + + if (!p11_array_push (args, "-n")) + assert_not_reached (); + if (!p11_array_push (args, test.socket_path)) + assert_not_reached (); + if (!p11_array_push (args, fixture->token)) + assert_not_reached (); + if (!p11_array_push (args, NULL)) + assert_not_reached (); + + test.pid = fork (); + assert (test.pid >= 0); + + /* The child */ + if (test.pid == 0) { + close (STDOUT_FILENO); + if (dup2 (fds[0], STDOUT_FILENO) == -1) + assert_not_reached (); + if (execv (BUILDDIR "/p11-kit/p11-kit-server-testable", (char **)args->elem) == -1) + assert_not_reached (); + p11_array_free (args); + _exit (0); + } + + p11_array_free (args); + memset (&pfd, 0, sizeof (struct pollfd)); + pfd.fd = fds[1]; + pfd.events = POLLIN | POLLHUP | POLLERR; + ret = poll (&pfd, 1, 10000); + assert_num_cmp (-1, !=, ret); + + close (fds[0]); + close (fds[1]); + + if (asprintf (&address, "unix:path=%s", test.socket_path) < 0) + assert_not_reached (); + setenv ("P11_KIT_SERVER_ADDRESS", address, 1); + free (address); +} + +static void +teardown_server (void *unused) +{ + int status; + kill (test.pid, SIGKILL); + waitpid (test.pid, &status, 0); + + p11_test_directory_delete (test.directory); + free (test.directory); + free (test.socket_path); +} + +static void +test_initialize (void *unused) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + module = p11_kit_module_load (P11_MODULE_PATH "/p11-kit-client" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + +static void +test_initialize_no_address (void *unused) +{ + CK_FUNCTION_LIST_PTR module; + CK_RV rv; + + unsetenv ("P11_KIT_SERVER_ADDRESS"); + setenv ("XDG_RUNTIME_DIR", test.directory, 1); + + module = p11_kit_module_load (P11_MODULE_PATH "/p11-kit-client" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + +static void +test_open_session (void *arg) +{ + struct fixture *fixture = arg; + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slots[32]; + CK_ULONG count; + CK_RV rv; + + module = p11_kit_module_load (P11_MODULE_PATH "/p11-kit-client" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + count = 32; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert_num_eq (fixture->slots, count); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = module->C_CloseSession (session); + assert (rv == CKR_OK); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + +static void +test_open_session_write_protected (void *unused) +{ + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slots[32]; + CK_ULONG count; + CK_RV rv; + + module = p11_kit_module_load (P11_MODULE_PATH "/p11-kit-client" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + count = 32; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert_num_eq (1, count); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert (rv == CKR_TOKEN_WRITE_PROTECTED); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + +int +main (int argc, + char *argv[]) +{ + struct fixture with_provider = { + P11_MODULE_PATH "/mock-one" SHLEXT, + "pkcs11:", + 1 + }; + struct fixture without_provider = { + NULL, + "pkcs11:", + 3 + }; + struct fixture write_protected = { + P11_MODULE_PATH "/mock-one" SHLEXT, + "pkcs11:?write-protected=yes", + 1 + }; + + p11_library_init (); + mock_module_init (); + + p11_fixture (setup_server, teardown_server); + p11_testx (test_initialize, (void *)&with_provider, "/server/initialize"); + p11_testx (test_initialize_no_address, (void *)&with_provider, "/server/initialize-no-address"); + p11_testx (test_open_session, (void *)&with_provider, "/server/open-session"); + p11_testx (test_open_session_write_protected, (void *)&write_protected, "/server/open-session-write-protected"); + + p11_testx (test_initialize, (void *)&without_provider, "/server/all/initialize"); + p11_testx (test_initialize_no_address, (void *)&without_provider, "/server/all/initialize-no-address"); + p11_testx (test_open_session, (void *)&without_provider, "/server/all/open-session"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-server.sh b/p11-kit/test-server.sh new file mode 100755 index 0000000..b6b8227 --- /dev/null +++ b/p11-kit/test-server.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +set -e + +: ${P11_MODULE_PATH="$abs_top_builddir"/.libs} + +testdir=`mktemp -d -t test-server.XXXXXX` +if test $? -ne 0; then + echo "cannot create temporary directory" >&2 + exit 77 +fi + +cleanup () { + rm -rf "$testdir" +} +trap cleanup 0 + +cd "$testdir" + +unset P11_KIT_SERVER_ADDRESS +unset P11_KIT_SERVER_PID + +XDG_RUNTIME_DIR="$testdir" +export XDG_RUNTIME_DIR + +echo 1..4 + +"$abs_top_builddir"/p11-kit/p11-kit-server -s --provider "$P11_MODULE_PATH"/mock-one.so pkcs11: > start.env 2> start.err +if test $? -eq 0; then + echo "ok 1 /server/start" +else + echo "not ok 1 /server/start" + sed 's/^/# /' start.err + exit 1 +fi + +. ./start.env + +if test "${P11_KIT_SERVER_ADDRESS+set}" = "set" -a "${P11_KIT_SERVER_PID+set}" = "set"; then + echo "ok 2 /server/start-env" +else + echo "not ok 2 /server/start-env" + exit 1 +fi + +"$abs_top_builddir"/p11-kit/p11-kit-server -s -k > stop.env 2> stop.err +if test $? -eq 0; then + echo "ok 3 /server/stop" +else + echo "not ok 3 /server/stop" + sed 's/^/# /' stop.err + exit 1 +fi + +. ./stop.env + +if test "${P11_KIT_SERVER_ADDRESS-unset}" = "unset" -a "${P11_KIT_SERVER_PID-unset}" = "unset"; then + echo "ok 4 /server/stop-env" +else + echo "not ok 4 /server/stop-env" + exit 1 +fi diff --git a/p11-kit/test-transport.c b/p11-kit/test-transport.c new file mode 100644 index 0000000..b451ace --- /dev/null +++ b/p11-kit/test-transport.c @@ -0,0 +1,448 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012-2017 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "path.h" +#include "private.h" + +#include "p11-kit.h" +#include "rpc.h" + +#include +#include +#include +#ifdef OS_UNIX +#include +#include +#include +#endif +#include +#include + +struct { + char *directory; + char *user_config; + char *user_modules; +#ifdef OS_UNIX + pid_t pid; +#endif +} test; + +static void +setup_remote (void *unused) +{ + const char *data; + + test.directory = p11_test_directory ("p11-test-transport"); + test.user_modules = p11_path_build (test.directory, "modules", NULL); +#ifdef OS_UNIX + if (mkdir (test.user_modules, 0700) < 0) +#else + if (mkdir (test.user_modules) < 0) +#endif + assert_not_reached (); + + data = "user-config: only\n"; + test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); + p11_test_file_write (NULL, test.user_config, data, strlen (data)); + + setenv ("P11_KIT_PRIVATEDIR", BUILDDIR "/p11-kit", 1); + data = "remote: |" BUILDDIR "/p11-kit/p11-kit" EXEEXT " remote " P11_MODULE_PATH "/mock-two" SHLEXT "\n"; + p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); + data = "remote: |" BUILDDIR "/p11-kit/p11-kit" EXEEXT " remote " P11_MODULE_PATH "/mock-five" SHLEXT "\nx-init-reserved: initialize-arg"; + p11_test_file_write (test.user_modules, "init-arg.module", data, strlen (data)); + + p11_kit_override_system_files (NULL, test.user_config, + NULL, NULL, + test.user_modules); +} + +static void +teardown_remote (void *unused) +{ + p11_test_directory_delete (test.user_modules); + p11_test_directory_delete (test.directory); + + free (test.directory); + free (test.user_config); + free (test.user_modules); +} + +static CK_FUNCTION_LIST * +setup_mock_module (CK_SESSION_HANDLE *session) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_RV rv; + int i; + + setup_remote (NULL); + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + if (session) { + rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, + NULL, NULL, session); + assert (rv == CKR_OK); + } + + /* Release all the other modules */ + for (i = 0; modules[i] != NULL; i++) { + if (modules[i] != module) + p11_kit_module_release (modules[i]); + } + + free (modules); + return module; +} + +static void +teardown_mock_module (CK_FUNCTION_LIST *module) +{ + p11_kit_module_finalize (module); + p11_kit_module_release (module); + teardown_remote (NULL); +} + +#ifdef OS_UNIX + +static void +launch_server (void) +{ + int fd, nfd, rc; + socklen_t sa_len; + struct sockaddr_un sa; + fd_set fds; + char *argv[3]; + + memset (&sa, 0, sizeof (sa)); + sa.sun_family = AF_UNIX; + + snprintf (sa.sun_path, sizeof (sa.sun_path), "%s/pkcs11", + test.directory); + + remove (sa.sun_path); + fd = socket (AF_UNIX, SOCK_STREAM, 0); + assert_num_cmp (fd, !=, -1); + + rc = bind (fd, (struct sockaddr *)&sa, SUN_LEN (&sa)); + assert_num_cmp (rc, !=, -1); + + rc = listen (fd, 1024); + assert_num_cmp (rc, !=, -1); + + FD_ZERO (&fds); + FD_SET (fd, &fds); + rc = select (fd + 1, &fds, NULL, NULL, NULL); + assert_num_cmp (rc, !=, -1); + + assert (FD_ISSET (fd, &fds)); + + sa_len = sizeof (sa); + nfd = accept (fd, (struct sockaddr *)&sa, &sa_len); + assert_num_cmp (rc, !=, -1); + close (fd); + + rc = dup2 (nfd, STDIN_FILENO); + assert_num_cmp (rc, !=, -1); + + rc = dup2 (nfd, STDOUT_FILENO); + assert_num_cmp (rc, !=, -1); + + argv[0] = "p11-kit-remote"; + argv[1] = P11_MODULE_PATH "/mock-two.so"; + argv[2] = NULL; + + rc = execv (BUILDDIR "/p11-kit/p11-kit-remote", argv); + assert_num_cmp (rc, !=, -1); +} + +static void +setup_remote_unix (void *unused) +{ + char *data; + char *path; + pid_t pid; + + test.directory = p11_test_directory ("p11-test-transport"); + test.user_modules = p11_path_build (test.directory, "modules", NULL); + if (mkdir (test.user_modules, 0700) < 0) + assert_not_reached (); + + data = "user-config: only\n"; + test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); + p11_test_file_write (NULL, test.user_config, data, strlen (data)); + + pid = fork (); + switch (pid) { + case -1: + assert_not_reached (); + break; + case 0: + launch_server (); + exit (0); + break; + default: + test.pid = pid; + } + + setenv ("P11_KIT_PRIVATEDIR", BUILDDIR "/p11-kit", 1); + + if (asprintf (&path, "%s/pkcs11", test.directory) < 0) + assert_not_reached (); + data = p11_path_encode (path); + assert_ptr_not_null (data); + free (path); + path = data; + if (asprintf (&data, "remote: unix:path=%s\n", path) < 0) + assert_not_reached (); + free (path); + p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); + free (data); + + p11_kit_override_system_files (NULL, test.user_config, + NULL, NULL, + test.user_modules); +} + +static void +teardown_remote_unix (void *unused) +{ + kill (test.pid, SIGKILL); + p11_test_directory_delete (test.directory); + free (test.directory); +} + +#endif /* OS_UNIX */ + +static void +test_basic_exec (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_RV rv; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + +static void +test_basic_exec_with_init_arg (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_RV rv; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "init-arg"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + +static void * +invoke_in_thread (void *arg) +{ + CK_FUNCTION_LIST *rpc_module = arg; + CK_INFO info; + CK_RV rv; + + rv = (rpc_module->C_GetInfo) (&info); + assert_num_eq (rv, CKR_OK); + + assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID, + sizeof (info.manufacturerID)) == 0); + + return NULL; +} + +static void +test_simultaneous_functions (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + const int num_threads = 128; + p11_thread_t threads[num_threads]; + int i, ret; + CK_RV rv; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + for (i = 0; i < num_threads; i++) { + ret = p11_thread_create (threads + i, invoke_in_thread, module); + assert_num_eq (0, ret); + } + + for (i = 0; i < num_threads; i++) + p11_thread_join (threads[i]); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + +#ifdef OS_UNIX + +static void +test_fork_and_reinitialize (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + CK_INFO info; + int status; + CK_RV rv; + pid_t pid; + int i; + + modules = p11_kit_modules_load (NULL, 0); + + module = p11_kit_module_for_name (modules, "remote"); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert_num_eq (rv, CKR_OK); + + pid = fork (); + assert_num_cmp (pid, >=, 0); + + /* The child */ + if (pid == 0) { + rv = (module->C_Initialize) (NULL); + assert_num_eq (CKR_OK, rv); + + for (i = 0; i < 32; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + rv = (module->C_Finalize) (NULL); + assert_num_eq (CKR_OK, rv); + + _exit (66); + } + + for (i = 0; i < 128; i++) { + rv = (module->C_GetInfo) (&info); + assert_num_eq (CKR_OK, rv); + } + + assert_num_eq (waitpid (pid, &status, 0), pid); + assert_num_eq (WEXITSTATUS (status), 66); + + rv = p11_kit_module_finalize (module); + assert_num_eq (rv, CKR_OK); + + p11_kit_modules_release (modules); +} + +#endif /* OS_UNIX */ + +#include "test-mock.c" + +extern bool p11_conf_force_user_config; + +int +main (int argc, + char *argv[]) +{ + CK_MECHANISM_TYPE mechanisms[] = { + CKM_MOCK_CAPITALIZE, + CKM_MOCK_PREFIX, + CKM_MOCK_GENERATE, + CKM_MOCK_WRAP, + CKM_MOCK_DERIVE, + CKM_MOCK_COUNT, + 0, + }; + + p11_library_init (); + + p11_conf_force_user_config = true; + + /* Override the mechanisms that the RPC mechanism will handle */ + p11_rpc_mechanisms_override_supported = mechanisms; + + p11_fixture (setup_remote, teardown_remote); + p11_test (test_basic_exec, "/transport/basic"); + p11_test (test_basic_exec_with_init_arg, "/transport/init-arg"); + p11_test (test_simultaneous_functions, "/transport/simultaneous-functions"); + +#ifdef OS_UNIX + p11_test (test_fork_and_reinitialize, "/transport/fork-and-reinitialize"); +#endif + + test_mock_add_tests ("/transport"); + +#ifdef OS_UNIX + p11_fixture (setup_remote_unix, teardown_remote_unix); + p11_test (test_basic_exec, "/transport/unix/basic"); +#endif + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c new file mode 100644 index 0000000..32e8da7 --- /dev/null +++ b/p11-kit/test-uri.c @@ -0,0 +1,1698 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "debug.h" +#include "message.h" + +#include +#include +#include +#include + +#include "p11-kit/uri.h" +#include "p11-kit/private.h" + +static int +is_module_empty (P11KitUri *uri) +{ + CK_INFO_PTR info = p11_kit_uri_get_module_info (uri); + return (info->libraryDescription[0] == 0 && + info->manufacturerID[0] == 0 && + info->libraryVersion.major == (CK_BYTE)-1 && + info->libraryVersion.minor == (CK_BYTE)-1); +} + +static int +is_slot_empty (P11KitUri *uri) +{ + CK_SLOT_INFO_PTR slot = p11_kit_uri_get_slot_info (uri); + return (slot->slotDescription[0] == 0 && + slot->manufacturerID[0] == 0); +} + +static int +is_token_empty (P11KitUri *uri) +{ + CK_TOKEN_INFO_PTR token = p11_kit_uri_get_token_info (uri); + return (token->serialNumber[0] == 0 && + token->manufacturerID[0] == 0 && + token->label[0] == 0 && + token->model[0] == 0); +} + +static int +are_attributes_empty (P11KitUri *uri) +{ + return (p11_kit_uri_get_attribute (uri, CKA_LABEL) == NULL && + p11_kit_uri_get_attribute (uri, CKA_ID) == NULL && + p11_kit_uri_get_attribute (uri, CKA_CLASS) == NULL); +} + +static void +test_uri_parse (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (is_module_empty (uri)); + assert (is_slot_empty (uri)); + assert (is_token_empty (uri)); + assert (are_attributes_empty (uri)); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_case_insensitive (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("PKCS11:", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (is_module_empty (uri)); + assert (is_slot_empty (uri)); + assert (is_token_empty (uri)); + assert (are_attributes_empty (uri)); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_bad_scheme (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_label (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (is_module_empty (uri)); + assert (is_slot_empty (uri)); + assert (is_token_empty (uri)); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == strlen ("Test Label")); + assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_label_and_klass (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == strlen ("Test Label")); + assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_label_and_new_klass (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == strlen ("Test Label")); + assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_empty_label (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=;type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (attr); + + p11_kit_uri_free (uri); + + /* really empty */ + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert (attr == NULL); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_empty_id (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:id=;type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_ID); + assert_ptr_not_null (attr); + + p11_kit_uri_free (uri); + + /* really empty */ + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_ID); + assert (attr == NULL); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_id (void) +{ + CK_ATTRIBUTE_PTR attr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + /* Note that there's a NULL in the attribute (end) */ + attr = p11_kit_uri_get_attribute (uri, CKA_ID); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == 5); + assert (memcmp (attr->pValue, "TEST", 5) == 0); + + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_bad_string_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_bad_hex_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static bool +is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check) +{ + size_t i, len = strlen (check); + if (len > size) + return false; + if (memcmp (string, check, len) != 0) + return false; + for (i = len; i < size; ++i) + if (string[i] != ' ') + return false; + return true; +} + +static void +test_uri_parse_with_token (void) +{ + P11KitUri *uri = NULL; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me", + P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + token = p11_kit_uri_get_token_info (uri); + assert (is_space_string (token->label, sizeof (token->label), "Token Label")); + assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333")); + assert (is_space_string (token->model, sizeof (token->model), "Deluxe")); + assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me")); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_token_bad_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_bad_syntax (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_spaces (void) +{ + P11KitUri *uri = NULL; + CK_INFO_PTR info; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip \n tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe", + P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + + assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); + assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); + + p11_kit_uri_free (uri); +} + + +static void +test_uri_parse_with_library (void) +{ + P11KitUri *uri = NULL; + CK_INFO_PTR info; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me", + P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + + assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me")); + assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library")); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_library_bad_encoding (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_with_slot (void) +{ + P11KitUri *uri = NULL; + CK_SLOT_INFO_PTR slot; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:slot-description=Slot%20Description;slot-manufacturer=Me", + P11_KIT_URI_FOR_SLOT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + slot = p11_kit_uri_get_slot_info (uri); + assert (is_space_string (slot->slotDescription, sizeof (slot->slotDescription), "Slot Description")); + assert (is_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me")); + + p11_kit_uri_free (uri); +} + +static void +test_uri_build_empty (void) +{ + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert_str_eq ("pkcs11:", string); + free (string); + + p11_kit_uri_free (uri); +} + +static void +set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string) +{ + size_t len = strlen (string); + assert (len <= length); + memset (buffer, ' ', length); + memcpy (buffer, string, len); +} + +static void +test_uri_build_with_token_info (void) +{ + char *string = NULL; + P11KitUri *uri; + P11KitUri *check; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + token = p11_kit_uri_get_token_info (uri); + set_space_string (token->label, sizeof (token->label), "The Label"); + set_space_string (token->serialNumber, sizeof (token->serialNumber), "44444"); + set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"); + set_space_string (token->model, sizeof (token->model), "Deluxe"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert_ptr_not_null (string); + + check = p11_kit_uri_new (); + assert_ptr_not_null (check); + + ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check); + assert_num_eq (P11_KIT_URI_OK, ret); + + p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri)); + + p11_kit_uri_free (uri); + p11_kit_uri_free (check); + + assert (strstr (string, "token=The%20Label") != NULL); + assert (strstr (string, "serial=44444") != NULL); + assert (strstr (string, "manufacturer=Me") != NULL); + assert (strstr (string, "model=Deluxe") != NULL); + + free (string); +} + +static void +test_uri_build_with_token_null_info (void) +{ + char *string = NULL; + P11KitUri *uri; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + token = p11_kit_uri_get_token_info (uri); + set_space_string (token->label, sizeof (token->label), "The Label"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (strstr (string, "token=The%20Label") != NULL); + assert (strstr (string, "serial=") == NULL); + + free (string); + p11_kit_uri_free (uri); +} + +static void +test_uri_build_with_token_empty_info (void) +{ + char *string = NULL; + P11KitUri *uri; + CK_TOKEN_INFO_PTR token; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + token = p11_kit_uri_get_token_info (uri); + set_space_string (token->label, sizeof (token->label), ""); + set_space_string (token->serialNumber, sizeof (token->serialNumber), ""); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + + assert (strstr (string, "token=") != NULL); + assert (strstr (string, "serial=") != NULL); + + free (string); + p11_kit_uri_free (uri); +} + +static void +test_uri_build_with_attributes (void) +{ + char *string = NULL; + P11KitUri *uri; + P11KitUri *check; + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE at; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + at.type = CKA_LABEL; + at.pValue = "The Label"; + at.ulValueLen = 9; + ret = p11_kit_uri_set_attribute (uri, &at); + assert_num_eq (P11_KIT_URI_OK, ret); + + at.type = CKA_ID; + at.pValue = "HELLO"; + at.ulValueLen = 5; + ret = p11_kit_uri_set_attribute (uri, &at); + assert_num_eq (P11_KIT_URI_OK, ret); + + klass = CKO_DATA; + at.type = CKA_CLASS; + at.pValue = &klass; + at.ulValueLen = sizeof (klass); + ret = p11_kit_uri_set_attribute (uri, &at); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + + check = p11_kit_uri_new (); + assert_ptr_not_null (check); + + ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (check, CKA_LABEL); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == 9); + assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0); + + attr = p11_kit_uri_get_attribute (check, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (klass)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass); + + attr = p11_kit_uri_get_attribute (check, CKA_ID); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == 5); + assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0); + + p11_kit_uri_free (check); + + assert (strstr (string, "object=The%20Label") != NULL); + assert (strstr (string, "type=data") != NULL); + assert (strstr (string, "id=%48%45%4C%4C%4F") != NULL); + + free (string); + p11_kit_uri_free (uri); +} + +static void +test_uri_build_with_slot_info (void) +{ + char *string = NULL; + P11KitUri *uri; + P11KitUri *check; + CK_SLOT_INFO_PTR slot; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + slot = p11_kit_uri_get_slot_info (uri); + set_space_string (slot->slotDescription, sizeof (slot->slotDescription), "The Slot Description"); + set_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert_ptr_not_null (string); + + check = p11_kit_uri_new (); + assert_ptr_not_null (check); + + ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, check); + assert_num_eq (P11_KIT_URI_OK, ret); + + p11_kit_uri_match_slot_info (check, p11_kit_uri_get_slot_info (uri)); + + p11_kit_uri_free (uri); + p11_kit_uri_free (check); + + assert (strstr (string, "slot-description=The%20Slot%20Description") != NULL); + assert (strstr (string, "slot-manufacturer=Me") != NULL); + + free (string); +} + +static void +test_uri_parse_private_key (void) +{ + P11KitUri *uri; + CK_ATTRIBUTE_PTR attr; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:type=private", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_secret_key (void) +{ + P11KitUri *uri; + CK_ATTRIBUTE_PTR attr; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:type=secret-key", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_not_null (attr); + assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS)); + assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_library_version (void) +{ + P11KitUri *uri; + CK_INFO_PTR info; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + assert_num_eq (2, info->libraryVersion.major); + assert_num_eq (101, info->libraryVersion.minor); + + ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info = p11_kit_uri_get_module_info (uri); + assert_num_eq (23, info->libraryVersion.major); + assert_num_eq (0, info->libraryVersion.minor); + + ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri); + assert_num_eq (P11_KIT_URI_BAD_VERSION, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_parse_unknown_object_type (void) +{ + P11KitUri *uri; + CK_ATTRIBUTE_PTR attr; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:type=unknown", P11_KIT_URI_FOR_OBJECT, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); + assert_ptr_eq (NULL, attr); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_unrecognized (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (1, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_parse_too_long_is_unrecognized (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with", + P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (1, ret); + + p11_kit_uri_free (uri); +} + + + +static void +test_uri_build_object_type_cert (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_CERTIFICATE; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "type=cert") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_object_type_private (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_PRIVATE_KEY; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "type=private") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_object_type_public (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_PUBLIC_KEY; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "type=public") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_object_type_secret (void) +{ + CK_ATTRIBUTE attr; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + klass = CKO_SECRET_KEY; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + p11_kit_uri_set_attribute (uri, &attr); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "type=secret-key") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_with_library (void) +{ + CK_INFO_PTR info; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + info = p11_kit_uri_get_module_info (uri); + set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "library-description=The%20Description") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_build_library_version (void) +{ + CK_INFO_PTR info; + P11KitUri *uri; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + info = p11_kit_uri_get_module_info (uri); + info->libraryVersion.major = 2; + info->libraryVersion.minor = 10; + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "library-version=2.10") != NULL); + + p11_kit_uri_free (uri); + free (string); +} + +static void +test_uri_get_set_unrecognized (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (0, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (1, ret); + + p11_kit_uri_set_unrecognized (uri, 0); + + ret = p11_kit_uri_any_unrecognized (uri); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_token (void) +{ + CK_TOKEN_INFO token; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + set_space_string (token.label, sizeof (token.label), "A label"); + set_space_string (token.model, sizeof (token.model), "Giselle"); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (1, ret); + + set_space_string (token.label, sizeof (token.label), "Another label"); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (1, ret); + + set_space_string (token.model, sizeof (token.model), "Zoolander"); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (0, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_match_token_info (uri, &token); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_module (void) +{ + CK_INFO info; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet"); + set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone"); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (1, ret); + + set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else"); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (1, ret); + + set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise"); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (0, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_version (void) +{ + CK_INFO info; + P11KitUri *uri; + int ret; + + memset (&info, 0, sizeof (info)); + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + info.libraryVersion.major = 5; + info.libraryVersion.minor = 8; + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (1, ret); + + info.libraryVersion.major = 2; + info.libraryVersion.minor = 3; + + ret = p11_kit_uri_match_module_info (uri, &info); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_match_attributes (void) +{ + CK_ATTRIBUTE attrs[4]; + CK_OBJECT_CLASS klass; + P11KitUri *uri; + int ret; + + attrs[0].type = CKA_ID; + attrs[0].pValue = "Blah"; + attrs[0].ulValueLen = 4; + + attrs[1].type = CKA_LABEL; + attrs[1].pValue = "Junk"; + attrs[1].ulValueLen = 4; + + attrs[2].type = CKA_COLOR; + attrs[2].pValue = "blue"; + attrs[2].ulValueLen = 4; + + klass = CKO_DATA; + attrs[3].type = CKA_CLASS; + attrs[3].pValue = &klass; + attrs[3].ulValueLen = sizeof (klass); + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;type=data", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (0, ret); + + attrs[1].pValue = "Fancy"; + attrs[1].ulValueLen = 5; + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (1, ret); + + p11_kit_uri_clear_attribute (uri, CKA_CLASS); + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (1, ret); + + attrs[2].pValue = "pink"; + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (1, ret); + + p11_kit_uri_set_unrecognized (uri, 1); + + ret = p11_kit_uri_match_attributes (uri, attrs, 4); + assert_num_eq (0, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_get_set_attribute (void) +{ + CK_ATTRIBUTE attr; + CK_ATTRIBUTE_PTR ptr; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_eq (NULL, ptr); + + ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR); + assert_num_eq (P11_KIT_URI_NOT_FOUND, ret); + + attr.type = CKA_LABEL; + attr.pValue = "Test"; + attr.ulValueLen = 4; + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + /* We can set other attributes */ + attr.type = CKA_COLOR; + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + /* And get them too */ + ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR); + assert_ptr_not_null (ptr); + + ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_not_null (ptr); + + assert (ptr->type == CKA_LABEL); + assert (ptr->ulValueLen == 4); + assert (memcmp (ptr->pValue, "Test", 4) == 0); + + ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); + assert_num_eq (P11_KIT_URI_OK, ret); + + ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL); + assert_ptr_eq (NULL, ptr); + + p11_kit_uri_free (uri); +} + +static void +test_uri_get_set_attributes (void) +{ + CK_ATTRIBUTE_PTR attrs; + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE attr; + CK_ULONG n_attrs; + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (0, n_attrs); + + attr.type = CKA_LABEL; + attr.pValue = "Test"; + attr.ulValueLen = 4; + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 4); + assert (memcmp (attrs[0].pValue, "Test", 4) == 0); + + attr.type = CKA_LABEL; + attr.pValue = "Kablooey"; + attr.ulValueLen = 8; + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 8); + assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); + + klass = CKO_DATA; + attr.type = CKA_CLASS; + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + + ret = p11_kit_uri_set_attribute (uri, &attr); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (2, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 8); + assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0); + assert (attrs[1].type == CKA_CLASS); + assert (attrs[1].ulValueLen == sizeof (klass)); + assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0); + + ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_CLASS); + assert (attrs[0].ulValueLen == sizeof (klass)); + assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0); + + attr.type = CKA_LABEL; + attr.pValue = "Three"; + attr.ulValueLen = 5; + + ret = p11_kit_uri_set_attributes (uri, &attr, 1); + assert_num_eq (P11_KIT_URI_OK, ret); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (1, n_attrs); + assert (attrs[0].type == CKA_LABEL); + assert (attrs[0].ulValueLen == 5); + assert (memcmp (attrs[0].pValue, "Three", 5) == 0); + + p11_kit_uri_clear_attributes (uri); + + attrs = p11_kit_uri_get_attributes (uri, &n_attrs); + assert_ptr_not_null (attrs); + assert_num_eq (0, n_attrs); + + p11_kit_uri_free (uri); +} + +static void +test_uri_pin_source (void) +{ + P11KitUri *uri; + const char *pin_source; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_pin_source (uri, "|my-pin-source"); + + pin_source = p11_kit_uri_get_pin_source (uri); + assert_str_eq ("|my-pin-source", pin_source); + + pin_source = p11_kit_uri_get_pinfile (uri); + assert_str_eq ("|my-pin-source", pin_source); + + p11_kit_uri_set_pinfile (uri, "|my-pin-file"); + + pin_source = p11_kit_uri_get_pin_source (uri); + assert_str_eq ("|my-pin-file", pin_source); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "pin-source=%7Cmy-pin-file") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:?pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + pin_source = p11_kit_uri_get_pin_source (uri); + assert_str_eq ("blah/blah", pin_source); + + p11_kit_uri_free (uri); +} + + +static void +test_uri_pin_value (void) +{ + P11KitUri *uri; + const char *pin_value; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_pin_value (uri, "123456"); + + pin_value = p11_kit_uri_get_pin_value (uri); + assert_str_eq ("123456", pin_value); + + p11_kit_uri_set_pin_value (uri, "1*&#%&@("); + + pin_value = p11_kit_uri_get_pin_value (uri); + assert_str_eq ("1*&#%&@(", pin_value); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "pkcs11:?pin-value=1%2A%26%23%25%26%40%28") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:?pin-value=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + pin_value = p11_kit_uri_get_pin_value (uri); + assert_str_eq ("blah/blah", pin_value); + + p11_kit_uri_free (uri); +} + +static void +test_uri_pin_value_bad (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:?pin-value=blahblah%2", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_module_name (void) +{ + P11KitUri *uri; + const char *module_name; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_module_name (uri, "123456"); + + module_name = p11_kit_uri_get_module_name (uri); + assert_str_eq ("123456", module_name); + + p11_kit_uri_set_module_name (uri, "1*&#%&@("); + + module_name = p11_kit_uri_get_module_name (uri); + assert_str_eq ("1*&#%&@(", module_name); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "pkcs11:?module-name=1%2A%26%23%25%26%40%28") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:?module-name=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + module_name = p11_kit_uri_get_module_name (uri); + assert_str_eq ("blah/blah", module_name); + + p11_kit_uri_free (uri); +} + +static void +test_uri_module_name_bad (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:?module-name=blahblah%2", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_module_path (void) +{ + P11KitUri *uri; + const char *module_path; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_module_path (uri, "/my-module-path"); + + module_path = p11_kit_uri_get_module_path (uri); + assert_str_eq ("/my-module-path", module_path); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "module-path=%2Fmy-module-path") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:?module-path=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + module_path = p11_kit_uri_get_module_path (uri); + assert_str_eq ("blah/blah", module_path); + + p11_kit_uri_free (uri); +} + +static void +test_uri_module_name_and_path (void) +{ + P11KitUri *uri; + const char *module_name; + const char *module_path; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_module_name (uri, "123456"); + p11_kit_uri_set_module_path (uri, "/my-module-path"); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "pkcs11:?module-name=123456&module-path=%2Fmy-module-path") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:?module-name=1%2A%26%23%25%26%40%28&module-path=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + module_name = p11_kit_uri_get_module_name (uri); + assert_str_eq ("1*&#%&@(", module_name); + module_path = p11_kit_uri_get_module_path (uri); + assert_str_eq ("blah/blah", module_path); + + p11_kit_uri_free (uri); +} + +static void +test_uri_vendor_query (void) +{ + P11KitUri *uri; + const char *value; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_set_vendor_query (uri, "my-query-one", "123456"); + assert_num_eq (1, ret); + value = p11_kit_uri_get_vendor_query (uri, "my-query-one"); + assert_str_eq ("123456", value); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "my-query-one=123456") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:?my-query-two=some-value", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + value = p11_kit_uri_get_vendor_query (uri, "my-query-two"); + assert_str_eq ("some-value", value); + + ret = p11_kit_uri_set_vendor_query (uri, "my-query-two", "other-value"); + assert_num_eq (1, ret); + + value = p11_kit_uri_get_vendor_query (uri, "my-query-two"); + assert_str_eq ("other-value", value); + + ret = p11_kit_uri_set_vendor_query (uri, "my-query-three", NULL); + assert_num_eq (0, ret); + + /* Check if duplicate vendor query attributes are accepted and + * sorted alphabetically. */ + ret = p11_kit_uri_parse ("pkcs11:?bbb=zzz&aaa=xxx&aaa=yyy", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert_str_eq ("pkcs11:?aaa=xxx&aaa=yyy&bbb=zzz", string); + free (string); + + p11_kit_uri_free (uri); +} + +static void +test_uri_slot_id (void) +{ + P11KitUri *uri; + CK_SLOT_ID slot_id; + char *string; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + p11_kit_uri_set_slot_id (uri, 12345); + + slot_id = p11_kit_uri_get_slot_id (uri); + assert_num_eq (12345, slot_id); + + ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string); + assert_num_eq (P11_KIT_URI_OK, ret); + assert (strstr (string, "pkcs11:slot-id=12345") != NULL); + free (string); + + ret = p11_kit_uri_parse ("pkcs11:slot-id=67890", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_OK, ret); + + slot_id = p11_kit_uri_get_slot_id (uri); + assert_num_eq (67890, slot_id); + + p11_kit_uri_free (uri); +} + +static void +test_uri_slot_id_bad (void) +{ + P11KitUri *uri; + int ret; + + uri = p11_kit_uri_new (); + assert_ptr_not_null (uri); + + ret = p11_kit_uri_parse ("pkcs11:slot-id=123^456", P11_KIT_URI_FOR_ANY, uri); + assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret); + + p11_kit_uri_free (uri); +} + +static void +test_uri_free_null (void) +{ + p11_kit_uri_free (NULL); +} + +static void +test_uri_message (void) +{ + assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL); + assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED)); + assert_ptr_not_null (p11_kit_uri_message (-555555)); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_uri_parse, "/uri/test_uri_parse"); + p11_test (test_uri_parse_case_insensitive, "/uri/test_uri_parse_case_insensitive"); + p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme"); + p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label"); + p11_test (test_uri_parse_with_empty_label, "/uri/test_uri_parse_with_empty_label"); + p11_test (test_uri_parse_with_empty_id, "/uri/test_uri_parse_with_empty_id"); + p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass"); + p11_test (test_uri_parse_with_label_and_new_klass, "/uri/parse-with-label-and-new-class"); + p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id"); + p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding"); + p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding"); + p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token"); + p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding"); + p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax"); + p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces"); + p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library"); + p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding"); + p11_test (test_uri_parse_with_slot, "/uri/test_uri_parse_with_slot"); + p11_test (test_uri_build_empty, "/uri/test_uri_build_empty"); + p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info"); + p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info"); + p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info"); + p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes"); + p11_test (test_uri_build_with_slot_info, "/uri/test_uri_build_with_slot_info"); + p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key"); + p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key"); + p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version"); + p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type"); + p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized"); + p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized"); + p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert"); + p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private"); + p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public"); + p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret"); + p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library"); + p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version"); + p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized"); + p11_test (test_uri_match_token, "/uri/test_uri_match_token"); + p11_test (test_uri_match_module, "/uri/test_uri_match_module"); + p11_test (test_uri_match_version, "/uri/test_uri_match_version"); + p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes"); + p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute"); + p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes"); + p11_test (test_uri_pin_source, "/uri/test_uri_pin_source"); + p11_test (test_uri_pin_value, "/uri/pin-value"); + p11_test (test_uri_pin_value_bad, "/uri/pin-value-bad"); + p11_test (test_uri_module_name, "/uri/module-name"); + p11_test (test_uri_module_name_bad, "/uri/module-name-bad"); + p11_test (test_uri_module_path, "/uri/module-path"); + p11_test (test_uri_module_name_and_path, "/uri/module-name-and-path"); + p11_test (test_uri_vendor_query, "/uri/vendor-query"); + p11_test (test_uri_slot_id, "/uri/slot-id"); + p11_test (test_uri_slot_id_bad, "/uri/slot-id-bad"); + p11_test (test_uri_free_null, "/uri/test_uri_free_null"); + p11_test (test_uri_message, "/uri/test_uri_message"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-util.c b/p11-kit/test-util.c new file mode 100644 index 0000000..0e579cd --- /dev/null +++ b/p11-kit/test-util.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "p11-kit.h" + +#include +#include + +static void +test_space_strlen (void) +{ + assert_num_eq (4, p11_kit_space_strlen ((const unsigned char *)"Test ", 20)); + assert_num_eq (20, p11_kit_space_strlen ((const unsigned char *)"01234567890123456789", 20)); + assert_num_eq (0, p11_kit_space_strlen ((const unsigned char *)" ", 20)); +} + +int +main (int argc, + char *argv[]) +{ + putenv ("P11_KIT_STRICT=1"); + + p11_test (test_space_strlen, "/util/space-strlen"); + return p11_test_run (argc, argv); +} diff --git a/p11-kit/test-virtual.c b/p11-kit/test-virtual.c new file mode 100644 index 0000000..2b83720 --- /dev/null +++ b/p11-kit/test-virtual.c @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2012 Stefan Walter + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "library.h" +#include "p11-kit.h" +#include "private.h" +#include "virtual.h" + +#include "test.h" + +#include "mock.h" + +#include +#include +#include +#include +#include + +/* + * test-managed.c is a pretty good test of the closure code, so we + * just test a few things here. + */ + +typedef struct { + p11_virtual virt; + void *check; +} Override; + +static CK_RV +override_initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR args) +{ + Override *over = (Override *)self; + + assert_str_eq ("initialize-arg", args); + assert_str_eq ("overide-arg", over->check); + + /* An arbitrary error code to check */ + return CKR_NEED_TO_CREATE_THREADS; +} + +static bool test_destroyed = false; + +static void +test_destroyer (void *data) +{ + assert (data == &mock_x_module_no_slots); + assert (test_destroyed == false); + test_destroyed = true; +} + +static void +test_initialize (void) +{ + CK_FUNCTION_LIST_PTR module; + Override over = { }; + CK_RV rv; + + p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer); + over.virt.funcs.C_Initialize = override_initialize; + over.check = "overide-arg"; + test_destroyed = false; + + module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit); + assert_ptr_not_null (module); + + rv = (module->C_Initialize) ("initialize-arg"); + assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); + + p11_virtual_unwrap (module); + assert_num_eq (true, test_destroyed); +} + +static void +test_fall_through (void) +{ + CK_FUNCTION_LIST_PTR module; + Override over = { }; + p11_virtual base; + CK_RV rv; + + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL); + over.virt.funcs.C_Initialize = override_initialize; + over.check = "overide-arg"; + + module = p11_virtual_wrap (&over.virt, NULL); + assert_ptr_not_null (module); + + rv = (module->C_Initialize) ("initialize-arg"); + assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv); + + /* All other functions should have just fallen through */ + assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize); + + p11_virtual_unwrap (module); +} + +static void +test_get_function_list (void) +{ + CK_FUNCTION_LIST_PTR module; + CK_FUNCTION_LIST_PTR list; + p11_virtual virt; + CK_RV rv; + + p11_virtual_init (&virt, &p11_virtual_base, &mock_module_no_slots, NULL); + module = p11_virtual_wrap (&virt, NULL); + assert_ptr_not_null (module); + + rv = (module->C_GetFunctionList) (&list); + assert_num_eq (CKR_OK, rv); + assert_ptr_eq (module, list); + + rv = (module->C_GetFunctionList) (&list); + assert_num_eq (CKR_OK, rv); + + rv = (module->C_GetFunctionList) (NULL); + assert_num_eq (CKR_ARGUMENTS_BAD, rv); + + p11_virtual_unwrap (module); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + p11_library_init (); + + p11_test (test_initialize, "/virtual/test_initialize"); + p11_test (test_fall_through, "/virtual/test_fall_through"); + p11_test (test_get_function_list, "/virtual/test_get_function_list"); + + return p11_test_run (argc, argv); +} diff --git a/p11-kit/uri.c b/p11-kit/uri.c new file mode 100644 index 0000000..9f75d4d --- /dev/null +++ b/p11-kit/uri.c @@ -0,0 +1,1831 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "array.h" +#include "attrs.h" +#include "buffer.h" +#define P11_DEBUG_FLAG P11_DEBUG_URI +#include "debug.h" +#include "message.h" +#include "pkcs11.h" +#include "private.h" +#include "p11-kit.h" +#include "uri.h" +#include "url.h" + +#include +#include +#include +#include +#include + +/** + * SECTION:p11-kit-uri + * @title: URIs + * @short_description: Parsing and formatting PKCS\#11 URIs + * + * PKCS\#11 URIs can be used in configuration files or applications to represent + * PKCS\#11 modules, tokens or objects. An example of a URI might be: + * + * + * pkcs11:token=The\%20Software\%20PKCS\#11\%20softtoken; + * manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate; + * model=1.0;type=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91 + * + * + * You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format() + * to build one. URIs are represented by the #P11KitUri structure. You can match + * a parsed URI against PKCS\#11 tokens with p11_kit_uri_match_token_info() + * or attributes with p11_kit_uri_match_attributes(). + * + * Since URIs can represent different sorts of things, when parsing or formatting + * a URI a 'context' can be used to indicate which sort of URI is expected. + * + * URIs have an unrecognized flag. This flag is set during parsing + * if any parts of the URI are not recognized. This may be because the part is + * from a newer version of the PKCS\#11 spec or because that part was not valid + * inside of the desired context used when parsing. + */ + +/** + * P11KitUri: + * + * A structure representing a PKCS\#11 URI. There are no public fields + * visible in this structure. Use the various accessor functions. + */ + +/** + * P11KitUriType: + * @P11_KIT_URI_FOR_OBJECT: The URI represents one or more objects + * @P11_KIT_URI_FOR_TOKEN: The URI represents one or more tokens + * @P11_KIT_URI_FOR_SLOT: The URI represents one or more slots + * @P11_KIT_URI_FOR_MODULE: The URI represents one or more modules + * @P11_KIT_URI_FOR_MODULE_WITH_VERSION: The URI represents a module with + * a specific version. + * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN: The URI represents one or more objects + * that are present on a specific token. + * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE: The URI represents one or more + * objects that are present on a specific token, being used with a certain + * module. + * @P11_KIT_URI_FOR_ANY: The URI can represent anything + * + * A PKCS\#11 URI can represent different kinds of things. This flag is used by + * p11_kit_uri_parse() to denote in what context the URI will be used. + * + * The various types can be combined. + */ + +/** + * P11KitUriResult: + * @P11_KIT_URI_OK: Success + * @P11_KIT_URI_UNEXPECTED: Unexpected or internal system error + * @P11_KIT_URI_BAD_SCHEME: The URI had a bad scheme + * @P11_KIT_URI_BAD_ENCODING: The URI had a bad encoding + * @P11_KIT_URI_BAD_SYNTAX: The URI had a bad syntax + * @P11_KIT_URI_BAD_VERSION: The URI contained a bad version number + * @P11_KIT_URI_NOT_FOUND: A requested part of the URI was not found + * + * Error codes returned by various functions. The functions each clearly state + * which error codes they are capable of returning. + */ + +/** + * P11_KIT_URI_NO_MEMORY: + * + * Unexpected memory allocation failure result. Same as #P11_KIT_URI_UNEXPECTED. + */ + +/** + * P11_KIT_URI_SCHEME: + * + * String of URI scheme for PKCS\#11 URIs. + */ + +/** + * P11_KIT_URI_SCHEME_LEN: + * + * Length of %P11_KIT_URI_SCHEME. + */ + +typedef struct _Attribute { + char *name; + char *value; +} Attribute; + +struct p11_kit_uri { + bool unrecognized; + CK_INFO module; + CK_SLOT_INFO slot; + CK_TOKEN_INFO token; + CK_ATTRIBUTE *attrs; + CK_SLOT_ID slot_id; + char *pin_source; + char *pin_value; + char *module_name; + char *module_path; + p11_array *qattrs; +}; + +static char * +strip_whitespace (const char *value) +{ + size_t length = strlen (value); + char *at, *pos; + char *key; + + key = malloc (length + 1); + return_val_if_fail (key != NULL, NULL); + + memcpy (key, value, length); + key[length] = '\0'; + + /* Do we have any whitespace? Strip it out. */ + if (strcspn (key, P11_URL_WHITESPACE) != length) { + for (at = key, pos = key; pos != key + length + 1; ++pos) { + if (!strchr (P11_URL_WHITESPACE, *pos)) + *(at++) = *pos; + } + *at = '\0'; + } + + return key; +} + +static bool +match_struct_string (const unsigned char *inuri, const unsigned char *real, + size_t length) +{ + assert (inuri); + assert (real); + assert (length > 0); + + /* NULL matches anything */ + if (inuri[0] == 0) + return true; + + return memcmp (inuri, real, length) == 0 ? true : false; +} + +static bool +match_struct_version (CK_VERSION const *inuri, CK_VERSION const *real) +{ + /* This matches anything */ + if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1) + return true; + + return memcmp (inuri, real, sizeof (CK_VERSION)) == 0 ? true : false; +} + +/** + * p11_kit_uri_get_module_info: + * @uri: the URI + * + * Get the CK_INFO structure associated with this URI. + * + * If this is a parsed URI, then the fields corresponding to library parts of + * the URI will be filled in. Any library URI parts that were missing will have + * their fields filled with zeros. + * + * If the caller wishes to setup information for building a URI, then relevant + * fields should be filled in. Fields that should not appear as parts in the + * resulting URI should be filled with zeros. + * + * Returns: A pointer to the CK_INFO structure. + */ +CK_INFO_PTR +p11_kit_uri_get_module_info (P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return &uri->module; +} + +int +p11_match_uri_module_info (CK_INFO const *one, + CK_INFO const *two) +{ + return (match_struct_string (one->libraryDescription, + two->libraryDescription, + sizeof (one->libraryDescription)) && + match_struct_string (one->manufacturerID, + two->manufacturerID, + sizeof (one->manufacturerID)) && + match_struct_version (&one->libraryVersion, + &two->libraryVersion)); +} + +/** + * p11_kit_uri_match_module_info: + * @uri: the URI + * @info: the structure to match against the URI + * + * Match a CK_INFO structure against the library parts of this URI. + * + * Only the fields of the CK_INFO structure that are valid for use + * in a URI will be matched. A URI part that was not specified in the URI will + * match any value in the structure. If during the URI parsing any unrecognized + * parts were encountered then this match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_module_info (const P11KitUri *uri, const CK_INFO *info) +{ + return_val_if_fail (uri != NULL, 0); + return_val_if_fail (info != NULL, 0); + + if (uri->unrecognized) + return 0; + + return p11_match_uri_module_info (&uri->module, info); +} + +/** + * p11_kit_uri_get_slot_info: + * @uri: the URI + * + * Get the CK_SLOT_INFO structure associated with this URI. + * + * If this is a parsed URI, then the fields corresponding to slot parts of + * the URI will be filled in. Any slot URI parts that were missing will have + * their fields filled with zeros. + * + * If the caller wishes to setup information for building a URI, then relevant + * fields should be filled in. Fields that should not appear as parts in the + * resulting URI should be filled with zeros. + * + * Returns: A pointer to the CK_INFO structure. + */ +CK_SLOT_INFO_PTR +p11_kit_uri_get_slot_info (P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return &uri->slot; +} + +int +p11_match_uri_slot_info (CK_SLOT_INFO const *one, + CK_SLOT_INFO const *two) +{ + return (match_struct_string (one->slotDescription, + two->slotDescription, + sizeof (one->slotDescription)) && + match_struct_string (one->manufacturerID, + two->manufacturerID, + sizeof (one->manufacturerID))); +} + +/** + * p11_kit_uri_match_slot_info: + * @uri: the URI + * @slot_info: the structure to match against the URI + * + * Match a CK_SLOT_INFO structure against the slot parts of this + * URI. + * + * Only the fields of the CK_SLOT_INFO structure that are valid + * for use in a URI will be matched. A URI part that was not specified in the + * URI will match any value in the structure. If during the URI parsing any + * unrecognized parts were encountered then this match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_slot_info (const P11KitUri *uri, const CK_SLOT_INFO *slot_info) +{ + return_val_if_fail (uri != NULL, 0); + return_val_if_fail (slot_info != NULL, 0); + + if (uri->unrecognized) + return 0; + + return p11_match_uri_slot_info (&uri->slot, slot_info); +} + +/** + * p11_kit_uri_get_slot_id: + * @uri: The URI + * + * Get the 'slot-id' part of the URI. + * + * Returns: The slot-id or (CK_SLOT_ID)-1 if not set. + */ +CK_SLOT_ID +p11_kit_uri_get_slot_id (P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, (CK_SLOT_ID)-1); + return uri->slot_id; +} + +/** + * p11_kit_uri_set_slot_id: + * @uri: The URI + * @slot_id: The new slot-id + * + * Set the 'slot-id' part of the URI. + */ +void +p11_kit_uri_set_slot_id (P11KitUri *uri, + CK_SLOT_ID slot_id) +{ + return_if_fail (uri != NULL); + uri->slot_id = slot_id; +} + +/** + * p11_kit_uri_get_token_info: + * @uri: the URI + * + * Get the CK_TOKEN_INFO structure associated with this URI. + * + * If this is a parsed URI, then the fields corresponding to token parts of + * the URI will be filled in. Any token URI parts that were missing will have + * their fields filled with zeros. + * + * If the caller wishes to setup information for building a URI, then relevant + * fields should be filled in. Fields that should not appear as parts in the + * resulting URI should be filled with zeros. + * + * Returns: A pointer to the CK_INFO structure. + */ +CK_TOKEN_INFO_PTR +p11_kit_uri_get_token_info (P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return &uri->token; +} + +int +p11_match_uri_token_info (CK_TOKEN_INFO const *one, + CK_TOKEN_INFO const *two) +{ + return (match_struct_string (one->label, + two->label, + sizeof (one->label)) && + match_struct_string (one->manufacturerID, + two->manufacturerID, + sizeof (one->manufacturerID)) && + match_struct_string (one->model, + two->model, + sizeof (one->model)) && + match_struct_string (one->serialNumber, + two->serialNumber, + sizeof (one->serialNumber))); +} + +/** + * p11_kit_uri_match_token_info: + * @uri: the URI + * @token_info: the structure to match against the URI + * + * Match a CK_TOKEN_INFO structure against the token parts of this + * URI. + * + * Only the fields of the CK_TOKEN_INFO structure that are valid + * for use in a URI will be matched. A URI part that was not specified in the + * URI will match any value in the structure. If during the URI parsing any + * unrecognized parts were encountered then this match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_token_info (const P11KitUri *uri, const CK_TOKEN_INFO *token_info) +{ + return_val_if_fail (uri != NULL, 0); + return_val_if_fail (token_info != NULL, 0); + + if (uri->unrecognized) + return 0; + + return p11_match_uri_token_info (&uri->token, token_info); +} + +/** + * p11_kit_uri_get_attribute: + * @uri: The URI + * @attr_type: The attribute type + * + * Get a pointer to an attribute present in this URI. + * + * Returns: A pointer to the attribute, or NULL if not present. + * The attribute is owned by the URI and should not be freed. + */ +CK_ATTRIBUTE_PTR +p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) +{ + return_val_if_fail (uri != NULL, NULL); + + if (uri->attrs == NULL) + return NULL; + + return p11_attrs_find (uri->attrs, attr_type); +} + +/** + * p11_kit_uri_set_attribute: + * @uri: The URI + * @attr: The attribute to set + * + * Set an attribute on the URI. + * + * Only attributes that map to parts in a PKCS\#11 URI will be accepted. + * + * Returns: %P11_KIT_URI_OK if the attribute was successfully set. + * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. + */ +int +p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr) +{ + return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); + + uri->attrs = p11_attrs_buildn (uri->attrs, attr, 1); + return_val_if_fail (uri->attrs != NULL, P11_KIT_URI_UNEXPECTED); + + return P11_KIT_URI_OK; +} + +/** + * p11_kit_uri_clear_attribute: + * @uri: The URI + * @attr_type: The type of the attribute to clear + * + * Clear an attribute on the URI. + * + * Only attributes that map to parts in a PKCS\#11 URI will be accepted. + * + * Returns: %P11_KIT_URI_OK if the attribute was successfully cleared. + * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. + */ +int +p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) +{ + return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); + + if (attr_type != CKA_CLASS && + attr_type != CKA_LABEL && + attr_type != CKA_ID) + return P11_KIT_URI_NOT_FOUND; + + if (uri->attrs) + p11_attrs_remove (uri->attrs, attr_type); + + return P11_KIT_URI_OK; +} + +/** + * p11_kit_uri_get_attribute_types: + * @uri: The URI + * @n_attrs: A location to store the number of attributes returned. + * + * Get the attributes present in this URI. The attributes and values are + * owned by the URI. If the URI is modified, then the attributes that were + * returned from this function will not remain consistent. + * + * Returns: The attributes for this URI. These are owned by the URI. + */ +CK_ATTRIBUTE_PTR +p11_kit_uri_get_attributes (P11KitUri *uri, CK_ULONG_PTR n_attrs) +{ + static const CK_ATTRIBUTE terminator = { CKA_INVALID, NULL, 0UL }; + + return_val_if_fail (uri != NULL, NULL); + + if (!uri->attrs) { + if (n_attrs) + *n_attrs = 0; + return (CK_ATTRIBUTE_PTR)&terminator; + } + + if (n_attrs) + *n_attrs = p11_attrs_count (uri->attrs); + return uri->attrs; +} + +int +p11_kit_uri_set_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs) +{ + CK_ULONG i; + int ret; + + return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); + + p11_kit_uri_clear_attributes (uri); + + for (i = 0; i < n_attrs; i++) { + ret = p11_kit_uri_set_attribute (uri, &attrs[i]); + if (ret != P11_KIT_URI_OK && ret != P11_KIT_URI_NOT_FOUND) + return ret; + } + + return P11_KIT_URI_OK; +} + +void +p11_kit_uri_clear_attributes (P11KitUri *uri) +{ + return_if_fail (uri != NULL); + + p11_attrs_free (uri->attrs); + uri->attrs = NULL; +} + +/** + * p11_kit_uri_match_attributes: + * @uri: The URI + * @attrs: The attributes to match + * @n_attrs: The number of attributes + * + * Match a attributes against the object parts of this URI. + * + * Only the attributes that are valid for use in a URI will be matched. A URI + * part that was not specified in the URI will match any attribute value. If + * during the URI parsing any unrecognized parts were encountered then this + * match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_attributes (const P11KitUri *uri, const CK_ATTRIBUTE *attrs, + CK_ULONG n_attrs) +{ + CK_ATTRIBUTE *attr; + CK_ULONG i; + + return_val_if_fail (uri != NULL, 0); + return_val_if_fail (attrs != NULL || n_attrs == 0, 0); + + if (uri->unrecognized) + return 0; + + for (i = 0; i < n_attrs; i++) { + if (attrs[i].type != CKA_CLASS && + attrs[i].type != CKA_LABEL && + attrs[i].type != CKA_ID) + continue; + attr = NULL; + if (uri->attrs) + attr = p11_attrs_find (uri->attrs, attrs[i].type); + if (!attr) + continue; + if (!p11_attr_equal (attr, attrs + i)) + return 0; + } + + return 1; +} + +/** + * p11_kit_uri_set_unrecognized: + * @uri: The URI + * @unrecognized: The new unregognized flag value + * + * Set the unrecognized flag on this URI. + * + * The unrecognized flag is automatically set to 1 when during parsing any part + * of the URI is unrecognized. If the unrecognized flag is set to 1, then + * matching against this URI will always fail. + */ +void +p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized) +{ + return_if_fail (uri != NULL); + uri->unrecognized = unrecognized ? true : false; +} + +/** + * p11_kit_uri_any_unrecognized: + * @uri: The URI + * + * Get the unrecognized flag for this URI. + * + * The unrecognized flag is automatically set to 1 when during parsing any part + * of the URI is unrecognized. If the unrecognized flag is set to 1, then + * matching against this URI will always fail. + * + * Returns: 1 if unrecognized flag is set, 0 otherwise. + */ +int +p11_kit_uri_any_unrecognized (P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, 1); + return uri->unrecognized; +} + +/** + * p11_kit_uri_get_pin_value: + * @uri: The URI + * + * Get the 'pin-value' part of the URI. This is used by some applications to + * read the PIN for logging into a PKCS\#11 token. + * + * Returns: The pin-value or %NULL if not present. + */ +const char* +p11_kit_uri_get_pin_value (const P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return uri->pin_value; +} + +/** + * p11_kit_uri_set_pin_value: + * @uri: The URI + * @pin: The new pin-value + * + * Set the 'pin-value' part of the URI. This is used by some applications to + * specify the PIN for logging into a PKCS\#11 token. + */ +void +p11_kit_uri_set_pin_value (P11KitUri *uri, const char *pin) +{ + return_if_fail (uri != NULL); + free (uri->pin_value); + uri->pin_value = pin ? strdup (pin) : NULL; +} + + +/** + * p11_kit_uri_get_pin_source: + * @uri: The URI + * + * Get the 'pin-source' part of the URI. This is used by some applications to + * lookup a PIN for logging into a PKCS\#11 token. + * + * Returns: The pin-source or %NULL if not present. + */ +const char* +p11_kit_uri_get_pin_source (const P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return uri->pin_source; +} + +/** + * p11_kit_uri_get_pinfile: + * @uri: The URI + * + * Deprecated: use p11_kit_uri_get_pin_source(). + */ +const char* +p11_kit_uri_get_pinfile (const P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return p11_kit_uri_get_pin_source (uri); +} + +/** + * p11_kit_uri_set_pin_source: + * @uri: The URI + * @pin_source: The new pin-source + * + * Set the 'pin-source' part of the URI. This is used by some applications to + * lookup a PIN for logging into a PKCS\#11 token. + */ +void +p11_kit_uri_set_pin_source (P11KitUri *uri, const char *pin_source) +{ + return_if_fail (uri != NULL); + free (uri->pin_source); + uri->pin_source = pin_source ? strdup (pin_source) : NULL; +} + +/** + * p11_kit_uri_set_pinfile: + * @uri: The URI + * @pinfile: The pinfile + * + * Deprecated: use p11_kit_uri_set_pin_source(). + */ +void +p11_kit_uri_set_pinfile (P11KitUri *uri, const char *pinfile) +{ + return_if_fail (uri != NULL); + p11_kit_uri_set_pin_source (uri, pinfile); +} + + +/** + * p11_kit_uri_get_module_name: + * @uri: The URI + * + * Get the 'module-name' part of the URI. This is used by some + * applications to explicitly specify the name of a PKCS\#11 module. + * + * Returns: The module-name or %NULL if not present. + */ +const char* +p11_kit_uri_get_module_name (const P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return uri->module_name; +} + +/** + * p11_kit_uri_set_module_name: + * @uri: The URI + * @name: The new module-name + * + * Set the 'module-name' part of the URI. This is used by some + * applications to explicitly specify the name of a PKCS\#11 module. + */ +void +p11_kit_uri_set_module_name (P11KitUri *uri, const char *name) +{ + return_if_fail (uri != NULL); + free (uri->module_name); + uri->module_name = name ? strdup (name) : NULL; +} + +/** + * p11_kit_uri_get_module_path: + * @uri: The URI + * + * Get the 'module-path' part of the URI. This is used by some + * applications to explicitly specify the path of a PKCS\#11 module. + * + * Returns: The module-path or %NULL if not present. + */ +const char* +p11_kit_uri_get_module_path (const P11KitUri *uri) +{ + return_val_if_fail (uri != NULL, NULL); + return uri->module_path; +} + +/** + * p11_kit_uri_set_module_path: + * @uri: The URI + * @path: The new module-path + * + * Set the 'module-path' part of the URI. This is used by some + * applications to explicitly specify the path of a PKCS\#11 module. + */ +void +p11_kit_uri_set_module_path (P11KitUri *uri, const char *path) +{ + return_if_fail (uri != NULL); + free (uri->module_path); + uri->module_path = path ? strdup (path) : NULL; +} + +/** + * p11_kit_uri_get_vendor_query: + * @uri: The URI + * @name: The name of vendor query + * + * Get the vendor query part of the URI, identified by @name. This is + * used by some applications to explicitly specify the path of a + * PKCS\#11 module. + * + * Returns: The value of vendor query or %NULL if not present. + */ +const char* +p11_kit_uri_get_vendor_query (const P11KitUri *uri, const char *name) +{ + size_t i; + + return_val_if_fail (uri != NULL, NULL); + + for (i = 0; i < uri->qattrs->num; i++) { + Attribute *attr = uri->qattrs->elem[i]; + if (strcmp (attr->name, name) == 0) + return attr->value; + } + return NULL; +} + +static void +free_attribute (Attribute *attr) +{ + free (attr->name); + free (attr->value); + free (attr); +} + +static bool +insert_attribute (p11_array *attrs, char *name, char *value) +{ + Attribute *attr; + size_t i; + + return_val_if_fail (attrs != NULL, false); + return_val_if_fail (name != NULL, false); + return_val_if_fail (value != NULL, false); + + for (i = 0; i < attrs->num; i++) { + attr = attrs->elem[i]; + if (strcmp (attr->name, (char *)name) > 0) + break; + } + + attr = calloc (1, sizeof (Attribute)); + return_val_if_fail (attr, false); + + attr->name = name; + attr->value = value; + + return p11_array_insert (attrs, i, attr); +} + +/** + * p11_kit_uri_set_vendor_query: + * @uri: The URI + * @name: The name of vendor query + * @value: (allow-none): The value of vendor query + * + * Set the vendor query part of the URI, identified by @name. This is + * used by some applications to explicitly specify the path of a + * PKCS\#11 module. + * + * Returns: 1 if the vendor query is set or removed, 0 if not. + */ +int +p11_kit_uri_set_vendor_query (P11KitUri *uri, const char *name, + const char *value) +{ + Attribute *attr; + size_t i; + + return_val_if_fail (uri != NULL, 0); + return_val_if_fail (name != NULL, 0); + + for (i = 0; i < uri->qattrs->num; i++) { + attr = uri->qattrs->elem[i]; + if (strcmp (attr->name, name) == 0) + break; + } + if (i == uri->qattrs->num) { + if (value == NULL) + return 0; + return insert_attribute (uri->qattrs, + strdup (name), strdup (value)); + } + if (value == NULL) + p11_array_remove (uri->qattrs, i); + else { + free (attr->value); + attr->value = strdup (value); + } + + return 1; +} + +/** + * p11_kit_uri_new: + * + * Create a new blank PKCS\#11 URI. + * + * The new URI is in the right state to parse a string into. All relevant fields + * are zeroed out. Formatting this URI will produce a valid but empty URI. + * + * Returns: A newly allocated URI. This should be freed with p11_kit_uri_free(). + */ +P11KitUri* +p11_kit_uri_new (void) +{ + P11KitUri *uri; + + uri = calloc (1, sizeof (P11KitUri)); + return_val_if_fail (uri != NULL, NULL); + + /* So that it matches anything */ + uri->module.libraryVersion.major = (CK_BYTE)-1; + uri->module.libraryVersion.minor = (CK_BYTE)-1; + uri->slot_id = (CK_SLOT_ID)-1; + uri->qattrs = p11_array_new ((p11_destroyer)free_attribute); + + return uri; +} + +enum uri_sep { + sep_path = '\0', + sep_pattr = ';', + sep_query = '?', + sep_qattr = '&', +}; + +static void +format_name_equals (p11_buffer *buffer, + enum uri_sep *sep, + const char *name) +{ + if (*sep) { + char c = *sep; + p11_buffer_add (buffer, &c, 1); + } + p11_buffer_add (buffer, name, -1); + p11_buffer_add (buffer, "=", 1); + + if (*sep == sep_path) + *sep = sep_pattr; + else if (*sep == sep_query) + *sep = sep_qattr; +} + +static bool +format_raw_string (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + const char *value) +{ + /* Not set */ + if (!value) + return true; + + format_name_equals (buffer, sep, name); + p11_buffer_add (buffer, value, -1); + + return p11_buffer_ok (buffer); +} + +static bool +format_encode_string (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + const unsigned char *value, + size_t n_value, + bool force) +{ + /* Not set */ + if (!value) + return true; + + format_name_equals (buffer, sep, name); + p11_url_encode (value, value + n_value, force ? "" : P11_URL_VERBATIM, buffer); + + return p11_buffer_ok (buffer); +} + + +static bool +format_struct_string (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + const unsigned char *value, + size_t value_max) +{ + size_t len; + + /* Not set */ + if (!value[0]) + return true; + + len = p11_kit_space_strlen (value, value_max); + return format_encode_string (buffer, sep, name, value, len, false); +} + +static bool +format_attribute_string (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + CK_ATTRIBUTE_PTR attr, + bool force) +{ + /* Not set */; + if (attr == NULL) + return true; + + return format_encode_string (buffer, sep, name, + attr->pValue, attr->ulValueLen, + force); +} + +static bool +format_attribute_class (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + CK_ATTRIBUTE_PTR attr) +{ + CK_OBJECT_CLASS klass; + const char *value; + + /* Not set */; + if (attr == NULL) + return true; + + klass = *((CK_OBJECT_CLASS*)attr->pValue); + switch (klass) { + case CKO_DATA: + value = "data"; + break; + case CKO_SECRET_KEY: + value = "secret-key"; + break; + case CKO_CERTIFICATE: + value = "cert"; + break; + case CKO_PUBLIC_KEY: + value = "public"; + break; + case CKO_PRIVATE_KEY: + value = "private"; + break; + default: + return true; + } + + return format_raw_string (buffer, sep, name, value); +} + +static bool +format_struct_version (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + CK_VERSION_PTR version) +{ + char buf[64]; + + /* Not set */ + if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1) + return true; + + snprintf (buf, sizeof (buf), "%d.%d", + (int)version->major, (int)version->minor); + return format_raw_string (buffer, sep, name, buf); +} + +static bool +format_ulong (p11_buffer *buffer, + enum uri_sep *sep, + const char *name, + CK_ULONG value) +{ + char buf[64]; + + /* Not set */ + if (value == (CK_ULONG)-1) + return true; + + snprintf (buf, sizeof (buf), "%lu", value); + return format_raw_string (buffer, sep, name, buf); +} + +/** + * p11_kit_uri_format: + * @uri: The URI. + * @uri_type: The type of URI that should be produced. + * @string: Location to store a newly allocated string. + * + * Format a PKCS\#11 URI into a string. + * + * Fields which are zeroed out will not be included in the resulting string. + * Attributes which are not present will also not be included. + * + * The uri_type of URI specified limits the different parts of the resulting + * URI. To format a URI containing all possible information use + * %P11_KIT_URI_FOR_ANY + * + * It's up to the caller to guarantee that the attributes set in @uri are + * those appropriate for inclusion in a URI, specifically: + * CKA_ID, CKA_LABEL + * and CKA_CLASS. The class must be one of + * CKO_DATA, CKO_SECRET_KEY, + * CKO_CERTIFICATE, CKO_PUBLIC_KEY, + * CKO_PRIVATE_KEY. + * + * The resulting string should be freed with free(). + * + * Returns: %P11_KIT_URI_OK if the URI was formatted successfully, + * %P11_KIT_URI_UNEXPECTED if the data in @uri is invalid for a URI. + */ +int +p11_kit_uri_format (P11KitUri *uri, P11KitUriType uri_type, char **string) +{ + p11_buffer buffer; + enum uri_sep sep = sep_path; + size_t i; + + return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED); + return_val_if_fail (string != NULL, P11_KIT_URI_UNEXPECTED); + + if (!p11_buffer_init_null (&buffer, 64)) + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + + p11_buffer_add (&buffer, P11_KIT_URI_SCHEME, P11_KIT_URI_SCHEME_LEN); + p11_buffer_add (&buffer, ":", 1); + + if ((uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) { + if (!format_struct_string (&buffer, &sep, "library-description", + uri->module.libraryDescription, + sizeof (uri->module.libraryDescription)) || + !format_struct_string (&buffer, &sep, "library-manufacturer", + uri->module.manufacturerID, + sizeof (uri->module.manufacturerID))) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if ((uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) { + if (!format_struct_version (&buffer, &sep, "library-version", + &uri->module.libraryVersion)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if ((uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) { + if (!format_struct_string (&buffer, &sep, "slot-description", + uri->slot.slotDescription, + sizeof (uri->slot.slotDescription)) || + !format_struct_string (&buffer, &sep, "slot-manufacturer", + uri->slot.manufacturerID, + sizeof (uri->slot.manufacturerID)) || + !format_ulong (&buffer, &sep, "slot-id", + uri->slot_id)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if ((uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) { + if (!format_struct_string (&buffer, &sep, "model", + uri->token.model, + sizeof (uri->token.model)) || + !format_struct_string (&buffer, &sep, "manufacturer", + uri->token.manufacturerID, + sizeof (uri->token.manufacturerID)) || + !format_struct_string (&buffer, &sep, "serial", + uri->token.serialNumber, + sizeof (uri->token.serialNumber)) || + !format_struct_string (&buffer, &sep, "token", + uri->token.label, + sizeof (uri->token.label))) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) { + if (!format_attribute_string (&buffer, &sep, "id", + p11_kit_uri_get_attribute (uri, CKA_ID), + true) || + !format_attribute_string (&buffer, &sep, "object", + p11_kit_uri_get_attribute (uri, CKA_LABEL), + false)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + + if (!format_attribute_class (&buffer, &sep, "type", + p11_kit_uri_get_attribute (uri, CKA_CLASS))) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + sep = sep_query; + + if (uri->pin_source) { + if (!format_encode_string (&buffer, &sep, "pin-source", + (const unsigned char*)uri->pin_source, + strlen (uri->pin_source), 0)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if (uri->pin_value) { + if (!format_encode_string (&buffer, &sep, "pin-value", + (const unsigned char*)uri->pin_value, + strlen (uri->pin_value), 0)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if (uri->module_name) { + if (!format_encode_string (&buffer, &sep, "module-name", + (const unsigned char*)uri->module_name, + strlen (uri->module_name), 0)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + if (uri->module_path) { + if (!format_encode_string (&buffer, &sep, "module-path", + (const unsigned char*)uri->module_path, + strlen (uri->module_path), 0)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + for (i = 0; i < uri->qattrs->num; i++) { + Attribute *attr = uri->qattrs->elem[i]; + if (!format_encode_string (&buffer, &sep, attr->name, + (const unsigned char *) attr->value, + strlen (attr->value), 0)) { + return_val_if_reached (P11_KIT_URI_UNEXPECTED); + } + } + + return_val_if_fail (p11_buffer_ok (&buffer), P11_KIT_URI_UNEXPECTED); + *string = p11_buffer_steal (&buffer, NULL); + return P11_KIT_URI_OK; +} + +static bool +str_range_equal (const char *input, const char *start, const char *end) +{ + return strlen (input) == end - start && + memcmp (input, start, end - start) == 0; +} + +static int +parse_string_attribute (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *value; + CK_ATTRIBUTE_TYPE type; + size_t length; + + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("id", name_start, name_end)) + type = CKA_ID; + else if (str_range_equal ("object", name_start, name_end)) + type = CKA_LABEL; + else + return 0; + + value = p11_url_decode (start, end, P11_URL_WHITESPACE, &length); + if (value == NULL) + return P11_KIT_URI_BAD_ENCODING; + + uri->attrs = p11_attrs_take (uri->attrs, type, value, length); + return 1; +} + +static int +parse_class_attribute (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + CK_OBJECT_CLASS klass = 0; + CK_ATTRIBUTE attr; + + assert (name_start <= name_end); + assert (start <= end); + + if (!str_range_equal ("objecttype", name_start, name_end) && + !str_range_equal ("object-type", name_start, name_end) && + !str_range_equal ("type", name_start, name_end)) + return 0; + + if (str_range_equal ("cert", start, end)) + klass = CKO_CERTIFICATE; + else if (str_range_equal ("public", start, end)) + klass = CKO_PUBLIC_KEY; + else if (str_range_equal ("private", start, end)) + klass = CKO_PRIVATE_KEY; + else if (str_range_equal ("secretkey", start, end)) + klass = CKO_SECRET_KEY; + else if (str_range_equal ("secret-key", start, end)) + klass = CKO_SECRET_KEY; + else if (str_range_equal ("data", start, end)) + klass = CKO_DATA; + else { + uri->unrecognized = true; + return 1; + } + + attr.pValue = &klass; + attr.ulValueLen = sizeof (klass); + attr.type = CKA_CLASS; + + uri->attrs = p11_attrs_build (uri->attrs, &attr, NULL); + return 1; +} + +static int +parse_struct_info (unsigned char *where, size_t length, const char *start, + const char *end, P11KitUri *uri) +{ + unsigned char *value; + size_t value_length; + + assert (start <= end); + + value = p11_url_decode (start, end, P11_URL_WHITESPACE, &value_length); + if (value == NULL) + return P11_KIT_URI_BAD_ENCODING; + + /* Too long, shouldn't match anything */ + if (value_length > length) { + free (value); + uri->unrecognized = true; + return 1; + } + + memset (where, ' ', length); + memcpy (where, value, value_length); + + free (value); + return 1; +} + +static int +parse_token_info (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *where; + size_t length; + + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("model", name_start, name_end)) { + where = uri->token.model; + length = sizeof (uri->token.model); + } else if (str_range_equal ("manufacturer", name_start, name_end)) { + where = uri->token.manufacturerID; + length = sizeof (uri->token.manufacturerID); + } else if (str_range_equal ("serial", name_start, name_end)) { + where = uri->token.serialNumber; + length = sizeof (uri->token.serialNumber); + } else if (str_range_equal ("token", name_start, name_end)) { + where = uri->token.label; + length = sizeof (uri->token.label); + } else { + return 0; + } + + return parse_struct_info (where, length, start, end, uri); +} + +static long +atoin (const char *start, const char *end) +{ + long ret = 0; + while (start != end) { + if (*start < '0' || *start > '9') + return -1; + ret *= 10; + ret += (*start - '0'); + ++start; + } + return ret; +} + +static int +parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version) +{ + const char *dot; + int val; + + assert (start <= end); + + dot = memchr (start, '.', end - start); + if (!dot) + dot = end; + + if (dot == start) + return P11_KIT_URI_BAD_VERSION; + val = atoin (start, dot); + if (val < 0 || val >= 255) + return P11_KIT_URI_BAD_VERSION; + version->major = (CK_BYTE)val; + version->minor = 0; + + if (dot != end) { + if (dot + 1 == end) + return P11_KIT_URI_BAD_VERSION; + val = atoin (dot + 1, end); + if (val < 0 || val >= 255) + return P11_KIT_URI_BAD_VERSION; + version->minor = (CK_BYTE)val; + } + + return 1; +} + +static int +parse_slot_info (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *where; + size_t length; + + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("slot-description", name_start, name_end)) { + where = uri->slot.slotDescription; + length = sizeof (uri->slot.slotDescription); + } else if (str_range_equal ("slot-manufacturer", name_start, name_end)) { + where = uri->slot.manufacturerID; + length = sizeof (uri->slot.manufacturerID); + } else { + return 0; + } + + return parse_struct_info (where, length, start, end, uri); +} + +static int +parse_slot_id (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("slot-id", name_start, name_end)) { + long val; + val = atoin (start, end); + if (val < 0) + return P11_KIT_URI_BAD_SYNTAX; + uri->slot_id = (CK_SLOT_ID)val; + return 1; + } + return 0; +} + +static int +parse_module_version_info (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("library-version", name_start, name_end)) + return parse_struct_version (start, end, + &uri->module.libraryVersion); + + return 0; +} + +static int +parse_module_info (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *where; + size_t length; + + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("library-description", name_start, name_end)) { + where = uri->module.libraryDescription; + length = sizeof (uri->module.libraryDescription); + } else if (str_range_equal ("library-manufacturer", name_start, name_end)) { + where = uri->module.manufacturerID; + length = sizeof (uri->module.manufacturerID); + } else { + return 0; + } + + return parse_struct_info (where, length, start, end, uri); +} + +static int +parse_pin_query (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *value; + + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("pinfile", name_start, name_end) || + str_range_equal ("pin-source", name_start, name_end)) { + value = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); + if (value == NULL) + return P11_KIT_URI_BAD_ENCODING; + free (uri->pin_source); + uri->pin_source = (char*)value; + return 1; + } else if (str_range_equal ("pin-value", name_start, name_end)) { + value = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); + if (value == NULL) + return P11_KIT_URI_BAD_ENCODING; + free (uri->pin_value); + uri->pin_value = (char*)value; + return 1; + } + + return 0; +} + +static int +parse_module_query (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *value; + + assert (name_start <= name_end); + assert (start <= end); + + if (str_range_equal ("module-name", name_start, name_end)) { + value = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); + if (value == NULL) + return P11_KIT_URI_BAD_ENCODING; + free (uri->module_name); + uri->module_name = (char*)value; + return 1; + } else if (str_range_equal ("module-path", name_start, name_end)) { + value = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); + if (value == NULL) + return P11_KIT_URI_BAD_ENCODING; + free (uri->module_path); + uri->module_path = (char*)value; + return 1; + } + + return 0; +} + +static int +parse_vendor_query (const char *name_start, const char *name_end, + const char *start, const char *end, + P11KitUri *uri) +{ + char *name; + unsigned char *value; + + assert (name_start <= name_end); + assert (start <= end); + + name = malloc (name_end - name_start + 1); + if (name == NULL) + return P11_KIT_URI_BAD_ENCODING; + memcpy (name, name_start, name_end - name_start); + name[name_end - name_start] = '\0'; + + /* Limit the characters in NAME, according to the specification. */ + if (strspn (name, "abcdefghijklmnopqrstuvwxyz0123456789-_") != + name_end - name_start) { + free (name); + return P11_KIT_URI_UNEXPECTED; + } + + value = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL); + if (value == NULL) { + free (name); + return P11_KIT_URI_BAD_ENCODING; + } + + if (!insert_attribute (uri->qattrs, name, (char *)value)) { + free (name); + free (value); + return P11_KIT_URI_UNEXPECTED; + } + + return 0; +} + +/** + * p11_kit_uri_parse: + * @string: The string to parse + * @uri_type: The type of URI that is expected + * @uri: The blank URI to parse the values into + * + * Parse a PKCS\#11 URI string. + * + * PKCS\#11 URIs can represent tokens, objects or modules. The uri_type argument + * allows the caller to specify what type of URI is expected and the sorts of + * things the URI should match. %P11_KIT_URI_FOR_ANY can be used to parse a URI + * for any context. It's then up to the caller to make sense of the way that + * it is used. + * + * If the PKCS\#11 URI contains unrecognized URI parts or parts not applicable + * to the specified context, then the unrecognized flag will be set. This will + * prevent the URI from matching using the various match functions. + * + * Returns: %P11_KIT_URI_OK if the URI was parsed successfully. + * %P11_KIT_URI_BAD_SCHEME if this was not a PKCS\#11 URI. + * %P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad. + * %P11_KIT_URI_BAD_VERSION if a version number was bad. + * %P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid. + */ +int +p11_kit_uri_parse (const char *string, P11KitUriType uri_type, + P11KitUri *uri) +{ + const char *spos, *epos; + int ret; + size_t length, i; + char *allocated = NULL; + + assert (string); + assert (uri); + + /* If STRING contains any whitespace, create a copy of the + * string and strip it out */ + length = strcspn (string, P11_URL_WHITESPACE); + if (strspn (string + length, P11_URL_WHITESPACE) > 0) { + allocated = strip_whitespace (string); + return_val_if_fail (allocated != NULL, P11_KIT_URI_UNEXPECTED); + string = allocated; + } + + epos = strchr (string, ':'); + if (epos == NULL) { + free (allocated); + return P11_KIT_URI_BAD_SCHEME; + } + if (epos - string != P11_KIT_URI_SCHEME_LEN) { + free (allocated); + return P11_KIT_URI_BAD_SCHEME; + } + for (i = 0; i < P11_KIT_URI_SCHEME_LEN; i++) + if (p11_ascii_tolower (string[i]) != P11_KIT_URI_SCHEME[i]) + break; + if (i != P11_KIT_URI_SCHEME_LEN) { + free (allocated); + return P11_KIT_URI_BAD_SCHEME; + } + + string = epos + 1; + + /* Clear everything out */ + memset (&uri->module, 0, sizeof (uri->module)); + memset (&uri->token, 0, sizeof (uri->token)); + p11_attrs_free (uri->attrs); + uri->attrs = NULL; + uri->module.libraryVersion.major = (CK_BYTE)-1; + uri->module.libraryVersion.minor = (CK_BYTE)-1; + uri->unrecognized = 0; + uri->slot_id = (CK_SLOT_ID)-1; + free (uri->pin_source); + uri->pin_source = NULL; + free (uri->pin_value); + uri->pin_value = NULL; + free (uri->module_name); + uri->module_name = NULL; + free (uri->module_path); + uri->module_path = NULL; + p11_array_clear (uri->qattrs); + + /* Parse the path. */ + for (;;) { + spos = string + strcspn (string, ";?"); + if (spos == string) + break; + + epos = strchr (string, '='); + if (epos == NULL || epos == string || epos >= spos) { + free (allocated); + return P11_KIT_URI_BAD_SYNTAX; + } + + ret = 0; + if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) + ret = parse_string_attribute (string, epos, epos + 1, spos, uri); + if (ret == 0 && (uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) + ret = parse_class_attribute (string, epos, epos + 1, spos, uri); + if (ret == 0 && (uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) + ret = parse_token_info (string, epos, epos + 1, spos, uri); + if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) + ret = parse_slot_info (string, epos, epos + 1, spos, uri); + if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) + ret = parse_slot_id (string, epos, epos + 1, spos, uri); + if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) + ret = parse_module_info (string, epos, epos + 1, spos, uri); + if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) + ret = parse_module_version_info (string, epos, epos + 1, spos, uri); + /* Accept 'pin-source' and 'pin-value' in path + * attributes for backward compatibility. */ + if (ret == 0) + ret = parse_pin_query (string, epos, epos + 1, spos, uri); + + if (ret < 0) { + free (allocated); + return ret; + } + if (ret == 0) + uri->unrecognized = true; + + string = spos; + if (*spos == '\0') + break; + if (*spos == '?') + break; + string++; + } + + /* Parse the query. */ + for (;;) { + if (*string == '\0') + break; + string++; + spos = strchr (string, '&'); + if (spos == NULL) { + spos = string + strlen (string); + assert (*spos == '\0'); + if (spos == string) + break; + } + + epos = strchr (string, '='); + if (epos == NULL || spos == string || epos == string || epos >= spos) { + free (allocated); + return P11_KIT_URI_BAD_SYNTAX; + } + + ret = parse_pin_query (string, epos, epos + 1, spos, uri); + if (ret == 0) + ret = parse_module_query (string, epos, epos + 1, spos, uri); + if (ret == 0) + ret = parse_vendor_query (string, epos, epos + 1, spos, uri); + if (ret < 0) { + free (allocated); + return ret; + } + + string = spos; + } + + free (allocated); + return P11_KIT_URI_OK; +} + +/** + * p11_kit_uri_free: + * @uri: The URI + * + * Free a PKCS\#11 URI. + */ +void +p11_kit_uri_free (P11KitUri *uri) +{ + if (!uri) + return; + + p11_attrs_free (uri->attrs); + free (uri->pin_source); + free (uri->pin_value); + free (uri->module_name); + free (uri->module_path); + p11_array_free (uri->qattrs); + free (uri); +} + +/** + * p11_kit_uri_message: + * @code: The error code + * + * Lookup a message for the uri error code. These codes are the P11_KIT_URI_XXX + * error codes that can be returned from p11_kit_uri_parse() or + * p11_kit_uri_format(). As a special case %NULL, will be returned for + * %P11_KIT_URI_OK. + * + * Returns: The message for the error code. This string is owned by the p11-kit + * library. + */ +const char* +p11_kit_uri_message (int code) +{ + switch (code) { + case P11_KIT_URI_OK: + return NULL; + case P11_KIT_URI_UNEXPECTED: + return "Unexpected or internal system error"; + case P11_KIT_URI_BAD_SCHEME: + return "URI scheme must be 'pkcs11:'"; + case P11_KIT_URI_BAD_ENCODING: + return "URI encoding invalid or corrupted"; + case P11_KIT_URI_BAD_SYNTAX: + return "URI syntax is invalid"; + case P11_KIT_URI_BAD_VERSION: + return "URI version component is invalid"; + case P11_KIT_URI_NOT_FOUND: + return "The URI component was not found"; + default: + p11_debug ("unknown error code: %d", code); + return "Unknown error"; + } +} diff --git a/p11-kit/uri.gnu.c b/p11-kit/uri.gnu.c new file mode 100644 index 0000000..c0c9f4d --- /dev/null +++ b/p11-kit/uri.gnu.c @@ -0,0 +1,239 @@ +/* DO NOT EDIT! GENERATED AUTOMATICALLY! */ + +#include +#include "p11-kit/p11-kit.h" +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_KIT_URI_H +#define P11_KIT_URI_H + +#include "p11-kit/pkcs11.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define P11_KIT_URI_SCHEME "pkcs11" +#define P11_KIT_URI_SCHEME_LEN 6 + +typedef enum { + P11_KIT_URI_OK = 0, + P11_KIT_URI_UNEXPECTED = -1, + P11_KIT_URI_BAD_SCHEME = -2, + P11_KIT_URI_BAD_ENCODING = -3, + P11_KIT_URI_BAD_SYNTAX = -4, + P11_KIT_URI_BAD_VERSION = -5, + P11_KIT_URI_NOT_FOUND = -6, +} P11KitUriResult; + +#define P11_KIT_URI_NO_MEMORY P11_KIT_URI_UNEXPECTED + +typedef enum { + P11_KIT_URI_FOR_OBJECT = (1 << 1), + P11_KIT_URI_FOR_TOKEN = (1 << 2), + P11_KIT_URI_FOR_SLOT = (1 << 5), + P11_KIT_URI_FOR_MODULE = (1 << 3), + + P11_KIT_URI_FOR_MODULE_WITH_VERSION = + (1 << 4) | P11_KIT_URI_FOR_MODULE, + + P11_KIT_URI_FOR_OBJECT_ON_TOKEN = + P11_KIT_URI_FOR_OBJECT | P11_KIT_URI_FOR_TOKEN, + + P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE = + P11_KIT_URI_FOR_OBJECT_ON_TOKEN | P11_KIT_URI_FOR_MODULE, + + P11_KIT_URI_FOR_ANY = 0x0000FFFF, +} P11KitUriType; + +/* + * If the caller is using the PKCS#11 GNU calling convention, then we cater + * to that here. + */ +#ifdef CRYPTOKI_GNU +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; +typedef ck_attribute_type_t CK_ATTRIBUTE_TYPE; +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; +typedef unsigned long int CK_ULONG; +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; +typedef ck_slot_id_t CK_SLOT_ID; +typedef P11KitUriType p11_kit_uri_type_t; +typedef P11KitUriResult p11_kit_uri_result_t; +#endif + +typedef struct p11_kit_uri P11KitUri; +typedef struct p11_kit_uri p11_kit_uri; + +CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri); + +int p11_kit_uri_match_module_info (const P11KitUri *uri, + const CK_INFO *info); + +CK_SLOT_INFO_PTR p11_kit_uri_get_slot_info (P11KitUri *uri); + +int p11_kit_uri_match_slot_info (const P11KitUri *uri, + const CK_SLOT_INFO *slot_info); + +CK_SLOT_ID p11_kit_uri_get_slot_id (P11KitUri *uri); +void p11_kit_uri_set_slot_id (P11KitUri *uri, + CK_SLOT_ID slot_id); + +CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri); + +int p11_kit_uri_match_token_info (const P11KitUri *uri, + const CK_TOKEN_INFO *token_info); + +CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri, + CK_ATTRIBUTE_TYPE attr_type); + +int p11_kit_uri_set_attribute (P11KitUri *uri, + CK_ATTRIBUTE_PTR attr); + +int p11_kit_uri_clear_attribute (P11KitUri *uri, + CK_ATTRIBUTE_TYPE attr_type); + +CK_ATTRIBUTE_PTR p11_kit_uri_get_attributes (P11KitUri *uri, + CK_ULONG *n_attrs); + +int p11_kit_uri_set_attributes (P11KitUri *uri, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs); + +void p11_kit_uri_clear_attributes (P11KitUri *uri); + +int p11_kit_uri_match_attributes (const P11KitUri *uri, + const CK_ATTRIBUTE *attrs, + CK_ULONG n_attrs); + +const char* p11_kit_uri_get_pin_value (const P11KitUri *uri); + +void p11_kit_uri_set_pin_value (P11KitUri *uri, + const char *pin); + +const char* p11_kit_uri_get_pin_source (const P11KitUri *uri); + +void p11_kit_uri_set_pin_source (P11KitUri *uri, + const char *pin_source); + +#ifndef P11_KIT_DISABLE_DEPRECATED + +const char* p11_kit_uri_get_pinfile (const P11KitUri *uri); + +void p11_kit_uri_set_pinfile (P11KitUri *uri, + const char *pinfile); + +#endif /* P11_KIT_DISABLE_DEPRECATED */ + +const char* p11_kit_uri_get_module_name (const P11KitUri *uri); + +void p11_kit_uri_set_module_name (P11KitUri *uri, + const char *name); + +const char* p11_kit_uri_get_module_path (const P11KitUri *uri); + +void p11_kit_uri_set_module_path (P11KitUri *uri, + const char *path); + +const char* p11_kit_uri_get_vendor_query (const P11KitUri *uri, + const char *name); +int p11_kit_uri_set_vendor_query (P11KitUri *uri, + const char *name, + const char *value); + +void p11_kit_uri_set_unrecognized (P11KitUri *uri, + int unrecognized); + +int p11_kit_uri_any_unrecognized (P11KitUri *uri); + +P11KitUri* p11_kit_uri_new (void); + +int p11_kit_uri_format (P11KitUri *uri, + P11KitUriType uri_type, + char **string); + +int p11_kit_uri_parse (const char *string, + P11KitUriType uri_type, + P11KitUri *uri); + +void p11_kit_uri_free (P11KitUri *uri); + +const char* p11_kit_uri_message (int code); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* P11_KIT_URI_H */ +void *p11_kit_uri_gnu_c_funcs[] = { + p11_kit_uri_get_module_info, + p11_kit_uri_match_module_info, + p11_kit_uri_get_slot_info, + p11_kit_uri_match_slot_info, + p11_kit_uri_get_slot_id, + p11_kit_uri_set_slot_id, + p11_kit_uri_get_token_info, + p11_kit_uri_match_token_info, + p11_kit_uri_get_attribute, + p11_kit_uri_set_attribute, + p11_kit_uri_clear_attribute, + p11_kit_uri_get_attributes, + p11_kit_uri_set_attributes, + p11_kit_uri_clear_attributes, + p11_kit_uri_match_attributes, + p11_kit_uri_get_pin_value, + p11_kit_uri_set_pin_value, + p11_kit_uri_get_pin_source, + p11_kit_uri_set_pin_source, + p11_kit_uri_get_pinfile, + p11_kit_uri_set_pinfile, + p11_kit_uri_get_module_name, + p11_kit_uri_set_module_name, + p11_kit_uri_get_module_path, + p11_kit_uri_set_module_path, + p11_kit_uri_get_vendor_query, + p11_kit_uri_set_vendor_query, + p11_kit_uri_set_unrecognized, + p11_kit_uri_any_unrecognized, + p11_kit_uri_new, + p11_kit_uri_format, + p11_kit_uri_parse, + p11_kit_uri_free, + p11_kit_uri_message, +}; diff --git a/p11-kit/uri.h b/p11-kit/uri.h new file mode 100644 index 0000000..d95bd00 --- /dev/null +++ b/p11-kit/uri.h @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_KIT_URI_H +#define P11_KIT_URI_H + +#include "p11-kit/pkcs11.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define P11_KIT_URI_SCHEME "pkcs11" +#define P11_KIT_URI_SCHEME_LEN 6 + +typedef enum { + P11_KIT_URI_OK = 0, + P11_KIT_URI_UNEXPECTED = -1, + P11_KIT_URI_BAD_SCHEME = -2, + P11_KIT_URI_BAD_ENCODING = -3, + P11_KIT_URI_BAD_SYNTAX = -4, + P11_KIT_URI_BAD_VERSION = -5, + P11_KIT_URI_NOT_FOUND = -6, +} P11KitUriResult; + +#define P11_KIT_URI_NO_MEMORY P11_KIT_URI_UNEXPECTED + +typedef enum { + P11_KIT_URI_FOR_OBJECT = (1 << 1), + P11_KIT_URI_FOR_TOKEN = (1 << 2), + P11_KIT_URI_FOR_SLOT = (1 << 5), + P11_KIT_URI_FOR_MODULE = (1 << 3), + + P11_KIT_URI_FOR_MODULE_WITH_VERSION = + (1 << 4) | P11_KIT_URI_FOR_MODULE, + + P11_KIT_URI_FOR_OBJECT_ON_TOKEN = + P11_KIT_URI_FOR_OBJECT | P11_KIT_URI_FOR_TOKEN, + + P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE = + P11_KIT_URI_FOR_OBJECT_ON_TOKEN | P11_KIT_URI_FOR_MODULE, + + P11_KIT_URI_FOR_ANY = 0x0000FFFF, +} P11KitUriType; + +/* + * If the caller is using the PKCS#11 GNU calling convention, then we cater + * to that here. + */ +#ifdef CRYPTOKI_GNU +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; +typedef ck_attribute_type_t CK_ATTRIBUTE_TYPE; +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; +typedef unsigned long int CK_ULONG; +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; +typedef ck_slot_id_t CK_SLOT_ID; +typedef P11KitUriType p11_kit_uri_type_t; +typedef P11KitUriResult p11_kit_uri_result_t; +#endif + +typedef struct p11_kit_uri P11KitUri; +typedef struct p11_kit_uri p11_kit_uri; + +CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri); + +int p11_kit_uri_match_module_info (const P11KitUri *uri, + const CK_INFO *info); + +CK_SLOT_INFO_PTR p11_kit_uri_get_slot_info (P11KitUri *uri); + +int p11_kit_uri_match_slot_info (const P11KitUri *uri, + const CK_SLOT_INFO *slot_info); + +CK_SLOT_ID p11_kit_uri_get_slot_id (P11KitUri *uri); +void p11_kit_uri_set_slot_id (P11KitUri *uri, + CK_SLOT_ID slot_id); + +CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri); + +int p11_kit_uri_match_token_info (const P11KitUri *uri, + const CK_TOKEN_INFO *token_info); + +CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri, + CK_ATTRIBUTE_TYPE attr_type); + +int p11_kit_uri_set_attribute (P11KitUri *uri, + CK_ATTRIBUTE_PTR attr); + +int p11_kit_uri_clear_attribute (P11KitUri *uri, + CK_ATTRIBUTE_TYPE attr_type); + +CK_ATTRIBUTE_PTR p11_kit_uri_get_attributes (P11KitUri *uri, + CK_ULONG *n_attrs); + +int p11_kit_uri_set_attributes (P11KitUri *uri, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs); + +void p11_kit_uri_clear_attributes (P11KitUri *uri); + +int p11_kit_uri_match_attributes (const P11KitUri *uri, + const CK_ATTRIBUTE *attrs, + CK_ULONG n_attrs); + +const char* p11_kit_uri_get_pin_value (const P11KitUri *uri); + +void p11_kit_uri_set_pin_value (P11KitUri *uri, + const char *pin); + +const char* p11_kit_uri_get_pin_source (const P11KitUri *uri); + +void p11_kit_uri_set_pin_source (P11KitUri *uri, + const char *pin_source); + +#ifndef P11_KIT_DISABLE_DEPRECATED + +const char* p11_kit_uri_get_pinfile (const P11KitUri *uri); + +void p11_kit_uri_set_pinfile (P11KitUri *uri, + const char *pinfile); + +#endif /* P11_KIT_DISABLE_DEPRECATED */ + +const char* p11_kit_uri_get_module_name (const P11KitUri *uri); + +void p11_kit_uri_set_module_name (P11KitUri *uri, + const char *name); + +const char* p11_kit_uri_get_module_path (const P11KitUri *uri); + +void p11_kit_uri_set_module_path (P11KitUri *uri, + const char *path); + +const char* p11_kit_uri_get_vendor_query (const P11KitUri *uri, + const char *name); +int p11_kit_uri_set_vendor_query (P11KitUri *uri, + const char *name, + const char *value); + +void p11_kit_uri_set_unrecognized (P11KitUri *uri, + int unrecognized); + +int p11_kit_uri_any_unrecognized (P11KitUri *uri); + +P11KitUri* p11_kit_uri_new (void); + +int p11_kit_uri_format (P11KitUri *uri, + P11KitUriType uri_type, + char **string); + +int p11_kit_uri_parse (const char *string, + P11KitUriType uri_type, + P11KitUri *uri); + +void p11_kit_uri_free (P11KitUri *uri); + +const char* p11_kit_uri_message (int code); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* P11_KIT_URI_H */ diff --git a/p11-kit/util.c b/p11-kit/util.c new file mode 100644 index 0000000..1e21f80 --- /dev/null +++ b/p11-kit/util.c @@ -0,0 +1,238 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * Copyright (c) 2012 Stef Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#define P11_DEBUG_FLAG P11_DEBUG_LIB +#include "debug.h" +#include "library.h" +#include "message.h" +#include "p11-kit.h" +#include "private.h" + +#include +#include +#include +#include +#include + +/** + * SECTION:p11-kit-future + * @title: Future + * @short_description: Future Unstable API + * + * API that is not yet stable enough to be enabled by default. In all likelihood + * this will be included in the next release. To use this API you must define a + * MACRO. See the p11-kit.h header for more details. + */ + +/** + * p11_kit_space_strlen: + * @string: Pointer to string block + * @max_length: Maximum length of string block + * + * In PKCS\#11 structures many strings are encoded in a strange way. The string + * is placed in a fixed length buffer and then padded with spaces. + * + * This function determines the actual length of the string. Since the string + * is not null-terminated you need to pass in the size of buffer as max_length. + * The string will never be longer than this buffer. + * + * + * CK_INFO info; + * size_t length; + * ... + * length = p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription)); + * + * + * Returns: The length of the space padded string. + */ +size_t +p11_kit_space_strlen (const unsigned char *string, size_t max_length) +{ + size_t i = max_length; + + assert (string); + + while (i > 0 && string[i - 1] == ' ') + --i; + return i; +} + +/** + * p11_kit_space_strdup: + * @string: Pointer to string block + * @max_length: Maximum length of string block + * + * In PKCS\#11 structures many strings are encoded in a strange way. The string + * is placed in a fixed length buffer and then padded with spaces. + * + * This function copies the space padded string into a normal null-terminated + * string. The result is owned by the caller. + * + * + * CK_INFO info; + * char *description; + * ... + * description = p11_kit_space_strdup (info->libraryDescription, sizeof (info->libraryDescription)); + * + * + * Returns: The newly allocated string, or %NULL if memory could not be allocated. + */ +char* +p11_kit_space_strdup (const unsigned char *string, size_t max_length) +{ + size_t length; + char *result; + + assert (string); + + length = p11_kit_space_strlen (string, max_length); + + result = malloc (length + 1); + if (!result) + return NULL; + + memcpy (result, string, length); + result[length] = 0; + return result; +} + +/** + * p11_kit_be_quiet: + * + * Once this function is called, the p11-kit library will no longer print + * failure or warning messages to stderr. + */ +void +p11_kit_be_quiet (void) +{ + p11_lock (); + p11_message_quiet (); + p11_debug_init (); + p11_unlock (); +} + +/** + * p11_kit_be_loud: + * + * Tell the p11-kit library will print failure or warning messages to stderr. + * This is the default behavior, but can be changed using p11_kit_be_quiet(). + */ +void +p11_kit_be_loud (void) +{ + p11_lock (); + p11_message_loud (); + p11_debug_init (); + p11_unlock (); +} + +/** + * p11_kit_message: + * + * Gets the failure message for a recently called p11-kit function, which + * returned a failure code on this thread. Not all functions set this message. + * Each function that does so, will note it in its documentation. + * + * If the most recent p11-kit function did not fail, then this will return NULL. + * The string is owned by the p11-kit library and is only valid on the same + * thread that the failed function executed on. + * + * Returns: The last failure message, or %NULL. + */ +const char* +p11_kit_message (void) +{ + return p11_message_last (); +} + +void +_p11_kit_default_message (CK_RV rv) +{ + const char *msg; + + if (rv != CKR_OK) { + msg = p11_kit_strerror (rv); + p11_message_store (msg, strlen (msg)); + } +} + +/* This is the progname that we think of this process as. */ +char p11_my_progname[256] = { 0, }; + +/** + * p11_kit_set_progname: + * @progname: the program base name + * + * Set the program base name that is used by the enable-in + * and disable-in module configuration options. + * + * Normally this is automatically calculated from the program's argument list. + * You would usually call this before initializing p11-kit modules. + */ +void +p11_kit_set_progname (const char *progname) +{ + p11_library_init_once (); + + p11_lock (); + _p11_set_progname_unlocked (progname); + p11_unlock (); +} + +void +_p11_set_progname_unlocked (const char *progname) +{ + /* We can be called with NULL */ + if (progname == NULL) + progname = ""; + + strncpy (p11_my_progname, progname, sizeof (p11_my_progname)); + p11_my_progname[sizeof (p11_my_progname) - 1] = 0; +} + +const char * +_p11_get_progname_unlocked (void) +{ + if (p11_my_progname[0] == '\0') + _p11_set_progname_unlocked (getprogname ()); + if (p11_my_progname[0] == '\0') + return NULL; + return p11_my_progname; +} diff --git a/p11-kit/virtual-fixed.h b/p11-kit/virtual-fixed.h new file mode 100644 index 0000000..bd74d8e --- /dev/null +++ b/p11-kit/virtual-fixed.h @@ -0,0 +1,1138 @@ +/* + * Copyright (c) 2016 Red Hat, Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#ifndef __P11_VIRTUAL_FIXED_H__ +#define __P11_VIRTUAL_FIXED_H__ + +#define P11_VIRTUAL_FIXED_FUNCTIONS(fixed_index) \ +static CK_RV \ +fixed ## fixed_index ## _C_Initialize (CK_VOID_PTR init_args) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Initialize (funcs, init_args); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Finalize (CK_VOID_PTR reserved) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Finalize (funcs, reserved); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetInfo (CK_INFO_PTR info) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetInfo (funcs, info); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetSlotList (CK_BBOOL token_present, \ + CK_SLOT_ID_PTR slot_list, \ + CK_ULONG_PTR count) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetSlotList (funcs, token_present, slot_list, count); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetSlotInfo (CK_SLOT_ID slot_id, \ + CK_SLOT_INFO_PTR info) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetSlotInfo (funcs, slot_id, info); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetTokenInfo (CK_SLOT_ID slot_id, \ + CK_TOKEN_INFO_PTR info) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetTokenInfo (funcs, slot_id, info); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetMechanismList (CK_SLOT_ID slot_id, \ + CK_MECHANISM_TYPE_PTR mechanism_list, \ + CK_ULONG_PTR count) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetMechanismList (funcs, slot_id, mechanism_list, count); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetMechanismInfo (CK_SLOT_ID slot_id, \ + CK_MECHANISM_TYPE type, \ + CK_MECHANISM_INFO_PTR info) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetMechanismInfo (funcs, slot_id, type, info); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_InitToken (CK_SLOT_ID slot_id, \ + CK_BYTE_PTR pin, \ + CK_ULONG pin_len, \ + CK_BYTE_PTR label) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_InitToken (funcs, slot_id, pin, pin_len, label); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_InitPIN (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR pin, \ + CK_ULONG pin_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_InitPIN (funcs, session, pin, pin_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SetPIN (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR old_pin, \ + CK_ULONG old_len, \ + CK_BYTE_PTR new_pin, \ + CK_ULONG new_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SetPIN (funcs, session, old_pin, old_len, new_pin, new_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_OpenSession (CK_SLOT_ID slot_id, \ + CK_FLAGS flags, \ + CK_VOID_PTR application, \ + CK_NOTIFY notify, \ + CK_SESSION_HANDLE_PTR session) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_OpenSession (funcs, slot_id, flags, application, notify, session); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_CloseSession (CK_SESSION_HANDLE session) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_CloseSession (funcs, session); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_CloseAllSessions (CK_SLOT_ID slot_id) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_CloseAllSessions (funcs, slot_id); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetSessionInfo (CK_SESSION_HANDLE session, \ + CK_SESSION_INFO_PTR info) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetSessionInfo (funcs, session, info); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetOperationState (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR operation_state, \ + CK_ULONG_PTR operation_state_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetOperationState (funcs, session, operation_state, operation_state_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SetOperationState (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR operation_state, \ + CK_ULONG operation_state_len, \ + CK_OBJECT_HANDLE encryption_key, \ + CK_OBJECT_HANDLE authentiation_key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SetOperationState (funcs, session, operation_state, operation_state_len, encryption_key, authentiation_key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Login (CK_SESSION_HANDLE session, \ + CK_USER_TYPE user_type, \ + CK_BYTE_PTR pin, \ + CK_ULONG pin_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Login (funcs, session, user_type, pin, pin_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Logout (CK_SESSION_HANDLE session) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Logout (funcs, session); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_CreateObject (CK_SESSION_HANDLE session, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG count, \ + CK_OBJECT_HANDLE_PTR object) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_CreateObject (funcs, session, templ, count, object); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_CopyObject (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE object, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG count, \ + CK_OBJECT_HANDLE_PTR new_object) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_CopyObject (funcs, session, object, templ, count, new_object); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DestroyObject (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE object) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DestroyObject (funcs, session, object); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetObjectSize (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE object, \ + CK_ULONG_PTR size) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetObjectSize (funcs, session, object, size); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetAttributeValue (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE object, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG count) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GetAttributeValue (funcs, session, object, templ, count); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SetAttributeValue (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE object, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG count) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SetAttributeValue (funcs, session, object, templ, count); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_FindObjectsInit (CK_SESSION_HANDLE session, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG count) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_FindObjectsInit (funcs, session, templ, count); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_FindObjects (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE_PTR object, \ + CK_ULONG max_object_count, \ + CK_ULONG_PTR object_count) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_FindObjects (funcs, session, object, max_object_count, object_count); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_FindObjectsFinal (CK_SESSION_HANDLE session) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_FindObjectsFinal (funcs, session); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_EncryptInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_EncryptInit (funcs, session, mechanism, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Encrypt (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR data, \ + CK_ULONG data_len, \ + CK_BYTE_PTR encrypted_data, \ + CK_ULONG_PTR encrypted_data_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Encrypt (funcs, session, data, data_len, encrypted_data, encrypted_data_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_EncryptUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR part, \ + CK_ULONG part_len, \ + CK_BYTE_PTR encrypted_part, \ + CK_ULONG_PTR encrypted_part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_EncryptUpdate (funcs, session, part, part_len, encrypted_part, encrypted_part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_EncryptFinal (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR last_encrypted_part, \ + CK_ULONG_PTR last_encrypted_part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_EncryptFinal (funcs, session, last_encrypted_part, last_encrypted_part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DecryptInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DecryptInit (funcs, session, mechanism, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Decrypt (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR encrypted_data, \ + CK_ULONG encrypted_data_len, \ + CK_BYTE_PTR data, \ + CK_ULONG_PTR data_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Decrypt (funcs, session, encrypted_data, encrypted_data_len, data, data_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DecryptUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR encrypted_part, \ + CK_ULONG encrypted_part_len, \ + CK_BYTE_PTR part, \ + CK_ULONG_PTR part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DecryptUpdate (funcs, session, encrypted_part, encrypted_part_len, part, part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DecryptFinal (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR last_part, \ + CK_ULONG_PTR last_part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DecryptFinal (funcs, session, last_part, last_part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DigestInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DigestInit (funcs, session, mechanism); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Digest (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR data, \ + CK_ULONG data_len, \ + CK_BYTE_PTR digest, \ + CK_ULONG_PTR digest_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Digest (funcs, session, data, data_len, digest, digest_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DigestUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR part, \ + CK_ULONG part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DigestUpdate (funcs, session, part, part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DigestKey (CK_SESSION_HANDLE session, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DigestKey (funcs, session, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DigestFinal (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR digest, \ + CK_ULONG_PTR digest_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DigestFinal (funcs, session, digest, digest_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SignInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SignInit (funcs, session, mechanism, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Sign (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR data, \ + CK_ULONG data_len, \ + CK_BYTE_PTR signature, \ + CK_ULONG_PTR signature_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Sign (funcs, session, data, data_len, signature, signature_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SignUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR part, \ + CK_ULONG part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SignUpdate (funcs, session, part, part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SignFinal (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR signature, \ + CK_ULONG_PTR signature_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SignFinal (funcs, session, signature, signature_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SignRecoverInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SignRecoverInit (funcs, session, mechanism, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SignRecover (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR data, \ + CK_ULONG data_len, \ + CK_BYTE_PTR signature, \ + CK_ULONG_PTR signature_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SignRecover (funcs, session, data, data_len, signature, signature_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_VerifyInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_VerifyInit (funcs, session, mechanism, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_Verify (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR data, \ + CK_ULONG data_len, \ + CK_BYTE_PTR signature, \ + CK_ULONG signature_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_Verify (funcs, session, data, data_len, signature, signature_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_VerifyUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR part, \ + CK_ULONG part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_VerifyUpdate (funcs, session, part, part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_VerifyFinal (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR signature, \ + CK_ULONG signature_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_VerifyFinal (funcs, session, signature, signature_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_VerifyRecoverInit (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_VerifyRecoverInit (funcs, session, mechanism, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_VerifyRecover (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR signature, \ + CK_ULONG signature_len, \ + CK_BYTE_PTR data, \ + CK_ULONG_PTR data_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_VerifyRecover (funcs, session, signature, signature_len, data, data_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DigestEncryptUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR part, \ + CK_ULONG part_len, \ + CK_BYTE_PTR encrypted_part, \ + CK_ULONG_PTR encrypted_part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DigestEncryptUpdate (funcs, session, part, part_len, encrypted_part, encrypted_part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DecryptDigestUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR encrypted_part, \ + CK_ULONG encrypted_part_len, \ + CK_BYTE_PTR part, \ + CK_ULONG_PTR part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DecryptDigestUpdate (funcs, session, encrypted_part, encrypted_part_len, part, part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SignEncryptUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR part, \ + CK_ULONG part_len, \ + CK_BYTE_PTR encrypted_part, \ + CK_ULONG_PTR encrypted_part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SignEncryptUpdate (funcs, session, part, part_len, encrypted_part, encrypted_part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR encrypted_part, \ + CK_ULONG encrypted_part_len, \ + CK_BYTE_PTR part, \ + CK_ULONG_PTR part_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DecryptVerifyUpdate (funcs, session, encrypted_part, encrypted_part_len, part, part_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GenerateKey (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG count, \ + CK_OBJECT_HANDLE_PTR key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GenerateKey (funcs, session, mechanism, templ, count, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GenerateKeyPair (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_ATTRIBUTE_PTR public_key_template, \ + CK_ULONG public_key_attribute_count, \ + CK_ATTRIBUTE_PTR private_key_template, \ + CK_ULONG private_key_attribute_count, \ + CK_OBJECT_HANDLE_PTR public_key, \ + CK_OBJECT_HANDLE_PTR private_key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GenerateKeyPair (funcs, session, mechanism, public_key_template, public_key_attribute_count, private_key_template, private_key_attribute_count, public_key, private_key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_WrapKey (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE wrapping_key, \ + CK_OBJECT_HANDLE key, \ + CK_BYTE_PTR wrapped_key, \ + CK_ULONG_PTR wrapped_key_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_WrapKey (funcs, session, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_UnwrapKey (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE unwrapping_key, \ + CK_BYTE_PTR wrapped_key, \ + CK_ULONG wrapped_key_len, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG attribute_count, \ + CK_OBJECT_HANDLE_PTR key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_UnwrapKey (funcs, session, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, templ, attribute_count, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_DeriveKey (CK_SESSION_HANDLE session, \ + CK_MECHANISM_PTR mechanism, \ + CK_OBJECT_HANDLE base_key, \ + CK_ATTRIBUTE_PTR templ, \ + CK_ULONG attribute_count, \ + CK_OBJECT_HANDLE_PTR key) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_DeriveKey (funcs, session, mechanism, base_key, templ, attribute_count, key); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_SeedRandom (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR seed, \ + CK_ULONG seed_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_SeedRandom (funcs, session, seed, seed_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GenerateRandom (CK_SESSION_HANDLE session, \ + CK_BYTE_PTR random_data, \ + CK_ULONG random_len) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_GenerateRandom (funcs, session, random_data, random_len); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_WaitForSlotEvent (CK_FLAGS flags, \ + CK_SLOT_ID_PTR slot, \ + CK_VOID_PTR reserved) \ +{ \ + CK_FUNCTION_LIST *bound; \ + Wrapper *wrapper; \ + CK_X_FUNCTION_LIST *funcs; \ + bound = fixed_closures[fixed_index]; \ + return_val_if_fail (bound != NULL, CKR_GENERAL_ERROR); \ + wrapper = (Wrapper *) bound; \ + funcs = &wrapper->virt->funcs; \ + return funcs->C_WaitForSlotEvent (funcs, flags, slot, reserved); \ +} \ +\ +static CK_RV \ +fixed ## fixed_index ## _C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list); + +#define P11_VIRTUAL_FIXED_GET_FUNCTION_LIST(fixed_index) \ +static CK_RV \ +fixed ## fixed_index ## _C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) \ +{ \ + if (!list) \ + return CKR_ARGUMENTS_BAD; \ + *list = fixed_closures[fixed_index]; \ + return CKR_OK; \ +} + +#define P11_VIRTUAL_FIXED_INITIALIZER(fixed_index) \ +{ \ + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ \ + fixed ## fixed_index ## _C_Initialize, \ + fixed ## fixed_index ## _C_Finalize, \ + fixed ## fixed_index ## _C_GetInfo, \ + fixed ## fixed_index ## _C_GetFunctionList, \ + fixed ## fixed_index ## _C_GetSlotList, \ + fixed ## fixed_index ## _C_GetSlotInfo, \ + fixed ## fixed_index ## _C_GetTokenInfo, \ + fixed ## fixed_index ## _C_GetMechanismList, \ + fixed ## fixed_index ## _C_GetMechanismInfo, \ + fixed ## fixed_index ## _C_InitToken, \ + fixed ## fixed_index ## _C_InitPIN, \ + fixed ## fixed_index ## _C_SetPIN, \ + fixed ## fixed_index ## _C_OpenSession, \ + fixed ## fixed_index ## _C_CloseSession, \ + fixed ## fixed_index ## _C_CloseAllSessions, \ + fixed ## fixed_index ## _C_GetSessionInfo, \ + fixed ## fixed_index ## _C_GetOperationState, \ + fixed ## fixed_index ## _C_SetOperationState, \ + fixed ## fixed_index ## _C_Login, \ + fixed ## fixed_index ## _C_Logout, \ + fixed ## fixed_index ## _C_CreateObject, \ + fixed ## fixed_index ## _C_CopyObject, \ + fixed ## fixed_index ## _C_DestroyObject, \ + fixed ## fixed_index ## _C_GetObjectSize, \ + fixed ## fixed_index ## _C_GetAttributeValue, \ + fixed ## fixed_index ## _C_SetAttributeValue, \ + fixed ## fixed_index ## _C_FindObjectsInit, \ + fixed ## fixed_index ## _C_FindObjects, \ + fixed ## fixed_index ## _C_FindObjectsFinal, \ + fixed ## fixed_index ## _C_EncryptInit, \ + fixed ## fixed_index ## _C_Encrypt, \ + fixed ## fixed_index ## _C_EncryptUpdate, \ + fixed ## fixed_index ## _C_EncryptFinal, \ + fixed ## fixed_index ## _C_DecryptInit, \ + fixed ## fixed_index ## _C_Decrypt, \ + fixed ## fixed_index ## _C_DecryptUpdate, \ + fixed ## fixed_index ## _C_DecryptFinal, \ + fixed ## fixed_index ## _C_DigestInit, \ + fixed ## fixed_index ## _C_Digest, \ + fixed ## fixed_index ## _C_DigestUpdate, \ + fixed ## fixed_index ## _C_DigestKey, \ + fixed ## fixed_index ## _C_DigestFinal, \ + fixed ## fixed_index ## _C_SignInit, \ + fixed ## fixed_index ## _C_Sign, \ + fixed ## fixed_index ## _C_SignUpdate, \ + fixed ## fixed_index ## _C_SignFinal, \ + fixed ## fixed_index ## _C_SignRecoverInit, \ + fixed ## fixed_index ## _C_SignRecover, \ + fixed ## fixed_index ## _C_VerifyInit, \ + fixed ## fixed_index ## _C_Verify, \ + fixed ## fixed_index ## _C_VerifyUpdate, \ + fixed ## fixed_index ## _C_VerifyFinal, \ + fixed ## fixed_index ## _C_VerifyRecoverInit, \ + fixed ## fixed_index ## _C_VerifyRecover, \ + fixed ## fixed_index ## _C_DigestEncryptUpdate, \ + fixed ## fixed_index ## _C_DecryptDigestUpdate, \ + fixed ## fixed_index ## _C_SignEncryptUpdate, \ + fixed ## fixed_index ## _C_DecryptVerifyUpdate, \ + fixed ## fixed_index ## _C_GenerateKey, \ + fixed ## fixed_index ## _C_GenerateKeyPair, \ + fixed ## fixed_index ## _C_WrapKey, \ + fixed ## fixed_index ## _C_UnwrapKey, \ + fixed ## fixed_index ## _C_DeriveKey, \ + fixed ## fixed_index ## _C_SeedRandom, \ + fixed ## fixed_index ## _C_GenerateRandom, \ + short_C_GetFunctionStatus, \ + short_C_CancelFunction, \ + fixed ## fixed_index ## _C_WaitForSlotEvent \ +} + +#endif /* __P11_VIRTUAL_FIXED_H__ */ diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c new file mode 100644 index 0000000..a7bca48 --- /dev/null +++ b/p11-kit/virtual.c @@ -0,0 +1,3161 @@ +/* + * Copyright (C) 2008 Stefan Walter + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#define P11_DEBUG_FLAG P11_DEBUG_LIB +#include "debug.h" +#include "library.h" +#include "virtual.h" +#include "virtual-fixed.h" + +#include +#include +#include +#include + +#if defined(WITH_FFI) && WITH_FFI + +/* + * We use libffi to build closures. Note that even with libffi certain + * platforms do not support using ffi_closure. In this case FFI_CLOSURES will + * not be defined. This is checked in configure.ac + */ + +/* + * Since libffi uses shared memory to store that, releasing it + * will cause issues on any other child or parent process that relies + * on that. Don't release it. + */ +#define LIBFFI_FREE_CLOSURES 0 + +#include "ffi.h" +#endif + +/* There are 66 functions in PKCS#11, with a maximum of 8 args */ +#define MAX_FUNCTIONS 66 +#define MAX_ARGS 10 + +typedef struct { + /* This is first so we can cast between CK_FUNCTION_LIST* and Context* */ + CK_FUNCTION_LIST bound; + + /* The PKCS#11 functions to call into */ + p11_virtual *virt; + p11_destroyer destroyer; + +#if defined(FFI_CLOSURES) && FFI_CLOSURES + /* A list of our libffi built closures, for cleanup later */ + ffi_closure *ffi_closures[MAX_FUNCTIONS]; + ffi_cif ffi_cifs[MAX_FUNCTIONS]; + int ffi_used; +#endif /* FFI_CLOSURES */ + + /* The index in fixed_closures, or -1 when libffi closures are used */ + int fixed_index; +} Wrapper; + +static CK_FUNCTION_LIST *fixed_closures[P11_VIRTUAL_MAX_FIXED]; + +static Wrapper *create_fixed_wrapper (p11_virtual *virt, + size_t index, + p11_destroyer destroyer); +static CK_FUNCTION_LIST * + p11_virtual_wrap_fixed (p11_virtual *virt, + p11_destroyer destroyer); +static void + p11_virtual_unwrap_fixed + (CK_FUNCTION_LIST_PTR module); + +static CK_RV +short_C_GetFunctionStatus (CK_SESSION_HANDLE handle) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +static CK_RV +short_C_CancelFunction (CK_SESSION_HANDLE handle) +{ + return CKR_FUNCTION_NOT_PARALLEL; +} + +#if defined(FFI_CLOSURES) && FFI_CLOSURES + +static void +binding_C_GetFunctionList (ffi_cif *cif, + CK_RV *ret, + void* args[], + Wrapper *wrapper) +{ + CK_FUNCTION_LIST_PTR_PTR list = *(CK_FUNCTION_LIST_PTR_PTR *)args[0]; + + if (list == NULL) { + *ret = CKR_ARGUMENTS_BAD; + } else { + *list = &wrapper->bound; + *ret = CKR_OK; + } +} + +static void +binding_C_Initialize (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Initialize (funcs, + *(CK_VOID_PTR *)args[0]); +} + +static void +binding_C_Finalize (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Finalize (funcs, + *(CK_VOID_PTR *)args[0]); +} + +static void +binding_C_GetInfo (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetInfo (funcs, + *(CK_INFO_PTR *)args[0]); +} + +static void +binding_C_GetSlotList (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetSlotList (funcs, + *(CK_BBOOL *)args[0], + *(CK_SLOT_ID_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_GetSlotInfo (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetSlotInfo (funcs, + *(CK_SLOT_ID *)args[0], + *(CK_SLOT_INFO_PTR *)args[1]); +} + +static void +binding_C_GetTokenInfo (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetTokenInfo (funcs, + *(CK_SLOT_ID *)args[0], + *(CK_TOKEN_INFO_PTR *)args[1]); +} + +static void +binding_C_WaitForSlotEvent (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_WaitForSlotEvent (funcs, + *(CK_FLAGS *)args[0], + *(CK_SLOT_ID_PTR *)args[1], + *(CK_VOID_PTR *)args[2]); +} + +static void +binding_C_GetMechanismList (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetMechanismList (funcs, + *(CK_SLOT_ID *)args[0], + *(CK_MECHANISM_TYPE_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_GetMechanismInfo (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetMechanismInfo (funcs, + *(CK_SLOT_ID *)args[0], + *(CK_MECHANISM_TYPE *)args[1], + *(CK_MECHANISM_INFO_PTR *)args[2]); +} + +static void +binding_C_InitToken (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_InitToken (funcs, + *(CK_SLOT_ID *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3]); +} + +static void +binding_C_InitPIN (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_InitPIN (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_SetPIN (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SetPIN (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG *)args[4]); +} + +static void +binding_C_OpenSession (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_OpenSession (funcs, + *(CK_SLOT_ID *)args[0], + *(CK_FLAGS *)args[1], + *(CK_VOID_PTR *)args[2], + *(CK_NOTIFY *)args[3], + *(CK_SESSION_HANDLE_PTR *)args[4]); +} + +static void +binding_C_CloseSession (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_CloseSession (funcs, + *(CK_SESSION_HANDLE *)args[0]); +} + +static void +binding_C_CloseAllSessions (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_CloseAllSessions (funcs, + *(CK_SLOT_ID *)args[0]); +} + +static void +binding_C_GetSessionInfo (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetSessionInfo (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_SESSION_INFO_PTR *)args[1]); +} + +static void +binding_C_GetOperationState (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetOperationState (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_SetOperationState (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SetOperationState (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_OBJECT_HANDLE *)args[3], + *(CK_OBJECT_HANDLE *)args[4]); +} + +static void +binding_C_Login (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Login (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_USER_TYPE *)args[1], + *(CK_BYTE_PTR *)args[2], + *(CK_ULONG *)args[3]); +} + +static void +binding_C_Logout (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Logout (funcs, + *(CK_SESSION_HANDLE *)args[0]); +} + +static void +binding_C_CreateObject (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_CreateObject (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_ATTRIBUTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_OBJECT_HANDLE_PTR *)args[3]); +} + +static void +binding_C_CopyObject (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_CopyObject (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE *)args[1], + *(CK_ATTRIBUTE_PTR *)args[2], + *(CK_ULONG *)args[3], + *(CK_OBJECT_HANDLE_PTR *)args[4]); +} + +static void +binding_C_DestroyObject (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DestroyObject (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE *)args[1]); +} + +static void +binding_C_GetObjectSize (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetObjectSize (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_GetAttributeValue (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GetAttributeValue (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE *)args[1], + *(CK_ATTRIBUTE_PTR *)args[2], + *(CK_ULONG *)args[3]); +} + +static void +binding_C_SetAttributeValue (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SetAttributeValue (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE *)args[1], + *(CK_ATTRIBUTE_PTR *)args[2], + *(CK_ULONG *)args[3]); +} + +static void +binding_C_FindObjectsInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_FindObjectsInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_ATTRIBUTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_FindObjects (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_FindObjects (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_ULONG_PTR *)args[3]); +} + +static void +binding_C_FindObjectsFinal (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_FindObjectsFinal (funcs, + *(CK_SESSION_HANDLE *)args[0]); +} + +static void +binding_C_EncryptInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_EncryptInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2]); +} + +static void +binding_C_Encrypt (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Encrypt (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_EncryptUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_EncryptUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_EncryptFinal (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_EncryptFinal (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_DecryptInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DecryptInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2]); +} + +static void +binding_C_Decrypt (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Decrypt (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_DecryptUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DecryptUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_DecryptFinal (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DecryptFinal (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_DigestInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DigestInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1]); +} + +static void +binding_C_Digest (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Digest (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_DigestUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DigestUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_DigestKey (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DigestKey (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_OBJECT_HANDLE *)args[1]); +} + +static void +binding_C_DigestFinal (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DigestFinal (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_SignInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SignInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2]); +} + +static void +binding_C_Sign (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Sign (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_SignUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SignUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_SignFinal (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SignFinal (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG_PTR *)args[2]); +} + +static void +binding_C_SignRecoverInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SignRecoverInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2]); +} + +static void +binding_C_SignRecover (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SignRecover (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_VerifyInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_VerifyInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2]); +} + +static void +binding_C_Verify (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_Verify (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG *)args[4]); +} + +static void +binding_C_VerifyUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_VerifyUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_VerifyFinal (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_VerifyFinal (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_VerifyRecoverInit (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_VerifyRecoverInit (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2]); +} + +static void +binding_C_VerifyRecover (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_VerifyRecover (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_DigestEncryptUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DigestEncryptUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_DecryptDigestUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DecryptDigestUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_SignEncryptUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SignEncryptUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_DecryptVerifyUpdate (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DecryptVerifyUpdate (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG_PTR *)args[4]); +} + +static void +binding_C_GenerateKey (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GenerateKey (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_ATTRIBUTE_PTR *)args[2], + *(CK_ULONG *)args[3], + *(CK_OBJECT_HANDLE_PTR *)args[4]); +} + +static void +binding_C_GenerateKeyPair (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GenerateKeyPair (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_ATTRIBUTE_PTR *)args[2], + *(CK_ULONG *)args[3], + *(CK_ATTRIBUTE_PTR *)args[4], + *(CK_ULONG *)args[5], + *(CK_OBJECT_HANDLE_PTR *)args[6], + *(CK_OBJECT_HANDLE_PTR *)args[7]); +} + +static void +binding_C_WrapKey (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_WrapKey (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2], + *(CK_OBJECT_HANDLE *)args[3], + *(CK_BYTE_PTR *)args[4], + *(CK_ULONG_PTR *)args[5]); +} + +static void +binding_C_UnwrapKey (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_UnwrapKey (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2], + *(CK_BYTE_PTR *)args[3], + *(CK_ULONG *)args[4], + *(CK_ATTRIBUTE_PTR *)args[5], + *(CK_ULONG *)args[6], + *(CK_OBJECT_HANDLE_PTR *)args[7]); +} + +static void +binding_C_DeriveKey (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_DeriveKey (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_MECHANISM_PTR *)args[1], + *(CK_OBJECT_HANDLE *)args[2], + *(CK_ATTRIBUTE_PTR *)args[3], + *(CK_ULONG *)args[4], + *(CK_OBJECT_HANDLE_PTR *)args[5]); +} + +static void +binding_C_SeedRandom (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_SeedRandom (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +static void +binding_C_GenerateRandom (ffi_cif *cif, + CK_RV *ret, + void* args[], + CK_X_FUNCTION_LIST *funcs) +{ + *ret = funcs->C_GenerateRandom (funcs, + *(CK_SESSION_HANDLE *)args[0], + *(CK_BYTE_PTR *)args[1], + *(CK_ULONG *)args[2]); +} + +#endif /* FFI_CLOSURES */ + +static CK_RV +stack_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Initialize (funcs, init_args); +} + +static CK_RV +stack_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Finalize (funcs, reserved); +} + +static CK_RV +stack_C_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetInfo (funcs, info); +} + +static CK_RV +stack_C_GetSlotList (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetSlotList (funcs, token_present, slot_list, count); +} + +static CK_RV +stack_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetSlotInfo (funcs, slot_id, info); +} + +static CK_RV +stack_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetTokenInfo (funcs, slot_id, info); +} + +static CK_RV +stack_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetMechanismList (funcs, slot_id, mechanism_list, count); +} + +static CK_RV +stack_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetMechanismInfo (funcs, slot_id, type, info); +} + +static CK_RV +stack_C_InitToken (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_InitToken (funcs, slot_id, pin, pin_len, label); +} + +static CK_RV +stack_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR application, + CK_NOTIFY notify, + CK_SESSION_HANDLE_PTR session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_OpenSession (funcs, slot_id, flags, application, notify, session); +} + +static CK_RV +stack_C_CloseSession (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CloseSession (funcs, session); +} + +static CK_RV +stack_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CloseAllSessions (funcs, slot_id); +} + +static CK_RV +stack_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetSessionInfo (funcs, session, info); +} + +static CK_RV +stack_C_InitPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_InitPIN (funcs, session, pin, pin_len); +} + +static CK_RV +stack_C_SetPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SetPIN (funcs, session, old_pin, old_len, new_pin, new_len); +} + +static CK_RV +stack_C_GetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetOperationState (funcs, session, operation_state, operation_state_len); +} + +static CK_RV +stack_C_SetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SetOperationState (funcs, session, operation_state, operation_state_len, + encryption_key, authentication_key); +} + +static CK_RV +stack_C_Login (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Login (funcs, session, user_type, pin, pin_len); +} + +static CK_RV +stack_C_Logout (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Logout (funcs, session); +} + +static CK_RV +stack_C_CreateObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR object) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CreateObject (funcs, session, template, count, object); +} + +static CK_RV +stack_C_CopyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CopyObject (funcs, session, object, template, count, new_object); +} + + +static CK_RV +stack_C_DestroyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DestroyObject (funcs, session, object); +} + +static CK_RV +stack_C_GetObjectSize (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetObjectSize (funcs, session, object, size); +} + +static CK_RV +stack_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetAttributeValue (funcs, session, object, template, count); +} + +static CK_RV +stack_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SetAttributeValue (funcs, session, object, template, count); +} + +static CK_RV +stack_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_FindObjectsInit (funcs, session, template, count); +} + +static CK_RV +stack_C_FindObjects (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR object, + CK_ULONG max_object_count, + CK_ULONG_PTR object_count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_FindObjects (funcs, session, object, max_object_count, object_count); +} + +static CK_RV +stack_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_FindObjectsFinal (funcs, session); +} + +static CK_RV +stack_C_EncryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_EncryptInit (funcs, session, mechanism, key); +} + +static CK_RV +stack_C_Encrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Encrypt (funcs, session, input, input_len, + encrypted_data, encrypted_data_len); +} + +static CK_RV +stack_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_EncryptUpdate (funcs, session, part, part_len, + encrypted_part, encrypted_part_len); +} + +static CK_RV +stack_C_EncryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_encrypted_part, + CK_ULONG_PTR last_encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_EncryptFinal (funcs, session, last_encrypted_part, + last_encrypted_part_len); +} + +static CK_RV +stack_C_DecryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptInit (funcs, session, mechanism, key); +} + +static CK_RV +stack_C_Decrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_data, + CK_ULONG encrypted_data_len, + CK_BYTE_PTR output, + CK_ULONG_PTR output_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Decrypt (funcs, session, encrypted_data, encrypted_data_len, + output, output_len); +} + +static CK_RV +stack_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptUpdate (funcs, session, encrypted_part, encrypted_part_len, + part, part_len); +} + +static CK_RV +stack_C_DecryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptFinal (funcs, session, last_part, last_part_len); +} + +static CK_RV +stack_C_DigestInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestInit (funcs, session, mechanism); +} + +static CK_RV +stack_C_Digest (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Digest (funcs, session, input, input_len, digest, digest_len); +} + +static CK_RV +stack_C_DigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestUpdate (funcs, session, part, part_len); +} + +static CK_RV +stack_C_DigestKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestKey (funcs, session, key); +} + +static CK_RV +stack_C_DigestFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestFinal (funcs, session, digest, digest_len); +} + +static CK_RV +stack_C_SignInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignInit (funcs, session, mechanism, key); +} + +static CK_RV +stack_C_Sign (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Sign (funcs, session, input, input_len, + signature, signature_len); +} + +static CK_RV +stack_C_SignUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignUpdate (funcs, session, part, part_len); +} + +static CK_RV +stack_C_SignFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignFinal (funcs, session, signature, signature_len); +} + +static CK_RV +stack_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignRecoverInit (funcs, session, mechanism, key); +} + +static CK_RV +stack_C_SignRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignRecover (funcs, session, input, input_len, + signature, signature_len); +} + +static CK_RV +stack_C_VerifyInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyInit (funcs, session, mechanism, key); +} + +static CK_RV +stack_C_Verify (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Verify (funcs, session, input, input_len, + signature, signature_len); +} + +static CK_RV +stack_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyUpdate (funcs, session, part, part_len); +} + +static CK_RV +stack_C_VerifyFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyFinal (funcs, session, signature, signature_len); +} + +static CK_RV +stack_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyRecoverInit (funcs, session, mechanism, key); +} + +static CK_RV +stack_C_VerifyRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR input, + CK_ULONG_PTR input_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyRecover (funcs, session, signature, signature_len, + input, input_len); +} + +static CK_RV +stack_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestEncryptUpdate (funcs, session, part, part_len, + encrypted_part, encrypted_part_len); +} + +static CK_RV +stack_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptDigestUpdate (funcs, session, encrypted_part, encrypted_part_len, + part, part_len); +} + +static CK_RV +stack_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignEncryptUpdate (funcs, session, part, part_len, + encrypted_part, encrypted_part_len); +} + +static CK_RV +stack_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptVerifyUpdate (funcs, session, encrypted_part, encrypted_part_len, + part, part_len); +} + +static CK_RV +stack_C_GenerateKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GenerateKey (funcs, session, mechanism, template, count, key); +} + +static CK_RV +stack_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR public_key_template, + CK_ULONG public_key_count, + CK_ATTRIBUTE_PTR private_key_template, + CK_ULONG private_key_count, + CK_OBJECT_HANDLE_PTR public_key, + CK_OBJECT_HANDLE_PTR private_key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GenerateKeyPair (funcs, session, mechanism, public_key_template, + public_key_count, private_key_template, + private_key_count, public_key, private_key); +} + +static CK_RV +stack_C_WrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_WrapKey (funcs, session, mechanism, wrapping_key, key, + wrapped_key, wrapped_key_len); +} + +static CK_RV +stack_C_UnwrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_UnwrapKey (funcs, session, mechanism, unwrapping_key, wrapped_key, + wrapped_key_len, template, count, key); +} + +static CK_RV +stack_C_DeriveKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DeriveKey (funcs, session, mechanism, base_key, template, count, key); +} + +static CK_RV +stack_C_SeedRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SeedRandom (funcs, session, seed, seed_len); +} + +static CK_RV +stack_C_GenerateRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GenerateRandom (funcs, session, random_data, random_len); +} + +static CK_RV +stack_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot_id, + CK_VOID_PTR reserved) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_X_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_WaitForSlotEvent (funcs, flags, slot_id, reserved); +} + +static CK_RV +base_C_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Initialize (init_args); +} + +static CK_RV +base_C_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Finalize (reserved); +} + +static CK_RV +base_C_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetInfo (info); +} + +static CK_RV +base_C_GetSlotList (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetSlotList (token_present, slot_list, count); +} + +static CK_RV +base_C_GetSlotInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetSlotInfo (slot_id, info); +} + +static CK_RV +base_C_GetTokenInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetTokenInfo (slot_id, info); +} + +static CK_RV +base_C_GetMechanismList (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetMechanismList (slot_id, mechanism_list, count); +} + +static CK_RV +base_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetMechanismInfo (slot_id, type, info); +} + +static CK_RV +base_C_InitToken (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_InitToken (slot_id, pin, pin_len, label); +} + +static CK_RV +base_C_OpenSession (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR application, + CK_NOTIFY notify, + CK_SESSION_HANDLE_PTR session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_OpenSession (slot_id, flags, application, notify, session); +} + +static CK_RV +base_C_CloseSession (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CloseSession (session); +} + +static CK_RV +base_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CloseAllSessions (slot_id); +} + +static CK_RV +base_C_GetSessionInfo (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetSessionInfo (session, info); +} + +static CK_RV +base_C_InitPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_InitPIN (session, pin, pin_len); +} + +static CK_RV +base_C_SetPIN (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SetPIN (session, old_pin, old_len, new_pin, new_len); +} + +static CK_RV +base_C_GetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetOperationState (session, operation_state, operation_state_len); +} + +static CK_RV +base_C_SetOperationState (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SetOperationState (session, operation_state, operation_state_len, + encryption_key, authentication_key); +} + +static CK_RV +base_C_Login (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Login (session, user_type, pin, pin_len); +} + +static CK_RV +base_C_Logout (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Logout (session); +} + +static CK_RV +base_C_CreateObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR object) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CreateObject (session, template, count, object); +} + +static CK_RV +base_C_CopyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_CopyObject (session, object, template, count, new_object); +} + + +static CK_RV +base_C_DestroyObject (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DestroyObject (session, object); +} + +static CK_RV +base_C_GetObjectSize (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetObjectSize (session, object, size); +} + +static CK_RV +base_C_GetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GetAttributeValue (session, object, template, count); +} + +static CK_RV +base_C_SetAttributeValue (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SetAttributeValue (session, object, template, count); +} + +static CK_RV +base_C_FindObjectsInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_FindObjectsInit (session, template, count); +} + +static CK_RV +base_C_FindObjects (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR object, + CK_ULONG max_object_count, + CK_ULONG_PTR object_count) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_FindObjects (session, object, max_object_count, object_count); +} + +static CK_RV +base_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_FindObjectsFinal (session); +} + +static CK_RV +base_C_EncryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_EncryptInit (session, mechanism, key); +} + +static CK_RV +base_C_Encrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Encrypt (session, input, input_len, + encrypted_data, encrypted_data_len); +} + +static CK_RV +base_C_EncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_EncryptUpdate (session, part, part_len, + encrypted_part, encrypted_part_len); +} + +static CK_RV +base_C_EncryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_encrypted_part, + CK_ULONG_PTR last_encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_EncryptFinal (session, last_encrypted_part, + last_encrypted_part_len); +} + +static CK_RV +base_C_DecryptInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptInit (session, mechanism, key); +} + +static CK_RV +base_C_Decrypt (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_data, + CK_ULONG encrypted_data_len, + CK_BYTE_PTR output, + CK_ULONG_PTR output_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Decrypt (session, encrypted_data, encrypted_data_len, + output, output_len); +} + +static CK_RV +base_C_DecryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptUpdate (session, encrypted_part, encrypted_part_len, + part, part_len); +} + +static CK_RV +base_C_DecryptFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptFinal (session, last_part, last_part_len); +} + +static CK_RV +base_C_DigestInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestInit (session, mechanism); +} + +static CK_RV +base_C_Digest (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Digest (session, input, input_len, digest, digest_len); +} + +static CK_RV +base_C_DigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestUpdate (session, part, part_len); +} + +static CK_RV +base_C_DigestKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestKey (session, key); +} + +static CK_RV +base_C_DigestFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestFinal (session, digest, digest_len); +} + +static CK_RV +base_C_SignInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignInit (session, mechanism, key); +} + +static CK_RV +base_C_Sign (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Sign (session, input, input_len, + signature, signature_len); +} + +static CK_RV +base_C_SignUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignUpdate (session, part, part_len); +} + +static CK_RV +base_C_SignFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignFinal (session, signature, signature_len); +} + +static CK_RV +base_C_SignRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignRecoverInit (session, mechanism, key); +} + +static CK_RV +base_C_SignRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignRecover (session, input, input_len, + signature, signature_len); +} + +static CK_RV +base_C_VerifyInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyInit (session, mechanism, key); +} + +static CK_RV +base_C_Verify (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR input, + CK_ULONG input_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_Verify (session, input, input_len, + signature, signature_len); +} + +static CK_RV +base_C_VerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyUpdate (session, part, part_len); +} + +static CK_RV +base_C_VerifyFinal (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyFinal (session, signature, signature_len); +} + +static CK_RV +base_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyRecoverInit (session, mechanism, key); +} + +static CK_RV +base_C_VerifyRecover (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR input, + CK_ULONG_PTR input_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_VerifyRecover (session, signature, signature_len, + input, input_len); +} + +static CK_RV +base_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DigestEncryptUpdate (session, part, part_len, + encrypted_part, encrypted_part_len); +} + +static CK_RV +base_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptDigestUpdate (session, encrypted_part, encrypted_part_len, + part, part_len); +} + +static CK_RV +base_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SignEncryptUpdate (session, part, part_len, + encrypted_part, encrypted_part_len); +} + +static CK_RV +base_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR encrypted_part, + CK_ULONG encrypted_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DecryptVerifyUpdate (session, encrypted_part, encrypted_part_len, + part, part_len); +} + +static CK_RV +base_C_GenerateKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GenerateKey (session, mechanism, template, count, key); +} + +static CK_RV +base_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR public_key_template, + CK_ULONG public_key_count, + CK_ATTRIBUTE_PTR private_key_template, + CK_ULONG private_key_count, + CK_OBJECT_HANDLE_PTR public_key, + CK_OBJECT_HANDLE_PTR private_key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GenerateKeyPair (session, mechanism, public_key_template, + public_key_count, private_key_template, + private_key_count, public_key, private_key); +} + +static CK_RV +base_C_WrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_WrapKey (session, mechanism, wrapping_key, key, + wrapped_key, wrapped_key_len); +} + +static CK_RV +base_C_UnwrapKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_UnwrapKey (session, mechanism, unwrapping_key, wrapped_key, + wrapped_key_len, template, count, key); +} + +static CK_RV +base_C_DeriveKey (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_DeriveKey (session, mechanism, base_key, template, count, key); +} + +static CK_RV +base_C_SeedRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_SeedRandom (session, seed, seed_len); +} + +static CK_RV +base_C_GenerateRandom (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_GenerateRandom (session, random_data, random_len); +} + +static CK_RV +base_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot_id, + CK_VOID_PTR reserved) +{ + p11_virtual *virt = (p11_virtual *)self; + CK_FUNCTION_LIST *funcs = virt->lower_module; + return funcs->C_WaitForSlotEvent (flags, slot_id, reserved); +} + +void +p11_virtual_init (p11_virtual *virt, + CK_X_FUNCTION_LIST *funcs, + void *lower_module, + p11_destroyer lower_destroy) +{ + memcpy (virt, funcs, sizeof (CK_X_FUNCTION_LIST)); + virt->lower_module = lower_module; + virt->lower_destroy = lower_destroy; +} + +void +p11_virtual_uninit (p11_virtual *virt) +{ + if (virt->lower_destroy) + (virt->lower_destroy) (virt->lower_module); +} + +typedef struct { + const char *name; + void *stack_fallback; + size_t virtual_offset; + void *base_fallback; + size_t module_offset; +} FunctionInfo; + +#define STRUCT_OFFSET(struct_type, member) \ + ((size_t) ((unsigned char *) &((struct_type *) 0)->member)) +#define STRUCT_MEMBER_P(struct_p, struct_offset) \ + ((void *) ((unsigned char *) (struct_p) + (long) (struct_offset))) +#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \ + (*(member_type*) STRUCT_MEMBER_P ((struct_p), (struct_offset))) + +#define FUNCTION(name) \ + #name, \ + stack_C_##name, STRUCT_OFFSET (CK_X_FUNCTION_LIST, C_##name), \ + base_C_##name, STRUCT_OFFSET (CK_FUNCTION_LIST, C_##name) + +static const FunctionInfo function_info[] = { + { FUNCTION (Initialize) }, + { FUNCTION (Finalize) }, + { FUNCTION (GetInfo) }, + { FUNCTION (GetSlotList) }, + { FUNCTION (GetSlotInfo) }, + { FUNCTION (GetTokenInfo) }, + { FUNCTION (GetMechanismList) }, + { FUNCTION (GetMechanismInfo) }, + { FUNCTION (InitToken) }, + { FUNCTION (InitPIN) }, + { FUNCTION (SetPIN) }, + { FUNCTION (OpenSession) }, + { FUNCTION (CloseSession) }, + { FUNCTION (CloseAllSessions) }, + { FUNCTION (GetSessionInfo) }, + { FUNCTION (GetOperationState) }, + { FUNCTION (SetOperationState) }, + { FUNCTION (Login) }, + { FUNCTION (Logout) }, + { FUNCTION (CreateObject) }, + { FUNCTION (CopyObject) }, + { FUNCTION (DestroyObject) }, + { FUNCTION (GetObjectSize) }, + { FUNCTION (GetAttributeValue) }, + { FUNCTION (SetAttributeValue) }, + { FUNCTION (FindObjectsInit) }, + { FUNCTION (FindObjects) }, + { FUNCTION (FindObjectsFinal) }, + { FUNCTION (EncryptInit) }, + { FUNCTION (Encrypt) }, + { FUNCTION (EncryptUpdate) }, + { FUNCTION (EncryptFinal) }, + { FUNCTION (DecryptInit) }, + { FUNCTION (Decrypt) }, + { FUNCTION (DecryptUpdate) }, + { FUNCTION (DecryptFinal) }, + { FUNCTION (DigestInit) }, + { FUNCTION (Digest) }, + { FUNCTION (DigestUpdate) }, + { FUNCTION (DigestKey) }, + { FUNCTION (DigestFinal) }, + { FUNCTION (SignInit) }, + { FUNCTION (Sign) }, + { FUNCTION (SignUpdate) }, + { FUNCTION (SignFinal) }, + { FUNCTION (SignRecoverInit) }, + { FUNCTION (SignRecover) }, + { FUNCTION (VerifyInit) }, + { FUNCTION (Verify) }, + { FUNCTION (VerifyUpdate) }, + { FUNCTION (VerifyFinal) }, + { FUNCTION (VerifyRecoverInit) }, + { FUNCTION (VerifyRecover) }, + { FUNCTION (DigestEncryptUpdate) }, + { FUNCTION (DecryptDigestUpdate) }, + { FUNCTION (SignEncryptUpdate) }, + { FUNCTION (DecryptVerifyUpdate) }, + { FUNCTION (GenerateKey) }, + { FUNCTION (GenerateKeyPair) }, + { FUNCTION (WrapKey) }, + { FUNCTION (UnwrapKey) }, + { FUNCTION (DeriveKey) }, + { FUNCTION (SeedRandom) }, + { FUNCTION (GenerateRandom) }, + { FUNCTION (WaitForSlotEvent) }, + { 0, } +}; + +static bool +lookup_fall_through (p11_virtual *virt, + const FunctionInfo *info, + void **bound_func) +{ + void *func; + + /* + * So the basic concept here is if we have only fall-through functions + * all the way down the stack, then we can just get the actual module + * function, so that calls go right through. + */ + + func = STRUCT_MEMBER (void *, virt, info->virtual_offset); + + /* + * This is a fall-through function and the stack goes down further, so + * ask the next level down for the + */ + if (func == info->stack_fallback) { + return lookup_fall_through (virt->lower_module, info, bound_func); + + /* + * This is a fall-through function at the bottom level of the stack + * so return the function from the module. + */ + } else if (func == info->base_fallback) { + *bound_func = STRUCT_MEMBER (void *, virt->lower_module, info->module_offset); + return true; + } + + return false; +} + +#if defined(FFI_CLOSURES) && FFI_CLOSURES +typedef struct { + void *function; + ffi_type *types[MAX_ARGS+1]; +} BindingInfo; + +static const BindingInfo binding_info[] = { + { binding_C_Initialize, { &ffi_type_pointer, NULL } }, + { binding_C_Finalize, { &ffi_type_pointer, NULL } }, + { binding_C_GetInfo, { &ffi_type_pointer, NULL } }, + { binding_C_GetSlotList, { &ffi_type_uchar, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_GetSlotInfo, { &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_GetTokenInfo, { &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_GetMechanismList, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_GetMechanismInfo, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_InitToken, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_InitPIN, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_SetPIN, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_OpenSession, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_CloseSession, { &ffi_type_ulong, NULL } }, + { binding_C_CloseAllSessions, { &ffi_type_ulong, NULL } }, + { binding_C_GetSessionInfo, { &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_GetOperationState, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_SetOperationState, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_ulong, NULL } }, + { binding_C_Login, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_Logout, { &ffi_type_ulong, NULL } }, + { binding_C_CreateObject, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_CopyObject, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_DestroyObject, { &ffi_type_ulong, &ffi_type_ulong, NULL } }, + { binding_C_GetObjectSize, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_GetAttributeValue, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_SetAttributeValue, { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_FindObjectsInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_FindObjects, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_FindObjectsFinal, { &ffi_type_ulong, NULL } }, + { binding_C_EncryptInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_Encrypt, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_EncryptUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_EncryptFinal, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DecryptInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_Decrypt, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DecryptUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DecryptFinal, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DigestInit, { &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_Digest, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DigestUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_DigestKey, { &ffi_type_ulong, &ffi_type_ulong, NULL } }, + { binding_C_DigestFinal, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_SignInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_Sign, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_SignUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_SignFinal, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_SignRecoverInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_SignRecover, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_VerifyInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_Verify, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_VerifyUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_VerifyFinal, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_VerifyRecoverInit, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_VerifyRecover, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DigestEncryptUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DecryptDigestUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_SignEncryptUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_DecryptVerifyUpdate, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_GenerateKey, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_GenerateKeyPair, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_WrapKey, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { binding_C_UnwrapKey, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_DeriveKey, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } }, + { binding_C_SeedRandom, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_GenerateRandom, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } }, + { binding_C_WaitForSlotEvent, { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } }, + { 0, } +}; + + +static bool +bind_ffi_closure (Wrapper *wrapper, + void *binding_data, + void *binding_func, + ffi_type **args, + void **bound_func) +{ + ffi_closure *clo; + ffi_cif *cif; + int nargs = 0; + int i = 0; + int ret; + + assert (wrapper->ffi_used < MAX_FUNCTIONS); + cif = wrapper->ffi_cifs + wrapper->ffi_used; + + /* The number of arguments */ + for (i = 0, nargs = 0; args[i] != NULL; i++) + nargs++; + + assert (nargs <= MAX_ARGS); + + /* + * The failures here are unexpected conditions. There's a chance they + * might occur on other esoteric platforms, so we take a little + * extra care to print relevant debugging info, and return a status, + * so that we can get back useful debug info on platforms that we + * don't have access to. + */ + + ret = ffi_prep_cif (cif, FFI_DEFAULT_ABI, nargs, &ffi_type_ulong, args); + if (ret != FFI_OK) { + p11_debug_precond ("ffi_prep_cif failed: %d\n", ret); + return false; + } + + clo = ffi_closure_alloc (sizeof (ffi_closure), bound_func); + if (clo == NULL) { + p11_debug_precond ("ffi_closure_alloc failed\n"); + return false; + } + + ret = ffi_prep_closure_loc (clo, cif, binding_func, binding_data, *bound_func); + if (ret != FFI_OK) { + p11_debug_precond ("ffi_prep_closure_loc failed: %d\n", ret); + return false; + } + + wrapper->ffi_closures[wrapper->ffi_used] = clo; + wrapper->ffi_used++; + return true; +} + +static bool +init_wrapper_funcs (Wrapper *wrapper) +{ + static const ffi_type *get_function_list_args[] = { &ffi_type_pointer, NULL }; + const FunctionInfo *info; + CK_X_FUNCTION_LIST *over; + void **bound; + int i; + + /* Pointer to where our calls go */ + over = &wrapper->virt->funcs; + + for (i = 0; function_info[i].name != NULL; i++) { + info = function_info + i; + + /* Address to where we're placing the bound function */ + bound = &STRUCT_MEMBER (void *, &wrapper->bound, info->module_offset); + + /* + * See if we can just shoot straight through to the module function + * without wrapping at all. If all the stacked virtual modules just + * fall through, then this returns the original module function. + */ + if (!lookup_fall_through (wrapper->virt, info, bound)) { + const BindingInfo *binding = binding_info + i; + if (!bind_ffi_closure (wrapper, over, + binding->function, + (ffi_type **)binding->types, bound)) + return false; + } + } + + /* Always bind the C_GetFunctionList function itself */ + if (!bind_ffi_closure (wrapper, wrapper, + binding_C_GetFunctionList, + (ffi_type **)get_function_list_args, + (void **)&wrapper->bound.C_GetFunctionList)) + return false; + + /* + * These functions are used as a marker to indicate whether this is + * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These + * functions are defined to always have the same standard implementation + * in PKCS#11 2.x so we don't need to call through to the base for + * these guys. + */ + wrapper->bound.C_CancelFunction = short_C_CancelFunction; + wrapper->bound.C_GetFunctionStatus = short_C_GetFunctionStatus; + + return true; +} + +#if defined(LIBFFI_FREE_CLOSURES) && LIBFFI_FREE_CLOSURES +static void +uninit_wrapper_funcs (Wrapper *wrapper) +{ + int i; + + for (i = 0; i < wrapper->ffi_used; i++) + ffi_closure_free (wrapper->ffi_closures[i]); +} +#endif + +CK_FUNCTION_LIST * +p11_virtual_wrap (p11_virtual *virt, + p11_destroyer destroyer) +{ + Wrapper *wrapper; + CK_FUNCTION_LIST *result; + + return_val_if_fail (virt != NULL, NULL); + + result = p11_virtual_wrap_fixed (virt, destroyer); + if (result) + return result; + + wrapper = calloc (1, sizeof (Wrapper)); + return_val_if_fail (wrapper != NULL, NULL); + + wrapper->virt = virt; + wrapper->destroyer = destroyer; + wrapper->bound.version.major = CRYPTOKI_VERSION_MAJOR; + wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR; + wrapper->fixed_index = -1; + + if (!init_wrapper_funcs (wrapper)) { + free (wrapper); + return_val_if_reached (NULL); + } + + assert ((void *)wrapper == (void *)&wrapper->bound); + assert (p11_virtual_is_wrapper (&wrapper->bound)); + assert (wrapper->bound.C_GetFunctionList != NULL); + return &wrapper->bound; +} + +#else /* !FFI_CLOSURES */ + +CK_FUNCTION_LIST * +p11_virtual_wrap (p11_virtual *virt, + p11_destroyer destroyer) +{ + CK_FUNCTION_LIST *result; + + result = p11_virtual_wrap_fixed (virt, destroyer); + return_val_if_fail (result != NULL, NULL); + return result; +} + +#endif /* !FFI_CLOSURES */ + +bool +p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module) +{ + /* + * We use these functions as a marker to indicate whether this is + * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These + * functions are defined to always have the same standard implementation + * in PKCS#11 2.x so we don't need to call through to the base for + * these guys. + */ + return (module->C_GetFunctionStatus == short_C_GetFunctionStatus && + module->C_CancelFunction == short_C_CancelFunction); +} + +void +p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module) +{ + Wrapper *wrapper; + + return_if_fail (p11_virtual_is_wrapper (module)); + + /* The bound CK_FUNCTION_LIST_PTR sits at the front of Context */ + wrapper = (Wrapper *)module; + + if (wrapper->fixed_index >= 0) + p11_virtual_unwrap_fixed (module); + + /* + * Make sure that the CK_FUNCTION_LIST_PTR is invalid, and that + * p11_virtual_is_wrapper() recognizes this. This is in case the + * destroyer callback tries to do something fancy. + */ + memset (&wrapper->bound, 0xFE, sizeof (wrapper->bound)); + + if (wrapper->destroyer) + (wrapper->destroyer) (wrapper->virt); + +#if defined(LIBFFI_FREE_CLOSURES) && LIBFFI_FREE_CLOSURES + uninit_wrapper_funcs (wrapper); +#endif + free (wrapper); +} + +CK_X_FUNCTION_LIST p11_virtual_stack = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + stack_C_Initialize, + stack_C_Finalize, + stack_C_GetInfo, + stack_C_GetSlotList, + stack_C_GetSlotInfo, + stack_C_GetTokenInfo, + stack_C_GetMechanismList, + stack_C_GetMechanismInfo, + stack_C_InitToken, + stack_C_InitPIN, + stack_C_SetPIN, + stack_C_OpenSession, + stack_C_CloseSession, + stack_C_CloseAllSessions, + stack_C_GetSessionInfo, + stack_C_GetOperationState, + stack_C_SetOperationState, + stack_C_Login, + stack_C_Logout, + stack_C_CreateObject, + stack_C_CopyObject, + stack_C_DestroyObject, + stack_C_GetObjectSize, + stack_C_GetAttributeValue, + stack_C_SetAttributeValue, + stack_C_FindObjectsInit, + stack_C_FindObjects, + stack_C_FindObjectsFinal, + stack_C_EncryptInit, + stack_C_Encrypt, + stack_C_EncryptUpdate, + stack_C_EncryptFinal, + stack_C_DecryptInit, + stack_C_Decrypt, + stack_C_DecryptUpdate, + stack_C_DecryptFinal, + stack_C_DigestInit, + stack_C_Digest, + stack_C_DigestUpdate, + stack_C_DigestKey, + stack_C_DigestFinal, + stack_C_SignInit, + stack_C_Sign, + stack_C_SignUpdate, + stack_C_SignFinal, + stack_C_SignRecoverInit, + stack_C_SignRecover, + stack_C_VerifyInit, + stack_C_Verify, + stack_C_VerifyUpdate, + stack_C_VerifyFinal, + stack_C_VerifyRecoverInit, + stack_C_VerifyRecover, + stack_C_DigestEncryptUpdate, + stack_C_DecryptDigestUpdate, + stack_C_SignEncryptUpdate, + stack_C_DecryptVerifyUpdate, + stack_C_GenerateKey, + stack_C_GenerateKeyPair, + stack_C_WrapKey, + stack_C_UnwrapKey, + stack_C_DeriveKey, + stack_C_SeedRandom, + stack_C_GenerateRandom, + stack_C_WaitForSlotEvent +}; + +CK_X_FUNCTION_LIST p11_virtual_base = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + base_C_Initialize, + base_C_Finalize, + base_C_GetInfo, + base_C_GetSlotList, + base_C_GetSlotInfo, + base_C_GetTokenInfo, + base_C_GetMechanismList, + base_C_GetMechanismInfo, + base_C_InitToken, + base_C_InitPIN, + base_C_SetPIN, + base_C_OpenSession, + base_C_CloseSession, + base_C_CloseAllSessions, + base_C_GetSessionInfo, + base_C_GetOperationState, + base_C_SetOperationState, + base_C_Login, + base_C_Logout, + base_C_CreateObject, + base_C_CopyObject, + base_C_DestroyObject, + base_C_GetObjectSize, + base_C_GetAttributeValue, + base_C_SetAttributeValue, + base_C_FindObjectsInit, + base_C_FindObjects, + base_C_FindObjectsFinal, + base_C_EncryptInit, + base_C_Encrypt, + base_C_EncryptUpdate, + base_C_EncryptFinal, + base_C_DecryptInit, + base_C_Decrypt, + base_C_DecryptUpdate, + base_C_DecryptFinal, + base_C_DigestInit, + base_C_Digest, + base_C_DigestUpdate, + base_C_DigestKey, + base_C_DigestFinal, + base_C_SignInit, + base_C_Sign, + base_C_SignUpdate, + base_C_SignFinal, + base_C_SignRecoverInit, + base_C_SignRecover, + base_C_VerifyInit, + base_C_Verify, + base_C_VerifyUpdate, + base_C_VerifyFinal, + base_C_VerifyRecoverInit, + base_C_VerifyRecover, + base_C_DigestEncryptUpdate, + base_C_DecryptDigestUpdate, + base_C_SignEncryptUpdate, + base_C_DecryptVerifyUpdate, + base_C_GenerateKey, + base_C_GenerateKeyPair, + base_C_WrapKey, + base_C_UnwrapKey, + base_C_DeriveKey, + base_C_SeedRandom, + base_C_GenerateRandom, + base_C_WaitForSlotEvent +}; + +#include "p11-kit/virtual-fixed-generated.h" + +static CK_FUNCTION_LIST * +p11_virtual_wrap_fixed (p11_virtual *virt, + p11_destroyer destroyer) +{ + CK_FUNCTION_LIST *result = NULL; + size_t i; + + p11_mutex_lock (&p11_virtual_mutex); + for (i = 0; i < P11_VIRTUAL_MAX_FIXED; i++) { + if (fixed_closures[i] == NULL) { + Wrapper *wrapper; + wrapper = create_fixed_wrapper (virt, i, destroyer); + if (wrapper) { + result = &wrapper->bound; + fixed_closures[i] = result; + } + break; + } + } + p11_mutex_unlock (&p11_virtual_mutex); + + return result; +} + +static void +p11_virtual_unwrap_fixed (CK_FUNCTION_LIST_PTR module) +{ + size_t i; + + p11_mutex_lock (&p11_virtual_mutex); + for (i = 0; i < P11_VIRTUAL_MAX_FIXED; i++) { + if (fixed_closures[i] == module) { + fixed_closures[i] = NULL; + break; + } + } + p11_mutex_unlock (&p11_virtual_mutex); +} + +static void +init_wrapper_funcs_fixed (Wrapper *wrapper, CK_FUNCTION_LIST *fixed) +{ + const FunctionInfo *info; + void **bound_to, **bound_from; + int i; + + for (i = 0; function_info[i].name != NULL; i++) { + info = function_info + i; + + /* Address to where we're placing the bound function */ + bound_to = &STRUCT_MEMBER (void *, &wrapper->bound, info->module_offset); + bound_from = &STRUCT_MEMBER (void *, fixed, info->module_offset); + + /* + * See if we can just shoot straight through to the module function + * without wrapping at all. If all the stacked virtual modules just + * fall through, then this returns the original module function. + */ + if (!lookup_fall_through (wrapper->virt, info, bound_to)) + *bound_to = *bound_from; + } + + /* Always bind the C_GetFunctionList function itself */ + wrapper->bound.C_GetFunctionList = fixed->C_GetFunctionList; + + /* + * These functions are used as a marker to indicate whether this is + * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These + * functions are defined to always have the same standard implementation + * in PKCS#11 2.x so we don't need to call through to the base for + * these guys. + */ + wrapper->bound.C_CancelFunction = short_C_CancelFunction; + wrapper->bound.C_GetFunctionStatus = short_C_GetFunctionStatus; +} + +static Wrapper * +create_fixed_wrapper (p11_virtual *virt, + size_t index, + p11_destroyer destroyer) +{ + Wrapper *wrapper; + + return_val_if_fail (virt != NULL, NULL); + + wrapper = calloc (1, sizeof (Wrapper)); + return_val_if_fail (wrapper != NULL, NULL); + + wrapper->virt = virt; + wrapper->destroyer = destroyer; + wrapper->bound.version.major = CRYPTOKI_VERSION_MAJOR; + wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR; + wrapper->fixed_index = index; + + init_wrapper_funcs_fixed (wrapper, &p11_virtual_fixed[index]); + + assert ((void *)wrapper == (void *)&wrapper->bound); + assert (p11_virtual_is_wrapper (&wrapper->bound)); + assert (wrapper->bound.C_GetFunctionList != NULL); + return wrapper; +} diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h new file mode 100644 index 0000000..3124cc9 --- /dev/null +++ b/p11-kit/virtual.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2013 Red Hat, Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_VIRTUAL_H__ +#define __P11_VIRTUAL_H__ + +#include "pkcs11.h" +#include "pkcs11i.h" +#include "array.h" + +typedef struct { + CK_X_FUNCTION_LIST funcs; + void *lower_module; + p11_destroyer lower_destroy; +} p11_virtual; + +extern CK_X_FUNCTION_LIST p11_virtual_base; + +extern CK_X_FUNCTION_LIST p11_virtual_stack; + +void p11_virtual_init (p11_virtual *virt, + CK_X_FUNCTION_LIST *funcs, + void *lower_module, + p11_destroyer lower_destroy); + +void p11_virtual_uninit (p11_virtual *virt); + +CK_FUNCTION_LIST * p11_virtual_wrap (p11_virtual *virt, + p11_destroyer destroyer); + +bool p11_virtual_is_wrapper (CK_FUNCTION_LIST *module); + +void p11_virtual_unwrap (CK_FUNCTION_LIST *module); + +#endif /* __P11_VIRTUAL_H__ */ diff --git a/po/LINGUAS b/po/LINGUAS new file mode 100644 index 0000000..6ab4800 --- /dev/null +++ b/po/LINGUAS @@ -0,0 +1,71 @@ +# Set of available languages. +ar +as +ast +az +bg +bn_IN +ca +ca@valencia +cs +cy +da +de +el +en_GB +eo +es +et +eu +fa +fi +fo +fr +fur +ga +gl +gu +he +hi +hr +hu +ia +id +it +ja +ka +kk +kn +ko +lt +lv +ml +mr +ms +nb +nl +nn +oc +or +pa +pl +pt +pt_BR +ro +ru +sk +sl +sq +sr +sr@latin +sv +ta +te +th +tr +uk +vi +wa +zh_CN +zh_HK +zh_TW diff --git a/po/Makefile.in.in b/po/Makefile.in.in new file mode 100644 index 0000000..fdb6ad3 --- /dev/null +++ b/po/Makefile.in.in @@ -0,0 +1,503 @@ +# Makefile for PO directory in any package using GNU gettext. +# Copyright (C) 1995-2000 Ulrich Drepper +# Copyright (C) 2000-2019 Free Software Foundation, Inc. +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without any warranty. +# +# Origin: gettext-0.20 +GETTEXT_MACRO_VERSION = 0.20 + +PACKAGE = @PACKAGE@ +VERSION = @VERSION@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ + +SED = @SED@ +SHELL = /bin/sh +@SET_MAKE@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +datarootdir = @datarootdir@ +datadir = @datadir@ +localedir = @localedir@ +gettextsrcdir = $(datadir)/gettext/po + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ + +# We use $(mkdir_p). +# In automake <= 1.9.x, $(mkdir_p) is defined either as "mkdir -p --" or as +# "$(mkinstalldirs)" or as "$(install_sh) -d". For these automake versions, +# @install_sh@ does not start with $(SHELL), so we add it. +# In automake >= 1.10, @mkdir_p@ is derived from ${MKDIR_P}, which is defined +# either as "/path/to/mkdir -p" or ".../install-sh -c -d". For these automake +# versions, $(mkinstalldirs) and $(install_sh) are unused. +mkinstalldirs = $(SHELL) @install_sh@ -d +install_sh = $(SHELL) @install_sh@ +MKDIR_P = @MKDIR_P@ +mkdir_p = @mkdir_p@ + +# When building gettext-tools, we prefer to use the built programs +# rather than installed programs. However, we can't do that when we +# are cross compiling. +CROSS_COMPILING = @CROSS_COMPILING@ + +GMSGFMT_ = @GMSGFMT@ +GMSGFMT_no = @GMSGFMT@ +GMSGFMT_yes = @GMSGFMT_015@ +GMSGFMT = $(GMSGFMT_$(USE_MSGCTXT)) +XGETTEXT_ = @XGETTEXT@ +XGETTEXT_no = @XGETTEXT@ +XGETTEXT_yes = @XGETTEXT_015@ +XGETTEXT = $(XGETTEXT_$(USE_MSGCTXT)) +MSGMERGE = @MSGMERGE@ +MSGMERGE_UPDATE = @MSGMERGE@ --update +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +MSGINIT = msginit +MSGCONV = msgconv +MSGFILTER = msgfilter + +POFILES = @POFILES@ +GMOFILES = @GMOFILES@ +UPDATEPOFILES = @UPDATEPOFILES@ +DUMMYPOFILES = @DUMMYPOFILES@ +DISTFILES.common = Makefile.in.in remove-potcdate.sin \ +$(DISTFILES.common.extra1) $(DISTFILES.common.extra2) $(DISTFILES.common.extra3) +DISTFILES = $(DISTFILES.common) Makevars POTFILES.in \ +$(POFILES) $(GMOFILES) \ +$(DISTFILES.extra1) $(DISTFILES.extra2) $(DISTFILES.extra3) + +POTFILES = \ + +CATALOGS = @CATALOGS@ + +POFILESDEPS_ = $(srcdir)/$(DOMAIN).pot +POFILESDEPS_yes = $(POFILESDEPS_) +POFILESDEPS_no = +POFILESDEPS = $(POFILESDEPS_$(PO_DEPENDS_ON_POT)) + +DISTFILESDEPS_ = update-po +DISTFILESDEPS_yes = $(DISTFILESDEPS_) +DISTFILESDEPS_no = +DISTFILESDEPS = $(DISTFILESDEPS_$(DIST_DEPENDS_ON_UPDATE_PO)) + +# Makevars gets inserted here. (Don't remove this line!) + +.SUFFIXES: +.SUFFIXES: .po .gmo .sed .sin .nop .po-create .po-update + +# The .pot file, stamp-po, .po files, and .gmo files appear in release tarballs. +# The GNU Coding Standards say in +# : +# "GNU distributions usually contain some files which are not source files +# ... . Since these files normally appear in the source directory, they +# should always appear in the source directory, not in the build directory. +# So Makefile rules to update them should put the updated files in the +# source directory." +# Therefore we put these files in the source directory, not the build directory. + +# During .po -> .gmo conversion, take into account the most recent changes to +# the .pot file. This eliminates the need to update the .po files when the +# .pot file has changed, which would be troublesome if the .po files are put +# under version control. +.po.gmo: $(srcdir)/$(DOMAIN).pot + @lang=`echo $* | sed -e 's,.*/,,'`; \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ + echo "$${cdcmd}rm -f $${lang}.gmo && $(MSGMERGE) $(MSGMERGE_FOR_MSGFMT_OPTION) -o $${lang}.1po $${lang}.po $(DOMAIN).pot && $(GMSGFMT) -c --statistics --verbose -o $${lang}.gmo $${lang}.1po && rm -f $${lang}.1po"; \ + cd $(srcdir) && \ + rm -f $${lang}.gmo && \ + $(MSGMERGE) $(MSGMERGE_FOR_MSGFMT_OPTION) -o $${lang}.1po $${lang}.po $(DOMAIN).pot && \ + $(GMSGFMT) -c --statistics --verbose -o t-$${lang}.gmo $${lang}.1po && \ + mv t-$${lang}.gmo $${lang}.gmo && \ + rm -f $${lang}.1po + +.sin.sed: + sed -e '/^#/d' $< > t-$@ + mv t-$@ $@ + + +all: all-@USE_NLS@ + +all-yes: $(srcdir)/stamp-po +all-no: + +# Ensure that the gettext macros and this Makefile.in.in are in sync. +CHECK_MACRO_VERSION = \ + test "$(GETTEXT_MACRO_VERSION)" = "@GETTEXT_MACRO_VERSION@" \ + || { echo "*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version $(GETTEXT_MACRO_VERSION) but the autoconf macros are from gettext version @GETTEXT_MACRO_VERSION@" 1>&2; \ + exit 1; \ + } + +# $(srcdir)/$(DOMAIN).pot is only created when needed. When xgettext finds no +# internationalized messages, no $(srcdir)/$(DOMAIN).pot is created (because +# we don't want to bother translators with empty POT files). We assume that +# LINGUAS is empty in this case, i.e. $(POFILES) and $(GMOFILES) are empty. +# In this case, $(srcdir)/stamp-po is a nop (i.e. a phony target). + +# $(srcdir)/stamp-po is a timestamp denoting the last time at which the CATALOGS +# have been loosely updated. Its purpose is that when a developer or translator +# checks out the package from a version control system, and the $(DOMAIN).pot +# file is not under version control, "make" will update the $(DOMAIN).pot and +# the $(CATALOGS), but subsequent invocations of "make" will do nothing. This +# timestamp would not be necessary if updating the $(CATALOGS) would always +# touch them; however, the rule for $(POFILES) has been designed to not touch +# files that don't need to be changed. +$(srcdir)/stamp-po: $(srcdir)/$(DOMAIN).pot + @$(CHECK_MACRO_VERSION) + test ! -f $(srcdir)/$(DOMAIN).pot || \ + test -z "$(GMOFILES)" || $(MAKE) $(GMOFILES) + @test ! -f $(srcdir)/$(DOMAIN).pot || { \ + echo "touch $(srcdir)/stamp-po" && \ + echo timestamp > $(srcdir)/stamp-poT && \ + mv $(srcdir)/stamp-poT $(srcdir)/stamp-po; \ + } + +# Note: Target 'all' must not depend on target '$(DOMAIN).pot-update', +# otherwise packages like GCC can not be built if only parts of the source +# have been downloaded. + +# This target rebuilds $(DOMAIN).pot; it is an expensive operation. +# Note that $(DOMAIN).pot is not touched if it doesn't need to be changed. +# The determination of whether the package xyz is a GNU one is based on the +# heuristic whether some file in the top level directory mentions "GNU xyz". +# If GNU 'find' is available, we avoid grepping through monster files. +$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed + package_gnu="$(PACKAGE_GNU)"; \ + test -n "$$package_gnu" || { \ + if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \ + LC_ALL=C find -L $(top_srcdir) -maxdepth 1 -type f -size -10000000c -exec grep -i 'GNU @PACKAGE@' /dev/null '{}' ';' 2>/dev/null; \ + else \ + LC_ALL=C grep -i 'GNU @PACKAGE@' $(top_srcdir)/* 2>/dev/null; \ + fi; \ + } | grep -v 'libtool:' >/dev/null; then \ + package_gnu=yes; \ + else \ + package_gnu=no; \ + fi; \ + }; \ + if test "$$package_gnu" = "yes"; then \ + package_prefix='GNU '; \ + else \ + package_prefix=''; \ + fi; \ + if test -n '$(MSGID_BUGS_ADDRESS)' || test '$(PACKAGE_BUGREPORT)' = '@'PACKAGE_BUGREPORT'@'; then \ + msgid_bugs_address='$(MSGID_BUGS_ADDRESS)'; \ + else \ + msgid_bugs_address='$(PACKAGE_BUGREPORT)'; \ + fi; \ + case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \ + $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ + --add-comments=TRANSLATORS: \ + --files-from=$(srcdir)/POTFILES.in \ + --copyright-holder='$(COPYRIGHT_HOLDER)' \ + --msgid-bugs-address="$$msgid_bugs_address" \ + $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \ + ;; \ + *) \ + $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ + --add-comments=TRANSLATORS: \ + --files-from=$(srcdir)/POTFILES.in \ + --copyright-holder='$(COPYRIGHT_HOLDER)' \ + --package-name="$${package_prefix}@PACKAGE@" \ + --package-version='@VERSION@' \ + --msgid-bugs-address="$$msgid_bugs_address" \ + $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \ + ;; \ + esac + test ! -f $(DOMAIN).po || { \ + if test -f $(srcdir)/$(DOMAIN).pot-header; then \ + sed -e '1,/^#$$/d' < $(DOMAIN).po > $(DOMAIN).1po && \ + cat $(srcdir)/$(DOMAIN).pot-header $(DOMAIN).1po > $(DOMAIN).po && \ + rm -f $(DOMAIN).1po \ + || exit 1; \ + fi; \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ + sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \ + if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \ + rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \ + else \ + rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \ + mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \ + fi; \ + else \ + mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \ + fi; \ + } + +# This rule has no dependencies: we don't need to update $(DOMAIN).pot at +# every "make" invocation, only create it when it is missing. +# Only "make $(DOMAIN).pot-update" or "make dist" will force an update. +$(srcdir)/$(DOMAIN).pot: + $(MAKE) $(DOMAIN).pot-update + +# This target rebuilds a PO file if $(DOMAIN).pot has changed. +# Note that a PO file is not touched if it doesn't need to be changed. +$(POFILES): $(POFILESDEPS) + @test -f $(srcdir)/$(DOMAIN).pot || $(MAKE) $(srcdir)/$(DOMAIN).pot + @lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \ + if test -f "$(srcdir)/$${lang}.po"; then \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ + echo "$${cdcmd}$(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) --lang=$${lang} --previous $${lang}.po $(DOMAIN).pot"; \ + cd $(srcdir) \ + && { case `$(MSGMERGE_UPDATE) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].*) \ + $(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) $${lang}.po $(DOMAIN).pot;; \ + 0.1[6-7] | 0.1[6-7].*) \ + $(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) --previous $${lang}.po $(DOMAIN).pot;; \ + *) \ + $(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) --lang=$${lang} --previous $${lang}.po $(DOMAIN).pot;; \ + esac; \ + }; \ + else \ + $(MAKE) $${lang}.po-create; \ + fi + + +install: install-exec install-data +install-exec: +install-data: install-data-@USE_NLS@ + if test "$(PACKAGE)" = "gettext-tools"; then \ + $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \ + for file in $(DISTFILES.common) Makevars.template; do \ + $(INSTALL_DATA) $(srcdir)/$$file \ + $(DESTDIR)$(gettextsrcdir)/$$file; \ + done; \ + for file in Makevars; do \ + rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \ + done; \ + else \ + : ; \ + fi +install-data-no: all +install-data-yes: all + @catalogs='$(CATALOGS)'; \ + for cat in $$catalogs; do \ + cat=`basename $$cat`; \ + lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \ + dir=$(localedir)/$$lang/LC_MESSAGES; \ + $(mkdir_p) $(DESTDIR)$$dir; \ + if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \ + $(INSTALL_DATA) $$realcat $(DESTDIR)$$dir/$(DOMAIN).mo; \ + echo "installing $$realcat as $(DESTDIR)$$dir/$(DOMAIN).mo"; \ + for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \ + if test -n "$$lc"; then \ + if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \ + link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \ + mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ + mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ + (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \ + for file in *; do \ + if test -f $$file; then \ + ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \ + fi; \ + done); \ + rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ + else \ + if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \ + :; \ + else \ + rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \ + mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ + fi; \ + fi; \ + rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \ + ln -s ../LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \ + ln $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \ + cp -p $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \ + echo "installing $$realcat link as $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo"; \ + fi; \ + done; \ + done + +install-strip: install + +installdirs: installdirs-exec installdirs-data +installdirs-exec: +installdirs-data: installdirs-data-@USE_NLS@ + if test "$(PACKAGE)" = "gettext-tools"; then \ + $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \ + else \ + : ; \ + fi +installdirs-data-no: +installdirs-data-yes: + @catalogs='$(CATALOGS)'; \ + for cat in $$catalogs; do \ + cat=`basename $$cat`; \ + lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \ + dir=$(localedir)/$$lang/LC_MESSAGES; \ + $(mkdir_p) $(DESTDIR)$$dir; \ + for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \ + if test -n "$$lc"; then \ + if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \ + link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \ + mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ + mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ + (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \ + for file in *; do \ + if test -f $$file; then \ + ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \ + fi; \ + done); \ + rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ + else \ + if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \ + :; \ + else \ + rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \ + mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ + fi; \ + fi; \ + fi; \ + done; \ + done + +# Define this as empty until I found a useful application. +installcheck: + +uninstall: uninstall-exec uninstall-data +uninstall-exec: +uninstall-data: uninstall-data-@USE_NLS@ + if test "$(PACKAGE)" = "gettext-tools"; then \ + for file in $(DISTFILES.common) Makevars.template; do \ + rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \ + done; \ + else \ + : ; \ + fi +uninstall-data-no: +uninstall-data-yes: + catalogs='$(CATALOGS)'; \ + for cat in $$catalogs; do \ + cat=`basename $$cat`; \ + lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \ + for lc in LC_MESSAGES $(EXTRA_LOCALE_CATEGORIES); do \ + rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \ + done; \ + done + +check: all + +info dvi ps pdf html tags TAGS ctags CTAGS ID: + +install-dvi install-ps install-pdf install-html: + +mostlyclean: + rm -f remove-potcdate.sed + rm -f $(srcdir)/stamp-poT + rm -f core core.* $(DOMAIN).po $(DOMAIN).1po $(DOMAIN).2po *.new.po + rm -fr *.o + +clean: mostlyclean + +distclean: clean + rm -f Makefile Makefile.in POTFILES + +maintainer-clean: distclean + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + rm -f $(srcdir)/$(DOMAIN).pot $(srcdir)/stamp-po $(GMOFILES) + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) +dist distdir: + test -z "$(DISTFILESDEPS)" || $(MAKE) $(DISTFILESDEPS) + @$(MAKE) dist2 +# This is a separate target because 'update-po' must be executed before. +dist2: $(srcdir)/stamp-po $(DISTFILES) + dists="$(DISTFILES)"; \ + if test "$(PACKAGE)" = "gettext-tools"; then \ + dists="$$dists Makevars.template"; \ + fi; \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + dists="$$dists $(DOMAIN).pot stamp-po"; \ + fi; \ + if test -f $(srcdir)/ChangeLog; then \ + dists="$$dists ChangeLog"; \ + fi; \ + for i in 0 1 2 3 4 5 6 7 8 9; do \ + if test -f $(srcdir)/ChangeLog.$$i; then \ + dists="$$dists ChangeLog.$$i"; \ + fi; \ + done; \ + if test -f $(srcdir)/LINGUAS; then dists="$$dists LINGUAS"; fi; \ + for file in $$dists; do \ + if test -f $$file; then \ + cp -p $$file $(distdir) || exit 1; \ + else \ + cp -p $(srcdir)/$$file $(distdir) || exit 1; \ + fi; \ + done + +update-po: Makefile + $(MAKE) $(DOMAIN).pot-update + test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES) + $(MAKE) update-gmo + +# General rule for creating PO files. + +.nop.po-create: + @lang=`echo $@ | sed -e 's/\.po-create$$//'`; \ + echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \ + exit 1 + +# General rule for updating PO files. + +.nop.po-update: + @lang=`echo $@ | sed -e 's/\.po-update$$//'`; \ + if test "$(PACKAGE)" = "gettext-tools" && test "$(CROSS_COMPILING)" != "yes"; then PATH=`pwd`/../src:$$PATH; fi; \ + tmpdir=`pwd`; \ + echo "$$lang:"; \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ + echo "$${cdcmd}$(MSGMERGE) $(MSGMERGE_OPTIONS) --lang=$$lang --previous $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \ + cd $(srcdir); \ + if { case `$(MSGMERGE) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].*) \ + $(MSGMERGE) $(MSGMERGE_OPTIONS) -o $$tmpdir/$$lang.new.po $$lang.po $(DOMAIN).pot;; \ + 0.1[6-7] | 0.1[6-7].*) \ + $(MSGMERGE) $(MSGMERGE_OPTIONS) --previous -o $$tmpdir/$$lang.new.po $$lang.po $(DOMAIN).pot;; \ + *) \ + $(MSGMERGE) $(MSGMERGE_OPTIONS) --lang=$$lang --previous -o $$tmpdir/$$lang.new.po $$lang.po $(DOMAIN).pot;; \ + esac; \ + }; then \ + if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ + rm -f $$tmpdir/$$lang.new.po; \ + else \ + if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ + :; \ + else \ + echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ + exit 1; \ + fi; \ + fi; \ + else \ + echo "msgmerge for $$lang.po failed!" 1>&2; \ + rm -f $$tmpdir/$$lang.new.po; \ + fi + +$(DUMMYPOFILES): + +update-gmo: Makefile $(GMOFILES) + @: + +# Recreate Makefile by invoking config.status. Explicitly invoke the shell, +# because execution permission bits may not work on the current file system. +# Use @SHELL@, which is the shell determined by autoconf for the use by its +# scripts, not $(SHELL) which is hardwired to /bin/sh and may be deficient. +Makefile: Makefile.in.in Makevars $(top_builddir)/config.status @POMAKEFILEDEPS@ + cd $(top_builddir) \ + && @SHELL@ ./config.status $(subdir)/$@.in po-directories + +force: + +# Tell versions [3.59,3.63) of GNU make not to export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/po/Makevars b/po/Makevars new file mode 100644 index 0000000..162f889 --- /dev/null +++ b/po/Makevars @@ -0,0 +1,78 @@ +# Makefile variables for PO directory in any package using GNU gettext. + +# Usually the message domain is the same as the package name. +DOMAIN = $(PACKAGE) + +# These two variables depend on the location of this directory. +subdir = po +top_builddir = .. + +# These options get passed to xgettext. +XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ + +# This is the copyright holder that gets inserted into the header of the +# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding +# package. (Note that the msgstr strings, extracted from the package's +# sources, belong to the copyright holder of the package.) Translators are +# expected to transfer the copyright for their translations to this person +# or entity, or to disclaim their copyright. The empty string stands for +# the public domain; in this case the translators are expected to disclaim +# their copyright. +COPYRIGHT_HOLDER = Collabora Ltd. + +# This tells whether or not to prepend "GNU " prefix to the package +# name that gets inserted into the header of the $(DOMAIN).pot file. +# Possible values are "yes", "no", or empty. If it is empty, try to +# detect it automatically by scanning the files in $(top_srcdir) for +# "GNU packagename" string. +PACKAGE_GNU = + +# This is the email address or URL to which the translators shall report +# bugs in the untranslated strings: +# - Strings which are not entire sentences, see the maintainer guidelines +# in the GNU gettext documentation, section 'Preparing Strings'. +# - Strings which use unclear terms or require additional context to be +# understood. +# - Strings which make invalid assumptions about notation of date, time or +# money. +# - Pluralisation problems. +# - Incorrect English spelling. +# - Incorrect formatting. +# It can be your email address, or a mailing list address where translators +# can write to without being subscribed, or the URL of a web page through +# which the translators can contact you. +MSGID_BUGS_ADDRESS = + +# This is the list of locale categories, beyond LC_MESSAGES, for which the +# message catalogs shall be used. It is usually empty. +EXTRA_LOCALE_CATEGORIES = + +# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt' +# context. Possible values are "yes" and "no". Set this to yes if the +# package uses functions taking also a message context, like pgettext(), or +# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument. +USE_MSGCTXT = no + +# These options get passed to msgmerge. +# Useful options are in particular: +# --previous to keep previous msgids of translated messages, +# --quiet to reduce the verbosity. +MSGMERGE_OPTIONS = + +# These options get passed to msginit. +# If you want to disable line wrapping when writing PO files, add +# --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and +# MSGINIT_OPTIONS. +MSGINIT_OPTIONS = + +# This tells whether or not to regenerate a PO file when $(DOMAIN).pot +# has changed. Possible values are "yes" and "no". Set this to no if +# the POT file is checked in the repository and the version control +# program ignores timestamps. +PO_DEPENDS_ON_POT = no + +# This tells whether or not to forcibly update $(DOMAIN).pot and +# regenerate PO files on "make dist". Possible values are "yes" and +# "no". Set this to no if the POT file and PO files are maintained +# externally. +DIST_DEPENDS_ON_UPDATE_PO = no diff --git a/po/POTFILES.in b/po/POTFILES.in new file mode 100644 index 0000000..3e15306 --- /dev/null +++ b/po/POTFILES.in @@ -0,0 +1,2 @@ +# List of source files which contain translatable strings. +p11-kit/messages.c diff --git a/po/Rules-quot b/po/Rules-quot new file mode 100644 index 0000000..18c024b --- /dev/null +++ b/po/Rules-quot @@ -0,0 +1,62 @@ +# Special Makefile rules for English message catalogs with quotation marks. +# +# Copyright (C) 2001-2017 Free Software Foundation, Inc. +# This file, Rules-quot, and its auxiliary files (listed under +# DISTFILES.common.extra1) are free software; the Free Software Foundation +# gives unlimited permission to use, copy, distribute, and modify them. + +DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot + +.SUFFIXES: .insert-header .po-update-en + +en@quot.po-create: + $(MAKE) en@quot.po-update +en@boldquot.po-create: + $(MAKE) en@boldquot.po-update + +en@quot.po-update: en@quot.po-update-en +en@boldquot.po-update: en@boldquot.po-update-en + +.insert-header.po-update-en: + @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \ + if test "$(PACKAGE)" = "gettext-tools" && test "$(CROSS_COMPILING)" != "yes"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \ + tmpdir=`pwd`; \ + echo "$$lang:"; \ + ll=`echo $$lang | sed -e 's/@.*//'`; \ + LC_ALL=C; export LC_ALL; \ + cd $(srcdir); \ + if $(MSGINIT) $(MSGINIT_OPTIONS) -i $(DOMAIN).pot --no-translator -l $$lang -o - 2>/dev/null \ + | $(SED) -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | \ + { case `$(MSGFILTER) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-8] | 0.1[0-8].*) \ + $(MSGFILTER) $(SED) -f `echo $$lang | sed -e 's/.*@//'`.sed \ + ;; \ + *) \ + $(MSGFILTER) `echo $$lang | sed -e 's/.*@//'` \ + ;; \ + esac } 2>/dev/null > $$tmpdir/$$lang.new.po \ + ; then \ + if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ + rm -f $$tmpdir/$$lang.new.po; \ + else \ + if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ + :; \ + else \ + echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ + exit 1; \ + fi; \ + fi; \ + else \ + echo "creation of $$lang.po failed!" 1>&2; \ + rm -f $$tmpdir/$$lang.new.po; \ + fi + +en@quot.insert-header: insert-header.sin + sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header + +en@boldquot.insert-header: insert-header.sin + sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header + +mostlyclean: mostlyclean-quot +mostlyclean-quot: + rm -f *.insert-header diff --git a/po/ar.gmo b/po/ar.gmo new file mode 100644 index 0000000..35ed586 Binary files /dev/null and b/po/ar.gmo differ diff --git a/po/ar.po b/po/ar.po new file mode 100644 index 0000000..8978cd9 --- /dev/null +++ b/po/ar.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Arabic (http://www.transifex.com/freedesktop/p11-kit/language/ar/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ar\n" +"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/as.gmo b/po/as.gmo new file mode 100644 index 0000000..f0205e7 Binary files /dev/null and b/po/as.gmo differ diff --git a/po/as.po b/po/as.po new file mode 100644 index 0000000..96e8e5c --- /dev/null +++ b/po/as.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Assamese (http://www.transifex.com/freedesktop/p11-kit/language/as/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: as\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/ast.gmo b/po/ast.gmo new file mode 100644 index 0000000..6a93fed Binary files /dev/null and b/po/ast.gmo differ diff --git a/po/ast.po b/po/ast.po new file mode 100644 index 0000000..7f2d7a6 --- /dev/null +++ b/po/ast.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-08-27 03:16+0000\n" +"Last-Translator: Piotr Drąg \n" +"Language-Team: Asturian (http://www.transifex.com/freedesktop/p11-kit/language/ast/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ast\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/az.gmo b/po/az.gmo new file mode 100644 index 0000000..8ee17af Binary files /dev/null and b/po/az.gmo differ diff --git a/po/az.po b/po/az.po new file mode 100644 index 0000000..35a8502 --- /dev/null +++ b/po/az.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Azerbaijani (http://www.transifex.com/freedesktop/p11-kit/language/az/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: az\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/bg.gmo b/po/bg.gmo new file mode 100644 index 0000000..d25cbad Binary files /dev/null and b/po/bg.gmo differ diff --git a/po/bg.po b/po/bg.po new file mode 100644 index 0000000..539eaa8 --- /dev/null +++ b/po/bg.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Bulgarian (http://www.transifex.com/freedesktop/p11-kit/language/bg/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: bg\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/bn_IN.gmo b/po/bn_IN.gmo new file mode 100644 index 0000000..beb264e Binary files /dev/null and b/po/bn_IN.gmo differ diff --git a/po/bn_IN.po b/po/bn_IN.po new file mode 100644 index 0000000..a399159 --- /dev/null +++ b/po/bn_IN.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Bengali (India) (http://www.transifex.com/freedesktop/p11-kit/language/bn_IN/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: bn_IN\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/boldquot.sed b/po/boldquot.sed new file mode 100644 index 0000000..4b937aa --- /dev/null +++ b/po/boldquot.sed @@ -0,0 +1,10 @@ +s/"\([^"]*\)"/“\1”/g +s/`\([^`']*\)'/‘\1’/g +s/ '\([^`']*\)' / ‘\1’ /g +s/ '\([^`']*\)'$/ ‘\1’/g +s/^'\([^`']*\)' /‘\1’ /g +s/“”/""/g +s/“/“/g +s/”/”/g +s/‘/‘/g +s/’/’/g diff --git a/po/ca.gmo b/po/ca.gmo new file mode 100644 index 0000000..3cbade5 Binary files /dev/null and b/po/ca.gmo differ diff --git a/po/ca.po b/po/ca.po new file mode 100644 index 0000000..806f3a2 --- /dev/null +++ b/po/ca.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Robert Antoni Buj Gelonch , 2015 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 19:43+0000\n" +"Last-Translator: Robert Antoni Buj Gelonch \n" +"Language-Team: Catalan (http://www.transifex.com/freedesktop/p11-kit/language/ca/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ca\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "L'operació es va cancel·lar" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Memòria disponible insuficient" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "L'id. de la ranura que s'ha especificat no és vàlid" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Error intern" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "L'operació ha fallat" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Arguments no vàlids" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "El mòdul no pot crear els fils d'execució necessaris" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "El mòdul no pot bloquejar correctament les dades" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "El camp és de només lectura" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "El camp és sensible i no pot ser revelat" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "El camp no és vàlid o no existeix" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valor no vàlid per al camp" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Les dades no són vàlides o no es reconeixen" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Les dades són massa grans" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "S'ha produït un error al dispositiu" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Memòria disponible insuficient al dispositiu" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "El dispositiu es va eliminar o es va desendollar" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Les dades xifrades no són vàlides o no es reconeixen" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Les dades encriptades són massa grans" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Aquesta operació no està admesa" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Falta la clau o no és vàlida" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "La clau té una mida incorrecta" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "La clau és d'un tipus incorrecte" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "No es necessita cap clau" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "La clau és diferent de l'anterior" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Es necessita una clau" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "No es pot incloure la clau al compendi" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Aquesta operació no es pot fer amb aquesta clau" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "La clau no es pot embolcallar" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "No es pot exportar aquesta clau" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "El mecanisme de xifrat no és vàlid o no es reconeix" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "El mecanisme de xifrat té un argument no vàlid" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Falta l'objecte o no és vàlid" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Una altra operació ja està en funcionament" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "No hi ha cap operació en funcionament" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "La contrasenya o el PIN no són correctes" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "La contrasenya o el PIN no són vàlids" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "La contrasenya o el PIN té una longitud no vàlida" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "La contrasenya o el PIN ha expirat" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "La contrasenya o el PIN està bloquejat" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "La sessió està tancada" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Hi ha massa sessions actives" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La sessió no és vàlida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "La sessió és de només lectura" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Ja existeix una sessió oberta" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Ja existeix una sessió de només lectura" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Ja existeix una sessió de l'administrador" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "La signatura és dolenta o està malmesa" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "No es reconeix la signatura o està malmesa" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Falten alguns camps necessaris" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Alguns camps tenen valors no vàlids" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "El dispositiu no està present o està desendollat" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "El dispositiu no és vàlid o és irreconeixible" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "El dispositiu està protegit contra escriptura" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "No es pot importar perquè la clau no és vàlida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "No es pot importar perquè la clau és d'una mida incorrecta" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "No es pot importar perquè la clau és d'un tipus incorrecte" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Ja heu iniciat la sessió" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Cap dels usuaris ha iniciat la sessió" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "No està establerta la contrasenya o el PIN de l'usuari" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "L'usuari és d'un tipus no vàlid" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Ja hi ha un altre usuari que ha iniciat la sessió" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Hi ha massa tipus d'usuaris diferents amb sessió iniciada" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "No es pot importar una clau no vàlida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "No es pot importar una clau d'una mida incorrecta" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "No es pot exportar perquè la clau no és vàlida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "No es pot exportar perquè la clau és d'una mida incorrecta" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "No es pot exportar perquè la clau és d'un tipus incorrecte" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "No es pot inicialitzar el generador de nombres aleatoris" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "No hi ha disponible cap generador de nombres aleatoris" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "El mecanisme d'encriptació té un paràmetre no vàlid" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "No hi ha prou espai per emmagatzemar el resultat" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "L'estat desat no és vàlid" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "La informació és sensible i no pot ser revelada" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "No s'ha pogut desar l'estat" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "El mòdul no ha estat inicialitzat" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "El mòdul ja ha estat inicialitzat" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "No es poden bloquejar les dades" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Les dades no es poden bloquejar" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "La petició va ser rebutjada per l'usuari" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Error desconegut" diff --git a/po/ca@valencia.gmo b/po/ca@valencia.gmo new file mode 100644 index 0000000..8310ad1 Binary files /dev/null and b/po/ca@valencia.gmo differ diff --git a/po/ca@valencia.po b/po/ca@valencia.po new file mode 100644 index 0000000..d429cc4 --- /dev/null +++ b/po/ca@valencia.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Catalan (Valencian) (http://www.transifex.com/freedesktop/p11-kit/language/ca@valencia/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ca@valencia\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/cs.gmo b/po/cs.gmo new file mode 100644 index 0000000..8a115b2 Binary files /dev/null and b/po/cs.gmo differ diff --git a/po/cs.po b/po/cs.po new file mode 100644 index 0000000..bdf5f66 --- /dev/null +++ b/po/cs.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Jozef Mlích , 2015 +# Marek Černocký , 2016 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 13:59+0000\n" +"Last-Translator: Marek Černocký \n" +"Language-Team: Czech (http://www.transifex.com/freedesktop/p11-kit/language/cs/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: cs\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Operace byla zrušena" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Není k dispozici dostatek paměti" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Zadané ID slotu není platné" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Vnitřní chyba" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Operace selhala" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Neplatné argumenty" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modul nemůže vytvořit požadovaná vlákna" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modul nemůže správně zamknout data" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Pole je pouze pro čtení" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Pole je citlivé a nemůže být odkryto" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Pole je neplatné nebo neexistuje" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Neplatná hodnota pro pole" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Data nejsou platná nebo rozpoznaná" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Data jsou příliš velká" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Nastala chyba na zařízení" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Na zařízení není k dispozici dostatek paměti" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Zařízení bylo odebráno nebo odpojeno" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Šifrovaná data nejsou platná nebo rozpoznaná" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Šifrované data jsou příliš dlouhá" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Operace není podporovaná" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Klíč chybí nebo je neplatný" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Klíč má nesprávnou velikost" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Klíč má nesprávný typ" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Není potřeba žádný klíč" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Klíč je jiný než byl před tím" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Je zapotřebí klíč" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Klíč nelze zahrnout do otisku" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "S tímto klíčem nelze operaci dokončit" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Klíč nelze obalit" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Tento klíč nelze exportovat" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Šifrovací mechanizmus je neplatný nebo nerozpoznaný" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Šifrovací mechanizmus má neplatný argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objekt chybí nebo je neplatný" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Již probíhá jiná operace" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Neprobíhá žádná operace" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Heslo nebo PIN nejsou správné" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Heslo nebo PIN nejsou plané" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Heslo nebo PIN mají neplatnou délku" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Heslo nebo PIN vypršeli" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Heslo nebo PIN jsou uzamčeny" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sezení je uzavřené" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Je aktivních příliš mnoho sezení" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sezení je neplatné" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sezení je pouze ke čtení" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Existuje otevřené sezení" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Existuje sezení pouze ke čtení" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Existuje sezení správce" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Podpis je chybný nebo poškozený" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Podpis nelze rozpoznat nebo je poškozený" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Některá požadovaná pole chybí" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Některá pole mají neplatné hodnoty" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Zařízení není přítomno nebo je odpojené" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Zařízení je neplatné nebo jej není možné rozpoznat" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Zařízení je chráněné proti zápisu" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Není možné importovat z důvodu neplatného klíče" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Není možné importovat z důvodu nesprávné velikosti klíče" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Není možné importovat z důvodu nesprávného typu klíče" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Už jste přihlášen" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Není přihlášený žádný uživatel" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Uživatelovo heslo nebo PIN nejsou nastaveny" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Neplatný typ uživatele" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Už je přihlášen jiný uživatel" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Je přihlášeno příliš mnoho různých typů uživatelů" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Neplatný klíč nelze importovat" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Nelze importovat klíč o nesprávné velikosti" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Nelze exportovat, protože klíč je neplatný" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Nelze exportovat, protože klíč má nesprávnou velikost" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Nelze exportovat, protože klíč má nesprávný typ" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Nelze inicializovat generátor náhodných čísel" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Není k dispozici žádný generátor náhodných čísel" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Šifrovací mechanizmus má neplatný parametr" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Nedostatek místa pro uložení výsledku" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Uložený stav je neplatný" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informace je citlivá a nemůže být odkryta" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Stav nemohl být uložen" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modul nemohl být inicializován" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modul již byl inicializován" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Data nelze zamknout" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Data nemůžou být zamknutá" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Požadavek byl zamítnut uživatelem" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Neznámá chyba" diff --git a/po/cy.gmo b/po/cy.gmo new file mode 100644 index 0000000..af610ca Binary files /dev/null and b/po/cy.gmo differ diff --git a/po/cy.po b/po/cy.po new file mode 100644 index 0000000..f5e2b58 --- /dev/null +++ b/po/cy.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Welsh (http://www.transifex.com/freedesktop/p11-kit/language/cy/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: cy\n" +"Plural-Forms: nplurals=4; plural=(n==1) ? 0 : (n==2) ? 1 : (n != 8 && n != 11) ? 2 : 3;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/da.gmo b/po/da.gmo new file mode 100644 index 0000000..c2b9b9f Binary files /dev/null and b/po/da.gmo differ diff --git a/po/da.po b/po/da.po new file mode 100644 index 0000000..3dc956f --- /dev/null +++ b/po/da.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Joe Hansen , 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 19:43+0000\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish (http://www.transifex.com/freedesktop/p11-kit/language/da/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: da\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Handlingen blev afbrudt" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Der er ikke nok hukommelse" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Det angivne slot-id er ikke gyldigt" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Intern fejl" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Handlingen mislykkedes" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Ugyldige parametre" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modulet kan ikke oprette krævede tråde" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modulet kan ikke låse data korrekt" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Feltet er skrivebeskyttet" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Feltet er sensitivt kan ikke afsløres" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Feltet er ugyldigt eller findes ikke" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Ugyldigt værdi for felt" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Dataene er ikke gyldige eller blev ikke genkendt" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Dataene er for lange" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Der opstod en fejl på enheden" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Utilstrækkelig tilgængelig hukommelse på enheden" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Enheden blev fjernet eller frakoblet" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "De krypterede data er ikke gyldige eller blev ikke genkendt" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "De krypterede data er for lange" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Denne handling er ikke understøttet" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Nøglen mangler eller er ugyldig" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Nøglen har forkert størrelse" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Nøglen har forkert type" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Ingen nøgle er krævet" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Nøglen er anderledes end tidligere" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "En nøgle er krævet" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Kan ikke inkludere nøglen i sammendraget" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Denne handling kan ikke udføres med denne nøgle" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Nøglen kan ikke omsluttes" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Kan ikke eksportere denne nøgle" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Kryptomekanismen er ugyldig eller blev ikke genkendt" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Kryptomekanismen har en ugyldig parameter" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objektet mangler eller er ugyldigt" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "En anden handling foregår allerede" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Der udføres ingen handling" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Adgangskoden eller PIN er ikke korrekt" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Adgangskoden eller PIN er ugyldig" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Adgangskoden eller PIN har forkert længde" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Adgangskoden eller PIN er udløbet" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Adgangskoden eller PIN er låst" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sessionen er låst" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "For mange sessioner er aktive" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sessionen er ugyldig" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sessionen er skrivebeskyttet" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Der findes en åben session" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Der findes en skrivebeskyttet session" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Der findes en administratorsession" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Underskriften er ugyldig eller ødelagt" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Underskriften kunne ikke genkendes eller er ødelagt" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Bestemte krævede felter mangler" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Bestemte felter har ugyldige værdier" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Enheden er ikke til stede eller frakoblet" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Enheden er ugyldig eller kan ikke genkendes" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Enheden er skrivebeskyttet" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Kan ikke importere da nøglen er ugyldig" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Kan ikke importere da nøglen har forkert størrelse" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Kan ikke importere da nøglen har forkert type" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Du er allerede logget ind" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Ingen bruger har logget ind" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Brugerens adgangskode eller PIN er ikke angivet" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Brugeren er af ugyldig type" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "En anden bruger er allerede logget ind" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "For mange brugere af forskellige typer er logget ind" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Kan ikke importere en ugyldig nøgle" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Kan ikke importere en nøgle med forkert størrelse" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Kan ikke eksportere da nøglen er ugyldig" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Kan ikke eksportere da nøglen har forkert størrelse" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Kan ikke eksportere da nøglen har forkert type" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Kan ikke initialisere oprettelsesprogrammet for vilkårlige tal" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Intet oprettelsesprogram for vilkårlige tal er tilgængeligt" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Kryptomekanismen har en ugyldig parameter" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Ikke nok plads til at lagre resultatet" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Den lagrede tilstand er ugyldig" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informationen er sensitiv og kan ikke afsløres" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Tilstanden kan ikke gemmes" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modulet er ikke blevet initialiseret" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modulet er allerede blevet initialiseret" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Kan ikke låse data" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Dataene kan ikke låses" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Forespørgslen blev afvist af brugeren" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Ukendt fejl" diff --git a/po/de.gmo b/po/de.gmo new file mode 100644 index 0000000..023c4b0 Binary files /dev/null and b/po/de.gmo differ diff --git a/po/de.po b/po/de.po new file mode 100644 index 0000000..fd8f1c2 --- /dev/null +++ b/po/de.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Ettore Atalan , 2014 +# Mario Blättermann , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:15+0000\n" +"Last-Translator: Ettore Atalan \n" +"Language-Team: German (http://www.transifex.com/freedesktop/p11-kit/language/de/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: de\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Die Aktion wurde abgebrochen." + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Nicht genügend Speicher verfügbar" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Die angegebene Slot-Kennziffer ist ungültig." + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Interner Fehler" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Die Aktion ist fehlgeschlagen." + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Ungültige Argumente" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Das Modul kann nicht die benötigten Threads erzeugen." + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Das Modul kann die Daten nicht ordnungsgemäß sperren." + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Das Feld hat nur Lesezugriff." + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Das Feld ist sensibel und kann nicht offengelegt werden." + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Das Feld ist ungültig oder es existiert nicht." + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Ungültiger Wert für Feld" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Die Daten sind ungültig oder konnten nicht erkannt werden." + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Die Daten sind zu lang." + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Auf dem Gerät trat ein Fehler auf." + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Auf dem Gerät ist nicht genügend Speicher verfügbar." + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Das Gerät wurde entfernt oder abgezogen." + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Die verschlüsselten Daten sind nicht gültig oder konnten nicht erkannt werden." + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Die verschlüsselten Daten sind zu lang." + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Diese Aktion wird nicht unterstützt." + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Der Schlüssel fehlt oder ist ungültig." + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Der Schlüssel hat die falsche Größe." + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Der Schlüssel ist vom falschen Typ." + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Es wird kein Schlüssel benötigt." + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Der Schlüssel ist anders als vorher." + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Es wird ein Schlüssel benötigt." + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Der Schlüssel kann nicht in den Digest integriert werden." + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Diese Aktion kann nicht mit diesem Schlüssel durchgeführt werden." + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Der Schlüssel kann nicht eingepackt werden." + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Dieser Schlüssel kann nicht exportiert werden." + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Der kryptografische Mechanismus ist ungültig oder konnte nicht erkannt werden." + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Der kryptografische Mechanismus hat ein ungültiges Argument." + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Das Objekt fehlt oder ist ungültig." + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Es findet bereits eine andere Aktion statt." + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Es findet keine Aktion statt." + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Das Passwort oder die PIN ist nicht korrekt." + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Das Passwort oder die PIN ist ungültig." + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Das Passwort oder die PIN hat eine ungültige Länge." + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Das Passwort oder die PIN ist abgelaufen." + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Das Passwort oder die PIN ist gesperrt." + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Die Sitzung ist beendet." + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Es sind zu viele Sitzungen aktiv." + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Die Sitzung ist ungültig." + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Die Sitzung hat nur Lesezugriff." + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Es existiert eine offene Sitzung." + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Es existiert eine Sitzung mit reinem Lesezugriff." + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Es existiert eine Administratorsitzung." + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Die Signatur ist falsch oder beschädigt." + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Die Signatur wurde nicht erkannt oder ist beschädigt." + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Einige benötigte Felder fehlen." + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Einige Felder haben ungültige Werte." + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Das Gerät ist nicht vorhanden oder abgezogen." + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Das Gerät ist ungültig oder unbekannt." + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Das Gerät ist schreibgeschützt." + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Kann nicht importiert werden, da der Schlüssel ungültig ist" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Kann nicht importiert werden, da der Schlüssel die falsche Größe hat" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Kann nicht importiert werden, da der Schlüssel vom falschen Typ ist" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Sie sind bereits angemeldet." + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Kein Benutzer hat sich angemeldet." + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Passwort oder PIN des Benutzers ist nicht gesetzt" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Der Benutzer ist vom falschen Typ." + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Ein anderer Benutzer ist bereits angemeldet." + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Zu viele Benutzer unterschiedlicher Typen sind angemeldet." + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Ein ungültiger Schlüssel kann nicht importiert werden." + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Ein Schlüssel mit falscher Größe kann nicht importiert werden." + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Kann nicht exportiert werden, da der Schlüssel ungültig ist" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Kann nicht exportiert werden, da der Schlüssel die falsche Größe hat" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Kann nicht exportiert werden, da der Schlüssel vom falschen Typ ist" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Der Zufallszahlengenerator kann nicht initialisiert werden." + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Kein Zufallszahlengenerator verfügbar" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Der kryptografische Mechanismus hat einen ungültigen Parameter." + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Nicht genug Platz, um das Ergebnis zu speichern" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Der gespeicherte Status ist ungültig." + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Die Information ist sensibel und kann nicht offengelegt werden." + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Der Status kann nicht gespeichert werden." + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Das Modul wurde nicht initialisiert." + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Das Modul wurde bereits initialisiert." + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Daten können nicht gesperrt werden" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Die Daten können nicht gesperrt werden." + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Der Anfrage wurde vom Benutzer abgelehnt" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Unbekannter Fehler" diff --git a/po/el.gmo b/po/el.gmo new file mode 100644 index 0000000..6444d0a Binary files /dev/null and b/po/el.gmo differ diff --git a/po/el.po b/po/el.po new file mode 100644 index 0000000..687b0d1 --- /dev/null +++ b/po/el.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Maria Mavridou , 2014 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 13:46+0000\n" +"Last-Translator: thanos \n" +"Language-Team: Greek (http://www.transifex.com/freedesktop/p11-kit/language/el/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Η λειτουργία ακυρώθηκε" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Ανεπαρκής διαθέσιμη μνήμη" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "H καθορισμένη ταυτότητα υποδοχής δεν είναι έγκυρη" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Εσωτερικό σφάλμα" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Η λειτουργία απέτυχε" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Άκυρα ορίσματα" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Η μονάδα δεν μπορεί να δημιουργήσει τα αναγκαία νήματα εκτέλεσης" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Η μονάδα δεν μπορεί να κλειδώσει τα δεδομένα σωστά " + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Το πεδίο είναι μόνο για ανάγνωση" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Το πεδίο είναι ευαίσθητο και δεν μπορεί να αποκαλυφθεί" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Το πεδίο δεν είναι έγκυρο ή δεν υπάρχει" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Μη έγκυρη τιμή για το πεδίο" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Τα δεδομένα δεν είναι έγκυρα ή δεν αναγνωρίζονται" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Τα δεδομένα είναι πολύ μεγάλα" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Παρουσιάστηκε σφάλμα στη συσκευή" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Ανεπαρκής διαθέσιμη μνήμη στη συσκευή" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Η συσκευή απομακρύνθηκε ή αποσυνδέθηκε" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Τα κρυπτογραφημένα δεδομένα δεν είναι έγκυρα ή δεν αναγνωρίζονται" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Τα κρυπτογραφημένα δεδομένα είναι πολύ μεγάλα" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Δεν υποστηρίζεται αυτή η λειτουργία" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Το κλειδί λείπει ή δεν είναι έγκυρο" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Το κλειδί έχει λάθος μέγεθος" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Το κλειδί είναι λάθος τύπου" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Δεν απαιτείται κλειδί" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Το κλειδί είναι διαφορετικό από πριν" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Απαιτείται ένα κλειδί" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Το κλειδί δεν μπορεί να συμπεριληφθεί στη σύνοψη" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Αυτή η λειτουργία δεν μπορεί να γίνει με αυτό το κλειδί" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Το κλειδί δεν μπορεί να αναδιπλωθεί" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Το κλειδί δεν μπορεί να εξαχθεί" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Ο κρυπτογραφικός μηχανισμός δεν είναι έγκυρος ή δεν αναγνωρίζεται" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Ο κρυπτογραφικός μηχανισμός έχει ένα μη έγκυρο όρισμα" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Το αντικείμενο λείπει ή δεν είναι έγκυρο" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Μια άλλη λειτουργία ήδη πραγματοποιείται" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Καμιά λειτουργία δεν πραγματοποιείται" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Ο κωδικός πρόσβασης ή το PIN είναι λανθασμένο" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Ο κωδικός πρόσβασης ή το PIN δεν είναι έγκυρο" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Ο κωδικός πρόσβασης ή το PIN έχει μη έγκυρο μήκος" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Ο κωδικός πρόσβασης ή το PIN έχει λήξει" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Ο κωδικός πρόσβασης ή το PIN έχει κλειδωθεί" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Η συνεδρία είναι κλειστή" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Πάρα πολλές συνεδρίες είναι ενεργές" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Η συνεδρία δεν είναι έγκυρη" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Η συνεδρία είναι μόνο για ανάγνωση" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Υπάρχει μια ανοιχτή συνεδρία" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Υπάρχει μια συνεδρία μόνο για ανάγνωση" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Υπάρχει μια συνεδρία διαχειριστή" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Η υπογραφή είναι κακή ή κατεστραμμένη" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Η υπογραφή δεν αναγνωρίζεται ή είναι κατεστραμμένη" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Ορισμένα από τα απαιτούμενα πεδία λείπουν" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Ορισμένα πεδία έχουν μη έγκυρες τιμές" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Η συσκευή δεν υπάρχει ή έχει αποσυνδεθεί" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Η συσκευή δεν είναι έγκυρη ή δεν αναγνωρίζεται" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Η συσκευή έχει προστασία εγγραφής" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί δεν είναι έγκυρο" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί είναι το λάθος μεγέθους" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί είναι λάθος τύπου" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Είστε ήδη συνδεδεμένος" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Κανένας χρήστης δεν έχει συνδεθεί" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Ο κωδικός πρόσβασης ή το PIN του χρήστη δεν έχουν οριστεί" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Ο χρήστης είναι μη έγκυρου τύπου" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Ένας άλλος χρήστης είναι ήδη συνδεδεμένος" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Πάρα πολλοί χρήστες διαφόρων τύπων είναι συνδεδεμένοι" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Δεν είναι δυνατή η εισαγωγή ενός μη έγκυρου κλειδιού" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Δεν είναι δυνατή η εισαγωγή ενός κλειδού λάθους μεγέθους" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί δεν είναι έγκυρο" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί είναι λάθους μεγέθους" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί είναι λάθος τύπου" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Αδύνατη η αρχικοποίηση της γεννήτριας τυχαίων αριθμών" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Δεν υπάρχει γεννήτρια τυχαίων αριθμών" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Ο κρυπτογραφικός μηχανισμός δεν έχει έγκυρη παράμετρο" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Δεν υπάρχει αρκετός χώρος για να αποθηκεύσετε το αποτέλεσμα" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Η αποθηκευμένη αναφορά δεν είναι έγκυρη" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Η πληροφορία είναι ευαίσθητη και δεν μπορεί να αποκαλυφθεί" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Η αναφορά δεν μπορεί να σωθεί" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Η μονάδα δεν έχει προετοιμαστεί" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Η μονάδα έχει ήδη προετοιμαστεί" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Δεν μπορείτε να κλειδώσετε τα δεδομένα" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Τα δεδομένα δεν μπορούν να κλειδωθούν" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Η αίτηση απορρίφθηκε από το χρήστη" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Άγνωστο σφάλμα" diff --git a/po/en@boldquot.header b/po/en@boldquot.header new file mode 100644 index 0000000..506ca9e --- /dev/null +++ b/po/en@boldquot.header @@ -0,0 +1,25 @@ +# All this catalog "translates" are quotation characters. +# The msgids must be ASCII and therefore cannot contain real quotation +# characters, only substitutes like grave accent (0x60), apostrophe (0x27) +# and double quote (0x22). These substitutes look strange; see +# https://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html +# +# This catalog translates grave accent (0x60) and apostrophe (0x27) to +# left single quotation mark (U+2018) and right single quotation mark (U+2019). +# It also translates pairs of apostrophe (0x27) to +# left single quotation mark (U+2018) and right single quotation mark (U+2019) +# and pairs of quotation mark (0x22) to +# left double quotation mark (U+201C) and right double quotation mark (U+201D). +# +# When output to an UTF-8 terminal, the quotation characters appear perfectly. +# When output to an ISO-8859-1 terminal, the single quotation marks are +# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to +# grave/acute accent (by libiconv), and the double quotation marks are +# transliterated to 0x22. +# When output to an ASCII terminal, the single quotation marks are +# transliterated to apostrophes, and the double quotation marks are +# transliterated to 0x22. +# +# This catalog furthermore displays the text between the quotation marks in +# bold face, assuming the VT100/XTerm escape sequences. +# diff --git a/po/en@quot.header b/po/en@quot.header new file mode 100644 index 0000000..6522f0c --- /dev/null +++ b/po/en@quot.header @@ -0,0 +1,22 @@ +# All this catalog "translates" are quotation characters. +# The msgids must be ASCII and therefore cannot contain real quotation +# characters, only substitutes like grave accent (0x60), apostrophe (0x27) +# and double quote (0x22). These substitutes look strange; see +# https://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html +# +# This catalog translates grave accent (0x60) and apostrophe (0x27) to +# left single quotation mark (U+2018) and right single quotation mark (U+2019). +# It also translates pairs of apostrophe (0x27) to +# left single quotation mark (U+2018) and right single quotation mark (U+2019) +# and pairs of quotation mark (0x22) to +# left double quotation mark (U+201C) and right double quotation mark (U+201D). +# +# When output to an UTF-8 terminal, the quotation characters appear perfectly. +# When output to an ISO-8859-1 terminal, the single quotation marks are +# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to +# grave/acute accent (by libiconv), and the double quotation marks are +# transliterated to 0x22. +# When output to an ASCII terminal, the single quotation marks are +# transliterated to apostrophes, and the double quotation marks are +# transliterated to 0x22. +# diff --git a/po/en_GB.gmo b/po/en_GB.gmo new file mode 100644 index 0000000..da832c7 Binary files /dev/null and b/po/en_GB.gmo differ diff --git a/po/en_GB.po b/po/en_GB.po new file mode 100644 index 0000000..9ea2c80 --- /dev/null +++ b/po/en_GB.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Andi Chandler , 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:45+0000\n" +"Last-Translator: Andi Chandler \n" +"Language-Team: English (United Kingdom) (http://www.transifex.com/freedesktop/p11-kit/language/en_GB/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: en_GB\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "The operation was cancelled" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Insufficient memory available" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "The specified slot ID is not valid" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Internal error" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "The operation failed" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Invalid arguments" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "The module cannot create needed threads" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "The module cannot lock data properly" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "The field is read-only" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "The field is sensitive and cannot be revealed" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "The field is invalid or does not exist" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Invalid value for field" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "The data is not valid or unrecognised" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "The data is too long" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "An error occurred on the device" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Insufficient memory available on the device" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "The device was removed or unplugged" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "The encrypted data is not valid or unrecognised" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "The encrypted data is too long" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "This operation is not supported" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "The key is missing or invalid" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "The key is the wrong size" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "The key is of the wrong type" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "No key is needed" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "The key is different than before" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "A key is needed" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Cannot include the key in the digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "This operation cannot be done with this key" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "The key cannot be wrapped" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Cannot export this key" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "The crypto mechanism is invalid or unrecognised" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "The crypto mechanism has an invalid argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "The object is missing or invalid" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Another operation is already taking place" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "No operation is taking place" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "The password or PIN is incorrect" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "The password or PIN is invalid" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "The password or PIN is of an invalid length" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "The password or PIN has expired" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "The password or PIN is locked" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "The session is closed" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Too many sessions are active" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "The session is invalid" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "The session is read-only" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "An open session exists" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "A read-only session exists" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "An administrator session exists" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "The signature is bad or corrupted" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "The signature is unrecognised or corrupted" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Certain required fields are missing" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Certain fields have invalid values" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "The device is not present or unplugged" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "The device is invalid or unrecognisable" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "The device is write protected" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Cannot import because the key is invalid" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Cannot import because the key is of the wrong size" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Cannot import because the key is of the wrong type" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "You are already logged in" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "No user has logged in" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "The user's password or PIN is not set" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "The user is of an invalid type" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Another user is already logged in" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Too many users of different types are logged in" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Cannot import an invalid key" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Cannot import a key of the wrong size" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Cannot export because the key is invalid" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Cannot export because the key is of the wrong size" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Cannot export because the key is of the wrong type" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Unable to initialise the random number generator" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "No random number generator available" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "The crypto mechanism has an invalid parameter" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Not enough space to store the result" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "The saved state is invalid" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "The information is sensitive and cannot be revealed" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "The state cannot be saved" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "The module has not been initialised" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "The module has already been initialised" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Cannot lock data" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "The data cannot be locked" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "The request was rejected by the user" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Unknown error" diff --git a/po/eo.gmo b/po/eo.gmo new file mode 100644 index 0000000..d64a35d Binary files /dev/null and b/po/eo.gmo differ diff --git a/po/eo.po b/po/eo.po new file mode 100644 index 0000000..1060384 --- /dev/null +++ b/po/eo.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# kristjan , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:07+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Esperanto (http://www.transifex.com/freedesktop/p11-kit/language/eo/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: eo\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "La operacio estas nuligita" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Ne sufiĉe da memoro estas disponebla" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Interna eraro" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "La operacio malsukcesis" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Nevalidaj argumentoj" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "La kampo estas nevalida aŭ ne ekzistas" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Nevalida valoro por kampo" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "La datumo estas tro longa" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Eraro okazis je aparato" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Ŝlosilo estas bezonata" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La seanco estas nevalida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Neniu uzanto estas ensalutita" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Alia uzanto jam estas ensalutita" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Nekonata eraro" diff --git a/po/es.gmo b/po/es.gmo new file mode 100644 index 0000000..fc458a4 Binary files /dev/null and b/po/es.gmo differ diff --git a/po/es.po b/po/es.po new file mode 100644 index 0000000..b762b29 --- /dev/null +++ b/po/es.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Adolfo Jayme-Barrientos, 2012 +# Daniel Mustieles , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:13+0000\n" +"Last-Translator: Daniel Mustieles \n" +"Language-Team: Spanish (http://www.transifex.com/freedesktop/p11-kit/language/es/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: es\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Se canceló la operación" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "No hay suficiente memoria disponible" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "El ID de la ranura especificada no es válido" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Error interno" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Falló la operación" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argumentos no válidos" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "El módulo no puede crear los hilos necesarios" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "El módulo no puede bloquear los datos correctamente" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "El campo es de solo lectura" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "El campo es sensible y no se puede revelar" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "El campo no es válido o no existe" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valor no válido para el campo" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Los datos no son válidos o no se reconocen" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Los datos son demasiado largos" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Ha ocurrido un error en el dispositivo" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "No hay memoria suficiente disponible en el dispositivo" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Se quitó o desconectó el dispositivo" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Los datos cifrados no son válidos o no se reconocen" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Los datos cifrados son demasiado largos" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Esta operación no está soportada" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Falta la clave o no es válida" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "El tamaño de la clave es incorrecto" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "El tipo de la clave es incorrecto" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "No se necesita ninguna clave" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "La clave no es igual que antes" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Se necesita una clave" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "No se puede incluir la clave en el resumen" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "No se puede hacer esta operación con esta clave" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "No se puede encapsular la clave" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "No se puede exportar esta clave" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "El mecanismo de cifrado no es válido o no se ha reconocido" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "El mecanismo de cifrado tiene un argumento no válido" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Falta el objeto o no es válido" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Ya hay otra operación en curso" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "No hay ninguna operación en curso" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "La contraseña o el PIN son incorrectos" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "La contraseña o el PIN no son válidos" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "La contraseña o PIN tiene una longitud no válida" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "La contraseña o el PIN han expirado" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "La contraseña o el PIN están bloqueados" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "La sesión está cerrada" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Hay demasiadas sesiones activas" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La sesión no es válida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "La sesión es de solo lectura" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Existe una sesión abierta" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Existe una sesión de solo lectura" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Existe una sesión de administrador" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "La firma tiene errores o está dañada" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "La firma no se reconoce o está dañada" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Faltan ciertos campos requeridos" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Ciertos campos tienen valores no válidos" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "El dispositivo no está presente o está desconectado" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "El dispositivo no es válido o es irreconocible" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "El dispositivo está protegido contra escritura" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "No se puede importar porque la clave no es válida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "No se puede importar porque la clave tiene un tamaño incorrecto" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "No se puede importar porque la clave es de un tipo incorrecto" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Ya ha iniciado sesión" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Ningún usuario ha iniciado sesión" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "La contraseña o el PIN del usuario no se han establecido" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "El usuario es de un tipo no válido" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Ya ha iniciado sesión otro usuario" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Han iniciado sesión demasiados usuarios de varios tipos" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "No se puede importar una clave no válida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "No se puede importar una clave del tamaño incorrecto" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "No se puede exportar poque la clave no es válida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "No se puede exportar porque la clave tiene un tamaño incorrecto" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "No se puede exportar porque la clave es del tipo incorrecto" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "No se puede inicializar el generador de números aleatorios" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "No hay ningún generador de números aleatorios disponible" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "El mecanismo de cifrado tiene un parámetro no válido" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "No hay espacio suficiente para guardar el resultado" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "El estado guardado no es válido" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "La información es sensible y no se puede revelar" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "No se puede guardar el estado" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "No se ha inicializado el módulo" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Ya se ha inicializado el módulo" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "No se pueden bloquear los datos" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "No se pueden bloquear los datos" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "El usuario rechazó la solicitud" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Error desconocido" diff --git a/po/et.gmo b/po/et.gmo new file mode 100644 index 0000000..f2e1c87 Binary files /dev/null and b/po/et.gmo differ diff --git a/po/et.po b/po/et.po new file mode 100644 index 0000000..5af8feb --- /dev/null +++ b/po/et.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Estonian (http://www.transifex.com/freedesktop/p11-kit/language/et/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: et\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/eu.gmo b/po/eu.gmo new file mode 100644 index 0000000..e6af445 Binary files /dev/null and b/po/eu.gmo differ diff --git a/po/eu.po b/po/eu.po new file mode 100644 index 0000000..5e1c583 --- /dev/null +++ b/po/eu.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Basque (http://www.transifex.com/freedesktop/p11-kit/language/eu/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: eu\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/fa.gmo b/po/fa.gmo new file mode 100644 index 0000000..3bf65f7 Binary files /dev/null and b/po/fa.gmo differ diff --git a/po/fa.po b/po/fa.po new file mode 100644 index 0000000..7b0069e --- /dev/null +++ b/po/fa.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Persian (http://www.transifex.com/freedesktop/p11-kit/language/fa/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fa\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/fi.gmo b/po/fi.gmo new file mode 100644 index 0000000..046cce5 Binary files /dev/null and b/po/fi.gmo differ diff --git a/po/fi.po b/po/fi.po new file mode 100644 index 0000000..65ea6d6 --- /dev/null +++ b/po/fi.po @@ -0,0 +1,345 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Eerik Uusi-Illikainen https://launchpad.net/~ekiuusi-4, 2012 +# Jiri Grönroos , 2012-2013 +# Timo Jyrinki , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:56+0000\n" +"Last-Translator: Jiri Grönroos \n" +"Language-Team: Finnish (http://www.transifex.com/freedesktop/p11-kit/language/fi/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fi\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Toiminto keskeytettiin" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Muisti ei riitä" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Annettu lohkotunniste ei ole kelvollinen" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Sisäinen virhe" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Toiminto epäonnistui" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Virheellisiä argumentteja" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Moduuli ei voi luoda vaadittavia säikeitä" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Moduuli ei voi lukita tietoa kunnolla" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Kenttä on vain luettavissa" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Kenttä on arkaluonteinen eikä sitä voida paljastaa" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Kenttä on virheellinen tai sitä ei ole olemassa" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Kentän arvo on virheellinen" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Tieto ei ole kelvollista tai sitä ei voida tunnistaa" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Tieto on liian pitkä" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Tapahtui virhe laitteella" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Laitteen muistimäärä liian vähäinen" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Laite poistettiin tai irrotettiin" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Salattu tieto ei ole kelvollista tai sitä ei voida tunnistaa" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Salattu tieto on liian pitkä" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Tämä toiminto ei ole tuettu" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Avain puuttuu tai on virheellinen" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Avain on väärän kokoinen" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Avain on väärää tyyppiä" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Avainta ei vaadita" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Avain on eri kuin aikaisempi" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Avain vaaditaan" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Avainta ei voi sisällyttää tiivisteeseen" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Tätä toimintoa ei voi tehdä tällä avaimella" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Avainta ei voi rivittää" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Tätä avainta ei voi viedä" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Salausmekanismi on virheellinen tai sitä ei voida tunnistaa" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Salausmekanismissa on virheellinen argumentti" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Kohde puuttuu tai on virheellinen" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Toinen toiminto on jo käynnissä" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Yhtään toimintoa ei ole käynnissä" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Salasana tai PIN-koodi on väärä" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Salasana tai PIN-koodi on virheellinen" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Salasanan tai PIN-koodin pituus on virheellinen" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Salasana tai PIN-koodi on vanhentunut" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Salasana tai PIN-koodin on lukittu" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Istunto on suljettu" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Liian monta aktiivista istuntoa" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Istunto on virheellinen" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Istunto on vain luettavissa" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Avoin istunto on olemassa" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Lukutilassa oleva istunto on olemassa" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Ylläpitäjän istunto on olemassa" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Allekirjoitus on virheellinen tai vioittunut" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Allekirjoitusta ei voida tunnistaa tai se on vioittunut" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Jotkut vaadituista kentistä puuttuvat" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Jotkin kentät sisältävät virheellisia arvoja" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Laite ei ole saatavilla tai se on irrotettu" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Laite on virheellinen tai sitä ei voida tunnistaa" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Laite on kirjoitussuojattu" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Tuonti epäonnistui koska avain on virheellinen" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Tuonti epäonnistui koska avain on väärän kokoinen" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Tuonti epäonnistui koska avain on väärää tyyppiä" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Olet jo kirjautuneena sisään" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Käyttäjiä ei ole kirjautuneena sisään" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Käyttäjän salasanaa tai PIN-koodia ei ole asetettu" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Käyttäjä on väärän tyyppinen" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Toinen käyttäjä on jo kirjautunut sisään" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Liian monta eri tyyppistä käyttäjää on kirjautuneena sisään" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Virheellistä avainta ei voida tuoda" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Väärän kokoista avainta ei voida tuoda" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Vienti ei onnistu koska avain on virheellinen" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Vienti ei onnistu koska avain on väärän kokoinen" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Vienti ei onnistu koska avain on väärän tyyppinen" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Satunnaislukugeneraattoria ei voida alustaa" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Satunnaislukugeneraattoria ei ole saatavilla" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Salausmekanismin parametri on virheellinen" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Liian vähän tilaa tulosten tallentamiseen" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Tallennettu tila on virheellinen" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Tieto on luottamuksellista eikä sitä voida paljastaa" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Tilaa ei voida tallentaa" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Moduulia ei ole alustettu" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Moduuli on jo alustettu" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Tietoa ei voida lukita" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Tietoa ei voida lukita" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Pyyntö hylättiin käyttäjän toimesta" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Tuntematon virhe" diff --git a/po/fo.gmo b/po/fo.gmo new file mode 100644 index 0000000..f5e9d38 Binary files /dev/null and b/po/fo.gmo differ diff --git a/po/fo.po b/po/fo.po new file mode 100644 index 0000000..1e5c2ae --- /dev/null +++ b/po/fo.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Faroese (http://www.transifex.com/freedesktop/p11-kit/language/fo/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fo\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/fr.gmo b/po/fr.gmo new file mode 100644 index 0000000..13abc4a Binary files /dev/null and b/po/fr.gmo differ diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..dbb6b3b --- /dev/null +++ b/po/fr.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Jérôme Fenal , 2013 +# lkppo, 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 14:15+0000\n" +"Last-Translator: Jérôme Fenal \n" +"Language-Team: French (http://www.transifex.com/freedesktop/p11-kit/language/fr/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fr\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "L'opération a été annulée" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Mémoire disponible insuffisante" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "L'identifiant de slot indiqué est invalide" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Erreur interne" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "L'opération a échouée" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Arguments invalides" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Le module ne peut créer les fils d'exécution nécessaire" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Le module ne peut verrouiller correctement les données" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Le champ est en lecture seule" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Le champ est sensible et ne peut être révélé" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Le champ est invalide ou n'existe pas" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valeur invalide pour le champ" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "La donnée est invalide ou non reconnue" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Données trop longues" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Une erreur est survenue sur le périphérique" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Mémoire insuffisante sur le périphérique" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Le périphérique a été supprimé ou débranché" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Les données chiffrées sont invalides ou non reconnues" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Les données chiffrées sont trop longues" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "L'opération n'est pas prise en charge" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Clef manquante ou invalide" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "La longueur de la Clef est incorrecte" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Le type de la Clef est incorrect" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Pas de clef nécessaire" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "La clef est différente de précédemment" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Une clef est nécessaire" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Impossible d'inclure la clé dans le condensé" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Cette opération est incompatible avec cette clef" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "La clé ne peut être emballée" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "La clef n'a pu être exportée" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Le mécanisme de chiffrement est invalide ou non reconnu" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Le mécanisme de chiffrement a un argument invalide" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objet manquant ou invalide" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Une autre opération est déjà en cours" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Aucune opération en cours" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Le mot de passe ou le code PIN est incorrect" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Le mot de passe ou le code PIN est invalide" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "La longueur du mot de passe ou du code PIN est incorrecte" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "c" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Le mot de passe ou le code PIN est bloqué" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "La session est fermée" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Trop de sessions actives" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La session est invalide" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "La session est en lecture seule" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Une session ouverte existe" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Une session en lecture seule existe" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Un administrateur de sessions existe" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "La signature est incorrecte ou corrompue" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "La signature ne peu être reconnue ou est corrompue" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Certains champs requis sont manquants" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Certains champs ont des valeurs invalides" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Le périphérique est absent ou débranché" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Le périphérique est invalide ou non reconnu" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Le périphérique est protégé en écriture" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Impossible d'importer car la clé est invalide" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Impossible d'importer car la clé n'a pas la bonne taille" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Impossible d'importer car la clé n'est pas du bon type" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Vous êtes déjà connecté" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Aucun utilisateur connecté" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Le mot de passe ou l'identifiant personnel n'est pas configuré" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "L'utilisateur n'a pas le bon type" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Un autre utilisateur est déjà connecté" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Trop d'utilisateurs de différents types sont connectés" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Impossible d'importer une clé invalide" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Impossible d'importer une clé de la mauvaise taille" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Impossible d'exporter car la clé est invalide" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Impossible d'exporter car la clé n'a pas la bonne taille" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Impossible d'exporter car la clé n'est pas du bon type" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Impossible d'initialiser le générateur de nombres aléatoires" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Aucun générateur de nombres aléatoires disponible" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Le mécanisme de chiffrement a un paramètre invalide" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Pas assez d'espace pour enregistrer le résultat" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "L'état enregistré est invalide" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "L'information est sensible et ne peut être révélée" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "L'état ne peut être enregistré" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Le module n'a pas été réinitialisé" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Le module a déjà été réinitialisé" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "impossible de verrouillé les données" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Les données ne peuvent être verrouillées" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "La demande a été rejetée par l'utilisateur" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Erreur inconnue" diff --git a/po/fur.gmo b/po/fur.gmo new file mode 100644 index 0000000..660de18 Binary files /dev/null and b/po/fur.gmo differ diff --git a/po/fur.po b/po/fur.po new file mode 100644 index 0000000..4efcaa6 --- /dev/null +++ b/po/fur.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Fabio Tomat , 2017 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-12-06 15:44+0000\n" +"Last-Translator: Fabio Tomat \n" +"Language-Team: Friulian (http://www.transifex.com/freedesktop/p11-kit/language/fur/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: fur\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "La operazion e je stade anulade" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "No vonde memorie disponibile" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Il ID dal slot specificât nol è valit" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Erôr interni" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "La operazion e à falît" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argoments no valits" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Il modul nol pues creâ i thread che a coventin" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Il modul nol pues blocâ i dâts ben" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Il cjamp al è di dome-leture" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Il cjamp al è sensibil e nol pues jessi rivelât" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Il cjamp nol è valit o nol esist" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valôr no valit pal cjamp" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "La date no je valide o no je ricognossude" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "La date e je masse lungje" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Al è capitât un erôr sul dispositîf" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Memorie disponibile insuficiente sul dispositîf" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Il dispositîf al è stât gjavât o distacât" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Il dât cifrât nol è valit o nol è stât ricognossût" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Il dât cifrât al è masse lunc" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Cheste operazion no je supuartade" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "La clâf e mancje o no je valide" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "La clâf e je de dimension sbaliade" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "La clâf e je dal gjenar sbaliât" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "No covente nissune clâf" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "La clâf e je diferente rispiet a prime" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "E covente une clâf" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Impussibil includi la clâf tal digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Cheste operazion no pues jessi fate cun cheste clâf" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "La clâf no pues jessi fate sù" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Impussibil espuartâ cheste clâf" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Il mecanisim di cifradure nol è valit o nol è ricognossût" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Il mecanisim di cifradure al à un argoment no valit" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "L'ogjet al mancje o nol è valit" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Une altre operazion e je za in vore" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Nissune operazion e je in vore" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "La password o il PIN nol è just" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "La password o il PIN nol è valit" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "La password o il PIN al è di une lungjece no valide" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "La password o il PIN al è scjadût" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "La password o il PIN al è blocât" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "La session e je sierade" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "A son ativis masse sessions" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La session no je valide" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "La session e je in dome-leture" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Une session vierte e esist" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Une session in dome-leture e esist" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Une session dal aministradôr e esist" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "La firme e je sbaliade o ruvinade" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "La firme no je ricognossude o e je ruvinade" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Al mancje cualchi cjamp necessari" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Cualchi cjamp al à valôrs no valits" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Il dispositîf nol è presint o al è distacât" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Il dispositîf nol è valit o nol è ricognossût" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Il dispositîf al è protet de scriture" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Impussibil impuartâ parce che la clâf no je valide" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Impussibil impuartâ parce che la clâf e je di dimension sbaliade" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Impussibil impuartâ par vie che la clâf e je di gjenar sbaliât" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Tu sês za jentrât" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Nissun utent al è jentrât" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "La passord dal utent o il PIN nol è stabilît" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "L'utent al è di un gjenar no valit" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Un altri utent al è za jentrât" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "A son jentrâts masse utents di gjenar diferent" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Impussibil impuartâ une clâf no valide" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Impussibil impuartâ une clâf di dimension sbaliade" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Impussibil espuartâ parcè che la clâf no je valide" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Impussibil espuartâ par vie che la clâf e je de dimension sbaliade" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Impussibil espuartâ parcè che la clâf e je dal gjenar sbaliât" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Impussibil inizializâ il gjeneradôr di numars casuâi" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nissun gjeneradôr di numars casuâi disponibil" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Il mecanisim di cifradure al à un parametri no valit" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "No vonde spazi par archiviâ il risultât" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Il stât salvât nol è valit" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "La informazion e je sensibile e no pues jessi rivelade" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Il stât nol pues jessi salvât" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Il modul nol è stât inizializât" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Il modul al è za stât inizializât" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Impussibil blocâ i dâts" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "I dâts no puedi jessi blocâts" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "La richieste e je stade refudade dal utent" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Erôr no cognossût" diff --git a/po/ga.gmo b/po/ga.gmo new file mode 100644 index 0000000..54b28f2 Binary files /dev/null and b/po/ga.gmo differ diff --git a/po/ga.po b/po/ga.po new file mode 100644 index 0000000..7acd071 --- /dev/null +++ b/po/ga.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Irish (http://www.transifex.com/freedesktop/p11-kit/language/ga/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ga\n" +"Plural-Forms: nplurals=5; plural=(n==1 ? 0 : n==2 ? 1 : n<7 ? 2 : n<11 ? 3 : 4);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/gl.gmo b/po/gl.gmo new file mode 100644 index 0000000..b8d33ed Binary files /dev/null and b/po/gl.gmo differ diff --git a/po/gl.po b/po/gl.po new file mode 100644 index 0000000..905ee86 --- /dev/null +++ b/po/gl.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Fran Diéguez , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-23 18:09+0000\n" +"Last-Translator: Fran Diéguez \n" +"Language-Team: Galician (http://www.transifex.com/freedesktop/p11-kit/language/gl/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: gl\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Cancelouse a operación" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Non hai memoria dispoñíbel dabondo" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "O ID do slot especificado non é válido" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Erro interno" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Operacción fallada" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argumentos non válidos" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "O módulo non pode crear os fíos necesarios" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "O módulo non pode bloquear os datos correctamente" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "O campo é de só lectura" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "O campo é sensíbel e non pode ser revelado" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "O campo non é válido ou non existe" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valor non válido para o campo" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "O dato non é válido ou non se recoñece" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "O dato é demasiado longo" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Produciuse un erro no dispositivo" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "A memoria dispoñíbel no dispositivo non é suficiente" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "O dispositivo foi extraído ou desconectado" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Os datos cifrados non son válidos ou non se recoñecen" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Os datos cifrados son demasiado longos" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Esta operación non se admite" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Falta a chave ou non é válida" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "A chave ten un tamaño incorrecto" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "A chave é dun tipo incorrecto" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Non se precisa chave" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "A chave é diferente da anterior" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Precísase unha chave" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Non é posíbel incluir a chave no digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Esta operación non pode levarse a cabo con esta chave" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "A chave non pode envolverse" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Non é posíbel exportar esta chave" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "O mecanismo de criptografía non é válido ou non se recoñece" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "O mecanismo de criptografía ten un argumento non válido" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "O obxecto falta ou non é válido" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Xa se esta executando outra operación" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Non se está levando a cabo outra operación" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "O contrasinal ou PIN é incorrecto" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "O contrasinal ou PIN non é válido" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "O contrasinal ou PIN ten unha lonxitude non válida" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "O contrasinal ou PIN expirou" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "O contrasinal ou PIN está bloqueado" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "A sesión está pechada" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Demasiadas sesións activas" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "A sesión non é válida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "A sesión é e só lectura" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Existe unha sesión aberta" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Existe unha sesión de só lectura" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Existe unha sesión de administrador" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "A sinatura é mala ou está corrompida" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "A sinatura non se recoñece ou está corrompida" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Faltan algúns campos requiridos" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Certos campos teñen valores non válidos" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "O dispositivo non está presente ou non está conectado" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "O dispositivo non é válido ou non está conectado" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "O dispositivo está protexido contra a escritura" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Non é posíbel importar porque a chave non é válida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Non é posíbel importar a chave xa que ten un tamaño incorrecto" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Non é posíbel importar porque a chave ten un tipo non válido" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Xa ten unha sesión iniciada" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Non hai usuarios coa sesión iniciada" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "O contrasinal ou PIN do usuario non está estabelecido" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "O usuario ten un tipo non válido" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Xa hai outro usuario coa sesión iniciada" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Hai varios usuarios de tipos diferentes coa sesión iniciada" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Non é posíble importar unha chave non válida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Non é posíbel importar unha chave de tamaño incorrecto" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Non é posíbel exportar a chave porque non é válida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Non é posíbel exportar a chave porque ten un tamaño incorrecto " + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Non é posíbel exportar a chave porque é do tipo incorrecto" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Non é posíbel inicializar o xerador de números aleatorios" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Non hai ningún xerador de números aleatorios dispoñíbel" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "O mecanismo criptográfico ten un parámetro non válido" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Non hai espazo dabondo para almacenar o resultado" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "O estado gardado non é válido" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "A información é sensíbel e non pode revelarse" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Non é posíbel gardar o estado" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "O módulo non foi inicializado" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "O módulo xa foi inicializado" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Non é posíbel bloquear os datos" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Non é posíbel bloquear os datos" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "A solicitude foi rexeitada polo usuario" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Erro descoñecido" diff --git a/po/gu.gmo b/po/gu.gmo new file mode 100644 index 0000000..2a4613c Binary files /dev/null and b/po/gu.gmo differ diff --git a/po/gu.po b/po/gu.po new file mode 100644 index 0000000..144e22d --- /dev/null +++ b/po/gu.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Gujarati (http://www.transifex.com/freedesktop/p11-kit/language/gu/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: gu\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/he.gmo b/po/he.gmo new file mode 100644 index 0000000..3a050d5 Binary files /dev/null and b/po/he.gmo differ diff --git a/po/he.po b/po/he.po new file mode 100644 index 0000000..33ccec9 --- /dev/null +++ b/po/he.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Hebrew (http://www.transifex.com/freedesktop/p11-kit/language/he/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: he\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/hi.gmo b/po/hi.gmo new file mode 100644 index 0000000..f0d75bb Binary files /dev/null and b/po/hi.gmo differ diff --git a/po/hi.po b/po/hi.po new file mode 100644 index 0000000..0148733 --- /dev/null +++ b/po/hi.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Hindi (http://www.transifex.com/freedesktop/p11-kit/language/hi/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: hi\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/hr.gmo b/po/hr.gmo new file mode 100644 index 0000000..17f2f91 Binary files /dev/null and b/po/hr.gmo differ diff --git a/po/hr.po b/po/hr.po new file mode 100644 index 0000000..5169967 --- /dev/null +++ b/po/hr.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Tomislav Krznar , 2012 +# gogo , 2017 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-23 18:36+0000\n" +"Last-Translator: gogo \n" +"Language-Team: Croatian (http://www.transifex.com/freedesktop/p11-kit/language/hr/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: hr\n" +"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Operacija je prekinuta" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Nedovoljno memorije" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "ID navedenog utora nije ispravan" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Unutrašnja greška" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Operacija nije uspjela" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Neispravni argumenti" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modul ne može stvoriti potrebne dretve" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modul ne može pravilno zaključati podatke" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Polje ima dozvole samo za čitanje" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Polje je osjetljivo i ne može se prikazati" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Polje ne postoji ili nije ispravno" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Neispravna vrijednost za polje" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Podaci nisu prepoznati ili nisu ispravni" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Podaci su predugački" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Došlo je do greške na uređaju" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Nedovoljno memorije na uređaju" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Uređaj je uklonjen" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Šifrirani podaci nisu prepoznati ili nisu ispravni" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Šifrirani podaci su predugački" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Ova operacija nije podržana" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Nema ključa ili nije ispravan" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Ključ je pogrešne veličine" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Ključ je pogrešne vrste" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Ključ nije potreban" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Ključ se razlikuje od prethodnog" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Potreban je ključ" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Nemoguće uključiti ključ u kontrolnu sumu" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Ova operacija se ne može izvršiti s ovim ključem" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Sadržaj ključa se ne može prelomiti u više redaka" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Nemoguć izvoz ovog ključa" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Mehanizam šifriranja nije prepoznat ili nije ispravan" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Mehanizam šifriranja ima neispravan argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Nedostaje objekt ili nije ispravan" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Već se izvršava druga operacija" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Ne izvršava se niti jedna operacija" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Lozinka ili PIN su pogrešni" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Lozinka ili PIN nisu ispravni" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Lozinka ili PIN nemaju ispravnu duljinu" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Lozinki ili PIN-u je istekao rok trajanja" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Lozinka ili PIN su zaključani" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sesija je zatvorena" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Previše sesija je aktivno" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sesija nije ispravna" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sesija je samo za čitanje" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Postoji otvorena sesija" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Postoji sesija samo za čitanje" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Postoji administratorska sesija" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Potpis je neispravan ili oštećen" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Potpis nije prepoznat ili je oštećen" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Nedostaju neka neophodna polja" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Neka polja imaju neispravne vrijednosti" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Uređaj nije prisutan ili je iskopčan" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Uređaj je neispravan ili neprepoznat" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Uređaj ima zaštitu pisanja" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Nemoguć uvoz zbog neispravnog ključa" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Nemoguć uvoz zbog ključa pogrešne veličine" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Nemoguć uvoz zbog ključa pogrešne vrste" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Već ste prijavljeni" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Nijedan korisnik nije prijavljen" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Korisnička lozinka ili PIN nisu postavljeni" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Vrsta korisnika nije ispravna" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Drugi korisnik je već prijavljen" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Prijavljeno je previše korisnika različitih vrsta" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Nemoguć uvoz neispravanog ključa" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Nemoguć uvoz ključa pogrešne veličine" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Nemoguć izvoz neispravnog ključa" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Nemoguć izvoz ključa pogrešne veličine" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Nemoguć izvoz ključa pogrešne vrste" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Nemoguće pokretanje generatora slučajnih brojeva" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nema dostupnih generatora slučajnih brojeva" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Mehanizam šifriranja ima neispravan parametar" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Nedovoljno prostora za spremanje rezultata" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Spremljeno stanje nije ispravno" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informacije su osjetljive i ne mogu se prikazati" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Stanje se ne može spremiti" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modul nije pokrenut" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modul je već pokrenut" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Nemoguće zaključavanje podataka" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Podaci se ne mogu zaključati" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Zahtjev je odbacio korisnik" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Nepoznata greška" diff --git a/po/hu.gmo b/po/hu.gmo new file mode 100644 index 0000000..cfd27c5 Binary files /dev/null and b/po/hu.gmo differ diff --git a/po/hu.po b/po/hu.po new file mode 100644 index 0000000..ef6ede5 --- /dev/null +++ b/po/hu.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Gabor Kelemen , 2012 +# kelemeng , 2014 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:28+0000\n" +"Last-Translator: kelemeng \n" +"Language-Team: Hungarian (http://www.transifex.com/freedesktop/p11-kit/language/hu/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: hu\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "A művelet megszakítva" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Nincs elég memória" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "A megadott helyazonosító nem érvényes" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Belső hiba" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "A művelet meghiúsult" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Érvénytelen argumentumok" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "A modul nem képes létrehozni a szükséges szálakat" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "A modul nem képes megfelelően zárolni az adatokat" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "A mező írásvédett" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "A mező adatai érzékenyek és nem fedhetők fel" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "A mező érvénytelen vagy nem létezik" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "A mező értéke érvénytelen" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Az adat érvénytelen vagy ismeretlen" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Az adat túl hosszú" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Hiba történt az eszközön" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Nem érhető el elegendő memória az eszközön" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Az eszköz eltávolításra vagy leválasztásra került" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "A titkosított adatok érvénytelenek vagy ismeretlenek" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "A titkosított adatok túl hosszúak" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "A művelet nem támogatott" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "A kulcs hiányzik vagy érvénytelen" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "A kulcs mérete hibás" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "A kulcs nem megfelelő típusú" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Nem szükséges kulcs" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "A kulcs megváltozott" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Kulcs szükséges" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "A kivonatba nem vehető fel a kulcs" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Ez a művelet nem végezhető el a kulccsal" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "A kulcs nem alakítható át" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "A kulcs nem exportálható" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "A titkosítási mód érvénytelen vagy ismeretlen" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "A titkosítási mód argumentuma érvénytelen" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Az objektum hiányzik vagy érvénytelen" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Már folyamatban van egy művelet" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Nincs folyamatban művelet" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "A jelszó vagy PIN helytelen" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "A jelszó vagy PIN érvénytelen" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "A jelszó vagy PIN érvénytelen hosszúságú" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "A jelszó vagy PIN lejárt" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "A jelszó vagy PIN zárolva van" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "A munkamenet le van zárva" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Túl sok munkamenet aktív" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "A munkamenet érvénytelen" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "A munkamenet írásvédett" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Már létezik nyitott munkamenet" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Már létezik írásvédett munkamenet" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Már létezik adminisztrátori munkamenet" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Az aláírás rossz vagy sérült" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Az aláírás ismeretlen vagy sérült" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Néhány szükséges mező hiányzik" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Néhány szükséges mező értéke érvénytelen" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Az eszköz nincs jelen vagy eltávolították" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Az eszköz érvénytelen vagy felismerhetetlen" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Az eszköz írásvédett" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Nem importálható, mert a kulcs érvénytelen" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Nem importálható, mert a kulcs hibás méretű" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Nem importálható, mert a kulcs hibás típusú" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Már bejelentkezett" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Senki sem jelentkezett be" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "A felhasználó jelszava vagy PIN kódja nincs beállítva" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "A felhasználó érvénytelen típusú" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Már bejelentkezett egy másik felhasználó" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Túl sok eltérő típusú felhasználó jelentkezett be" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Nem importálható érvénytelen kulcs" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Nem importálható hibás méretű kulcs" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Nem lehet exportálni, mert a kulcs érvénytelen" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Nem lehet exportálni, mert a kulcs hibás méretű" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Nem lehet exportálni, mert a kulcs hibás típusú" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "A véletlenszám-generátor nem készíthető elő" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nem áll rendelkezésre véletlenszám-generátor" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "A titkosítási mechanizmus egy paramétere érvénytelen" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Nincs elég hely az eredmény tárolásához" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "A mentett állapot érvénytelen" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Az információk érzékenyek és nem fedhetők fel" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Az állapot nem menthető" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "A modul nincs előkészítve" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "A modul már elő lett készítve" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Nem zárolhatók az adatok" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Az adatok nem zárolhatók" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "A felhasználó elutasította a kérést" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Ismeretlen hiba" diff --git a/po/ia.gmo b/po/ia.gmo new file mode 100644 index 0000000..0d7c98b Binary files /dev/null and b/po/ia.gmo differ diff --git a/po/ia.po b/po/ia.po new file mode 100644 index 0000000..d86365e --- /dev/null +++ b/po/ia.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Interlingua (http://www.transifex.com/freedesktop/p11-kit/language/ia/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ia\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/id.gmo b/po/id.gmo new file mode 100644 index 0000000..49e9953 Binary files /dev/null and b/po/id.gmo differ diff --git a/po/id.po b/po/id.po new file mode 100644 index 0000000..4b2aff1 --- /dev/null +++ b/po/id.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Andika Triwidada , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:12+0000\n" +"Last-Translator: Andika Triwidada \n" +"Language-Team: Indonesian (http://www.transifex.com/freedesktop/p11-kit/language/id/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: id\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Operasi dibatalkan" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Tak tersedia cukup memori" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "ID slot yang dinyatakan tak valid" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Galat internal" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Operasi gagal" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argumen tak valid" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modul tak bisa membuat thread yang diperlukan" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modul tak bisa mengunci data secara benar" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Ruas hanya-baca" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Ruas sensitif dan tak bisa diungkapkan" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Ruas tak valid atau tak ada" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Nilai tak valid bagi ruas" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Data tak valid atau tak dikenali" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Data terlalu panjang" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Terjadi galat pada perangkat" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Tak tersedia cukup memori pada perangkat" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Perangkat dihapus atau dicabut" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Data terenkripsi tak valid atau tak dikenali" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Data terenkripsi terlalu panjang" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Operasi ini tak didukung" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Kunci hilang atau tak valid" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Ukuran kunci salah" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Jenis kunci salah" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Tak perlu kunci" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Kunci berbeda dengan sebelumnya" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Perlu suatu kunci" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Tak bisa menyertakan kunci dalam digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Operasi ini tak bisa dilakukan dengan kunci ini" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Kunci tak bisa dibungkus" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Tak bisa mengekspor kunci ini" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Mekanisme kripto tak valid atau tak dikenali" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Mekanisme kripto memiliki argumen yang tak valid" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objek hilang atau tak valid" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Operasi lain tengah berjalan" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Tak ada operasi yang sedang berjalan" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Sandi atau PIN salah" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Sandi atau PIN tak valid" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Panjang sandi atau PIN tak valid" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Sandi atau PIN kadaluarsa" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Sandi atau PIN terkunci" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sesi ditutup" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Terlalu banyak sesi yang aktif" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sesi tak valid" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sesi hanya-baca" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Ada sesi terbuka" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Ada sesi hanya-baca" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Ada sesi administrator" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Tanda tangan buruk atau rusak" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Tanda tangan tak dikenali atau rusak" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Ruas tertentu yang diperlukan hilang" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Ruas tertentu memiliki nilai yang tak valid" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Perangkat tak ada atau dicabut" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Perangkat tak valid atau tak dikenali" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Perangkat terlindung tulis" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Tak bisa mengimpor karena kunci tak valid" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Tak bisa mengimpor karena ukuran kunci salah" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Tak bisa mengimpor karena jenis kunci salah" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Anda sudah log masuk" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Tak ada pengguna yang log masuk" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Sandi atau PIN pengguna belum diisi" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Jenis pengguna tak valid" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Pengguna lain telah log masuk" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Terlalu banyak pengguna dengan jenis berbeda sedang log masuk" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Tak bisa mengimpor kunci yang tak valid" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Tak bisa mengimpor kunci salah ukuran" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Tak bisa mengekspor karena kunci tak valid" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Tak bisa mengekspor karena kunci salah ukuran" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Tak bisa mengekspor karena kunci salah jenis" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Tak bisa menginisialisasi pembangkit bilangan acak" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Tak tersedia pembangkit bilangan acak" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Mekanisme kripto memiliki parameter yang tak valid" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Tak cukup ruang untuk menyimpan hasil" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Keadaan tersimpan tak valid" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informasi sensitif dan tak dapat diungkapkan" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Keadaan tak dapat disimpan" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modul belum diinisialisasi" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modul telah diinisialisasi" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Tak bisa mengunci data" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Data tak bisa dikunci" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Permintaan ditolak oleh pengguna" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Galat tak dikenal" diff --git a/po/insert-header.sin b/po/insert-header.sin new file mode 100644 index 0000000..ceeebb9 --- /dev/null +++ b/po/insert-header.sin @@ -0,0 +1,28 @@ +# Sed script that inserts the file called HEADER before the header entry. +# +# Copyright (C) 2001 Free Software Foundation, Inc. +# Written by Bruno Haible , 2001. +# This file is free software; the Free Software Foundation gives +# unlimited permission to use, copy, distribute, and modify it. +# +# At each occurrence of a line starting with "msgid ", we execute the following +# commands. At the first occurrence, insert the file. At the following +# occurrences, do nothing. The distinction between the first and the following +# occurrences is achieved by looking at the hold space. +/^msgid /{ +x +# Test if the hold space is empty. +s/m/m/ +ta +# Yes it was empty. First occurrence. Read the file. +r HEADER +# Output the file's contents by reading the next line. But don't lose the +# current line while doing this. +g +N +bb +:a +# The hold space was nonempty. Following occurrences. Do nothing. +x +:b +} diff --git a/po/it.gmo b/po/it.gmo new file mode 100644 index 0000000..4b05c7f Binary files /dev/null and b/po/it.gmo differ diff --git a/po/it.po b/po/it.po new file mode 100644 index 0000000..149ef6f --- /dev/null +++ b/po/it.po @@ -0,0 +1,345 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Luca Ferretti , 2012 +# Milo Casagrande , 2013 +# Milo Casagrande , 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:31+0000\n" +"Last-Translator: Milo Casagrande \n" +"Language-Team: Italian (http://www.transifex.com/freedesktop/p11-kit/language/it/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: it\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "L'operazione è stata annullata" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Memoria disponibile non sufficiente" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "L'ID dello slot specificato non è valido" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Errore interno" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "L'operazione non è riuscita" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argomenti non validi" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Il modulo non può creare i thread richiesti" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Il modulo non può bloccare i dati in modo corretto" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Il campo è a sola lettura" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Il campo è sensibile e non può essere mostrato" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Il campo non è valido oppure non esiste" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valore non valido per il campo" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "I dati sono non validi oppure non riconosciuti" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "I dati sono troppo lunghi" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Si è verificato un errore sul dispositivo" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Memoria disponibile sul dispositivo non sufficiente" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Il dispositivo è stato rimosso o scollegato" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "I dati cifrati sono non validi oppure non riconosciuti" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "I dati cifrati sono troppo lunghi" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Questa operazione non è supportata" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "La chiave manca o non è valida" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "La dimensione della chiave è errata" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Il tipo della chiave è errato" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Nessuna chiave richiesta" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "La chiave è diversa rispetto prima" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "È richiesta una chiave" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Impossibile includere la chiave nel digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Impossibile eseguire questa operazione con questa chiave" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "La chiave non può essere terminata" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Impossibile esportare questa chiave" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Il meccanismo di crittografia è non valido oppure non riconosciuto" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Il meccanismo di crittografia presenta un argomento non valido" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Manca l'oggetto oppure non è valido" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Un'altra operazione è già in corso" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Nessuna operazione in corso" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "La password o il PIN non è corretto" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "La password o il PIN non è valido" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "La password o il PIN è di lunghezza non valida" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "La password o il PIN è scaduto" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "La password o il PIN è bloccato" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "La sessione è chiusa" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Troppe sessioni attive" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La sessione non è valida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "La sessione è in sola-lettura" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Esiste già una sessione aperta" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Esiste già una sessione in sola-lettura" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Esiste già una sessione amministratore" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "La firma non è corretta o danneggiata" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "La firma è rovinata o non leggibile" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Mancano alcuni campi richiesti" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Alcuni campi presentano valori non validi" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Il dispositivo non è presente o è scollegato" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Il dispositivo non è valido o non è riconoscibile" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Il dispositivo è protetto in scrittura" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Impossibile importare poiché la chiave non è valida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Impossibile importare poiché la chiave è della dimensione errata" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Impossibile importare poiché la tipologia della chiave è errata" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Accesso già eseguito" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Nessun utente ha effettuato l'accesso" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "La password o il PIN dell'utente non è impostato" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "L'utente è di tipo errato" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Un altro utente ha già effettuato l'accesso" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Troppi utenti di diversi tipi hanno eseguito l'accesso" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Impossibile importare una chiave non valida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Impossibile importare una chiave della dimensione errata" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Impossibile esportare poiché la chiave non è valida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Impossibile esportare poiché la chiave è della dimensione errata" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Impossibile esportare poiché la tipologia della chiave è errata" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Impossibile inizializzare il generatore di numeri casuali" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nessun generatore di numeri casuali disponibile" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Il meccanismo di cifratura presenta un parametro non valido" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Spazio insufficiente per salvare il risultato" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Lo stato salvato non è valido" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Le informazioni sono private e non possono essere mostrate" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Impossibile salvare lo stato" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Il modulo non è stato inizializzato" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Il modulo è già stato inizializzato" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Impossibile bloccare i dati" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "I dati non possono essere bloccati" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "La richiesta è stata rifiutata dall'utente" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Errore sconosciuto" diff --git a/po/ja.gmo b/po/ja.gmo new file mode 100644 index 0000000..13e59fa Binary files /dev/null and b/po/ja.gmo differ diff --git a/po/ja.po b/po/ja.po new file mode 100644 index 0000000..a42e9b6 --- /dev/null +++ b/po/ja.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Tomoyuki KATO , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:45+0000\n" +"Last-Translator: Tomoyuki KATO \n" +"Language-Team: Japanese (http://www.transifex.com/freedesktop/p11-kit/language/ja/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ja\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "操作が取り消されました" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "利用可能なメモリーが不足しています" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "指定されたスロット ID が無効です" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "内部エラー" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "操作が失敗しました" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "無効な引数" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "モジュールが必要なスレッドを作成できません" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "モジュールがデータを適切にロックできません" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "項目が読み込み専用です" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "項目は大文字小文字を区別します、明らかにできません" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "項目が無効です、または存在しません" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "項目に対する無効な値" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "データが有効ではありません、または認識されません" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "データが長すぎます" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "デバイスにおいてエラーが発生しました" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "デバイスにおいて利用可能なメモリーが不足しています" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "デバイスが削除されました、または取り外されました" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "暗号化されたデータが有効ではありません、または認識されません" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "暗号化されたデータが長すぎます" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "この操作はサポートされません" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "キーがありません、または無効です" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "キーが誤った大きさです" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "キーが誤った形式です" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "キーは必要ありません" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "キーが以前のものと異なります" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "キーが必要です" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "ダイジェストにキーを含められません" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "この操作はこのキーを用いて実行できません" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "キーをラップできません" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "このキーをエクスポートできません" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "暗号化機能が無効です、または認識されません" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "暗号化機能が無効な引数を持ちます" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "オブジェクトがありません、または無効です" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "他の操作がすでに起きています" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "発生している操作がありません" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "パスワードまたは PIN が正しくありません" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "パスワードまたは PIN が無効です" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "パスワードまたは PIN が不正な長さです" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "パスワードまたは PIN が失効しています" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "パスワードまたは PIN がロックされています" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "セッションが終了しました" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "有効なセッションが多すぎます" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "セッションが無効です" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "セッションが読み込み専用です" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "開いているセッションが存在します" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "読み込み専用のセッションが存在します" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "管理者セッションが存在します" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "署名が不正です、または破損しています" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "署名が認識できません、または破損しています" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "特定の必須項目がありません" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "特定の必須項目が無効な値を持っています" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "デバイスが存在しません、または取り外されました" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "デバイスが無効です、まあは認識されません" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "デバイスが書き込み保護されています" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "キーが無効なためインポートできません" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "キーの大きさが不正なためインポートできません" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "キーの形式が不正なためインポートできません" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "すでにログインしています" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "ログインしているユーザーはいません" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "ユーザーのパスワードまたは PIN が設定されていません" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "ユーザーが無効な種類です" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "他のユーザーがすでにログインしています" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "異なる種類の多すぎるユーザーがログインしています" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "無効なキーをインポートできません" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "不正な大きさのキーをインポートできません" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "キーが無効なためエクスポートできません" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "キーが誤った大きさのためエクスポートできません" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "キーが誤った形式のためエクスポートできません" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "乱数生成器を初期化できません" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "利用可能な乱数生成器がありません" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "暗号化機能が無効なパラメーターを持っています" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "結果を保存するために十分な領域がありません" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "保存された状態が無効です" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "情報は大文字小文字を区別しますが、明らかにできません" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "状態が保存できません" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "モジュールが初期化されませんでした" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "モジュールがすでに初期化されています" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "データをロックできません" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "データがロックできません" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "リクエストがユーザーにより拒否されました。" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "未知のエラー" diff --git a/po/ka.gmo b/po/ka.gmo new file mode 100644 index 0000000..a0818eb Binary files /dev/null and b/po/ka.gmo differ diff --git a/po/ka.po b/po/ka.po new file mode 100644 index 0000000..ba3fc55 --- /dev/null +++ b/po/ka.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# George Machitidze , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 13:58+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Georgian (http://www.transifex.com/freedesktop/p11-kit/language/ka/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ka\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "ოპერაცია შეწყვეტილ იქნა" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "ხელმისაწვდომი მეხსიერება არასაკმარისია" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "მითითებული სლოტის ID არასწორია" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "შიდა შეცდომა" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "ოპერაცია ვერ განხორციელდა" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "არგუმენტები არასწორია" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "ველი მხოლოდ კითხვადია" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "ველი მგრძნობიარეა და მისი გამოტანა არ არის დაშვებული" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "ველი არასწორია ან არ არსებობს" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "ცვლადის მნიშვნელობა არასწორია" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "მონაცემები არასწორია ან ამოუცნობი" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "მონაცემები ძალიან დიდია" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "შეცდომა მოწყობილობაში" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "დაშიფრული მონაცემები არასწორია ან ამოუცნოი" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "დაშიფრული მონაცემები ძალიან დიდია" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "ოპერაცია არ არის მხარდაჭერილი" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "გასაღები არ არის ან არასწორია" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "გასაღები არასწორი ზომისაა" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "გასაღები არასწორი ტიპისაა" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "გასაღები არ არის საჭირო" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "გასაღები ძველისგან განსხვავდება" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "საჭიროა გასაღები" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "ამ გასაღების დაექსპორტება შეუძლებელია" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "ობიექტი არ არის ან არასწორია" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "პაროლი ან PIN მცდარია" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "პაროლი ან PIN არასწორია" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "სესია დაკეტილია" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "სესია არასწორია" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "სესია მხოლოდ კითხვადია" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "მონაცემების დაბლოკვა შეუძლებელია" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "უცნობი შეცდომა" diff --git a/po/kk.gmo b/po/kk.gmo new file mode 100644 index 0000000..126c4d7 Binary files /dev/null and b/po/kk.gmo differ diff --git a/po/kk.po b/po/kk.po new file mode 100644 index 0000000..005121e --- /dev/null +++ b/po/kk.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Baurzhan Muftakhidinov , 2014 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 19:45+0000\n" +"Last-Translator: Baurzhan Muftakhidinov \n" +"Language-Team: Kazakh (http://www.transifex.com/freedesktop/p11-kit/language/kk/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: kk\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Әрекеттен бас тартылды" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Қолжетерлік жады жеткіліксіз" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Ішкі қате" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Әрекет сәтсіз аяқталды" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/kn.gmo b/po/kn.gmo new file mode 100644 index 0000000..713db31 Binary files /dev/null and b/po/kn.gmo differ diff --git a/po/kn.po b/po/kn.po new file mode 100644 index 0000000..db16763 --- /dev/null +++ b/po/kn.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Kannada (http://www.transifex.com/freedesktop/p11-kit/language/kn/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: kn\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/ko.gmo b/po/ko.gmo new file mode 100644 index 0000000..e941392 Binary files /dev/null and b/po/ko.gmo differ diff --git a/po/ko.po b/po/ko.po new file mode 100644 index 0000000..889eba1 --- /dev/null +++ b/po/ko.po @@ -0,0 +1,345 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Seong-ho Cho , 2013 +# Seong-ho Cho , 2013 +# Shinjo Park , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:15+0000\n" +"Last-Translator: Seong-ho Cho \n" +"Language-Team: Korean (http://www.transifex.com/freedesktop/p11-kit/language/ko/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ko\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "작업이 취소됨" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "사용 가능한 메모리가 부족함" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "지정한 슬롯 ID가 올바르지 않음" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "내부 오류" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "작업이 실패함" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "인자가 잘못됨" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "모듈에서 필요한 스레드를 만들 수 없음" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "모듈에서 데이터를 올바르게 잠글 수 없음" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "필드가 읽기 전용임" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "필드가 민감한 정보를 포함하고 있어서 볼 수 없음" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "필드가 잘못되었거나 존재하지 않음" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "필드의 값이 잘못됨" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "데이터가 올바르지 않거나 인식되지 않음" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "데이터가 너무 김" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "장치에 오류가 발생함" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "장치에 메모리가 부족함" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "장치가 제거되었거나 연결이 해제됨" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "암호화된 데이터가 올바르지 않거나 인식되지 않음" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "암호화된 데이터가 너무 김" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "이 동작이 지원되지 않음" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "키가 없거나 올바르지 않음" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "키 크기가 잘못됨" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "키 종류가 잘못됨" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "키가 필요하지 않음" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "키가 이전과 달라짐" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "키가 필요함" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "다이제스트에 키를 포함할 수 없음" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "이 키를 사용하여 작업을 수행할 수 없음" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "키를 둘러쌀 수 없음" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "키를 내보낼 수 없음" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "암호화 방식이 잘못되었거나 인식할 수 없음" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "암호화 방식의 인자가 잘못됨" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "객체가 존재하지 않거나 잘못됨" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "다른 작업이 진행 중" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "진행 중인 작업 없음" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "암호나 PIN이 올바르지 않음" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "암호나 PIN이 잘못됨" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "암호나 PIN의 길이가 잘못됨" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "암호나 PIN이 만료됨" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "암호나 PIN이 잠김" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "세션이 닫힘" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "세션이 너무 많이 열려 있음" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "세션이 잘못됨" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "세션이 읽기 전용임" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "열린 세션이 존재함" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "읽기 전용 세션이 존재함" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "관리자 세션이 존재함" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "서명이 잘못되었거나 손상됨" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "서명이 인식되지 않았거나 손상됨" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "필요한 필드의 값이 빠졌음" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "필드의 값이 잘못됨" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "장치가 존재하지 않거나 연결이 해제됨" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "장치가 잘못되었거나 인식할 수 없음" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "장치가 쓰기 금지되어 있음" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "키가 잘못되어 가져올 수 없음" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "키 크기가 잘못되어 가져올 수 없음" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "키 종류가 잘못되어 가져올 수 없음" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "이미 로그인되어 있음" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "로그인한 사용자가 없음" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "사용자의 암호나 PIN이 설정되지 않음" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "사용자 종류가 잘못됨" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "다른 사용자가 로그인되어 있음" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "다른 종류의 사용자가 너무 많이 로그인되어 있음" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "잘못된 키를 가져올 수 없음" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "크기가 잘못된 키를 가져올 수 없음" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "잘못된 키를 내보낼 수 없음" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "크기가 잘못된 키를 내보낼 수 없음" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "종류가 잘못된 키를 내보낼 수 없음" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "난수 생성기를 초기화할 수 없음" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "난수 생성기를 사용할 수 없음" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "암호화 방식의 인자가 잘못됨" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "결과를 저장할 공간이 없음" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "저장된 상태가 잘못됨" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "민감한 정보를 노출할 수 없음" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "상태를 저장할 수 없음" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "모듈이 초기화되지 않았음" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "모듈이 이미 초기화되었음" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "데이터를 잠글 수 없음" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "데이터를 잠글 수 없음" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "사용자가 요청을 거절했습니다" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "알 수 없는 오류" diff --git a/po/lt.gmo b/po/lt.gmo new file mode 100644 index 0000000..2123f80 Binary files /dev/null and b/po/lt.gmo differ diff --git a/po/lt.po b/po/lt.po new file mode 100644 index 0000000..0d81ef8 --- /dev/null +++ b/po/lt.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Lithuanian (http://www.transifex.com/freedesktop/p11-kit/language/lt/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: lt\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/lv.gmo b/po/lv.gmo new file mode 100644 index 0000000..8d45fdc Binary files /dev/null and b/po/lv.gmo differ diff --git a/po/lv.po b/po/lv.po new file mode 100644 index 0000000..a8032a0 --- /dev/null +++ b/po/lv.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Rūdolfs Mazurs , 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 15:00+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Latvian (http://www.transifex.com/freedesktop/p11-kit/language/lv/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: lv\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Darbība tika atcelta" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Nav pietiekami daudz brīvas atmiņas" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Norādītais slota ID nav derīgs" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Iekšēja kļūda" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Darbība cieta neveiksmi" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Nederīgi parametri" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modulis nevar izveidot vajadzīgos pavedienus" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modulis nevar noslēgt datu īpašību" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Lauks ir tikai lasāms" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Lauks ir sensitīvs un to nevar atklāt" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Lauks ir nederīgs vai arī neeksistē" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Nederīga vērtība vai lauks" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Dati nav derīgi vai arī nav atpazīti" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Pārāk daudz datu" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Uz ierīces gadījās kļūda" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Uz ierīces nepietiek brīvās atmiņas" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Ierīce tika izņemta vai atvienota" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Šifrētie dati nav derīgi vai nav atpazīti" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Šifrētie dati ir pārāk daudz" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Darbība nav atbalstīta" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Trūkst vai nav derīga atslēga" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Atslēgai ir nepareizs izmērs" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Atslēgai ir nepareizs tips" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Atslēgas nav vajadzīgas" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Atslēga ir citādāka, kā iepriekš" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Ir nepieciešama atslēga" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Īssavilkumā nevar iekļaut atslēgu" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Ar šo atslēgu nevar izpildīt šo darbību" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Atslēgu nevar ietīt" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Nevar eksportēt šo atslēgu" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Šifrēšanas mehānisms ir nederīgs vai nav atpazīts" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Šifrēšanas mehānismam ir nederīgi parametri" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Trūkst objekta, vai arī tas ir nederīgs" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Jau notiek cita darbība" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Pašlaik nenotiek neviena darbība" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Parole vai PIN nav pareiza" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Parole vai PIN nav derīga" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Parolei vai PIN ir nederīgs garums" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Parolei vai PIN ir beidzies termiņš" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Parole vai PIN ir bloķēta" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sesija ir aizvērta" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Ir pārāk daudz aktīvu sesiju" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sesija nav derīga" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sesija ir tikai lasāma" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Eksistē atvērta sesija" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Eksistē tikai lasāma sesija" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Eksistē administratora sesija" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Paraksts ir slikts vai bojāts" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Paraksts ir neatpazīts vai bojāts" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Trūkst noteikti pieprasītie lauki" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Noteiktiem laukiem ir nederīgas vērtības" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Ierīce nav pievienota" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Ierīce ir nederīga vai nav atpazīta" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Ierīcē nevar rakstīt" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Nevar importēt, jo atslēga nav derīga" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Nevar importēt, jo atslēgai ir nepareizs izmērs" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Nevar importēt, jo atslēgai ir nepareizs tips" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Jūs jau esat ierakstījies" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Neviens lietotājs nav ierakstījies" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Lietotāja parole vai PIN nav iestatīta" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Lietotājam ir nederīgs tips" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Kāds cits lietotājs jau ir ierakstījies" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Ir ierakstījušies pārāk daudz dažādu veidu lietotāji" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Nevar importēt nederīgu atslēgu" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Nevar eksportēt, jo atslēgai ir nepareizs izmērs" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Nevar eksportēt, jo atslēga ir nederīga" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Nevar eksportēt, jo atslēgai ir nepareizs izmērs" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Nevar eksportēt, jo atslēgai ir nepareizs tips" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Nevar inicializēt nejaušo skaitļu ģeneratoru" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nav pieejams nejaušo skaitļu ģenerators" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Šifrēšanas mehānismam ir nederīgs parametrs" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Nepietiek vietas, lai saglabātu rezultātu" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Saglabātais stāvoklis nav derīgs" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informācija ir sensitīva un to nevar atklāt" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Stāvokli nevar saglabāt" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modulis nav inicializēts" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modulis jau ir inicializēts" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Nevar noslēgt datus" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Datus nevar noslēgt" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Nezināma kļūda" diff --git a/po/meson.build b/po/meson.build new file mode 100644 index 0000000..c6dddc8 --- /dev/null +++ b/po/meson.build @@ -0,0 +1 @@ +i18n.gettext(meson.project_name()) diff --git a/po/ml.gmo b/po/ml.gmo new file mode 100644 index 0000000..f64a923 Binary files /dev/null and b/po/ml.gmo differ diff --git a/po/ml.po b/po/ml.po new file mode 100644 index 0000000..2d1a3b8 --- /dev/null +++ b/po/ml.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Malayalam (http://www.transifex.com/freedesktop/p11-kit/language/ml/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ml\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/mr.gmo b/po/mr.gmo new file mode 100644 index 0000000..dbad3ee Binary files /dev/null and b/po/mr.gmo differ diff --git a/po/mr.po b/po/mr.po new file mode 100644 index 0000000..cd2efb6 --- /dev/null +++ b/po/mr.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Marathi (http://www.transifex.com/freedesktop/p11-kit/language/mr/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: mr\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/ms.gmo b/po/ms.gmo new file mode 100644 index 0000000..0da0339 Binary files /dev/null and b/po/ms.gmo differ diff --git a/po/ms.po b/po/ms.po new file mode 100644 index 0000000..7c9ffa6 --- /dev/null +++ b/po/ms.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Malay (http://www.transifex.com/freedesktop/p11-kit/language/ms/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ms\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/nb.gmo b/po/nb.gmo new file mode 100644 index 0000000..eeaa5d1 Binary files /dev/null and b/po/nb.gmo differ diff --git a/po/nb.po b/po/nb.po new file mode 100644 index 0000000..ec7ecd6 --- /dev/null +++ b/po/nb.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Norwegian Bokmål (http://www.transifex.com/freedesktop/p11-kit/language/nb/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: nb\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/nl.gmo b/po/nl.gmo new file mode 100644 index 0000000..e22c02e Binary files /dev/null and b/po/nl.gmo differ diff --git a/po/nl.po b/po/nl.po new file mode 100644 index 0000000..389f03f --- /dev/null +++ b/po/nl.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Richard E. van der Luit , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:45+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Dutch (http://www.transifex.com/freedesktop/p11-kit/language/nl/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: nl\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "De bewerking werd afgebroken" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Onvoldoende geheugen beschikbaar" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "De opgegeven slot ID is niet geldig" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Interne fout" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "De bewerking mislukte" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Ongeldige argumenten" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "De module kan de noodzakelijke threads niet aanmaken" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "De module kan de data niet naar behoren vergrendelen" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Het veld is alleen-lezen" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Het veld is vertrouwelijk en kan niet worden onthuld" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Het veld is ongeldig of bestaat niet" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Ongeldige waarde voor veld" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "De data is niet geldig of wordt niet herkend" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "De data is te lang" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Er trad een fout op bij het apparaat" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Onvoldoende geheugen op het apparaat beschikbaar" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Het apparaat werd verwijderd of afgekoppeld" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "De versleutelde data is niet geldig of wordt niet herkend" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "De versleutelde data is te lang" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Deze bewerking wordt niet ondersteund" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "De sleutel ontbreekt of is ongeldig" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "De sleutel heeft een verkeerde grootte" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "De sleutel is van het verkeerde type" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Er is geen sleutel nodig" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "De sleutel is anders dan voorheen" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Er is een sleutel nodig" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Kan geen sleutel in de digest opnemen" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Deze bewerking kan niet met deze sleutel uitgevoerd worden" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Sleutelwrapping niet gelukt" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Kan deze sleutel niet exporteren" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Het crypto mechanisme is ongeldig of wordt niet herkend" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Het crypto mechanisme heeft een ongeldig argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Het object mist of is ongeldig" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Er wordt al een andere bewerking uitgevoerd" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Er wordt momenteel geen bewerking uitgevoerd" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Het wachtwoord of PIN in incorrect" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Het wachtwoord of PIN is ongeldig" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Het wachtwoord of PIN heeft een ongeldige lengte" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Het wachtwoord of PIN is verlopen" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Het wachtwoord of PIN is vergrendeld" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "De sessie is afgesloten" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Er zijn te veel sessies actief" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "De sessie is ongeldig" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "De sessie is alleen-lezen" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Er is een open sessie" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Er is een alleen-lezen sessie" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Er is een beheerder sessie" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "De handtekening is fout of gecorrumpeerd" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "De handtekening wordt niet herkend of is gecorrumpeerd" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Sommige verplichte velden ontbreken" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Bepaalde velden hebben ongeldige waarden" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Het apparaat is niet aanwezig of afgekoppeld " + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Het apparaat is ongeldig of onherkenbaar" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Het apparaat is beveiligd tegen schrijven" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Kan niet importeren omdat de sleutel ongeldig is" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Kan niet importeren omdat de sleutel de verkeerde lengte heeft" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Kan niet importeren omdat de sleutel van het verkeerde type is" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "U bent reeds ingelogd" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Er is geen gebruiker ingelogd" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Het wachtwoord of PIN van gebruiker is niet ingesteld" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "De gebruiker is van het verkeerde gebruikerstype" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Er is reeds een andere gebruiker ingelogd" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Er zijn te veel gebruikers van verschillende types ingelogd" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Kan geen ongeldige sleutel importeren" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Kan geen sleutel importeren van de verkeerde grootte" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Kan niet exporteren omdat de sleutel ongeldig is" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Kan niet exporteren omdat de sleutel de verkeerde grootte heeft" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Kan niet exporteren omdat de sleutel van het verkeerde type is" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Niet in staat de random-number-generator te initialiseren" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Geen random-number-generator beschikbaar" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Het crypto mechanisme heeft een ongeldige parameter" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Niet genoeg ruimte om het resultaat op te slaan" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "De opgeslagen status is ongeldig " + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "De informatie is vertrouwelijk en kan niet worden onthuld" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "De status kan niet opgeslagen worden" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "De module is niet geïnitialiseerd" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "De module is reeds geïnitialiseerd" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Kan data niet vergrendelen" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "De data kan niet vergrendeld worden" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Onbekende fout" diff --git a/po/nn.gmo b/po/nn.gmo new file mode 100644 index 0000000..6466772 Binary files /dev/null and b/po/nn.gmo differ diff --git a/po/nn.po b/po/nn.po new file mode 100644 index 0000000..e5d1b41 --- /dev/null +++ b/po/nn.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Norwegian Nynorsk (http://www.transifex.com/freedesktop/p11-kit/language/nn/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: nn\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/oc.gmo b/po/oc.gmo new file mode 100644 index 0000000..530158a Binary files /dev/null and b/po/oc.gmo differ diff --git a/po/oc.po b/po/oc.po new file mode 100644 index 0000000..2f5504f --- /dev/null +++ b/po/oc.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Cédric Valmary , 2016 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-23 20:04+0000\n" +"Last-Translator: Cédric Valmary \n" +"Language-Team: Occitan (post 1500) (http://www.transifex.com/freedesktop/p11-kit/language/oc/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: oc\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "L'operacion es estada anullada" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Memòria disponibla insufisenta" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "L'identificant de slot indicat es invalid" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Error intèrna" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "L'operacion a fracassat" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Arguments invalids" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Lo modul pòt pas crear los fials d'execucion necessaris" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Lo modul pòt pas verrolhar corrèctament las donadas" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Lo camp es en lectura sola" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Lo camp es sensible e pòt pas èsser revelat" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Lo camp es invalid o existís pas" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valor invalida pel camp" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "La donada es invalida o pas reconeguda" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Donadas tròp longas" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Una error s'es producha sul periferic" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Memòria insufisenta sul periferic" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Lo periferic es estat suprimit o desbrancat" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Las donadas chifradas son invalidas o pas reconegudas" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Las donadas chifradas son tròp longas" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "L'operacion es pas presa en carga" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Clau mancanta o invalida" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "La longor de la clau es incorrècta" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Lo tipe de la clau es incorrècte" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Pas de clau necessària" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "La clau es diferenta de precedentament" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Una clau es necessària" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Impossible d'inclure la clau dins lo condensat" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Aquesta operacion es incompatibla amb aquesta clau" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "La clau pòt pas èsser embalada" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "La clau a pas pogut èsser exportada" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Lo mecanisme de chiframent es invalid o pas reconegut" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Lo mecanisme de chiframent a un argument invalid" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objècte mancant o invalid" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Una autra operacion es ja en cors" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Pas cap d'operacion en cors" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Lo senhal o lo còde PIN es incorrècte" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Lo senhal o lo còde PIN es invalid" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "La longor del senhal o del còde PIN es incorrècta" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Lo senhal o lo còde PIN a expirat" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Lo senhal o lo còde PIN es blocat" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "La session es tampada" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Tròp de sessions activas" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "La session es invalida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "La session es en lectura sola" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Una session dobèrta existís" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Una session en lectura sola existís" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Un administrator de sessions existís" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "La signatura es incorrècta o corrompuda" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "La signatura pòt pas èsser reconeguda o es corrompuda" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Certans camps requesits son mancants" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Certans camps an de valors invalidas" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Lo periferic es absent o desbrancat" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Lo periferic es invalid o pas reconegut" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Lo periferic es protegit en escritura" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Impossible d'importar perque la clau es invalida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Impossible d'importar perque la clau a pas la bona talha" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Impossible d'importar perque la clau es pas del bon tipe" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Sètz ja connectat" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Cap d'utilizaire pas connectat" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Lo senhal o l'identificant personal es pas configurat" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "L'utilizaire a pas lo bon tipe" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Un autre utilizaire es ja connectat" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Tròp d'utilizaires de diferents tipes son connectats" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Impossible d'importar una clau invalida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Impossible d'importar una clau de la marrida talha" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Impossible d'exportar perque la clau es invalida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Impossible d'exportar perque la clau a pas la bona talha" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Impossible d'exportar perque la clau es pas del bon tipe" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Impossible d'inicializar lo generador de nombres aleatòris" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Cap de generator de nombres aleatòris es pas disponible" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Lo mecanisme de chiframent a un paramètre invalid" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Pas pro d'espace per enregistrar lo resultat" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "L'estat enregistrat es invalid" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "L'informacion es sensibla e pòt pas èsser revelada" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "L'estat pòt pas èsser enregistrat" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Lo modul es pas estat reïnicializat" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Lo modul es ja estat reïnicializat" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Impossible de verrolhar las donadas" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Las donadas pòdon pas èsser verrolhadas" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "La demanda es estada regetada per l'utilizaire" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Error desconeguda" diff --git a/po/or.gmo b/po/or.gmo new file mode 100644 index 0000000..eb85549 Binary files /dev/null and b/po/or.gmo differ diff --git a/po/or.po b/po/or.po new file mode 100644 index 0000000..82eb651 --- /dev/null +++ b/po/or.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Oriya (http://www.transifex.com/freedesktop/p11-kit/language/or/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: or\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/p11-kit.pot b/po/p11-kit.pot new file mode 100644 index 0000000..ca34955 --- /dev/null +++ b/po/p11-kit.pot @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: p11-kit 0.23.21\n" +"Report-Msgid-Bugs-To: https://github.com/p11-glue/p11-kit/issues\n" +"POT-Creation-Date: 2020-08-18 16:34+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/pa.gmo b/po/pa.gmo new file mode 100644 index 0000000..d9dd538 Binary files /dev/null and b/po/pa.gmo differ diff --git a/po/pa.po b/po/pa.po new file mode 100644 index 0000000..5043530 --- /dev/null +++ b/po/pa.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# A S Alam , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 13:38+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Panjabi (Punjabi) (http://www.transifex.com/freedesktop/p11-kit/language/pa/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: pa\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "ਕਾਰਵਾਈ ਰੱਦ ਕੀਤੀ ਗਈ" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "ਲੋੜੀਦੀ ਮੈਮੋਰੀ ਉਪਲੱਬਧ ਨਹੀਂ" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "ਦਿੱਤੀ ਸਲਾਟ ID ਉਪਲੱਬਧ ਨਹੀਂ" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "ਅੰਦਰੂਨੀ ਗਲਤੀ" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "ਕਾਰਵਾਈ ਫੇਲ੍ਹ ਹੋਈ" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "ਗਲਤ ਆਰਗੂਮੈਂਟ" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "ਮੋਡੀਊਲ ਲੋੜੀਦੇ ਥਰਿੱਡ ਨਹੀਂ ਬਣਾ ਸਕਦਾ ਹੈ" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "ਮੋਡੀਊਲ ਲਾਕ ਡਾਟਾ ਠੀਕ ਤਰ੍ਹਾਂ ਨਹੀਂ ਕਰ ਸਕਦਾ ਹੈ" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "ਖੇਤਰ ਕੇਵਲ ਪੜ੍ਹਨ ਲਈ ਹੈ" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "ਖੇਤਰ ਗਲਤ ਹੈ ਜਾਂ ਮੌਜੂਦ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "ਖੇਤਰ ਲਈ ਗਲਤ ਮੁੱਲ" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "ਡਾਟਾ ਗਲਤ ਹੈ ਜਾਂ ਪਛਾਣਿਆ ਨਹੀਂ ਜਾ ਸਕਦਾ" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "ਡਾਟਾ ਬਹੁਤ ਲੰਮਾ ਹੈ" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "ਜੰਤਰ ਉੱਤੇ ਗਲਤੀ ਆਈ ਹੈ" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "ਜੰਤਰ ਉੱਤੇ ਲੋੜੀਦੀ ਮੈਮੋਰੀ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "ਜੰਤਰ ਹਟਾਇਆ ਗਿਆ ਜਾਂ ਪਲੱਗ ਕੱਢਿਆ" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "ਇੰਕ੍ਰਿਪਟ ਕੀਤਾ ਡਾਟਾ ਠੀਕ ਨਹੀਂ ਜਾਂ ਪਛਾਣ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "ਇੰਕ੍ਰਿਪਟ ਕੀਤਾ ਡਾਟਾ ਬਹੁਤ ਲੰਮਾ ਹੈ" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "ਇਹ ਕਾਰਵਾਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "ਕੁੰਜੀ ਮੌਜੂਦ ਨਹੀਂ ਜਾਂ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "ਕੁੰਜੀ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "ਕਿਸੇ ਕੁੰਜੀ ਦੀ ਲੋੜ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "ਕੁੰਜੀ ਪਹਿਲਾਂ ਤੋਂ ਵੱਖਰੀ ਹੈ" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "ਕੁੰਜੀ ਦੀ ਲੋੜ ਹੈ" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "ਇਹ ਕਾਰਵਾਈ ਇਸ ਕੁੰਜੀ ਨਾਲ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ ਹੈ" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "ਇਹ ਕੁੰਜੀ ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "ਕ੍ਰਿਪਟੂ ਢੰਗ ਗਲਤ ਜਾਂ ਬੇਪਛਾਣ ਹੈ" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "ਕ੍ਰਿਪਟੂ ਢੰਗ ਵਿੱਚ ਗਲਤ ਆਰਗੂਮੈਂਟ ਹੈ" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "ਆਬਜੈਕਟ ਗੁੰਮ ਹੈ ਜਾਂ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "ਹੋਰ ਕਾਰਵਾਈ ਪਹਿਲਾਂ ਹੀ ਜਾਰੀ ਹੈ" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "ਕੋਈ ਕਾਰਵਾਈ ਜਾਰੀ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਅਵੈਧ ਹੈ" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਦੀ ਲੰਬਾਈ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਦੀ ਮਿਆਦ ਪੁੱਗ ਚੁੱਕੀ ਹੈ" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਲਾਕ ਹੈ" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "ਸ਼ੈਸ਼ਨ ਬੰਦ ਹੈ" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "ਬਹੁਤ ਸਾਰੇ ਸ਼ੈਸ਼ਨ ਐਕਟਿਵ ਹਨ" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "ਸ਼ੈਸ਼ਨ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "ਸ਼ੈਸ਼ਨ ਕੇਵਲ ਪੜ੍ਹਨ ਲਈ ਹ" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "ਖੁੱਲ੍ਹਾ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "ਕੇਵਲ ਪੜ੍ਹਨ ਵਾਲਾ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "ਪਰਸ਼ਾਸ਼ਕੀ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "ਦਸਤਖਤ ਖ਼ਰਾਬ ਜਾਂ ਨਿਕਾਰਾ ਹਨ" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "ਦਸਤਖਤ ਬੇਪਛਾਣ ਜਾਂ ਨਿਕਾਰਾ ਹਨ" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "ਕੁਝ ਲੋੜੀਦੇ ਖੇਤਰ ਗੁੰਮ ਹਨ" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "ਕੁਝ ਖੇਤਰਾਂ ਵਿੱਚ ਗਲਤ ਮੁੱਲ ਹਨ" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "ਜੰਤਰ ਮੌਜੂਦ ਨਹੀਂ ਜਾਂ ਪਲੱਗ ਕੱਢਿਆ ਹੋਇਆ ਹੈ" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "ਜੰਤਰ ਗਲਤ ਜਾਂ ਬੇਪਛਾਣ ਹੈ" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "ਜੰਤਰ ਲਿਖਣ ਤੋਂ ਸੁਰੱਖਿਅਤ ਹੈ" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "ਤੁਸੀਂ ਪਹਿਲਾਂ ਹੀ ਲਾਗਇਨ ਹੋ" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "ਕੋਈ ਯੂਜ਼ਰ ਲਾਗਇਨ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "ਯੂਜ਼ਰ ਦਾ ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਸੈੱਟ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "ਯੂਜ਼ਰ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "ਹੋਰ ਯੂਜ਼ਰ ਪਹਿਲਾਂ ਹੀ ਲਾਗਇਨ ਹੈ" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "ਗਲਤ ਕੁੰਜੀ ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "ਗਲਤ ਆਕਾਰ ਦੀ ਕੁੰਜੀ ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦੀ ਗਲਤ ਕਿਸਮ ਹੈ" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "ਰੈਂਡਮ ਨੰਬਰ ਜਰਨੇਟਰ ਸ਼ੁਰੂ ਕਰਨ ਲਈ ਅਸਮਰੱਥ" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "ਕੋਈ ਰੈਂਡਮ ਨੰਬਰ ਜਰਨੇਟਰ ਉਪਲੱਬਧ ਨਹੀਂ" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "ਨਤੀਜਾ ਸਟੋਰ ਕਰਨ ਲਈ ਲੋੜੀਦੀ ਥਾਂ ਨਹੀਂ ਹੈ" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "ਸੰਭਾਲੀ ਹਾਲਤ ਗਲਤ ਹੈ" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "ਹਾਲਤ ਸੰਭਾਲੀ ਨਹੀਂ ਜਾ ਸਕਦੀ" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "ਮੋਡੀਊਲ ਸ਼ੁਰੂ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "ਮੋਡੀਊਲ ਪਹਿਲਾਂ ਹੀ ਸ਼ੁਰੂ ਕੀਤਾ ਜਾ ਚੁੱਕਾ ਹੈ" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "ਡਾਟਾ ਲਾਕ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "ਡਾਟਾ ਲਾਕ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "ਅਣਜਾਣ ਗਲਤੀ" diff --git a/po/pl.gmo b/po/pl.gmo new file mode 100644 index 0000000..7117a01 Binary files /dev/null and b/po/pl.gmo differ diff --git a/po/pl.po b/po/pl.po new file mode 100644 index 0000000..412b83e --- /dev/null +++ b/po/pl.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Piotr Drąg , 2012-2013,2016 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:46+0000\n" +"Last-Translator: Piotr Drąg \n" +"Language-Team: Polish (http://www.transifex.com/freedesktop/p11-kit/language/pl/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: pl\n" +"Plural-Forms: nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Anulowano działanie" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Za mało dostępnej pamięci" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Podany identyfikator gniazda jest nieprawidłowy" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Wewnętrzny błąd" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Działanie się nie powiodło" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Nieprawidłowe parametry" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Moduł nie może utworzyć wymaganych wątków" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Moduł nie może poprawnie zablokować danych" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Pole jest tylko do odczytu" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Pole jest prywatne i nie może zostać ujawnione" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Pole jest nieprawidłowe lub nie istnieje" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Nieprawidłowa wartość dla pola" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Dane są nieprawidłowe lub nierozpoznane" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Dane są za długie" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Wystąpił błąd na urządzeniu" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Za mało pamięci dostępnej na urządzeniu" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Urządzenie zostało usunięte lub rozłączone" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Zaszyfrowane dane są nieprawidłowe lub nierozpoznane" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Zaszyfrowane dane są za długie" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "To działanie nie jest obsługiwane" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Brak klucza lub jest nieprawidłowy" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Klucz ma błędny rozmiar" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Klucz jest błędnego typu" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Klucz nie jest wymagany" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Klucz jest inny niż poprzednio" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Wymagany jest klucz" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Nie można dołączyć klucza w wyciągu" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "To działanie nie może zostać wykonane za pomocą tego klucza" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Nie można opakować klucza" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Nie można wyeksportować tego klucza" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Mechanizm kryptograficzny jest nieprawidłowy lub nierozpoznany" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Mechanizm kryptograficzny ma nieprawidłowy parametr" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Brak obiektu lub jest nieprawidłowy" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Inne działanie jest teraz wykonywane" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Żadne działanie nie jest wykonywane" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Hasło lub kod PIN jest niepoprawny" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Hasło lub kod PIN jest nieprawidłowy" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Hasło lub kod PIN ma nieprawidłową długość" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Hasło lub kod PIN wygasł" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Hasło lub kod PIN jest zablokowany" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sesja jest zamknięta" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Za dużo sesji jest aktywnych" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sesja jest nieprawidłowa" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sesja jest tylko do odczytu" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Istnieje otwarta sesja" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Istnieje sesja tylko do odczytu" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Istnieje sesja administratora" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Podpis jest błędny lub uszkodzony" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Podpis jest nierozpoznany lub uszkodzony" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Brak pewnych wymaganych pól" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Pewne pola zawierają nieprawidłowe wartości" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Urządzenie nie jest obecne lub jest odłączone" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Urządzenie jest nieprawidłowe lub nierozpoznane" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Urządzenie jest chronione przed zapisem" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Nie można zaimportować, ponieważ klucz jest nieprawidłowy" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Nie można zaimportować, ponieważ klucz ma błędny rozmiar" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Nie można zaimportować, ponieważ klucz jest błędnego typu" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Użytkownik jest już zalogowany" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Żaden użytkownik nie jest zalogowany" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Hasło lub kod PIN użytkownika nie jest ustawiony" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Użytkownik jest nieprawidłowego typu" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Inny użytkownik jest już zalogowany" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Za dużo użytkowników różnych typów jest zalogowanych" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Nie można zaimportować nieprawidłowego klucza" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Nie można zaimportować klucza o błędnym rozmiarze" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Nie można wyeksportować, ponieważ klucz jest nieprawidłowy" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Nie można wyeksportować, ponieważ klucz ma błędny rozmiar" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Nie można wyeksportować, ponieważ klucz jest błędnego typu" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Nie można zainicjować generatora liczb losowych" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Brak dostępnych generatorów liczb losowych" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Mechanizm kryptograficzny ma nieprawidłowy parametr" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Za mało miejsca, aby przechować wynik" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Zapisany stan jest nieprawidłowy" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informacja jest prywatna i nie może zostać ujawniona" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Nie można zapisać stanu" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Moduł nie został zainicjowany" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Moduł został już zainicjowany" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Nie można zablokować danych" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Nie można zablokować danych" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Żądanie zostało odrzucone przez użytkownika" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Nieznany błąd" diff --git a/po/pt.gmo b/po/pt.gmo new file mode 100644 index 0000000..1be3a01 Binary files /dev/null and b/po/pt.gmo differ diff --git a/po/pt.po b/po/pt.po new file mode 100644 index 0000000..bb59fde --- /dev/null +++ b/po/pt.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Pedro Albuquerque , 2015 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 19:45+0000\n" +"Last-Translator: Pedro Albuquerque \n" +"Language-Team: Portuguese (http://www.transifex.com/freedesktop/p11-kit/language/pt/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: pt\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "A operação foi cancelada" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Memória disponível insuficiente" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "A ID de ranhura especificada não é válida" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Erro interno" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "A operação falhou" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argumentos inválidos" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "O módulos não pode criar as linhas necessárias" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "O módulo não pode bloquear dados como requerido" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "O campo é só de leitura" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "O campo é sensível e não pode ser revelado" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "O campo é inválido ou não existe" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valor inválido para o campo" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Os dados não são válidos ou reconhecidos" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Dados demasiado longos" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Ocorreu um erro no dispositivo" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Memória disponível no dispositivo insuficiente" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "O dispositivo foi removido ou desligado" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Os dados encriptados não são válidos ou reconhecidos" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Os dados encriptados são demasiado longos" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "A operação não é suportada" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "A chave está em falta ou não é válida" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "A chave é de tamanho errado" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "A chave é de tipo errado" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Não é precisa chave" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "A chave é diferente da anterior" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "É precisa uma chave" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Impossível incluir a chave no digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Esta operação não pode ser feita com esta chave" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "A chave não pode ser quebrada" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Impossível exportar esta chave" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "O mecanismo de encriptação é inválido ou desconhecido" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "O mecanismo de encriptação tem um argumento inválido" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "O objeto está em falta ou é inválido" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Já está a ter lugar outra operação" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Nenhuma operação a ter lugar" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Senha ou pin incorretos" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Senah ou pin inválidos" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Senha ou pin de tamanho inválido" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Senha ou pin expirados" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Senha ou pin trancados" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "A sessão está fechada" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Demasiadas sessões ativas" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sessão inválida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sessão só de leitura" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Já existe uma sessão aberta" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Já existe uma sessão só de leitura" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Já existe uma sessão de administrador" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Assinatura errada ou corrompida" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Assinatura desconhecida ou corrompida" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Campos necessários em falta" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Certos campos têm valores inválidos" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "O dispositivo não está presente ou está desligado" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Dispositivo inválido ou irreconhecível" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Dispositivo protegido contra escrita" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Impossível importar por a chave ser inválida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Impossível importar por a chave ser de tamanho errado" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Impossível importar por a chave ser de tipo errado" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Já iniciou sessão" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Nenhum utilizador iniciou sessão" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "A senha ou pin do utilizador não está definida" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "O utilizador é de tipo inválido" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Já está outro utilizador com sessão iniciada" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Demasiados utilizadores de tipos diferentes com sessão iniciada" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Impossível importar uma chave inválida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Impossível importar uma chave de tamanho errado" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Impossível exportar por a chave ser inválida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Impossível exportar por a chave ser de tamanho errado" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Impossível exportar por a chave ser de tipo errado" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Impossível inicializar o gerador de números aleatórios" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Sem gerador de números aleatórios disponível" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "O mecanismo de encriptação tem um parâmetro inválido" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Sem espaço para armazenar o resultado" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "O estado gravado é inválido" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "A informação é sensível e não pode ser revelada" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "O estado não pode ser gravado" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "O módulo não foi inicializado" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "O módulo já foi inicializado" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Impossível trancar os dados" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Os dados não podem ser trancados" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "O pedido foi rejeitado pelo utilizador" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Erro desconhecido" diff --git a/po/pt_BR.gmo b/po/pt_BR.gmo new file mode 100644 index 0000000..f671dd6 Binary files /dev/null and b/po/pt_BR.gmo differ diff --git a/po/pt_BR.po b/po/pt_BR.po new file mode 100644 index 0000000..356f150 --- /dev/null +++ b/po/pt_BR.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Rafael Fontenelle , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:53+0000\n" +"Last-Translator: Rafael Fontenelle \n" +"Language-Team: Portuguese (Brazil) (http://www.transifex.com/freedesktop/p11-kit/language/pt_BR/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: pt_BR\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "A operação foi cancelada" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Memória insuficiente disponível" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "O ID do slot especificado não é válido" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Erro interno" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "A operação falhou" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Argumentos inválidos" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "O módulo não pode criar threads necessárias" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "O módulo não pode travar os dados da forma apropriada" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "O campo é somente leitura" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "O campo é sensitivo e não pode ser revelado" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "O campo é inválido ou não existe" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Valor inválido para o campo" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Os dados não são válidos ou irreconhecíveis" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Os dados são muito longos" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Um erro ocorreu no dispositivo" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Memória insuficiente disponível no dispositivo" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "O dispositivo foi removido ou desconectado" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Os dados criptografados não são válidos ou são irreconhecíveis" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Os dados criptografados são muito longos" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "A operação não é suportada" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "A chave está faltando ou é inválido" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "A chave possui tamanho incorreto" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "A chave possui tipo incorreto" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Nenhuma chave é necessária" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "A chave é diferente da anterior" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Uma chave é necessária" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Falha na inclusão da chave no digest" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Essa operação não pode ser executada com esta chave" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "A chave não pode ser ajustada" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Não pode exportar essa chave" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "O mecanismo de criptografia é inválido ou irreconhecível" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "O mecanismo de criptografia tem um argumento inválido" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "O objeto está faltando ou inválido" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Outra operação já está em execução" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Nenhuma operação está em execução" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "A senha ou PIN é incorreta" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "A senha ou PIN é inválida" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "A senha ou PIN possui um comprimeto inválido" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "A senha ou PIN expirou" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "A senha ou PIN está travada" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "A sessão está fechada" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Sessões demais estão ativas" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "A sessão é inválida" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "A sessão é somente leitura" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Uma sessão aberta existe" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Uma sessão somente leitura existe" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Uma sessão de administração existe" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "A assinatura está ruim ou corrompida" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "A assinatura está irreconhecível ou corrompida" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Certos campos necessários estão faltando" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Certos campos possuem valores inválidos" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "O dispositivo não está presente ou está desconectado" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "O dispositivo é inválido ou irreconhecível" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "O dispositivo está protegido contra gravação" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Não é possível importar porque a chave é inválida" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Não é possível importar porque a chave possui tamanho incorreto" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Não é possível importar porque a chave é do tipo incorreto" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Você já está conectado" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Nenhum usuário está conectado" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "A senha do usuário ou PIN não foi definida" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "O usuário é de um tipo inválido" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Outro usuário já está conectado" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Usuários demais de diferentes tipos estão conectados" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Não é possível importar uma chave inválida" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Não é possível importar uma chave do tamanho incorreto" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Não é possível exportar porque a chave é inválida" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Não é possível exportar porque a chave é do tamanho errado" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Não é possível exportar porque a chave é do tipo errado" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Não conseguiu inicializar o gerador de número aleatório" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nenhum gerador de número aleatório disponível" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "O mecanismo de criptografia possui um parâmetro inválido" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Não há espaço suficiente para armazenar o resultado" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "O estado salvado é inválido" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "A informação é sensível e não pode ser revelada" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "O estado não pode ser salvado" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "O módulo não foi inicializado" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "O módulo já foi inicializado" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Não é possível travar os dados" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Os dados não podem ser travados" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "A requisição foi rejeitada pelo usuário" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Erro desconhecido" diff --git a/po/quot.sed b/po/quot.sed new file mode 100644 index 0000000..0122c46 --- /dev/null +++ b/po/quot.sed @@ -0,0 +1,6 @@ +s/"\([^"]*\)"/“\1”/g +s/`\([^`']*\)'/‘\1’/g +s/ '\([^`']*\)' / ‘\1’ /g +s/ '\([^`']*\)'$/ ‘\1’/g +s/^'\([^`']*\)' /‘\1’ /g +s/“”/""/g diff --git a/po/remove-potcdate.sin b/po/remove-potcdate.sin new file mode 100644 index 0000000..8c70dfb --- /dev/null +++ b/po/remove-potcdate.sin @@ -0,0 +1,25 @@ +# Sed script that removes the POT-Creation-Date line in the header entry +# from a POT file. +# +# Copyright (C) 2002 Free Software Foundation, Inc. +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without any warranty. +# +# The distinction between the first and the following occurrences of the +# pattern is achieved by looking at the hold space. +/^"POT-Creation-Date: .*"$/{ +x +# Test if the hold space is empty. +s/P/P/ +ta +# Yes it was empty. First occurrence. Remove the line. +g +d +bb +:a +# The hold space was nonempty. Following occurrences. Do nothing. +x +:b +} diff --git a/po/ro.gmo b/po/ro.gmo new file mode 100644 index 0000000..6b34b24 Binary files /dev/null and b/po/ro.gmo differ diff --git a/po/ro.po b/po/ro.po new file mode 100644 index 0000000..d14c0d3 --- /dev/null +++ b/po/ro.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Romanian (http://www.transifex.com/freedesktop/p11-kit/language/ro/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ro\n" +"Plural-Forms: nplurals=3; plural=(n==1?0:(((n%100>19)||((n%100==0)&&(n!=0)))?2:1));\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/ru.gmo b/po/ru.gmo new file mode 100644 index 0000000..ff6f492 Binary files /dev/null and b/po/ru.gmo differ diff --git a/po/ru.po b/po/ru.po new file mode 100644 index 0000000..aba84b5 --- /dev/null +++ b/po/ru.po @@ -0,0 +1,345 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# FIRST AUTHOR , 2011 +# Stas Solovey , 2013 +# Yuri Kozlov , 2014 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 14:17+0000\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian (http://www.transifex.com/freedesktop/p11-kit/language/ru/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ru\n" +"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Действие было отменено" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Недостаточно свободной памяти" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Указанный идентификатор слота не действителен" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Внутренняя ошибка" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Сбой при выполнении операции" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Недопустимые аргументы" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Модуль не может создать необходимые потоки" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Модуль не может блокировать данные должным образом" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Поле доступно только для чтения" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Поле содержит важную информацию и не может быть показано" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Поле не действительно или не существует" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Недействительное значение для поля" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Данные неверны или не распознаны" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Данные слишком длинные" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "На устройстве произошла ошибка" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "На устройстве недостаточно свободной памяти" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Устройство было удалено или отключено" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Зашифрованные данные неверны или не распознаны" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Зашифрованные данные слишком длинные" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Операция не поддерживается" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Ключ отсутствует или неверен" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Ключ имеет неправильный размер" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Ключ имеет неправильный тип" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Ключ не требуется" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Ключ отличается от предыдущего" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Необходим ключ" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Невозможно включить ключ в каталог" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Операция не может быть выполнена с данным ключом" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Ключ не может быть обернут" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Невозможно экспортировать данный ключ" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Механизм шифрования неверен или не распознан" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Механизм шифрования имеет неверный параметр" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Объект отсутствует или неверен" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "В данный момент выполняется другое действие" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "В данный момент никаких других операций не проводится" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Пароль или PIN неверен" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Пароль или PIN недействителен" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Пароль или PIN недопустимой длины" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Пароль или PIN устарел" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Пароль или PIN заблокирован" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Сеанс закрыт" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Слишком много активных сеансов" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Сеанс некорректен" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Сеанс доступен только для чтения" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Есть открытый сеанс" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Есть сеанс только для чтения" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Есть административный сеанс" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Подпись плоха или повреждена" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Подпись не распознана или повреждена" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Определённые необходимые поля отсутствуют" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Некоторые поля имеют неверные значения" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Устройство отсутствует или отключено" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Устройство неверно или неопознаваемо" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Устройство защищено от записи" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Не удалось импортировать, поскольку ключ неверен" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Не удалось импортировать, поскольку ключ неправильной длины" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Не удалось импортировать, поскольку ключ неправильного типа" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Вы уже вошли" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Нет вошедших пользователей" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Пароль пользователя, или его PIN не установлен" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Пользователь неверного типа" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Другой пользователь уже вошёл" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Слишком ного пользователей различных типов вошли в систему" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Не удалось импортировать неверный ключ" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Не удалось импортировать ключ неверного размера" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Не удалось экспортировать, потому что ключ неверен" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Не удалось экспортировать, потому что ключ имеет неверный размер" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Не удалось экспортировать, потому что ключ имеет неправильный тип" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Не могу инициализировать генератор случайных чисел" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Генератор случайных чисел недоступен" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Механизм шифрования имеет неверный параметр" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Недостаточно места для сохранения результата" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Сохранённое состояние неверно" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Информация засекречена и не может быть показана" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Состояние не может быть сохранено" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Модуль не был инициализирован" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Модуль уже инициализирован" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Не удалось заблокировать данные" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Данные не могут быть заблокированы" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Запрос отклонён пользователем" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Неизвестная ошибка" diff --git a/po/sk.gmo b/po/sk.gmo new file mode 100644 index 0000000..1788a13 Binary files /dev/null and b/po/sk.gmo differ diff --git a/po/sk.po b/po/sk.po new file mode 100644 index 0000000..8dc1a93 --- /dev/null +++ b/po/sk.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Dušan Kazik , 2015 +# helix84 , 2015 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 14:13+0000\n" +"Last-Translator: Dušan Kazik \n" +"Language-Team: Slovak (http://www.transifex.com/freedesktop/p11-kit/language/sk/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sk\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Operácia bola zrušená" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Nie je k dispozícii dostatok pamäte" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Uvedený ID slotu nie je platný" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Vnútorná chyba" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Operácia zlyhala" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Neplatné argumenty" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modul nedokáže vytvoriť potrebné vlákna" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modul nedokáže správne zamknúť dáta" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Pole je iba na čítanie" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Pole je citlivé a nemožno ho odhaliť" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Pole je neplatné alebo neexistuje" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Neplatná hodnota poľa" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Dáta nie sú platné alebo rozpoznané" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Dáta sú príliš dlhé" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Na zariadení sa vyskytla chyba" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Na zariadení nie je k dispozícii dostatok pamäte" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Zariadenie bolo odstránené alebo odpojené" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Šifrované dáta nie sú platné alebo rozpoznané" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Šifrované dáta sú príliš dlhé" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Operácia nie je podporovaná" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Kľúč chýba alebo je neplatný" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Kľúč má nesprávnu veľkosť" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Kľúč je nesprávneho typu" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Kľúč nie je potrebný" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Kľúč je iný ako predtým" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Kľúč je potrebný" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Nie je možné zahrnúť kľúč do výťahu" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Túto operáciu nie je možné vykonať s týmto kľúčom" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Kľúč nie je možné zabaliť" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Tento kľúč nemožno exportovať" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Šifrovací mechanizmus je neplatný alebo nerozpoznaný" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Šifrovací mechanizmus má neplatný argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objekt chýba alebo je neplatný" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Už prebieha iná operácia" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Neprebieha žiadna operácia" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Heslo alebo PIN je nesprávny" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Heslo alebo PIN je neplatný" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Heslo alebo PIN má neplatnú dĺžku" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Heslo alebo PIN vypršalo" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Heslo alebo PIN je zamknutý" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Relácia je zatvorená" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Je aktívnych príliš mnoho relácií" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Relácia je neplatná" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Relácia je iba na čítanie" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Existuje otvorená relácia" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Existuje relácia iba na čítanie" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Existuje relácia správcu" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Signatúra je chybná alebo poškodená" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Signatúra je nerozpoznaná alebo poškodená" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Chýbajú niektoré povinné polia" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Niektoré polia majú neplatné hodnoty" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Zariadenie nie je prítomné alebo je odpojené" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Zariadenie je neplatné alebo sa nedá rozpoznať" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Zariadenie je chránené proti zápisu" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Nie je možné importovať, pretože kľúč je neplatný" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Nie je možné importovať, pretože kľúč má nesprávnu veľkosť" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Nie je možné importovať, pretože kľúč je nesprávneho typu" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Už ste prihlásený" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Nie je prihlásený žiaden používateľ" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Heslo alebo PIN používateľa nie je nastavený" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Používateľ je neplatného typu" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Iný používateľ je už prihlásený" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Je prihlásených príliš veľa používateľov rozličných typov" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Nedá sa importovať neplatný kľúč" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Nedá sa importovať kľúč nesprávnej veľkosti" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Nedá sa exportovať, pretože kľúč je neplatný" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Nedá sa exportovať, pretože kľúč je nesprávnej veľkosti" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Nedá sa exportovať, pretože kľúč je nesprávneho typu" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Nie je možné inicializovať generátor náhodných čísel" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Nie je dostupný žiadny generátor náhodných čísel" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Šifrovací mechanizmus má neplatný parameter" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Nedostatok miesta na uloženie výsledku" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Uložený stav je neplatný" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informácie sú citlivé a nemôžu byť odhalené" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Stav sa nedá uložiť" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modul nebol inicializovaný" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modul už bol inicializovaný" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Nedajú sa uzamknúť údaje" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Údaje nemôžu byť uzamknuté" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Požiadavka bola odmietnutá používateľom" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Neznáma chyba" diff --git a/po/sl.gmo b/po/sl.gmo new file mode 100644 index 0000000..e4439fd Binary files /dev/null and b/po/sl.gmo differ diff --git a/po/sl.po b/po/sl.po new file mode 100644 index 0000000..e754dd6 --- /dev/null +++ b/po/sl.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Martin Srebotnjak , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:46+0000\n" +"Last-Translator: Martin Srebotnjak \n" +"Language-Team: Slovenian (http://www.transifex.com/freedesktop/p11-kit/language/sl/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sl\n" +"Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Operacija je bila preklicana" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Na voljo ni dovolj pomnilnika" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Navedeni ID mesta ni veljaven" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Notranja napaka" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Operacija ni uspela" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Neveljavni argumenti" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modul ne more ustvariti potrebnih niti" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modul ne more ustrezno zakleniti podatkov" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Polje je samo za branje" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Polje je občutljive narave in ga ni mogoče razkriti" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Polje ni veljavno ali ne obstaja" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Neveljavna vrednost za polje" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Podatki niso veljavni ali prepoznavni" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Podatki so preobsežni" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Na napravi je prišlo do naprave" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Na napravi ni dovolj pomnilnika" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Naprava je bila odstranjena ali iztaknjena" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Šifrirani podatki niso veljavni ali prepoznavni" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Šifrirani podatki so preobsežni" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Ta operacija ni podprta" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Ključ manjka ali ni veljaven" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Ključ je napačne velikosti" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Ključ je napačne vrste" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Ključ ni potreben" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Ključ se razlikuje od prejšnjega" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Potreben je ključ" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Ključa ni mogoče vključiti v povzetek" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "S tem ključem te operacije ni moč opraviti" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Ključa ni mogoče ovijati" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Tega ključa ni mogoče izvoziti" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Šifrirni mehanizem ni veljaven ali prepoznan" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Šifrirni mehanizem ima neveljaven argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Predmet manjka ali ni veljaven" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Poteka že druga operacija" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Ne poteka nobena operacija" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Geslo ali PIN ni pravilen" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Geslo ali PIN ni veljaven" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Geslo ali PIN ni ustrezne dolžine" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Geslo ali PIN je potekel" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Geslo ali PIN je zaklenjen" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Seja je zaprta" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Aktivnih je preveč sej" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Seja ni veljavna" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Seja je samo za branje" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Obstaja odprta seja" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Obstaja seja le za branje" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Obstaja skrbniška seja" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Podpis je slab ali okvarjen" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Podpis ni razpoznaven ali je okvarjen" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Določena obvezna polja manjkajo" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Določena polja imajo neveljavne vrednosti" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Naprava ni prisotna ali pa je iztaknjena" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Naprava ni veljavna ali prepoznavna" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Naprava je zaščitena pred pisanjem" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Uvoz ni možen, ker je ključ neveljaven" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Ker ključ ni ustrezne velikosti, uvoz ni mogoč" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Ker ključ ni ustrezne vrste, uvoz ni mogoč" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Ste že prijavljeni" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Prijavil se ni noben uporabnik" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Geslo ali PIN uporabnika ni nastavljen" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Uporabnik je neveljavne vrste" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Prijavljen je že drug uporabnik" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Prijavljenih je preveč uporabnikov različnih vrst" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Neveljavnega ključa ni mogoče uvoziti" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Ključa neprimerne velikosti ni mogoče uvoziti" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Ključa ni mogoče izvoziti, ker je neveljaven" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Ključa ni mogoče izvoziti, ker ni ustrezne velikosti" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Ključa ni mogoče izvoziti, ker je napačne vrste" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Generatorja naključnih števil ni mogoče inicializirati" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Noben generator naključnih števil ni na voljo" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Mehanizem šifriranja ima neveljaven parameter" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Za shranjevanje rezultata primanjkuje prostora" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Shranjeno stanje ni veljavno" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Podatki so občutljive narave in jih ni mogoče razkriti" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Stanja ni mogoče shraniti" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modil ni bil inicializiran" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modul je že inicializiran" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Podatkov ni mogoče zakleniti" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Podatkov ni mogoče zakleniti" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Zahtevo je zavrnil uporabnik" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Neznana napaka" diff --git a/po/sq.gmo b/po/sq.gmo new file mode 100644 index 0000000..1c8cbf2 Binary files /dev/null and b/po/sq.gmo differ diff --git a/po/sq.po b/po/sq.po new file mode 100644 index 0000000..3b71e94 --- /dev/null +++ b/po/sq.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Albanian (http://www.transifex.com/freedesktop/p11-kit/language/sq/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sq\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/sr.gmo b/po/sr.gmo new file mode 100644 index 0000000..60e8c3b Binary files /dev/null and b/po/sr.gmo differ diff --git a/po/sr.po b/po/sr.po new file mode 100644 index 0000000..1dbae6f --- /dev/null +++ b/po/sr.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Мирослав Николић , 2013-2014 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 14:23+0000\n" +"Last-Translator: Мирослав Николић \n" +"Language-Team: Serbian (http://www.transifex.com/freedesktop/p11-kit/language/sr/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sr\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Радња је отказана" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Недовољно доступне меморије" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "ИБ наведеног уреза није исправан" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Унутрашња грешка" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Радња није успела" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Неисправни аргументи" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Модул не може да направи потребне нити" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Модул не може исправно да закључа податке" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Поље је само за читање" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Поље је осетљиво и не може бити откривено" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Поље је неисправно или не постоји" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Неисправна вредност за поље" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Подаци нису исправни или су непрепознатљиви" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Подаци су предуги" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Дошло је до грешке на уређају" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Нема довољно доступне меморије на уређају" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Уређај је уклоњен или је искључен" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Шифровани подаци нису исправни или су непрепознатљиви" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Шифровани подаци су предуги" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Ова радња није подржана" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Кључ недостаје или је неисправан" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Кључ је погрешне величине" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Кључ је погрешне врсте" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Није потребан кључ" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Кључ је другачији него раније" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Потребан је кључ" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Не могу да укључим кључ у одабиру" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Ова радња не може бити обављена овим кључем" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Кључ не може бити прекинут" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Не могу да извезем овај кључ" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Механизам шифровања је неисправан или непрепознатљив" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Механизам шифровања има неисправан аргумент" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Предмет недостаје или је неисправан" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Друга радња је ступила на снагу" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Ниједна радња није ступила на снагу" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Није тачна лозинка или ПИН" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Није исправна лозинка или ПИН" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Лозинка или ПИН су неисправне дужине" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Истекла је лозинка или ПИН" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Закључана је лозинка или ПИН" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Сесија је затворена" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Превише радних сесија" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Сесија је неисправна" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Сесија је само за читање" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Постоји отворена сесија" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Постоји сесија само за читање" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Постоји сесија администратора" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Потпис је лош или оштећен" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Потпис је непрепознатљив или оштећен" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Недостају одређена потребна поља" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Одређена поља имају неисправне вредности" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Уређај није присутан или је откачен" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Уређај је неисправан или је непрепознатљив" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Уређај је заштићен од писања" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Не могу да увезем јер је кључ неисправан" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Не могу да увезем јер је кључ погрешне величине" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Не могу да увезем јер је кључ погрешне врсте" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Већ сте пријављени" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Ниједан корисник није пријављен" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Није подешена корисничка лозинка или ПИН" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Корисник је неисправне врсте" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Други корисник је већ пријављен" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Пријављено је превише корисника различитих врста" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Не могу да увезем неисправан кључ" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Не могу да увезем кључ погрешне величине" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Не могу да извезем јер је кључ неисправан" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Не могу да извезем јер је кључ погрешне величине" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Не могу да извезем јер је кључ погрешне врсте" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Не могу да покренем ствараоца насумичног броја" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Није доступан стваралац насумичног броја" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Механизам шифровања има неисправан параметар" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Недовољно места за складиштење резултата" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Сачувано стање је неисправно" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Подаци су осетљиви и не могу бити откривени" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Стање не може бити сачувано" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Модул није покренут" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Модул је већ покренут" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Не могу да закључам податке" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Подаци не могу бити закључани" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Корисник је одбио захтев" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Непозната грешка" diff --git a/po/sr@latin.gmo b/po/sr@latin.gmo new file mode 100644 index 0000000..df33d94 Binary files /dev/null and b/po/sr@latin.gmo differ diff --git a/po/sr@latin.po b/po/sr@latin.po new file mode 100644 index 0000000..99f3e0f --- /dev/null +++ b/po/sr@latin.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Serbian (Latin) (http://www.transifex.com/freedesktop/p11-kit/language/sr@latin/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sr@latin\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/stamp-po b/po/stamp-po new file mode 100644 index 0000000..9788f70 --- /dev/null +++ b/po/stamp-po @@ -0,0 +1 @@ +timestamp diff --git a/po/sv.gmo b/po/sv.gmo new file mode 100644 index 0000000..3927e6e Binary files /dev/null and b/po/sv.gmo differ diff --git a/po/sv.po b/po/sv.po new file mode 100644 index 0000000..ee4bc8c --- /dev/null +++ b/po/sv.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Josef Andersson , 2015 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 19:45+0000\n" +"Last-Translator: Josef Andersson \n" +"Language-Team: Swedish (http://www.transifex.com/freedesktop/p11-kit/language/sv/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: sv\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Åtgärden avbröts" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Otillräckligt med tillgängligt minne" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Angivet plats-ID är ogiltigt" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Internt fel" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Åtgärden misslyckades" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Ogiltiga argument" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modulen kan inte skapa behövda trådar" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modulen kan inte låsa data korrekt" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Fältet är endast läsbart" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Fältet är känsligt och kan inte avslöjas" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Fältet är ogiltigt eller existerar inte" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Ogiltigt värde för fält" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Datan är ogiltig eller okänd" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Datan är för lång" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Ett fel uppstod i enheten" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Otillräckligt med tillgängligt minne på enheten" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Enheten togs bort eller matades ut" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Den krypterade datan är ogiltig eller okänd" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Den krypterade datan är för lång" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Denna åtgärd stöds inte" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Nyckeln saknas eller är ogiltig" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Nyckeln har fel storlek" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Nyckeln är av fel typ" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Ingen nyckel behövs" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Nyckeln skiljer sig mot tidigare" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "En nyckel behövs" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Kan inte inkludera nyckeln i sammandraget" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Åtgärden kan inte utföras med denna nyckel" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Nyckeln kan inte paketeras" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Kan inte exportera denna nyckel" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Krypteringsmekanismen har ett ogiltigt argument eller är okänd" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Krypteringsmekanismen har ett ogiltigt argument" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Objektet saknas eller är ogiltigt" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "En annan åtgärd pågår redan" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Ingen åtgärd pågår" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Lösenordet eller PIN-koden stämmer inte" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Lösenordet eller PIN-koden är ogiltig" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Lösenordets eller PIN-kodens längd är ogiltig" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Lösenordets eller PIN-kodens tidsgräns är passerad" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Lösenordet eller PIN-koden är låst" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Sessionen är stängd" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "För många aktiva sessioner" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Sessionen är ogiltig" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Sessionen är endast läsbar" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "En öppen session existerar" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "En endast läsbar session existerar" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "En administratörsession existerar" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Signaturen är dålig eller korrupt" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Signaturen är okänd eller korrupt" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Vissa begärda fält saknas" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Vissa fält har ogiltiga värden" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Enheten är inte närvarande eller utmatad" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Enheten är ogiltig eller okänd" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Enheten är skrivskyddad" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Kan inte importera eftersom nyckeln är ogiltig" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Kan inte importera eftersom nyckeln har fel storlek" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Kan inte importera eftersom nyckeln har fel typ" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Du är redan inloggad" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Ingen användare har loggat in" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Användarens lösenord eller PIN-kod är inte angivet" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Användaren är av en ogiltig typ" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "En annan användare är redan inloggad" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "För många användare av olika typer är redan inloggade" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Kan inte importera en ogiltig nyckel" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Kan inte importera en nyckel med fel storlek" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Kan inte exportera eftersom nyckeln är ogiltig" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Kan inte exportera eftersom nyckeln har fel storlek" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Kan inte exportera eftersom nyckeln har fel typ" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Kan inte initiera slumptalsgeneratorn" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Ingen slumptalsgenerator tillgänglig" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Krypteringsmekanismen har en ogiltig parameter" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Inte tillräckligt med utrymme för att lagra resultatet" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Det sparade tillståndet är ogiltigt" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Informationen är känslig och kan inte avslöjas" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Tillståndet kan inte sparas" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modulen har inte initierats" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modulen har redan initierats" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Kan inte låsa data" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Datan kan inte låsas" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Begäran avvisades av användaren" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Okänt fel" diff --git a/po/ta.gmo b/po/ta.gmo new file mode 100644 index 0000000..badfc97 Binary files /dev/null and b/po/ta.gmo differ diff --git a/po/ta.po b/po/ta.po new file mode 100644 index 0000000..f4f6033 --- /dev/null +++ b/po/ta.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Tamil (http://www.transifex.com/freedesktop/p11-kit/language/ta/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ta\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/te.gmo b/po/te.gmo new file mode 100644 index 0000000..d94a421 Binary files /dev/null and b/po/te.gmo differ diff --git a/po/te.po b/po/te.po new file mode 100644 index 0000000..fb4b852 --- /dev/null +++ b/po/te.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Telugu (http://www.transifex.com/freedesktop/p11-kit/language/te/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: te\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/th.gmo b/po/th.gmo new file mode 100644 index 0000000..0de3289 Binary files /dev/null and b/po/th.gmo differ diff --git a/po/th.po b/po/th.po new file mode 100644 index 0000000..96fb86c --- /dev/null +++ b/po/th.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Thai (http://www.transifex.com/freedesktop/p11-kit/language/th/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: th\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/tr.gmo b/po/tr.gmo new file mode 100644 index 0000000..c1fec4c Binary files /dev/null and b/po/tr.gmo differ diff --git a/po/tr.po b/po/tr.po new file mode 100644 index 0000000..0cba9d2 --- /dev/null +++ b/po/tr.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Necdet Yücel , 2012 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:28+0000\n" +"Last-Translator: Necdet Yücel \n" +"Language-Team: Turkish (http://www.transifex.com/freedesktop/p11-kit/language/tr/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: tr\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "İşlem iptal edildi" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Yeterli hafıza yok" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Belirtilen yuva kimliği geçersiz" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "İç hata" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "İşlem başarısız oldu" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Geçersiz değişkenler" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Modül ihtiyaç duyulan iş parçacıklarını oluşturamadı" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Modül veriyi düzgün kilitleyemedi" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Bu alan salt-okunur" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Bu alan hassas olduğundan gösterilemez" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Alan geçersiz veya mevcut değil" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Alan için geçersiz değer" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Veri geçersiz veya algılanamadı" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Veri çok uzun" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "Aygıtta bir hata oluştu" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "Aygıtta yeterli hafıza yok" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Aygıt kaldırıldı veya çıkartıldı" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Şifrelenmiş veri geçersiz veya algılanamadı" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Şifrelenmiş veri çok uzun" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Bu işlem desteklenmiyor" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Anahtar eksik veya geçersiz" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Anahtar boyutu hatalı" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Anahtar hatalı türde" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Anahtar gerekli değil" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Anahtar öncekinden farklı" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Anahtar gerekli" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Anahtar özete dahil edilemez" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Bu işlem bu anahtarla gerçekleştirilemez" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Anahtar kaydırılamaz" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Bu anahtar dışa aktarılamaz" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Şifreleme mekanizması geçersiz veya algılanamadı" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Şifreleme mekanizması geçersiz bir değişken içeriyor" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Nesne eksik veya geçersiz" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Başka bir işlem zaten sürüyor" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Devam eden işlem yok" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Parola veya PIN hatalı" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Parola veya PIN geçersiz" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Parola veya PIN geçersiz uzunlukta" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Parola veya PIN'in süresi geçmiş" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Parola veya PIN kilitli" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Oturum kapatıldı" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "Çok fazla aktif oturum var" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Oturum geçersiz" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Oturum salt-okunur" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Açık bir oturum var" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Salt okunur bir oturum var" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Bir yönetici oturumu var" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "İmza kötü veya hatalı" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "İmza algılanamadı veya bozulmuş" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Bazı gerekli alanlar eksik" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "Bazı alanlar geçersiz değerlere sahip" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Aygıt bulunmuyor veya çıkartılmış" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Aygıt geçersiz veya algılanamadı" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Aygıt yazma korumalı" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Anahtar geçersiz olduğundan içe aktarılamaz" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Anahtar hatalı boyutta olduğundan içe aktarılamaz" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Anahtar hatalı türde olduğundan içe aktarılamaz" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Zaten oturum açtınız" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "Oturum açmış kullanıcı yok" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Kullanıcı parolası veya PIN'i ayarlanmadı" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Kullanıcı geçersiz türde" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "Başka bir kullanıcı zaten oturum açtı" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "Farklı türden çok fazla kullanıcı oturum açtı" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Geçersiz bir anahtar içe aktarılamaz" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Hatalı boyuttaki bir anahtar içe aktarılamaz" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Anahtar geçersiz olduğundan dışa aktarılamaz" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Anahtar hatalı boyutta olduğundan dışa aktarılamaz" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Anahtar hatalı türde olduğundan dışa aktarılamaz" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Rastgele sayı oluşturucuyu başlatılamadı" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Kullanılabilir rasgele sayı oluşturucu yok" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Şifreleme mekanizması geçersiz değişken içeriyor" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Sonucu saklamak için yeterli alan yok" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Kaydedilen durum geçersiz" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Bu alan hassas olduğundan gösterilemez" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Durum kaydedilemedi" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Modül başlatılamadı" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Modül zaten başlatıldı" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Veri kilitlenemedi" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Veri kilitlenemez" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "İstek kullanıcı tarafından reddedildi" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Bilinmeyen hata" diff --git a/po/uk.gmo b/po/uk.gmo new file mode 100644 index 0000000..eafa0a1 Binary files /dev/null and b/po/uk.gmo differ diff --git a/po/uk.po b/po/uk.po new file mode 100644 index 0000000..e95277f --- /dev/null +++ b/po/uk.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Yuri Chornoivan , 2012-2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 11:46+0000\n" +"Last-Translator: Yuri Chornoivan \n" +"Language-Team: Ukrainian (http://www.transifex.com/freedesktop/p11-kit/language/uk/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: uk\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "Дію було скасовано" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "Недостатній об’єм пам’яті" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "Вказаний ідентифікатор слоту не є коректним" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "Внутрішня помилка" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "Не вдалося виконати дію" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "Некоректні параметри" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "Модулеві не вдалося створити потрібні потоки обробки" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "Модулеві не вдалося заблокувати дані належним чином" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "Поле є придатним лише для читання" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "Дані поля є конфіденційними, їх не можна розголошувати" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "Вказано некоректну назву поля, такого поля не існує" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "Некоректне значення поля" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "Дані є некоректними або непридатними до розпізнавання" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "Дані є занадто об’ємними" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "На пристрої сталася помилка" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "На пристрої недостатньо пам’яті" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "Пристрій було вилучено або від’єднано" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "Зашифровані дані є некоректними або непридатними до розпізнавання" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "Зашифровані дані є занадто об’ємними" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "Підтримки цієї дії не передбачено" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "Не вказано ключа або вказано некоректний ключ" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "Розмір ключа є помилковим" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "Тип ключа є помилковим" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "Ключ не потрібен" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "Значення ключа відрізняється від попереднього" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "Потрібен ключ" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "Не можна включати ключ до контрольної суми" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "Цю дію над цим ключем виконати неможливо" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "Ключ не може бути загорнуто" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "Експортування цього ключа неможливе" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "Некоректний або непридатний механізм шифрування" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "Механізмові шифрування передано некоректний аргумент" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "Не вказано об’єкт або вказано некоректний об’єкт" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "Вже виконується інша дія" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "Не виконується жодної дії" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "Помилковий пароль або PIN-код" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "Некоректний пароль або PIN-код" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "Довжина пароля або PIN-коду є некоректною" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "Строк дії пароля або PIN-коду вичерпано" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "Пароль або PIN-код заблоковано" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "Сеанс закрито" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "У активному режимі працює забагато сеансів" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "Некоректний сеанс" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "Сеанс у режимі лише читання" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "Виявлено відкритий сеанс" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "Виявлено сеанс роботи у режимі лише читання" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "Виявлено сеанс роботи від імені адміністратора" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "Помилковий або пошкоджений підпис" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "Підпис непридатний до розпізнавання або підпис пошкоджено" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "Деякі з полів, які мало бути заповнено, є порожніми" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "У деяких з полів містяться некоректні значення" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "Пристрою не виявлено або пристрій було від’єднано" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "Пристрій є некоректним або непридатним до розпізнавання" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "Пристрій захищено від запису" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "Не вдалося імпортувати, оскільки ключ є некоректним" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "Не вдалося імпортувати, оскільки ключ має помилковий розмір" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "Не вдалося імпортувати, оскільки ключ належить до помилкового типу" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "Ви вже увійшли до облікового запису" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "До системи не увійшов жоден користувач" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "Не встановлено пароль або PIN-код користувача" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "Запис користувача належить до некоректного типу" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "До системи вже увійшов інший користувач" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "До системи увійшло надто багато користувачів різних типів" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "Імпортування некоректних ключів неможливе" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "Імпортування ключів з помилковими розмірами неможливе" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "Не вдалося експортувати, оскільки ключ є некоректним" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "Не вдалося експортувати, оскільки ключ має помилковий розмір" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "Не вдалося експортувати, оскільки ключ належить до помилкового типу" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "Не вдалося ініціалізувати засіб створення псевдовипадкових чисел" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "Не виявлено жодного доступного засобу створення псевдовипадкових чисел" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "Механізмові шифрування передано некоректний параметр" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "Недостатньо простору для зберігання результату" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "Збережений стан є некоректним" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "Дані є конфіденційними, їх не можна розголошувати" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "Не вдалося зберегти стан" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "Модуль ще не було інціалізовано" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "Модуль вже було ініціалізовано" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "Не вдалося заблокувати дані" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "Не вдалося заблокувати дані" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "Користувач відмовив у задоволенні запиту" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "Невідома помилка" diff --git a/po/vi.gmo b/po/vi.gmo new file mode 100644 index 0000000..65d7e67 Binary files /dev/null and b/po/vi.gmo differ diff --git a/po/vi.po b/po/vi.po new file mode 100644 index 0000000..96cbc48 --- /dev/null +++ b/po/vi.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Vietnamese (http://www.transifex.com/freedesktop/p11-kit/language/vi/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: vi\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/wa.gmo b/po/wa.gmo new file mode 100644 index 0000000..6b4e3df Binary files /dev/null and b/po/wa.gmo differ diff --git a/po/wa.po b/po/wa.po new file mode 100644 index 0000000..4808597 --- /dev/null +++ b/po/wa.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2012-02-29 09:23+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Walloon (http://www.transifex.com/freedesktop/p11-kit/language/wa/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: wa\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/zh_CN.gmo b/po/zh_CN.gmo new file mode 100644 index 0000000..962842c Binary files /dev/null and b/po/zh_CN.gmo differ diff --git a/po/zh_CN.po b/po/zh_CN.po new file mode 100644 index 0000000..87a0cb7 --- /dev/null +++ b/po/zh_CN.po @@ -0,0 +1,344 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Michael Jay Tong , 2014 +# Wylmer Wang, 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:08+0000\n" +"Last-Translator: Michael Jay Tong \n" +"Language-Team: Chinese (China) (http://www.transifex.com/freedesktop/p11-kit/language/zh_CN/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: zh_CN\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "操作已被取消" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "可用内存不足" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "指定的槽 ID 无效" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "内部错误" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "操作失败" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "参数无效" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "该模块无法创建需要的线程" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "该模块无法正确锁定数据" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "该字段为只读" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "该字段为敏感字段,不能显示" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "该字段无效或不存在" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "字段值无效" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "数据无效或无法识别" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "数据过长" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "设备上出现了错误" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "设备上的可用空间不足" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "设备已被移除或拔出" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "加密数据无效或无法识别" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "加密数据过长" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "不支持该操作" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "密钥缺失或无效" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "密钥长度不对" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "密钥类型不对" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "无需密钥" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "密钥与之前不同" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "需要密钥" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "摘要中无法包含此密钥" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "不能对该密钥进行这一操作" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "该密钥不能折行" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "无法导出这个密钥" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "加密机制无效或无法识别" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "加密机制中有无效参数" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "对象缺失或无效" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "另一操作正在进行" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "没有正在进行的操作" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "密码或 PIN 不正确" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "密码或 PIN 无效" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "密码或 PIN 长度无效" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "密码或 PIN 已过期" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "密码或 PIN 已锁定" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "会话已关闭" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "活动会话过多" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "会话无效" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "会话为只读" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "存在一个打开的会话" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "存在一个只读的会话" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "存在一个管理员会话" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "签名有误或已损坏" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "签名无法识别或已损坏" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "缺少某些要求的字段" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "某些字段的值无效" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "设备不存在或已拔出" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "设备无效或无法识别" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "设备已写保护" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "无法导入,因为密钥无效" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "无法导入,因为密钥长度错误" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "无法导入,因为密钥类型错误" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "您已经登录" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "没有登录用户" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "用户的密码或 PIN 未设置" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "用户的类型无效" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "另一用户已经登录" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "登录了太多不同类型的用户" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "无法导入无效的密钥" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "无法导入长度不对的密钥" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "无法导出,因为密钥无效" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "无法导出,因为密钥长度不对" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "无法导出,因为密钥类型不对" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "无法初始化随机数生成器" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "没有可用的随机数生成器" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "加密机制中有无效参数" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "没有足够的空间来保存结果" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "保存的状态无效" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "该信息为敏感信息,不能显示" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "无法保存状态" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "该模块未被初始化" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "该模块已经初始化" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "无法锁定数据" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "数据无法锁定" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "请求已被用户拒绝" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "未知错误" diff --git a/po/zh_HK.gmo b/po/zh_HK.gmo new file mode 100644 index 0000000..2aa0eb8 Binary files /dev/null and b/po/zh_HK.gmo differ diff --git a/po/zh_HK.po b/po/zh_HK.po new file mode 100644 index 0000000..00764a7 --- /dev/null +++ b/po/zh_HK.po @@ -0,0 +1,342 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2015-02-20 21:29+0100\n" +"PO-Revision-Date: 2013-11-20 10:27+0000\n" +"Last-Translator: Stef Walter \n" +"Language-Team: Chinese (Hong Kong) (http://www.transifex.com/freedesktop/p11-kit/language/zh_HK/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: zh_HK\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/po/zh_TW.gmo b/po/zh_TW.gmo new file mode 100644 index 0000000..f4bb2e9 Binary files /dev/null and b/po/zh_TW.gmo differ diff --git a/po/zh_TW.po b/po/zh_TW.po new file mode 100644 index 0000000..17a6f41 --- /dev/null +++ b/po/zh_TW.po @@ -0,0 +1,343 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Collabora Ltd. +# This file is distributed under the same license as the p11-kit package. +# +# Translators: +# Walter Cheuk , 2013 +msgid "" +msgstr "" +"Project-Id-Version: p11-kit\n" +"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n" +"POT-Creation-Date: 2018-01-31 16:48+0100\n" +"PO-Revision-Date: 2017-09-19 12:31+0000\n" +"Last-Translator: Walter Cheuk \n" +"Language-Team: Chinese (Taiwan) (http://www.transifex.com/freedesktop/p11-kit/language/zh_TW/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: zh_TW\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: p11-kit/messages.c:78 +msgid "The operation was cancelled" +msgstr "" + +#: p11-kit/messages.c:81 +msgid "Insufficient memory available" +msgstr "" + +#: p11-kit/messages.c:83 +msgid "The specified slot ID is not valid" +msgstr "" + +#: p11-kit/messages.c:85 +msgid "Internal error" +msgstr "內部出錯" + +#: p11-kit/messages.c:87 +msgid "The operation failed" +msgstr "" + +#: p11-kit/messages.c:89 +msgid "Invalid arguments" +msgstr "" + +#: p11-kit/messages.c:91 +msgid "The module cannot create needed threads" +msgstr "" + +#: p11-kit/messages.c:93 +msgid "The module cannot lock data properly" +msgstr "" + +#: p11-kit/messages.c:95 +msgid "The field is read-only" +msgstr "" + +#: p11-kit/messages.c:97 +msgid "The field is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:99 +msgid "The field is invalid or does not exist" +msgstr "" + +#: p11-kit/messages.c:101 +msgid "Invalid value for field" +msgstr "" + +#: p11-kit/messages.c:103 +msgid "The data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:105 +msgid "The data is too long" +msgstr "" + +#: p11-kit/messages.c:107 +msgid "An error occurred on the device" +msgstr "" + +#: p11-kit/messages.c:109 +msgid "Insufficient memory available on the device" +msgstr "" + +#: p11-kit/messages.c:111 +msgid "The device was removed or unplugged" +msgstr "" + +#: p11-kit/messages.c:113 +msgid "The encrypted data is not valid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:115 +msgid "The encrypted data is too long" +msgstr "" + +#: p11-kit/messages.c:117 +msgid "This operation is not supported" +msgstr "" + +#: p11-kit/messages.c:119 +msgid "The key is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:121 +msgid "The key is the wrong size" +msgstr "" + +#: p11-kit/messages.c:123 +msgid "The key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:125 +msgid "No key is needed" +msgstr "" + +#: p11-kit/messages.c:127 +msgid "The key is different than before" +msgstr "" + +#: p11-kit/messages.c:129 +msgid "A key is needed" +msgstr "" + +#: p11-kit/messages.c:131 +msgid "Cannot include the key in the digest" +msgstr "" + +#: p11-kit/messages.c:133 +msgid "This operation cannot be done with this key" +msgstr "" + +#: p11-kit/messages.c:135 +msgid "The key cannot be wrapped" +msgstr "" + +#: p11-kit/messages.c:137 +msgid "Cannot export this key" +msgstr "" + +#: p11-kit/messages.c:139 +msgid "The crypto mechanism is invalid or unrecognized" +msgstr "" + +#: p11-kit/messages.c:141 +msgid "The crypto mechanism has an invalid argument" +msgstr "" + +#: p11-kit/messages.c:143 +msgid "The object is missing or invalid" +msgstr "" + +#: p11-kit/messages.c:145 +msgid "Another operation is already taking place" +msgstr "" + +#: p11-kit/messages.c:147 +msgid "No operation is taking place" +msgstr "" + +#: p11-kit/messages.c:149 +msgid "The password or PIN is incorrect" +msgstr "" + +#: p11-kit/messages.c:151 +msgid "The password or PIN is invalid" +msgstr "" + +#: p11-kit/messages.c:153 +msgid "The password or PIN is of an invalid length" +msgstr "" + +#: p11-kit/messages.c:155 +msgid "The password or PIN has expired" +msgstr "" + +#: p11-kit/messages.c:157 +msgid "The password or PIN is locked" +msgstr "" + +#: p11-kit/messages.c:159 +msgid "The session is closed" +msgstr "" + +#: p11-kit/messages.c:161 +msgid "Too many sessions are active" +msgstr "" + +#: p11-kit/messages.c:163 +msgid "The session is invalid" +msgstr "" + +#: p11-kit/messages.c:165 +msgid "The session is read-only" +msgstr "" + +#: p11-kit/messages.c:167 +msgid "An open session exists" +msgstr "" + +#: p11-kit/messages.c:169 +msgid "A read-only session exists" +msgstr "" + +#: p11-kit/messages.c:171 +msgid "An administrator session exists" +msgstr "" + +#: p11-kit/messages.c:173 +msgid "The signature is bad or corrupted" +msgstr "" + +#: p11-kit/messages.c:175 +msgid "The signature is unrecognized or corrupted" +msgstr "" + +#: p11-kit/messages.c:177 +msgid "Certain required fields are missing" +msgstr "" + +#: p11-kit/messages.c:179 +msgid "Certain fields have invalid values" +msgstr "" + +#: p11-kit/messages.c:181 +msgid "The device is not present or unplugged" +msgstr "" + +#: p11-kit/messages.c:183 +msgid "The device is invalid or unrecognizable" +msgstr "" + +#: p11-kit/messages.c:185 +msgid "The device is write protected" +msgstr "" + +#: p11-kit/messages.c:187 +msgid "Cannot import because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:189 +msgid "Cannot import because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:191 +msgid "Cannot import because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:193 +msgid "You are already logged in" +msgstr "" + +#: p11-kit/messages.c:195 +msgid "No user has logged in" +msgstr "" + +#: p11-kit/messages.c:197 +msgid "The user's password or PIN is not set" +msgstr "" + +#: p11-kit/messages.c:199 +msgid "The user is of an invalid type" +msgstr "" + +#: p11-kit/messages.c:201 +msgid "Another user is already logged in" +msgstr "" + +#: p11-kit/messages.c:203 +msgid "Too many users of different types are logged in" +msgstr "" + +#: p11-kit/messages.c:205 +msgid "Cannot import an invalid key" +msgstr "" + +#: p11-kit/messages.c:207 +msgid "Cannot import a key of the wrong size" +msgstr "" + +#: p11-kit/messages.c:209 +msgid "Cannot export because the key is invalid" +msgstr "" + +#: p11-kit/messages.c:211 +msgid "Cannot export because the key is of the wrong size" +msgstr "" + +#: p11-kit/messages.c:213 +msgid "Cannot export because the key is of the wrong type" +msgstr "" + +#: p11-kit/messages.c:215 +msgid "Unable to initialize the random number generator" +msgstr "" + +#: p11-kit/messages.c:217 +msgid "No random number generator available" +msgstr "" + +#: p11-kit/messages.c:219 +msgid "The crypto mechanism has an invalid parameter" +msgstr "" + +#: p11-kit/messages.c:221 +msgid "Not enough space to store the result" +msgstr "" + +#: p11-kit/messages.c:223 +msgid "The saved state is invalid" +msgstr "" + +#: p11-kit/messages.c:225 +msgid "The information is sensitive and cannot be revealed" +msgstr "" + +#: p11-kit/messages.c:227 +msgid "The state cannot be saved" +msgstr "" + +#: p11-kit/messages.c:229 +msgid "The module has not been initialized" +msgstr "" + +#: p11-kit/messages.c:231 +msgid "The module has already been initialized" +msgstr "" + +#: p11-kit/messages.c:233 +msgid "Cannot lock data" +msgstr "" + +#: p11-kit/messages.c:235 +msgid "The data cannot be locked" +msgstr "" + +#: p11-kit/messages.c:237 +msgid "The request was rejected by the user" +msgstr "" + +#: p11-kit/messages.c:240 +msgid "Unknown error" +msgstr "" diff --git a/trust/Makefile.am b/trust/Makefile.am new file mode 100644 index 0000000..6fd740b --- /dev/null +++ b/trust/Makefile.am @@ -0,0 +1,333 @@ + +noinst_LTLIBRARIES += \ + libtrust-data.la \ + $(NULL) + +check_LTLIBRARIES += \ + libtrust-testable.la \ + $(NULL) + +libtrust_data_la_SOURCES = \ + trust/asn1.c trust/asn1.h \ + trust/base64.c trust/base64.h \ + trust/pem.c trust/pem.h \ + trust/oid.c trust/oid.h \ + trust/utf8.c trust/utf8.h \ + trust/x509.c trust/x509.h \ + $(asn_h) \ + $(NULL) + +libtrust_data_la_CFLAGS = \ + $(LIBTASN1_CFLAGS) + +libtrust_data_la_LIBADD = \ + $(LIBTASN1_LIBS) \ + $(NULL) + +TRUST_SRCS = \ + trust/builder.c trust/builder.h \ + trust/digest.c trust/digest.h \ + trust/index.c trust/index.h \ + trust/parser.c trust/parser.h \ + trust/persist.c trust/persist.h \ + trust/module.c trust/module.h \ + trust/save.c trust/save.h \ + trust/session.c trust/session.h \ + trust/token.c trust/token.h \ + trust/types.h \ + $(NULL) + +configdir = $(p11_package_config_modules) +config_DATA = trust/p11-kit-trust.module + +module_LTLIBRARIES += \ + p11-kit-trust.la + +p11_kit_trust_la_CFLAGS = \ + -DP11_DEFAULT_TRUST_PREFIX=DATA_DIR \ + -DP11_SYSTEM_TRUST_PREFIX=SYSCONFDIR \ + $(LIBTASN1_CFLAGS) + +p11_kit_trust_la_LIBADD = \ + libtrust-data.la \ + libp11-library.la \ + libp11-common.la \ + $(LIBTASN1_LIBS) \ + $(HASH_LIBS) \ + $(NULL) + +p11_kit_trust_la_LDFLAGS = \ + -no-undefined -module -avoid-version \ + -version-info $(P11KIT_LT_RELEASE) \ + -export-symbols-regex 'C_GetFunctionList' \ + $(NULL) + +p11_kit_trust_la_SOURCES = $(TRUST_SRCS) trust/module-init.c + +libtrust_testable_la_LDFLAGS = \ + -no-undefined + +libtrust_testable_la_SOURCES = $(TRUST_SRCS) + +libtrust_testable_la_CFLAGS = \ + -DP11_DEFAULT_TRUST_PREFIX=\"$(builddir)/trust/default\" \ + -DP11_SYSTEM_TRUST_PREFIX=\"$(builddir)/trust/system\" \ + $(LIBTASN1_CFLAGS) + +libtrust_testable_la_LIBADD = \ + $(LIBTASN1_LIBS) + +bin_PROGRAMS += trust/trust + +trust_trust_LDADD = \ + libtrust-data.la \ + libp11-kit.la \ + libp11-common.la \ + libp11-tool.la \ + $(LTLIBINTL) \ + $(LIBTASN1_LIBS) \ + $(HASH_LIBS) \ + $(NULL) + +trust_trust_CFLAGS = \ + -DP11_KIT_FUTURE_UNSTABLE_API \ + $(LIBTASN1_CFLAGS) \ + $(NULL) + +trust_trust_SOURCES = \ + trust/anchor.c trust/anchor.h \ + trust/parser.c trust/parser.h \ + trust/persist.c trust/persist.h \ + trust/digest.c trust/digest.h \ + trust/dump.c trust/dump.h \ + trust/enumerate.c trust/enumerate.h \ + trust/extract.c trust/extract.h \ + trust/extract-jks.c \ + trust/extract-edk2.c \ + trust/extract-openssl.c \ + trust/extract-pem.c \ + trust/extract-cer.c \ + trust/list.c trust/list.h \ + trust/save.c trust/save.h \ + trust/trust.c \ + $(asn_h) \ + $(NULL) + +externaldir = $(privatedir) +external_SCRIPTS = \ + trust/trust-extract-compat + +if WITH_BASH_COMPLETION +bashcomp_DATA += bash-completion/trust +endif + +EXTRA_DIST += \ + trust/p11-kit-trust.module \ + trust/meson.build + +SUFFIXES += .asn .asn.h +.asn.asn.h: + $(AM_V_GEN)$(ASN1PARSER) -o $@ $< + +asn_h = \ + trust/basic.asn.h \ + trust/openssl.asn.h \ + trust/pkix.asn.h + +BUILT_SOURCES += $(asn_h) + +EXTRA_DIST += \ + trust/basic.asn \ + trust/openssl.asn \ + trust/pkix.asn + +# Tests ---------------------------------------------------------------- + +trust_CFLAGS = \ + $(libtrust_testable_la_CFLAGS) \ + $(NULL) + +trust_LIBS = \ + libtrust-testable.la \ + libtrust-data.la \ + libtrust-test.la \ + libp11-kit.la \ + libp11-library.la \ + libp11-test.la \ + libp11-common.la \ + $(LIBTASN1_LIBS) \ + $(HASH_LIBS) \ + $(NULL) + +check_LTLIBRARIES += \ + libtrust-test.la + +libtrust_test_la_SOURCES = \ + trust/test-trust.c trust/test-trust.h \ + trust/digest.c \ + $(NULL) + +c_tests += \ + test-digest \ + test-asn1 \ + test-base64 \ + test-pem \ + test-oid \ + test-utf8 \ + test-x509 \ + test-persist \ + test-index \ + test-parser \ + test-builder \ + test-token \ + test-module \ + test-save \ + test-enumerate \ + test-cer \ + test-bundle \ + test-openssl \ + test-edk2 \ + test-jks \ + $(NULL) + +test_asn1_SOURCES = trust/test-asn1.c +test_asn1_LDADD = $(trust_LIBS) +test_asn1_CFLAGS = $(trust_CFLAGS) + +test_base64_SOURCES = trust/test-base64.c +test_base64_LDADD = $(trust_LIBS) +test_base64_CFLAGS = $(trust_CFLAGS) + +test_builder_SOURCES = trust/test-builder.c +test_builder_LDADD = $(trust_LIBS) +test_builder_CFLAGS = $(trust_CFLAGS) + +test_bundle_SOURCES = trust/test-bundle.c +test_bundle_LDADD = $(trust_LIBS) +test_bundle_CFLAGS = $(trust_CFLAGS) + +test_cer_SOURCES = trust/test-cer.c +test_cer_LDADD = $(trust_LIBS) +test_cer_CFLAGS = $(trust_CFLAGS) + +test_digest_SOURCES = trust/test-digest.c +test_digest_LDADD = $(trust_LIBS) +test_digest_CFLAGS = $(trust_CFLAGS) + +test_enumerate_SOURCES = trust/test-enumerate.c +test_enumerate_LDADD = $(trust_LIBS) +test_enumerate_CFLAGS = $(trust_CFLAGS) + +test_index_SOURCES = trust/test-index.c +test_index_LDADD = $(trust_LIBS) +test_index_CFLAGS = $(trust_CFLAGS) + +test_module_SOURCES = trust/test-module.c +test_module_LDADD = $(trust_LIBS) +test_module_CFLAGS = $(trust_CFLAGS) + +test_oid_SOURCES = trust/test-oid.c +test_oid_LDADD = $(trust_LIBS) +test_oid_CFLAGS = $(trust_CFLAGS) + +test_openssl_SOURCES = trust/test-openssl.c +test_openssl_LDADD = $(trust_LIBS) +test_openssl_CFLAGS = $(trust_CFLAGS) + +test_edk2_SOURCES = trust/test-edk2.c +test_edk2_LDADD = $(trust_LIBS) +test_edk2_CFLAGS = $(trust_CFLAGS) + +test_jks_SOURCES = trust/test-jks.c +test_jks_LDADD = $(trust_LIBS) +test_jks_CFLAGS = $(trust_CFLAGS) + +test_parser_SOURCES = trust/test-parser.c +test_parser_LDADD = $(trust_LIBS) +test_parser_CFLAGS = $(trust_CFLAGS) + +test_pem_SOURCES = trust/test-pem.c +test_pem_LDADD = $(trust_LIBS) + +test_persist_SOURCES = trust/test-persist.c +test_persist_LDADD = $(trust_LIBS) + +test_save_SOURCES = trust/test-save.c +test_save_LDADD = $(trust_LIBS) + +test_token_SOURCES = trust/test-token.c +test_token_LDADD = $(trust_LIBS) +test_token_CFLAGS = $(trust_CFLAGS) + +test_utf8_SOURCES = trust/test-utf8.c +test_utf8_LDADD = $(trust_LIBS) + +test_x509_SOURCES = trust/test-x509.c +test_x509_LDADD = $(trust_LIBS) +test_x509_CFLAGS = $(trust_CFLAGS) + +check_PROGRAMS += \ + frob-pow \ + frob-token \ + frob-nss-trust \ + frob-cert \ + frob-bc \ + frob-ku \ + frob-eku \ + frob-ext \ + frob-oid \ + $(NULL) + +frob_bc_SOURCES = trust/frob-bc.c +frob_bc_LDADD = $(trust_LIBS) +frob_bc_CFLAGS = $(trust_CFLAGS) + +frob_cert_SOURCES = trust/frob-cert.c +frob_cert_LDADD = $(trust_LIBS) +frob_cert_CFLAGS = $(trust_CFLAGS) + +frob_eku_SOURCES = trust/frob-eku.c +frob_eku_LDADD = $(trust_LIBS) +frob_eku_CFLAGS = $(trust_CFLAGS) + +frob_ext_SOURCES = trust/frob-ext.c +frob_ext_LDADD = $(trust_LIBS) +frob_ext_CFLAGS = $(trust_CFLAGS) + +frob_ku_SOURCES = trust/frob-ku.c +frob_ku_LDADD = $(trust_LIBS) +frob_ku_CFLAGS = $(trust_CFLAGS) + +frob_nss_trust_SOURCES = trust/frob-nss-trust.c +frob_nss_trust_LDADD = \ + libp11-common.la \ + libp11-kit.la \ + $(HASH_LIBS) \ + $(NULL) + +frob_oid_SOURCES = trust/frob-oid.c +frob_oid_LDADD = $(trust_LIBS) +frob_oid_CFLAGS = $(trust_CFLAGS) + +frob_pow_SOURCES = trust/frob-pow.c +frob_pow_LDADD = $(trust_LIBS) +frob_pow_CFLAGS = $(trust_CFLAGS) + +frob_token_SOURCES = trust/frob-token.c +frob_token_LDADD = $(trust_LIBS) +frob_token_CFLAGS = $(trust_CFLAGS) + +noinst_SCRIPTS += trust/test-extract.sh trust/test-trust.sh + +if !OS_WIN32 +installcheck-local: + builddir="$(abs_top_builddir)/trust" $(SHELL) $(srcdir)/trust/test-extract.sh + builddir="$(abs_top_builddir)/trust" $(SHELL) $(srcdir)/trust/test-trust.sh +endif + +EXTRA_DIST += \ + trust/input \ + trust/fixtures \ + trust/test-extract.sh \ + trust/test-trust.sh \ + $(NULL) diff --git a/trust/anchor.c b/trust/anchor.c new file mode 100644 index 0000000..fab9cf6 --- /dev/null +++ b/trust/anchor.c @@ -0,0 +1,705 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TOOL + +#include "anchor.h" +#include "attrs.h" +#include "debug.h" +#include "constants.h" +#include "extract.h" +#include "message.h" +#include "parser.h" +#include "tool.h" +#include "pkcs11x.h" + +#include "p11-kit/iter.h" +#include "p11-kit/p11-kit.h" + +#include +#include +#include +#include +#include + +static p11_parser * +create_arg_file_parser (void) +{ + p11_parser *parser; + + parser = p11_parser_new (NULL); + return_val_if_fail (parser != NULL, NULL); + + p11_parser_formats (parser, + p11_parser_format_x509, + p11_parser_format_pem, + NULL); + + return parser; +} + +static bool +iter_match_anchor (p11_kit_iter *iter, + CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE *attr; + + attr = p11_attrs_find_valid (attrs, CKA_CLASS); + if (attr == NULL) + return false; + + p11_kit_iter_add_filter (iter, attr, 1); + + attr = p11_attrs_find_valid (attrs, CKA_VALUE); + if (attr == NULL) + return false; + + p11_kit_iter_add_filter (iter, attr, 1); + return true; +} + +static p11_array * +uris_or_files_to_iters (int argc, + char *argv[], + int behavior) +{ + int flags = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE; + p11_parser *parser = NULL; + p11_array *iters; + p11_array *parsed; + p11_kit_uri *uri; + p11_kit_iter *iter; + int ret; + int i, j; + + iters = p11_array_new ((p11_destroyer)p11_kit_iter_free); + return_val_if_fail (iters != NULL, NULL); + + for (i = 0; i < argc; i++) { + + /* A PKCS#11 URI */ + if (strncmp (argv[i], "pkcs11:", 7) == 0) { + uri = p11_kit_uri_new (); + if (p11_kit_uri_parse (argv[i], flags, uri) != P11_KIT_URI_OK) { + p11_message ("invalid PKCS#11 uri: %s", argv[i]); + p11_kit_uri_free (uri); + break; + } + + iter = p11_kit_iter_new (uri, behavior); + return_val_if_fail (iter != NULL, NULL); + p11_kit_uri_free (uri); + + if (!p11_array_push (iters, iter)) + return_val_if_reached (NULL); + + } else { + if (parser == NULL) + parser = create_arg_file_parser (); + + ret = p11_parse_file (parser, argv[i], NULL, P11_PARSE_FLAG_ANCHOR); + switch (ret) { + case P11_PARSE_SUCCESS: + p11_debug ("parsed file: %s", argv[i]); + break; + case P11_PARSE_UNRECOGNIZED: + p11_message ("unrecognized file format: %s", argv[i]); + break; + default: + p11_message ("failed to parse file: %s", argv[i]); + break; + } + + if (ret != P11_PARSE_SUCCESS) + break; + + parsed = p11_parser_parsed (parser); + for (j = 0; j < parsed->num; j++) { + iter = p11_kit_iter_new (NULL, behavior); + return_val_if_fail (iter != NULL, NULL); + + iter_match_anchor (iter, parsed->elem[j]); + if (!p11_array_push (iters, iter)) + return_val_if_reached (NULL); + } + } + } + + if (parser) + p11_parser_free (parser); + + if (argc != i) { + p11_array_free (iters); + return NULL; + } + + return iters; +} + +static p11_array * +files_to_attrs (int argc, + char *argv[]) +{ + p11_parser *parser; + p11_array *parsed; + p11_array *array; + int ret = P11_PARSE_SUCCESS; + int i, j; + + array = p11_array_new (p11_attrs_free); + return_val_if_fail (array != NULL, NULL); + + parser = create_arg_file_parser (); + return_val_if_fail (parser != NULL, NULL); + + for (i = 0; i < argc; i++) { + ret = p11_parse_file (parser, argv[i], NULL, P11_PARSE_FLAG_ANCHOR); + switch (ret) { + case P11_PARSE_SUCCESS: + p11_debug ("parsed file: %s", argv[i]); + break; + case P11_PARSE_UNRECOGNIZED: + p11_message ("unrecognized file format: %s", argv[i]); + break; + default: + p11_message ("failed to parse file: %s", argv[i]); + break; + } + + if (ret != P11_PARSE_SUCCESS) + break; + + parsed = p11_parser_parsed (parser); + for (j = 0; j < parsed->num; j++) { + if (!p11_array_push (array, parsed->elem[j])) + return_val_if_reached (NULL); + parsed->elem[j] = NULL; + } + } + + p11_parser_free (parser); + + if (ret == P11_PARSE_SUCCESS) + return array; + + p11_array_free (array); + return NULL; + +} + +static CK_SESSION_HANDLE +session_for_store_on_module (const char *name, + CK_FUNCTION_LIST *module, + bool *found_read_only) +{ + CK_SESSION_HANDLE session = 0; + CK_SLOT_ID *slots = NULL; + CK_TOKEN_INFO info; + CK_ULONG count = 0; + CK_ULONG i; + CK_RV rv; + + rv = p11_kit_module_initialize (module); + if (rv != CKR_OK) { + p11_message ("%s: couldn't initialize: %s", name, p11_kit_message ()); + return 0UL; + } + + rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count); + if (rv == CKR_OK) { + slots = calloc (count + 1, sizeof (CK_ULONG)); + return_val_if_fail (slots != NULL, 0UL); + rv = (module->C_GetSlotList) (CK_TRUE, slots, &count); + } + if (rv != CKR_OK) { + p11_message ("%s: couldn't enumerate slots: %s", name, p11_kit_strerror (rv)); + free (slots); + return 0UL; + } + + for (i = 0; session == 0 && i < count; i++) { + rv = (module->C_GetTokenInfo) (slots[i], &info); + if (rv != CKR_OK) { + p11_message ("%s: couldn't get token info: %s", name, p11_kit_strerror (rv)); + continue; + } + + if (info.flags & CKF_WRITE_PROTECTED) { + *found_read_only = true; + continue; + } + + rv = (module->C_OpenSession) (slots[i], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + if (rv != CKR_OK) { + p11_message ("%s: couldn't open session: %s", name, p11_kit_strerror (rv)); + session = 0; + } + + p11_debug ("opened writable session on: %s", name); + } + + free (slots); + + if (session == 0UL) + p11_kit_module_finalize (module); + + return session; +} + +static CK_SESSION_HANDLE +session_for_store (CK_FUNCTION_LIST **module) +{ + CK_SESSION_HANDLE session = 0UL; + CK_FUNCTION_LIST **modules; + bool found_read_only = false; + char *name; + int i; + + modules = p11_kit_modules_load (NULL, P11_KIT_MODULE_TRUSTED); + if (modules == NULL) + return 0; + + for (i = 0; modules[i] != NULL; i++) { + if (session == 0UL) { + name = p11_kit_module_get_name (modules[i]); + session = session_for_store_on_module (name, modules[i], + &found_read_only); + + if (session != 0UL) { + *module = modules[i]; + modules[i] = NULL; + } + + free (name); + } + + if (modules[i]) + p11_kit_module_release (modules[i]); + } + + if (session == 0UL) { + if (found_read_only) + p11_message ("no configured writable location to store anchors"); + else + p11_message ("no configured location to store anchors"); + } + + free (modules); + return session; +} + +static bool +create_anchor (CK_FUNCTION_LIST *module, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE *attrs) +{ + CK_BBOOL truev = CK_TRUE; + CK_OBJECT_HANDLE object; + char *string; + CK_RV rv; + CK_ULONG klass; + + CK_ATTRIBUTE basics_certificate[] = { + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID, }, + }; + + CK_ATTRIBUTE basics_extension[] = { + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID, }, + }; + + CK_ATTRIBUTE basics_empty[] = { + { CKA_INVALID, }, + }; + + CK_ATTRIBUTE *basics = basics_empty; + + if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) { + switch (klass) { + case CKO_CERTIFICATE: + basics = basics_certificate; + break; + case CKO_X_CERTIFICATE_EXTENSION: + basics = basics_extension; + break; + } + } + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true); + p11_attrs_remove (attrs, CKA_MODIFIABLE); + + if (p11_debugging) { + string = p11_attrs_to_string (attrs, -1); + p11_debug ("storing: %s", string); + free (string); + } + + rv = (module->C_CreateObject) (session, attrs, + p11_attrs_count (attrs), &object); + + p11_attrs_free (attrs); + + if (rv != CKR_OK) { + p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); + return false; + } + + return true; +} + +static bool +modify_anchor (CK_FUNCTION_LIST *module, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE *attrs) +{ + CK_BBOOL truev = CK_TRUE; + CK_ATTRIBUTE *changes; + CK_ATTRIBUTE *label; + CK_ULONG klass; + char *string; + CK_RV rv; + + CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) }; + + label = p11_attrs_find_valid (attrs, CKA_LABEL); + + if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && + klass == CKO_CERTIFICATE) + changes = p11_attrs_build (NULL, &trusted, label, NULL); + else + changes = p11_attrs_build (NULL, label, NULL); + + return_val_if_fail (attrs != NULL, FALSE); + + /* Don't need the attributes anymore */ + p11_attrs_free (attrs); + + if (p11_debugging) { + string = p11_attrs_to_string (changes, -1); + p11_debug ("setting: %s", string); + free (string); + } + + rv = (module->C_SetAttributeValue) (session, object, changes, + p11_attrs_count (changes)); + + p11_attrs_free (changes); + + if (rv != CKR_OK) { + p11_message ("couldn't create object: %s", p11_kit_strerror (rv)); + return false; + } + + return true; +} + +static CK_OBJECT_HANDLE +find_anchor (CK_FUNCTION_LIST *module, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_HANDLE object = 0UL; + CK_ATTRIBUTE *attr; + p11_kit_iter *iter; + + attr = p11_attrs_find_valid (attrs, CKA_CLASS); + return_val_if_fail (attr != NULL, 0); + + iter = p11_kit_iter_new (NULL, 0); + return_val_if_fail (iter != NULL, 0); + + if (iter_match_anchor (iter, attrs)) { + p11_kit_iter_begin_with (iter, module, 0, session); + if (p11_kit_iter_next (iter) == CKR_OK) + object = p11_kit_iter_get_object (iter); + } + + p11_kit_iter_free (iter); + + return object; +} + +static int +anchor_store (int argc, + char *argv[], + bool *changed, + unsigned int *errors) +{ + CK_ATTRIBUTE *attrs; + CK_FUNCTION_LIST *module = NULL; + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE object; + p11_array *anchors; + int ret; + int i; + + anchors = files_to_attrs (argc, argv); + if (anchors == NULL) + return 1; + + if (anchors->num == 0) { + p11_message ("specify at least one anchor input file"); + p11_array_free (anchors); + return 2; + } + + session = session_for_store (&module); + if (session == 0UL) { + p11_array_free (anchors); + return 1; + } + + for (i = 0, ret = 0; i < anchors->num; i++) { + attrs = anchors->elem[i]; + anchors->elem[i] = NULL; + + object = find_anchor (module, session, attrs); + if (object == 0) { + p11_debug ("don't yet have this anchor"); + if (create_anchor (module, session, attrs)) { + *changed = true; + } else { + ret = 1; + break; + } + } else { + p11_debug ("already have this anchor"); + if (modify_anchor (module, session, object, attrs)) { + *changed = true; + } else { + ret = 1; + break; + } + } + } + + if (ret != 0) + *errors = 1; + + p11_array_free (anchors); + p11_kit_module_finalize (module); + p11_kit_module_release (module); + + return ret; +} + +static const char * +description_for_object_at_iter (p11_kit_iter *iter) +{ + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + const char *desc = "object"; + CK_RV rv; + + rv = p11_kit_iter_load_attributes (iter, attrs, 1); + if (rv == CKR_OK) + desc = p11_constant_nick (p11_constant_classes, klass); + + return desc; +} + +static bool +remove_all (p11_kit_iter *iter, + bool *changed, + unsigned int *errors) +{ + const char *desc; + CK_RV rv; + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + desc = description_for_object_at_iter (iter); + p11_debug ("removing %s: %lu", desc, p11_kit_iter_get_object (iter)); + rv = p11_kit_iter_destroy_object (iter); + switch (rv) { + case CKR_OK: + *changed = true; + continue; + case CKR_TOKEN_WRITE_PROTECTED: + case CKR_SESSION_READ_ONLY: + case CKR_ATTRIBUTE_READ_ONLY: + p11_message ("couldn't remove read-only %s", desc); + break; + default: + p11_message ("couldn't remove %s: %s", desc, + p11_kit_strerror (rv)); + break; + } + (*errors)++; + } + + return (rv == CKR_CANCEL) && *errors == 0; +} + +static int +anchor_remove (int argc, + char *argv[], + bool *changed, + unsigned int *errors) +{ + CK_FUNCTION_LIST **modules; + p11_array *iters; + p11_kit_iter *iter; + int ret = 0; + int i; + + iters = uris_or_files_to_iters (argc, argv, P11_KIT_ITER_WANT_WRITABLE); + return_val_if_fail (iters != NULL, 1); + + if (iters->num == 0) { + p11_message ("at least one file or uri must be specified"); + p11_array_free (iters); + return 2; + } + + modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); + if (modules == NULL) + ret = 1; + + for (i = 0; ret == 0 && i < iters->num; i++) { + iter = iters->elem[i]; + + p11_kit_iter_begin (iter, modules); + if (!remove_all (iter, changed, errors)) + ret = 1; + } + + p11_array_free (iters); + p11_kit_modules_finalize_and_release (modules); + + return ret; +} + +int +p11_trust_anchor (int argc, + char **argv) +{ + bool changed = false; + unsigned int errors = 0; + int action = 0; + int opt; + int ret = 0; + + enum { + opt_verbose = 'v', + opt_quiet = 'q', + opt_help = 'h', + + opt_store = 's', + opt_remove = 'r', + }; + + struct option options[] = { + { "store", no_argument, NULL, opt_store }, + { "remove", no_argument, NULL, opt_remove }, + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: trust anchor --store ...\n" + " trust anchor --remove ..."}, + { opt_verbose, "show verbose debug output", }, + { opt_quiet, "suppress command output", }, + { 0 }, + }; + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_store: + case opt_remove: + if (action == 0) { + action = opt; + } else { + p11_message ("an action was already specified"); + return 2; + } + break; + case opt_verbose: + case opt_quiet: + break; + case opt_help: + p11_tool_usage (usages, options); + return 0; + case '?': + p11_tool_usage (usages, options); + return 2; + default: + assert_not_reached (); + break; + } + }; + + argc -= optind; + argv += optind; + + if (action == 0) + action = opt_store; + + /* Store is different, and only accepts files */ + if (action == opt_store) + ret = anchor_store (argc, argv, &changed, &errors); + + else if (action == opt_remove) + ret = anchor_remove (argc, argv, &changed, &errors); + + else + assert_not_reached (); + + if (errors > 0) { + if (errors == 1) + p11_message ("%u error while processing", errors); + else + p11_message ("%u errors while processing", errors); + } + + /* Extract the compat bundles after modification */ + if (ret == 0 && changed) { + char *args[] = { argv[0], NULL }; + ret = p11_trust_extract_compat (1, args); + } + + return ret; +} diff --git a/trust/anchor.h b/trust/anchor.h new file mode 100644 index 0000000..7b08682 --- /dev/null +++ b/trust/anchor.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#ifndef P11_ANCHOR_H_ +#define P11_ANCHOR_H_ + +int p11_trust_anchor (int argc, + char **argv); + +#endif /* P11_ANCHOR_H_ */ diff --git a/trust/asn1.c b/trust/asn1.c new file mode 100644 index 0000000..5ce682d --- /dev/null +++ b/trust/asn1.c @@ -0,0 +1,383 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "asn1.h" +#define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "debug.h" +#include "oid.h" + +#include "openssl.asn.h" +#include "pkix.asn.h" + +#include +#include +#include + +static void +free_asn1_def (void *data) +{ + node_asn *def = data; + asn1_delete_structure (&def); +} + +struct { + const ASN1_ARRAY_TYPE* tab; + const char *prefix; + int prefix_len; +} asn1_tabs[] = { + { pkix_asn1_tab, "PKIX1.", 6 }, + { openssl_asn1_tab, "OPENSSL.", 8 }, + { NULL, }, +}; + +p11_dict * +p11_asn1_defs_load (void) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *def; + p11_dict *defs; + int ret; + int i; + + defs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, free_asn1_def); + + for (i = 0; asn1_tabs[i].tab != NULL; i++) { + + def = NULL; + ret = asn1_array2tree (asn1_tabs[i].tab, &def, message); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to load %s* definitions: %s: %s\n", + asn1_tabs[i].prefix, asn1_strerror (ret), message); + return NULL; + } + + if (!p11_dict_set (defs, (void *)asn1_tabs[i].prefix, def)) + return_val_if_reached (NULL); + } + + return defs; +} + +static node_asn * +lookup_def (p11_dict *asn1_defs, + const char *struct_name) +{ + int i; + + for (i = 0; asn1_tabs[i].tab != NULL; i++) { + if (strncmp (struct_name, asn1_tabs[i].prefix, asn1_tabs[i].prefix_len) == 0) + return p11_dict_get (asn1_defs, asn1_tabs[i].prefix); + } + + p11_debug_precond ("unknown prefix for element: %s\n", struct_name); + return NULL; +} + +node_asn * +p11_asn1_create (p11_dict *asn1_defs, + const char *struct_name) +{ + node_asn *def; + node_asn *asn; + int ret; + + return_val_if_fail (asn1_defs != NULL, NULL); + + def = lookup_def (asn1_defs, struct_name); + return_val_if_fail (def != NULL, NULL); + + ret = asn1_create_element (def, struct_name, &asn); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to create element %s: %s\n", + struct_name, asn1_strerror (ret)); + return NULL; + } + + return asn; +} + +node_asn * +p11_asn1_decode (p11_dict *asn1_defs, + const char *struct_name, + const unsigned char *der, + size_t der_len, + char *message) +{ + char msg[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + node_asn *asn = NULL; + int ret; + + return_val_if_fail (asn1_defs != NULL, NULL); + + asn = p11_asn1_create (asn1_defs, struct_name); + return_val_if_fail (asn != NULL, NULL); + + /* asn1_der_decoding destroys the element if fails */ + ret = asn1_der_decoding (&asn, der, der_len, message ? message : msg); + + if (ret != ASN1_SUCCESS) { + /* If caller passed in a message buffer, assume they're logging */ + if (!message) { + p11_debug ("couldn't parse %s: %s: %s", + struct_name, asn1_strerror (ret), msg); + } + return NULL; + } + + return asn; +} + +unsigned char * +p11_asn1_encode (node_asn *asn, + size_t *der_len) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + unsigned char *der; + int len; + int ret; + + return_val_if_fail (der_len != NULL, NULL); + + len = 0; + ret = asn1_der_coding (asn, "", NULL, &len, message); + return_val_if_fail (ret != ASN1_SUCCESS, NULL); + + if (ret == ASN1_MEM_ERROR) { + der = malloc (len); + return_val_if_fail (der != NULL, NULL); + + ret = asn1_der_coding (asn, "", der, &len, message); + } + + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to encode: %s\n", message); + return NULL; + } + + if (der_len) + *der_len = len; + return der; +} + +void * +p11_asn1_read (node_asn *asn, + const char *field, + size_t *length) +{ + unsigned char *value; + int len; + int ret; + + return_val_if_fail (asn != NULL, NULL); + return_val_if_fail (field != NULL, NULL); + return_val_if_fail (length != NULL, NULL); + + len = 0; + ret = asn1_read_value (asn, field, NULL, &len); + if (ret == ASN1_ELEMENT_NOT_FOUND) + return NULL; + + return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); + + value = malloc (len + 1); + return_val_if_fail (value != NULL, NULL); + + ret = asn1_read_value (asn, field, value, &len); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + /* Courtesy zero terminated */ + value[len] = '\0'; + + *length = len; + return value; +} + +void +p11_asn1_free (void *asn) +{ + node_asn *node = asn; + if (node != NULL) + asn1_delete_structure (&node); +} + +ssize_t +p11_asn1_tlv_length (const unsigned char *data, + size_t length) +{ + unsigned char cls; + int counter = 0; + int cb, len; + unsigned long tag; + + if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { + counter += cb; + len = asn1_get_length_der (data + cb, length - cb, &cb); + counter += cb; + if (len >= 0) { + len += counter; + if (length >= len) + return len; + } + } + + return -1; +} + +typedef struct { + node_asn *node; + char *struct_name; + size_t length; +} asn1_item; + +static void +free_asn1_item (void *data) +{ + asn1_item *item = data; + free (item->struct_name); + asn1_delete_structure (&item->node); + free (item); +} + +struct _p11_asn1_cache { + p11_dict *defs; + p11_dict *items; +}; + +p11_asn1_cache * +p11_asn1_cache_new (void) +{ + p11_asn1_cache *cache; + + cache = calloc (1, sizeof (p11_asn1_cache)); + return_val_if_fail (cache != NULL, NULL); + + cache->defs = p11_asn1_defs_load (); + if (cache->defs == NULL) { + p11_asn1_cache_free (cache); + return_val_if_reached (NULL); + } + + cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, + NULL, free_asn1_item); + if (cache->items == NULL) { + p11_asn1_cache_free (cache); + return_val_if_reached (NULL); + } + + return cache; +} + +node_asn * +p11_asn1_cache_get (p11_asn1_cache *cache, + const char *struct_name, + const unsigned char *der, + size_t der_len) +{ + asn1_item *item; + + if (cache == NULL) + return NULL; + + return_val_if_fail (struct_name != NULL, NULL); + return_val_if_fail (der != NULL, NULL); + + item = p11_dict_get (cache->items, der); + if (item != NULL) { + return_val_if_fail (item->length == der_len, NULL); + return_val_if_fail (strcmp (item->struct_name, struct_name) == 0, NULL); + return item->node; + } + + return NULL; +} + +void +p11_asn1_cache_take (p11_asn1_cache *cache, + node_asn *node, + const char *struct_name, + const unsigned char *der, + size_t der_len) +{ + asn1_item *item; + + if (cache == NULL) { + asn1_delete_structure (&node); + return; + } + + return_if_fail (struct_name != NULL); + return_if_fail (der != NULL); + return_if_fail (der_len != 0); + + item = calloc (1, sizeof (asn1_item)); + return_if_fail (item != NULL); + + item->length = der_len; + item->node = node; + item->struct_name = strdup (struct_name); + if (item->struct_name == NULL) { + free_asn1_item (item); + return_if_reached (); + } + + if (!p11_dict_set (cache->items, (void *)der, item)) + return_if_reached (); +} + +void +p11_asn1_cache_flush (p11_asn1_cache *cache) +{ + if (cache == NULL) + return; + p11_dict_clear (cache->items); +} + +p11_dict * +p11_asn1_cache_defs (p11_asn1_cache *cache) +{ + return_val_if_fail (cache != NULL, NULL); + return cache->defs; +} + +void +p11_asn1_cache_free (p11_asn1_cache *cache) +{ + if (!cache) + return; + p11_dict_free (cache->items); + p11_dict_free (cache->defs); + free (cache); +} diff --git a/trust/asn1.h b/trust/asn1.h new file mode 100644 index 0000000..a5f9caf --- /dev/null +++ b/trust/asn1.h @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include + +#include "dict.h" + +#ifndef P11_ASN1_H_ +#define P11_ASN1_H_ + +typedef struct _p11_asn1_cache p11_asn1_cache; + +p11_dict * p11_asn1_defs_load (void); + +node_asn * p11_asn1_decode (p11_dict *asn1_defs, + const char *struct_name, + const unsigned char *der, + size_t der_len, + char *message); + +node_asn * p11_asn1_create (p11_dict *asn1_defs, + const char *struct_name); + +unsigned char * p11_asn1_encode (node_asn *asn, + size_t *der_len); + +void * p11_asn1_read (node_asn *asn, + const char *field, + size_t *length); + +void p11_asn1_free (void *asn); + +ssize_t p11_asn1_tlv_length (const unsigned char *data, + size_t length); + +p11_asn1_cache * p11_asn1_cache_new (void); + +p11_dict * p11_asn1_cache_defs (p11_asn1_cache *cache); + +node_asn * p11_asn1_cache_get (p11_asn1_cache *cache, + const char *struct_name, + const unsigned char *der, + size_t der_len); + +void p11_asn1_cache_take (p11_asn1_cache *cache, + node_asn *node, + const char *struct_name, + const unsigned char *der, + size_t der_len); + +void p11_asn1_cache_flush (p11_asn1_cache *cache); + +void p11_asn1_cache_free (p11_asn1_cache *cache); + +#endif /* P11_ASN1_H_ */ diff --git a/trust/base64.c b/trust/base64.c new file mode 100644 index 0000000..01ed8ef --- /dev/null +++ b/trust/base64.c @@ -0,0 +1,256 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +#include "config.h" + +#include "base64.h" +#include "debug.h" + +#include +#include +#include +#include +#include + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static const char Pad64 = '='; + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +p11_b64_pton (const char *src, + size_t length, + unsigned char *target, + size_t targsize) +{ + int tarindex, state, ch; + char *pos; + const char *end; + + state = 0; + tarindex = 0; + end = src + length; + + /* We can't rely on the null terminator */ + #define next_char(src, end) \ + (((src) == (end)) ? '\0': *(src)++) + + while ((ch = next_char (src, end)) != '\0') { + if (isspace ((unsigned char) ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr (Base64, ch); + if (pos == 0) /* A non-base64 character. */ + return (-1); + + switch (state) { + case 0: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + return_val_if_fail (tarindex < INT_MAX, -1); + if (target) { + if ((size_t) tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex + 1] = ((pos - Base64) & 0x0f) + << 4; + } + tarindex++; + state = 2; + break; + case 2: + return_val_if_fail (tarindex < INT_MAX, -1); + if (target) { + if ((size_t) tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex + 1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + return_val_if_fail (tarindex < INT_MAX, -1); + if (target) { + if ((size_t) tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + default: + abort(); + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = next_char (src, end); /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for ((void) NULL; ch != '\0'; ch = next_char (src, end)) + if (!isspace((unsigned char) ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = next_char (src, end); /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for ((void)NULL; src != end; ch = next_char (src, end)) + if (!isspace((unsigned char) ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} + +int +p11_b64_ntop (const unsigned char *src, + size_t srclength, + char *target, + size_t targsize, + int breakl) +{ + size_t len = 0; + unsigned char input[3]; + unsigned char output[4]; + size_t i; + + while (srclength > 0) { + if (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + + } else if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + if (srclength == 1) + output[2] = 255; + else + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = 255; + + srclength = 0; + } + + for (i = 0; i < 4; i++) { + if (breakl && len % (breakl + 1) == 0) { + assert (len + 1 < targsize); + target[len++] = '\n'; + } + + assert(output[i] == 255 || output[i] < 64); + assert (len + 1 < targsize); + + if (output[i] == 255) + target[len++] = Pad64; + else + target[len++] = Base64[output[i]]; + } + } + + assert (len < targsize); + target[len] = '\0'; /* Returned value doesn't count \0. */ + return len; +} diff --git a/trust/base64.h b/trust/base64.h new file mode 100644 index 0000000..cc27afd --- /dev/null +++ b/trust/base64.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ + +#ifndef P11_BASE64_H_ +#define P11_BASE64_H_ + +#include + +int p11_b64_pton (const char *src, + size_t length, + unsigned char *target, + size_t targsize); + +int p11_b64_ntop (const unsigned char *src, + size_t srclength, + char *target, + size_t targsize, + int breakl); + +#endif /* P11_BASE64_H_ */ diff --git a/trust/basic.asn b/trust/basic.asn new file mode 100644 index 0000000..3c79a4b --- /dev/null +++ b/trust/basic.asn @@ -0,0 +1,12 @@ + +BASIC { } + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +Any ::= ANY + +ObjectIdentifier ::= OBJECT IDENTIFIER + +END \ No newline at end of file diff --git a/trust/basic.asn.h b/trust/basic.asn.h new file mode 100644 index 0000000..0af7d57 --- /dev/null +++ b/trust/basic.asn.h @@ -0,0 +1,13 @@ +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +const asn1_static_node basic_asn1_tab[] = { + { "BASIC", 536872976, NULL }, + { NULL, 1073741836, NULL }, + { "Any", 1073741837, NULL }, + { "ObjectIdentifier", 12, NULL }, + { NULL, 0, NULL } +}; diff --git a/trust/builder.c b/trust/builder.c new file mode 100644 index 0000000..d3bc26f --- /dev/null +++ b/trust/builder.c @@ -0,0 +1,1955 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TRUST + +#include "array.h" +#include "asn1.h" +#include "attrs.h" +#include "builder.h" +#include "constants.h" +#include "debug.h" +#include "digest.h" +#include "index.h" +#include "message.h" +#include "oid.h" +#include "pkcs11i.h" +#include "pkcs11x.h" +#include "utf8.h" +#include "x509.h" + +#include +#include +#include + +struct _p11_builder { + p11_asn1_cache *asn1_cache; + p11_dict *asn1_defs; + int flags; +}; + +enum { + NONE = 0, + CREATE = 1 << 0, + MODIFY = 1 << 1, + REQUIRE = 1 << 2, + WANT = 1 << 3, +}; + +enum { + NORMAL_BUILD = 0, + GENERATED_CLASS = 1 << 0, +}; + +typedef struct { + int build_flags; + struct { + CK_ATTRIBUTE_TYPE type; + int flags; + bool (*validate) (p11_builder *, CK_ATTRIBUTE *); + } attrs[32]; + CK_ATTRIBUTE * (*populate) (p11_builder *, p11_index *, CK_ATTRIBUTE *); + CK_RV (*validate) (p11_builder *, CK_ATTRIBUTE *, CK_ATTRIBUTE *); +} builder_schema; + +static node_asn * +decode_or_get_asn1 (p11_builder *builder, + const char *struct_name, + const unsigned char *der, + size_t length) +{ + node_asn *node; + + node = p11_asn1_cache_get (builder->asn1_cache, struct_name, der, length); + if (node != NULL) + return node; + + node = p11_asn1_decode (builder->asn1_defs, struct_name, der, length, NULL); + if (node != NULL) + p11_asn1_cache_take (builder->asn1_cache, node, struct_name, der, length); + + return node; +} + +static unsigned char * +lookup_extension (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert, + CK_ATTRIBUTE *public_key, + const unsigned char *oid, + size_t *ext_len) +{ + CK_OBJECT_CLASS klass = CKO_X_CERTIFICATE_EXTENSION; + CK_OBJECT_HANDLE obj; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *label; + void *value; + size_t length; + node_asn *node; + + CK_ATTRIBUTE match[] = { + { CKA_PUBLIC_KEY_INFO, }, + { CKA_OBJECT_ID, (void *)oid, p11_oid_length (oid) }, + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + if (public_key == NULL || public_key->type == CKA_INVALID) + public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO); + + /* Look for an attached certificate extension */ + if (public_key != NULL) { + memcpy (match, public_key, sizeof (CK_ATTRIBUTE)); + obj = p11_index_find (index, match, -1); + attrs = p11_index_lookup (index, obj); + if (attrs != NULL) { + value = p11_attrs_find_value (attrs, CKA_VALUE, &length); + if (value != NULL) { + node = decode_or_get_asn1 (builder, "PKIX1.Extension", value, length); + if (node == NULL) { + label = p11_attrs_find_valid (attrs, CKA_LABEL); + if (label == NULL) + label = p11_attrs_find_valid (cert, CKA_LABEL); + p11_message ("%.*s: invalid certificate extension", + label ? (int)label->ulValueLen : 7, + label ? (char *)label->pValue : "unknown"); + return NULL; + } + return p11_asn1_read (node, "extnValue", ext_len); + } + } + } + + /* Couldn't find a parsed extension, so look in the current certificate */ + value = p11_attrs_find_value (cert, CKA_VALUE, &length); + if (value != NULL) { + node = decode_or_get_asn1 (builder, "PKIX1.Certificate", value, length); + return_val_if_fail (node != NULL, NULL); + return p11_x509_find_extension (node, oid, value, length, ext_len); + } + + return NULL; +} + +static CK_OBJECT_HANDLE * +lookup_related (p11_index *index, + CK_OBJECT_CLASS klass, + CK_ATTRIBUTE *attr) +{ + CK_ATTRIBUTE match[] = { + { attr->type, attr->pValue, attr->ulValueLen }, + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID } + }; + + return p11_index_find_all (index, match, -1); +} + +p11_builder * +p11_builder_new (int flags) +{ + p11_builder *builder; + + builder = calloc (1, sizeof (p11_builder)); + return_val_if_fail (builder != NULL, NULL); + + builder->asn1_cache = p11_asn1_cache_new (); + if (builder->asn1_cache == NULL) { + p11_builder_free (builder); + return_val_if_reached (NULL); + } + builder->asn1_defs = p11_asn1_cache_defs (builder->asn1_cache); + + builder->flags = flags; + return builder; +} + +static int +atoin (const char *p, + int digits) +{ + int ret = 0, base = 1; + while(--digits >= 0) { + if (p[digits] < '0' || p[digits] > '9') + return -1; + ret += (p[digits] - '0') * base; + base *= 10; + } + return ret; +} + +static bool +type_bool (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return (attr->pValue != NULL && + sizeof (CK_BBOOL) == attr->ulValueLen); +} + +static bool +type_ulong (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return (attr->pValue != NULL && + sizeof (CK_ULONG) == attr->ulValueLen); +} + +static bool +type_utf8 (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + if (attr->ulValueLen == 0) + return true; + if (attr->pValue == NULL) + return false; + return p11_utf8_validate (attr->pValue, attr->ulValueLen); +} + +static bool +type_date (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + CK_DATE *date; + struct tm tm; + struct tm two; + + if (attr->ulValueLen == 0) + return true; + if (attr->pValue == NULL || attr->ulValueLen != sizeof (CK_DATE)) + return false; + + date = attr->pValue; + memset (&tm, 0, sizeof (tm)); + tm.tm_year = atoin ((char *)date->year, 4) - 1900; + tm.tm_mon = atoin ((char *)date->month, 2); + tm.tm_mday = atoin ((char *)date->day, 2); + + if (tm.tm_year < 0 || tm.tm_mon <= 0 || tm.tm_mday <= 0) + return false; + + memcpy (&two, &tm, sizeof (tm)); + two.tm_isdst = -1; // do not perform tz fixup + if (mktime (&two) < 0) + return false; + + /* If mktime changed anything, then bad date */ + if (tm.tm_year != two.tm_year || + tm.tm_mon != two.tm_mon || + tm.tm_mday != two.tm_mday) + return false; + + return true; +} + +static bool +check_der_struct (p11_builder *builder, + const char *struct_name, + CK_ATTRIBUTE *attr) +{ + node_asn *asn; + + if (attr->ulValueLen == 0) + return true; + if (attr->pValue == NULL) + return false; + + asn = p11_asn1_decode (builder->asn1_defs, struct_name, + attr->pValue, attr->ulValueLen, NULL); + + if (asn == NULL) + return false; + + asn1_delete_structure (&asn); + return true; +} + +static bool +type_der_name (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return check_der_struct (builder, "PKIX1.Name", attr); +} + +static bool +type_der_serial (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return check_der_struct (builder, "PKIX1.CertificateSerialNumber", attr); +} + +static bool +type_der_oid (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + /* AttributeType is an OBJECT ID */ + return check_der_struct (builder, "PKIX1.AttributeType", attr); +} + +static bool +type_der_cert (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return check_der_struct (builder, "PKIX1.Certificate", attr); +} + +static bool +type_der_key (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return check_der_struct (builder, "PKIX1.SubjectPublicKeyInfo", attr); +} + +static bool +type_der_ext (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + return check_der_struct (builder, "PKIX1.Extension", attr); +} + +static bool +type_false_or_time (p11_builder *builder, + CK_ATTRIBUTE *attr) +{ + struct tm tm; + struct tm two; + char *value; + + if (sizeof (CK_BBOOL) == attr->ulValueLen && + *((CK_BBOOL *)attr->pValue) == CK_FALSE) + return true; + + value = attr->pValue; + + switch (attr->ulValueLen) { + case 13: + /* UTCTime restricted by RFC 5280 4.1.2.5.1, i.e., in + * the format "YYMMDDHHMMSSZ" */ + if (value[attr->ulValueLen - 1] != 'Z') + return false; + + tm.tm_year = atoin (value, 2); + if (tm.tm_year < 0) + return false; + if (tm.tm_year >= 50) + tm.tm_year += 1900; + else if (tm.tm_year >= 0) + tm.tm_year += 2000; + value += 2; + + break; + case 15: + /* GeneralizedTime restricted by RFC 5280 4.1.2.5.2, + * i.e., in the form "YYYYMMDDHHMMSSZ" */ + if (value[attr->ulValueLen - 1] != 'Z') + return false; + + tm.tm_year = atoin (value, 4); + if (tm.tm_year < 0) + return false; + value += 4; + + break; + default: + return false; + } + + tm.tm_mon = atoin (value, 2); + value += 2; + tm.tm_mday = atoin (value, 2); + value += 2; + tm.tm_hour = atoin (value, 2); + value += 2; + tm.tm_min = atoin (value, 2); + value += 2; + tm.tm_sec = atoin (value, 2); + + if (tm.tm_mon <= 0 || tm.tm_mday <= 0 || + tm.tm_hour < 0 || tm.tm_min < 0 || tm.tm_sec < 0) + return false; + + memcpy (&two, &tm, sizeof (tm)); + two.tm_isdst = -1; /* do not perform tz fixup */ + + /* If mktime changed anything, then bad time */ + if (tm.tm_year != two.tm_year || + tm.tm_mon != two.tm_mon || + tm.tm_mday != two.tm_mday || + tm.tm_hour != two.tm_hour || + tm.tm_min != two.tm_min || + tm.tm_sec != two.tm_sec) + return false; + + return true; +} + +#define COMMON_ATTRS \ + { CKA_CLASS, REQUIRE | CREATE, type_ulong }, \ + { CKA_TOKEN, CREATE | WANT, type_bool }, \ + { CKA_MODIFIABLE, CREATE | WANT, type_bool }, \ + { CKA_PRIVATE, CREATE, type_bool }, \ + { CKA_LABEL, CREATE | MODIFY | WANT, type_utf8 }, \ + { CKA_X_GENERATED, CREATE }, \ + { CKA_X_ORIGIN, NONE } \ + +static CK_ATTRIBUTE * +common_populate (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *unused) +{ + CK_BBOOL tokenv = CK_FALSE; + CK_BBOOL modifiablev = CK_TRUE; + CK_BBOOL privatev = CK_FALSE; + CK_BBOOL generatedv = CK_FALSE; + + CK_ATTRIBUTE token = { CKA_TOKEN, &tokenv, sizeof (tokenv), }; + CK_ATTRIBUTE privat = { CKA_PRIVATE, &privatev, sizeof (privatev) }; + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; + CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) }; + CK_ATTRIBUTE label = { CKA_LABEL, "", 0 }; + + if (builder->flags & P11_BUILDER_FLAG_TOKEN) { + tokenv = CK_TRUE; + modifiablev = CK_FALSE; + } + + return p11_attrs_build (NULL, &token, &privat, &modifiable, &label, &generated, NULL); +} + +static void +calc_check_value (const unsigned char *data, + size_t length, + CK_BYTE *check_value) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + p11_digest_sha1 (checksum, data, length, NULL); + memcpy (check_value, checksum, 3); +} + +static int +century_for_two_digit_year (int year) +{ + time_t now; + struct tm tm; + int century, current; + + return_val_if_fail (year >= 0 && year <= 99, -1); + + /* Get the current year */ + now = time (NULL); + return_val_if_fail (now >= 0, -1); + if (!gmtime_r (&now, &tm)) + return_val_if_reached (-1); + + current = (tm.tm_year % 100); + century = (tm.tm_year + 1900) - current; + + /* + * Check if it's within 40 years before the + * current date. + */ + if (current < 40) { + if (year < current) + return century; + if (year > 100 - (40 - current)) + return century - 100; + } else { + if (year < current && year > (current - 40)) + return century; + } + + /* + * If it's after then adjust for overflows to + * the next century. + */ + if (year < current) + return century + 100; + else + return century; +} + +static bool +calc_date (node_asn *node, + const char *field, + CK_DATE *date) +{ + node_asn *choice; + char buf[64]; + int century; + char *sub; + int year; + int len; + int ret; + + if (!node) + return false; + + choice = asn1_find_node (node, field); + return_val_if_fail (choice != NULL, false); + + len = sizeof (buf) - 1; + ret = asn1_read_value (node, field, buf, &len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + sub = strconcat (field, ".", buf, NULL); + + /* + * So here we take a shortcut and just copy the date from the + * certificate into the CK_DATE. This doesn't take into account + * time zones. However the PKCS#11 spec does not say what timezone + * the dates are in. In the PKCS#11 value have a day resolution, + * and time zones aren't that critical. + */ + + if (strcmp (buf, "generalTime") == 0) { + len = sizeof (buf) - 1; + ret = asn1_read_value (node, sub, buf, &len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + return_val_if_fail (len >= 8, false); + + /* Same as first 8 characters of date */ + memcpy (date, buf, 8); + + } else if (strcmp (buf, "utcTime") == 0) { + len = sizeof (buf) - 1; + ret = asn1_read_value (node, sub, buf, &len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + return_val_if_fail (len >= 6, false); + + year = atoin (buf, 2); + return_val_if_fail (year >= 0, false); + + century = century_for_two_digit_year (year); + return_val_if_fail (century >= 0 && century <= 9900, false); + + snprintf ((char *)date->year, 3, "%02d", century / 100); + memcpy (((char *)date) + 2, buf, 6); + + } else { + return_val_if_reached (false); + } + + free (sub); + return true; +} + +static bool +calc_element (node_asn *node, + const unsigned char *data, + size_t length, + const char *field, + CK_ATTRIBUTE *attr) +{ + int ret; + int start, end; + + if (!node) + return false; + + ret = asn1_der_decoding_startEnd (node, data, length, field, &start, &end); + return_val_if_fail (ret == ASN1_SUCCESS, false); + return_val_if_fail (end >= start, false); + + attr->pValue = (void *)(data + start); + attr->ulValueLen = (end - start) + 1; + return true; +} + +static bool +is_v1_x509_authority (p11_builder *builder, + CK_ATTRIBUTE *cert) +{ + CK_ATTRIBUTE subject; + CK_ATTRIBUTE issuer; + CK_ATTRIBUTE *value; + char buffer[16]; + node_asn *node; + int len; + int ret; + + value = p11_attrs_find_valid (cert, CKA_VALUE); + if (value == NULL) + return false; + + node = decode_or_get_asn1 (builder, "PKIX1.Certificate", + value->pValue, value->ulValueLen); + return_val_if_fail (node != NULL, false); + + len = sizeof (buffer); + ret = asn1_read_value (node, "tbsCertificate.version", buffer, &len); + + /* The default value */ + if (ret == ASN1_ELEMENT_NOT_FOUND) { + ret = ASN1_SUCCESS; + buffer[0] = 0; + len = 1; + } + + return_val_if_fail (ret == ASN1_SUCCESS, false); + + /* + * In X.509 version v1 is the integer zero. Two's complement + * integer, but zero is easy to read. + */ + if (len != 1 || buffer[0] != 0) + return false; + + /* Must be self-signed, ie: same subject and issuer */ + if (!calc_element (node, value->pValue, value->ulValueLen, "tbsCertificate.subject", &subject)) + return_val_if_reached (false); + if (!calc_element (node, value->pValue, value->ulValueLen, "tbsCertificate.issuer", &issuer)) + return_val_if_reached (false); + return p11_attr_match_value (&subject, issuer.pValue, issuer.ulValueLen); +} + +static bool +calc_certificate_category (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert, + CK_ATTRIBUTE *public_key, + CK_ULONG *category) +{ + CK_ATTRIBUTE *label; + unsigned char *ext; + size_t ext_len; + bool is_ca = 0; + bool ret; + + /* + * In the PKCS#11 spec: + * 0 = unspecified (default value) + * 1 = token user + * 2 = authority + * 3 = other entity + */ + + /* See if we have a basic constraints extension */ + ext = lookup_extension (builder, index, cert, public_key, P11_OID_BASIC_CONSTRAINTS, &ext_len); + if (ext != NULL) { + ret = p11_x509_parse_basic_constraints (builder->asn1_defs, ext, ext_len, &is_ca); + free (ext); + if (!ret) { + label = p11_attrs_find_valid (cert, CKA_LABEL); + p11_message ("%.*s: invalid basic constraints certificate extension", + label ? (int)label->ulValueLen : 7, + label ? (char *)label->pValue : "unknown"); + return false; + } + + } else if (is_v1_x509_authority (builder, cert)) { + /* + * If there is no basic constraints extension, and the CA version is + * v1, and is self-signed, then we assume this is a certificate authority. + * So we add a BasicConstraints attached certificate extension + */ + is_ca = 1; + + } else if (!p11_attrs_find_valid (cert, CKA_VALUE)) { + /* + * If we have no certificate value, then this is unknown + */ + *category = 0; + return true; + + } + + *category = is_ca ? 2 : 3; + return true; +} + +static CK_ATTRIBUTE * +certificate_value_attrs (p11_builder *builder, + CK_ATTRIBUTE *attrs, + node_asn *node, + const unsigned char *der, + size_t der_len, + CK_ATTRIBUTE *public_key) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + unsigned char *keyid = NULL; + size_t keyid_len; + unsigned char *ext = NULL; + size_t ext_len; + CK_BBOOL falsev = CK_FALSE; + CK_ULONG zero = 0UL; + CK_BYTE checkv[3]; + CK_DATE startv; + CK_DATE endv; + char *labelv = NULL; + + CK_ATTRIBUTE trusted = { CKA_TRUSTED, &falsev, sizeof (falsev) }; + CK_ATTRIBUTE distrusted = { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }; + CK_ATTRIBUTE url = { CKA_URL, "", 0 }; + CK_ATTRIBUTE hash_of_subject_public_key = { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }; + CK_ATTRIBUTE hash_of_issuer_public_key = { CKA_HASH_OF_ISSUER_PUBLIC_KEY, "", 0 }; + CK_ATTRIBUTE java_midp_security_domain = { CKA_JAVA_MIDP_SECURITY_DOMAIN, &zero, sizeof (zero) }; + CK_ATTRIBUTE check_value = { CKA_CHECK_VALUE, &checkv, sizeof (checkv) }; + CK_ATTRIBUTE start_date = { CKA_START_DATE, &startv, sizeof (startv) }; + CK_ATTRIBUTE end_date = { CKA_END_DATE, &endv, sizeof (endv) }; + CK_ATTRIBUTE subject = { CKA_SUBJECT, }; + CK_ATTRIBUTE issuer = { CKA_ISSUER, "", 0 }; + CK_ATTRIBUTE serial_number = { CKA_SERIAL_NUMBER, "", 0 }; + CK_ATTRIBUTE label = { CKA_LABEL }; + CK_ATTRIBUTE id = { CKA_ID, NULL, 0 }; + + return_val_if_fail (attrs != NULL, NULL); + + if (der == NULL) + check_value.type = CKA_INVALID; + else + calc_check_value (der, der_len, checkv); + + if (!calc_date (node, "tbsCertificate.validity.notBefore", &startv)) + start_date.ulValueLen = 0; + if (!calc_date (node, "tbsCertificate.validity.notAfter", &endv)) + end_date.ulValueLen = 0; + + if (calc_element (node, der, der_len, "tbsCertificate.subjectPublicKeyInfo", public_key)) + public_key->type = CKA_PUBLIC_KEY_INFO; + else + public_key->type = CKA_INVALID; + calc_element (node, der, der_len, "tbsCertificate.issuer.rdnSequence", &issuer); + if (!calc_element (node, der, der_len, "tbsCertificate.subject.rdnSequence", &subject)) + subject.type = CKA_INVALID; + calc_element (node, der, der_len, "tbsCertificate.serialNumber", &serial_number); + + /* Try to build a keyid from an extension */ + if (node) { + ext = p11_x509_find_extension (node, P11_OID_SUBJECT_KEY_IDENTIFIER, der, der_len, &ext_len); + if (ext) { + keyid = p11_x509_parse_subject_key_identifier (builder->asn1_defs, ext, + ext_len, &keyid_len); + id.pValue = keyid; + id.ulValueLen = keyid_len; + } + } + + if (!node || !p11_x509_hash_subject_public_key (node, der, der_len, checksum)) + hash_of_subject_public_key.ulValueLen = 0; + + if (id.pValue == NULL) { + id.pValue = hash_of_subject_public_key.pValue; + id.ulValueLen = hash_of_subject_public_key.ulValueLen; + } + + if (node) { + labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject", + der, der_len, P11_OID_CN); + if (!labelv) + labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject", + der, der_len, P11_OID_OU); + if (!labelv) + labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject", + der, der_len, P11_OID_O); + } + + if (labelv) { + label.pValue = labelv; + label.ulValueLen = strlen (labelv); + } else { + label.type = CKA_INVALID; + } + + attrs = p11_attrs_build (attrs, &trusted, &distrusted, &url, &hash_of_issuer_public_key, + &hash_of_subject_public_key, &java_midp_security_domain, + &check_value, &start_date, &end_date, &id, + &subject, &issuer, &serial_number, &label, public_key, + NULL); + return_val_if_fail (attrs != NULL, NULL); + + free (ext); + free (keyid); + free (labelv); + return attrs; +} + +static CK_ATTRIBUTE * +certificate_populate (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert) +{ + CK_ULONG categoryv = 0UL; + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE public_key; + node_asn *node = NULL; + unsigned char *der = NULL; + size_t der_len = 0; + + CK_ATTRIBUTE category = { CKA_CERTIFICATE_CATEGORY, &categoryv, sizeof (categoryv) }; + CK_ATTRIBUTE empty_value = { CKA_VALUE, "", 0 }; + + attrs = common_populate (builder, index, cert); + return_val_if_fail (attrs != NULL, NULL); + + der = p11_attrs_find_value (cert, CKA_VALUE, &der_len); + if (der != NULL) + node = decode_or_get_asn1 (builder, "PKIX1.Certificate", der, der_len); + + attrs = certificate_value_attrs (builder, attrs, node, der, der_len, &public_key); + return_val_if_fail (attrs != NULL, NULL); + + if (!calc_certificate_category (builder, index, cert, &public_key, &categoryv)) + categoryv = 0; + + return p11_attrs_build (attrs, &category, &empty_value, NULL); +} + +static bool +have_attribute (CK_ATTRIBUTE *attrs1, + CK_ATTRIBUTE *attrs2, + CK_ATTRIBUTE_TYPE type) +{ + CK_ATTRIBUTE *attr; + + attr = p11_attrs_find (attrs1, type); + if (attr == NULL) + attr = p11_attrs_find (attrs2, type); + return attr != NULL && attr->ulValueLen > 0; +} + +static CK_RV +certificate_validate (p11_builder *builder, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge) +{ + /* + * In theory we should be validating that in the absence of CKA_VALUE + * various other fields must be set. However we do not enforce this + * because we want to be able to have certificates without a value + * but issuer and serial number, for blacklisting purposes. + */ + + if (have_attribute (attrs, merge, CKA_URL)) { + if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) { + p11_message ("missing the CKA_HASH_OF_SUBJECT_PUBLIC_KEY attribute"); + return CKR_TEMPLATE_INCONSISTENT; + } + + if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) { + p11_message ("missing the CKA_HASH_OF_ISSUER_PUBLIC_KEY attribute"); + return CKR_TEMPLATE_INCONSISTENT; + } + } + + return CKR_OK; +} + +const static builder_schema certificate_schema = { + NORMAL_BUILD, + { COMMON_ATTRS, + { CKA_CERTIFICATE_TYPE, REQUIRE | CREATE, type_ulong }, + { CKA_TRUSTED, CREATE | WANT, type_bool }, + { CKA_X_DISTRUSTED, CREATE | WANT, type_bool }, + { CKA_NSS_MOZILLA_CA_POLICY, CREATE | WANT, type_bool }, + { CKA_NSS_SERVER_DISTRUST_AFTER, CREATE | WANT, type_false_or_time }, + { CKA_NSS_EMAIL_DISTRUST_AFTER, CREATE | WANT, type_false_or_time }, + { CKA_CERTIFICATE_CATEGORY, CREATE | WANT, type_ulong }, + { CKA_CHECK_VALUE, CREATE | WANT, }, + { CKA_START_DATE, CREATE | MODIFY | WANT, type_date }, + { CKA_END_DATE, CREATE | MODIFY | WANT, type_date }, + { CKA_SUBJECT, CREATE | WANT, type_der_name }, + { CKA_ID, CREATE | MODIFY | WANT }, + { CKA_ISSUER, CREATE | MODIFY | WANT, type_der_name }, + { CKA_SERIAL_NUMBER, CREATE | MODIFY | WANT, type_der_serial }, + { CKA_VALUE, CREATE, type_der_cert }, + { CKA_URL, CREATE, type_utf8 }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CREATE }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, CREATE }, + { CKA_JAVA_MIDP_SECURITY_DOMAIN, CREATE, type_ulong }, + { CKA_PUBLIC_KEY_INFO, WANT, type_der_key }, + { CKA_INVALID }, + }, certificate_populate, certificate_validate, +}; + +static CK_ATTRIBUTE * +extension_populate (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *extension) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + CK_ATTRIBUTE object_id = { CKA_INVALID }; + CK_ATTRIBUTE id = { CKA_INVALID }; + CK_ATTRIBUTE *attrs = NULL; + + void *der; + size_t len; + node_asn *asn; + + attrs = common_populate (builder, index, extension); + return_val_if_fail (attrs != NULL, NULL); + + if (!p11_attrs_find_valid (attrs, CKA_ID)) { + der = p11_attrs_find_value (extension, CKA_PUBLIC_KEY_INFO, &len); + return_val_if_fail (der != NULL, NULL); + + p11_digest_sha1 (checksum, der, len, NULL); + id.pValue = checksum; + id.ulValueLen = sizeof (checksum); + id.type = CKA_ID; + } + + /* Pull the object id out of the extension if not present */ + if (!p11_attrs_find_valid (attrs, CKA_OBJECT_ID)) { + der = p11_attrs_find_value (extension, CKA_VALUE, &len); + return_val_if_fail (der != NULL, NULL); + + asn = decode_or_get_asn1 (builder, "PKIX1.Extension", der, len); + return_val_if_fail (asn != NULL, NULL); + + if (calc_element (asn, der, len, "extnID", &object_id)) + object_id.type = CKA_OBJECT_ID; + } + + attrs = p11_attrs_build (attrs, &object_id, &id, NULL); + return_val_if_fail (attrs != NULL, NULL); + + return attrs; +} + +const static builder_schema extension_schema = { + NORMAL_BUILD, + { COMMON_ATTRS, + { CKA_VALUE, REQUIRE | CREATE, type_der_ext }, + { CKA_PUBLIC_KEY_INFO, REQUIRE | CREATE, type_der_key }, + { CKA_OBJECT_ID, CREATE | WANT, type_der_oid }, + { CKA_ID, CREATE | MODIFY }, + { CKA_INVALID }, + }, extension_populate, +}; + +static CK_ATTRIBUTE * +data_populate (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *data) +{ + static const CK_ATTRIBUTE value = { CKA_VALUE, "", 0 }; + static const CK_ATTRIBUTE application = { CKA_APPLICATION, "", 0 }; + static const CK_ATTRIBUTE object_id = { CKA_OBJECT_ID, "", 0 }; + CK_ATTRIBUTE *attrs; + + attrs = common_populate (builder, index, data); + return_val_if_fail (attrs != NULL, NULL); + + return p11_attrs_build (attrs, &value, &application, &object_id, NULL); +} + +const static builder_schema data_schema = { + NORMAL_BUILD, + { COMMON_ATTRS, + { CKA_VALUE, CREATE | MODIFY | WANT }, + { CKA_APPLICATION, CREATE | MODIFY | WANT, type_utf8 }, + { CKA_OBJECT_ID, CREATE | MODIFY | WANT, type_der_oid }, + { CKA_INVALID }, + }, data_populate, +}; + +const static builder_schema trust_schema = { + GENERATED_CLASS, + { COMMON_ATTRS, + { CKA_CERT_SHA1_HASH, CREATE }, + { CKA_CERT_MD5_HASH, CREATE }, + { CKA_ISSUER, CREATE }, + { CKA_SUBJECT, CREATE }, + { CKA_SERIAL_NUMBER, CREATE }, + { CKA_TRUST_SERVER_AUTH, CREATE }, + { CKA_TRUST_CLIENT_AUTH, CREATE }, + { CKA_TRUST_EMAIL_PROTECTION, CREATE }, + { CKA_TRUST_CODE_SIGNING, CREATE }, + { CKA_TRUST_IPSEC_END_SYSTEM, CREATE }, + { CKA_TRUST_IPSEC_TUNNEL, CREATE }, + { CKA_TRUST_IPSEC_USER, CREATE }, + { CKA_TRUST_TIME_STAMPING, CREATE }, + { CKA_TRUST_DIGITAL_SIGNATURE, CREATE }, + { CKA_TRUST_NON_REPUDIATION, CREATE }, + { CKA_TRUST_KEY_ENCIPHERMENT, CREATE }, + { CKA_TRUST_DATA_ENCIPHERMENT, CREATE }, + { CKA_TRUST_KEY_AGREEMENT, CREATE }, + { CKA_TRUST_KEY_CERT_SIGN, CREATE }, + { CKA_TRUST_CRL_SIGN, CREATE }, + { CKA_TRUST_STEP_UP_APPROVED, CREATE }, + { CKA_ID, CREATE }, + { CKA_INVALID }, + }, common_populate +}; + +const static builder_schema assertion_schema = { + GENERATED_CLASS, + { COMMON_ATTRS, + { CKA_X_PURPOSE, REQUIRE | CREATE }, + { CKA_X_CERTIFICATE_VALUE, CREATE }, + { CKA_X_ASSERTION_TYPE, REQUIRE | CREATE }, + { CKA_ISSUER, CREATE }, + { CKA_SERIAL_NUMBER, CREATE }, + { CKA_X_PEER, CREATE }, + { CKA_ID, CREATE }, + { CKA_INVALID }, + }, common_populate +}; + +const static builder_schema builtin_schema = { + GENERATED_CLASS, + { COMMON_ATTRS, + { CKA_INVALID }, + }, common_populate +}; + +static const char * +value_name (const p11_constant *info, + CK_ATTRIBUTE_TYPE type) +{ + const char *name = p11_constant_name (info, type); + return name ? name : "unknown"; +} + +static const char * +type_name (CK_ATTRIBUTE_TYPE type) +{ + return value_name (p11_constant_types, type); +} + +static CK_RV +build_for_schema (p11_builder *builder, + p11_index *index, + const builder_schema *schema, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **extra) +{ + CK_BBOOL modifiable; + CK_ATTRIBUTE *attr; + bool modifying; + bool creating; + bool populate; + bool loading; + bool found; + int flags; + int i, j; + CK_RV rv; + + populate = false; + + /* Signifies that data is being loaded */ + loading = p11_index_loading (index); + + /* Signifies that this is being created by a caller, instead of loaded */ + creating = (attrs == NULL && !loading); + + /* Item is being modified by a caller */ + modifying = (attrs != NULL && !loading); + + /* This item may not be modifiable */ + if (modifying) { + if (!p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &modifiable) || !modifiable) { + p11_message ("the object is not modifiable"); + return CKR_ATTRIBUTE_READ_ONLY; + } + } + + if (creating && (builder->flags & P11_BUILDER_FLAG_TOKEN)) { + if (schema->build_flags & GENERATED_CLASS) { + p11_message ("objects of this type cannot be created"); + return CKR_TEMPLATE_INCONSISTENT; + } + } + + for (i = 0; merge[i].type != CKA_INVALID; i++) { + + /* Don't validate attribute if not changed */ + attr = p11_attrs_find (attrs, merge[i].type); + if (attr && p11_attr_equal (attr, merge + i)) + continue; + + found = false; + for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) { + if (schema->attrs[j].type != merge[i].type) + continue; + + flags = schema->attrs[j].flags; + if (creating && !(flags & CREATE)) { + p11_message ("the %s attribute cannot be set", + type_name (schema->attrs[j].type)); + return CKR_ATTRIBUTE_READ_ONLY; + } + if (modifying && !(flags & MODIFY)) { + p11_message ("the %s attribute cannot be changed", + type_name (schema->attrs[j].type)); + return CKR_ATTRIBUTE_READ_ONLY; + } + if (!loading && schema->attrs[j].validate != NULL && + !schema->attrs[j].validate (builder, merge + i)) { + p11_message ("the %s attribute has an invalid value", + type_name (schema->attrs[j].type)); + return CKR_ATTRIBUTE_VALUE_INVALID; + } + found = true; + break; + } + + if (!found) { + p11_message ("the %s attribute is not valid for the object", + type_name (merge[i].type)); + return CKR_TEMPLATE_INCONSISTENT; + } + } + + if (attrs == NULL) { + for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) { + flags = schema->attrs[j].flags; + found = false; + + if ((flags & REQUIRE) || (flags & WANT)) { + for (i = 0; merge[i].type != CKA_INVALID; i++) { + if (schema->attrs[j].type == merge[i].type) { + found = true; + break; + } + } + } + + if (!found) { + if (flags & REQUIRE) { + p11_message ("missing the %s attribute", + type_name (schema->attrs[j].type)); + return CKR_TEMPLATE_INCOMPLETE; + } else if (flags & WANT) { + populate = true; + } + } + } + } + + /* Validate the result, before committing to the change. */ + if (!loading && schema->validate) { + rv = (schema->validate) (builder, attrs, merge); + if (rv != CKR_OK) + return rv; + } + + if (populate && schema->populate) + *extra = schema->populate (builder, index, merge); + + return CKR_OK; +} + +CK_RV +p11_builder_build (void *bilder, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + p11_builder *builder = bilder; + CK_OBJECT_CLASS klass; + CK_CERTIFICATE_TYPE type; + CK_BBOOL token; + + return_val_if_fail (builder != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (merge != NULL, CKR_GENERAL_ERROR); + + if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CLASS, &klass)) { + p11_message ("no CKA_CLASS attribute found"); + return CKR_TEMPLATE_INCOMPLETE; + } + + if (!attrs && p11_attrs_find_bool (merge, CKA_TOKEN, &token)) { + if (token != ((builder->flags & P11_BUILDER_FLAG_TOKEN) ? CK_TRUE : CK_FALSE)) { + p11_message ("cannot create a %s object", token ? "token" : "non-token"); + return CKR_TEMPLATE_INCONSISTENT; + } + } + + switch (klass) { + case CKO_CERTIFICATE: + if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CERTIFICATE_TYPE, &type)) { + p11_message ("missing %s on object", type_name (CKA_CERTIFICATE_TYPE)); + return CKR_TEMPLATE_INCOMPLETE; + } else if (type == CKC_X_509) { + return build_for_schema (builder, index, &certificate_schema, attrs, merge, populate); + } else { + p11_message ("%s unsupported %s", value_name (p11_constant_certs, type), + type_name (CKA_CERTIFICATE_TYPE)); + return CKR_TEMPLATE_INCONSISTENT; + } + + case CKO_X_CERTIFICATE_EXTENSION: + return build_for_schema (builder, index, &extension_schema, attrs, merge, populate); + + case CKO_DATA: + return build_for_schema (builder, index, &data_schema, attrs, merge, populate); + + case CKO_NSS_TRUST: + return build_for_schema (builder, index, &trust_schema, attrs, merge, populate); + + case CKO_NSS_BUILTIN_ROOT_LIST: + return build_for_schema (builder, index, &builtin_schema, attrs, merge, populate); + + case CKO_X_TRUST_ASSERTION: + return build_for_schema (builder, index, &assertion_schema, attrs, merge, populate); + + default: + p11_message ("%s unsupported object class", + value_name (p11_constant_classes, klass)); + return CKR_TEMPLATE_INCONSISTENT; + } +} + +void +p11_builder_free (p11_builder *builder) +{ + return_if_fail (builder != NULL); + + p11_asn1_cache_free (builder->asn1_cache); + free (builder); +} + +p11_asn1_cache * +p11_builder_get_cache (p11_builder *builder) +{ + return_val_if_fail (builder != NULL, NULL); + return builder->asn1_cache; +} + +static CK_ATTRIBUTE * +build_trust_object_ku (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert, + CK_ATTRIBUTE *object, + CK_TRUST present) +{ + unsigned char *data = NULL; + unsigned int ku = 0; + size_t length; + CK_TRUST defawlt; + CK_ULONG i; + + struct { + CK_ATTRIBUTE_TYPE type; + unsigned int ku; + } ku_attribute_map[] = { + { CKA_TRUST_DIGITAL_SIGNATURE, P11_KU_DIGITAL_SIGNATURE }, + { CKA_TRUST_NON_REPUDIATION, P11_KU_NON_REPUDIATION }, + { CKA_TRUST_KEY_ENCIPHERMENT, P11_KU_KEY_ENCIPHERMENT }, + { CKA_TRUST_DATA_ENCIPHERMENT, P11_KU_DATA_ENCIPHERMENT }, + { CKA_TRUST_KEY_AGREEMENT, P11_KU_KEY_AGREEMENT }, + { CKA_TRUST_KEY_CERT_SIGN, P11_KU_KEY_CERT_SIGN }, + { CKA_TRUST_CRL_SIGN, P11_KU_CRL_SIGN }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE attrs[sizeof (ku_attribute_map)]; + + defawlt = present; + + /* If blacklisted, don't even bother looking at extensions */ + if (present != CKT_NSS_NOT_TRUSTED) + data = lookup_extension (builder, index, cert, NULL, P11_OID_KEY_USAGE, &length); + + if (data) { + /* + * If the certificate extension was missing, then *all* key + * usages are to be set. If the extension was invalid, then + * fail safe to none of the key usages. + */ + defawlt = CKT_NSS_TRUST_UNKNOWN; + + if (!p11_x509_parse_key_usage (builder->asn1_defs, data, length, &ku)) + p11_message ("invalid key usage certificate extension"); + free (data); + } + + for (i = 0; ku_attribute_map[i].type != CKA_INVALID; i++) { + attrs[i].type = ku_attribute_map[i].type; + if (data && (ku & ku_attribute_map[i].ku) == ku_attribute_map[i].ku) { + attrs[i].pValue = &present; + attrs[i].ulValueLen = sizeof (present); + } else { + attrs[i].pValue = &defawlt; + attrs[i].ulValueLen = sizeof (defawlt); + } + } + + return p11_attrs_buildn (object, attrs, i); +} + +static bool +strv_to_dict (const char **array, + p11_dict **dict) +{ + int i; + + if (!array) { + *dict = NULL; + return true; + } + + *dict = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + return_val_if_fail (*dict != NULL, false); + + for (i = 0; array[i] != NULL; i++) { + if (!p11_dict_set (*dict, (void *)array[i], (void *)array[i])) + return_val_if_reached (false); + } + + return true; +} + +static CK_ATTRIBUTE * +build_trust_object_eku (CK_ATTRIBUTE *object, + CK_TRUST allow, + const char **purposes, + const char **rejects) +{ + p11_dict *dict_purp; + p11_dict *dict_rej; + CK_TRUST neutral; + CK_TRUST disallow; + CK_ULONG i; + + struct { + CK_ATTRIBUTE_TYPE type; + const char *oid; + } eku_attribute_map[] = { + { CKA_TRUST_SERVER_AUTH, P11_OID_SERVER_AUTH_STR }, + { CKA_TRUST_CLIENT_AUTH, P11_OID_CLIENT_AUTH_STR }, + { CKA_TRUST_CODE_SIGNING, P11_OID_CODE_SIGNING_STR }, + { CKA_TRUST_EMAIL_PROTECTION, P11_OID_EMAIL_PROTECTION_STR }, + { CKA_TRUST_IPSEC_END_SYSTEM, P11_OID_IPSEC_END_SYSTEM_STR }, + { CKA_TRUST_IPSEC_TUNNEL, P11_OID_IPSEC_TUNNEL_STR }, + { CKA_TRUST_IPSEC_USER, P11_OID_IPSEC_USER_STR }, + { CKA_TRUST_TIME_STAMPING, P11_OID_TIME_STAMPING_STR }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE attrs[sizeof (eku_attribute_map)]; + + if (!strv_to_dict (purposes, &dict_purp) || + !strv_to_dict (rejects, &dict_rej)) + return_val_if_reached (NULL); + + /* The neutral value is set if an purpose is not present */ + if (allow == CKT_NSS_NOT_TRUSTED) + neutral = CKT_NSS_NOT_TRUSTED; + + /* If anything explicitly set, then neutral is unknown */ + else if (purposes || rejects) + neutral = CKT_NSS_TRUST_UNKNOWN; + + /* Otherwise neutral will allow any purpose */ + else + neutral = allow; + + /* The value set if a purpose is explicitly rejected */ + disallow = CKT_NSS_NOT_TRUSTED; + + for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) { + attrs[i].type = eku_attribute_map[i].type; + if (dict_rej && p11_dict_get (dict_rej, eku_attribute_map[i].oid)) { + attrs[i].pValue = &disallow; + attrs[i].ulValueLen = sizeof (disallow); + } else if (dict_purp && p11_dict_get (dict_purp, eku_attribute_map[i].oid)) { + attrs[i].pValue = &allow; + attrs[i].ulValueLen = sizeof (allow); + } else { + attrs[i].pValue = &neutral; + attrs[i].ulValueLen = sizeof (neutral); + } + } + + p11_dict_free (dict_purp); + p11_dict_free (dict_rej); + + return p11_attrs_buildn (object, attrs, i); +} + +static void +replace_nss_trust_object (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert, + CK_BBOOL trust, + CK_BBOOL distrust, + CK_BBOOL authority, + const char **purposes, + const char **rejects) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *match = NULL; + CK_TRUST allow; + CK_RV rv; + + CK_OBJECT_CLASS klassv = CKO_NSS_TRUST; + CK_BYTE sha1v[P11_DIGEST_SHA1_LEN]; + CK_BYTE md5v[P11_DIGEST_MD5_LEN]; + CK_BBOOL generatedv = CK_FALSE; + CK_BBOOL falsev = CK_FALSE; + + CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &falsev, sizeof (falsev) }; + CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) }; + CK_ATTRIBUTE invalid = { CKA_INVALID, }; + + CK_ATTRIBUTE md5_hash = { CKA_CERT_MD5_HASH, md5v, sizeof (md5v) }; + CK_ATTRIBUTE sha1_hash = { CKA_CERT_SHA1_HASH, sha1v, sizeof (sha1v) }; + + CK_ATTRIBUTE step_up_approved = { CKA_TRUST_STEP_UP_APPROVED, &falsev, sizeof (falsev) }; + + CK_ATTRIBUTE_PTR label; + CK_ATTRIBUTE_PTR id; + CK_ATTRIBUTE_PTR subject; + CK_ATTRIBUTE_PTR issuer; + CK_ATTRIBUTE_PTR serial_number; + + p11_array *array; + void *value; + size_t length; + + issuer = p11_attrs_find_valid (cert, CKA_ISSUER); + serial_number = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); + value = p11_attrs_find_value (cert, CKA_VALUE, &length); + + if (!issuer && !serial_number && !value) { + p11_debug ("can't generate nss trust object for certificate without issuer+serial or value"); + return; + } + + if (value == NULL) { + md5_hash.type = CKA_INVALID; + sha1_hash.type = CKA_INVALID; + } else { + p11_digest_md5 (md5v, value, length, NULL); + p11_digest_sha1 (sha1v, value, length, NULL); + } + if (!issuer) + issuer = &invalid; + if (!serial_number) + serial_number = &invalid; + + match = p11_attrs_build (NULL, issuer, serial_number, &sha1_hash, + &generated, &klass, NULL); + return_if_fail (match != NULL); + + /* If we find a non-generated object, then don't generate */ + if (p11_index_find (index, match, -1)) { + p11_debug ("not generating nss trust object because one already exists"); + attrs = NULL; + + } else { + generatedv = CK_TRUE; + match = p11_attrs_build (match, &generated, NULL); + return_if_fail (match != NULL); + + /* Copy all of the following attributes from certificate */ + id = p11_attrs_find_valid (cert, CKA_ID); + if (id == NULL) + id = &invalid; + subject = p11_attrs_find_valid (cert, CKA_SUBJECT); + if (subject == NULL) + subject = &invalid; + label = p11_attrs_find_valid (cert, CKA_LABEL); + if (label == NULL) + label = &invalid; + + attrs = p11_attrs_dup (match); + return_if_fail (attrs != NULL); + + attrs = p11_attrs_build (attrs, &klass, &modifiable, id, label, + subject, issuer, serial_number, + &md5_hash, &sha1_hash, &step_up_approved, NULL); + return_if_fail (attrs != NULL); + + /* Calculate the default allow trust */ + if (distrust) + allow = CKT_NSS_NOT_TRUSTED; + else if (trust && authority) + allow = CKT_NSS_TRUSTED_DELEGATOR; + else if (trust) + allow = CKT_NSS_TRUSTED; + else + allow = CKT_NSS_TRUST_UNKNOWN; + + attrs = build_trust_object_ku (builder, index, cert, attrs, allow); + return_if_fail (attrs != NULL); + + attrs = build_trust_object_eku (attrs, allow, purposes, rejects); + return_if_fail (attrs != NULL); + } + + /* Replace related generated object with this new one */ + array = p11_array_new (NULL); + p11_array_push (array, attrs); + rv = p11_index_replace_all (index, match, CKA_INVALID, array); + return_if_fail (rv == CKR_OK); + p11_array_free (array); + + p11_attrs_free (match); +} + +static void +build_assertions (p11_array *array, + CK_ATTRIBUTE *cert, + CK_X_ASSERTION_TYPE type, + const char **oids) +{ + CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION; + CK_BBOOL truev = CK_TRUE; + CK_BBOOL falsev = CK_FALSE; + + CK_ATTRIBUTE klass = { CKA_CLASS, &assertion, sizeof (assertion) }; + CK_ATTRIBUTE private = { CKA_PRIVATE, &falsev, sizeof (falsev) }; + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &falsev, sizeof (falsev) }; + CK_ATTRIBUTE assertion_type = { CKA_X_ASSERTION_TYPE, &type, sizeof (type) }; + CK_ATTRIBUTE autogen = { CKA_X_GENERATED, &truev, sizeof (truev) }; + CK_ATTRIBUTE purpose = { CKA_X_PURPOSE, }; + CK_ATTRIBUTE invalid = { CKA_INVALID, }; + CK_ATTRIBUTE certificate_value = { CKA_X_CERTIFICATE_VALUE, }; + + CK_ATTRIBUTE *issuer; + CK_ATTRIBUTE *serial; + CK_ATTRIBUTE *value; + CK_ATTRIBUTE *label; + CK_ATTRIBUTE *id; + CK_ATTRIBUTE *attrs; + int i; + + if (type == CKT_X_DISTRUSTED_CERTIFICATE) { + certificate_value.type = CKA_INVALID; + issuer = p11_attrs_find_valid (cert, CKA_ISSUER); + serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); + + if (!issuer || !serial) { + p11_debug ("not building negative trust assertion for certificate without serial or issuer"); + return; + } + + } else { + issuer = &invalid; + serial = &invalid; + value = p11_attrs_find_valid (cert, CKA_VALUE); + + if (value == NULL) { + p11_debug ("not building positive trust assertion for certificate without value"); + return; + } + + certificate_value.pValue = value->pValue; + certificate_value.ulValueLen = value->ulValueLen; + } + + label = p11_attrs_find (cert, CKA_LABEL); + if (label == NULL) + label = &invalid; + id = p11_attrs_find (cert, CKA_ID); + if (id == NULL) + id = &invalid; + + for (i = 0; oids[i] != NULL; i++) { + purpose.pValue = (void *)oids[i]; + purpose.ulValueLen = strlen (oids[i]); + + attrs = p11_attrs_build (NULL, &klass, &private, &modifiable, + id, label, &assertion_type, &purpose, + issuer, serial, &certificate_value, &autogen, NULL); + return_if_fail (attrs != NULL); + + if (!p11_array_push (array, attrs)) + return_if_reached (); + } +} + +static void +build_trust_assertions (p11_array *positives, + p11_array *negatives, + CK_ATTRIBUTE *cert, + CK_BBOOL trust, + CK_BBOOL distrust, + CK_BBOOL authority, + const char **purposes, + const char **rejects) +{ + const char *all_purposes[] = { + P11_OID_SERVER_AUTH_STR, + P11_OID_CLIENT_AUTH_STR, + P11_OID_CODE_SIGNING_STR, + P11_OID_EMAIL_PROTECTION_STR, + P11_OID_IPSEC_END_SYSTEM_STR, + P11_OID_IPSEC_TUNNEL_STR, + P11_OID_IPSEC_USER_STR, + P11_OID_TIME_STAMPING_STR, + NULL, + }; + + /* Build assertions for anything that's explicitly rejected */ + if (rejects && negatives) { + build_assertions (negatives, cert, CKT_X_DISTRUSTED_CERTIFICATE, rejects); + } + + if (distrust && negatives) { + /* + * Trust assertions are defficient in that they don't blacklist a certificate + * for any purposes. So we just have to go wild and write out a bunch of + * assertions for all our known purposes. + */ + build_assertions (negatives, cert, CKT_X_DISTRUSTED_CERTIFICATE, all_purposes); + } + + /* + * TODO: Build pinned certificate assertions. That is, trusted + * certificates where not an authority. + */ + + if (trust && authority && positives) { + if (purposes) { + /* If purposes explicitly set, then anchor for those purposes */ + build_assertions (positives, cert, CKT_X_ANCHORED_CERTIFICATE, purposes); + } else { + /* If purposes not-explicitly set, then anchor for all known */ + build_assertions (positives, cert, CKT_X_ANCHORED_CERTIFICATE, all_purposes); + } + } +} + +static void +replace_trust_assertions (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert, + CK_BBOOL trust, + CK_BBOOL distrust, + CK_BBOOL authority, + const char **purposes, + const char **rejects) +{ + CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION; + CK_BBOOL generated = CK_TRUE; + p11_array *positives = NULL; + p11_array *negatives = NULL; + CK_ATTRIBUTE *value; + CK_ATTRIBUTE *issuer; + CK_ATTRIBUTE *serial; + CK_RV rv; + + CK_ATTRIBUTE match_positive[] = { + { CKA_X_CERTIFICATE_VALUE, }, + { CKA_CLASS, &assertion, sizeof (assertion) }, + { CKA_X_GENERATED, &generated, sizeof (generated) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_negative[] = { + { CKA_ISSUER, }, + { CKA_SERIAL_NUMBER, }, + { CKA_CLASS, &assertion, sizeof (assertion) }, + { CKA_X_GENERATED, &generated, sizeof (generated) }, + { CKA_INVALID } + }; + + value = p11_attrs_find_valid (cert, CKA_VALUE); + if (value) { + positives = p11_array_new (NULL); + match_positive[0].pValue = value->pValue; + match_positive[0].ulValueLen = value->ulValueLen; + } + + issuer = p11_attrs_find_valid (cert, CKA_ISSUER); + serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); + if (issuer && serial) { + negatives = p11_array_new (NULL); + memcpy (match_negative + 0, issuer, sizeof (CK_ATTRIBUTE)); + memcpy (match_negative + 1, serial, sizeof (CK_ATTRIBUTE)); + } + + build_trust_assertions (positives, negatives, cert, trust, distrust, + authority, purposes, rejects); + + if (positives) { + rv = p11_index_replace_all (index, match_positive, CKA_X_PURPOSE, positives); + return_if_fail (rv == CKR_OK); + p11_array_free (positives); + } + + if (negatives) { + rv = p11_index_replace_all (index, match_negative, CKA_X_PURPOSE, negatives); + return_if_fail (rv == CKR_OK); + p11_array_free (negatives); + } +} + +static void +remove_trust_and_assertions (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + replace_nss_trust_object (builder, index, attrs, + CK_FALSE, CK_FALSE, CK_FALSE, + NULL, NULL); + replace_trust_assertions (builder, index, attrs, + CK_FALSE, CK_FALSE, CK_FALSE, + NULL, NULL); +} + +static void +replace_trust_and_assertions (p11_builder *builder, + p11_index *index, + CK_ATTRIBUTE *cert) +{ + CK_BBOOL trust = CK_FALSE; + CK_BBOOL distrust = CK_FALSE; + CK_BBOOL authority = CK_FALSE; + p11_array *purposes = NULL; + p11_array *rejects = NULL; + const char **purposev; + const char **rejectv; + CK_ULONG category; + unsigned char *ext; + size_t ext_len; + + /* + * We look up all this information in advance, since it's used + * by the various adapter objects, and we don't have to parse + * it multiple times. + */ + + if (!p11_attrs_find_bool (cert, CKA_TRUSTED, &trust)) + trust = CK_FALSE; + if (!p11_attrs_find_bool (cert, CKA_X_DISTRUSTED, &distrust)) + distrust = CK_FALSE; + if (p11_attrs_find_ulong (cert, CKA_CERTIFICATE_CATEGORY, &category) && category == 2) + authority = CK_TRUE; + + if (!distrust) { + ext = lookup_extension (builder, index, cert, NULL, P11_OID_EXTENDED_KEY_USAGE, &ext_len); + if (ext != NULL) { + purposes = p11_x509_parse_extended_key_usage (builder->asn1_defs, ext, ext_len); + if (purposes == NULL) + p11_message ("invalid extended key usage certificate extension"); + free (ext); + } + + ext = lookup_extension (builder, index, cert, NULL, P11_OID_OPENSSL_REJECT, &ext_len); + if (ext != NULL) { + rejects = p11_x509_parse_extended_key_usage (builder->asn1_defs, ext, ext_len); + if (rejects == NULL) + p11_message ("invalid reject key usage certificate extension"); + free (ext); + } + } + + /* null-terminate these arrays and use as strv's */ + purposev = rejectv = NULL; + if (rejects) { + if (!p11_array_push (rejects, NULL)) + return_if_reached (); + rejectv = (const char **)rejects->elem; + } + if (purposes) { + if (!p11_array_push (purposes, NULL)) + return_if_reached (); + purposev = (const char **)purposes->elem; + } + + replace_nss_trust_object (builder, index, cert, trust, distrust, + authority, purposev, rejectv); + replace_trust_assertions (builder, index, cert, trust, distrust, + authority, purposev, rejectv); + + p11_array_free (purposes); + p11_array_free (rejects); +} + +static void +replace_compat_for_cert (p11_builder *builder, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + static const CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; + static const CK_CERTIFICATE_TYPE x509 = CKC_X_509; + CK_ATTRIBUTE *value; + + CK_ATTRIBUTE match[] = { + { CKA_VALUE, }, + { CKA_CLASS, (void *)&certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, (void *)&x509, sizeof (x509) }, + { CKA_INVALID } + }; + + /* + * If this certificate is going away, then find duplicate. In this + * case all the trust assertions are recalculated with this new + * certificate in mind. + */ + if (handle == 0) { + value = p11_attrs_find_valid (attrs, CKA_VALUE); + if (value != NULL) { + match[0].pValue = value->pValue; + match[0].ulValueLen = value->ulValueLen; + handle = p11_index_find (index, match, -1); + } + if (handle != 0) + attrs = p11_index_lookup (index, handle); + } + + if (handle == 0) + remove_trust_and_assertions (builder, index, attrs); + else + replace_trust_and_assertions (builder, index, attrs); +} + +static void +replace_compat_for_ext (p11_builder *builder, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + + CK_OBJECT_HANDLE *handles; + CK_ATTRIBUTE *public_key; + int i; + + public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); + if (public_key == NULL) + return; + + handles = lookup_related (index, CKO_CERTIFICATE, public_key); + for (i = 0; handles && handles[i] != 0; i++) { + attrs = p11_index_lookup (index, handles[i]); + replace_trust_and_assertions (builder, index, attrs); + } + free (handles); +} + +static void +update_related_category (p11_builder *builder, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_HANDLE *handles; + CK_ULONG categoryv = 0UL; + CK_ATTRIBUTE *update; + CK_ATTRIBUTE *cert; + CK_ATTRIBUTE *public_key; + CK_RV rv; + int i; + + CK_ATTRIBUTE category[] = { + { CKA_CERTIFICATE_CATEGORY, &categoryv, sizeof (categoryv) }, + { CKA_INVALID, }, + }; + + public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); + if (public_key == NULL) + return; + + /* Find all other objects with this handle */ + handles = lookup_related (index, CKO_CERTIFICATE, public_key); + + for (i = 0; handles && handles[i] != 0; i++) { + cert = p11_index_lookup (index, handle); + + if (calc_certificate_category (builder, index, cert, public_key, &categoryv)) { + update = p11_attrs_build (NULL, &category, NULL); + rv = p11_index_update (index, handles[i], update); + return_if_fail (rv == CKR_OK); + } + } + + free (handles); +} + +void +p11_builder_changed (void *bilder, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + static const CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; + static const CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION; + static const CK_CERTIFICATE_TYPE x509 = CKC_X_509; + + static const CK_ATTRIBUTE match_cert[] = { + { CKA_CLASS, (void *)&certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, (void *)&x509, sizeof (x509) }, + { CKA_INVALID } + }; + + static const CK_ATTRIBUTE match_eku[] = { + { CKA_CLASS, (void *)&extension, sizeof (extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, + sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_INVALID } + }; + + static const CK_ATTRIBUTE match_ku[] = { + { CKA_CLASS, (void *)&extension, sizeof (extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, + sizeof (P11_OID_KEY_USAGE) }, + { CKA_INVALID } + }; + + static const CK_ATTRIBUTE match_bc[] = { + { CKA_CLASS, (void *)&extension, sizeof (extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, + sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_INVALID } + }; + + p11_builder *builder = bilder; + + return_if_fail (builder != NULL); + return_if_fail (index != NULL); + return_if_fail (attrs != NULL); + + /* + * Treat these operations as loading, not modifying/creating, so we get + * around many of the rules that govern object creation + */ + p11_index_load (index); + + /* A certificate */ + if (p11_attrs_match (attrs, match_cert)) { + replace_compat_for_cert (builder, index, handle, attrs); + + /* An ExtendedKeyUsage extension */ + } else if (p11_attrs_match (attrs, match_eku) || + p11_attrs_match (attrs, match_ku)) { + replace_compat_for_ext (builder, index, handle, attrs); + + /* A BasicConstraints extension */ + } else if (p11_attrs_match (attrs, match_bc)) { + update_related_category (builder, index, handle, attrs); + } + + p11_index_finish (index); +} diff --git a/trust/builder.h b/trust/builder.h new file mode 100644 index 0000000..ba130e1 --- /dev/null +++ b/trust/builder.h @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_BUILDER_H_ +#define P11_BUILDER_H_ + +#include "asn1.h" +#include "dict.h" +#include "index.h" +#include "pkcs11.h" + +enum { + P11_BUILDER_FLAG_NONE = 0, + P11_BUILDER_FLAG_TOKEN = 1 << 1, +}; + +typedef struct _p11_builder p11_builder; + +p11_builder * p11_builder_new (int flags); + +void p11_builder_free (p11_builder *builder); + +CK_RV p11_builder_build (void *builder, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate); + +void p11_builder_changed (void *builder, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs); + +p11_asn1_cache * p11_builder_get_cache (p11_builder *builder); + +#endif /* P11_BUILDER_H_ */ diff --git a/trust/digest.c b/trust/digest.c new file mode 100644 index 0000000..5c15227 --- /dev/null +++ b/trust/digest.c @@ -0,0 +1,633 @@ +/* + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/*! \file + * SHA-1 in C + * \author By Steve Reid + * 100% Public Domain + * \verbatim + * Test Vectors + * "abc" + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 + * A million repetitions of "a" + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F + * \endverbatim + */ + +#include "config.h" + +#include "digest.h" + +#include +#include +#include +#include + +#ifdef WITH_FREEBL + +/* + * NSS freebl3 has awkward headers not provided by appropriate packages + * in many cases. So put these defines here inline. freebl3 seems completely + * undocumented anyway. If you think this is a hack, then you guessed right. + * + * If you want a stable p11-kit without worries, use the builtin SHA1 and MD5 + * implementations. They're not used for crypto anyway. If you need p11-kit to + * tick the "doesn't implement own crypto" checkbox, then the you're signing + * up for this hack. + */ + +typedef enum { + HASH_AlgMD5 = 2, + HASH_AlgSHA1 = 3, +} HASH_HashType; + +typedef struct NSSLOWInitContextStr NSSLOWInitContext; +typedef struct NSSLOWHASHContextStr NSSLOWHASHContext; + +NSSLOWInitContext *NSSLOW_Init(void); +NSSLOWHASHContext *NSSLOWHASH_NewContext( + NSSLOWInitContext *initContext, + HASH_HashType hashType); +void NSSLOWHASH_Begin(NSSLOWHASHContext *context); +void NSSLOWHASH_Update(NSSLOWHASHContext *context, + const unsigned char *buf, + unsigned int len); +void NSSLOWHASH_End(NSSLOWHASHContext *context, + unsigned char *buf, + unsigned int *ret, unsigned int len); +void NSSLOWHASH_Destroy(NSSLOWHASHContext *context); + +#endif /* WITH_FREEBL3 */ + +#define SHA1_BLOCK_LENGTH 64U + +typedef struct { + uint32_t state[5]; + uint32_t count[2]; + unsigned char buffer[SHA1_BLOCK_LENGTH]; +} sha1_t; + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/*@{*/ +/*! + * blk0() and blk() perform the initial expand. + * I got the idea of expanding during the round function from SSLeay + */ +#if !defined(WORDS_BIGENDIAN) +# define blk0(i) \ + (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \ + | (rol(block->l[i], 8) & 0x00FF00FF)) +#else +# define blk0(i) block->l[i] +#endif +#define blk(i) \ + (block->l[i & 15] = rol(block->l[(i + 13) & 15] \ + ^ block->l[(i + 8) & 15] \ + ^ block->l[(i + 2) & 15] \ + ^ block->l[i & 15], 1)) + +/*@}*/ +/*@{*/ +/*! + * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 + */ +#define R0(v,w,x,y,z,i) \ + z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R1(v,w,x,y,z,i) \ + z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R2(v,w,x,y,z,i) \ + z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \ + w = rol(w, 30); +#define R3(v,w,x,y,z,i) \ + z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ + w = rol(w, 30); +#define R4(v,w,x,y,z,i) \ + z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ + w = rol(w, 30); + +/*@}*/ + +typedef union { + unsigned char c[64]; + unsigned int l[16]; +} CHAR64LONG16; + +/*! + * Hash a single 512-bit block. This is the core of the algorithm. + */ +static void +transform_sha1 (uint32_t state[5], + const unsigned char buffer[64]) +{ + uint32_t a, b, c, d, e; + CHAR64LONG16 *block; + CHAR64LONG16 workspace; + + assert (buffer != NULL); + assert (state != NULL); + + block = &workspace; + (void)memcpy(block, buffer, 64); + + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + + /* Wipe variables */ + a = b = c = d = e = 0; + /* Avoid compiler warnings + POST(a); POST(b); POST(c); POST(d); POST(e); + */ + (void)a; +} + + +/*! + * isc_sha1_init - Initialize new context + */ +static void +sha1_init (sha1_t *context) +{ + assert (context != NULL); + + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = 0; + context->count[1] = 0; +} + +static void +sha1_invalidate (sha1_t *context) +{ + memset (context, 0, sizeof (sha1_t)); +} + +/*! + * Run your data through this. + */ +static void +sha1_update(sha1_t *context, + const unsigned char *data, + unsigned int len) +{ + unsigned int i, j; + + assert (context != 0); + assert (data != 0); + + j = context->count[0]; + if ((context->count[0] += len << 3) < j) + context->count[1] += (len >> 29) + 1; + j = (j >> 3) & 63; + if ((j + len) > 63) { + (void)memcpy(&context->buffer[j], data, (i = 64 - j)); + transform_sha1 (context->state, context->buffer); + for (; i + 63 < len; i += 64) + transform_sha1 (context->state, &data[i]); + j = 0; + } else { + i = 0; + } + + (void)memcpy(&context->buffer[j], &data[i], len - i); +} + + +/*! + * Add padding and return the message digest. + */ + +static const unsigned char final_200 = 128; +static const unsigned char final_0 = 0; + +static void +sha1_final (sha1_t *context, + unsigned char *digest) +{ + unsigned int i; + unsigned char finalcount[8]; + + assert (digest != 0); + assert (context != 0); + + for (i = 0; i < 8; i++) { + /* Endian independent */ + finalcount[i] = (unsigned char) + ((context->count[(i >= 4 ? 0 : 1)] + >> ((3 - (i & 3)) * 8)) & 255); + } + + sha1_update(context, &final_200, 1); + while ((context->count[0] & 504) != 448) + sha1_update(context, &final_0, 1); + /* The next Update should cause a transform_sha1() */ + sha1_update(context, finalcount, 8); + + if (digest) { + for (i = 0; i < 20; i++) + digest[i] = (unsigned char) + ((context->state[i >> 2] + >> ((3 - (i & 3)) * 8)) & 255); + } + + memset (context, 0, sizeof (sha1_t)); +} + +#ifdef WITH_FREEBL + +static bool +nss_slow_hash (HASH_HashType type, + unsigned char *hash, + unsigned int hash_len, + const void *input, + size_t length, + va_list va) +{ + NSSLOWHASHContext *ctx; + unsigned int len; + + ctx = NSSLOWHASH_NewContext(NSSLOW_Init (), type); + if (ctx == NULL) + return false; + + NSSLOWHASH_Begin (ctx); + while (input != NULL) { + NSSLOWHASH_Update (ctx, input, length); + input = va_arg (va, const void *); + if (input) + length = va_arg (va, size_t); + } + NSSLOWHASH_End (ctx, hash, &len, hash_len); + assert (len == hash_len); + NSSLOWHASH_Destroy (ctx); + return true; +} + +#endif /* WITH_FREEBL */ + +void +p11_digest_sha1 (unsigned char *hash, + const void *input, + size_t length, + ...) +{ + va_list va; + sha1_t sha1; + +#ifdef WITH_FREEBL + bool ret; + + va_start (va, length); + ret = nss_slow_hash (HASH_AlgSHA1, hash, P11_DIGEST_SHA1_LEN, input, length, va); + va_end (va); + + if (ret) + return; +#endif + + sha1_init (&sha1); + + va_start (va, length); + while (input != NULL) { + sha1_update (&sha1, input, length); + input = va_arg (va, const void *); + if (input) + length = va_arg (va, size_t); + } + va_end (va); + + sha1_final (&sha1, hash); + sha1_invalidate (&sha1); +} + + +/*! \file + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + * + * To compute the message digest of a chunk of bytes, declare an + * MD5Context structure, pass it to MD5Init, call MD5Update as + * needed on buffers full of bytes, and then call MD5Final, which + * will fill a supplied 16-byte array with the digest. + */ + +typedef struct { + uint32_t buf[4]; + uint32_t bytes[2]; + uint32_t in[16]; +} md5_t; + +static void +byteSwap (uint32_t *buf, + unsigned words) +{ + unsigned char *p = (unsigned char *)buf; + + do { + *buf++ = (uint32_t)((unsigned)p[3] << 8 | p[2]) << 16 | + ((unsigned)p[1] << 8 | p[0]); + p += 4; + } while (--words); +} + +/*! + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +static void +md5_init(md5_t *ctx) +{ + ctx->buf[0] = 0x67452301; + ctx->buf[1] = 0xefcdab89; + ctx->buf[2] = 0x98badcfe; + ctx->buf[3] = 0x10325476; + + ctx->bytes[0] = 0; + ctx->bytes[1] = 0; +} + +static void +md5_invalidate(md5_t *ctx) +{ + memset(ctx, 0, sizeof(md5_t)); +} + +/*@{*/ +/*! The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) F1(z, x, y) +#define F3(x, y, z) (x ^ y ^ z) +#define F4(x, y, z) (y ^ (x | ~z)) +/*@}*/ + +/*! This is the central step in the MD5 algorithm. */ +#define MD5STEP(f,w,x,y,z,in,s) \ + (w += f(x,y,z) + in, w = (w<>(32-s)) + x) + +/*! + * The core of the MD5 algorithm, this alters an existing MD5 hash to + * reflect the addition of 16 longwords of new data. MD5Update blocks + * the data and converts bytes into longwords for this routine. + */ +static void +transform_md5 (uint32_t buf[4], + uint32_t const in[16]) +{ + register uint32_t a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + +/*! + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +static void +md5_update (md5_t *ctx, + const unsigned char *buf, + unsigned int len) +{ + uint32_t t; + + /* Update byte count */ + + t = ctx->bytes[0]; + if ((ctx->bytes[0] = t + len) < t) + ctx->bytes[1]++; /* Carry from low to high */ + + t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ + if (t > len) { + memcpy((unsigned char *)ctx->in + 64 - t, buf, len); + return; + } + /* First chunk is an odd size */ + memcpy((unsigned char *)ctx->in + 64 - t, buf, t); + byteSwap(ctx->in, 16); + transform_md5 (ctx->buf, ctx->in); + buf += t; + len -= t; + + /* Process data in 64-byte chunks */ + while (len >= 64) { + memcpy(ctx->in, buf, 64); + byteSwap(ctx->in, 16); + transform_md5(ctx->buf, ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + memcpy(ctx->in, buf, len); +} + +/*! + * Final wrapup - pad to 64-byte boundary with the bit pattern + * 1 0* (64-bit count of bits processed, MSB-first) + */ +static void +md5_final(md5_t *ctx, + unsigned char *digest) +{ + int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ + unsigned char *p = (unsigned char *)ctx->in + count; + + /* Set the first char of padding to 0x80. There is always room. */ + *p++ = 0x80; + + /* Bytes of padding needed to make 56 bytes (-8..55) */ + count = 56 - 1 - count; + + if (count < 0) { /* Padding forces an extra block */ + memset(p, 0, count + 8); + byteSwap(ctx->in, 16); + transform_md5(ctx->buf, ctx->in); + p = (unsigned char *)ctx->in; + count = 56; + } + memset(p, 0, count); + byteSwap(ctx->in, 14); + + /* Append length in bits and transform */ + ctx->in[14] = ctx->bytes[0] << 3; + ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; + transform_md5(ctx->buf, ctx->in); + + byteSwap(ctx->buf, 4); + memcpy(digest, ctx->buf, 16); + memset(ctx, 0, sizeof(md5_t)); /* In case it's sensitive */ +} + +void +p11_digest_md5 (unsigned char *hash, + const void *input, + size_t length, + ...) +{ + va_list va; + md5_t md5; + +#ifdef WITH_FREEBL + bool ret; + + va_start (va, length); + ret = nss_slow_hash (HASH_AlgMD5, hash, P11_DIGEST_MD5_LEN, input, length, va); + va_end (va); + + if (ret) + return; +#endif + + md5_init (&md5); + + va_start (va, length); + while (input) { + md5_update (&md5, input, length); + input = va_arg (va, const void *); + if (input) + length = va_arg (va, size_t); + } + va_end (va); + + md5_final (&md5, hash); + md5_invalidate (&md5); +} diff --git a/trust/digest.h b/trust/digest.h new file mode 100644 index 0000000..82d48fe --- /dev/null +++ b/trust/digest.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_DIGEST_H_ +#define P11_DIGEST_H_ + +#include "compat.h" + +/* + * The SHA-1 and MD5 digests here are used for checksums in legacy + * protocols. We don't use them in cryptographic contexts at all. + * These particular algorithms would be poor choices for that. + */ + +#define P11_DIGEST_MD5_LEN 16 + +void p11_digest_md5 (unsigned char *hash, + const void *input, + size_t length, + ...) GNUC_NULL_TERMINATED; + +#define P11_DIGEST_SHA1_LEN 20 + +void p11_digest_sha1 (unsigned char *hash, + const void *input, + size_t length, + ...) GNUC_NULL_TERMINATED; + +#endif /* P11_DIGEST_H_ */ diff --git a/trust/dump.c b/trust/dump.c new file mode 100644 index 0000000..ddc4581 --- /dev/null +++ b/trust/dump.c @@ -0,0 +1,191 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TOOL + +#include "attrs.h" +#include "debug.h" +#include "dump.h" +#include "enumerate.h" +#include "message.h" +#include "persist.h" +#include "tool.h" +#include "url.h" + +#include "p11-kit/iter.h" + +#include +#include +#include + +static char * +format_uri (p11_enumerate *ex, + int flags) +{ + CK_ATTRIBUTE *attr; + p11_kit_uri *uri; + char *string; + + uri = p11_kit_uri_new (); + + memcpy (p11_kit_uri_get_token_info (uri), + p11_kit_iter_get_token (ex->iter), + sizeof (CK_TOKEN_INFO)); + + attr = p11_attrs_find (ex->attrs, CKA_CLASS); + if (attr != NULL) + p11_kit_uri_set_attribute (uri, attr); + attr = p11_attrs_find (ex->attrs, CKA_ID); + if (attr != NULL) + p11_kit_uri_set_attribute (uri, attr); + + if (p11_kit_uri_format (uri, flags, &string) != P11_KIT_URI_OK) + string = NULL; + + p11_kit_uri_free (uri); + return string; +} + +static bool +dump_iterate (p11_enumerate *ex) +{ + p11_persist *persist; + char *string; + p11_buffer buf; + CK_RV rv; + + persist = p11_persist_new (); + + if (!p11_buffer_init (&buf, 0)) + return_val_if_reached (false); + + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + if (!p11_buffer_reset (&buf, 8192)) + return_val_if_reached (false); + + string = format_uri (ex, P11_KIT_URI_FOR_OBJECT); + if (string) { + printf ("# %s\n", string); + free (string); + } + + if (!p11_persist_write (persist, ex->attrs, &buf)) { + p11_message ("could not dump object"); + continue; + } + + fwrite (buf.data, 1, buf.len, stdout); + printf ("\n"); + } + + p11_persist_free (persist); + p11_buffer_uninit (&buf); + + return (rv == CKR_CANCEL); +} + +int +p11_trust_dump (int argc, + char **argv) +{ + p11_enumerate ex; + int opt = 0; + int ret; + + enum { + opt_verbose = 'v', + opt_quiet = 'q', + opt_help = 'h', + opt_filter = 1000, + }; + + struct option options[] = { + { "filter", required_argument, NULL, opt_filter }, + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: trust list --filter=" }, + { opt_filter, + "filter of what to export\n" + " pkcs11:object=xx a PKCS#11 URI\n" + " all all objects", + "what", + }, + { opt_verbose, "show verbose debug output", }, + { opt_quiet, "suppress command output", }, + { 0 }, + }; + + p11_enumerate_init (&ex); + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + case opt_quiet: + break; + + case opt_filter: + if (!p11_enumerate_opt_filter (&ex, optarg)) + exit (2); + break; + case 'h': + p11_tool_usage (usages, options); + exit (0); + case '?': + exit (2); + default: + assert_not_reached (); + break; + } + } + + if (argc - optind != 0) { + p11_message ("extra arguments passed to command"); + exit (2); + } + + if (!p11_enumerate_ready (&ex, "all")) + exit (1); + + ret = dump_iterate (&ex) ? 0 : 1; + + p11_enumerate_cleanup (&ex); + return ret; +} diff --git a/trust/dump.h b/trust/dump.h new file mode 100644 index 0000000..7b9b225 --- /dev/null +++ b/trust/dump.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#ifndef P11_DUMP_H_ +#define P11_DUMP_H_ + +int p11_trust_dump (int argc, + char **argv); + +#endif /* P11_DUMP_H_ */ diff --git a/trust/enumerate.c b/trust/enumerate.c new file mode 100644 index 0000000..0cef089 --- /dev/null +++ b/trust/enumerate.c @@ -0,0 +1,765 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TOOL + +#include "attrs.h" +#include "constants.h" +#include "debug.h" +#include "oid.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "x509.h" + +#include +#include + +static bool +load_attached_extension (p11_dict *attached, + p11_dict *asn1_defs, + const unsigned char *der, + size_t len) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + node_asn *ext; + char *oid; + int length; + int start; + int end; + int ret; + + ext = p11_asn1_decode (asn1_defs, "PKIX1.Extension", der, len, message); + if (ext == NULL) { + p11_message ("couldn't parse attached certificate extension: %s", message); + return false; + } + + ret = asn1_der_decoding_startEnd (ext, der, len, "extnID", &start, &end); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + /* Make sure it's a straightforward oid with certain assumptions */ + length = (end - start) + 1; + if (!p11_oid_simple (der + start, length)) { + p11_debug ("strange complex certificate extension object id"); + return false; + } + + oid = memdup (der + start, length); + return_val_if_fail (oid != NULL, false); + + if (!p11_dict_set (attached, oid, ext)) + return_val_if_reached (false); + + return true; +} + +static p11_dict * +load_attached_extensions (p11_enumerate *ex, + CK_ATTRIBUTE *spki) +{ + CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION; + CK_ATTRIBUTE *attrs; + P11KitIter *iter; + CK_RV rv = CKR_OK; + p11_dict *attached; + + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &extension, sizeof (extension) }, + { CKA_PUBLIC_KEY_INFO, spki->pValue, spki->ulValueLen }, + }; + + CK_ATTRIBUTE template[] = { + { CKA_VALUE, }, + }; + + attached = p11_dict_new (p11_oid_hash, p11_oid_equal, + free, p11_asn1_free); + + /* No ID to use, just short circuit */ + if (!spki->pValue || !spki->ulValueLen) + return attached; + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, match, 2); + p11_kit_iter_begin_with (iter, p11_kit_iter_get_module (ex->iter), + 0, p11_kit_iter_get_session (ex->iter)); + + while (rv == CKR_OK) { + rv = p11_kit_iter_next (iter); + if (rv == CKR_OK) { + attrs = p11_attrs_buildn (NULL, template, 1); + rv = p11_kit_iter_load_attributes (iter, attrs, 1); + if (rv == CKR_OK) { + if (!load_attached_extension (attached, ex->asn1_defs, + attrs[0].pValue, + attrs[0].ulValueLen)) { + rv = CKR_GENERAL_ERROR; + } + } + p11_attrs_free (attrs); + } + } + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("couldn't load attached extensions for certificate: %s", p11_kit_strerror (rv)); + p11_dict_free (attached); + attached = NULL; + } + + p11_kit_iter_free (iter); + return attached; +} + +static bool +extract_purposes (p11_enumerate *ex) +{ + node_asn *ext = NULL; + unsigned char *value = NULL; + size_t length; + + if (ex->attached) { + ext = p11_dict_get (ex->attached, P11_OID_EXTENDED_KEY_USAGE); + if (ext != NULL) { + value = p11_asn1_read (ext, "extnValue", &length); + return_val_if_fail (value != NULL, false); + } + } + + if (value == NULL && ex->cert_asn) { + value = p11_x509_find_extension (ex->cert_asn, P11_OID_EXTENDED_KEY_USAGE, + ex->cert_der, ex->cert_len, &length); + } + + /* No such extension, match anything */ + if (value == NULL) + return true; + + ex->purposes = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); + + free (value); + return ex->purposes != NULL; +} + +static bool +check_trust_flags (p11_enumerate *ex) +{ + CK_BBOOL trusted; + CK_BBOOL distrusted; + int flags = 0; + + /* If no extract trust flags, then just continue */ + if (!(ex->flags & (P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST))) + return true; + + /* Is this a blacklisted directly? */ + if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrusted) && distrusted) + flags = P11_ENUMERATE_BLACKLIST; + + /* Is it blacklisted elsewhere? then prevent it from being an anchor */ + else if (p11_dict_get (ex->blacklist_public_key, ex->attrs) || + p11_dict_get (ex->blacklist_issuer_serial, ex->attrs)) + flags = 0; + + /* Otherwise it might be an anchor? */ + else if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trusted) && trusted) + flags = P11_ENUMERATE_ANCHORS; + + /* Any of the flags can match */ + if (flags & ex->flags) + return true; + + return false; +} + +static bool +extract_certificate (p11_enumerate *ex) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + CK_ATTRIBUTE *attr; + + CK_ULONG type; + + /* Don't even bother with not X.509 certificates */ + if (!p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_TYPE, &type)) + type = (CK_ULONG)-1; + if (type != CKC_X_509) { + p11_debug ("skipping non X.509 certificate"); + return false; + } + + attr = p11_attrs_find_valid (ex->attrs, CKA_VALUE); + if (!attr || !attr->pValue) { + p11_debug ("skipping certificate without a value"); + return false; + } + + /* + * If collapsing and have already seen this certificate, and shouldn't + * process it even again during this extract procedure. + */ + if (ex->flags & P11_ENUMERATE_COLLAPSE) { + if (!ex->already_seen) { + ex->already_seen = p11_dict_new (p11_attr_hash, p11_attr_equal, + p11_attrs_free, NULL); + return_val_if_fail (ex->already_seen != NULL, true); + } + + if (p11_dict_get (ex->already_seen, attr)) + return false; + } + + if (!check_trust_flags (ex)) { + p11_debug ("skipping certificate that doesn't match trust flags"); + return false; + } + + if (ex->already_seen) { + if (!p11_dict_set (ex->already_seen, + p11_attrs_build (NULL, attr, NULL), "x")) + return_val_if_reached (true); + } + + ex->cert_der = attr->pValue; + ex->cert_len = attr->ulValueLen; + ex->cert_asn = p11_asn1_decode (ex->asn1_defs, "PKIX1.Certificate", + ex->cert_der, ex->cert_len, message); + + if (!ex->cert_asn) { + p11_message ("couldn't parse certificate: %s", message); + return false; + } + + return true; +} + +static CK_ATTRIBUTE * +prepare_attr_types (void) +{ + CK_ATTRIBUTE *attrs; + int i, count; + + /* Count the number of attributes we know about */ + for (count = 0; p11_constant_types[count].value != CKA_INVALID; count++); + + attrs = calloc (count + 1, sizeof (CK_ATTRIBUTE)); + return_val_if_fail (attrs != NULL, NULL); + + for (i = 0; i < count; i++) + attrs[i].type = p11_constant_types[i].value; + attrs[count].type = CKA_INVALID; + + return attrs; +} + +static bool +extract_info (p11_enumerate *ex) +{ + CK_ATTRIBUTE *attr; + CK_RV rv; + + ex->attrs = prepare_attr_types (); + rv = p11_kit_iter_load_attributes (ex->iter, ex->attrs, p11_attrs_count (ex->attrs)); + + /* The attributes couldn't be loaded */ + if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID && rv != CKR_ATTRIBUTE_SENSITIVE) { + p11_message ("couldn't load attributes: %s", p11_kit_strerror (rv)); + return false; + } + + /* No class attribute, very strange, just skip */ + if (!p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &ex->klass)) + return false; + + /* If a certificate then */ + if (ex->flags & P11_ENUMERATE_CORRELATE) { + if (ex->klass != CKO_CERTIFICATE) { + p11_message ("skipping non-certificate object"); + return false; + } + + if (!extract_certificate (ex)) + return false; + + attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); + if (attr) { + ex->attached = load_attached_extensions (ex, attr); + if (!ex->attached) + return false; + } + + if (!extract_purposes (ex)) + return false; + } + + return true; +} + +static void +extract_clear (p11_enumerate *ex) +{ + ex->klass = (CK_ULONG)-1; + + p11_attrs_free (ex->attrs); + ex->attrs = NULL; + + asn1_delete_structure (&ex->cert_asn); + ex->cert_der = NULL; + ex->cert_len = 0; + + p11_dict_free (ex->attached); + ex->attached = NULL; + + p11_array_free (ex->purposes); + ex->purposes = NULL; +} + +static CK_RV +on_iterate_load_filter (p11_kit_iter *iter, + CK_BBOOL *matches, + void *data) +{ + p11_enumerate *ex = data; + int i; + + extract_clear (ex); + + /* Try to load the certificate and extensions */ + if (!extract_info (ex)) { + *matches = CK_FALSE; + return CKR_OK; + } + + /* + * Limit to certain purposes. Note that the lack of purposes noted + * on the certificate means they match any purpose. This is the + * behavior of the ExtendedKeyUsage extension. + */ + if (ex->limit_to_purposes && ex->purposes) { + *matches = CK_FALSE; + for (i = 0; i < ex->purposes->num; i++) { + if (strcmp (ex->purposes->elem[i], P11_OID_ANY_EXTENDED_KEY_USAGE_STR) == 0) { + p11_debug ("anyExtendedKeyUsage is set, skipping filtering by purposes"); + *matches = CK_TRUE; + break; + } + if (p11_dict_get (ex->limit_to_purposes, ex->purposes->elem[i])) { + *matches = CK_TRUE; + break; + } + } + } + + return CKR_OK; +} + +/* + * Various skip lookup tables, used for blacklists and collapsing + * duplicate entries. + * + * The dict hash/lookup callbacks are special cased + * so we can just pass in full attribute lists for lookup and only match + * the attributes we're interested in. + * + * Note that both p11_attr_hash and p11_attr_equal are NULL safe. + */ + +static bool +public_key_equal (const void *one, + const void *two) +{ + return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_PUBLIC_KEY_INFO), + p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_PUBLIC_KEY_INFO)); +} + +static unsigned int +public_key_hash (const void *data) +{ + return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_PUBLIC_KEY_INFO)); +} + +static bool +issuer_serial_equal (const void *one, + const void *two) +{ + return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_ISSUER), + p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_ISSUER)) && + p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_SERIAL_NUMBER), + p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_SERIAL_NUMBER)); +} + +static unsigned int +issuer_serial_hash (const void *data) +{ + return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_ISSUER)) ^ + p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_SERIAL_NUMBER)); +} + +static bool +blacklist_load (p11_enumerate *ex) +{ + p11_kit_iter *iter; + CK_BBOOL distrusted = CK_TRUE; + CK_RV rv = CKR_OK; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *key; + CK_ATTRIBUTE *serial; + CK_ATTRIBUTE *issuer; + CK_ATTRIBUTE *public_key; + + CK_ATTRIBUTE match[] = { + { CKA_X_DISTRUSTED, &distrusted, sizeof (distrusted) }, + }; + + CK_ATTRIBUTE template[] = { + { CKA_SERIAL_NUMBER, }, + { CKA_PUBLIC_KEY_INFO, }, + { CKA_ISSUER, }, + }; + + iter = p11_kit_iter_new (ex->uri, 0); + p11_kit_iter_add_filter (iter, match, 1); + p11_kit_iter_begin (iter, ex->modules); + + attrs = p11_attrs_buildn (NULL, template, 3); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + + /* + * Fail "safe" in that first failure doesn't cause ignoring + * the remainder of the blacklist. + */ + rv = p11_kit_iter_load_attributes (iter, attrs, 3); + if (rv != CKR_OK) { + p11_message ("couldn't load blacklist: %s", p11_kit_strerror (rv)); + continue; + } + + /* A blacklisted item with an issuer and serial number */ + issuer = p11_attrs_find_valid (attrs, CKA_ISSUER); + serial = p11_attrs_find_valid (attrs, CKA_SERIAL_NUMBER); + if (issuer != NULL && serial != NULL) { + key = p11_attrs_build (NULL, issuer, serial, NULL); + if (!key || !p11_dict_set (ex->blacklist_issuer_serial, key, "x")) + return_val_if_reached (false); + } + + /* A blacklisted item with a public key */ + public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); + if (public_key != NULL) { + key = p11_attrs_build (NULL, public_key, NULL); + if (!public_key || !p11_dict_set (ex->blacklist_public_key, key, "x")) + return_val_if_reached (false); + } + } + + p11_attrs_free (attrs); + p11_kit_iter_free (iter); + + if (rv == CKR_CANCEL) + return true; + + p11_message ("couldn't load blacklist: %s", p11_kit_strerror (rv)); + return false; +} + +void +p11_enumerate_init (p11_enumerate *ex) +{ + memset (ex, 0, sizeof (p11_enumerate)); + ex->asn1_defs = p11_asn1_defs_load (); + return_if_fail (ex->asn1_defs != NULL); + + ex->iter = p11_kit_iter_new (NULL, 0); + return_if_fail (ex->iter != NULL); + + ex->blacklist_public_key = p11_dict_new (public_key_hash, public_key_equal, + p11_attrs_free, NULL); + return_if_fail (ex->blacklist_public_key); + + ex->blacklist_issuer_serial = p11_dict_new (issuer_serial_hash, issuer_serial_equal, + p11_attrs_free, NULL); + return_if_fail (ex->blacklist_issuer_serial); + + p11_kit_iter_add_callback (ex->iter, on_iterate_load_filter, ex, NULL); +} + +void +p11_enumerate_cleanup (p11_enumerate *ex) +{ + extract_clear (ex); + + p11_dict_free (ex->limit_to_purposes); + ex->limit_to_purposes = NULL; + + p11_dict_free (ex->already_seen); + ex->already_seen = NULL; + p11_dict_free (ex->blacklist_public_key); + ex->blacklist_public_key = NULL; + p11_dict_free (ex->blacklist_issuer_serial); + ex->blacklist_issuer_serial = NULL; + + p11_dict_free (ex->asn1_defs); + ex->asn1_defs = NULL; + + p11_kit_iter_free (ex->iter); + ex->iter = NULL; + + if (ex->modules) { + p11_kit_modules_finalize_and_release (ex->modules); + ex->modules = NULL; + } + + if (ex->uri) { + p11_kit_uri_free (ex->uri); + ex->uri = NULL; + } +} + +bool +p11_enumerate_opt_filter (p11_enumerate *ex, + const char *option) +{ + CK_ATTRIBUTE *attrs; + int ret; + + CK_OBJECT_CLASS vcertificate = CKO_CERTIFICATE; + CK_ULONG vauthority = 2; + CK_CERTIFICATE_TYPE vx509 = CKC_X_509; + + CK_ATTRIBUTE certificate = { CKA_CLASS, &vcertificate, sizeof (vcertificate) }; + CK_ATTRIBUTE authority = { CKA_CERTIFICATE_CATEGORY, &vauthority, sizeof (vauthority) }; + CK_ATTRIBUTE x509= { CKA_CERTIFICATE_TYPE, &vx509, sizeof (vx509) }; + + if (strncmp (option, "pkcs11:", 7) == 0) { + if (ex->uri != NULL) { + p11_message ("a PKCS#11 URI has already been specified"); + return false; + } + + ex->uri = p11_kit_uri_new (); + ret = p11_kit_uri_parse (option, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE, ex->uri); + if (ret != P11_KIT_URI_OK) { + p11_message ("couldn't parse pkcs11 uri filter: %s", option); + return false; + } + + if (p11_kit_uri_any_unrecognized (ex->uri)) + p11_message ("uri contained unrecognized components, nothing will be extracted"); + + p11_kit_iter_set_uri (ex->iter, ex->uri); + ex->num_filters++; + return true; + } + + if (strcmp (option, "ca-anchors") == 0) { + attrs = p11_attrs_build (NULL, &certificate, &authority, &x509, NULL); + ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_COLLAPSE; + + } else if (strcmp (option, "trust-policy") == 0) { + attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); + ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE; + + } else if (strcmp (option, "blacklist") == 0) { + attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); + ex->flags |= P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE; + + } else if (strcmp (option, "certificates") == 0) { + attrs = p11_attrs_build (NULL, &certificate, &x509, NULL); + ex->flags |= P11_ENUMERATE_COLLAPSE; + + } else if (strcmp (option, "all") == 0) { + attrs = p11_attrs_build (NULL, NULL); + + } else { + p11_message ("unsupported or unrecognized filter: %s", option); + return false; + } + + p11_kit_iter_add_filter (ex->iter, attrs, p11_attrs_count (attrs)); + p11_attrs_free (attrs); + ex->num_filters++; + return true; +} + +static int +is_valid_oid_rough (const char *string) +{ + size_t len; + + len = strlen (string); + + /* Rough check if a valid OID */ + return (strspn (string, "0123456789.") == len && + !strstr (string, "..") && string[0] != '\0' && string[0] != '.' && + string[len - 1] != '.'); +} + +bool +p11_enumerate_opt_purpose (p11_enumerate *ex, + const char *option) +{ + const char *oid; + char *value; + + if (strcmp (option, "server-auth") == 0) { + oid = P11_OID_SERVER_AUTH_STR; + } else if (strcmp (option, "client-auth") == 0) { + oid = P11_OID_CLIENT_AUTH_STR; + } else if (strcmp (option, "email-protection") == 0 || strcmp (option, "email") == 0) { + oid = P11_OID_EMAIL_PROTECTION_STR; + } else if (strcmp (option, "code-signing") == 0) { + oid = P11_OID_CODE_SIGNING_STR; + } else if (strcmp (option, "ipsec-end-system") == 0) { + oid = P11_OID_IPSEC_END_SYSTEM_STR; + } else if (strcmp (option, "ipsec-tunnel") == 0) { + oid = P11_OID_IPSEC_TUNNEL_STR; + } else if (strcmp (option, "ipsec-user") == 0) { + oid = P11_OID_IPSEC_USER_STR; + } else if (strcmp (option, "time-stamping") == 0) { + oid = P11_OID_TIME_STAMPING_STR; + } else if (is_valid_oid_rough (option)) { + oid = option; + } else { + p11_message ("unsupported or unregonized purpose: %s", option); + return false; + } + + if (!ex->limit_to_purposes) { + ex->limit_to_purposes = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); + return_val_if_fail (ex->limit_to_purposes != NULL, false); + } + + value = strdup (oid); + return_val_if_fail (value != NULL, false); + if (!p11_dict_set (ex->limit_to_purposes, value, value)) + return_val_if_reached (false); + + return true; +} + +extern bool p11_print_messages; + +bool +p11_enumerate_ready (p11_enumerate *ex, + const char *def_filter) +{ + if (def_filter && ex->num_filters == 0) { + if (!p11_enumerate_opt_filter (ex, def_filter)) + return_val_if_reached (false); + } + + /* + * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes + * we get from modules explicitly marked as containing trust-policy. + */ + if (!ex->modules) { + int flags = P11_KIT_MODULE_TRUSTED; + if (p11_print_messages) + flags |= P11_KIT_MODULE_VERBOSE; + + ex->modules = p11_kit_modules_load_and_initialize (flags); + } + if (!ex->modules) + return false; + if (ex->modules[0] == NULL) + p11_message ("no modules containing trust policy are registered"); + + /* + * If loading anchors, then the caller expects that the blacklist is + * "applied" and any anchors on the blacklist are taken out. This is + * for compatibility with software that does not support blacklists. + */ + if (ex->flags & P11_ENUMERATE_ANCHORS) { + if (!blacklist_load (ex)) + return false; + } + + p11_kit_iter_begin (ex->iter, ex->modules); + return true; +} + +static char * +extract_label (p11_enumerate *ex) +{ + CK_ATTRIBUTE *attr; + + /* Look for a label and just use that */ + attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL); + if (attr && attr->pValue && attr->ulValueLen) + return strndup (attr->pValue, attr->ulValueLen); + + /* For extracting certificates */ + if (ex->klass == CKO_CERTIFICATE) + return strdup ("certificate"); + + return strdup ("unknown"); +} + +char * +p11_enumerate_filename (p11_enumerate *ex) +{ + char *label; + + label = extract_label (ex); + return_val_if_fail (label != NULL, NULL); + + p11_path_canon (label); + return label; +} + +char * +p11_enumerate_comment (p11_enumerate *ex, + bool first) +{ + char *comment; + char *label; + + if (!(ex->flags & P11_EXTRACT_COMMENT)) + return NULL; + + label = extract_label (ex); + if (!asprintf (&comment, "%s# %s\n", + first ? "" : "\n", + label ? label : "")) + return_val_if_reached (NULL); + + free (label); + return comment; +} diff --git a/trust/enumerate.h b/trust/enumerate.h new file mode 100644 index 0000000..41cea09 --- /dev/null +++ b/trust/enumerate.h @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#ifndef P11_ENUMERATE_H_ +#define P11_ENUMERATE_H_ + +#include "array.h" +#include "asn1.h" +#include "dict.h" + +#include "p11-kit/iter.h" +#include "p11-kit/pkcs11.h" + +enum { + /* These overlap with the flags in save.h, so start higher */ + P11_ENUMERATE_ANCHORS = 1 << 21, + P11_ENUMERATE_BLACKLIST = 1 << 22, + P11_ENUMERATE_COLLAPSE = 1 << 23, + P11_ENUMERATE_CORRELATE = 1 << 24, +}; + +typedef struct { + CK_FUNCTION_LIST **modules; + p11_kit_iter *iter; + p11_kit_uri *uri; + + p11_dict *asn1_defs; + p11_dict *limit_to_purposes; + p11_dict *already_seen; + int num_filters; + int flags; + + p11_dict *blacklist_issuer_serial; + p11_dict *blacklist_public_key; + + /* + * Stuff below is parsed info for the current iteration. + * Currently this information is generally all relevant + * just for certificates. + */ + + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE *attrs; + + /* Pre-parsed data for certificates */ + node_asn *cert_asn; + const unsigned char *cert_der; + size_t cert_len; + + /* DER OID -> CK_ATTRIBUTE list */ + p11_dict *attached; + + /* Set of OID purposes as strings */ + p11_array *purposes; +} p11_enumerate; + +char * p11_enumerate_filename (p11_enumerate *ex); + +char * p11_enumerate_comment (p11_enumerate *ex, + bool first); + +void p11_enumerate_init (p11_enumerate *ex); + +bool p11_enumerate_opt_filter (p11_enumerate *ex, + const char *option); + +bool p11_enumerate_opt_purpose (p11_enumerate *ex, + const char *option); + +bool p11_enumerate_ready (p11_enumerate *ex, + const char *def_filter); + +void p11_enumerate_cleanup (p11_enumerate *ex); + +#endif /* P11_ENUMERATE_H_ */ diff --git a/trust/extract-cer.c b/trust/extract-cer.c new file mode 100644 index 0000000..b59be80 --- /dev/null +++ b/trust/extract-cer.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "debug.h" +#include "extract.h" +#include "message.h" +#include "save.h" + +#include + +bool +p11_extract_x509_file (p11_enumerate *ex, + const char *destination) +{ + bool found = false; + p11_save_file *file; + CK_RV rv; + + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + if (found) { + p11_message ("multiple certificates found but could only write one to file"); + break; + } + + file = p11_save_open_file (destination, NULL, ex->flags); + if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) + return false; + + /* Wrote something */ + found = true; + } + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + return false; + + /* Remember that an empty DER file is not a valid file, so complain if nothing */ + } else if (!found) { + p11_message ("no certificate found"); + return false; + } + + return true; +} + +bool +p11_extract_x509_directory (p11_enumerate *ex, + const char *destination) +{ + p11_save_file *file; + p11_save_dir *dir; + char *filename; + CK_RV rv; + bool ret; + + dir = p11_save_open_directory (destination, ex->flags); + if (dir == NULL) + return false; + + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + filename = p11_enumerate_filename (ex); + return_val_if_fail (filename != NULL, -1); + + file = p11_save_open_file_in (dir, filename, ".cer"); + free (filename); + + if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) { + p11_save_finish_directory (dir, false); + return false; + } + } + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + ret = false; + } else { + ret = true; + } + + p11_save_finish_directory (dir, ret); + return ret; +} diff --git a/trust/extract-edk2.c b/trust/extract-edk2.c new file mode 100644 index 0000000..d989346 --- /dev/null +++ b/trust/extract-edk2.c @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2018, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Laszlo Ersek + */ + +#include "config.h" + +#include "buffer.h" /* p11_buffer */ +#include "debug.h" /* return_val_if_fail() */ +#include "message.h" /* p11_message() */ +#include "extract.h" /* p11_extract_edk2_cacerts() */ + +#include /* UINT32_MAX */ +#include /* SSIZE_MAX */ + +/* types from the UEFI 2.7 spec, section "31.4.1 Signature Database" */ +typedef struct { + uint32_t data1; + uint16_t data2; + uint16_t data3; + uint8_t data4[8]; +} efi_guid; + +typedef struct { + efi_guid signature_type; + uint32_t signature_list_size; + uint32_t signature_header_size; + uint32_t signature_size; +} efi_signature_list; + +typedef struct { + efi_guid signature_owner; +} efi_signature_data; + +/* + * EFI_CERT_X509_GUID (A5C059A1-94E4-4AA7-87B5-AB155C2BF072) from the UEFI 2.7 + * spec, in host byte order + */ +static const efi_guid efi_cert_x509_guid_host = { + 0xa5c059a1, + 0x94e4, + 0x4aa7, + { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 } +}; + +/* + * the GUID identifying this extractor as "agent" + * (DCDD3B50-F405-43FD-96BE-BD33B1734776, generated with "uuidgen"), in host + * byte order + */ +static const efi_guid agent_guid_host = { + 0xdcdd3b50, + 0xf405, + 0x43fd, + { 0x96, 0xbe, 0xbd, 0x33, 0xb1, 0x73, 0x47, 0x76 } +}; + +/* serialization helpers */ +static void +buffer_add_uint16 (p11_buffer *buffer, + uint16_t uint16) +{ + uint8_t uint16_buf[2]; + + uint16_buf[0] = uint16; + uint16_buf[1] = uint16 >> 8; + p11_buffer_add (buffer, &uint16_buf, sizeof uint16_buf); +} + +static void +buffer_add_uint32 (p11_buffer *buffer, + uint32_t uint32) +{ + uint8_t uint32_buf[4]; + + uint32_buf[0] = uint32; + uint32_buf[1] = uint32 >> 8; + uint32_buf[2] = uint32 >> 16; + uint32_buf[3] = uint32 >> 24; + p11_buffer_add (buffer, &uint32_buf, sizeof uint32_buf); +} + +static void +buffer_add_efi_guid (p11_buffer *buffer, + const efi_guid *guid) +{ + buffer_add_uint32 (buffer, guid->data1); + buffer_add_uint16 (buffer, guid->data2); + buffer_add_uint16 (buffer, guid->data3); + p11_buffer_add (buffer, guid->data4, sizeof guid->data4); +} + +static void +buffer_add_efi_signature_list (p11_buffer *buffer, + const efi_signature_list *siglist) +{ + buffer_add_efi_guid (buffer, &siglist->signature_type); + buffer_add_uint32 (buffer, siglist->signature_list_size); + buffer_add_uint32 (buffer, siglist->signature_header_size); + buffer_add_uint32 (buffer, siglist->signature_size); +} + +static void +buffer_add_efi_signature_data (p11_buffer *buffer, + const efi_signature_data *sigdata) +{ + buffer_add_efi_guid (buffer, &sigdata->signature_owner); +} + +/* main routine */ +static bool +prepare_edk2_buffer (p11_enumerate *ex, + p11_buffer *buffer) +{ + efi_signature_list siglist; + efi_signature_data sigdata; + CK_RV rv; + size_t size; + + /* + * set "siglist.signature_type" and "sigdata.signature_owner" for reuse + * across all certificates + */ + siglist.signature_type = efi_cert_x509_guid_host; + sigdata.signature_owner = agent_guid_host; + + /* also reuse a zero "siglist.signature_header_size" */ + siglist.signature_header_size = 0; + + /* for every certificate */ + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + size = sizeof sigdata; + + /* + * set the variable size fields in "siglist" while catching any + * (unlikely) integer overflows + */ + return_val_if_fail (ex->cert_len <= UINT32_MAX - size, false); + size += ex->cert_len; + siglist.signature_size = size; + + return_val_if_fail (sizeof siglist <= UINT32_MAX - size, false); + size += sizeof siglist; + siglist.signature_list_size = size; + + /* serialize the headers */ + buffer_add_efi_signature_list (buffer, &siglist); + buffer_add_efi_signature_data (buffer, &sigdata); + + /* serialize the DER encoding of the certificate */ + return_val_if_fail (ex->cert_len <= SSIZE_MAX, false); + p11_buffer_add (buffer, ex->cert_der, ex->cert_len); + } + + if (rv != CKR_CANCEL) { + p11_message ("failed to find certificate: %s", + p11_kit_strerror (rv)); + return false; + } + + return_val_if_fail (p11_buffer_ok (buffer), false); + return true; +} + +bool +p11_extract_edk2_cacerts (p11_enumerate *ex, + const char *destination) +{ + p11_buffer buffer; + p11_save_file *file; + bool ret; + + p11_buffer_init (&buffer, 1024 * 10); + ret = prepare_edk2_buffer (ex, &buffer); + if (ret) { + file = p11_save_open_file (destination, NULL, ex->flags); + ret = p11_save_write_and_finish (file, buffer.data, buffer.len); + } + + p11_buffer_uninit (&buffer); + return ret; +} diff --git a/trust/extract-jks.c b/trust/extract-jks.c new file mode 100644 index 0000000..a6f855f --- /dev/null +++ b/trust/extract-jks.c @@ -0,0 +1,366 @@ +/* + * Copyright (c) 2019, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "extract.h" +#include "digest.h" +#include "message.h" +#include "save.h" + +#include +#include +#include +#include +#include +#include +#include + +time_t _p11_extract_jks_timestamp = 0; + +static void +encode_msb_short (unsigned char *data, + int16_t value) +{ + uint16_t v; + + /* At this point we only support positive numbers */ + assert (value >= 0); + assert (value < INT16_MAX); + + v = (uint16_t)value; + data[0] = (v >> 8) & 0xff; + data[1] = (v >> 0) & 0xff; +} + +static void +encode_msb_int (unsigned char *data, + int32_t value) +{ + uint32_t v; + + /* At this point we only support positive numbers */ + assert (value >= 0); + assert (value < INT32_MAX); + + v = (uint32_t)value; + data[0] = (v >> 24) & 0xff; + data[1] = (v >> 16) & 0xff; + data[2] = (v >> 8) & 0xff; + data[3] = (v >> 0) & 0xff; +} + +static void +encode_msb_long (unsigned char *data, + int64_t value) +{ + uint64_t v; + + /* At this point we only support positive numbers */ + assert (value >= 0); + assert (value < INT64_MAX); + + v = (uint64_t)value; + data[0] = (v >> 56) & 0xff; + data[1] = (v >> 48) & 0xff; + data[2] = (v >> 40) & 0xff; + data[3] = (v >> 32) & 0xff; + data[4] = (v >> 24) & 0xff; + data[5] = (v >> 16) & 0xff; + data[6] = (v >> 8) & 0xff; + data[7] = (v >> 0) & 0xff; +} + +static void +add_msb_int (p11_buffer *buffer, + int32_t value) +{ + unsigned char *data = p11_buffer_append (buffer, 4); + return_if_fail (data != NULL); + encode_msb_int (data, value); +} + +static void +add_msb_long (p11_buffer *buffer, + int64_t value) +{ + unsigned char *data = p11_buffer_append (buffer, 8); + return_if_fail (data != NULL); + encode_msb_long (data, value); +} + +static void +add_string (p11_buffer *buffer, + const char *string, + size_t length) +{ + unsigned char *data; + + if (length > INT16_MAX) { + p11_message ("truncating long string"); + length = INT16_MAX; + } + + data = p11_buffer_append (buffer, 2); + return_if_fail (data != NULL); + encode_msb_short (data, length); + p11_buffer_add (buffer, string, length); +} + +static void +convert_alias (const char *input, + size_t length, + p11_buffer *buf) +{ + char ch; + size_t i; + + /* + * Java requires that the aliases are 'converted'. For the basic java + * cacerts key store this is lower case. We just do this for ASCII, since + * we don't want to have to bring in unicode case rules. Since we're + * screwing around, we also take out spaces, to make these look like + * java aliases. + */ + + for (i = 0; i < length; i++) { + ch = input[i]; + if (!isspace (ch) && (ch & 0x80) == 0) { + ch = p11_ascii_tolower (ch); + p11_buffer_add (buf, &ch, 1); + } + } +} + +static bool +add_alias (p11_buffer *buffer, + p11_dict *aliases, + CK_ATTRIBUTE *label) +{ + const char *input; + size_t input_len; + size_t length; + p11_buffer buf; + char num[32]; + char *alias; + int i; + + p11_buffer_init_null (&buf, 64); + + if (label && label->pValue) { + input = label->pValue; + input_len = label->ulValueLen; + } else { + input = "unlabeled"; + input_len = strlen (input); + } + + convert_alias (input, input_len, &buf); + length = buf.len; + + for (i = 0; i < INT32_MAX; i++) { + if (i > 0) { + snprintf (num, sizeof (num), "-%d", i); + p11_buffer_add (&buf, num, -1); + } + + return_val_if_fail (p11_buffer_ok (&buf), false); + if (!p11_dict_get (aliases, buf.data)) { + alias = p11_buffer_steal (&buf, &length); + if (!p11_dict_set (aliases, alias, alias)) + return_val_if_reached (false); + add_string (buffer, alias, length); + return true; + } + + buf.len = length; + } + + return false; +} + +static bool +prepare_jks_buffer (p11_enumerate *ex, + p11_buffer *buffer) +{ + const unsigned char magic[] = { 0xfe, 0xed, 0xfe, 0xed }; + const int version = 2; + size_t count_at; + unsigned char *digest; + CK_ATTRIBUTE *label; + p11_dict *aliases; + size_t length; + int64_t now; + int count; + CK_RV rv; + + enum { + private_key = 1, + trusted_cert = 2, + }; + + /* + * Documented in the java sources in the file: + * src/share/classes/sun/security/provider/JavaKeyStore.java + */ + + p11_buffer_add (buffer, magic, sizeof (magic)); + add_msb_int (buffer, version); + count_at = buffer->len; + p11_buffer_append (buffer, 4); + count = 0; + + /* + * We use the current time for each entry. Java expects the time + * when this was this certificate was added to the keystore, however + * we don't have that information. Java uses time in milliseconds + */ + if (_p11_extract_jks_timestamp) + now = _p11_extract_jks_timestamp; + else { + char *source_date_epoch; + source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH"); + if (source_date_epoch) { + unsigned long long epoch; + char *endptr; + errno = 0; + epoch = strtoull (source_date_epoch, &endptr, 10); + if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0)) + || (errno != 0 && epoch == 0)) { + p11_message_err (errno, "Environment variable $SOURCE_DATE_EPOCH: strtoull"); + return false; + } + if (endptr == source_date_epoch) { + fprintf (stderr, "Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n", endptr); + return false; + } + if (*endptr != '\0') { + fprintf (stderr, "Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n", endptr); + return false; + } + if (epoch > ULONG_MAX) { + fprintf (stderr, "Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu \n", ULONG_MAX, epoch); + return false; + } + now = epoch; + } else + now = time (NULL); + } + + return_val_if_fail (now > 0, false); + now *= 1000; /* seconds to milliseconds */ + + /* + * The aliases in the output file need to be unique. We use a hash + * table to guarantee this. + */ + aliases = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); + return_val_if_fail (aliases != NULL, false); + + /* For every certificate */ + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + count++; + + /* The type of entry */ + add_msb_int (buffer, trusted_cert); + + /* The alias */ + label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); + if (!add_alias (buffer, aliases, label)) { + p11_message ("could not generate a certificate alias name"); + p11_dict_free (aliases); + return false; + } + + /* The creation date: current time */ + add_msb_long (buffer, now); + + /* The type of the certificate */ + add_string (buffer, "X.509", 5); + + /* The DER encoding of the certificate */ + add_msb_int (buffer, ex->cert_len); + p11_buffer_add (buffer, ex->cert_der, ex->cert_len); + } + + p11_dict_free (aliases); + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + return false; + } + + /* Place the count in the right place */ + encode_msb_int ((unsigned char *)buffer->data + count_at, count); + + /* + * Java keystore reinvents HMAC and uses it to try and "secure" the + * cacerts. We fill this in and use the default "changeit" string + * as the password for this keyed digest. + */ + length = buffer->len; + digest = p11_buffer_append (buffer, P11_DIGEST_SHA1_LEN); + return_val_if_fail (digest != NULL, false); + p11_digest_sha1 (digest, + "\000c\000h\000a\000n\000g\000e\000i\000t", (size_t)16, /* default password */ + "Mighty Aphrodite", (size_t)16, /* go figure */ + buffer->data, length, + NULL); + + return_val_if_fail (p11_buffer_ok (buffer), false); + return true; +} + +bool +p11_extract_jks_cacerts (p11_enumerate *ex, + const char *destination) +{ + p11_buffer buffer; + p11_save_file *file; + bool ret; + + p11_buffer_init (&buffer, 1024 * 10); + ret = prepare_jks_buffer (ex, &buffer); + if (ret) { + file = p11_save_open_file (destination, NULL, ex->flags); + ret = p11_save_write_and_finish (file, buffer.data, buffer.len); + } + + p11_buffer_uninit (&buffer); + return ret; +} diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c new file mode 100644 index 0000000..0a56d3f --- /dev/null +++ b/trust/extract-openssl.c @@ -0,0 +1,695 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "asn1.h" +#include "attrs.h" +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "digest.h" +#include "extract.h" +#include "message.h" +#include "oid.h" +#include "path.h" +#include "pem.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "save.h" +#include "utf8.h" +#include "x509.h" + +#include +#include +#include +#include + +/* These functions are declared with a global scope for testing */ + +void p11_openssl_canon_string (char *str, + size_t *len); + +bool p11_openssl_canon_string_der (p11_buffer *der); + +bool p11_openssl_canon_name_der (p11_dict *asn1_defs, + p11_buffer *der); + +static p11_array * +empty_usages (void) +{ + return p11_array_new (free); +} + +static bool +known_usages (p11_array *oids) +{ + char *string; + int i; + + static const char *const strings[] = { + P11_OID_SERVER_AUTH_STR, + P11_OID_CLIENT_AUTH_STR, + P11_OID_CODE_SIGNING_STR, + P11_OID_EMAIL_PROTECTION_STR, + P11_OID_IPSEC_END_SYSTEM_STR, + P11_OID_IPSEC_TUNNEL_STR, + P11_OID_IPSEC_USER_STR, + P11_OID_TIME_STAMPING_STR, + NULL, + }; + + for (i = 0; strings[i] != NULL; i++) { + string = strdup (strings[i]); + return_val_if_fail (string != NULL, false); + if (!p11_array_push (oids, string)) + return_val_if_reached (false); + } + + return true; +} + +static bool +load_usage_ext (p11_enumerate *ex, + const unsigned char *ext_oid, + p11_array **oids) +{ + unsigned char *value; + node_asn *ext = NULL; + size_t length; + + if (ex->attached) + ext = p11_dict_get (ex->attached, ext_oid); + if (ext == NULL) { + *oids = NULL; + return true; + } + + value = p11_asn1_read (ext, "extnValue", &length); + return_val_if_fail (value != NULL, false); + + *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); + return_val_if_fail (*oids != NULL, false); + + free (value); + return true; +} + +static bool +write_usages (node_asn *asn, + const char *field, + p11_array *oids) +{ + char *last; + int ret; + int i; + + /* + * No oids? Then doing this will make the entire optional + * field go away + */ + if (oids == NULL) { + ret = asn1_write_value (asn, field, NULL, 0); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + } else { + if (asprintf (&last, "%s.?LAST", field) < 0) + return_val_if_reached (false); + for (i = 0; i < oids->num; i++) { + ret = asn1_write_value (asn, field, "NEW", 1); + return_val_if_fail (ret == ASN1_SUCCESS, false); + ret = asn1_write_value (asn, last, oids->elem[i], -1); + return_val_if_fail (ret == ASN1_SUCCESS, false); + } + + free (last); + } + + return true; +} + +static bool +write_trust_and_rejects (p11_enumerate *ex, + node_asn *asn) +{ + p11_array *trusts = NULL; + p11_array *rejects = NULL; + CK_BBOOL trust; + CK_BBOOL distrust; + + if (!p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trust)) + trust = CK_FALSE; + if (!p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrust)) + distrust = CK_FALSE; + + if (!load_usage_ext (ex, P11_OID_OPENSSL_REJECT, &rejects)) + return_val_if_reached (false); + + if (distrust) { + + /* + * If this is on the blacklist then, make sure we have + * an empty trusts field and add as many things to rejects + * as possible. + */ + trusts = NULL; + + if (!rejects) + rejects = empty_usages (); + if (!known_usages (rejects)) + return_val_if_reached (false); + return_val_if_fail (rejects != NULL, false); + + } else if (trust) { + + /* + * If this is an anchor, then try and guarantee that there + * are some trust anchors. + */ + + if (!load_usage_ext (ex, P11_OID_EXTENDED_KEY_USAGE, &trusts)) + return_val_if_reached (false); + + } else { + + /* + * This is not an anchor, always put an empty trusts + * section, with possible rejects, loaded above + */ + + trusts = empty_usages (); + } + + if (!write_usages (asn, "trust", trusts) || + !write_usages (asn, "reject", rejects)) + return_val_if_reached (false); + + p11_array_free (trusts); + p11_array_free (rejects); + return true; +} + +static bool +write_keyid (p11_enumerate *ex, + node_asn *asn) +{ + unsigned char *value = NULL; + node_asn *ext = NULL; + size_t length = 0; + int ret; + + if (ex->attached) + ext = p11_dict_get (ex->attached, P11_OID_SUBJECT_KEY_IDENTIFIER); + if (ext != NULL) { + value = p11_asn1_read (ext, "extnValue", &length); + return_val_if_fail (value != NULL, false); + } + + ret = asn1_write_value (asn, "keyid", value, length); + return_val_if_fail (ret == ASN1_SUCCESS, false); + free (value); + + return true; +} + +static bool +write_alias (p11_enumerate *ex, + node_asn *asn) +{ + CK_ATTRIBUTE *label; + int ret; + + label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); + if (label == NULL) { + ret = asn1_write_value (asn, "alias", NULL, 0); + return_val_if_fail (ret == ASN1_SUCCESS, false); + } else { + ret = asn1_write_value (asn, "alias", label->pValue, label->ulValueLen); + return_val_if_fail (ret == ASN1_SUCCESS, false); + } + + return true; +} + +static bool +write_other (p11_enumerate *ex, + node_asn *asn) +{ + int ret; + + ret = asn1_write_value (asn, "other", NULL, 0); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + return true; +} + +static bool +prepare_pem_contents (p11_enumerate *ex, + p11_buffer *buffer) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + unsigned char *der; + node_asn *asn; + size_t offset; + int ret; + int len; + + p11_buffer_add (buffer, ex->cert_der, ex->cert_len); + + asn = p11_asn1_create (ex->asn1_defs, "OPENSSL.CertAux"); + return_val_if_fail (asn != NULL, false); + + if (!write_trust_and_rejects (ex, asn) || + !write_alias (ex, asn) || + !write_keyid (ex, asn) || + !write_other (ex, asn)) + return_val_if_reached (false); + + len = 0; + offset = buffer->len; + + ret = asn1_der_coding (asn, "", NULL, &len, message); + return_val_if_fail (ret == ASN1_MEM_ERROR, false); + + der = p11_buffer_append (buffer, len); + return_val_if_fail (der != NULL, false); + + ret = asn1_der_coding (asn, "", der, &len, message); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + buffer->len = offset + len; + asn1_delete_structure (&asn); + return true; +} + +bool +p11_extract_openssl_bundle (p11_enumerate *ex, + const char *destination) +{ + p11_save_file *file; + p11_buffer output; + p11_buffer buf; + char *comment; + bool ret = true; + bool first; + CK_RV rv; + + file = p11_save_open_file (destination, NULL, ex->flags); + if (!file) + return false; + + first = true; + p11_buffer_init (&output, 0); + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + p11_buffer_init (&buf, 1024); + if (!p11_buffer_reset (&output, 2048)) + return_val_if_reached (false); + + if (prepare_pem_contents (ex, &buf)) { + if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) + return_val_if_reached (false); + + comment = p11_enumerate_comment (ex, first); + first = false; + + ret = p11_save_write (file, comment, -1) && + p11_save_write (file, output.data, output.len); + + free (comment); + } + + p11_buffer_uninit (&buf); + + if (!ret) + break; + } + + p11_buffer_uninit (&output); + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + ret = false; + } + + /* + * This will produce an empty file (which is a valid PEM bundle) if no + * certificates were found. + */ + + if (!p11_save_finish_file (file, NULL, ret)) + ret = false; + return ret; +} + +void +p11_openssl_canon_string (char *str, + size_t *len) +{ + bool nsp; + bool sp; + char *in; + char *out; + char *end; + + /* + * Now that the string is UTF-8 here we convert the string to the + * OpenSSL canonical form. This is a bit odd and openssl specific. + * Basically they ignore any char over 127, do ascii tolower() stuff + * and collapse spaces based on isspace(). + */ + + for (in = out = str, end = out + *len, sp = false, nsp = false; in < end; in++) { + if (*in & 0x80 || !isspace (*in)) { + /* If there has been a space, then add one */ + if (sp) + *out++ = ' '; + *out++ = (*in & 0x80) ? *in : p11_ascii_tolower (*in); + sp = false; + nsp = true; + /* If there has been a non-space, then note we should get one */ + } else if (nsp) { + nsp = false; + sp = true; + } + } + + if (out < end) + out[0] = 0; + *len = out - str; +} + +bool +p11_openssl_canon_string_der (p11_buffer *der) +{ + char *string; + size_t length; + int output_len; + int len_len; + bool unknown_string; + unsigned char *output; + int len; + + string = p11_x509_parse_directory_string (der->data, der->len, &unknown_string, &length); + + /* Just pass through all the non-string types */ + if (string == NULL) + return unknown_string; + + p11_openssl_canon_string (string, &length); + + asn1_length_der (length, NULL, &len_len); + output_len = 1 + len_len + length; + + if (!p11_buffer_reset (der, output_len)) + return_val_if_reached (false); + + output = der->data; + der->len = output_len; + + output[0] = 12; /* UTF8String */ + len = output_len - 1; + asn1_octet_der ((unsigned char *)string, length, output + 1, &len); + assert (len == output_len - 1); + + free (string); + return true; +} + +bool +p11_openssl_canon_name_der (p11_dict *asn1_defs, + p11_buffer *der) +{ + p11_buffer value; + char outer[64]; + char field[128]; + node_asn *name; + void *at; + int value_len; + bool failed; + size_t offset; + int ret; + int num; + int len; + int i, j; + + name = p11_asn1_decode (asn1_defs, "PKIX1.Name", der->data, der->len, NULL); + return_val_if_fail (name != NULL, false); + + ret = asn1_number_of_elements (name, "rdnSequence", &num); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + p11_buffer_init (&value, 0); + p11_buffer_reset (der, 0); + + for (i = 1, failed = false; !failed && i < num + 1; i++) { + snprintf (outer, sizeof (outer), "rdnSequence.?%d", i); + for (j = 1; !failed; j++) { + snprintf (field, sizeof (field), "%s.?%d.value", outer, j); + + value_len = 0; + ret = asn1_read_value (name, field, NULL, &value_len); + if (ret == ASN1_ELEMENT_NOT_FOUND) + break; + + return_val_if_fail (ret == ASN1_MEM_ERROR, false); + + if (!p11_buffer_reset (&value, value_len)) + return_val_if_reached (false); + + ret = asn1_read_value (name, field, value.data, &value_len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + value.len = value_len; + + if (p11_openssl_canon_string_der (&value)) { + ret = asn1_write_value (name, field, value.data, value.len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + } else { + failed = true; + } + } + + /* + * Yes the OpenSSL canon strangeness, is a concatenation + * of all the RelativeDistinguishedName DER encodings, without + * an outside wrapper. + */ + if (!failed) { + len = -1; + ret = asn1_der_coding (name, outer, NULL, &len, NULL); + return_val_if_fail (ret == ASN1_MEM_ERROR, false); + + offset = der->len; + at = p11_buffer_append (der, len); + return_val_if_fail (at != NULL, false); + + ret = asn1_der_coding (name, outer, at, &len, NULL); + return_val_if_fail (ret == ASN1_SUCCESS, false); + der->len = offset + len; + } + } + + asn1_delete_structure (&name); + p11_buffer_uninit (&value); + return !failed; +} + +#ifdef OS_UNIX + +static char * +symlink_for_subject_hash (p11_enumerate *ex) +{ + unsigned char md[P11_DIGEST_SHA1_LEN]; + p11_buffer der; + CK_ATTRIBUTE *subject; + unsigned long hash; + char *linkname = NULL; + + subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT); + if (!subject || !subject->pValue || !subject->ulValueLen) + return NULL; + + p11_buffer_init_full (&der, memdup (subject->pValue, subject->ulValueLen), + subject->ulValueLen, 0, realloc, free); + return_val_if_fail (der.data != NULL, NULL); + + if (p11_openssl_canon_name_der (ex->asn1_defs, &der)) { + p11_digest_sha1 (md, der.data, der.len, NULL); + + hash = ( + ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) + ) & 0xffffffffL; + + if (asprintf (&linkname, "%08lx", hash) < 0) + return_val_if_reached (NULL); + } + + p11_buffer_uninit (&der); + return linkname; +} + +static char * +symlink_for_subject_old_hash (p11_enumerate *ex) +{ + unsigned char md[P11_DIGEST_MD5_LEN]; + CK_ATTRIBUTE *subject; + unsigned long hash; + char *linkname; + + subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT); + if (!subject) + return NULL; + + p11_digest_md5 (md, subject->pValue, (size_t)subject->ulValueLen, NULL); + + hash = ( + ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) + ) & 0xffffffffL; + + if (asprintf (&linkname, "%08lx", hash) < 0) + return_val_if_reached (NULL); + + return linkname; +} + +#endif /* OS_UNIX */ + +/* + * The OpenSSL style c_rehash stuff + * + * Different versions of openssl build these hashes differently + * so output both of them. Shouldn't cause confusion, because + * multiple certificates can hash to the same link anyway, + * and this is the reason for the trailing number after the dot. + * + * The trailing number is incremented p11_save_symlink_in() if it + * conflicts with something we've already written out. + * + * On Windows no symlinks. + */ +bool +p11_openssl_symlink (p11_enumerate *ex, + p11_save_dir *dir, + const char *filename) +{ + bool ret = true; +#ifdef OS_UNIX + char *linkname; + + linkname = symlink_for_subject_hash (ex); + if (linkname) { + ret = p11_save_symlink_in (dir, linkname, ".0", filename); + free (linkname); + } + + if (ret) { + linkname = symlink_for_subject_old_hash (ex); + if (linkname) { + ret = p11_save_symlink_in (dir, linkname, ".0", filename); + free (linkname); + } + } +#endif /* OS_UNIX */ + return ret; +} + +bool +p11_extract_openssl_directory (p11_enumerate *ex, + const char *destination) +{ + char *filename; + p11_save_file *file; + p11_save_dir *dir; + p11_buffer output; + p11_buffer buf; + bool ret = true; + char *path; + char *name; + CK_RV rv; + + dir = p11_save_open_directory (destination, ex->flags); + if (dir == NULL) + return false; + + p11_buffer_init (&buf, 0); + p11_buffer_init (&output, 0); + + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + if (!p11_buffer_reset (&buf, 1024)) + return_val_if_reached (false); + if (!p11_buffer_reset (&output, 2048)) + return_val_if_reached (false); + + if (prepare_pem_contents (ex, &buf)) { + if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output)) + return_val_if_reached (false); + + name = p11_enumerate_filename (ex); + return_val_if_fail (name != NULL, false); + + filename = NULL; + path = NULL; + + file = p11_save_open_file_in (dir, name, ".pem"); + if (file != NULL) { + ret = p11_save_write (file, output.data, output.len); + if (!p11_save_finish_file (file, &path, ret)) + ret = false; + if (ret) + filename = p11_path_base (path); + } + ret = p11_openssl_symlink(ex, dir, filename); + + free (filename); + free (path); + free (name); + } + + if (!ret) + break; + } + + p11_buffer_uninit (&buf); + p11_buffer_uninit (&output); + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + ret = false; + } + + p11_save_finish_directory (dir, ret); + return ret; +} diff --git a/trust/extract-pem.c b/trust/extract-pem.c new file mode 100644 index 0000000..a32d032 --- /dev/null +++ b/trust/extract-pem.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TOOL + +#include "compat.h" +#include "debug.h" +#include "extract.h" +#include "message.h" +#include "path.h" +#include "pem.h" +#include "save.h" + +#include + +bool +p11_extract_pem_bundle (p11_enumerate *ex, + const char *destination) +{ + char *comment; + p11_buffer buf; + p11_save_file *file; + bool ret = true; + bool first = true; + CK_RV rv; + + file = p11_save_open_file (destination, NULL, ex->flags); + if (!file) + return false; + + p11_buffer_init (&buf, 0); + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + if (!p11_buffer_reset (&buf, 2048)) + return_val_if_reached (false); + + if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) + return_val_if_reached (false); + + comment = p11_enumerate_comment (ex, first); + first = false; + + ret = p11_save_write (file, comment, -1) && + p11_save_write (file, buf.data, buf.len); + + free (comment); + + if (!ret) + break; + } + + p11_buffer_uninit (&buf); + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + ret = false; + } + + /* + * This will produce an empty file (which is a valid PEM bundle) if no + * certificates were found. + */ + + if (!p11_save_finish_file (file, NULL, ret)) + ret = false; + + return ret; +} + +static bool +extract_pem_directory (p11_enumerate *ex, + const char *destination, + bool hash) +{ + p11_save_file *file; + p11_save_dir *dir; + p11_buffer buf; + bool ret = true; + char *filename; + char *path; + char *name; + CK_RV rv; + + dir = p11_save_open_directory (destination, ex->flags); + if (dir == NULL) + return false; + + p11_buffer_init (&buf, 0); + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + if (!p11_buffer_reset (&buf, 2048)) + return_val_if_reached (false); + + if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf)) + return_val_if_reached (false); + + name = p11_enumerate_filename (ex); + return_val_if_fail (name != NULL, false); + + path = NULL; + + file = p11_save_open_file_in (dir, name, ".pem"); + ret = p11_save_write (file, buf.data, buf.len); + + if (!p11_save_finish_file (file, &path, ret)) + ret = false; + + if (ret && hash) { + filename = p11_path_base (path); + ret = p11_openssl_symlink(ex, dir, filename); + free (filename); + } + + free (path); + free (name); + if (!ret) + break; + } + + p11_buffer_uninit (&buf); + + if (rv != CKR_OK && rv != CKR_CANCEL) { + p11_message ("failed to find certificates: %s", p11_kit_strerror (rv)); + ret = false; + } + + p11_save_finish_directory (dir, ret); + return ret; +} + +bool +p11_extract_pem_directory (p11_enumerate *ex, + const char *destination) +{ + bool ret = true; + ret = extract_pem_directory (ex, destination, false); + return ret; +} + +bool +p11_extract_pem_directory_hash (p11_enumerate *ex, + const char *destination) +{ + bool ret = true; + ret = extract_pem_directory (ex, destination, true); + return ret; +} diff --git a/trust/extract.c b/trust/extract.c new file mode 100644 index 0000000..e656449 --- /dev/null +++ b/trust/extract.c @@ -0,0 +1,329 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "extract.h" +#include "message.h" +#include "oid.h" +#include "path.h" +#include "pkcs11x.h" +#include "save.h" +#include "tool.h" +#include "digest.h" + +#include "p11-kit/iter.h" +#include "p11-kit/pkcs11.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static bool +format_argument (const char *optarg, + p11_extract_func *func) +{ + int i; + + /* + * Certain formats do not support expressive trust information. + * So the caller should limit the supported purposes when asking + * for trust information. + */ + + static const struct { + const char *format; + p11_extract_func func; + } formats[] = { + { "x509-file", p11_extract_x509_file, }, + { "x509-directory", p11_extract_x509_directory, }, + { "pem-bundle", p11_extract_pem_bundle, }, + { "pem-directory", p11_extract_pem_directory }, + { "pem-directory-hash", p11_extract_pem_directory_hash }, + { "java-cacerts", p11_extract_jks_cacerts }, + { "edk2-cacerts", p11_extract_edk2_cacerts }, + { "openssl-bundle", p11_extract_openssl_bundle }, + { "openssl-directory", p11_extract_openssl_directory }, + { NULL }, + }; + + if (*func != NULL) { + p11_message ("a format was already specified"); + return false; + } + + for (i = 0; formats[i].format != NULL; i++) { + if (strcmp (optarg, formats[i].format) == 0) { + *func = formats[i].func; + break; + } + } + + if (*func == NULL) { + p11_message ("unsupported or unrecognized format: %s", optarg); + return false; + } + + return true; +} + +static bool +validate_filter_and_format (p11_enumerate *ex, + p11_extract_func func) +{ + int i; + + /* + * These are the extract functions that contain purpose information. + * If we're being asked to export anchors, and the extract function does + * not support, and the caller has not specified a purpose, then add a + * default purpose to limit to. + */ + + static p11_extract_func supports_trust_policy[] = { + p11_extract_openssl_bundle, + p11_extract_openssl_directory, + NULL + }; + + for (i = 0; supports_trust_policy[i] != NULL; i++) { + if (func == supports_trust_policy[i]) + return true; + } + + if ((ex->flags & P11_ENUMERATE_ANCHORS) && + (ex->flags & P11_ENUMERATE_BLACKLIST)) { + /* + * If we're extracting *both* anchors and blacklist, then we must have + * a format that can represent the different types of information. + */ + + p11_message ("format does not support trust policy"); + return false; + + } else if (ex->flags & P11_ENUMERATE_ANCHORS) { + + /* + * If we're extracting anchors, then we must have either limited the + * purposes, or have a format that can represent multiple purposes. + */ + + if (!ex->limit_to_purposes) { + p11_message ("format requires a purpose, specify it with --purpose; defaulting to 'server-auth'"); + p11_enumerate_opt_purpose (ex, "server-auth"); + } else if (p11_dict_size (ex->limit_to_purposes) > 1) { + p11_message ("format does not support multiple purposes, defaulting to 'server-auth'"); + p11_enumerate_opt_purpose (ex, "server-auth"); + } + } + + return true; +} + +int +p11_trust_extract (int argc, + char **argv) +{ + p11_extract_func format = NULL; + p11_enumerate ex; + int opt = 0; + int ret; + + enum { + opt_overwrite = 'f', + opt_verbose = 'v', + opt_quiet = 'q', + opt_help = 'h', + opt_filter = 1000, + opt_purpose, + opt_format, + opt_comment, + }; + + struct option options[] = { + { "filter", required_argument, NULL, opt_filter }, + { "format", required_argument, NULL, opt_format }, + { "purpose", required_argument, NULL, opt_purpose }, + { "overwrite", no_argument, NULL, opt_overwrite }, + { "comment", no_argument, NULL, opt_comment }, + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: trust extract --format= " }, + { opt_filter, + "filter of what to export\n" + " ca-anchors certificate anchors\n" + " blacklist blacklisted certificates\n" + " trust-policy anchors and blacklist\n" + " certificates all certificates\n" + " pkcs11:object=xx a PKCS#11 URI", + "what", + }, + { opt_format, + "format to extract to\n" + " x509-file DER X.509 certificate file\n" + " x509-directory directory of X.509 certificates\n" + " pem-bundle file containing multiple PEM blocks\n" + " pem-directory directory of PEM files\n" + " pem-directory-hash directory of PEM files with hash links\n" + " openssl-bundle OpenSSL specific PEM bundle\n" + " openssl-directory directory of OpenSSL specific files\n" + " java-cacerts java keystore cacerts file\n" + " edk2-cacerts cacerts file for EDK2 HTTPS config", + "type" + }, + { opt_purpose, + "limit to certificates usable for the purpose\n" + " server-auth for authenticating servers\n" + " client-auth for authenticating clients\n" + " email for email protection\n" + " code-signing for authenticating signed code\n" + " 1.2.3.4.5... an arbitrary object id", + "usage" + }, + { opt_overwrite, "overwrite output file or directory" }, + { opt_comment, "add comments to bundles if possible" }, + { opt_verbose, "show verbose debug output", }, + { opt_quiet, "suppress command output", }, + { 0 }, + }; + + p11_enumerate_init (&ex); + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + case opt_quiet: + break; + + case opt_overwrite: + ex.flags |= P11_SAVE_OVERWRITE; + break; + case opt_comment: + ex.flags |= P11_EXTRACT_COMMENT; + break; + case opt_filter: + if (!p11_enumerate_opt_filter (&ex, optarg)) + exit (2); + break; + case opt_purpose: + if (!p11_enumerate_opt_purpose (&ex, optarg)) + exit (2); + break; + case opt_format: + if (!format_argument (optarg, &format)) + exit (2); + break; + case 'h': + p11_tool_usage (usages, options); + exit (0); + case '?': + exit (2); + default: + assert_not_reached (); + break; + } + } + + argc -= optind; + argv += optind; + + if (argc != 1) { + p11_message ("specify one destination file or directory"); + exit (2); + } + + if (!format) { + p11_message ("no output format specified"); + exit (2); + } + + if (!validate_filter_and_format (&ex, format)) + exit (1); + + if (!p11_enumerate_ready (&ex, "ca-anchors")) + exit (1); + + ex.flags |= P11_ENUMERATE_CORRELATE; + ret = (format) (&ex, argv[0]) ? 0 : 1; + + p11_enumerate_cleanup (&ex); + return ret; +} + +int +p11_trust_extract_compat (int argc, + char *argv[]) +{ + char *path = NULL; + int error; + + argv[argc] = NULL; + + /* + * For compatibility with people who deployed p11-kit 0.18.x + * before trust stuff was put into its own branch. + */ + path = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL); + return_val_if_fail (path != NULL, 1); + execv (path, argv); + error = errno; + + if (error == ENOENT) { + free (path); + path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL); + return_val_if_fail (path != NULL, 1); + execv (path, argv); + error = errno; + } + + /* At this point we have no command */ + p11_message_err (error, "could not run %s command", path); + + free (path); + return 2; +} diff --git a/trust/extract.h b/trust/extract.h new file mode 100644 index 0000000..9ce802a --- /dev/null +++ b/trust/extract.h @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#ifndef P11_EXTRACT_H_ +#define P11_EXTRACT_H_ + +#include "enumerate.h" +#include "pkcs11.h" +#include "save.h" + +enum { + /* These overlap with the flags in save.h, so start higher */ + P11_EXTRACT_COMMENT = 1 << 10, +}; + +typedef bool (* p11_extract_func) (p11_enumerate *ex, + const char *destination); + +bool p11_extract_x509_file (p11_enumerate *ex, + const char *destination); + +bool p11_extract_x509_directory (p11_enumerate *ex, + const char *destination); + +bool p11_extract_pem_bundle (p11_enumerate *ex, + const char *destination); + +bool p11_extract_pem_directory (p11_enumerate *ex, + const char *destination); + +bool p11_extract_pem_directory_hash (p11_enumerate *ex, + const char *destination); + +bool p11_extract_jks_cacerts (p11_enumerate *ex, + const char *destination); + +bool p11_extract_edk2_cacerts (p11_enumerate *ex, + const char *destination); + +bool p11_extract_openssl_bundle (p11_enumerate *ex, + const char *destination); + +bool p11_extract_openssl_directory (p11_enumerate *ex, + const char *destination); + +int p11_trust_extract (int argc, + char **argv); + +int p11_trust_extract_compat (int argc, + char *argv[]); + +/* from extract-openssl.c but also used in extract-pem.c */ +bool p11_openssl_symlink (p11_enumerate *ex, + p11_save_dir *dir, + const char *filename); +#endif /* P11_EXTRACT_H_ */ diff --git a/trust/fixtures/cacert-ca.der b/trust/fixtures/cacert-ca.der new file mode 100644 index 0000000..719b0ff Binary files /dev/null and b/trust/fixtures/cacert-ca.der differ diff --git a/trust/fixtures/cacert3-distrust-all.pem b/trust/fixtures/cacert3-distrust-all.pem new file mode 100644 index 0000000..ce5d887 --- /dev/null +++ b/trust/fixtures/cacert3-distrust-all.pem @@ -0,0 +1,44 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG +CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD +CA== +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-distrusted-all.pem b/trust/fixtures/cacert3-distrusted-all.pem new file mode 100644 index 0000000..4a04a39 --- /dev/null +++ b/trust/fixtures/cacert3-distrusted-all.pem @@ -0,0 +1,43 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG +CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-not-trusted.pem b/trust/fixtures/cacert3-not-trusted.pem new file mode 100644 index 0000000..eaa2e54 --- /dev/null +++ b/trust/fixtures/cacert3-not-trusted.pem @@ -0,0 +1,42 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijACMAA= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-alias.pem b/trust/fixtures/cacert3-trusted-alias.pem new file mode 100644 index 0000000..44601ea --- /dev/null +++ b/trust/fixtures/cacert3-trusted-alias.pem @@ -0,0 +1,42 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-keyid.pem b/trust/fixtures/cacert3-trusted-keyid.pem new file mode 100644 index 0000000..e652733 --- /dev/null +++ b/trust/fixtures/cacert3-trusted-keyid.pem @@ -0,0 +1,42 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted-server-alias.pem b/trust/fixtures/cacert3-trusted-server-alias.pem new file mode 100644 index 0000000..55593ec --- /dev/null +++ b/trust/fixtures/cacert3-trusted-server-alias.pem @@ -0,0 +1,43 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g +TGFiZWw= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-trusted.pem b/trust/fixtures/cacert3-trusted.pem new file mode 100644 index 0000000..55593ec --- /dev/null +++ b/trust/fixtures/cacert3-trusted.pem @@ -0,0 +1,43 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g +TGFiZWw= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/cacert3-twice.pem b/trust/fixtures/cacert3-twice.pem new file mode 100644 index 0000000..c73202d --- /dev/null +++ b/trust/fixtures/cacert3-twice.pem @@ -0,0 +1,84 @@ +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff --git a/trust/fixtures/cacert3.der b/trust/fixtures/cacert3.der new file mode 100644 index 0000000..56f8c88 Binary files /dev/null and b/trust/fixtures/cacert3.der differ diff --git a/trust/fixtures/cacert3.pem b/trust/fixtures/cacert3.pem new file mode 100644 index 0000000..087ca0e --- /dev/null +++ b/trust/fixtures/cacert3.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff --git a/trust/fixtures/distrusted.pem b/trust/fixtures/distrusted.pem new file mode 100644 index 0000000..8de6ff0 --- /dev/null +++ b/trust/fixtures/distrusted.pem @@ -0,0 +1,23 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN +QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n +i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L +WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 +6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg +MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV +BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT +MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p +bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p +mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 +voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH +AwIMEVJlZCBIYXQgSXMgdGhlIENB +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/duplicated.jks b/trust/fixtures/duplicated.jks new file mode 100644 index 0000000..65d4225 Binary files /dev/null and b/trust/fixtures/duplicated.jks differ diff --git a/trust/fixtures/duplicated1.der b/trust/fixtures/duplicated1.der new file mode 100644 index 0000000..f9ea3ad Binary files /dev/null and b/trust/fixtures/duplicated1.der differ diff --git a/trust/fixtures/duplicated2.der b/trust/fixtures/duplicated2.der new file mode 100644 index 0000000..a408031 Binary files /dev/null and b/trust/fixtures/duplicated2.der differ diff --git a/trust/fixtures/empty-file b/trust/fixtures/empty-file new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/trust/fixtures/empty-file diff --git a/trust/fixtures/multiple.edk2 b/trust/fixtures/multiple.edk2 new file mode 100644 index 0000000..cbb9d0d Binary files /dev/null and b/trust/fixtures/multiple.edk2 differ diff --git a/trust/fixtures/multiple.jks b/trust/fixtures/multiple.jks new file mode 100644 index 0000000..6d41bcc Binary files /dev/null and b/trust/fixtures/multiple.jks differ diff --git a/trust/fixtures/multiple.pem b/trust/fixtures/multiple.pem new file mode 100644 index 0000000..d3e1775 --- /dev/null +++ b/trust/fixtures/multiple.pem @@ -0,0 +1,58 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g +TGFiZWw= +-----END TRUSTED CERTIFICATE----- +-----BEGIN TRUSTED CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +MA4MDEN1c3RvbSBMYWJlbA== +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/openssl-trust-no-trust.pem b/trust/fixtures/openssl-trust-no-trust.pem new file mode 100644 index 0000000..07e3917 --- /dev/null +++ b/trust/fixtures/openssl-trust-no-trust.pem @@ -0,0 +1,27 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIEmTCCA4GgAwIBAgIQXSBhjowOuTRAk7mx2GOVtjANBgkqhkiG9w0BAQUFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTE0MDgwNTAwMDAwMFoXDTE1MTEwMTIzNTk1OVow +fzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSowKAYDVQQDEyFV +U0VSVHJ1c3QgTGVnYWN5IFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDZTSA65ikwhvLphol2NE5oH5ZE99H51oJOpjie7stb +4Y4uvfJXgP3JP/yQc0S8j7tXW+UtHxQwdTb1f7zPVvR/gf+ukc3Y0mrLl/n3zZBq +RS3Eu6SFE2hXX+8puirK6vXMpASbY80A6/3tjd0jxnseVx02fx8Img1h21pscQJT +KML6jf2ru7PxjXRL3729zAaTYwmVwhB6nSWQMp0BwjlTsOAVa8fXdOWkIpvklP+E +kfstsxlDLZMPnBIJ5Ge5J3oyrXoqzEFYwG5ZX+44KxcinIn6buflVzX0Wu2SlZMt ++cwkP6UcPSe9IgNzzPXK86n03P7P6dBc0A+rh/yD/cipAgMBAAGjggEfMIIBGzAf +BgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUr6RAr58W +/qsx/fvVl4v1kaMkhhYwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C +AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGA1UdIAQSMBAwDgYM +KwYBBAGyMQECAQMEMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRy +dXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQp +MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI +hvcNAQEFBQADggEBAISuLWg4EWyDUWLAkcKYvMY7+qXFvTsJ5m5gbzADhiIasovz +xs4euxt54BYUTdKaBUv/j+zwKCnqKgQdPa8REtVJmFBCn2FmOrZAmQQMaxAy6ffP +hlhPLc3TrH7oW2qDfA2gnFxQNnUNbX5Ct9+m3JBcbyNOlx3zInW/AzXmXX/H+Zss +h/aO1iWWWZ3P6hAe727qWpt3GDTMgXevmofCCuXlnhOVU729SRqldhL23PKRt+ka +4bxNPZVxffiNfD4DT1Pt/lL9yl+T4RoBGwK3c066Zul4i1D+EcvRZ9AiT3fqzRQV +QK5mXegufx6Ib1V51rl+47X9kaDA8iaHSy+d9aA= +-----END TRUSTED CERTIFICATE----- diff --git a/trust/fixtures/redhat-ca.der b/trust/fixtures/redhat-ca.der new file mode 100644 index 0000000..affae24 Binary files /dev/null and b/trust/fixtures/redhat-ca.der differ diff --git a/trust/fixtures/self-signed-with-eku.der b/trust/fixtures/self-signed-with-eku.der new file mode 100644 index 0000000..33e0760 Binary files /dev/null and b/trust/fixtures/self-signed-with-eku.der differ diff --git a/trust/fixtures/self-signed-with-ku.der b/trust/fixtures/self-signed-with-ku.der new file mode 100644 index 0000000..51bb227 Binary files /dev/null and b/trust/fixtures/self-signed-with-ku.der differ diff --git a/trust/fixtures/simple-string b/trust/fixtures/simple-string new file mode 100644 index 0000000..be13474 --- /dev/null +++ b/trust/fixtures/simple-string @@ -0,0 +1 @@ +The simple string is hairy \ No newline at end of file diff --git a/trust/fixtures/testing-server.der b/trust/fixtures/testing-server.der new file mode 100644 index 0000000..cf2de65 Binary files /dev/null and b/trust/fixtures/testing-server.der differ diff --git a/trust/fixtures/thawte.pem b/trust/fixtures/thawte.pem new file mode 100644 index 0000000..34af29e --- /dev/null +++ b/trust/fixtures/thawte.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- diff --git a/trust/fixtures/unrecognized-file.txt b/trust/fixtures/unrecognized-file.txt new file mode 100644 index 0000000..4d5bac3 --- /dev/null +++ b/trust/fixtures/unrecognized-file.txt @@ -0,0 +1 @@ +# This file is not recognized by the parser \ No newline at end of file diff --git a/trust/fixtures/verisign-v1.der b/trust/fixtures/verisign-v1.der new file mode 100644 index 0000000..bcd5ebb Binary files /dev/null and b/trust/fixtures/verisign-v1.der differ diff --git a/trust/fixtures/verisign-v1.pem b/trust/fixtures/verisign-v1.pem new file mode 100644 index 0000000..ace4da5 --- /dev/null +++ b/trust/fixtures/verisign-v1.pem @@ -0,0 +1,15 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +MA4MDEN1c3RvbSBMYWJlbA== +-----END TRUSTED CERTIFICATE----- diff --git a/trust/frob-bc.c b/trust/frob-bc.c new file mode 100644 index 0000000..41fbc58 --- /dev/null +++ b/trust/frob-bc.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ext = NULL; + char *buf; + int len; + int ret; + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, "PKIX1.BasicConstraints", &ext); + err_if_fail (ret, "BasicConstraints"); + + if (argc > 1) { + ret = asn1_write_value (ext, "cA", argv[1], 1); + err_if_fail (ret, "cA"); + } + + ret = asn1_write_value (ext, "pathLenConstraint", NULL, 0); + err_if_fail (ret, "pathLenConstraint"); + + len = 0; + ret = asn1_der_coding (ext, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ext, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + + free (buf); + asn1_delete_structure (&ext); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-cert.c b/trust/frob-cert.c new file mode 100644 index 0000000..c1bc45c --- /dev/null +++ b/trust/frob-cert.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +static ssize_t +tlv_length (const unsigned char *data, + size_t length) +{ + unsigned char cls; + int counter = 0; + int cb, len; + unsigned long tag; + + if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { + counter += cb; + len = asn1_get_length_der (data + cb, length - cb, &cb); + counter += cb; + if (len >= 0) { + len += counter; + if (length >= len) + return len; + } + } + + return -1; +} + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *cert = NULL; + p11_mmap *map; + void *data; + size_t size; + int start, end; + ssize_t len; + int ret; + + if (argc != 4) { + fprintf (stderr, "usage: frob-cert struct field filename\n"); + return 2; + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, argv[1], &cert); + err_if_fail (ret, "Certificate"); + + map = p11_mmap_open (argv[3], NULL, &data, &size); + if (map == NULL) { + fprintf (stderr, "couldn't open file: %s\n", argv[3]); + return 1; + } + + ret = asn1_der_decoding (&cert, data, size, message); + err_if_fail (ret, message); + + ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end); + err_if_fail (ret, "asn1_der_decoding_startEnd"); + + len = tlv_length ((unsigned char *)data + start, size - start); + assert (len >= 0); + + fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len); + fwrite ((unsigned char *)data + start, 1, len, stdout); + fflush (stdout); + + p11_mmap_close (map); + + asn1_delete_structure (&cert); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-eku.c b/trust/frob-eku.c new file mode 100644 index 0000000..f467b36 --- /dev/null +++ b/trust/frob-eku.c @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ekus = NULL; + char *buf; + int len; + int ret; + int i; + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus); + err_if_fail (ret, "ExtKeyUsageSyntax"); + + for (i = 1; i < argc; i++) { + ret = asn1_write_value (ekus, "", "NEW", 1); + err_if_fail (ret, "NEW"); + + ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i])); + err_if_fail (ret, "asn1_write_value"); + } + + len = 0; + ret = asn1_der_coding (ekus, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ekus, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + + free (buf); + asn1_delete_structure (&ekus); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-ext.c b/trust/frob-ext.c new file mode 100644 index 0000000..2017205 --- /dev/null +++ b/trust/frob-ext.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ext = NULL; + unsigned char input[1024]; + char *buf; + size_t size; + int len; + int ret; + + if (argc == 1 || argc > 3) { + fprintf (stderr, "usage: frob-ext 1.2.3 TRUE\n"); + return 2; + } + + size = fread (input, 1, sizeof (input), stdin); + if (ferror (stdin) || !feof (stdin)) { + fprintf (stderr, "bad input\n"); + return 1; + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + + ret = asn1_create_element (definitions, "PKIX1.Extension", &ext); + err_if_fail (ret, "Extension"); + + ret = asn1_write_value (ext, "extnID", argv[1], 1); + err_if_fail (ret, "extnID"); + + if (argc == 3) { + ret = asn1_write_value (ext, "critical", argv[2], 1); + err_if_fail (ret, "critical"); + } + + ret = asn1_write_value (ext, "extnValue", input, size); + err_if_fail (ret, "extnValue"); + + len = 0; + ret = asn1_der_coding (ext, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ext, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + + free (buf); + asn1_delete_structure (&ext); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-ku.c b/trust/frob-ku.c new file mode 100644 index 0000000..99ac217 --- /dev/null +++ b/trust/frob-ku.c @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include "oid.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) + +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *ku = NULL; + unsigned int usage = 0; + char bits[2]; + char *buf; + int len; + int ret; + int i; + + for (i = 1; i < argc; i++) { + if (strcmp (argv[i], "digital-signature") == 0) + usage |= P11_KU_DIGITAL_SIGNATURE; + else if (strcmp (argv[i], "non-repudiation") == 0) + usage |= P11_KU_NON_REPUDIATION; + else if (strcmp (argv[i], "key-encipherment") == 0) + usage |= P11_KU_KEY_ENCIPHERMENT; + else if (strcmp (argv[i], "data-encipherment") == 0) + usage |= P11_KU_DATA_ENCIPHERMENT; + else if (strcmp (argv[i], "key-agreement") == 0) + usage |= P11_KU_KEY_AGREEMENT; + else if (strcmp (argv[i], "key-cert-sign") == 0) + usage |= P11_KU_KEY_CERT_SIGN; + else if (strcmp (argv[i], "crl-sign") == 0) + usage |= P11_KU_CRL_SIGN; + else { + fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]); + return 2; + } + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku); + err_if_fail (ret, "KeyUsage"); + + bits[0] = usage & 0xff; + bits[1] = (usage >> 8) & 0xff; + + ret = asn1_write_value (ku, "", bits, 9); + err_if_fail (ret, "asn1_write_value"); + + len = 0; + ret = asn1_der_coding (ku, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (ku, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + free (buf); + + asn1_delete_structure (&ku); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-nss-trust.c b/trust/frob-nss-trust.c new file mode 100644 index 0000000..fd69573 --- /dev/null +++ b/trust/frob-nss-trust.c @@ -0,0 +1,221 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "attrs.h" +#include "debug.h" +#include "pkcs11x.h" + +#include "p11-kit/iter.h" +#include "p11-kit/p11-kit.h" + +#include +#include +#include + +static void +dump_object (P11KitIter *iter, + CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE label = { CKA_LABEL, }; + CK_ATTRIBUTE *attr; + char *string; + char *name; + CK_RV rv; + + attr = p11_attrs_find_valid (attrs, CKA_LABEL); + if (!attr) { + rv = p11_kit_iter_load_attributes (iter, &label, 1); + if (rv == CKR_OK) + attr = &label; + } + + if (attr) + name = strndup (attr->pValue, attr->ulValueLen); + else + name = strdup ("unknown"); + + string = p11_attrs_to_string (attrs, -1); + printf ("\"%s\" = %s\n", name, string); + free (string); + + free (label.pValue); + free (name); +} + +static int +dump_trust_module (const char *path) +{ + CK_FUNCTION_LIST *module; + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + CK_ATTRIBUTE match = + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; + P11KitIter *iter; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + CK_ATTRIBUTE template[] = { + { CKA_CLASS,}, + { CKA_LABEL, }, + { CKA_CERT_MD5_HASH, }, + { CKA_CERT_SHA1_HASH }, + { CKA_ISSUER, }, + { CKA_SERIAL_NUMBER, }, + { CKA_TRUST_SERVER_AUTH, }, + { CKA_TRUST_EMAIL_PROTECTION, }, + { CKA_TRUST_CODE_SIGNING, }, + { CKA_TRUST_STEP_UP_APPROVED, }, + { CKA_INVALID, } + }; + + CK_ULONG count = p11_attrs_count (template); + + module = p11_kit_module_load (path, 0); + return_val_if_fail (module != NULL, 1); + + rv = p11_kit_module_initialize (module); + return_val_if_fail (rv == CKR_OK, 1); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, &match, 1); + p11_kit_iter_begin_with (iter, module, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + attrs = p11_attrs_dup (template); + rv = p11_kit_iter_load_attributes (iter, attrs, count); + return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1); + p11_attrs_purge (attrs); + dump_object (iter, attrs); + p11_attrs_free (attrs); + } + + return_val_if_fail (rv == CKR_CANCEL, 1); + + p11_kit_module_finalize (module); + p11_kit_module_release (module); + + return 0; +} + +static int +compare_trust_modules (const char *path1, + const char *path2) +{ + CK_FUNCTION_LIST *module1; + CK_FUNCTION_LIST *module2; + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + CK_ATTRIBUTE match = + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }; + P11KitIter *iter; + P11KitIter *iter2; + CK_ATTRIBUTE *check; + CK_RV rv; + + CK_ATTRIBUTE template[] = { + { CKA_CLASS, }, + { CKA_ISSUER, }, + { CKA_SERIAL_NUMBER, }, + { CKA_CERT_MD5_HASH, }, + { CKA_CERT_SHA1_HASH }, + { CKA_TRUST_SERVER_AUTH, }, + { CKA_TRUST_EMAIL_PROTECTION, }, + { CKA_TRUST_CODE_SIGNING, }, + { CKA_TRUST_STEP_UP_APPROVED, }, + { CKA_INVALID, } + }; + + module1 = p11_kit_module_load (path1, 0); + return_val_if_fail (module1 != NULL, 1); + + rv = p11_kit_module_initialize (module1); + return_val_if_fail (rv == CKR_OK, 1); + + module2 = p11_kit_module_load (path2, 0); + return_val_if_fail (module2 != NULL, 1); + + rv = p11_kit_module_initialize (module2); + return_val_if_fail (rv == CKR_OK, 1); + + iter = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter, &match, 1); + p11_kit_iter_begin_with (iter, module1, 0, 0); + + while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { + check = p11_attrs_dup (template); + + rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check)); + return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1); + + /* Go through and remove anything not found */ + p11_attrs_purge (check); + + /* Check that this object exists */ + iter2 = p11_kit_iter_new (NULL, 0); + p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check)); + p11_kit_iter_begin_with (iter2, module2, 0, 0); + rv = p11_kit_iter_next (iter2); + p11_kit_iter_free (iter2); + + if (rv != CKR_OK) + dump_object (iter, check); + + p11_attrs_free (check); + } + + return_val_if_fail (rv == CKR_CANCEL, 1); + p11_kit_module_finalize (module1); + p11_kit_module_release (module1); + + p11_kit_module_finalize (module2); + p11_kit_module_release (module2); + + return 0; +} + +int +main (int argc, + char *argv[]) +{ + if (argc == 2) { + return dump_trust_module (argv[1]); + } else if (argc == 3) { + return compare_trust_modules (argv[1], argv[2]); + } else { + fprintf (stderr, "usage: frob-nss-trust module\n"); + fprintf (stderr, " frob-nss-trust module1 module2\n"); + return 2; + } +} diff --git a/trust/frob-oid.c b/trust/frob-oid.c new file mode 100644 index 0000000..5a2499a --- /dev/null +++ b/trust/frob-oid.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include +#include +#include +#include + +#include "pkix.asn.h" + +#define err_if_fail(ret, msg) \ + do { if ((ret) != ASN1_SUCCESS) { \ + fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ + exit (1); \ + } } while (0) +int +main (int argc, + char *argv[]) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *definitions = NULL; + node_asn *oid = NULL; + char *buf; + int len; + int ret; + + if (argc != 2) { + fprintf (stderr, "usage: frob-oid 1.1.1\n"); + return 2; + } + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "definitions: %s\n", message); + return 1; + } + + /* AttributeType is a OBJECT IDENTIFIER */ + ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid); + err_if_fail (ret, "AttributeType"); + + ret = asn1_write_value (oid, "", argv[1], strlen (argv[1])); + err_if_fail (ret, "asn1_write_value"); + + len = 0; + ret = asn1_der_coding (oid, "", NULL, &len, message); + assert (ret == ASN1_MEM_ERROR); + + buf = malloc (len); + assert (buf != NULL); + ret = asn1_der_coding (oid, "", buf, &len, message); + if (ret != ASN1_SUCCESS) { + fprintf (stderr, "asn1_der_coding: %s\n", message); + free (buf); + return 1; + } + + fwrite (buf, 1, len, stdout); + fflush (stdout); + free (buf); + + asn1_delete_structure (&oid); + asn1_delete_structure (&definitions); + + return 0; +} diff --git a/trust/frob-pow.c b/trust/frob-pow.c new file mode 100644 index 0000000..f029b2a --- /dev/null +++ b/trust/frob-pow.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include + +static unsigned int +nearest_pow_2 (int num) +{ + unsigned int n = num ? 1 : 0; + while (n < num && n > 0) + n <<= 1; + return n; +} + +int +main (void) +{ + int i; + + for (i = 0; i < 40; i++) + printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i)); + + return 0; +} diff --git a/trust/frob-token.c b/trust/frob-token.c new file mode 100644 index 0000000..e079860 --- /dev/null +++ b/trust/frob-token.c @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "compat.h" + +#include + +#include "token.h" + +int +main (int argc, + char *argv[]) +{ + p11_token *token; + p11_index *index; + int count; + + if (argc != 2) { + fprintf (stderr, "usage: frob-token path\n"); + return 2; + } + + token = p11_token_new (1, argv[1], "Label", P11_TOKEN_FLAG_NONE); + count = p11_token_load (token); + + printf ("%d files loaded\n", count); + index = p11_token_index (token); + printf ("%d objects loaded\n", p11_index_size (index)); + + p11_token_free (token); + return 0; +} diff --git a/trust/index.c b/trust/index.c new file mode 100644 index 0000000..27b9717 --- /dev/null +++ b/trust/index.c @@ -0,0 +1,925 @@ +/* + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "compat.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TRUST + +#include "attrs.h" +#include "debug.h" +#include "dict.h" +#include "index.h" +#include "module.h" + +#include +#include +#include + +/* + * The number of buckets we use for indexing, should end up as roughly + * equal to the expected number of unique attribute values * 0.75, + * prime if possible. Currently we don't expand the index, so this is + * just a good guess for general usage. + */ +#define NUM_BUCKETS 7919 + +/* + * The number of indexes to use when trying to find a matching object. + */ +#define MAX_SELECT 3 + +typedef struct { + CK_OBJECT_HANDLE *elem; + int num; +} index_bucket; + +struct _p11_index { + /* The list of objects by handle */ + p11_dict *objects; + + /* Used for indexing */ + index_bucket *buckets; + + /* Data passed to callbacks */ + void *data; + + /* Called to build an new/modified object */ + p11_index_build_cb build; + + /* Called after each object ready to be stored */ + p11_index_store_cb store; + + /* Called after an object has been removed */ + p11_index_remove_cb remove; + + /* Called after objects change */ + p11_index_notify_cb notify; + + /* Used for queueing changes, when in a batch */ + p11_dict *changes; + bool notifying; +}; + +typedef struct { + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; +} index_object; + +static void +free_object (void *data) +{ + index_object *obj = data; + p11_attrs_free (obj->attrs); + free (obj); +} + +static CK_RV +default_build (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + return CKR_OK; +} + +static CK_RV +default_store (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE **attrs) +{ + return CKR_OK; +} + +static void +default_notify (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + +} + +static CK_RV +default_remove (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + return CKR_OK; +} + +p11_index * +p11_index_new (p11_index_build_cb build, + p11_index_store_cb store, + p11_index_remove_cb remove, + p11_index_notify_cb notify, + void *data) +{ + p11_index *index; + + index = calloc (1, sizeof (p11_index)); + return_val_if_fail (index != NULL, NULL); + + if (build == NULL) + build = default_build; + if (store == NULL) + store = default_store; + if (notify == NULL) + notify = default_notify; + if (remove == NULL) + remove = default_remove; + + index->build = build; + index->store = store; + index->notify = notify; + index->remove = remove; + index->data = data; + + index->objects = p11_dict_new (p11_dict_ulongptr_hash, + p11_dict_ulongptr_equal, + NULL, free_object); + if (index->objects == NULL) { + p11_index_free (index); + return_val_if_reached (NULL); + } + + index->buckets = calloc (NUM_BUCKETS, sizeof (index_bucket)); + if (index->buckets == NULL) { + p11_index_free (index); + return_val_if_reached (NULL); + } + + return index; +} + +void +p11_index_free (p11_index *index) +{ + int i; + + return_if_fail (index != NULL); + + p11_dict_free (index->objects); + p11_dict_free (index->changes); + if (index->buckets) { + for (i = 0; i < NUM_BUCKETS; i++) + free (index->buckets[i].elem); + free (index->buckets); + } + free (index); +} + +int +p11_index_size (p11_index *index) +{ + return_val_if_fail (index != NULL, -1); + return p11_dict_size (index->objects); +} + +static bool +is_indexable (p11_index *index, + CK_ATTRIBUTE_TYPE type) +{ + switch (type) { + case CKA_CLASS: + case CKA_VALUE: + case CKA_OBJECT_ID: + case CKA_ID: + case CKA_X_ORIGIN: + return true; + } + + return false; +} + +static unsigned int +alloc_size (int num) +{ + unsigned int n = num ? 1 : 0; + while (n < num && n > 0) + n <<= 1; + return n; +} + +static int +binary_search (CK_OBJECT_HANDLE *elem, + int low, + int high, + CK_OBJECT_HANDLE handle) +{ + int mid; + + if (low == high) + return low; + + mid = low + ((high - low) / 2); + if (handle > elem[mid]) + return binary_search (elem, mid + 1, high, handle); + else if (handle < elem[mid]) + return binary_search (elem, low, mid, handle); + + return mid; +} + + +static void +bucket_insert (index_bucket *bucket, + CK_OBJECT_HANDLE handle) +{ + unsigned int alloc; + int at = 0; + + if (bucket->elem) { + at = binary_search (bucket->elem, 0, bucket->num, handle); + if (at < bucket->num && bucket->elem[at] == handle) + return; + } + + alloc = alloc_size (bucket->num); + if (bucket->num + 1 > alloc) { + CK_OBJECT_HANDLE *elem; + + alloc = alloc ? alloc * 2 : 1; + return_if_fail (alloc != 0); + elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE)); + return_if_fail (elem != NULL); + bucket->elem = elem; + } + + return_if_fail (bucket->elem != NULL); + memmove (bucket->elem + at + 1, bucket->elem + at, + (bucket->num - at) * sizeof (CK_OBJECT_HANDLE)); + bucket->elem[at] = handle; + bucket->num++; +} + +static bool +bucket_push (index_bucket *bucket, + CK_OBJECT_HANDLE handle) +{ + unsigned int alloc; + + alloc = alloc_size (bucket->num); + if (bucket->num + 1 > alloc) { + CK_OBJECT_HANDLE *elem; + + alloc = alloc ? alloc * 2 : 1; + return_val_if_fail (alloc != 0, false); + elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE)); + return_val_if_fail (elem != NULL, false); + bucket->elem = elem; + } + + return_val_if_fail (bucket->elem != NULL, false); + bucket->elem[bucket->num++] = handle; + return true; +} + +static void +index_hash (p11_index *index, + index_object *obj) +{ + unsigned int hash; + int i; + + for (i = 0; !p11_attrs_terminator (obj->attrs + i); i++) { + if (is_indexable (index, obj->attrs[i].type)) { + hash = p11_attr_hash (obj->attrs + i); + bucket_insert (index->buckets + (hash % NUM_BUCKETS), obj->handle); + } + } +} + +static void +merge_attrs (CK_ATTRIBUTE *output, + CK_ULONG *noutput, + CK_ATTRIBUTE *merge, + CK_ULONG nmerge, + p11_array *to_free) +{ + CK_ULONG i; + + for (i = 0; i < nmerge; i++) { + /* Already have this attribute? */ + if (p11_attrs_findn (output, *noutput, merge[i].type)) { + p11_array_push (to_free, merge[i].pValue); + + } else { + memcpy (output + *noutput, merge + i, sizeof (CK_ATTRIBUTE)); + (*noutput)++; + } + } + + /* Freeing the array itself */ + p11_array_push (to_free, merge); +} + +static CK_RV +index_build (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE **attrs, + CK_ATTRIBUTE *merge) +{ + CK_ATTRIBUTE *extra = NULL; + CK_ATTRIBUTE *built; + p11_array *stack = NULL; + CK_ULONG count; + CK_ULONG nattrs; + CK_ULONG nmerge; + CK_ULONG nextra; + CK_RV rv; + int i; + + rv = index->build (index->data, index, *attrs, merge, &extra); + if (rv != CKR_OK) + return rv; + + /* Short circuit when nothing to merge */ + if (*attrs == NULL && extra == NULL) { + built = merge; + stack = NULL; + + } else { + stack = p11_array_new (NULL); + nattrs = p11_attrs_count (*attrs); + nmerge = p11_attrs_count (merge); + nextra = p11_attrs_count (extra); + + /* Make a shallow copy of the combined attributes for validation */ + built = calloc (nmerge + nattrs + nextra + 1, sizeof (CK_ATTRIBUTE)); + return_val_if_fail (built != NULL, CKR_GENERAL_ERROR); + + count = nmerge; + memcpy (built, merge, sizeof (CK_ATTRIBUTE) * nmerge); + p11_array_push (stack, merge); + merge_attrs (built, &count, *attrs, nattrs, stack); + merge_attrs (built, &count, extra, nextra, stack); + + /* The terminator attribute */ + built[count].type = CKA_INVALID; + assert (p11_attrs_terminator (built + count)); + } + + rv = index->store (index->data, index, handle, &built); + + if (rv == CKR_OK) { + for (i = 0; stack && i < stack->num; i++) + free (stack->elem[i]); + *attrs = built; + } else { + p11_attrs_free (extra); + free (built); + } + + p11_array_free (stack); + return rv; +} + +static void +call_notify (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + assert (index->notify); + + /* When attrs is NULL, means this is a modify */ + if (attrs == NULL) { + attrs = p11_index_lookup (index, handle); + if (attrs == NULL) + return; + + /* Otherwise a remove operation, handle not valid anymore */ + } else { + handle = 0; + } + + index->notifying = true; + index->notify (index->data, index, handle, attrs); + index->notifying = false; +} + +static void +index_notify (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *removed) +{ + index_object *obj; + + if (!index->notify || index->notifying) { + p11_attrs_free (removed); + + } else if (!index->changes) { + call_notify (index, handle, removed); + p11_attrs_free (removed); + + } else { + obj = calloc (1, sizeof (index_object)); + return_if_fail (obj != NULL); + + obj->handle = handle; + obj->attrs = removed; + if (!p11_dict_set (index->changes, &obj->handle, obj)) + return_if_reached (); + } +} + +void +p11_index_load (p11_index *index) +{ + return_if_fail (index != NULL); + + if (index->changes) + return; + + index->changes = p11_dict_new (p11_dict_ulongptr_hash, + p11_dict_ulongptr_equal, + NULL, free_object); + return_if_fail (index->changes != NULL); +} + +void +p11_index_finish (p11_index *index) +{ + p11_dict *changes; + index_object *obj; + p11_dictiter iter; + + return_if_fail (index != NULL); + + if (!index->changes) + return; + + changes = index->changes; + index->changes = NULL; + + p11_dict_iterate (changes, &iter); + while (p11_dict_next (&iter, NULL, (void **)&obj)) { + index_notify (index, obj->handle, obj->attrs); + obj->attrs = NULL; + } + + p11_dict_free (changes); +} + +bool +p11_index_loading (p11_index *index) +{ + return_val_if_fail (index != NULL, false); + return index->changes ? true : false; +} + +CK_RV +p11_index_take (p11_index *index, + CK_ATTRIBUTE *attrs, + CK_OBJECT_HANDLE *handle) +{ + index_object *obj; + CK_RV rv; + + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (attrs != NULL, CKR_GENERAL_ERROR); + + obj = calloc (1, sizeof (index_object)); + return_val_if_fail (obj != NULL, CKR_HOST_MEMORY); + + obj->handle = p11_module_next_id (); + + rv = index_build (index, obj->handle, &obj->attrs, attrs); + if (rv != CKR_OK) { + p11_attrs_free (attrs); + free (obj); + return rv; + } + + return_val_if_fail (obj->attrs != NULL, CKR_GENERAL_ERROR); + + if (!p11_dict_set (index->objects, &obj->handle, obj)) + return_val_if_reached (CKR_HOST_MEMORY); + + index_hash (index, obj); + + if (handle) + *handle = obj->handle; + + index_notify (index, obj->handle, NULL); + return CKR_OK; +} + +CK_RV +p11_index_add (p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_OBJECT_HANDLE *handle) +{ + CK_ATTRIBUTE *copy; + + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (attrs == NULL || count > 0, CKR_ARGUMENTS_BAD); + + copy = p11_attrs_buildn (NULL, attrs, count); + return_val_if_fail (copy != NULL, CKR_HOST_MEMORY); + + return p11_index_take (index, copy, handle); +} + +CK_RV +p11_index_update (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *update) +{ + index_object *obj; + CK_RV rv; + + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + return_val_if_fail (update != NULL, CKR_GENERAL_ERROR); + + obj = p11_dict_get (index->objects, &handle); + if (obj == NULL) { + p11_attrs_free (update); + return CKR_OBJECT_HANDLE_INVALID; + } + + rv = index_build (index, obj->handle, &obj->attrs, update); + if (rv != CKR_OK) { + p11_attrs_free (update); + return rv; + } + + index_hash (index, obj); + index_notify (index, obj->handle, NULL); + + return CKR_OK; +} + +CK_RV +p11_index_set (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs, + CK_ULONG count) +{ + CK_ATTRIBUTE *update; + index_object *obj; + + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + + obj = p11_dict_get (index->objects, &handle); + if (obj == NULL) + return CKR_OBJECT_HANDLE_INVALID; + + update = p11_attrs_buildn (NULL, attrs, count); + return_val_if_fail (update != NULL, CKR_HOST_MEMORY); + + return p11_index_update (index, handle, update); +} + +CK_RV +p11_index_remove (p11_index *index, + CK_OBJECT_HANDLE handle) +{ + index_object *obj; + CK_RV rv; + + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + + if (!p11_dict_steal (index->objects, &handle, NULL, (void **)&obj)) + return CKR_OBJECT_HANDLE_INVALID; + + rv = (index->remove) (index->data, index, obj->attrs); + + /* If the writer failed the remove, then add it back */ + if (rv != CKR_OK) { + if (!p11_dict_set (index->objects, &obj->handle, obj)) + return_val_if_reached (CKR_HOST_MEMORY); + return rv; + } + + /* This takes ownership of the attributes */ + index_notify (index, handle, obj->attrs); + obj->attrs = NULL; + free_object (obj); + + return CKR_OK; +} + +static CK_RV +index_replacev (p11_index *index, + CK_OBJECT_HANDLE *handles, + CK_ATTRIBUTE_TYPE key, + CK_ATTRIBUTE **replace, + CK_ULONG replacen) +{ + index_object *obj; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *attr; + bool handled = false; + CK_RV rv; + int i, j; + + for (i = 0; handles && handles[i] != 0; i++) { + obj = p11_dict_get (index->objects, handles + i); + if (obj == NULL) + continue; + + handled = false; + attr = p11_attrs_find (obj->attrs, key); + + /* The match doesn't have the key, so remove it */ + if (attr != NULL) { + for (j = 0; j < replacen; j++) { + if (!replace[j]) + continue; + if (p11_attrs_matchn (replace[j], attr, 1)) { + attrs = NULL; + rv = index_build (index, obj->handle, &attrs, replace[j]); + if (rv != CKR_OK) + return rv; + p11_attrs_free (obj->attrs); + obj->attrs = attrs; + replace[j] = NULL; + handled = true; + index_hash (index, obj); + index_notify (index, obj->handle, NULL); + break; + } + } + } + + if (!handled) { + rv = p11_index_remove (index, handles[i]); + if (rv != CKR_OK) + return rv; + } + } + + for (j = 0; j < replacen; j++) { + if (!replace[j]) + continue; + attrs = replace[j]; + replace[j] = NULL; + rv = p11_index_take (index, attrs, NULL); + if (rv != CKR_OK) + return rv; + } + + return CKR_OK; +} + +CK_RV +p11_index_replace (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *replace) +{ + CK_OBJECT_HANDLE handles[] = { handle, 0 }; + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + return index_replacev (index, handles, CKA_INVALID, + &replace, replace ? 1 : 0); +} + +CK_RV +p11_index_replace_all (p11_index *index, + CK_ATTRIBUTE *match, + CK_ATTRIBUTE_TYPE key, + p11_array *replace) +{ + CK_OBJECT_HANDLE *handles; + CK_RV rv; + int i; + + return_val_if_fail (index != NULL, CKR_GENERAL_ERROR); + + handles = p11_index_find_all (index, match, -1); + + rv = index_replacev (index, handles, key, + replace ? (CK_ATTRIBUTE **)replace->elem : NULL, + replace ? replace->num : 0); + + if (rv == CKR_OK) { + if (replace) + p11_array_clear (replace); + } else { + for (i = 0; replace && i < replace->num; i++) { + if (!replace->elem[i]) { + p11_array_remove (replace, i); + i--; + } + } + } + + free (handles); + return rv; +} + +CK_ATTRIBUTE * +p11_index_lookup (p11_index *index, + CK_OBJECT_HANDLE handle) +{ + index_object *obj; + + return_val_if_fail (index != NULL, NULL); + + if (handle == CK_INVALID_HANDLE) + return NULL; + + obj = p11_dict_get (index->objects, &handle); + return obj ? obj->attrs : NULL; +} + +typedef bool (* index_sink) (p11_index *index, + index_object *obj, + CK_ATTRIBUTE *match, + CK_ULONG count, + void *data); + +static void +index_select (p11_index *index, + CK_ATTRIBUTE *match, + CK_ULONG count, + index_sink sink, + void *data) +{ + index_bucket *selected[MAX_SELECT]; + CK_OBJECT_HANDLE handle; + index_object *obj; + unsigned int hash; + p11_dictiter iter; + CK_ULONG n; + int num, at; + int i, j; + + /* First look for any matching buckets */ + for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) { + if (is_indexable (index, match[n].type)) { + hash = p11_attr_hash (match + n); + selected[num] = index->buckets + (hash % NUM_BUCKETS); + + /* If any index is empty, then obviously no match */ + if (!selected[num]->num) + return; + + num++; + } + } + + /* Fall back on selecting all the items, if no index */ + if (num == 0) { + p11_dict_iterate (index->objects, &iter); + while (p11_dict_next (&iter, NULL, (void *)&obj)) { + if (!sink (index, obj, match, count, data)) + return; + } + return; + } + + for (i = 0; i < selected[0]->num; i++) { + /* A candidate match from first bucket */ + handle = selected[0]->elem[i]; + + /* Check if the candidate is in other buckets */ + for (j = 1; j < num; j++) { + assert (selected[j]->elem); /* checked above */ + at = binary_search (selected[j]->elem, 0, selected[j]->num, handle); + if (at >= selected[j]->num || selected[j]->elem[at] != handle) { + handle = 0; + break; + } + } + + /* Matched all the buckets, now actually match attrs */ + if (handle != 0) { + obj = p11_dict_get (index->objects, &handle); + if (obj != NULL) { + if (!sink (index, obj, match, count, data)) + return; + } + } + } +} + +static bool +sink_one_match (p11_index *index, + index_object *obj, + CK_ATTRIBUTE *match, + CK_ULONG count, + void *data) +{ + CK_OBJECT_HANDLE *result = data; + + if (p11_attrs_matchn (obj->attrs, match, count)) { + *result = obj->handle; + return false; + } + + return true; +} + +CK_OBJECT_HANDLE +p11_index_find (p11_index *index, + CK_ATTRIBUTE *match, + int count) +{ + CK_OBJECT_HANDLE handle = 0UL; + + return_val_if_fail (index != NULL, 0UL); + + if (count < 0) + count = p11_attrs_count (match); + + index_select (index, match, count, sink_one_match, &handle); + return handle; +} + +static bool +sink_if_match (p11_index *index, + index_object *obj, + CK_ATTRIBUTE *match, + CK_ULONG count, + void *data) +{ + index_bucket *handles = data; + + if (p11_attrs_matchn (obj->attrs, match, count)) + bucket_push (handles, obj->handle); + return true; +} + +CK_OBJECT_HANDLE * +p11_index_find_all (p11_index *index, + CK_ATTRIBUTE *match, + int count) +{ + index_bucket handles = { NULL, 0 }; + + return_val_if_fail (index != NULL, NULL); + + if (count < 0) + count = p11_attrs_count (match); + + index_select (index, match, count, sink_if_match, &handles); + + /* Null terminate */ + bucket_push (&handles, 0UL); + return handles.elem; +} + +static bool +sink_any (p11_index *index, + index_object *obj, + CK_ATTRIBUTE *match, + CK_ULONG count, + void *data) +{ + index_bucket *handles = data; + bucket_push (handles, obj->handle); + return true; +} + +CK_OBJECT_HANDLE * +p11_index_snapshot (p11_index *index, + p11_index *base, + CK_ATTRIBUTE *attrs, + CK_ULONG count) +{ + index_bucket handles = { NULL, 0 }; + + return_val_if_fail (index != NULL, NULL); + + index_select (index, attrs, count, sink_any, &handles); + if (base) + index_select (base, attrs, count, sink_any, &handles); + + /* Null terminate */ + bucket_push (&handles, 0UL); + return handles.elem; +} diff --git a/trust/index.h b/trust/index.h new file mode 100644 index 0000000..3ae24a1 --- /dev/null +++ b/trust/index.h @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_INDEX_H_ +#define P11_INDEX_H_ + +#include "array.h" +#include "compat.h" +#include "pkcs11.h" +#include "types.h" + +typedef struct _p11_index p11_index; + +typedef CK_RV (* p11_index_build_cb) (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate); + +typedef CK_RV (* p11_index_store_cb) (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE **attrs); + +typedef CK_RV (* p11_index_remove_cb) (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs); + +typedef void (* p11_index_notify_cb) (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs); + +p11_index * p11_index_new (p11_index_build_cb build, + p11_index_store_cb store, + p11_index_remove_cb remove, + p11_index_notify_cb notify, + void *data); + +void p11_index_free (p11_index *index); + +int p11_index_size (p11_index *index); + +void p11_index_load (p11_index *index); + +void p11_index_finish (p11_index *index); + +bool p11_index_loading (p11_index *index); + +CK_RV p11_index_take (p11_index *index, + CK_ATTRIBUTE *attrs, + CK_OBJECT_HANDLE *handle); + +CK_RV p11_index_add (p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ULONG count, + CK_OBJECT_HANDLE *handle); + +CK_RV p11_index_set (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs, + CK_ULONG count); + +CK_RV p11_index_update (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs); + +CK_RV p11_index_replace (p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *replace); + +CK_RV p11_index_replace_all (p11_index *index, + CK_ATTRIBUTE *match, + CK_ATTRIBUTE_TYPE key, + p11_array *replace); + +CK_RV p11_index_remove (p11_index *index, + CK_OBJECT_HANDLE handle); + +CK_ATTRIBUTE * p11_index_lookup (p11_index *index, + CK_OBJECT_HANDLE handle); + +CK_OBJECT_HANDLE p11_index_find (p11_index *index, + CK_ATTRIBUTE *match, + int count); + +CK_OBJECT_HANDLE * p11_index_find_all (p11_index *index, + CK_ATTRIBUTE *match, + int count); + +CK_OBJECT_HANDLE * p11_index_snapshot (p11_index *index, + p11_index *base, + CK_ATTRIBUTE *attrs, + CK_ULONG count); + +#endif /* P11_INDEX_H_ */ diff --git a/trust/input/anchors/cacert3.der b/trust/input/anchors/cacert3.der new file mode 100644 index 0000000..56f8c88 Binary files /dev/null and b/trust/input/anchors/cacert3.der differ diff --git a/trust/input/anchors/testing-ca.der b/trust/input/anchors/testing-ca.der new file mode 100644 index 0000000..d3f70ea Binary files /dev/null and b/trust/input/anchors/testing-ca.der differ diff --git a/trust/input/blacklist/self-server.der b/trust/input/blacklist/self-server.der new file mode 100644 index 0000000..68fe9af Binary files /dev/null and b/trust/input/blacklist/self-server.der differ diff --git a/trust/input/cacert-ca.der b/trust/input/cacert-ca.der new file mode 100644 index 0000000..719b0ff Binary files /dev/null and b/trust/input/cacert-ca.der differ diff --git a/trust/input/distrusted.pem b/trust/input/distrusted.pem new file mode 100644 index 0000000..8de6ff0 --- /dev/null +++ b/trust/input/distrusted.pem @@ -0,0 +1,23 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx +FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD +VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh +dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN +QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n +i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L +WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0 +6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg +MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV +BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT +MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p +bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA +A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p +mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41 +voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH +AwIMEVJlZCBIYXQgSXMgdGhlIENB +-----END TRUSTED CERTIFICATE----- diff --git a/trust/input/extensions.p11-kit b/trust/input/extensions.p11-kit new file mode 100644 index 0000000..7a2fdb0 --- /dev/null +++ b/trust/input/extensions.p11-kit @@ -0,0 +1,23 @@ +[p11-kit-object-v1] +class: x-certificate-extension +label: "Example CA restriction for example.com and corp.example.com" +object-id: 2.5.29.30 +value: "%30%2e%06%03%55%1d%1e%04%27%30%25%a0%23%30%0d%82%0b%65%78%61%6d%70%6c%65%2e%63%6f%6d%30%12%82%10%63%6f%72%70%2e%65%78%61%6d%70%6c%65%2e%63%6f%6d" +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRtTajie6qgC9T/RJ1PvN6ntav ++rwcYBBLJoETGlnj/kVsOAQ5J0ZX/dW8jYoQtjvUCoFaRS/sPoHw2U5Pl99LMg8I +sSaivWlhXWY5Yy8QcDX7B4UK/1cSwfSDHfnG06S2cCuAoUB/SE7ZreuAzM+SwdGD +ZAEjR469MZgFa2t8NwIDAQAB +-----END PUBLIC KEY----- + +[p11-kit-object-v1] +class: x-certificate-extension +label: "Example CA restriction for example.com and corp.example.org" +object-id: 2.5.29.30 +value: "%30%2e%06%03%55%1d%1e%04%27%30%25%a0%23%30%0d%82%0b%65%78%61%6d%70%6c%65%2e%63%6f%6d%30%12%82%10%63%6f%72%70%2e%65%78%61%6d%70%6c%65%2e%6f%72%67" +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRtTajie6qgC9T/RJ1PvN6ntav ++rwcYBBLJoETGlnj/kVsOAQ5J0ZX/dW8jYoQtjvUCoFaRS/sPoHw2U5Pl99LMg8I +sSaivWlhXWY5Yy8QcDX7B4UK/1cSwfSDHfnG06S2cCuAoUB/SE7ZreuAzM+SwdGD +ZAEjR469MZgFa2t8NwIDAQAB +-----END PUBLIC KEY----- diff --git a/trust/input/extensions.pem b/trust/input/extensions.pem new file mode 100644 index 0000000..8369815 --- /dev/null +++ b/trust/input/extensions.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7DCCAVWgAwIBAgIIWRMNpygap1cwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE +AxMKRXhhbXBsZSBDQTAgFw0xNzA1MTAxMjU1MDVaGA85OTk5MTIzMTIzNTk1OVow +FTETMBEGA1UEAxMKRXhhbXBsZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA0bU2o4nuqoAvU/0SdT7zep7Wr/q8HGAQSyaBExpZ4/5FbDgEOSdGV/3VvI2K +ELY71AqBWkUv7D6B8NlOT5ffSzIPCLEmor1pYV1mOWMvEHA1+weFCv9XEsH0gx35 +xtOktnArgKFAf0hO2a3rgMzPksHRg2QBI0eOvTGYBWtrfDcCAwEAAaNDMEEwDwYD +VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTAf2LZgNFX +6uQKWnFh05Br9JgOUjANBgkqhkiG9w0BAQsFAAOBgQA0xZVI3WmyWaa56nTSiuco +3u0Cye7N8bSzlfi2kmyh8efA7/OCyBuUzCtvmiftsfcG6fPz3A8fdk5sA2oy0gyY +kJXukhHmLP0FHLVpa3vw1Sva5AlAkLGeQ25aSeYVZCASalMAAS72WAhsKdaD5TRS +ifWyno0SswLLpXIJsLW2Lw== +-----END CERTIFICATE----- diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit new file mode 100644 index 0000000..eaa080d --- /dev/null +++ b/trust/input/verisign-v1.p11-kit @@ -0,0 +1,17 @@ +[p11-kit-object-v1] +trusted: true + +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +-----END CERTIFICATE----- diff --git a/trust/list.c b/trust/list.c new file mode 100644 index 0000000..9e31aba --- /dev/null +++ b/trust/list.c @@ -0,0 +1,261 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_DEBUG_FLAG P11_DEBUG_TOOL + +#include "attrs.h" +#include "constants.h" +#include "debug.h" +#include "enumerate.h" +#include "list.h" +#include "message.h" +#include "pkcs11x.h" +#include "tool.h" +#include "url.h" + +#include "p11-kit/iter.h" + +#include +#include +#include + +static char * +format_uri (p11_enumerate *ex, + int flags) +{ + CK_ATTRIBUTE *attr; + p11_kit_uri *uri; + char *string; + + uri = p11_kit_uri_new (); + + memcpy (p11_kit_uri_get_token_info (uri), + p11_kit_iter_get_token (ex->iter), + sizeof (CK_TOKEN_INFO)); + + attr = p11_attrs_find (ex->attrs, CKA_CLASS); + if (attr != NULL) + p11_kit_uri_set_attribute (uri, attr); + attr = p11_attrs_find (ex->attrs, CKA_ID); + if (attr != NULL) + p11_kit_uri_set_attribute (uri, attr); + + if (p11_kit_uri_format (uri, flags, &string) != P11_KIT_URI_OK) + string = NULL; + + p11_kit_uri_free (uri); + return string; +} + +static bool +list_iterate (p11_enumerate *ex, + bool details) +{ + unsigned char *bytes; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE *attr; + CK_ULONG klass; + CK_ULONG category; + CK_BBOOL val; + p11_buffer buf; + CK_RV rv; + const char *nick; + char *string; + int flags; + + flags = P11_KIT_URI_FOR_OBJECT; + if (details) + flags |= P11_KIT_URI_FOR_OBJECT_ON_TOKEN; + + while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) { + if (p11_debugging) { + object = p11_kit_iter_get_object (ex->iter); + p11_debug ("handle: %lu", object); + + string = p11_attrs_to_string (ex->attrs, -1); + p11_debug ("attrs: %s", string); + free (string); + } + + string = format_uri (ex, flags); + if (string == NULL) { + p11_message ("skipping object, couldn't build uri"); + continue; + } + + printf ("%s\n", string); + free (string); + + if (p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &klass)) { + nick = p11_constant_nick (p11_constant_classes, klass); + if (nick != NULL) + printf (" type: %s\n", nick); + } + + attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL); + if (attr && attr->pValue && attr->ulValueLen) { + string = strndup (attr->pValue, attr->ulValueLen); + printf (" label: %s\n", string); + free (string); + } + + if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &val) && val) + printf (" trust: blacklisted\n"); + else if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &val) && val) + printf (" trust: anchor\n"); + else + printf (" trust: unspecified\n"); + + if (p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_CATEGORY, &category)) { + nick = p11_constant_nick (p11_constant_categories, category); + if (nick != NULL) + printf (" category: %s\n", nick); + } + + if (details) { + attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); + if (attr) { + p11_buffer_init (&buf, 1024); + bytes = attr->pValue; + p11_url_encode (bytes, bytes + attr->ulValueLen, "", &buf); + printf (" public-key-info: %.*s\n", (int)buf.len, (char *)buf.data); + p11_buffer_uninit (&buf); + } + } + + printf ("\n"); + } + + return (rv == CKR_CANCEL); +} + +int +p11_trust_list (int argc, + char **argv) +{ + p11_enumerate ex; + bool details = false; + int opt = 0; + int ret; + + enum { + opt_verbose = 'v', + opt_quiet = 'q', + opt_help = 'h', + opt_filter = 1000, + opt_purpose, + opt_details, + }; + + struct option options[] = { + { "filter", required_argument, NULL, opt_filter }, + { "purpose", required_argument, NULL, opt_purpose }, + { "details", no_argument, NULL, opt_details }, + { "verbose", no_argument, NULL, opt_verbose }, + { "quiet", no_argument, NULL, opt_quiet }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: trust list --filter=" }, + { opt_filter, + "filter of what to export\n" + " ca-anchors certificate anchors\n" + " blacklist blacklisted certificates\n" + " trust-policy anchors and blacklist (default)\n" + " certificates all certificates\n" + " pkcs11:object=xx a PKCS#11 URI", + "what", + }, + { opt_purpose, + "limit to certificates usable for the purpose\n" + " server-auth for authenticating servers\n" + " client-auth for authenticating clients\n" + " email for email protection\n" + " code-signing for authenticating signed code\n" + " 1.2.3.4.5... an arbitrary object id", + "usage" + }, + { opt_verbose, "show verbose debug output", }, + { opt_quiet, "suppress command output", }, + { 0 }, + }; + + p11_enumerate_init (&ex); + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + case opt_quiet: + break; + + case opt_filter: + if (!p11_enumerate_opt_filter (&ex, optarg)) + exit (2); + break; + case opt_purpose: + if (!p11_enumerate_opt_purpose (&ex, optarg)) + exit (2); + break; + case opt_details: + details = true; + break; + case 'h': + p11_tool_usage (usages, options); + exit (0); + case '?': + exit (2); + default: + assert_not_reached (); + break; + } + } + + if (argc - optind != 0) { + p11_message ("extra arguments passed to command"); + exit (2); + } + + if (!p11_enumerate_ready (&ex, "trust-policy")) + exit (1); + + ex.flags |= P11_ENUMERATE_CORRELATE; + ret = list_iterate (&ex, details) ? 0 : 1; + + p11_enumerate_cleanup (&ex); + return ret; +} diff --git a/trust/list.h b/trust/list.h new file mode 100644 index 0000000..ea3cd08 --- /dev/null +++ b/trust/list.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#ifndef P11_LIST_H_ +#define P11_LIST_H_ + +int p11_trust_list (int argc, + char **argv); + +#endif /* P11_LIST_H_ */ diff --git a/trust/meson.build b/trust/meson.build new file mode 100644 index 0000000..4ca0687 --- /dev/null +++ b/trust/meson.build @@ -0,0 +1,175 @@ +libtrust_data_sources = [ + 'asn1.c', + 'base64.c', + 'pem.c', + 'oid.c', + 'utf8.c', + 'x509.c' +] + +basic_asn_h = custom_target('basic.asn.h', + output: 'basic.asn.h', + input: 'basic.asn', + command: [asn1Parser, '-o', '@OUTPUT@', '@INPUT@']) + +pkix_asn_h = custom_target('pkix.asn.h', + output: 'pkix.asn.h', + input: 'pkix.asn', + command: [asn1Parser, '-o', '@OUTPUT@', '@INPUT@']) + +openssl_asn_h = custom_target('openssl.asn.h', + output: 'openssl.asn.h', + input: 'openssl.asn', + command: [asn1Parser, '-o', '@OUTPUT@', '@INPUT@']) + +asn_h_dep = declare_dependency( + sources: [basic_asn_h, pkix_asn_h, openssl_asn_h] +) + +libtrust_data = static_library('libtrust-data', + libtrust_data_sources, + include_directories: [configinc, commoninc], + dependencies: [asn_h_dep] + libtasn1_deps) + +libtrust_sources = [ + 'builder.c', + 'digest.c', + 'index.c', + 'parser.c', + 'persist.c', + 'module.c', + 'save.c', + 'session.c', + 'token.c' +] + +install_data('p11-kit-trust.module', + install_dir: prefix / p11_package_config_modules) + +p11_kit_trust_c_args = [ + '-DP11_DEFAULT_TRUST_PREFIX="@0@"'.format(prefix / datadir), + '-DP11_SYSTEM_TRUST_PREFIX="@0@"'.format(prefix / sysconfdir) +] + +shared_module('p11-kit-trust', + libtrust_sources, + 'module-init.c', + name_prefix: '', + c_args: p11_kit_trust_c_args, + dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps, + link_args: p11_module_ldflags, + link_depends: [p11_module_symbol_map, + p11_module_symbol_def], + link_with: libtrust_data, + vs_module_defs: p11_module_symbol_def, + install: true, + install_dir: prefix / p11_module_path) + +if get_option('test') + libtrust_testable_c_args = [ + '-DP11_DEFAULT_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'default'), + '-DP11_SYSTEM_TRUST_PREFIX="@0@"'.format(meson.current_build_dir() / 'system') + ] + + libtrust_testable = static_library('libtrust-testable', + libtrust_sources, + include_directories: [configinc, commoninc], + c_args: libtrust_testable_c_args, + dependencies: [asn_h_dep] + libtasn1_deps) +endif + +trust_sources = [ + 'anchor.c', + 'parser.c', + 'persist.c', + 'digest.c', + 'dump.c', + 'enumerate.c', + 'extract.c', + 'extract-jks.c', + 'extract-edk2.c', + 'extract-openssl.c', + 'extract-pem.c', + 'extract-cer.c', + 'list.c', + 'save.c', + 'trust.c' +] + +executable('trust', + trust_sources, + c_args: common_c_args, + link_with: libtrust_data, + dependencies: [asn_h_dep, + libp11_kit_dep, + libp11_tool_dep] + libffi_deps + dlopen_deps + libtasn1_deps, + install: true) + +# Tests ---------------------------------------------------------------- + +if get_option('test') + libtrust_test_sources = [ + 'test-trust.c', + 'digest.c' + ] + + libtrust_test = static_library('libtrust-test', + libtrust_test_sources, + include_directories: [configinc, commoninc]) + + trust_tests = [ + 'test-digest', + 'test-asn1', + 'test-base64', + 'test-pem', + 'test-oid', + 'test-utf8', + 'test-x509', + 'test-persist', + 'test-index', + 'test-parser', + 'test-builder', + 'test-token', + 'test-module', + 'test-save', + 'test-enumerate', + 'test-cer', + 'test-bundle', + 'test-openssl', + 'test-edk2', + 'test-jks' + ] + + foreach name : trust_tests + t = executable(name, '@0@.c'.format(name), + c_args: common_c_args + tests_c_args + libtrust_testable_c_args, + dependencies: [asn_h_dep, + libp11_kit_dep, + libp11_library_dep, + libp11_test_dep] + dlopen_deps, + link_with: [libtrust_testable, libtrust_data, libtrust_test]) + test(name, t) + endforeach + + trust_progs = [ + 'frob-pow', + 'frob-token', + 'frob-nss-trust', + 'frob-cert', + 'frob-bc', + 'frob-ku', + 'frob-eku', + 'frob-ext', + 'frob-oid' + ] + + foreach name : trust_progs + t = executable(name, '@0@.c'.format(name), + c_args: tests_c_args, + dependencies: [asn_h_dep, + libp11_kit_dep, + libp11_library_dep, + libp11_test_dep] + libffi_deps + dlopen_deps, + link_with: [libtrust_testable, libtrust_data, libtrust_test]) + endforeach +endif diff --git a/trust/module-init.c b/trust/module-init.c new file mode 100644 index 0000000..10c303c --- /dev/null +++ b/trust/module-init.c @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "module.h" +#include "library.h" + +#define INIT p11_trust_module_init +#define FINI p11_trust_module_fini +#define CLEANUP +#include "init.h" diff --git a/trust/module.c b/trust/module.c new file mode 100644 index 0000000..ec3333d --- /dev/null +++ b/trust/module.c @@ -0,0 +1,1844 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define CRYPTOKI_EXPORTS + +#include "argv.h" +#include "array.h" +#include "attrs.h" +#define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "debug.h" +#include "dict.h" +#include "library.h" +#include "message.h" +#include "module.h" +#include "oid.h" +#include "parser.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "session.h" +#include "token.h" + +#include +#include +#include +#include + +#define MANUFACTURER_ID "PKCS#11 Kit " +#define LIBRARY_DESCRIPTION "PKCS#11 Kit Trust Module " +#define TOKEN_MODEL "p11-kit-trust " +#define TOKEN_SERIAL_NUMBER "1 " + +/* Initial slot id: non-zero and non-one */ +#define BASE_SLOT_ID 18UL + +static struct _Shared { + int initialized; + p11_dict *sessions; + p11_array *tokens; + char *paths; +} gl = { 0, NULL, NULL, NULL }; + +/* Used during FindObjects */ +typedef struct _FindObjects { + CK_ATTRIBUTE *match; + CK_OBJECT_HANDLE *snapshot; + CK_ULONG iterator; + CK_ATTRIBUTE *public_key; + p11_dict *extensions; +} FindObjects; + +static CK_FUNCTION_LIST sys_function_list; + +static void +find_objects_free (void *data) +{ + FindObjects *find = data; + p11_attrs_free (find->match); + free (find->snapshot); + p11_dict_free (find->extensions); + free (find); +} + +static CK_RV +lookup_session (CK_SESSION_HANDLE handle, + p11_session **session) +{ + p11_session *sess; + + if (!gl.sessions) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + sess = p11_dict_get (gl.sessions, &handle); + if (!sess) + return CKR_SESSION_HANDLE_INVALID; + + if (sess && session) + *session = sess; + return CKR_OK; +} + +static CK_ATTRIBUTE * +lookup_object_inlock (p11_session *session, + CK_OBJECT_HANDLE handle, + p11_index **index) +{ + CK_ATTRIBUTE *attrs; + + assert (session != NULL); + + attrs = p11_index_lookup (session->index, handle); + if (attrs) { + if (index) + *index = session->index; + return attrs; + } + + attrs = p11_index_lookup (p11_token_index (session->token), handle); + if (attrs) { + if (index) + *index = p11_token_index (session->token); + return attrs; + } + + return NULL; +} + +static CK_RV +check_index_writable (p11_session *session, + p11_index *index) +{ + if (index == p11_token_index (session->token)) { + if (!p11_token_is_writable (session->token)) + return CKR_TOKEN_WRITE_PROTECTED; + else if (!session->read_write) + return CKR_SESSION_READ_ONLY; + } + + return CKR_OK; +} + +static CK_RV +lookup_slot_inlock (CK_SLOT_ID id, + p11_token **token) +{ + /* + * These are invalid inputs, that well behaved callers should + * not produce, so have them fail precondations + */ + + return_val_if_fail (gl.tokens != NULL, + CKR_CRYPTOKI_NOT_INITIALIZED); + + return_val_if_fail (id >= BASE_SLOT_ID && id - BASE_SLOT_ID < gl.tokens->num, + CKR_SLOT_ID_INVALID); + + if (token) + *token = gl.tokens->elem[id - BASE_SLOT_ID]; + return CKR_OK; +} + +static bool +check_slot (CK_SLOT_ID id) +{ + bool ret; + + p11_lock (); + ret = lookup_slot_inlock (id, NULL) == CKR_OK; + p11_unlock (); + + return ret; +} + +static bool +create_tokens_inlock (p11_array *tokens, + const char *paths) +{ + /* + * TRANSLATORS: These label strings are used in PKCS#11 URIs and + * unfortunately cannot be marked translatable. If localization is + * desired they should be translated in GUI applications. These + * strings will not change arbitrarily. + */ + + struct { + const char *prefix; + const char *label; + int flags; + } labels[] = { + { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, + { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, + { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, + { NULL }, + }; + + p11_token *token; + p11_token *check; + CK_SLOT_ID slot; + const char *path; + const char *label; + int flags; + char *alloc; + char *remaining; + char *base; + char *pos; + int i; + + p11_debug ("using paths: %s", paths); + + alloc = remaining = strdup (paths); + return_val_if_fail (remaining != NULL, false); + + while (remaining) { + path = remaining; + pos = strchr (remaining, P11_PATH_SEP_C); + if (pos == NULL) { + remaining = NULL; + } else { + pos[0] = '\0'; + remaining = pos + 1; + } + + if (path[0] != '\0') { + /* The slot for the new token */ + slot = BASE_SLOT_ID + tokens->num; + + label = NULL; + flags = P11_TOKEN_FLAG_NONE; + base = NULL; + + /* Claim the various labels based on prefix */ + for (i = 0; label == NULL && labels[i].prefix != NULL; i++) { + if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) { + label = labels[i].label; + flags = labels[i].flags; + labels[i].label = NULL; + } + } + + /* Didn't find a label above, then make one based on the path */ + if (!label) { + label = base = p11_path_base (path); + return_val_if_fail (base != NULL, false); + } + + token = p11_token_new (slot, path, label, flags); + return_val_if_fail (token != NULL, false); + + if (!p11_array_push (tokens, token)) + return_val_if_reached (false); + + free (base); + assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token); + } + } + + free (alloc); + return true; +} + +static void +parse_argument (char *arg, + void *unused) +{ + char *value; + + value = arg + strcspn (arg, ":="); + if (!*value) + value = NULL; + else + *(value++) = 0; + + if (strcmp (arg, "paths") == 0) { + free (gl.paths); + gl.paths = value ? strdup (value) : NULL; + + } else if (strcmp (arg, "verbose") == 0) { + if (strcmp (value, "yes") == 0) + p11_message_loud (); + else if (strcmp (value, "no") == 0) + p11_message_quiet (); + } else { + p11_message ("unrecognized module argument: %s", arg); + } +} + +static CK_RV +sys_C_Finalize (CK_VOID_PTR reserved) +{ + CK_RV rv = CKR_OK; + + p11_debug ("in"); + + /* WARNING: This function must be reentrant */ + + if (reserved) { + rv = CKR_ARGUMENTS_BAD; + + } else { + p11_lock (); + + if (gl.initialized == 0) { + p11_debug ("trust module is not initialized"); + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + } else if (gl.initialized == 1) { + p11_debug ("doing finalization"); + + free (gl.paths); + gl.paths = NULL; + + p11_dict_free (gl.sessions); + gl.sessions = NULL; + + p11_array_free (gl.tokens); + gl.tokens = NULL; + + rv = CKR_OK; + gl.initialized = 0; + + } else { + gl.initialized--; + p11_debug ("trust module still initialized %d times", gl.initialized); + } + + p11_unlock (); + } + + p11_debug ("out: 0x%lx", rv); + return rv; +} + +static CK_RV +sys_C_Initialize (CK_VOID_PTR init_args) +{ + static const CK_C_INITIALIZE_ARGS def_args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + const CK_C_INITIALIZE_ARGS *args = NULL; + int supplied_ok; + CK_RV rv; + + p11_library_init_once (); + + /* WARNING: This function must be reentrant */ + + p11_debug ("in"); + + p11_lock (); + + rv = CKR_OK; + + args = init_args; + if (args == NULL) + args = &def_args; + + /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ + supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && + args->LockMutex == NULL && args->UnlockMutex == NULL) || + (args->CreateMutex != NULL && args->DestroyMutex != NULL && + args->LockMutex != NULL && args->UnlockMutex != NULL); + if (!supplied_ok) { + p11_message ("invalid set of mutex calls supplied"); + rv = CKR_ARGUMENTS_BAD; + } + + /* + * When the CKF_OS_LOCKING_OK flag isn't set return an error. + * We must be able to use our pthread functionality. + */ + if (!(args->flags & CKF_OS_LOCKING_OK)) { + p11_message ("can't do without os locking"); + rv = CKR_CANT_LOCK; + } + + if (rv == CKR_OK && gl.initialized != 0) { + p11_debug ("trust module already initialized %d times", + gl.initialized); + + /* + * We support setting the socket path and other arguments from from the + * pReserved pointer, similar to how NSS PKCS#11 components are initialized. + */ + } else if (rv == CKR_OK) { + p11_debug ("doing initialization"); + + if (args->pReserved) + p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL); + + gl.sessions = p11_dict_new (p11_dict_ulongptr_hash, + p11_dict_ulongptr_equal, + NULL, p11_session_free); + + gl.tokens = p11_array_new ((p11_destroyer)p11_token_free); + if (gl.tokens && !create_tokens_inlock (gl.tokens, gl.paths ? gl.paths : TRUST_PATHS)) + gl.tokens = NULL; + + if (gl.sessions == NULL || gl.tokens == NULL) { + warn_if_reached (); + rv = CKR_GENERAL_ERROR; + } + } + + gl.initialized++; + + p11_unlock (); + + if (rv != CKR_OK) + sys_C_Finalize (NULL); + + p11_debug ("out: 0x%lx", rv); + return rv; +} + +static CK_RV +sys_C_GetInfo (CK_INFO_PTR info) +{ + CK_RV rv = CKR_OK; + + p11_library_init_once (); + + p11_debug ("in"); + + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + p11_lock (); + + if (!gl.sessions) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + p11_unlock (); + + if (rv == CKR_OK) { + memset (info, 0, sizeof (*info)); + info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; + info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; + info->libraryVersion.major = PACKAGE_MAJOR; + info->libraryVersion.minor = PACKAGE_MINOR; + info->flags = 0; + memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + memcpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); + } + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + /* Can be called before C_Initialize */ + return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD); + + *list = &sys_function_list; + return CKR_OK; +} + +static CK_RV +sys_C_GetSlotList (CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + CK_RV rv = CKR_OK; + int i; + + return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + if (!gl.sessions) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + p11_unlock (); + + if (rv != CKR_OK) { + /* already failed */ + + } else if (!slot_list) { + *count = gl.tokens->num; + rv = CKR_OK; + + } else if (*count < gl.tokens->num) { + *count = gl.tokens->num; + rv = CKR_BUFFER_TOO_SMALL; + + } else { + for (i = 0; i < gl.tokens->num; i++) + slot_list[i] = BASE_SLOT_ID + i; + *count = gl.tokens->num; + rv = CKR_OK; + } + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetSlotInfo (CK_SLOT_ID id, + CK_SLOT_INFO_PTR info) +{ + CK_RV rv = CKR_OK; + p11_token *token; + const char *path; + size_t length; + + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + p11_lock (); + + rv = lookup_slot_inlock (id, &token); + if (rv == CKR_OK) { + memset (info, 0, sizeof (*info)); + info->firmwareVersion.major = 0; + info->firmwareVersion.minor = 0; + info->hardwareVersion.major = PACKAGE_MAJOR; + info->hardwareVersion.minor = PACKAGE_MINOR; + info->flags = CKF_TOKEN_PRESENT; + memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + + /* If too long, copy the first 64 characters into buffer */ + path = p11_token_get_path (token); + length = strlen (path); + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); + memset (info->slotDescription, ' ', sizeof (info->slotDescription)); + memcpy (info->slotDescription, path, length); + } + + p11_unlock (); + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetTokenInfo (CK_SLOT_ID id, + CK_TOKEN_INFO_PTR info) +{ + CK_RV rv = CKR_OK; + p11_token *token; + const char *label; + size_t length; + + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_slot_inlock (id, &token); + if (rv == CKR_OK) { + memset (info, 0, sizeof (*info)); + info->firmwareVersion.major = 0; + info->firmwareVersion.minor = 0; + info->hardwareVersion.major = PACKAGE_MAJOR; + info->hardwareVersion.minor = PACKAGE_MINOR; + info->flags = CKF_TOKEN_INITIALIZED; + memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + memcpy ((char*)info->model, TOKEN_MODEL, 16); + memcpy ((char*)info->serialNumber, TOKEN_SERIAL_NUMBER, 16); + info->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; + info->ulSessionCount = CK_UNAVAILABLE_INFORMATION; + info->ulMaxRwSessionCount = 0; + info->ulRwSessionCount = CK_UNAVAILABLE_INFORMATION; + info->ulMaxPinLen = 0; + info->ulMinPinLen = 0; + info->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; + info->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION; + info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; + info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; + + /* If too long, copy the first 32 characters into buffer */ + label = p11_token_get_label (token); + length = strlen (label); + if (length > sizeof (info->label)) + length = sizeof (info->label); + memset (info->label, ' ', sizeof (info->label)); + memcpy (info->label, label, length); + + if (!p11_token_is_writable (token)) + info->flags |= CKF_WRITE_PROTECTED; + } + + p11_unlock (); + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetMechanismList (CK_SLOT_ID id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + CK_RV rv = CKR_OK; + + return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + *count = 0; + + p11_debug ("out: 0x%lx", rv); + return rv; +} + +static CK_RV +sys_C_GetMechanismInfo (CK_SLOT_ID id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_InitToken (CK_SLOT_ID id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +sys_C_WaitForSlotEvent (CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +sys_C_OpenSession (CK_SLOT_ID id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR handle) +{ + p11_session *session; + p11_token *token; + CK_RV rv = CKR_OK; + + return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); + return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_slot_inlock (id, &token); + if (rv != CKR_OK) { + /* fail below */; + + } else if (!(flags & CKF_SERIAL_SESSION)) { + rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED; + + } else if ((flags & CKF_RW_SESSION) && + !p11_token_is_writable (token)) { + rv = CKR_TOKEN_WRITE_PROTECTED; + + } else { + session = p11_session_new (token); + if (p11_dict_set (gl.sessions, &session->handle, session)) { + rv = CKR_OK; + if (flags & CKF_RW_SESSION) + session->read_write = true; + *handle = session->handle; + p11_debug ("session: %lu", *handle); + } else { + warn_if_reached (); + rv = CKR_GENERAL_ERROR; + } + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_CloseSession (CK_SESSION_HANDLE handle) +{ + CK_RV rv = CKR_OK; + + p11_debug ("in"); + + p11_lock (); + + if (!gl.sessions) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + } else if (p11_dict_remove (gl.sessions, &handle)) { + rv = CKR_OK; + + } else { + rv = CKR_SESSION_HANDLE_INVALID; + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_CloseAllSessions (CK_SLOT_ID id) +{ + CK_SESSION_HANDLE *handle; + p11_session *session; + p11_token *token; + p11_dictiter iter; + CK_RV rv; + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_slot_inlock (id, &token); + if (rv == CKR_OK) { + p11_dict_iterate (gl.sessions, &iter); + while (p11_dict_next (&iter, (void **)&handle, (void **)&session)) { + if (session->token == token) + p11_dict_remove (gl.sessions, handle); + } + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetFunctionStatus (CK_SESSION_HANDLE handle) +{ + return CKR_SESSION_PARALLEL_NOT_SUPPORTED; +} + +static CK_RV +sys_C_CancelFunction (CK_SESSION_HANDLE handle) +{ + return CKR_SESSION_PARALLEL_NOT_SUPPORTED; +} + +static CK_RV +sys_C_GetSessionInfo (CK_SESSION_HANDLE handle, + CK_SESSION_INFO_PTR info) +{ + p11_session *session; + CK_RV rv; + + return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + info->flags = CKF_SERIAL_SESSION; + info->state = CKS_RO_PUBLIC_SESSION; + info->slotID = p11_token_get_slot (session->token); + info->ulDeviceError = 0; + } + + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_InitPIN (CK_SESSION_HANDLE handle, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +sys_C_SetPIN (CK_SESSION_HANDLE handle, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +sys_C_GetOperationState (CK_SESSION_HANDLE handle, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +sys_C_SetOperationState (CK_SESSION_HANDLE handle, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + p11_debug ("not supported"); + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +sys_C_Login (CK_SESSION_HANDLE handle, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + CK_RV rv; + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, NULL); + /* Since the trust module is designed as a replacement + * of nssckbi, it works as a general access device as + * described in the table 1.1 of: + * . + * + * That means that the tokens provided by this module + * shall be accessed without login, and if the caller + * tries to login, the attempt should fail with an + * explicit error (otherwise, the caller cannot + * distinguish the user's login status, see also + * C_Logout below). */ + if (rv == CKR_OK) + rv = CKR_USER_TYPE_INVALID; + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_Logout (CK_SESSION_HANDLE handle) +{ + CK_RV rv; + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, NULL); + if (rv == CKR_OK) + rv = CKR_USER_NOT_LOGGED_IN; + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_CreateObject (CK_SESSION_HANDLE handle, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + p11_session *session; + p11_index *index; + CK_BBOOL val; + CK_RV rv; + + return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val) && val) + index = p11_token_index (session->token); + else + index = session->index; + rv = check_index_writable (session, index); + } + + if (rv == CKR_OK) + rv = p11_index_add (index, template, count, new_object); + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_CopyObject (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + CK_BBOOL vfalse = CK_FALSE; + CK_ATTRIBUTE token = { CKA_TOKEN, &vfalse, sizeof (vfalse) }; + p11_session *session; + CK_ATTRIBUTE *original; + CK_ATTRIBUTE *attrs; + p11_index *index; + CK_BBOOL val; + CK_RV rv; + + return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + original = lookup_object_inlock (session, object, &index); + if (original == NULL) + rv = CKR_OBJECT_HANDLE_INVALID; + } + + if (rv == CKR_OK) { + if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val)) + index = val ? p11_token_index (session->token) : session->index; + rv = check_index_writable (session, index); + } + + if (rv == CKR_OK) { + attrs = p11_attrs_dup (original); + attrs = p11_attrs_buildn (attrs, template, count); + attrs = p11_attrs_build (attrs, &token, NULL); + rv = p11_index_take (index, attrs, new_object); + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_DestroyObject (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object) +{ + p11_session *session; + CK_ATTRIBUTE *attrs; + p11_index *index; + CK_BBOOL val; + CK_RV rv; + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + attrs = lookup_object_inlock (session, object, &index); + if (attrs == NULL) + rv = CKR_OBJECT_HANDLE_INVALID; + else + rv = check_index_writable (session, index); + + if (rv == CKR_OK && p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { + /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ + rv = CKR_ATTRIBUTE_READ_ONLY; + } + + if (rv == CKR_OK) + rv = p11_index_remove (index, object); + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetObjectSize (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + p11_session *session; + CK_RV rv; + + return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + if (lookup_object_inlock (session, object, NULL)) { + *size = CK_UNAVAILABLE_INFORMATION; + rv = CKR_OK; + } else { + rv = CKR_OBJECT_HANDLE_INVALID; + } + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_GetAttributeValue (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *result; + CK_ATTRIBUTE *attr; + p11_session *session; + char *string; + CK_ULONG i; + CK_RV rv; + + p11_debug ("in: %lu, %lu", handle, object); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + attrs = lookup_object_inlock (session, object, NULL); + if (attrs == NULL) + rv = CKR_OBJECT_HANDLE_INVALID; + } + + if (rv == CKR_OK) { + for (i = 0; i < count; i++) { + result = template + i; + attr = p11_attrs_find (attrs, result->type); + if (!attr) { + result->ulValueLen = (CK_ULONG)-1; + rv = CKR_ATTRIBUTE_TYPE_INVALID; + continue; + } + + if (!result->pValue) { + result->ulValueLen = attr->ulValueLen; + continue; + } + + if (result->ulValueLen >= attr->ulValueLen) { + memcpy (result->pValue, attr->pValue, attr->ulValueLen); + result->ulValueLen = attr->ulValueLen; + continue; + } + + result->ulValueLen = (CK_ULONG)-1; + rv = CKR_BUFFER_TOO_SMALL; + } + } + + p11_unlock (); + + if (p11_debugging) { + string = p11_attrs_to_string (template, count); + p11_debug ("out: 0x%lx %s", rv, string); + free (string); + } + + return rv; +} + +static CK_RV +sys_C_SetAttributeValue (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_session *session; + CK_ATTRIBUTE *attrs; + p11_index *index; + CK_BBOOL val; + CK_RV rv; + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + attrs = lookup_object_inlock (session, object, &index); + if (attrs == NULL) { + rv = CKR_OBJECT_HANDLE_INVALID; + } else if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { + /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ + rv = CKR_ATTRIBUTE_READ_ONLY; + } + + if (rv == CKR_OK) + rv = check_index_writable (session, index); + + /* Reload the item if applicable */ + if (rv == CKR_OK && index == p11_token_index (session->token)) { + if (p11_token_reload (session->token, attrs)) { + attrs = p11_index_lookup (index, object); + if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { + /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ + rv = CKR_ATTRIBUTE_READ_ONLY; + } + } + } + + if (rv == CKR_OK) + rv = p11_index_set (index, object, template, count); + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + p11_index *indices[2] = { NULL, NULL }; + CK_BBOOL want_token_objects; + CK_BBOOL want_session_objects; + CK_BBOOL token; + FindObjects *find; + p11_session *session; + char *string; + CK_RV rv; + int n = 0; + CK_OBJECT_CLASS klass; + + if (p11_debugging) { + string = p11_attrs_to_string (template, count); + p11_debug ("in: %lu, %s", handle, string); + free (string); + } + + p11_lock (); + + /* Are we searching for token objects? */ + if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &token)) { + want_token_objects = token; + want_session_objects = !token; + } else { + want_token_objects = CK_TRUE; + want_session_objects = CK_TRUE; + } + + rv = lookup_session (handle, &session); + + /* Refresh from disk if this session hasn't yet */ + if (rv == CKR_OK) { + if (want_session_objects) + indices[n++] = session->index; + if (want_token_objects) { + if (!session->loaded) + p11_token_load (session->token); + if (rv == CKR_OK) { + session->loaded = CK_TRUE; + indices[n++] = p11_token_index (session->token); + } + } + } + + if (rv == CKR_OK) { + find = calloc (1, sizeof (FindObjects)); + warn_if_fail (find != NULL); + + /* Make a snapshot of what we're matching */ + if (find) { + find->match = p11_attrs_buildn (NULL, template, count); + warn_if_fail (find->match != NULL); + + /* Build a session snapshot of all objects */ + find->iterator = 0; + find->snapshot = p11_index_snapshot (indices[0], indices[1], template, count); + warn_if_fail (find->snapshot != NULL); + + if (p11_attrs_find_ulong (find->match, CKA_CLASS, &klass) && + klass == CKO_X_CERTIFICATE_EXTENSION) { + find->public_key = p11_attrs_find (find->match, CKA_PUBLIC_KEY_INFO); + find->extensions = p11_dict_new (p11_oid_hash, + p11_oid_equal, + free, NULL); + } + } + + if (!find || !find->snapshot || !find->match) + rv = CKR_HOST_MEMORY; + else + p11_session_set_operation (session, find_objects_free, find); + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static bool +match_for_broken_nss_serial_number_lookups (CK_ATTRIBUTE *attr, + CK_ATTRIBUTE *match) +{ + unsigned char der[32]; + unsigned char *val_val; + size_t der_len; + size_t val_len; + int len_len; + + if (!match->pValue || !match->ulValueLen || + match->ulValueLen == CKA_INVALID || + attr->ulValueLen == CKA_INVALID) + return false; + + der_len = sizeof (der); + der[0] = ASN1_TAG_INTEGER | ASN1_CLASS_UNIVERSAL; + len_len = der_len - 1; + asn1_length_der (match->ulValueLen, der + 1, &len_len); + assert (len_len < (der_len - 1)); + der_len = 1 + len_len; + + val_val = attr->pValue; + val_len = attr->ulValueLen; + + if (der_len + match->ulValueLen != val_len) + return false; + + if (memcmp (der, val_val, der_len) != 0 || + memcmp (match->pValue, val_val + der_len, match->ulValueLen) != 0) + return false; + + p11_debug ("worked around serial number lookup that's not DER encoded"); + return true; +} + +static bool +find_objects_match (CK_ATTRIBUTE *attrs, + FindObjects *find) +{ + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE *attr, *match = find->match; + + for (; !p11_attrs_terminator (match); match++) { + attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type); + if (!attr) + return false; + if (p11_attr_equal (attr, match)) + continue; + + /* + * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are + * not DER encoded. It shouldn't be doing this. We never return any certificate + * serial numbers that are not DER encoded. + * + * So work around the issue here while the NSS guys fix this issue. + * This code should be removed in future versions. + */ + + if (attr->type == CKA_SERIAL_NUMBER && + p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && + klass == CKO_NSS_TRUST) { + if (match_for_broken_nss_serial_number_lookups (attr, match)) + continue; + } + + return false; + } + + /* + * WORKAROUND: We keep all objects in the database, while PKIX + * doesn't allow multiple extensions identified by the same + * OID can be attached to a certificate. Check any duplicate + * and only return the first matching object. + */ + if (find->public_key && + p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && + klass == CKO_X_CERTIFICATE_EXTENSION) { + CK_ATTRIBUTE *oid = p11_attrs_find (attrs, CKA_OBJECT_ID); + if (oid) { + void *value; + if (p11_oid_simple (oid->pValue, oid->ulValueLen) && + p11_dict_get (find->extensions, oid->pValue)) { + p11_debug ("duplicate extension object"); + return false; + } + value = memdup (oid->pValue, oid->ulValueLen); + return_val_if_fail (value != NULL, false); + if (!p11_dict_set (find->extensions, value, value)) + warn_if_reached (); + } + } + + return true; +} + +static CK_RV +sys_C_FindObjects (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE *attrs; + FindObjects *find = NULL; + p11_session *session; + CK_ULONG matched; + p11_index *index; + CK_RV rv; + + return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); + + p11_debug ("in: %lu, %lu", handle, max_count); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + if (session->cleanup != find_objects_free) + rv = CKR_OPERATION_NOT_INITIALIZED; + find = session->operation; + } + + if (rv == CKR_OK) { + matched = 0; + while (matched < max_count) { + object = find->snapshot[find->iterator]; + if (!object) + break; + + find->iterator++; + + attrs = lookup_object_inlock (session, object, &index); + if (attrs == NULL) + continue; + + if (find_objects_match (attrs, find)) { + objects[matched] = object; + matched++; + } + } + + *count = matched; + } + + p11_unlock (); + + p11_debug ("out: 0x%lx, %lu", handle, *count); + + return rv; +} + +static CK_RV +sys_C_FindObjectsFinal (CK_SESSION_HANDLE handle) +{ + p11_session *session; + CK_RV rv; + + p11_debug ("in"); + + p11_lock (); + + rv = lookup_session (handle, &session); + if (rv == CKR_OK) { + if (session->cleanup != find_objects_free) + rv = CKR_OPERATION_NOT_INITIALIZED; + else + p11_session_set_operation (session, NULL, NULL); + } + + p11_unlock (); + + p11_debug ("out: 0x%lx", rv); + + return rv; +} + +static CK_RV +sys_C_EncryptInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_Encrypt (CK_SESSION_HANDLE handle, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_EncryptUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_EncryptFinal (CK_SESSION_HANDLE handle, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DecryptInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_Decrypt (CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DecryptUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DecryptFinal (CK_SESSION_HANDLE handle, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DigestInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_Digest (CK_SESSION_HANDLE handle, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DigestUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DigestKey (CK_SESSION_HANDLE handle, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DigestFinal (CK_SESSION_HANDLE handle, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_SignInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_Sign (CK_SESSION_HANDLE handle, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_SignUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_SignFinal (CK_SESSION_HANDLE handle, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_SignRecoverInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_SignRecover (CK_SESSION_HANDLE handle, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_VerifyInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_Verify (CK_SESSION_HANDLE handle, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_VerifyUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_VerifyFinal (CK_SESSION_HANDLE handle, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_VerifyRecover (CK_SESSION_HANDLE handle, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); +} + +static CK_RV +sys_C_GenerateKey (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_GenerateKeyPair (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_WrapKey (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_UnwrapKey (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_DeriveKey (CK_SESSION_HANDLE handle, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return_val_if_reached (CKR_MECHANISM_INVALID); +} + +static CK_RV +sys_C_SeedRandom (CK_SESSION_HANDLE handle, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + return_val_if_reached (CKR_RANDOM_NO_RNG); +} + +static CK_RV +sys_C_GenerateRandom (CK_SESSION_HANDLE handle, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + return_val_if_reached (CKR_RANDOM_NO_RNG); +} + +/* -------------------------------------------------------------------- + * MODULE ENTRY POINT + */ + +static CK_FUNCTION_LIST sys_function_list = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + sys_C_Initialize, + sys_C_Finalize, + sys_C_GetInfo, + sys_C_GetFunctionList, + sys_C_GetSlotList, + sys_C_GetSlotInfo, + sys_C_GetTokenInfo, + sys_C_GetMechanismList, + sys_C_GetMechanismInfo, + sys_C_InitToken, + sys_C_InitPIN, + sys_C_SetPIN, + sys_C_OpenSession, + sys_C_CloseSession, + sys_C_CloseAllSessions, + sys_C_GetSessionInfo, + sys_C_GetOperationState, + sys_C_SetOperationState, + sys_C_Login, + sys_C_Logout, + sys_C_CreateObject, + sys_C_CopyObject, + sys_C_DestroyObject, + sys_C_GetObjectSize, + sys_C_GetAttributeValue, + sys_C_SetAttributeValue, + sys_C_FindObjectsInit, + sys_C_FindObjects, + sys_C_FindObjectsFinal, + sys_C_EncryptInit, + sys_C_Encrypt, + sys_C_EncryptUpdate, + sys_C_EncryptFinal, + sys_C_DecryptInit, + sys_C_Decrypt, + sys_C_DecryptUpdate, + sys_C_DecryptFinal, + sys_C_DigestInit, + sys_C_Digest, + sys_C_DigestUpdate, + sys_C_DigestKey, + sys_C_DigestFinal, + sys_C_SignInit, + sys_C_Sign, + sys_C_SignUpdate, + sys_C_SignFinal, + sys_C_SignRecoverInit, + sys_C_SignRecover, + sys_C_VerifyInit, + sys_C_Verify, + sys_C_VerifyUpdate, + sys_C_VerifyFinal, + sys_C_VerifyRecoverInit, + sys_C_VerifyRecover, + sys_C_DigestEncryptUpdate, + sys_C_DecryptDigestUpdate, + sys_C_SignEncryptUpdate, + sys_C_DecryptVerifyUpdate, + sys_C_GenerateKey, + sys_C_GenerateKeyPair, + sys_C_WrapKey, + sys_C_UnwrapKey, + sys_C_DeriveKey, + sys_C_SeedRandom, + sys_C_GenerateRandom, + sys_C_GetFunctionStatus, + sys_C_CancelFunction, + sys_C_WaitForSlotEvent +}; + +#ifdef OS_WIN32 +__declspec(dllexport) +#endif + +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + p11_library_init_once (); + return sys_C_GetFunctionList (list); +} + +CK_ULONG +p11_module_next_id (void) +{ + static CK_ULONG unique = 0x10; + return (unique)++; +} diff --git a/trust/module.h b/trust/module.h new file mode 100644 index 0000000..13b928a --- /dev/null +++ b/trust/module.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "pkcs11.h" + +#ifndef P11_MODULE_H_ +#define P11_MODULE_H_ + +CK_ULONG p11_module_next_id (void); + +#endif /* P11_MODULE_H_ */ diff --git a/trust/oid.c b/trust/oid.c new file mode 100644 index 0000000..dff4148 --- /dev/null +++ b/trust/oid.c @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "hash.h" +#include "oid.h" + +#include +#include +#include +#include + +/* + * We deal with OIDs a lot in their DER form. These have the + * advantage of having the length encoded in their second byte, + * at least for all the OIDs we're interested in. + * + * The goal here is to avoid carrying around extra length + * information about DER encoded OIDs. + */ + +bool +p11_oid_simple (const unsigned char *oid, + int len) +{ + return (oid != NULL && + len > 3 && /* minimum length */ + oid[0] == 0x06 && /* simple encoding */ + (oid[1] & 128) == 0 && /* short form length */ + (size_t)oid[1] == len - 2); /* matches length */ +} + +unsigned int +p11_oid_hash (const void *oid) +{ + uint32_t hash; + int len; + + len = p11_oid_length (oid); + p11_hash_murmur3 (&hash, oid, len, NULL); + return hash; +} + +bool +p11_oid_equal (const void *oid_one, + const void *oid_two) +{ + int len_one; + int len_two; + + len_one = p11_oid_length (oid_one); + len_two = p11_oid_length (oid_two); + + return (len_one == len_two && + memcmp (oid_one, oid_two, len_one) == 0); +} + +int +p11_oid_length (const unsigned char *oid) +{ + assert (oid[0] == 0x06); + assert ((oid[1] & 128) == 0); + return (int)oid[1] + 2; +} diff --git a/trust/oid.h b/trust/oid.h new file mode 100644 index 0000000..297e7a6 --- /dev/null +++ b/trust/oid.h @@ -0,0 +1,245 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_OIDS_H_ +#define P11_OIDS_H_ + +#include "compat.h" + +bool p11_oid_simple (const unsigned char *oid, + int len); + +unsigned int p11_oid_hash (const void *oid); + +bool p11_oid_equal (const void *oid_one, + const void *oid_two); + +int p11_oid_length (const unsigned char *oid); + +/* + * 2.5.4.3: CN or commonName + */ +static const unsigned char P11_OID_CN[] = + { 0x06, 0x03, 0x55, 0x04, 0x03, }; + +/* + * 2.5.4.10: O or organization + */ +static const unsigned char P11_OID_O[] = + { 0x06, 0x03, 0x55, 0x04, 0x0a, }; + +/* + * 2.5.4.11: OU or organizationalUnit + */ +static const unsigned char P11_OID_OU[] = + { 0x06, 0x03, 0x55, 0x04, 0x0b, }; + +/* + * Our support of certificate extensions and so on is not limited to what is + * listed here. This is simply the OIDs used by the parsing code that generates + * backwards compatible PKCS#11 objects for NSS and the like. + */ + +/* + * 2.5.29.14: SubjectKeyIdentifier + */ +static const unsigned char P11_OID_SUBJECT_KEY_IDENTIFIER[] = + { 0x06, 0x03, 0x55, 0x1d, 0x0e }; +static const char P11_OID_SUBJECT_KEY_IDENTIFIER_STR[] = "2.5.29.14"; + +/* + * 2.5.29.15: KeyUsage + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_KEY_USAGE[] = + { 0x06, 0x03, 0x55, 0x1d, 0x0f }; +static const char P11_OID_KEY_USAGE_STR[] = { "2.5.29.15" }; + +enum { + P11_KU_DIGITAL_SIGNATURE = 128, + P11_KU_NON_REPUDIATION = 64, + P11_KU_KEY_ENCIPHERMENT = 32, + P11_KU_DATA_ENCIPHERMENT = 16, + P11_KU_KEY_AGREEMENT = 8, + P11_KU_KEY_CERT_SIGN = 4, + P11_KU_CRL_SIGN = 2, + P11_KU_ENCIPHER_ONLY = 1, + P11_KU_DECIPHER_ONLY = 32768, +}; + +/* + * 2.5.29.19: BasicConstraints + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_BASIC_CONSTRAINTS[] = + { 0x06, 0x03, 0x55, 0x1d, 0x13 }; +static const char P11_OID_BASIC_CONSTRAINTS_STR[] = "2.5.29.19"; + +/* + * 2.5.29.37: ExtendedKeyUsage + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_EXTENDED_KEY_USAGE[] = + { 0x06, 0x03, 0x55, 0x1d, 0x25 }; +static const char P11_OID_EXTENDED_KEY_USAGE_STR[] = "2.5.29.37"; + +/* + * 2.5.29.37.0: anyExtendedKeyUsage + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_ANY_EXTENDED_KEY_USAGE[] = + { 0x06, 0x03, 0x55, 0x1d, 0x25, 0x00 }; +static const char P11_OID_ANY_EXTENDED_KEY_USAGE_STR[] = "2.5.29.37.0"; + +/* + * 1.3.6.1.4.1.3319.6.10.1: OpenSSL reject extension + * + * An internally defined certificate extension. + * + * OpenSSL contains a list of OID extended key usages to reject. + * The normal X.509 model is to only *include* the extended key + * usages that are to be allowed (ie: a whitelist). It's not clear + * exactly how valid and useful the reject per extended key usage + * model is. + * + * However in order to parse openssl trust policy information and + * be able to write it back out in the same way, we define a custom + * certificate extension to store it. + * + * It is not expected (or supported) for others outside of p11-kit + * to read this information at this point. + * + * This extension is never marked critical. It is not necessary to + * respect information in this certificate extension given that the + * ExtendedKeyUsage extension carries the same information as a + * whitelist. + */ +static const unsigned char P11_OID_OPENSSL_REJECT[] = + { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01 }; +static const char P11_OID_OPENSSL_REJECT_STR[] = "1.3.6.1.4.1.3319.6.10.1"; + +/* + * 1.3.6.1.5.5.7.3.1: Server Auth + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_SERVER_AUTH[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 }; +static const char P11_OID_SERVER_AUTH_STR[] = "1.3.6.1.5.5.7.3.1"; + +/* + * 1.3.6.1.5.5.7.3.2: Client Auth + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_CLIENT_AUTH[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 }; +static const char P11_OID_CLIENT_AUTH_STR[] = "1.3.6.1.5.5.7.3.2"; + +/* + * 1.3.6.1.5.5.7.3.3: Code Signing + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_CODE_SIGNING[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03 }; +static const char P11_OID_CODE_SIGNING_STR[] = "1.3.6.1.5.5.7.3.3"; + +/* + * 1.3.6.1.5.5.7.3.4: Email Protection + * + * Defined in RFC 5280 + */ +static const unsigned char P11_OID_EMAIL_PROTECTION[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 }; +static const char P11_OID_EMAIL_PROTECTION_STR[] = "1.3.6.1.5.5.7.3.4"; + +/* + * 1.3.6.1.5.5.7.3.5: IPSec End System + * + * Defined in RFC 2459 + */ +static const unsigned char P11_OID_IPSEC_END_SYSTEM[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05 }; +static const char P11_OID_IPSEC_END_SYSTEM_STR[] = "1.3.6.1.5.5.7.3.5"; + +/* + * 1.3.6.1.5.5.7.3.6: IPSec Tunnel + * + * Defined in RFC 2459 + */ +static const unsigned char P11_OID_IPSEC_TUNNEL[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06 }; +static const char P11_OID_IPSEC_TUNNEL_STR[] = "1.3.6.1.5.5.7.3.6"; + +/* + * 1.3.6.1.5.5.7.3.7: IPSec User + * + * Defined in RFC 2459 + */ +static const unsigned char P11_OID_IPSEC_USER[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07 }; +static const char P11_OID_IPSEC_USER_STR[] = "1.3.6.1.5.5.7.3.7"; + +/* + * 1.3.6.1.5.5.7.3.8: Time Stamping + * + * Defined in RFC 2459 + */ +static const unsigned char P11_OID_TIME_STAMPING[] = + { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08 }; +static const char P11_OID_TIME_STAMPING_STR[] = "1.3.6.1.5.5.7.3.8"; +/* + * 1.3.6.1.4.1.3319.6.10.16: Reserved key purpose + * + * An internally defined reserved/dummy key purpose + * + * This is used with ExtendedKeyUsage certificate extensions to + * be a place holder when no other purposes are defined. + * + * In theory such a certificate should be blacklisted. But in reality + * many implementations use such empty sets of purposes. RFC 5280 requires + * at least one purpose in an ExtendedKeyUsage. + * + * Obviously this purpose should never be checked against. + */ +static const unsigned char P11_OID_RESERVED_PURPOSE[] = + { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x10 }; +static const char P11_OID_RESERVED_PURPOSE_STR[] = "1.3.6.1.4.1.3319.6.10.16"; + +#endif diff --git a/trust/openssl.asn b/trust/openssl.asn new file mode 100644 index 0000000..8eb0010 --- /dev/null +++ b/trust/openssl.asn @@ -0,0 +1,25 @@ + +OPENSSL { } + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- This module contains structures specific to OpenSSL + +CertAux ::= SEQUENCE { + trust SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, + reject [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, + alias UTF8String OPTIONAL, + keyid OCTET STRING OPTIONAL, + other [1] SEQUENCE OF AlgorithmIdentifier OPTIONAL +} + +-- Dependencies brought in from other modules + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL +} + +END diff --git a/trust/openssl.asn.h b/trust/openssl.asn.h new file mode 100644 index 0000000..10b76da --- /dev/null +++ b/trust/openssl.asn.h @@ -0,0 +1,26 @@ +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +const asn1_static_node openssl_asn1_tab[] = { + { "OPENSSL", 536875024, NULL }, + { NULL, 1073741836, NULL }, + { "CertAux", 1610612741, NULL }, + { "trust", 1610629131, NULL }, + { NULL, 12, NULL }, + { "reject", 1610637323, NULL }, + { NULL, 1073745928, "0"}, + { NULL, 12, NULL }, + { "alias", 1073758242, NULL }, + { "keyid", 1073758215, NULL }, + { "other", 536895499, NULL }, + { NULL, 1073745928, "1"}, + { NULL, 2, "AlgorithmIdentifier"}, + { "AlgorithmIdentifier", 536870917, NULL }, + { "algorithm", 1073741836, NULL }, + { "parameters", 541081613, NULL }, + { "algorithm", 1, NULL }, + { NULL, 0, NULL } +}; diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module new file mode 100644 index 0000000..a2a3306 --- /dev/null +++ b/trust/p11-kit-trust.module @@ -0,0 +1,24 @@ +# See pkcs11.conf(5) to understand this file + +# This is a module config for the 'included' p11-kit trust module +module: p11-kit-trust.so + +# This setting affects the order that trust policy and other information +# is looked up when going across various modules. Other trust policy modules +# need to specify the priority where they slot into things. +priority: 1 + +# Mark this module as a viable source of trust policy information +trust-policy: yes + +# This is for drop-in compatibility with glib-networking and gcr. Those +# projects used this non-standard attribute to denote slots to use to +# retrieve trust information. +x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module + +# Prevent this module being loaded by the proxy module +disable-in: p11-kit-proxy + +# This will be overwritten by appending "verbose=yes", if the trust +# command is called with the -v option. +x-init-reserved: diff --git a/trust/parser.c b/trust/parser.c new file mode 100644 index 0000000..e84e47c --- /dev/null +++ b/trust/parser.c @@ -0,0 +1,767 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "array.h" +#include "asn1.h" +#include "attrs.h" +#define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "debug.h" +#include "dict.h" +#include "digest.h" +#include "message.h" +#include "module.h" +#include "oid.h" +#include "parser.h" +#include "path.h" +#include "pem.h" +#include "pkcs11x.h" +#include "persist.h" +#include "types.h" +#include "x509.h" + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +struct _p11_parser { + p11_asn1_cache *asn1_cache; + p11_dict *asn1_defs; + bool asn1_owned; + p11_persist *persist; + char *basename; + p11_array *parsed; + p11_array *formats; + int flags; +}; + +#define ID_LENGTH P11_DIGEST_SHA1_LEN + +typedef int (* parser_func) (p11_parser *parser, + const unsigned char *data, + size_t length); + +static CK_ATTRIBUTE * +populate_trust (p11_parser *parser, + CK_ATTRIBUTE *attrs) +{ + CK_BBOOL trustedv; + CK_BBOOL distrustv; + + CK_ATTRIBUTE trusted = { CKA_TRUSTED, &trustedv, sizeof (trustedv) }; + CK_ATTRIBUTE distrust = { CKA_X_DISTRUSTED, &distrustv, sizeof (distrustv) }; + + /* + * If we're are parsing an anchor location, then warn about any ditsrusted + * certificates there, but don't go ahead and automatically make them + * trusted anchors. + */ + if (parser->flags & P11_PARSE_FLAG_ANCHOR) { + if (p11_attrs_find_bool (attrs, CKA_X_DISTRUSTED, &distrustv) && distrustv) { + p11_message ("certificate with distrust in location for anchors: %s", parser->basename); + return attrs; + + } + + trustedv = CK_TRUE; + distrustv = CK_FALSE; + + /* + * If we're parsing a blacklist location, then force all certificates to + * be blacklisted, regardless of whether they contain anchor information. + */ + } else if (parser->flags & P11_PARSE_FLAG_BLACKLIST) { + if (p11_attrs_find_bool (attrs, CKA_TRUSTED, &trustedv) && trustedv) + p11_message ("overriding trust for anchor in blacklist: %s", parser->basename); + + trustedv = CK_FALSE; + distrustv = CK_TRUE; + + /* + * If the location doesn't have a flag, then fill in trust attributes + * if they are missing: neither an anchor or blacklist. + */ + } else { + trustedv = CK_FALSE; + distrustv = CK_FALSE; + + if (p11_attrs_find_valid (attrs, CKA_TRUSTED)) + trusted.type = CKA_INVALID; + if (p11_attrs_find_valid (attrs, CKA_X_DISTRUSTED)) + distrust.type = CKA_INVALID; + } + + return p11_attrs_build (attrs, &trusted, &distrust, NULL); +} + +static void +sink_object (p11_parser *parser, + CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_CLASS klass; + + if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && + klass == CKO_CERTIFICATE) { + attrs = populate_trust (parser, attrs); + return_if_fail (attrs != NULL); + } + + if (!p11_array_push (parser->parsed, attrs)) + return_if_reached (); +} + +static CK_ATTRIBUTE * +certificate_attrs (p11_parser *parser, + const unsigned char *der, + size_t der_len) +{ + CK_OBJECT_CLASS klassv = CKO_CERTIFICATE; + CK_CERTIFICATE_TYPE x509 = CKC_X_509; + CK_BBOOL modifiablev = CK_FALSE; + + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; + CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; + CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }; + CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, der_len }; + + return p11_attrs_build (NULL, &klass, &modifiable, &certificate_type, &value, NULL); +} + +int +p11_parser_format_x509 (p11_parser *parser, + const unsigned char *data, + size_t length) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *value; + node_asn *cert; + + cert = p11_asn1_decode (parser->asn1_defs, "PKIX1.Certificate", data, length, message); + if (cert == NULL) + return P11_PARSE_UNRECOGNIZED; + + attrs = certificate_attrs (parser, data, length); + return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); + + value = p11_attrs_find_valid (attrs, CKA_VALUE); + return_val_if_fail (value != NULL, P11_PARSE_FAILURE); + p11_asn1_cache_take (parser->asn1_cache, cert, "PKIX1.Certificate", + value->pValue, value->ulValueLen); + + sink_object (parser, attrs); + return P11_PARSE_SUCCESS; +} + +static CK_ATTRIBUTE * +extension_attrs (p11_parser *parser, + CK_ATTRIBUTE *public_key_info, + const char *oid_str, + const unsigned char *oid_der, + bool critical, + const unsigned char *value, + int length) +{ + CK_OBJECT_CLASS klassv = CKO_X_CERTIFICATE_EXTENSION; + CK_BBOOL modifiablev = CK_FALSE; + + CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; + CK_ATTRIBUTE oid = { CKA_OBJECT_ID, (void *)oid_der, p11_oid_length (oid_der) }; + + CK_ATTRIBUTE *attrs; + node_asn *dest; + unsigned char *der; + size_t len; + int ret; + + attrs = p11_attrs_build (NULL, public_key_info, &klass, &modifiable, &oid, NULL); + return_val_if_fail (attrs != NULL, NULL); + + dest = p11_asn1_create (parser->asn1_defs, "PKIX1.Extension"); + return_val_if_fail (dest != NULL, NULL); + + ret = asn1_write_value (dest, "extnID", oid_str, 1); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + if (critical) + ret = asn1_write_value (dest, "critical", "TRUE", 1); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + ret = asn1_write_value (dest, "extnValue", value, length); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + der = p11_asn1_encode (dest, &len); + return_val_if_fail (der != NULL, NULL); + + attrs = p11_attrs_take (attrs, CKA_VALUE, der, len); + return_val_if_fail (attrs != NULL, NULL); + + /* An opmitization so that the builder can get at this without parsing */ + p11_asn1_cache_take (parser->asn1_cache, dest, "PKIX1.Extension", der, len); + return attrs; +} + +static CK_ATTRIBUTE * +attached_attrs (p11_parser *parser, + CK_ATTRIBUTE *public_key_info, + const char *oid_str, + const unsigned char *oid_der, + bool critical, + node_asn *ext) +{ + CK_ATTRIBUTE *attrs; + unsigned char *der; + size_t len; + + der = p11_asn1_encode (ext, &len); + return_val_if_fail (der != NULL, NULL); + + attrs = extension_attrs (parser, public_key_info, oid_str, oid_der, + critical, der, len); + return_val_if_fail (attrs != NULL, NULL); + + free (der); + return attrs; +} + +static p11_dict * +load_seq_of_oid_str (node_asn *node, + const char *seqof) +{ + p11_dict *oids; + char field[128]; + char *oid; + size_t len; + int i; + + oids = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); + + for (i = 1; ; i++) { + if (snprintf (field, sizeof (field), "%s.?%u", seqof, i) < 0) + return_val_if_reached (NULL); + + oid = p11_asn1_read (node, field, &len); + if (oid == NULL) + break; + + if (!p11_dict_set (oids, oid, oid)) + return_val_if_reached (NULL); + } + + return oids; +} + +static CK_ATTRIBUTE * +attached_eku_attrs (p11_parser *parser, + CK_ATTRIBUTE *public_key_info, + const char *oid_str, + const unsigned char *oid_der, + bool critical, + p11_dict *oid_strs) +{ + CK_ATTRIBUTE *attrs; + p11_dictiter iter; + node_asn *dest; + int count = 0; + void *value; + int ret; + + dest = p11_asn1_create (parser->asn1_defs, "PKIX1.ExtKeyUsageSyntax"); + return_val_if_fail (dest != NULL, NULL); + + p11_dict_iterate (oid_strs, &iter); + while (p11_dict_next (&iter, NULL, &value)) { + ret = asn1_write_value (dest, "", "NEW", 1); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + ret = asn1_write_value (dest, "?LAST", value, -1); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + count++; + } + + /* + * If no oids have been written, then we have to put in a reserved + * value, due to the way that ExtendedKeyUsage is defined in RFC 5280. + * There must be at least one purpose. This is important since *not* + * having an ExtendedKeyUsage is very different than having one without + * certain usages. + * + * We account for this in p11_parse_extended_key_usage(). However for + * most callers this should not matter, as they only check whether a + * given purpose is present, and don't make assumptions about ones + * that they don't know about. + */ + + if (count == 0) { + ret = asn1_write_value (dest, "", "NEW", 1); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + ret = asn1_write_value (dest, "?LAST", P11_OID_RESERVED_PURPOSE_STR, -1); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + } + + + attrs = attached_attrs (parser, public_key_info, oid_str, oid_der, critical, dest); + asn1_delete_structure (&dest); + + return attrs; +} + +static CK_ATTRIBUTE * +build_openssl_extensions (p11_parser *parser, + CK_ATTRIBUTE *cert, + CK_ATTRIBUTE *public_key_info, + node_asn *aux, + const unsigned char *aux_der, + size_t aux_len) +{ + CK_BBOOL trusted = CK_FALSE; + CK_BBOOL distrust = CK_FALSE; + + CK_ATTRIBUTE trust_attrs[] = { + { CKA_TRUSTED, &trusted, sizeof (trusted) }, + { CKA_X_DISTRUSTED, &distrust, sizeof (distrust) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + p11_dict *trust = NULL; + p11_dict *reject = NULL; + p11_dictiter iter; + void *key; + int start; + int end; + int ret; + int num; + + /* + * This will load an empty list if there is no OPTIONAL trust field. + * OpenSSL assumes that for a TRUSTED CERTIFICATE a missing trust field + * is identical to untrusted for all purposes. + * + * This is different from ExtendedKeyUsage, where a missing certificate + * extension means that it is trusted for all purposes. + */ + trust = load_seq_of_oid_str (aux, "trust"); + + ret = asn1_number_of_elements (aux, "reject", &num); + return_val_if_fail (ret == ASN1_SUCCESS || ret == ASN1_ELEMENT_NOT_FOUND, NULL); + if (ret == ASN1_SUCCESS) + reject = load_seq_of_oid_str (aux, "reject"); + + /* Remove all rejected oids from the trust set */ + if (trust && reject) { + p11_dict_iterate (reject, &iter); + while (p11_dict_next (&iter, &key, NULL)) + p11_dict_remove (trust, key); + } + + /* + * The trust field (or lack of it) becomes a standard ExtKeyUsageSyntax. + * + * critical: require that this is enforced + */ + + if (trust) { + attrs = attached_eku_attrs (parser, public_key_info, + P11_OID_EXTENDED_KEY_USAGE_STR, + P11_OID_EXTENDED_KEY_USAGE, + true, trust); + return_val_if_fail (attrs != NULL, NULL); + sink_object (parser, attrs); + } + + /* + * For the reject field we use a custom defined extension. We track this + * for completeness, although the above ExtendedKeyUsage extension handles + * this data fine. See oid.h for more details. It uses ExtKeyUsageSyntax structure. + * + * non-critical: non-standard, and also covered by trusts + */ + + if (reject && p11_dict_size (reject) > 0) { + attrs = attached_eku_attrs (parser, public_key_info, + P11_OID_OPENSSL_REJECT_STR, + P11_OID_OPENSSL_REJECT, + false, reject); + return_val_if_fail (attrs != NULL, NULL); + sink_object (parser, attrs); + } + + /* + * OpenSSL model blacklists as anchors with all purposes being removed/rejected, + * we account for that here. If there is an ExtendedKeyUsage without any + * useful purposes, then treat like a blacklist. + */ + if (trust && p11_dict_size (trust) == 0) { + trusted = CK_FALSE; + distrust = CK_TRUE; + + /* + * Otherwise a 'TRUSTED CERTIFICATE' in an input directory is enough to + * mark this as a trusted certificate. + */ + } else if (trust && p11_dict_size (trust) > 0) { + trusted = CK_TRUE; + distrust = CK_FALSE; + } + + /* + * OpenSSL model blacklists as anchors with all purposes being removed/rejected, + * we account for that here. If there is an ExtendedKeyUsage without any + * useful purposes, then treat like a blacklist. + */ + + cert = p11_attrs_merge (cert, p11_attrs_dup (trust_attrs), true); + return_val_if_fail (cert != NULL, NULL); + + p11_dict_free (trust); + p11_dict_free (reject); + + /* + * For the keyid field we use the SubjectKeyIdentifier extension. It + * is already in the correct form, an OCTET STRING. + * + * non-critical: as recommended in RFC 5280 + */ + + ret = asn1_der_decoding_startEnd (aux, aux_der, aux_len, "keyid", &start, &end); + return_val_if_fail (ret == ASN1_SUCCESS || ret == ASN1_ELEMENT_NOT_FOUND, NULL); + + if (ret == ASN1_SUCCESS) { + attrs = extension_attrs (parser, public_key_info, + P11_OID_SUBJECT_KEY_IDENTIFIER_STR, + P11_OID_SUBJECT_KEY_IDENTIFIER, + false, aux_der + start, (end - start) + 1); + return_val_if_fail (attrs != NULL, NULL); + sink_object (parser, attrs); + } + + + return cert; +} + +static int +parse_openssl_trusted_certificate (p11_parser *parser, + const unsigned char *data, + size_t length) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE public_key_info = { CKA_PUBLIC_KEY_INFO }; + CK_ATTRIBUTE *value; + char *label = NULL; + node_asn *cert; + node_asn *aux = NULL; + ssize_t cert_len; + size_t len; + int start; + int end; + int ret; + + /* + * This OpenSSL format is weird. It's just two DER structures + * placed end to end without any wrapping SEQ. So calculate the + * length of the first DER TLV we see and try to parse that as + * the X.509 certificate. + */ + + cert_len = p11_asn1_tlv_length (data, length); + if (cert_len <= 0) + return P11_PARSE_UNRECOGNIZED; + + cert = p11_asn1_decode (parser->asn1_defs, "PKIX1.Certificate", data, cert_len, message); + if (cert == NULL) + return P11_PARSE_UNRECOGNIZED; + + /* OpenSSL sometimes outputs TRUSTED CERTIFICATE format without the CertAux supplement */ + if (cert_len < length) { + aux = p11_asn1_decode (parser->asn1_defs, "OPENSSL.CertAux", data + cert_len, + length - cert_len, message); + if (aux == NULL) { + asn1_delete_structure (&cert); + return P11_PARSE_UNRECOGNIZED; + } + } + + attrs = certificate_attrs (parser, data, cert_len); + return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); + + /* Cache the parsed certificate ASN.1 for later use by the builder */ + value = p11_attrs_find_valid (attrs, CKA_VALUE); + return_val_if_fail (value != NULL, P11_PARSE_FAILURE); + + /* Pull out the subject public key info */ + ret = asn1_der_decoding_startEnd (cert, data, cert_len, + "tbsCertificate.subjectPublicKeyInfo", &start, &end); + return_val_if_fail (ret == ASN1_SUCCESS, P11_PARSE_FAILURE); + + public_key_info.pValue = (char *)data + start; + public_key_info.ulValueLen = (end - start) + 1; + + p11_asn1_cache_take (parser->asn1_cache, cert, "PKIX1.Certificate", + value->pValue, value->ulValueLen); + + /* Pull the label out of the CertAux */ + if (aux) { + len = 0; + label = p11_asn1_read (aux, "alias", &len); + if (label != NULL) { + attrs = p11_attrs_take (attrs, CKA_LABEL, label, strlen (label)); + return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); + } + + attrs = build_openssl_extensions (parser, attrs, &public_key_info, aux, + data + cert_len, length - cert_len); + return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE); + } + + sink_object (parser, attrs); + asn1_delete_structure (&aux); + + return P11_PARSE_SUCCESS; +} + +static void +on_pem_block (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + p11_parser *parser = user_data; + int ret; + + if (strcmp (type, "CERTIFICATE") == 0) { + ret = p11_parser_format_x509 (parser, contents, length); + + } else if (strcmp (type, "TRUSTED CERTIFICATE") == 0) { + ret = parse_openssl_trusted_certificate (parser, contents, length); + + } else { + p11_debug ("Saw unsupported or unrecognized PEM block of type %s", type); + ret = P11_PARSE_SUCCESS; + } + + if (ret != P11_PARSE_SUCCESS) + p11_message ("Couldn't parse PEM block of type %s", type); +} + +int +p11_parser_format_pem (p11_parser *parser, + const unsigned char *data, + size_t length) +{ + int num; + + num = p11_pem_parse ((const char *)data, length, on_pem_block, parser); + + if (num == 0) + return P11_PARSE_UNRECOGNIZED; + + return P11_PARSE_SUCCESS; +} + +int +p11_parser_format_persist (p11_parser *parser, + const unsigned char *data, + size_t length) +{ + CK_BBOOL modifiablev = CK_TRUE; + CK_ATTRIBUTE *attrs; + p11_array *objects; + bool ret; + int i; + + CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) }; + + if (!p11_persist_magic (data, length)) + return P11_PARSE_UNRECOGNIZED; + + if (!parser->persist) { + parser->persist = p11_persist_new (); + return_val_if_fail (parser->persist != NULL, P11_PARSE_UNRECOGNIZED); + } + + objects = p11_array_new (NULL); + return_val_if_fail (objects != NULL, P11_PARSE_FAILURE); + + ret = p11_persist_read (parser->persist, parser->basename, data, length, objects); + if (ret) { + if (!p11_persist_is_generated (data, length)) + modifiablev = CK_FALSE; + for (i = 0; i < objects->num; i++) { + attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL); + sink_object (parser, attrs); + } + } + + p11_array_free (objects); + return ret ? P11_PARSE_SUCCESS : P11_PARSE_UNRECOGNIZED; +} + +p11_parser * +p11_parser_new (p11_asn1_cache *asn1_cache) +{ + p11_parser parser = { 0, }; + + if (asn1_cache == NULL) { + parser.asn1_owned = true; + parser.asn1_defs = p11_asn1_defs_load (); + } else { + parser.asn1_defs = p11_asn1_cache_defs (asn1_cache); + parser.asn1_cache = asn1_cache; + parser.asn1_owned = false; + } + + parser.parsed = p11_array_new (p11_attrs_free); + return_val_if_fail (parser.parsed != NULL, NULL); + + return memdup (&parser, sizeof (parser)); +} + +void +p11_parser_free (p11_parser *parser) +{ + return_if_fail (parser != NULL); + p11_persist_free (parser->persist); + p11_array_free (parser->parsed); + p11_array_free (parser->formats); + if (parser->asn1_owned) + p11_dict_free (parser->asn1_defs); + free (parser); +} + +p11_array * +p11_parser_parsed (p11_parser *parser) +{ + return_val_if_fail (parser != NULL, NULL); + return parser->parsed; +} + +void +p11_parser_formats (p11_parser *parser, + ...) +{ + p11_array *formats; + parser_func func; + va_list va; + + formats = p11_array_new (NULL); + return_if_fail (formats != NULL); + + va_start (va, parser); + for (;;) { + func = va_arg (va, parser_func); + if (func == NULL) + break; + if (!p11_array_push (formats, func)) { + va_end (va); + return_if_reached (); + } + } + va_end (va); + + p11_array_free (parser->formats); + parser->formats = formats; +} + +int +p11_parse_memory (p11_parser *parser, + const char *filename, + int flags, + const unsigned char *data, + size_t length) +{ + int ret = P11_PARSE_UNRECOGNIZED; + char *base; + int i; + + return_val_if_fail (parser != NULL, P11_PARSE_FAILURE); + return_val_if_fail (filename != NULL, P11_PARSE_FAILURE); + return_val_if_fail (parser->formats != NULL, P11_PARSE_FAILURE); + + p11_array_clear (parser->parsed); + base = p11_path_base (filename); + parser->basename = base; + parser->flags = flags; + + for (i = 0; ret == P11_PARSE_UNRECOGNIZED && i < parser->formats->num; i++) + ret = ((parser_func)parser->formats->elem[i]) (parser, data, length); + + p11_asn1_cache_flush (parser->asn1_cache); + + free (base); + parser->basename = NULL; + parser->flags = 0; + + return ret; +} + +int +p11_parse_file (p11_parser *parser, + const char *filename, + struct stat *sb, + int flags) +{ + p11_mmap *map; + void *data; + size_t size; + int ret; + + return_val_if_fail (parser != NULL, P11_PARSE_FAILURE); + return_val_if_fail (filename != NULL, P11_PARSE_FAILURE); + + map = p11_mmap_open (filename, sb, &data, &size); + if (map == NULL) { + p11_message_err (errno, "couldn't open and map file: %s", filename); + return P11_PARSE_FAILURE; + } + + ret = p11_parse_memory (parser, filename, flags, data, size); + + p11_mmap_close (map); + return ret; +} diff --git a/trust/parser.h b/trust/parser.h new file mode 100644 index 0000000..b177844 --- /dev/null +++ b/trust/parser.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "asn1.h" +#include "array.h" +#include "compat.h" +#include "dict.h" + +#ifndef P11_PARSER_H_ +#define P11_PARSER_H_ + +enum { + P11_PARSE_FLAG_NONE = 0, + P11_PARSE_FLAG_ANCHOR = 1 << 0, + P11_PARSE_FLAG_BLACKLIST = 1 << 1, +}; + +enum { + P11_PARSE_FAILURE = -1, + P11_PARSE_UNRECOGNIZED = 0, + P11_PARSE_SUCCESS = 1, +}; + +typedef struct _p11_parser p11_parser; + +p11_parser * p11_parser_new (p11_asn1_cache *asn1_cache); + +void p11_parser_free (p11_parser *parser); + +int p11_parse_memory (p11_parser *parser, + const char *filename, + int flags, + const unsigned char *data, + size_t length); + +int p11_parse_file (p11_parser *parser, + const char *filename, + struct stat *sb, + int flags); + +p11_array * p11_parser_parsed (p11_parser *parser); + +void p11_parser_formats (p11_parser *parser, + ...) GNUC_NULL_TERMINATED; + +int p11_parser_format_persist (p11_parser *parser, + const unsigned char *data, + size_t length); + +int p11_parser_format_pem (p11_parser *parser, + const unsigned char *data, + size_t length); + +int p11_parser_format_x509 (p11_parser *parser, + const unsigned char *data, + size_t length); + +#endif /* P11_PARSER_H_ */ diff --git a/trust/pem.c b/trust/pem.c new file mode 100644 index 0000000..8ab60e6 --- /dev/null +++ b/trust/pem.c @@ -0,0 +1,288 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "compat.h" +#include "base64.h" +#include "buffer.h" +#include "debug.h" +#include "pem.h" + +#include +#include +#include +#include + +#define ARMOR_SUFF "-----" +#define ARMOR_SUFF_L 5 +#define ARMOR_PREF_BEGIN "-----BEGIN " +#define ARMOR_PREF_BEGIN_L 11 +#define ARMOR_PREF_END "-----END " +#define ARMOR_PREF_END_L 9 + +enum { + NONE = 0, + TRUSTED_CERTIFICATE, + CERTIFICATE +}; + +static const char * +pem_find_begin (const char *data, + size_t n_data, + char **type) +{ + const char *pref, *suff; + + /* Look for a prefix */ + pref = strnstr ((char *)data, ARMOR_PREF_BEGIN, n_data); + if (!pref) + return NULL; + + n_data -= (pref - data) + ARMOR_PREF_BEGIN_L; + data = pref + ARMOR_PREF_BEGIN_L; + + /* Look for the end of that begin */ + suff = strnstr ((char *)data, ARMOR_SUFF, n_data); + if (!suff) + return NULL; + + /* Make sure on the same line */ + if (memchr (pref, '\n', suff - pref)) + return NULL; + + if (type) { + pref += ARMOR_PREF_BEGIN_L; + assert (suff >= pref); + *type = strndup (pref, suff - pref); + return_val_if_fail (*type != NULL, NULL); + } + + /* The byte after this ---BEGIN--- */ + return suff + ARMOR_SUFF_L; +} + +static const char * +pem_find_end (const char *data, + size_t n_data, + const char *type) +{ + const char *pref; + size_t n_type; + + /* Look for a prefix */ + pref = strnstr (data, ARMOR_PREF_END, n_data); + if (!pref) + return NULL; + + n_data -= (pref - data) + ARMOR_PREF_END_L; + data = pref + ARMOR_PREF_END_L; + + /* Next comes the type string */ + n_type = strlen (type); + if (n_type > n_data || strncmp ((char *)data, type, n_type) != 0) + return NULL; + + n_data -= n_type; + data += n_type; + + /* Next comes the suffix */ + if (ARMOR_SUFF_L > n_data || strncmp ((char *)data, ARMOR_SUFF, ARMOR_SUFF_L) != 0) + return NULL; + + /* The end of the data */ + return pref; +} + +static unsigned char * +pem_parse_block (const char *data, + size_t n_data, + size_t *n_decoded) +{ + const char *x, *hbeg, *hend; + const char *p, *end; + unsigned char *decoded; + size_t length; + int ret; + + assert (data != NULL); + assert (n_data != 0); + assert (n_decoded != NULL); + + p = data; + end = p + n_data; + + hbeg = hend = NULL; + + /* Try and find a pair of blank lines with only white space between */ + while (hend == NULL) { + x = memchr (p, '\n', end - p); + if (!x) + break; + ++x; + while (isspace (*x)) { + /* Found a second line, with only spaces between */ + if (*x == '\n') { + hbeg = data; + hend = x; + break; + /* Found a space between two lines */ + } else { + ++x; + } + } + + /* Try next line */ + p = x; + } + + /* Headers found? */ + if (hbeg && hend) { + data = hend; + n_data = end - data; + } + + length = (n_data * 3) / 4 + 1; + decoded = malloc (length); + return_val_if_fail (decoded != NULL, 0); + + ret = p11_b64_pton (data, n_data, decoded, length); + if (ret < 0) { + free (decoded); + return NULL; + } + + /* No need to parse headers for our use cases */ + + *n_decoded = ret; + return decoded; +} + +unsigned int +p11_pem_parse (const char *data, + size_t n_data, + p11_pem_sink sink, + void *user_data) +{ + const char *beg, *end; + unsigned int nfound = 0; + unsigned char *decoded = NULL; + size_t n_decoded = 0; + char *type; + + assert (data != NULL); + + while (n_data > 0) { + + /* This returns the first character after the PEM BEGIN header */ + beg = pem_find_begin (data, n_data, &type); + if (beg == NULL) + break; + + assert (type != NULL); + + /* This returns the character position before the PEM END header */ + end = pem_find_end (beg, n_data - (beg - data), type); + if (end == NULL) { + free (type); + break; + } + + if (beg != end) { + decoded = pem_parse_block (beg, end - beg, &n_decoded); + if (decoded) { + if (sink != NULL) + (sink) (type, decoded, n_decoded, user_data); + ++nfound; + free (decoded); + } + } + + free (type); + + /* Try for another block */ + end += ARMOR_SUFF_L; + n_data -= (const char *)end - (const char *)data; + data = end; + } + + return nfound; +} + +bool +p11_pem_write (const unsigned char *contents, + size_t length, + const char *type, + p11_buffer *buf) +{ + size_t estimate; + size_t prefix; + char *target; + int len; + + return_val_if_fail (contents || !length, false); + return_val_if_fail (type, false); + return_val_if_fail (buf, false); + + /* Estimate from base64 data. Algorithm from Glib reference */ + estimate = length * 4 / 3 + 7; + estimate += estimate / 64 + 1; + + p11_buffer_add (buf, ARMOR_PREF_BEGIN, ARMOR_PREF_BEGIN_L); + p11_buffer_add (buf, type, -1); + p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L); + + prefix = buf->len; + target = p11_buffer_append (buf, estimate); + return_val_if_fail (target != NULL, false); + + /* + * OpenSSL is absolutely certain that it wants its PEM base64 + * lines to be 64 characters in len. + */ + + len = p11_b64_ntop (contents, length, target, estimate, 64); + + assert (len > 0); + assert (len <= estimate); + buf->len = prefix + len; + + p11_buffer_add (buf, "\n", 1); + p11_buffer_add (buf, ARMOR_PREF_END, ARMOR_PREF_END_L); + p11_buffer_add (buf, type, -1); + p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L); + p11_buffer_add (buf, "\n", 1); + + return p11_buffer_ok (buf); +} diff --git a/trust/pem.h b/trust/pem.h new file mode 100644 index 0000000..7e4ce63 --- /dev/null +++ b/trust/pem.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_PEM_H_ +#define P11_PEM_H_ + +#include "buffer.h" +#include "compat.h" + +#include + +typedef void (*p11_pem_sink) (const char *type, + const unsigned char *contents, + size_t length, + void *user_data); + +unsigned int p11_pem_parse (const char *input, + size_t length, + p11_pem_sink sink, + void *user_data); + +bool p11_pem_write (const unsigned char *contents, + size_t length, + const char *type, + p11_buffer *buf); + +#endif /* P11_PEM_H_ */ diff --git a/trust/persist.c b/trust/persist.c new file mode 100644 index 0000000..569cea1 --- /dev/null +++ b/trust/persist.c @@ -0,0 +1,782 @@ +/* + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "asn1.h" +#include "attrs.h" +#include "constants.h" +#include "debug.h" +#include "lexer.h" +#include "message.h" +#include "pem.h" +#include "persist.h" +#include "pkcs11.h" +#include "pkcs11i.h" +#include "pkcs11x.h" +#include "types.h" +#include "url.h" + +#include "basic.asn.h" + +#include + +#include +#include +#include + +#define PERSIST_HEADER "p11-kit-object-v1" + +struct _p11_persist { + p11_dict *constants; + node_asn *asn1_defs; +}; + +bool +p11_persist_magic (const unsigned char *data, + size_t length) +{ + return (strnstr ((char *)data, "[" PERSIST_HEADER "]", length) != NULL); +} + +bool +p11_persist_is_generated (const unsigned char *data, + size_t length) +{ + static const char comment[] = + "# This file has been auto-generated and written by p11-kit."; + return length >= sizeof (comment) - 1 && + memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0; +} + +p11_persist * +p11_persist_new (void) +{ + p11_persist *persist; + + persist = calloc (1, sizeof (p11_persist)); + return_val_if_fail (persist != NULL, NULL); + + persist->constants = p11_constant_reverse (true); + if (persist->constants == NULL) { + free (persist); + return_val_if_reached (NULL); + } + + return persist; +} + +void +p11_persist_free (p11_persist *persist) +{ + if (!persist) + return; + p11_dict_free (persist->constants); + asn1_delete_structure (&persist->asn1_defs); + free (persist); +} + +struct constant { + CK_ULONG value; + const char *string; +}; + +static bool +parse_string (p11_lexer *lexer, + CK_ATTRIBUTE *attr) +{ + const char *value; + const char *end; + size_t length; + unsigned char *data; + + value = lexer->tok.field.value; + end = value + strlen (value); + + /* Not a string/binary value */ + if (value == end || value[0] != '\"' || *(end - 1) != '\"') + return false; + + /* Note that we don't skip whitespace when decoding, as you might in other URLs */ + data = p11_url_decode (value + 1, end - 1, "", &length); + if (data == NULL) { + p11_lexer_msg(lexer, "bad encoding of attribute value"); + return false; + } + + attr->pValue = data; + attr->ulValueLen = length; + return true; +} + +static void +format_string (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + const unsigned char *value; + + assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION); + + p11_buffer_add (buf, "\"", 1); + value = attr->pValue; + p11_url_encode (value, value + attr->ulValueLen, P11_URL_VERBATIM " ", buf); + p11_buffer_add (buf, "\"", 1); +} + +static bool +parse_bool (p11_lexer *lexer, + CK_ATTRIBUTE *attr) +{ + const char *value = lexer->tok.field.value; + CK_BBOOL boolean; + + if (strcmp (value, "true") == 0) { + boolean = CK_TRUE; + + } else if (strcmp (value, "false") == 0) { + boolean = CK_FALSE; + + } else { + /* Not a valid boolean value */ + return false; + } + + attr->pValue = memdup (&boolean, sizeof (boolean)); + return_val_if_fail (attr != NULL, FALSE); + attr->ulValueLen = sizeof (boolean); + return true; +} + +static bool +format_bool (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + const CK_BBOOL *value; + + if (attr->ulValueLen != sizeof (CK_BBOOL)) + return false; + + switch (attr->type) { + case CKA_TOKEN: + case CKA_PRIVATE: + case CKA_TRUSTED: + case CKA_SENSITIVE: + case CKA_ENCRYPT: + case CKA_DECRYPT: + case CKA_WRAP: + case CKA_UNWRAP: + case CKA_SIGN: + case CKA_SIGN_RECOVER: + case CKA_VERIFY: + case CKA_VERIFY_RECOVER: + case CKA_DERIVE: + case CKA_EXTRACTABLE: + case CKA_LOCAL: + case CKA_NEVER_EXTRACTABLE: + case CKA_ALWAYS_SENSITIVE: + case CKA_MODIFIABLE: + case CKA_SECONDARY_AUTH: + case CKA_ALWAYS_AUTHENTICATE: + case CKA_WRAP_WITH_TRUSTED: + case CKA_RESET_ON_INIT: + case CKA_HAS_RESET: + case CKA_COLOR: + case CKA_X_DISTRUSTED: + case CKA_NSS_MOZILLA_CA_POLICY: + break; + default: + return false; + } + + value = attr->pValue; + if (*value == CK_TRUE) + p11_buffer_add (buf, "true", -1); + else if (*value == CK_FALSE) + p11_buffer_add (buf, "false", -1); + else + return false; + + return true; +} + +static bool +parse_ulong (p11_lexer *lexer, + CK_ATTRIBUTE *attr) +{ + unsigned long value; + char *end; + + end = NULL; + value = strtoul (lexer->tok.field.value, &end, 10); + + /* Not a valid number value */ + if (!end || *end != '\0') + return false; + + attr->pValue = memdup (&value, sizeof (CK_ULONG)); + return_val_if_fail (attr->pValue != NULL, false); + attr->ulValueLen = sizeof (CK_ULONG); + return true; +} + +static bool +format_ulong (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + char string[sizeof (CK_ULONG) * 4]; + const CK_ULONG *value; + + if (attr->ulValueLen != sizeof (CK_ULONG)) + return false; + + switch (attr->type) { + case CKA_CERTIFICATE_CATEGORY: + case CKA_CERTIFICATE_TYPE: + case CKA_CLASS: + case CKA_JAVA_MIDP_SECURITY_DOMAIN: + case CKA_KEY_GEN_MECHANISM: + case CKA_KEY_TYPE: + case CKA_MECHANISM_TYPE: + case CKA_MODULUS_BITS: + case CKA_PRIME_BITS: + case CKA_SUB_PRIME_BITS: + case CKA_VALUE_BITS: + case CKA_VALUE_LEN: + case CKA_TRUST_DIGITAL_SIGNATURE: + case CKA_TRUST_NON_REPUDIATION: + case CKA_TRUST_KEY_ENCIPHERMENT: + case CKA_TRUST_DATA_ENCIPHERMENT: + case CKA_TRUST_KEY_AGREEMENT: + case CKA_TRUST_KEY_CERT_SIGN: + case CKA_TRUST_CRL_SIGN: + case CKA_TRUST_SERVER_AUTH: + case CKA_TRUST_CLIENT_AUTH: + case CKA_TRUST_CODE_SIGNING: + case CKA_TRUST_EMAIL_PROTECTION: + case CKA_TRUST_IPSEC_END_SYSTEM: + case CKA_TRUST_IPSEC_TUNNEL: + case CKA_TRUST_IPSEC_USER: + case CKA_TRUST_TIME_STAMPING: + case CKA_TRUST_STEP_UP_APPROVED: + case CKA_X_ASSERTION_TYPE: + case CKA_AUTH_PIN_FLAGS: + case CKA_HW_FEATURE_TYPE: + case CKA_PIXEL_X: + case CKA_PIXEL_Y: + case CKA_RESOLUTION: + case CKA_CHAR_ROWS: + case CKA_CHAR_COLUMNS: + case CKA_BITS_PER_PIXEL: + break; + default: + return false; + } + + value = attr->pValue; + snprintf (string, sizeof (string), "%lu", *value); + + p11_buffer_add (buf, string, -1); + return true; +} + +static bool +parse_constant (p11_persist *persist, + p11_lexer *lexer, + CK_ATTRIBUTE *attr) +{ + CK_ULONG value; + + value = p11_constant_resolve (persist->constants, lexer->tok.field.value); + + /* Not a valid constant */ + if (value == CKA_INVALID) + return false; + + attr->pValue = memdup (&value, sizeof (CK_ULONG)); + return_val_if_fail (attr->pValue != NULL, false); + attr->ulValueLen = sizeof (CK_ULONG); + return true; +} + +static bool +format_constant (CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + const p11_constant *table; + const CK_ULONG *value; + const char *nick; + + if (attr->ulValueLen != sizeof (CK_ULONG)) + return false; + + switch (attr->type) { + case CKA_TRUST_DIGITAL_SIGNATURE: + case CKA_TRUST_NON_REPUDIATION: + case CKA_TRUST_KEY_ENCIPHERMENT: + case CKA_TRUST_DATA_ENCIPHERMENT: + case CKA_TRUST_KEY_AGREEMENT: + case CKA_TRUST_KEY_CERT_SIGN: + case CKA_TRUST_CRL_SIGN: + case CKA_TRUST_SERVER_AUTH: + case CKA_TRUST_CLIENT_AUTH: + case CKA_TRUST_CODE_SIGNING: + case CKA_TRUST_EMAIL_PROTECTION: + case CKA_TRUST_IPSEC_END_SYSTEM: + case CKA_TRUST_IPSEC_TUNNEL: + case CKA_TRUST_IPSEC_USER: + case CKA_TRUST_TIME_STAMPING: + table = p11_constant_trusts; + break; + case CKA_CLASS: + table = p11_constant_classes; + break; + case CKA_CERTIFICATE_TYPE: + table = p11_constant_certs; + break; + case CKA_KEY_TYPE: + table = p11_constant_keys; + break; + case CKA_X_ASSERTION_TYPE: + table = p11_constant_asserts; + break; + case CKA_CERTIFICATE_CATEGORY: + table = p11_constant_categories; + break; + case CKA_KEY_GEN_MECHANISM: + case CKA_MECHANISM_TYPE: + table = p11_constant_mechanisms; + break; + default: + table = NULL; + }; + + if (!table) + return false; + + value = attr->pValue; + nick = p11_constant_nick (table, *value); + + if (!nick) + return false; + + p11_buffer_add (buf, nick, -1); + return true; +} + +static bool +parse_oid (p11_persist *persist, + p11_lexer *lexer, + CK_ATTRIBUTE *attr) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *asn; + size_t length; + char *value; + int ret; + + value = lexer->tok.field.value; + length = strlen (value); + + /* Not an OID value? */ + if (length < 4 || + strchr (value, '.') == NULL || + strspn (value, "0123456790.") != length || + strstr (value, "..") != NULL || + value[0] == '.' || value[0] == '0' || + value[length - 1] == '.' || + strchr (value, '.') == strrchr (value, '.')) { + return false; + } + + if (!persist->asn1_defs) { + ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to load BASIC definitions: %s: %s\n", + asn1_strerror (ret), message); + return false; + } + } + + ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to create ObjectIdentifier element: %s\n", + asn1_strerror (ret)); + return false; + } + + ret = asn1_write_value (asn, "", value, 1); + if (ret == ASN1_VALUE_NOT_VALID) { + p11_lexer_msg (lexer, "invalid oid value"); + asn1_delete_structure (&asn); + return false; + } + return_val_if_fail (ret == ASN1_SUCCESS, false); + + attr->pValue = p11_asn1_encode (asn, &length); + return_val_if_fail (attr->pValue != NULL, false); + attr->ulValueLen = length; + + asn1_delete_structure (&asn); + return true; +} + +static bool +format_oid (p11_persist *persist, + CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + node_asn *asn; + char *data; + size_t len; + int ret; + + if (attr->type != CKA_OBJECT_ID || attr->ulValueLen == 0) + return false; + + if (!persist->asn1_defs) { + ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to load BASIC definitions: %s: %s\n", + asn1_strerror (ret), message); + return false; + } + } + + ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn); + if (ret != ASN1_SUCCESS) { + p11_debug_precond ("failed to create ObjectIdentifier element: %s\n", + asn1_strerror (ret)); + return false; + } + + ret = asn1_der_decoding (&asn, attr->pValue, attr->ulValueLen, message); + if (ret != ASN1_SUCCESS) { + p11_message ("invalid oid value: %s", message); + return false; + } + + data = p11_asn1_read (asn, "", &len); + return_val_if_fail (data != NULL, false); + + asn1_delete_structure (&asn); + + p11_buffer_add (buf, data, len - 1); + free (data); + + return true; +} + +static bool +parse_value (p11_persist *persist, + p11_lexer *lexer, + CK_ATTRIBUTE *attr) +{ + return parse_constant (persist, lexer, attr) || + parse_string (lexer, attr) || + parse_bool (lexer, attr) || + parse_ulong (lexer, attr) || + parse_oid (persist, lexer, attr); +} + +static void +format_value (p11_persist *persist, + CK_ATTRIBUTE *attr, + p11_buffer *buf) +{ + assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION); + + if (format_bool (attr, buf) || + format_constant (attr, buf) || + format_ulong (attr, buf) || + format_oid (persist, attr, buf)) + return; + + /* Everything else as string */ + format_string (attr, buf); +} + +static bool +field_to_attribute (p11_persist *persist, + p11_lexer *lexer, + CK_ATTRIBUTE **attrs) +{ + CK_ATTRIBUTE attr = { 0, }; + char *end; + + end = NULL; + attr.type = strtoul (lexer->tok.field.name, &end, 10); + + /* Not a valid number value, probably a constant */ + if (!end || *end != '\0') { + attr.type = p11_constant_resolve (persist->constants, lexer->tok.field.name); + if (attr.type == CKA_INVALID || !p11_constant_name (p11_constant_types, attr.type)) { + p11_lexer_msg (lexer, "invalid or unsupported attribute"); + return false; + } + } + + if (!parse_value (persist, lexer, &attr)) { + p11_lexer_msg (lexer, "invalid value"); + return false; + } + + *attrs = p11_attrs_take (*attrs, attr.type, + attr.pValue, attr.ulValueLen); + return true; +} + +static CK_ATTRIBUTE * +certificate_to_attributes (const unsigned char *der, + size_t length) +{ + CK_OBJECT_CLASS klassv = CKO_CERTIFICATE; + CK_CERTIFICATE_TYPE x509 = CKC_X_509; + + CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) }; + CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }; + CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, length }; + + return p11_attrs_build (NULL, &klass, &certificate_type, &value, NULL); +} + +static CK_ATTRIBUTE * +public_key_to_attributes (const unsigned char *der, + size_t length) +{ + /* Eventually we might choose to contribute a class here ... */ + CK_ATTRIBUTE public_key = { CKA_PUBLIC_KEY_INFO, (void *)der, length }; + return p11_attrs_build (NULL, &public_key, NULL); +} + +typedef struct { + p11_lexer *lexer; + CK_ATTRIBUTE *attrs; + bool result; +} parse_block; + +static void +on_pem_block (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + parse_block *pb = user_data; + CK_ATTRIBUTE *attrs; + + if (strcmp (type, "CERTIFICATE") == 0) { + attrs = certificate_to_attributes (contents, length); + pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); + pb->result = true; + + } else if (strcmp (type, "PUBLIC KEY") == 0) { + attrs = public_key_to_attributes (contents, length); + pb->attrs = p11_attrs_merge (pb->attrs, attrs, false); + pb->result = true; + + } else { + p11_lexer_msg (pb->lexer, "unsupported pem block in store"); + pb->result = false; + } +} + +static bool +pem_to_attributes (p11_lexer *lexer, + CK_ATTRIBUTE **attrs) +{ + parse_block pb = { lexer, *attrs, false }; + unsigned int count; + + count = p11_pem_parse (lexer->tok.pem.begin, + lexer->tok.pem.length, + on_pem_block, &pb); + + if (count == 0) { + p11_lexer_msg (lexer, "invalid pem block"); + return false; + } + + /* The lexer should have only matched one block */ + return_val_if_fail (count == 1, false); + *attrs = pb.attrs; + return pb.result; +} + +bool +p11_persist_read (p11_persist *persist, + const char *filename, + const unsigned char *data, + size_t length, + p11_array *objects) +{ + p11_lexer lexer; + CK_ATTRIBUTE *attrs; + bool failed; + bool skip; + + return_val_if_fail (persist != NULL, false); + return_val_if_fail (objects != NULL, false); + + skip = false; + attrs = NULL; + failed = false; + + p11_lexer_init (&lexer, filename, (const char *)data, length); + while (p11_lexer_next (&lexer, &failed)) { + switch (lexer.tok_type) { + case TOK_SECTION: + if (attrs && !p11_array_push (objects, attrs)) + return_val_if_reached (false); + attrs = NULL; + if (strcmp (lexer.tok.section.name, PERSIST_HEADER) != 0) { + p11_lexer_msg (&lexer, "unrecognized or invalid section header"); + skip = true; + } else { + attrs = p11_attrs_build (NULL, NULL); + return_val_if_fail (attrs != NULL, false); + skip = false; + } + failed = false; + break; + case TOK_FIELD: + if (skip) { + failed = false; + } else if (!attrs) { + p11_lexer_msg (&lexer, "attribute before p11-kit section header"); + failed = true; + } else { + failed = !field_to_attribute (persist, &lexer, &attrs); + } + break; + case TOK_PEM: + if (skip) { + failed = false; + } else if (!attrs) { + p11_lexer_msg (&lexer, "pem block before p11-kit section header"); + failed = true; + } else { + failed = !pem_to_attributes (&lexer, &attrs); + } + break; + } + + if (failed) + break; + } + + if (attrs && !p11_array_push (objects, attrs)) + return_val_if_reached (false); + attrs = NULL; + + p11_lexer_done (&lexer); + return !failed; +} + +static CK_ATTRIBUTE * +find_certificate_value (CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_CLASS klass; + CK_CERTIFICATE_TYPE type; + + if (!p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) || + klass != CKO_CERTIFICATE) + return NULL; + if (!p11_attrs_find_ulong (attrs, CKA_CERTIFICATE_TYPE, &type) || + type != CKC_X_509) + return NULL; + return p11_attrs_find_valid (attrs, CKA_VALUE); +} + +bool +p11_persist_write (p11_persist *persist, + CK_ATTRIBUTE *attrs, + p11_buffer *buf) +{ + char string[sizeof (CK_ULONG) * 4]; + CK_ATTRIBUTE *cert_value; + CK_ATTRIBUTE *spki_value; + const char *nick; + int i; + + cert_value = find_certificate_value (attrs); + spki_value = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO); + + p11_buffer_add (buf, "[" PERSIST_HEADER "]\n", -1); + + for (i = 0; !p11_attrs_terminator (attrs + i); i++) { + + /* These are written later? */ + if (cert_value != NULL && + (attrs[i].type == CKA_CLASS || + attrs[i].type == CKA_CERTIFICATE_TYPE || + attrs[i].type == CKA_VALUE)) + continue; + + /* These are written later? */ + if (spki_value != NULL && + attrs[i].type == CKA_PUBLIC_KEY_INFO) + continue; + + /* These are never written */ + if (attrs[i].type == CKA_TOKEN || + attrs[i].type == CKA_X_ORIGIN || + attrs[i].type == CKA_X_GENERATED) + continue; + + if (attrs[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) + continue; + + nick = p11_constant_nick (p11_constant_types, attrs[i].type); + if (nick == NULL) { + snprintf (string, sizeof (string), "%lu", attrs[i].type); + nick = string; + } + + p11_buffer_add (buf, nick, -1); + p11_buffer_add (buf, ": ", 2); + format_value (persist, attrs + i, buf); + p11_buffer_add (buf, "\n", 1); + } + + if (cert_value != NULL) { + if (!p11_pem_write (cert_value->pValue, cert_value->ulValueLen, "CERTIFICATE", buf)) + return_val_if_reached (false); + } else if (spki_value != NULL) { + if (!p11_pem_write (spki_value->pValue, spki_value->ulValueLen, "PUBLIC KEY", buf)) + return_val_if_reached (false); + } + + p11_buffer_add (buf, "\n", 1); + return p11_buffer_ok (buf); +} diff --git a/trust/persist.h b/trust/persist.h new file mode 100644 index 0000000..6344e4e --- /dev/null +++ b/trust/persist.h @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_PERSIST_H_ +#define P11_PERSIST_H_ + +#include "array.h" +#include "compat.h" +#include "dict.h" + +#include + +typedef struct _p11_persist p11_persist; + +p11_persist * p11_persist_new (void); + +bool p11_persist_magic (const unsigned char *data, + size_t length); + +bool p11_persist_read (p11_persist *persist, + const char *filename, + const unsigned char *data, + size_t length, + p11_array *objects); + +bool p11_persist_write (p11_persist *persist, + CK_ATTRIBUTE *object, + p11_buffer *buf); + +void p11_persist_free (p11_persist *persist); + +bool p11_persist_is_generated (const unsigned char *data, + size_t length); + +#endif /* P11_PERSIST_H_ */ diff --git a/trust/pkix.asn b/trust/pkix.asn new file mode 100644 index 0000000..cd2d2c6 --- /dev/null +++ b/trust/pkix.asn @@ -0,0 +1,540 @@ + +PKIX1 { } + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules. + +id-pkix OBJECT IDENTIFIER ::= + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) } + +-- ISO arc for standard certificate and CRL extensions + +-- authority key identifier OID and syntax + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + -- authorityCertIssuer and authorityCertSerialNumber shall both + -- be present or both be absgent + +KeyIdentifier ::= OCTET STRING + +-- subject key identifier OID and syntax + +SubjectKeyIdentifier ::= KeyIdentifier + +-- key usage extension OID and syntax + +KeyUsage ::= BIT STRING + +-- Directory string type -- + +DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1..MAX)), + bmpString BMPString (SIZE(1..MAX)), + -- IA5String is added here to handle old UID encoded as ia5String -- + -- See tests/userid/ for more information. It shouldn't be here, -- + -- so if it causes problems, considering dropping it. -- + ia5String IA5String (SIZE(1..MAX)) } + +SubjectAltName ::= GeneralNames + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] AnotherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ANY, +-- Changed to work with the libtasn1 parser. + directoryName [4] EXPLICIT RDNSequence, --Name, + ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER } + +-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as +-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax + +AnotherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id } + +-- issuer alternative name extension OID and syntax + +IssuerAltName ::= GeneralNames + +-- basic constraints extension OID and syntax + +BasicConstraints ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER (0..MAX) OPTIONAL } + +-- CRL distribution points extension OID and syntax + +CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL +} + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName +} + +ReasonFlags ::= BIT STRING + +-- extended key usage extension OID and syntax + +ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + +KeyPurposeId ::= OBJECT IDENTIFIER + +-- CRL number extension OID and syntax + +CRLNumber ::= INTEGER (0..MAX) + +-- certificate issuer CRL entry extension OID and syntax + +CertificateIssuer ::= GeneralNames + +-- attribute data types -- + +Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue + -- at least one value is required -- +} + +AttributeType ::= OBJECT IDENTIFIER + +AttributeValue ::= ANY DEFINED BY type + +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + +-- suggested naming attributes: Definition of the following +-- information object set may be augmented to meet local +-- requirements. Note that deleting members of the set may +-- prevent interoperability with conforming implementations. +-- presented in pairs: the AttributeType followed by the +-- type definition for the corresponding AttributeValue + +-- Arc for standard naming attributes +id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} + +-- Attributes of type NameDirectoryString + +-- gnutls: Note that the Object ID (id-at*) is being set just before the +-- actual definition. This is done in order for asn1_find_structure_from_oid +-- to work (locate structure from OID). +-- Maybe this is inefficient and memory consuming. Should we replace with +-- a table that maps OIDs to structures? + +PostalAddress ::= SEQUENCE OF DirectoryString + + -- Legacy attributes + +emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 } + +Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) + +-- naming data types -- + +Name ::= CHOICE { -- only one possibility for now -- + rdnSequence RDNSequence } + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +DistinguishedName ::= RDNSequence + +RelativeDistinguishedName ::= + SET SIZE (1 .. MAX) OF AttributeTypeAndValue + + + +-- -------------------------------------------------------- +-- certificate and CRL specific structures begin here +-- -------------------------------------------------------- + +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertificate ::= SEQUENCE { + version [0] EXPLICIT Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version shall be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version shall be v2 or v3 + extensions [3] EXPLICIT Extensions OPTIONAL + -- If present, version shall be v3 -- +} + +Version ::= INTEGER { v1(0), v2(1), v3(2) } + +CertificateSerialNumber ::= INTEGER + +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + +UniqueIdentifier ::= BIT STRING + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING } + +Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + + +-- ------------------------------------------ +-- CRL structures +-- ------------------------------------------ + +CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, shall be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, shall be v2 + } OPTIONAL, + crlExtensions [0] EXPLICIT Extensions OPTIONAL + -- if present, shall be v2 -- +} + +-- Version, Time, CertificateSerialNumber, and Extensions were +-- defined earlier for use in the certificate structure + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + -- contains a value of the type + -- registered for use with the + -- algorithm object identifier value + +-- Algorithm OIDs and parameter structures + +Dss-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER +} + +DomainParameters ::= SEQUENCE { + p INTEGER, -- odd prime, p=jq +1 + g INTEGER, -- generator, g + q INTEGER, -- factor of p-1 + j INTEGER OPTIONAL, -- subgroup factor, j>= 2 + validationParms ValidationParms OPTIONAL } + +ValidationParms ::= SEQUENCE { + seed BIT STRING, + pgenCounter INTEGER } + +Dss-Parms ::= SEQUENCE { + p INTEGER, + q INTEGER, + g INTEGER } + +-- x400 address syntax starts here +-- OR Names + +CountryName ::= [APPLICATION 1] CHOICE { + x121-dcc-code NumericString + (SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +OrganizationName ::= PrintableString + (SIZE (1..ub-organization-name-length)) +-- see also teletex-organization-name + +NumericUserIdentifier ::= NumericString + (SIZE (1..ub-numeric-user-id-length)) + +-- see also teletex-personal-name + +OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) + OF OrganizationalUnitName +-- see also teletex-organizational-unit-names + +OrganizationalUnitName ::= PrintableString (SIZE + (1..ub-organizational-unit-name-length)) + +-- Extension types and attribute values +-- + +CommonName ::= PrintableString + +-- END of PKIX1Implicit88 + + +-- BEGIN of RFC2630 + +-- Cryptographic Message Syntax + +pkcs-7-ContentInfo ::= SEQUENCE { + contentType pkcs-7-ContentType, + content [0] EXPLICIT ANY DEFINED BY contentType } + +pkcs-7-DigestInfo ::= SEQUENCE { + digestAlgorithm pkcs-7-DigestAlgorithmIdentifier, + digest pkcs-7-Digest +} + +pkcs-7-Digest ::= OCTET STRING + +pkcs-7-ContentType ::= OBJECT IDENTIFIER + +pkcs-7-SignedData ::= SEQUENCE { + version pkcs-7-CMSVersion, + digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, + encapContentInfo pkcs-7-EncapsulatedContentInfo, + certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, + crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, + signerInfos pkcs-7-SignerInfos +} + +pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } + +pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier + +pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { + eContentType pkcs-7-ContentType, + eContent [0] EXPLICIT OCTET STRING OPTIONAL } + +-- We don't use CertificateList here since we only want +-- to read the raw data. +pkcs-7-CertificateRevocationLists ::= SET OF ANY + +pkcs-7-CertificateChoices ::= CHOICE { +-- Although the paper uses Certificate type, we +-- don't use it since, we don't need to parse it. +-- We only need to read and store it. + certificate ANY +} + +pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices + +pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it + -- anyway + + +-- BEGIN of RFC2986 + +-- Certificate requests +pkcs-10-CertificationRequestInfo ::= SEQUENCE { + version INTEGER { v1(0) }, + subject Name, + subjectPKInfo SubjectPublicKeyInfo, + attributes [0] Attributes +} + +Attributes ::= SET OF Attribute + +pkcs-10-CertificationRequest ::= SEQUENCE { + certificationRequestInfo pkcs-10-CertificationRequestInfo, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING +} + +-- stuff from PKCS#9 + +pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7} + +pkcs-9-challengePassword ::= CHOICE { + printableString PrintableString, + utf8String UTF8String } + +pkcs-9-localKeyId ::= OCTET STRING + +-- PKCS #8 stuff + +-- Private-key information syntax + +pkcs-8-PrivateKeyInfo ::= SEQUENCE { + version pkcs-8-Version, + privateKeyAlgorithm AlgorithmIdentifier, + privateKey pkcs-8-PrivateKey, + attributes [0] Attributes OPTIONAL } + +pkcs-8-Version ::= INTEGER {v1(0)} + +pkcs-8-PrivateKey ::= OCTET STRING + +pkcs-8-Attributes ::= SET OF Attribute + +-- Encrypted private-key information syntax + +pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { + encryptionAlgorithm AlgorithmIdentifier, + encryptedData pkcs-8-EncryptedData +} + +pkcs-8-EncryptedData ::= OCTET STRING + +-- PKCS #5 stuff + +pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8)) +pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16)) +pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16)) +pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16)) + +pkcs-5-PBES2-params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier, + encryptionScheme AlgorithmIdentifier } + +-- PBKDF2 + +-- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::= +-- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL} + +pkcs-5-PBKDF2-params ::= SEQUENCE { + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier + }, + iterationCount INTEGER (1..MAX), + keyLength INTEGER (1..MAX) OPTIONAL, + prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 +} + +-- PKCS #12 stuff + +pkcs-12-PFX ::= SEQUENCE { + version INTEGER {v3(3)}, + authSafe pkcs-7-ContentInfo, + macData pkcs-12-MacData OPTIONAL +} + +pkcs-12-PbeParams ::= SEQUENCE { + salt OCTET STRING, + iterations INTEGER +} + +pkcs-12-MacData ::= SEQUENCE { + mac pkcs-7-DigestInfo, + macSalt OCTET STRING, + iterations INTEGER DEFAULT 1 +-- Note: The default is for historical reasons and its use is +-- deprecated. A higher value, like 1024 is recommended. +} + +pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo + -- Data if unencrypted + -- EncryptedData if password-encrypted + -- EnvelopedData if public key-encrypted + +pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag + +pkcs-12-SafeBag ::= SEQUENCE { + bagId OBJECT IDENTIFIER, + bagValue [0] EXPLICIT ANY DEFINED BY badId, + bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL +} + +-- Bag types + +pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo + +-- Shrouded KeyBag + +pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo + +-- CertBag + +pkcs-12-CertBag ::= SEQUENCE { + certId OBJECT IDENTIFIER, + certValue [0] EXPLICIT ANY DEFINED BY certId +} + +-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} +-- DER-encoded X.509 certificate stored in OCTET STRING + +pkcs-12-CRLBag ::= SEQUENCE { + crlId OBJECT IDENTIFIER, + crlValue [0] EXPLICIT ANY DEFINED BY crlId +} + +pkcs-12-SecretBag ::= SEQUENCE { + secretTypeId OBJECT IDENTIFIER, + secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId +} + +-- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} +-- DER-encoded X.509 CRL stored in OCTET STRING + +pkcs-12-PKCS12Attribute ::= Attribute + +-- PKCS #7 stuff (needed in PKCS 12) + +pkcs-7-Data ::= OCTET STRING + +pkcs-7-EncryptedData ::= SEQUENCE { + version pkcs-7-CMSVersion, + encryptedContentInfo pkcs-7-EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } + +pkcs-7-EncryptedContentInfo ::= SEQUENCE { + contentType pkcs-7-ContentType, + contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } + +pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +pkcs-7-EncryptedContent ::= OCTET STRING + +pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute + +-- rfc3820 + +ProxyCertInfo ::= SEQUENCE { + pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, + proxyPolicy ProxyPolicy } + +ProxyPolicy ::= SEQUENCE { + policyLanguage OBJECT IDENTIFIER, + policy OCTET STRING OPTIONAL } + +END diff --git a/trust/pkix.asn.h b/trust/pkix.asn.h new file mode 100644 index 0000000..dc24f8c --- /dev/null +++ b/trust/pkix.asn.h @@ -0,0 +1,366 @@ +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +const asn1_static_node pkix_asn1_tab[] = { + { "PKIX1", 536875024, NULL }, + { NULL, 1073741836, NULL }, + { "id-pkix", 1879048204, NULL }, + { "iso", 1073741825, "1"}, + { "identified-organization", 1073741825, "3"}, + { "dod", 1073741825, "6"}, + { "internet", 1073741825, "1"}, + { "security", 1073741825, "5"}, + { "mechanisms", 1073741825, "5"}, + { "pkix", 1, "7"}, + { "AuthorityKeyIdentifier", 1610612741, NULL }, + { "keyIdentifier", 1610637314, "KeyIdentifier"}, + { NULL, 4104, "0"}, + { "authorityCertIssuer", 1610637314, "GeneralNames"}, + { NULL, 4104, "1"}, + { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, + { NULL, 4104, "2"}, + { "KeyIdentifier", 1073741831, NULL }, + { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, + { "KeyUsage", 1073741830, NULL }, + { "DirectoryString", 1610612754, NULL }, + { "teletexString", 1075839006, NULL }, + { "printableString", 1075839007, NULL }, + { "universalString", 1075839008, NULL }, + { "utf8String", 1075839010, NULL }, + { "bmpString", 1075839009, NULL }, + { "ia5String", 2097181, NULL }, + { "SubjectAltName", 1073741826, "GeneralNames"}, + { "GeneralNames", 1612709899, NULL }, + { NULL, 2, "GeneralName"}, + { "GeneralName", 1610612754, NULL }, + { "otherName", 1610620930, "AnotherName"}, + { NULL, 4104, "0"}, + { "rfc822Name", 1610620957, NULL }, + { NULL, 4104, "1"}, + { "dNSName", 1610620957, NULL }, + { NULL, 4104, "2"}, + { "x400Address", 1610620941, NULL }, + { NULL, 4104, "3"}, + { "directoryName", 1610620930, "RDNSequence"}, + { NULL, 2056, "4"}, + { "ediPartyName", 1610620941, NULL }, + { NULL, 4104, "5"}, + { "uniformResourceIdentifier", 1610620957, NULL }, + { NULL, 4104, "6"}, + { "iPAddress", 1610620935, NULL }, + { NULL, 4104, "7"}, + { "registeredID", 536879116, NULL }, + { NULL, 4104, "8"}, + { "AnotherName", 1610612741, NULL }, + { "type-id", 1073741836, NULL }, + { "value", 541073421, NULL }, + { NULL, 1073743880, "0"}, + { "type-id", 1, NULL }, + { "IssuerAltName", 1073741826, "GeneralNames"}, + { "BasicConstraints", 1610612741, NULL }, + { "cA", 1610645508, NULL }, + { NULL, 131081, NULL }, + { "pathLenConstraint", 16387, NULL }, + { "CRLDistributionPoints", 1612709899, NULL }, + { NULL, 2, "DistributionPoint"}, + { "DistributionPoint", 1610612741, NULL }, + { "distributionPoint", 1610637314, "DistributionPointName"}, + { NULL, 2056, "0"}, + { "reasons", 1610637314, "ReasonFlags"}, + { NULL, 4104, "1"}, + { "cRLIssuer", 536895490, "GeneralNames"}, + { NULL, 4104, "2"}, + { "DistributionPointName", 1610612754, NULL }, + { "fullName", 1610620930, "GeneralNames"}, + { NULL, 4104, "0"}, + { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, + { NULL, 4104, "1"}, + { "ReasonFlags", 1073741830, NULL }, + { "ExtKeyUsageSyntax", 1612709899, NULL }, + { NULL, 2, "KeyPurposeId"}, + { "KeyPurposeId", 1073741836, NULL }, + { "CRLNumber", 1073741827, NULL }, + { "CertificateIssuer", 1073741826, "GeneralNames"}, + { "Attribute", 1610612741, NULL }, + { "type", 1073741826, "AttributeType"}, + { "values", 536870927, NULL }, + { NULL, 2, "AttributeValue"}, + { "AttributeType", 1073741836, NULL }, + { "AttributeValue", 1614807053, NULL }, + { "type", 1, NULL }, + { "AttributeTypeAndValue", 1610612741, NULL }, + { "type", 1073741826, "AttributeType"}, + { "value", 2, "AttributeValue"}, + { "id-at", 1879048204, NULL }, + { "joint-iso-ccitt", 1073741825, "2"}, + { "ds", 1073741825, "5"}, + { NULL, 1, "4"}, + { "PostalAddress", 1610612747, NULL }, + { NULL, 2, "DirectoryString"}, + { "emailAddress", 1880096780, "AttributeType"}, + { "iso", 1073741825, "1"}, + { "member-body", 1073741825, "2"}, + { "us", 1073741825, "840"}, + { "rsadsi", 1073741825, "113549"}, + { "pkcs", 1073741825, "1"}, + { NULL, 1073741825, "9"}, + { NULL, 1, "1"}, + { "Pkcs9email", 1075839005, NULL }, + { "Name", 1610612754, NULL }, + { "rdnSequence", 2, "RDNSequence"}, + { "RDNSequence", 1610612747, NULL }, + { NULL, 2, "RelativeDistinguishedName"}, + { "DistinguishedName", 1073741826, "RDNSequence"}, + { "RelativeDistinguishedName", 1612709903, NULL }, + { NULL, 2, "AttributeTypeAndValue"}, + { "Certificate", 1610612741, NULL }, + { "tbsCertificate", 1073741826, "TBSCertificate"}, + { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, + { "signature", 6, NULL }, + { "TBSCertificate", 1610612741, NULL }, + { "version", 1610653698, "Version"}, + { NULL, 1073741833, "v1"}, + { NULL, 2056, "0"}, + { "serialNumber", 1073741826, "CertificateSerialNumber"}, + { "signature", 1073741826, "AlgorithmIdentifier"}, + { "issuer", 1073741826, "Name"}, + { "validity", 1073741826, "Validity"}, + { "subject", 1073741826, "Name"}, + { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, + { "issuerUniqueID", 1610637314, "UniqueIdentifier"}, + { NULL, 4104, "1"}, + { "subjectUniqueID", 1610637314, "UniqueIdentifier"}, + { NULL, 4104, "2"}, + { "extensions", 536895490, "Extensions"}, + { NULL, 2056, "3"}, + { "Version", 1610874883, NULL }, + { "v1", 1073741825, "0"}, + { "v2", 1073741825, "1"}, + { "v3", 1, "2"}, + { "CertificateSerialNumber", 1073741827, NULL }, + { "Validity", 1610612741, NULL }, + { "notBefore", 1073741826, "Time"}, + { "notAfter", 2, "Time"}, + { "Time", 1610612754, NULL }, + { "utcTime", 1073741860, NULL }, + { "generalTime", 37, NULL }, + { "UniqueIdentifier", 1073741830, NULL }, + { "SubjectPublicKeyInfo", 1610612741, NULL }, + { "algorithm", 1073741826, "AlgorithmIdentifier"}, + { "subjectPublicKey", 6, NULL }, + { "Extensions", 1612709899, NULL }, + { NULL, 2, "Extension"}, + { "Extension", 1610612741, NULL }, + { "extnID", 1073741836, NULL }, + { "critical", 1610645508, NULL }, + { NULL, 131081, NULL }, + { "extnValue", 7, NULL }, + { "CertificateList", 1610612741, NULL }, + { "tbsCertList", 1073741826, "TBSCertList"}, + { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, + { "signature", 6, NULL }, + { "TBSCertList", 1610612741, NULL }, + { "version", 1073758210, "Version"}, + { "signature", 1073741826, "AlgorithmIdentifier"}, + { "issuer", 1073741826, "Name"}, + { "thisUpdate", 1073741826, "Time"}, + { "nextUpdate", 1073758210, "Time"}, + { "revokedCertificates", 1610629131, NULL }, + { NULL, 536870917, NULL }, + { "userCertificate", 1073741826, "CertificateSerialNumber"}, + { "revocationDate", 1073741826, "Time"}, + { "crlEntryExtensions", 16386, "Extensions"}, + { "crlExtensions", 536895490, "Extensions"}, + { NULL, 2056, "0"}, + { "AlgorithmIdentifier", 1610612741, NULL }, + { "algorithm", 1073741836, NULL }, + { "parameters", 541081613, NULL }, + { "algorithm", 1, NULL }, + { "Dss-Sig-Value", 1610612741, NULL }, + { "r", 1073741827, NULL }, + { "s", 3, NULL }, + { "DomainParameters", 1610612741, NULL }, + { "p", 1073741827, NULL }, + { "g", 1073741827, NULL }, + { "q", 1073741827, NULL }, + { "j", 1073758211, NULL }, + { "validationParms", 16386, "ValidationParms"}, + { "ValidationParms", 1610612741, NULL }, + { "seed", 1073741830, NULL }, + { "pgenCounter", 3, NULL }, + { "Dss-Parms", 1610612741, NULL }, + { "p", 1073741827, NULL }, + { "q", 1073741827, NULL }, + { "g", 3, NULL }, + { "CountryName", 1610620946, NULL }, + { NULL, 1073746952, "1"}, + { "x121-dcc-code", 1075839004, NULL }, + { "iso-3166-alpha2-code", 2097183, NULL }, + { "OrganizationName", 1075839007, NULL }, + { "NumericUserIdentifier", 1075839004, NULL }, + { "OrganizationalUnitNames", 1612709899, NULL }, + { NULL, 2, "OrganizationalUnitName"}, + { "OrganizationalUnitName", 1075839007, NULL }, + { "CommonName", 1073741855, NULL }, + { "pkcs-7-ContentInfo", 1610612741, NULL }, + { "contentType", 1073741826, "pkcs-7-ContentType"}, + { "content", 541073421, NULL }, + { NULL, 1073743880, "0"}, + { "contentType", 1, NULL }, + { "pkcs-7-DigestInfo", 1610612741, NULL }, + { "digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, + { "digest", 2, "pkcs-7-Digest"}, + { "pkcs-7-Digest", 1073741831, NULL }, + { "pkcs-7-ContentType", 1073741836, NULL }, + { "pkcs-7-SignedData", 1610612741, NULL }, + { "version", 1073741826, "pkcs-7-CMSVersion"}, + { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, + { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, + { "certificates", 1610637314, "pkcs-7-CertificateSet"}, + { NULL, 4104, "0"}, + { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, + { NULL, 4104, "1"}, + { "signerInfos", 2, "pkcs-7-SignerInfos"}, + { "pkcs-7-CMSVersion", 1610874883, NULL }, + { "v0", 1073741825, "0"}, + { "v1", 1073741825, "1"}, + { "v2", 1073741825, "2"}, + { "v3", 1073741825, "3"}, + { "v4", 1, "4"}, + { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL }, + { NULL, 2, "pkcs-7-DigestAlgorithmIdentifier"}, + { "pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, + { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL }, + { "eContentType", 1073741826, "pkcs-7-ContentType"}, + { "eContent", 536895495, NULL }, + { NULL, 2056, "0"}, + { "pkcs-7-CertificateRevocationLists", 1610612751, NULL }, + { NULL, 13, NULL }, + { "pkcs-7-CertificateChoices", 1610612754, NULL }, + { "certificate", 13, NULL }, + { "pkcs-7-CertificateSet", 1610612751, NULL }, + { NULL, 2, "pkcs-7-CertificateChoices"}, + { "pkcs-7-SignerInfos", 1610612751, NULL }, + { NULL, 13, NULL }, + { "pkcs-10-CertificationRequestInfo", 1610612741, NULL }, + { "version", 1610874883, NULL }, + { "v1", 1, "0"}, + { "subject", 1073741826, "Name"}, + { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, + { "attributes", 536879106, "Attributes"}, + { NULL, 4104, "0"}, + { "Attributes", 1610612751, NULL }, + { NULL, 2, "Attribute"}, + { "pkcs-10-CertificationRequest", 1610612741, NULL }, + { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, + { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, + { "signature", 6, NULL }, + { "pkcs-9-at-challengePassword", 1879048204, NULL }, + { "iso", 1073741825, "1"}, + { "member-body", 1073741825, "2"}, + { "us", 1073741825, "840"}, + { "rsadsi", 1073741825, "113549"}, + { "pkcs", 1073741825, "1"}, + { NULL, 1073741825, "9"}, + { NULL, 1, "7"}, + { "pkcs-9-challengePassword", 1610612754, NULL }, + { "printableString", 1073741855, NULL }, + { "utf8String", 34, NULL }, + { "pkcs-9-localKeyId", 1073741831, NULL }, + { "pkcs-8-PrivateKeyInfo", 1610612741, NULL }, + { "version", 1073741826, "pkcs-8-Version"}, + { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, + { "privateKey", 1073741826, "pkcs-8-PrivateKey"}, + { "attributes", 536895490, "Attributes"}, + { NULL, 4104, "0"}, + { "pkcs-8-Version", 1610874883, NULL }, + { "v1", 1, "0"}, + { "pkcs-8-PrivateKey", 1073741831, NULL }, + { "pkcs-8-Attributes", 1610612751, NULL }, + { NULL, 2, "Attribute"}, + { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL }, + { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, + { "encryptedData", 2, "pkcs-8-EncryptedData"}, + { "pkcs-8-EncryptedData", 1073741831, NULL }, + { "pkcs-5-des-EDE3-CBC-params", 1075838983, NULL }, + { "pkcs-5-aes128-CBC-params", 1075838983, NULL }, + { "pkcs-5-aes192-CBC-params", 1075838983, NULL }, + { "pkcs-5-aes256-CBC-params", 1075838983, NULL }, + { "pkcs-5-PBES2-params", 1610612741, NULL }, + { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, + { "encryptionScheme", 2, "AlgorithmIdentifier"}, + { "pkcs-5-PBKDF2-params", 1610612741, NULL }, + { "salt", 1610612754, NULL }, + { "specified", 1073741831, NULL }, + { "otherSource", 2, "AlgorithmIdentifier"}, + { "iterationCount", 1073741827, NULL }, + { "keyLength", 1073758211, NULL }, + { "prf", 16386, "AlgorithmIdentifier"}, + { "pkcs-12-PFX", 1610612741, NULL }, + { "version", 1610874883, NULL }, + { "v3", 1, "3"}, + { "authSafe", 1073741826, "pkcs-7-ContentInfo"}, + { "macData", 16386, "pkcs-12-MacData"}, + { "pkcs-12-PbeParams", 1610612741, NULL }, + { "salt", 1073741831, NULL }, + { "iterations", 3, NULL }, + { "pkcs-12-MacData", 1610612741, NULL }, + { "mac", 1073741826, "pkcs-7-DigestInfo"}, + { "macSalt", 1073741831, NULL }, + { "iterations", 536903683, NULL }, + { NULL, 9, "1"}, + { "pkcs-12-AuthenticatedSafe", 1610612747, NULL }, + { NULL, 2, "pkcs-7-ContentInfo"}, + { "pkcs-12-SafeContents", 1610612747, NULL }, + { NULL, 2, "pkcs-12-SafeBag"}, + { "pkcs-12-SafeBag", 1610612741, NULL }, + { "bagId", 1073741836, NULL }, + { "bagValue", 1614815245, NULL }, + { NULL, 1073743880, "0"}, + { "badId", 1, NULL }, + { "bagAttributes", 536887311, NULL }, + { NULL, 2, "pkcs-12-PKCS12Attribute"}, + { "pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, + { "pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"}, + { "pkcs-12-CertBag", 1610612741, NULL }, + { "certId", 1073741836, NULL }, + { "certValue", 541073421, NULL }, + { NULL, 1073743880, "0"}, + { "certId", 1, NULL }, + { "pkcs-12-CRLBag", 1610612741, NULL }, + { "crlId", 1073741836, NULL }, + { "crlValue", 541073421, NULL }, + { NULL, 1073743880, "0"}, + { "crlId", 1, NULL }, + { "pkcs-12-SecretBag", 1610612741, NULL }, + { "secretTypeId", 1073741836, NULL }, + { "secretValue", 541073421, NULL }, + { NULL, 1073743880, "0"}, + { "secretTypeId", 1, NULL }, + { "pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, + { "pkcs-7-Data", 1073741831, NULL }, + { "pkcs-7-EncryptedData", 1610612741, NULL }, + { "version", 1073741826, "pkcs-7-CMSVersion"}, + { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, + { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, + { NULL, 4104, "1"}, + { "pkcs-7-EncryptedContentInfo", 1610612741, NULL }, + { "contentType", 1073741826, "pkcs-7-ContentType"}, + { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, + { "encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, + { NULL, 4104, "0"}, + { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, + { "pkcs-7-EncryptedContent", 1073741831, NULL }, + { "pkcs-7-UnprotectedAttributes", 1612709903, NULL }, + { NULL, 2, "Attribute"}, + { "ProxyCertInfo", 1610612741, NULL }, + { "pCPathLenConstraint", 1073758211, NULL }, + { "proxyPolicy", 2, "ProxyPolicy"}, + { "ProxyPolicy", 536870917, NULL }, + { "policyLanguage", 1073741836, NULL }, + { "policy", 16391, NULL }, + { NULL, 0, NULL } +}; diff --git a/trust/save.c b/trust/save.c new file mode 100644 index 0000000..bb77348 --- /dev/null +++ b/trust/save.c @@ -0,0 +1,620 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "buffer.h" +#include "debug.h" +#include "dict.h" +#include "message.h" +#include "save.h" + +#include + +#include +#include +#include +#include +#include +#include +#include + +struct _p11_save_file { + char *bare; + char *extension; + char *temp; + int fd; + int flags; +}; + +struct _p11_save_dir { + p11_dict *cache; + char *path; + int flags; +}; + +static char * make_unique_name (const char *bare, + const char *extension, + int (*check) (void *, char *), + void *data); +static void filo_free (p11_save_file *file); +static void dir_free (p11_save_dir *dir); + +bool +p11_save_write_and_finish (p11_save_file *file, + const void *data, + ssize_t length) +{ + bool ret; + + if (!file) + return false; + + ret = p11_save_write (file, data, length); + if (!p11_save_finish_file (file, NULL, ret)) + ret = false; + + return ret; +} + +p11_save_file * +p11_save_open_file (const char *path, + const char *extension, + int flags) +{ + p11_save_file *file; + char *temp; + mode_t mode; + int fd; + + return_val_if_fail (path != NULL, NULL); + + if (extension == NULL) + extension = ""; + + if (asprintf (&temp, "%s%s.XXXXXX", path, extension) < 0) + return_val_if_reached (NULL); + + mode = umask (0077); + fd = mkstemp (temp); + umask (mode); + if (fd < 0) { + p11_message_err (errno, "couldn't create file: %s%s", path, extension); + free (temp); + return NULL; + } + + file = calloc (1, sizeof (p11_save_file)); + return_val_if_fail (file != NULL, NULL); + file->temp = temp; + file->bare = strdup (path); + if (file->bare == NULL) { + filo_free (file); + return_val_if_reached (NULL); + } + file->extension = strdup (extension); + if (file->extension == NULL) { + filo_free (file); + return_val_if_reached (NULL); + } + file->flags = flags; + file->fd = fd; + + return file; +} + +bool +p11_save_write (p11_save_file *file, + const void *data, + ssize_t length) +{ + const unsigned char *buf = data; + ssize_t written = 0; + ssize_t res; + + if (!file) + return false; + + /* Automatically calculate length */ + if (length < 0) { + if (!data) + return true; + length = strlen (data); + } + + while (written < length) { + res = write (file->fd, buf + written, length - written); + if (res <= 0) { + if (errno == EAGAIN || errno == EINTR) + continue; + p11_message_err (errno, "couldn't write to file: %s", file->temp); + return false; + } else { + written += res; + } + } + + return true; +} + +static void +filo_free (p11_save_file *file) +{ + free (file->temp); + free (file->bare); + free (file->extension); + free (file); +} + +static void +dir_free (p11_save_dir *dir) { + p11_dict_free (dir->cache); + free (dir->path); + free (dir); +} + +#ifdef OS_UNIX + +static int +on_unique_try_link (void *data, + char *path) +{ + p11_save_file *file = data; + + if (link (file->temp, path) < 0) { + if (errno == EEXIST) + return 0; /* Continue trying other names */ + p11_message_err (errno, "couldn't complete writing of file: %s", path); + return -1; + } + + return 1; /* All done */ +} + +#else /* OS_WIN32 */ + +static int +on_unique_try_rename (void *data, + char *path) +{ + p11_save_file *file = data; + + if (rename (file->temp, path) < 0) { + if (errno == EEXIST) + return 0; /* Continue trying other names */ + p11_message ("couldn't complete writing of file: %s", path); + return -1; + } + + free (file->temp); + file->temp = strdup (path); + return 1; /* All done */ +} + +#endif /* OS_WIN32 */ + +bool +p11_save_finish_file (p11_save_file *file, + char **path_out, + bool commit) +{ + bool ret = true; + char *path; + + if (!file) + return false; + + if (!commit) { + close (file->fd); + unlink (file->temp); + filo_free (file); + return true; + } + + if (asprintf (&path, "%s%s", file->bare, file->extension) < 0) + return_val_if_reached (false); + + if (close (file->fd) < 0) { + p11_message_err (errno, "couldn't write file: %s", file->temp); + ret = false; + +#ifdef OS_UNIX + /* Set the mode of the file, readable by everyone, but not writable */ + } else if (chmod (file->temp, S_IRUSR | S_IRGRP | S_IROTH) < 0) { + p11_message_err (errno, "couldn't set file permissions: %s", file->temp); + ret = false; + + /* Atomically rename the tempfile over the filename */ + } else if (file->flags & P11_SAVE_OVERWRITE) { + if (rename (file->temp, path) < 0) { + p11_message_err (errno, "couldn't complete writing file: %s", path); + ret = false; + } else { + unlink (file->temp); + } + + /* Create a unique name if requested unique file name */ + } else if (file->flags & P11_SAVE_UNIQUE) { + free (path); + path = make_unique_name (file->bare, file->extension, + on_unique_try_link, file); + if (!path) + ret = false; + unlink (file->temp); + + /* When not overwriting, link will fail if filename exists. */ + } else { + if (link (file->temp, path) < 0) { + p11_message_err (errno, "couldn't complete writing of file: %s", path); + ret = false; + } + unlink (file->temp); + +#else /* OS_WIN32 */ + + /* Windows does not do atomic renames, so delete original file first */ + } else { + /* Create a unique name if requested unique file name */ + if (file->flags & P11_SAVE_UNIQUE) { + free (path); + path = make_unique_name (file->bare, file->extension, + on_unique_try_rename, file); + if (!path) + ret = false; + + } else if ((file->flags & P11_SAVE_OVERWRITE) && + unlink (path) < 0 && errno != ENOENT) { + p11_message_err (errno, "couldn't remove original file: %s", path); + ret = false; + } + + if (ret == true && strcmp (file->temp, path) != 0) { + if (rename (file->temp, path) < 0) { + p11_message_err (errno, "couldn't complete writing file: %s", path); + ret = false; + } + + unlink (file->temp); + } + +#endif /* OS_WIN32 */ + } + + if (ret && path_out) { + *path_out = path; + path = NULL; + } + + free (path); + filo_free (file); + return ret; +} + +p11_save_dir * +p11_save_open_directory (const char *path, + int flags) +{ +#ifdef OS_UNIX + struct stat sb; +#endif + p11_save_dir *dir; + + return_val_if_fail (path != NULL, NULL); + +#ifdef OS_UNIX + /* We update the permissions when we finish writing */ + if (mkdir (path, S_IRWXU) < 0) { +#else /* OS_WIN32 */ + if (mkdir (path) < 0) { +#endif + /* Some random error, report it */ + if (errno != EEXIST) { + p11_message_err (errno, "couldn't create directory: %s", path); + + /* The directory exists and we're not overwriting */ + } else if (!(flags & P11_SAVE_OVERWRITE)) { + p11_message ("directory already exists: %s", path); + return NULL; + } +#ifdef OS_UNIX + /* + * If the directory exists on unix, we may have restricted + * the directory permissions to read-only. We have to change + * them back to writable in order for things to work. + */ + if (stat (path, &sb) >= 0) { + if ((sb.st_mode & S_IRWXU) != S_IRWXU && + chmod (path, S_IRWXU | sb.st_mode) < 0) { + p11_message_err (errno, "couldn't make directory writable: %s", path); + return NULL; + } + } +#endif /* OS_UNIX */ + } + + dir = calloc (1, sizeof (p11_save_dir)); + return_val_if_fail (dir != NULL, NULL); + + dir->path = strdup (path); + if (dir->path == NULL) { + dir_free (dir); + return_val_if_reached (NULL); + } + + dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); + if (dir->cache == NULL) { + dir_free (dir); + return_val_if_reached (NULL); + } + + dir->flags = flags; + return dir; +} + +static char * +make_unique_name (const char *bare, + const char *extension, + int (*check) (void *, char *), + void *data) +{ + char unique[16]; + p11_buffer buf; + int ret; + int i; + + assert (bare != NULL); + assert (check != NULL); + + p11_buffer_init_null (&buf, 0); + + for (i = 0; true; i++) { + + p11_buffer_reset (&buf, 64); + + switch (i) { + + /* + * For the first iteration, just build the filename as + * provided by the caller. + */ + case 0: + p11_buffer_add (&buf, bare, -1); + break; + + /* + * On later iterations we try to add a numeric .N suffix + * before the extension, so the resulting file might look + * like filename.1.ext. + * + * As a special case if the extension is already '.0' then + * just just keep incerementing that. + */ + case 1: + if (extension && strcmp (extension, ".0") == 0) + extension = NULL; + /* fall through */ + + default: + p11_buffer_add (&buf, bare, -1); + snprintf (unique, sizeof (unique), ".%d", i); + p11_buffer_add (&buf, unique, -1); + break; + } + + if (extension) + p11_buffer_add (&buf, extension, -1); + + return_val_if_fail (p11_buffer_ok (&buf), NULL); + + ret = check (data, buf.data); + if (ret < 0) + return NULL; + else if (ret > 0) + return p11_buffer_steal (&buf, NULL); + } + + return_val_if_reached (NULL); +} + +static int +on_unique_check_dir (void *data, + char *name) +{ + p11_save_dir *dir = data; + + if (!p11_dict_get (dir->cache, name)) + return 1; + + return 0; /* Keep looking */ +} + +p11_save_file * +p11_save_open_file_in (p11_save_dir *dir, + const char *basename, + const char *extension) +{ + p11_save_file *file = NULL; + char *name; + char *path; + + return_val_if_fail (dir != NULL, NULL); + return_val_if_fail (basename != NULL, NULL); + + name = make_unique_name (basename, extension, on_unique_check_dir, dir); + return_val_if_fail (name != NULL, NULL); + + if (asprintf (&path, "%s/%s", dir->path, name) < 0) + return_val_if_reached (NULL); + + file = p11_save_open_file (path, NULL, dir->flags); + + if (file) { + if (!p11_dict_set (dir->cache, name, name)) + return_val_if_reached (NULL); + name = NULL; + } + + free (name); + free (path); + + return file; +} + +#ifdef OS_UNIX + +bool +p11_save_symlink_in (p11_save_dir *dir, + const char *linkname, + const char *extension, + const char *destination) +{ + char *name; + char *path; + bool ret; + + return_val_if_fail (dir != NULL, false); + return_val_if_fail (linkname != NULL, false); + return_val_if_fail (destination != NULL, false); + + name = make_unique_name (linkname, extension, on_unique_check_dir, dir); + return_val_if_fail (name != NULL, false); + + if (asprintf (&path, "%s/%s", dir->path, name) < 0) + return_val_if_reached (false); + + unlink (path); + + if (symlink (destination, path) < 0) { + p11_message_err (errno, "couldn't create symlink: %s", path); + ret = false; + } else { + if (!p11_dict_set (dir->cache, name, name)) + return_val_if_reached (false); + name = NULL; + ret = true; + } + + free (path); + free (name); + + return ret; +} + +#endif /* OS_UNIX */ + +static bool +cleanup_directory (const char *directory, + p11_dict *cache) +{ + struct dirent *dp; + struct stat st; + p11_dict *remove; + p11_dictiter iter; + char *path; + DIR *dir; + bool ret; + + /* First we load all the modules */ + dir = opendir (directory); + if (!dir) { + p11_message_err (errno, "couldn't list directory: %s", directory); + return false; + } + + remove = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL); + + while ((dp = readdir (dir)) != NULL) { + if (p11_dict_get (cache, dp->d_name)) + continue; + + if (asprintf (&path, "%s/%s", directory, dp->d_name) < 0) + return_val_if_reached (false); + + + if (stat (path, &st) >= 0 && !S_ISDIR (st.st_mode)) { + if (!p11_dict_set (remove, path, path)) + return_val_if_reached (false); + } else { + free (path); + } + } + + closedir (dir); + + ret = true; + + /* Remove all the files still in the cache */ + p11_dict_iterate (remove, &iter); + while (p11_dict_next (&iter, (void **)&path, NULL)) { + if (unlink (path) < 0 && errno != ENOENT) { + p11_message_err (errno, "couldn't remove file: %s", path); + ret = false; + break; + } + } + + p11_dict_free (remove); + + return ret; +} + +bool +p11_save_finish_directory (p11_save_dir *dir, + bool commit) +{ + bool ret = true; + + if (!dir) + return false; + + if (commit) { + if (dir->flags & P11_SAVE_OVERWRITE) + ret = cleanup_directory (dir->path, dir->cache); + +#ifdef OS_UNIX + /* Try to set the mode of the directory to readable */ + if (ret && chmod (dir->path, S_IRUSR | S_IXUSR | S_IRGRP | + S_IXGRP | S_IROTH | S_IXOTH) < 0) { + p11_message_err (errno, "couldn't set directory permissions: %s", dir->path); + ret = false; + } +#endif /* OS_UNIX */ + } + + p11_dict_free (dir->cache); + free (dir->path); + free (dir); + + return ret; +} diff --git a/trust/save.h b/trust/save.h new file mode 100644 index 0000000..81f1044 --- /dev/null +++ b/trust/save.h @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_SAVE_H_ +#define P11_SAVE_H_ + +#include "compat.h" + +enum { + P11_SAVE_OVERWRITE = 1 << 0, + P11_SAVE_UNIQUE = 1 << 1, +}; + +typedef struct _p11_save_file p11_save_file; +typedef struct _p11_save_dir p11_save_dir; + +p11_save_file * p11_save_open_file (const char *path, + const char *extension, + int flags); + +bool p11_save_write (p11_save_file *file, + const void *data, + ssize_t length); + +bool p11_save_write_and_finish (p11_save_file *file, + const void *data, + ssize_t length); + +bool p11_save_finish_file (p11_save_file *file, + char **path, + bool commit); + +const char * p11_save_file_name (p11_save_file *file); + +p11_save_dir * p11_save_open_directory (const char *path, + int flags); + +p11_save_file * p11_save_open_file_in (p11_save_dir *directory, + const char *basename, + const char *extension); + +#ifdef OS_UNIX + +bool p11_save_symlink_in (p11_save_dir *dir, + const char *linkname, + const char *extension, + const char *destination); + +#endif /* OS_UNIX */ + +bool p11_save_finish_directory (p11_save_dir *dir, + bool commit); + +#endif /* P11_SAVE_H_ */ diff --git a/trust/session.c b/trust/session.c new file mode 100644 index 0000000..d464394 --- /dev/null +++ b/trust/session.c @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "debug.h" +#include "dict.h" +#include "message.h" +#include "pkcs11.h" +#include "module.h" +#include "session.h" + +#include +#include +#include +#include + +p11_session * +p11_session_new (p11_token *token) +{ + p11_session *session; + + session = calloc (1, sizeof (p11_session)); + return_val_if_fail (session != NULL, NULL); + + session->handle = p11_module_next_id (); + + session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE); + if (session->builder == NULL) { + p11_session_free (session); + return_val_if_reached (NULL); + } + + session->index = p11_index_new (p11_builder_build, NULL, NULL, + p11_builder_changed, + session->builder); + if (session->index == NULL) { + p11_session_free (session); + return_val_if_reached (NULL); + } + + session->token = token; + + return session; +} + +void +p11_session_free (void *data) +{ + p11_session *session = data; + + p11_session_set_operation (session, NULL, NULL); + p11_builder_free (session->builder); + p11_index_free (session->index); + + free (session); +} + +void +p11_session_set_operation (p11_session *session, + p11_session_cleanup cleanup, + void *operation) +{ + assert (session != NULL); + + if (session->cleanup) + (session->cleanup) (session->operation); + session->cleanup = cleanup; + session->operation = operation; +} diff --git a/trust/session.h b/trust/session.h new file mode 100644 index 0000000..ec394b1 --- /dev/null +++ b/trust/session.h @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "builder.h" +#include "index.h" +#include "pkcs11.h" +#include "token.h" + +#ifndef P11_SESSION_H_ +#define P11_SESSION_H_ + +typedef void (* p11_session_cleanup) (void *data); + +typedef struct { + CK_SESSION_HANDLE handle; + p11_index *index; + p11_builder *builder; + p11_token *token; + CK_BBOOL loaded; + bool read_write; + + /* Used by various operations */ + p11_session_cleanup cleanup; + void *operation; +} p11_session; + +p11_session * p11_session_new (p11_token *token); + +void p11_session_free (void *data); + +void p11_session_set_operation (p11_session *session, + p11_session_cleanup cleanup, + void *operation); + +#endif /* P11_SESSION_H_ */ diff --git a/trust/test-asn1.c b/trust/test-asn1.c new file mode 100644 index 0000000..df75dfd --- /dev/null +++ b/trust/test-asn1.c @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "asn1.h" +#include "debug.h" +#include "oid.h" +#include "x509.h" + +#include +#include +#include + +struct { + p11_dict *asn1_defs; +} test; + +static void +setup (void *unused) +{ + test.asn1_defs = p11_asn1_defs_load (); + assert_ptr_not_null (test.asn1_defs); +} + +static void +teardown (void *unused) +{ + p11_dict_free (test.asn1_defs); + memset (&test, 0, sizeof (test)); +} + +static void +test_tlv_length (void) +{ + struct { + const char *der; + size_t der_len; + int expected; + } tlv_lengths[] = { + { "\x01\x01\x00", 3, 3 }, + { "\x01\x01\x00\x01\x02", 5, 3 }, + { "\x01\x05\x00", 3, -1 }, + { NULL } + }; + + int length; + int i; + + for (i = 0; tlv_lengths[i].der != NULL; i++) { + length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len); + assert_num_eq (tlv_lengths[i].expected, length); + } +} + +static const unsigned char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static void +test_asn1_cache (void) +{ + p11_asn1_cache *cache; + p11_dict *defs; + node_asn *asn; + node_asn *check; + + cache = p11_asn1_cache_new (); + assert_ptr_not_null (cache); + + defs = p11_asn1_cache_defs (cache); + assert_ptr_not_null (defs); + + asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client), NULL); + assert_ptr_not_null (defs); + + /* Place the parsed data in the cache */ + p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client)); + + /* Get it back out */ + check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client)); + assert_ptr_eq (asn, check); + + /* Flush should remove it */ + p11_asn1_cache_flush (cache); + check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client)); + assert_ptr_eq (NULL, check); + + p11_asn1_cache_free (cache); +} + +static void +test_asn1_free (void) +{ + p11_dict *defs; + node_asn *asn; + + defs = p11_asn1_defs_load (); + assert_ptr_not_null (defs); + + asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", + test_eku_server_and_client, + sizeof (test_eku_server_and_client), NULL); + assert_ptr_not_null (asn); + + p11_asn1_free (asn); + p11_asn1_free (NULL); + p11_dict_free (defs); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_tlv_length, "/asn1/tlv_length"); + + p11_fixture (NULL, NULL); + p11_test (test_asn1_cache, "/asn1/asn1_cache"); + p11_test (test_asn1_free, "/asn1/free"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-base64.c b/trust/test-base64.c new file mode 100644 index 0000000..ce303e8 --- /dev/null +++ b/trust/test-base64.c @@ -0,0 +1,204 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "base64.h" +#include "debug.h" +#include "message.h" + +#include +#include +#include +#include + +static void +check_decode_msg (const char *file, + int line, + const char *function, + const char *input, + ssize_t input_len, + const unsigned char *expected, + ssize_t expected_len) +{ + unsigned char decoded[8192]; + int length; + + if (input_len < 0) + input_len = strlen (input); + if (expected_len < 0) + expected_len = strlen ((char *)expected); + length = p11_b64_pton (input, input_len, decoded, sizeof (decoded)); + + if (expected == NULL) { + if (length >= 0) + p11_test_fail (file, line, function, "decoding should have failed"); + + } else { + if (length < 0) + p11_test_fail (file, line, function, "decoding failed"); + if (expected_len != length) + p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", + (unsigned long)expected_len, (unsigned long)length); + if (memcmp (decoded, expected, length) != 0) + p11_test_fail (file, line, function, "decoded wrong"); + } +} + +#define check_decode_success(input, input_len, expected, expected_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) + +#define check_decode_failure(input, input_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) + +static void +test_decode_simple (void) +{ + check_decode_success ("", 0, (unsigned char *)"", 0); + check_decode_success ("MQ==", 0, (unsigned char *)"1", 0); + check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1); + check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1); + check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); +} + +static void +test_decode_thawte (void) +{ + const char *input = + "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB" + "rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf" + "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw" + "MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV" + "BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa" + "Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl" + "LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u" + "MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl" + "ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm" + "gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8" + "YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf" + "b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9" + "9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S" + "zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk" + "OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV" + "HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA" + "2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW" + "oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu" + "t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c" + "KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM" + "m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu" + "MdRAGmI0Nj81Aa6sY6A="; + + const unsigned char output[] = { + 0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60, + 0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, + 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, + 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, + 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, + 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, + 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, + 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, + 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, + 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, + 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, + 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, + 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, + 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, + 0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, + 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, + 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, + 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66, + 0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38, + 0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60, + 0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc, + 0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c, + 0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7, + 0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf, + 0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b, + 0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47, + 0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd, + 0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96, + 0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80, + 0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92, + 0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b, + 0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0, + 0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, + 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, + 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40, + 0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53, + 0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef, + 0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16, + 0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b, + 0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88, + 0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee, + 0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60, + 0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f, + 0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc, + 0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4, + 0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4, + 0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc, + 0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05, + 0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f, + 0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e, + 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0, + }; + + check_decode_success (input, -1, output, sizeof (output)); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_decode_simple, "/base64/decode-simple"); + p11_test (test_decode_thawte, "/base64/decode-thawte"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-builder.c b/trust/test-builder.c new file mode 100644 index 0000000..bd9fa11 --- /dev/null +++ b/trust/test-builder.c @@ -0,0 +1,2312 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "attrs.h" +#include "builder.h" +#include "debug.h" +#include "digest.h" +#include "index.h" +#include "message.h" +#include "oid.h" +#include "pkcs11i.h" +#include "pkcs11x.h" + +struct { + p11_builder *builder; + p11_index *index; +} test; + +static CK_TRUST trusted = CKT_NSS_TRUSTED; +static CK_TRUST trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR; +static CK_TRUST not_trusted = CKT_NSS_NOT_TRUSTED; +static CK_TRUST trust_unknown = CKT_NSS_TRUST_UNKNOWN; +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; +static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; +static CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION; +static CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE; +static CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; +static CK_ULONG certificate_authority = 2; +static CK_ULONG other_entity = 3; +static CK_BBOOL truev = CK_TRUE; +static CK_BBOOL falsev = CK_FALSE; + +static void +setup (void *unused) +{ + test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); + assert_ptr_not_null (test.builder); + + test.index = p11_index_new (p11_builder_build, NULL, NULL, p11_builder_changed, test.builder); + assert_ptr_not_null (test.index); +} + +static void +teardown (void *unused) +{ + p11_builder_free (test.builder); + p11_index_free (test.index); + memset (&test, 0, sizeof (test)); +} + +static void +test_get_cache (void) +{ + p11_asn1_cache *cache; + + cache = p11_builder_get_cache (test.builder); + assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4)); +} + +static void +test_build_data (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE check[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_PRIVATE, &falsev, sizeof (falsev) }, + { CKA_LABEL, "", 0 }, + { CKA_VALUE, "the value", 9 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (check, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_LABEL, "the label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, + { CKA_START_DATE, "20110523", 8 }, + { CKA_END_DATE, "20210520", 8, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_LABEL, "the label", 9 }, + { CKA_ID, "u\xa8q`L\x88\x13\xf0x\xd9\x89w\xb5m\xc5\x89\xdf\xbc\xb1z", 20}, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_empty (void) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + CK_ULONG domain = 0; + CK_ULONG category = 0; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_URL, "http://blah", 11 }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_LABEL, "the label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_VALUE, "", 0 }, + { CKA_START_DATE, "", 0 }, + { CKA_END_DATE, "", 0, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, "", 0 }, + { CKA_SERIAL_NUMBER, "", 0 }, + { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) }, + { CKA_LABEL, "the label", 9 }, + { CKA_JAVA_MIDP_SECURITY_DOMAIN, &domain, sizeof (domain) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_digest_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static const unsigned char entrust_pretend_ca[] = { + 0x30, 0x82, 0x04, 0x5c, 0x30, 0x82, 0x03, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x38, + 0x63, 0xb9, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, + 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, + 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, + 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, + 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, + 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, + 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, + 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, + 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x39, 0x31, + 0x32, 0x32, 0x34, 0x31, 0x37, 0x35, 0x30, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, + 0x32, 0x34, 0x31, 0x38, 0x32, 0x30, 0x35, 0x31, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, + 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, + 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, + 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, + 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, + 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, + 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, + 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, + 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, + 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, + 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, + 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, + 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, + 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, + 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, + 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, + 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, + 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, + 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, + 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, + 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, + 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, + 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, + 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, + 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x74, 0x30, 0x72, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x00, 0x07, 0x30, 0x1f, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, + 0xbe, 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe, + 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x41, 0x00, 0x04, 0x10, 0x30, 0x0e, 0x1b, 0x08, + 0x56, 0x35, 0x2e, 0x30, 0x3a, 0x34, 0x2e, 0x30, 0x03, 0x02, 0x04, 0x90, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x59, 0x47, 0xac, 0x21, 0x84, 0x8a, 0x17, 0xc9, 0x9c, 0x89, 0x53, 0x1e, 0xba, 0x80, 0x85, 0x1a, + 0xc6, 0x3c, 0x4e, 0x3e, 0xb1, 0x9c, 0xb6, 0x7c, 0xc6, 0x92, 0x5d, 0x18, 0x64, 0x02, 0xe3, 0xd3, + 0x06, 0x08, 0x11, 0x61, 0x7c, 0x63, 0xe3, 0x2b, 0x9d, 0x31, 0x03, 0x70, 0x76, 0xd2, 0xa3, 0x28, + 0xa0, 0xf4, 0xbb, 0x9a, 0x63, 0x73, 0xed, 0x6d, 0xe5, 0x2a, 0xdb, 0xed, 0x14, 0xa9, 0x2b, 0xc6, + 0x36, 0x11, 0xd0, 0x2b, 0xeb, 0x07, 0x8b, 0xa5, 0xda, 0x9e, 0x5c, 0x19, 0x9d, 0x56, 0x12, 0xf5, + 0x54, 0x29, 0xc8, 0x05, 0xed, 0xb2, 0x12, 0x2a, 0x8d, 0xf4, 0x03, 0x1b, 0xff, 0xe7, 0x92, 0x10, + 0x87, 0xb0, 0x3a, 0xb5, 0xc3, 0x9d, 0x05, 0x37, 0x12, 0xa3, 0xc7, 0xf4, 0x15, 0xb9, 0xd5, 0xa4, + 0x39, 0x16, 0x9b, 0x53, 0x3a, 0x23, 0x91, 0xf1, 0xa8, 0x82, 0xa2, 0x6a, 0x88, 0x68, 0xc1, 0x79, + 0x02, 0x22, 0xbc, 0xaa, 0xa6, 0xd6, 0xae, 0xdf, 0xb0, 0x14, 0x5f, 0xb8, 0x87, 0xd0, 0xdd, 0x7c, + 0x7f, 0x7b, 0xff, 0xaf, 0x1c, 0xcf, 0xe6, 0xdb, 0x07, 0xad, 0x5e, 0xdb, 0x85, 0x9d, 0xd0, 0x2b, + 0x0d, 0x33, 0xdb, 0x04, 0xd1, 0xe6, 0x49, 0x40, 0x13, 0x2b, 0x76, 0xfb, 0x3e, 0xe9, 0x9c, 0x89, + 0x0f, 0x15, 0xce, 0x18, 0xb0, 0x85, 0x78, 0x21, 0x4f, 0x6b, 0x4f, 0x0e, 0xfa, 0x36, 0x67, 0xcd, + 0x07, 0xf2, 0xff, 0x08, 0xd0, 0xe2, 0xde, 0xd9, 0xbf, 0x2a, 0xaf, 0xb8, 0x87, 0x86, 0x21, 0x3c, + 0x04, 0xca, 0xb7, 0x94, 0x68, 0x7f, 0xcf, 0x3c, 0xe9, 0x98, 0xd7, 0x38, 0xff, 0xec, 0xc0, 0xd9, + 0x50, 0xf0, 0x2e, 0x4b, 0x58, 0xae, 0x46, 0x6f, 0xd0, 0x2e, 0xc3, 0x60, 0xda, 0x72, 0x55, 0x72, + 0xbd, 0x4c, 0x45, 0x9e, 0x61, 0xba, 0xbf, 0x84, 0x81, 0x92, 0x03, 0xd1, 0xd2, 0x69, 0x7c, 0xc5, +}; + +static const unsigned char entrust_public_key[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a, + 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40, + 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93, + 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e, + 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5, + 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77, + 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97, + 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89, + 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60, + 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53, + 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce, + 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf, + 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f, + 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90, + 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e, + 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07, + 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +static void +test_build_certificate_non_ca (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &other_entity, sizeof (other_entity) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_v1_ca (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_staple_ca (void) +{ + CK_ULONG category = 2; /* CA */ + + CK_ATTRIBUTE attached[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + /* Adding the attached extension *first*, and then the certificate */ + + /* Add a attached certificate */ + rv = p11_index_add (test.index, attached, 4, NULL); + assert_num_eq (CKR_OK, rv); + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + /* + * Even though the certificate is not a valid CA, the presence of the + * attached certificate extension transforms it into a CA. + */ + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_build_certificate_staple_ca_backwards (void) +{ + CK_ULONG category = 2; /* CA */ + + CK_ATTRIBUTE attached[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_INVALID }, + }; + + CK_RV rv; + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE handle; + + /* Adding the certificate *first*, and then the attached extension */ + + rv = p11_index_add (test.index, input, 4, &handle); + assert_num_eq (CKR_OK, rv); + + /* Add a attached certificate */ + rv = p11_index_add (test.index, attached, 4, NULL); + assert_num_eq (CKR_OK, rv); + + /* + * Even though the certificate is not a valid CA, the presence of the + * attached certificate extension transforms it into a CA. + */ + attrs = p11_index_lookup (test.index, handle); + test_check_attrs (expected, attrs); +} + +static void +test_build_certificate_no_type (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_build_certificate_bad_type (void) +{ + CK_CERTIFICATE_TYPE type = CKC_WTLS; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_build_extension (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE check[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_PRIVATE, &falsev, sizeof (falsev) }, + { CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 }, + { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_LABEL, "", 0 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (check, attrs); + p11_attrs_free (attrs); +} + +/* This certificate has and end date in 2067 */ +static const unsigned char cert_distant_end_date[] = { + 0x30, 0x82, 0x01, 0x6a, 0x30, 0x82, 0x01, 0x14, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03, + 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, + 0x2d, 0x69, 0x6e, 0x2d, 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x33, + 0x30, 0x33, 0x32, 0x37, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x36, + 0x37, 0x31, 0x32, 0x32, 0x39, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x28, 0x31, 0x26, + 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, 0x2d, 0x69, 0x6e, 0x2d, + 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, + 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe2, + 0x2d, 0x35, 0x70, 0x75, 0xc0, 0x07, 0x56, 0x40, 0x7d, 0x63, 0xbc, 0xd2, 0x60, 0xb3, 0xcf, 0xb8, + 0x3d, 0x27, 0x6e, 0x10, 0xcd, 0x42, 0x50, 0x51, 0x9d, 0x79, 0x30, 0x79, 0x5a, 0xe3, 0xc3, 0x51, + 0x38, 0x85, 0x4c, 0xb4, 0x91, 0xd9, 0xe6, 0x8d, 0x69, 0x6a, 0xd4, 0x9c, 0x1c, 0x49, 0xc2, 0x25, + 0x2a, 0xc9, 0x2b, 0xf2, 0xf4, 0x8e, 0x8a, 0x3f, 0x8b, 0x4c, 0x97, 0xc3, 0x16, 0x96, 0x99, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, + 0x1b, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0xc2, 0x83, + 0x27, 0x32, 0x80, 0x74, 0x73, 0xe2, 0xa3, 0x92, 0xaa, 0x7c, 0xd8, 0x50, 0xf4, 0x61, 0x50, 0xb1, + 0x63, 0x9e, 0x29, 0xef, 0x38, 0x1d, 0xc0, 0x55, 0x20, 0x0f, 0x7e, 0xe9, 0x1f, 0xa1, 0x54, 0x1a, + 0x5f, 0x8c, 0x26, 0x1b, 0x66, 0x96, 0x0e, 0x64, 0x52, 0x1c, 0x00, 0x96, 0xfb, 0x81, 0x77, 0xa2, + 0x3a, 0x1d, 0x49, 0x0c, 0x03, 0xd5, 0x19, 0xf2, 0x6a, 0x01, 0x29, 0x31, 0xfb, 0xf5, +}; + +static void +test_build_distant_end_date (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)cert_distant_end_date, sizeof (cert_distant_end_date) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_END_DATE, "20671229", 8 }, + { CKA_START_DATE, "20130327", 8 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_valid_bool (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_BBOOL value = CK_TRUE; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_PRIVATE, &value, sizeof (value) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_bool (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_PRIVATE, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "123"; + input[0].ulValueLen = 3; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + + input[0].pValue = NULL; + input[0].ulValueLen = sizeof (CK_BBOOL); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_ulong (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_ULONG value = 2; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_CERTIFICATE_CATEGORY, &value, sizeof (value) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_ulong (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_CERTIFICATE_CATEGORY, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "123"; + input[0].ulValueLen = 3; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + + input[0].pValue = NULL; + input[0].ulValueLen = sizeof (CK_ULONG); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_utf8 (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_LABEL, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_utf8 (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_LABEL, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "\xfex23"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_dates (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_DATE date; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_START_DATE, &date, sizeof (CK_DATE) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + memcpy (date.year, "2000", sizeof (date.year)); + memcpy (date.month, "10", sizeof (date.month)); + memcpy (date.day, "10", sizeof (date.day)); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); + attrs = NULL; + + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); +} + +static void +test_invalid_dates (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_DATE date; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_START_DATE, &date, sizeof (CK_DATE) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + memcpy (date.year, "AAAA", sizeof (date.year)); + memcpy (date.month, "BB", sizeof (date.month)); + memcpy (date.day, "CC", sizeof (date.day)); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + memcpy (date.year, "2000", sizeof (date.year)); + memcpy (date.month, "15", sizeof (date.month)); + memcpy (date.day, "80", sizeof (date.day)); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_false_or_time (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_NSS_SERVER_DISTRUST_AFTER, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = "\x00"; + input[0].ulValueLen = 1; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); + attrs = NULL; + + input[0].pValue = "190701000000Z"; + input[0].ulValueLen = 13; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); + + input[0].pValue = "20190701000000Z"; + input[0].ulValueLen = 15; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); +} + +static void +test_invalid_false_or_time (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_NSS_SERVER_DISTRUST_AFTER, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "\x01"; + input[0].ulValueLen = 1; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = "\x01\x02\x03"; + input[0].ulValueLen = 3; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_name (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SUBJECT, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); + attrs = NULL; + + input[0].pValue = (void *)test_cacert3_ca_issuer; + input[0].ulValueLen = sizeof (test_cacert3_ca_issuer); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + p11_attrs_free (attrs); +} + +static void +test_invalid_name (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SUBJECT, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "blah"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_serial (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + attrs = NULL; + + input[0].pValue = (void *)test_cacert3_ca_serial; + input[0].ulValueLen = sizeof (test_cacert3_ca_serial); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_serial (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "blah"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = (void *)test_cacert3_ca_subject; + input[0].ulValueLen = sizeof (test_cacert3_ca_subject); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_valid_cert (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_VALUE, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + input[0].pValue = NULL; + input[0].ulValueLen = 0; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); + attrs = NULL; + + input[0].pValue = (void *)test_cacert3_ca_der; + input[0].ulValueLen = sizeof (test_cacert3_ca_der); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_attrs_free (extra); +} + +static void +test_invalid_cert (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_VALUE, NULL, 0 }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + input[0].pValue = "blah"; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = (void *)test_cacert3_ca_subject; + input[0].ulValueLen = sizeof (test_cacert3_ca_subject); + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + input[0].pValue = NULL; + input[0].ulValueLen = 4; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv); + + p11_message_loud (); +} + +static void +test_invalid_schema (void) +{ + CK_ATTRIBUTE *attrs = NULL; + CK_ATTRIBUTE *extra = NULL; + CK_RV rv; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_URL, "http://blah", 11 }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + /* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */ + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + + p11_message_loud (); +} + +static void +test_create_not_settable (void) +{ + /* + * CKA_PUBLIC_KEY_INFO cannot be created/modified + */ + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); + p11_attrs_free (merge); + + p11_message_loud (); + + p11_attrs_free (attrs); +} + +static void +test_create_but_loadable (void) +{ + /* + * CKA_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're + * loading from our store. This is signified by batching. + */ + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_index_load (test.index); + + attrs = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + p11_index_finish (test.index); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (input, attrs); + p11_attrs_free (attrs); +} + +static void +test_create_unsupported (void) +{ + CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_generated (void) +{ + CK_OBJECT_CLASS klass = CKO_NSS_TRUST; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_bad_attribute (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the value", 9 }, + { CKA_COLOR, "blue", 4 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_missing_attribute (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_no_class (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_create_token_mismatch (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_TOKEN, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + p11_message_quiet (); + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv); + p11_attrs_free (merge); + + p11_message_loud (); +} + +static void +test_modify_success (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE modify[] = { + { CKA_VALUE, "new value long", 14 }, + { CKA_LABEL, "new label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "new value long", 14 }, + { CKA_LABEL, "new label", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_modify_read_only (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE modify[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + merge = p11_attrs_dup (input); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, merge, true); + attrs = p11_attrs_merge (attrs, extra, false); + + p11_message_quiet (); + + extra = NULL; + merge = p11_attrs_dup (modify); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); + p11_attrs_free (merge); + + p11_message_loud (); + + p11_attrs_free (attrs); +} + +static void +test_modify_unchanged (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &truev, sizeof (truev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + /* + * Although CKA_CLASS is read-only, changing to same value + * shouldn't fail + */ + + CK_ATTRIBUTE modify[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the other", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "the other", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true); + attrs = p11_attrs_merge (attrs, extra, false); + + test_check_attrs (expected, attrs); + p11_attrs_free (attrs); +} + +static void +test_modify_not_modifiable (void) +{ + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE modify[] = { + { CKA_VALUE, "the value", 9 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *merge; + CK_ATTRIBUTE *extra; + CK_RV rv; + + attrs = NULL; + extra = NULL; + rv = p11_builder_build (test.builder, test.index, attrs, input, &extra); + assert_num_eq (CKR_OK, rv); + + attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true); + attrs = p11_attrs_merge (attrs, extra, false); + + p11_message_quiet (); + + extra = NULL; + merge = p11_attrs_dup (modify); + rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra); + assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv); + p11_attrs_free (merge); + + p11_message_loud (); + + p11_attrs_free (attrs); +} + +static CK_ATTRIBUTE cacert3_assert_distrust_server[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_client[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_code[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_CODE_SIGNING_STR, sizeof (P11_OID_CODE_SIGNING_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_email[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_EMAIL_PROTECTION_STR, sizeof (P11_OID_EMAIL_PROTECTION_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_system[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_END_SYSTEM_STR, sizeof (P11_OID_IPSEC_END_SYSTEM_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_tunnel[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_TUNNEL_STR, sizeof (P11_OID_IPSEC_TUNNEL_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_user[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_USER_STR, sizeof (P11_OID_IPSEC_USER_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_assert_distrust_time[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_TIME_STAMPING_STR, sizeof (P11_OID_TIME_STAMPING_STR) - 1}, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, +}; + +static void +test_changed_trusted_certificate (void) +{ + static CK_ATTRIBUTE cacert3_trusted_certificate[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, + { CKA_START_DATE, "20110523", 8 }, + { CKA_END_DATE, "20210520", 8, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_INVALID }, + }; + + static unsigned char eku_server_and_client[] = { + 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, + }; + + CK_ATTRIBUTE eku_extension_server_and_client[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static char eku_client_email[] = { + 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, + }; + + static CK_ATTRIBUTE reject_extension_email[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_VALUE, eku_client_email, sizeof (eku_client_email) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE nss_trust_server_and_client_distrust_email[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_CLIENT_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CODE_SIGNING, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_IPSEC_END_SYSTEM, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_IPSEC_TUNNEL, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_IPSEC_USER, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_TIME_STAMPING, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_DIGITAL_SIGNATURE, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_NON_REPUDIATION, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_KEY_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_DATA_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_KEY_AGREEMENT, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_KEY_CERT_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_TRUST_CRL_SIGN, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE server_anchor_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE client_anchor_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + /* + * We should get an NSS trust object and various assertions here. + * The first two attributes of each object are enough to look it up, + * and then we check the rest of the attributes match. + */ + + CK_ATTRIBUTE *expected[] = { + nss_trust_server_and_client_distrust_email, + cacert3_assert_distrust_email, + server_anchor_assertion, + client_anchor_assertion, + NULL, + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + int i; + + /* + * A trusted cetrificate, trusted for server and client purposes, + * and explicitly rejects the email and timestamping purposes. + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + + /* The other objects */ + for (i = 0; expected[i]; i++) { + handle = p11_index_find (test.index, expected[i], 2); + assert (handle != 0); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + + test_check_attrs (expected[i], attrs); + } +} + +static void +test_changed_distrust_value (void) +{ + CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate), }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_PRIVATE, &falsev, sizeof (falsev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE eku_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE reject_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE nss_trust_nothing[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_INVALID, } + }; + + /* + * We should get an NSS trust object and various assertions here. + * The first two attributes of each object are enough to look it up, + * and then we check the rest of the attributes match. + */ + + CK_ATTRIBUTE *expected[] = { + nss_trust_nothing, + cacert3_assert_distrust_server, + cacert3_assert_distrust_client, + cacert3_assert_distrust_code, + cacert3_assert_distrust_email, + cacert3_assert_distrust_system, + cacert3_assert_distrust_tunnel, + cacert3_assert_distrust_user, + cacert3_assert_distrust_time, + NULL + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + int i; + + /* + * A distrusted certificate with a value, plus some extra + * extensions (which should be ignored). + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + /* The other objects */ + for (i = 0; expected[i]; i++) { + handle = p11_index_find (test.index, expected[i], 2); + assert (handle != 0); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + + test_check_attrs (expected[i], attrs); + } +} + +static void +test_changed_distrust_serial (void) +{ + CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate), }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE nss_trust_distrust[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CLIENT_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_EMAIL_PROTECTION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CODE_SIGNING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_END_SYSTEM, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_TUNNEL, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_IPSEC_USER, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_TIME_STAMPING, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DIGITAL_SIGNATURE, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_NON_REPUDIATION, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_DATA_ENCIPHERMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_AGREEMENT, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_KEY_CERT_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_TRUST_CRL_SIGN, ¬_trusted, sizeof (not_trusted) }, + { CKA_INVALID, } + }; + + /* + * We should get an NSS trust object and various assertions here. + * The first two attributes of each object are enough to look it up, + * and then we check the rest of the attributes match. + */ + + CK_ATTRIBUTE *expected[] = { + nss_trust_distrust, + cacert3_assert_distrust_server, + cacert3_assert_distrust_client, + cacert3_assert_distrust_code, + cacert3_assert_distrust_email, + cacert3_assert_distrust_system, + cacert3_assert_distrust_tunnel, + cacert3_assert_distrust_user, + cacert3_assert_distrust_time, + NULL + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + int i; + + /* + * A distrusted certificate without a value. + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + for (i = 0; expected[i]; i++) { + handle = p11_index_find (test.index, expected[i], 2); + assert (handle != 0); + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + test_check_attrs (expected[i], attrs); + } +} + +static void +test_changed_dup_certificates (void) +{ + static CK_ATTRIBUTE trusted_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE trusted_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE distrust_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_TRUST_SERVER_AUTH, ¬_trusted, sizeof (not_trusted) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE unknown_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 }, + { CKA_TRUST_SERVER_AUTH, &trust_unknown, sizeof (trust_unknown) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE match_nss[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + static CK_ATTRIBUTE anchor_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE distrust_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE match_assertion[] = { + { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, + { CKA_ID, "cacert3", 7 }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE handle1; + CK_OBJECT_HANDLE handle2; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + /* + * A trusted certificate, should create trutsed nss trust + * and anchor assertions + */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + handle = p11_index_find (test.index, match_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, match_assertion, -1); + assert (handle != 0); + handle = p11_index_find (test.index, trusted_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, anchor_assertion, -1); + assert (handle != 0); + + /* Now we add a distrusted certificate, should update the objects */ + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + handle = p11_index_find (test.index, trusted_nss, -1); + assert (handle == 0); + handle = p11_index_find (test.index, distrust_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, anchor_assertion, -1); + assert (handle == 0); + handle = p11_index_find (test.index, distrust_assertion, -1); + assert (handle != 0); + + /* Now remove the trusted cetrificate, should update again */ + rv = p11_index_remove (test.index, handle2); + assert_num_eq (CKR_OK, rv); + + handle = p11_index_find (test.index, trusted_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, distrust_nss, -1); + assert (handle == 0); + handle = p11_index_find (test.index, anchor_assertion, -1); + assert (handle != 0); + handle = p11_index_find (test.index, distrust_assertion, -1); + assert (handle == 0); + + /* Now remove the original certificate, unknown nss and no assertions */ + rv = p11_index_remove (test.index, handle1); + assert_num_eq (CKR_OK, rv); + + handle = p11_index_find (test.index, unknown_nss, -1); + assert (handle != 0); + handle = p11_index_find (test.index, match_assertion, -1); + assert (handle == 0); +} + +static void +test_changed_without_id (void) +{ + static CK_ATTRIBUTE trusted_without_id[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, NULL, 0, }, + { CKA_INVALID }, + }; + + CK_OBJECT_CLASS klass = 0; + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID }, + }; + + /* + * A cetrificate without a CKA_ID that's created should still + * automatically create compat objects. + */ + + CK_OBJECT_HANDLE handle; + CK_RV rv; + + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + klass = CKO_NSS_TRUST; + handle = p11_index_find (test.index, match, -1); + assert (handle != 0); + + klass = CKO_X_TRUST_ASSERTION; + handle = p11_index_find (test.index, match, -1); + assert (handle != 0); +} + +static void +test_changed_staple_ca (void) +{ + CK_ULONG category = 0; + + CK_ATTRIBUTE attached[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, + { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE match[] = { + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_RV rv; + + attrs = NULL; + rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); + assert_num_eq (CKR_OK, rv); + + /* Not a CA at this point, until we staple */ + category = 0; + assert (p11_index_find (test.index, match, -1) == 0); + + /* Add a attached basic constraint */ + rv = p11_index_add (test.index, attached, 4, NULL); + assert_num_eq (CKR_OK, rv); + + /* Now should be a CA */ + category = 2; + assert (p11_index_find (test.index, match, -1) != 0); + + p11_attrs_free (attrs); +} + +static void +test_changed_staple_ku (void) +{ + CK_ATTRIBUTE attached_ds_and_np[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, + { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) }, + { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 }, + { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE input[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "the id", 6 }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE nss_trust_ds_and_np[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust), }, + { CKA_ID, "the id", 6 }, + { CKA_TRUST_SERVER_AUTH, &trusted, sizeof (trusted) }, + { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) }, + { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) }, + { CKA_TRUST_CODE_SIGNING, &trusted, sizeof (trusted) }, + { CKA_TRUST_IPSEC_END_SYSTEM, &trusted, sizeof (trusted) }, + { CKA_TRUST_IPSEC_TUNNEL, &trusted, sizeof (trusted) }, + { CKA_TRUST_IPSEC_USER, &trusted, sizeof (trusted) }, + { CKA_TRUST_TIME_STAMPING, &trusted, sizeof (trusted) }, + { CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) }, + { CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) }, + { CKA_TRUST_KEY_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_DATA_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_KEY_AGREEMENT, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_KEY_CERT_SIGN, &trust_unknown, sizeof (trust_unknown) }, + { CKA_TRUST_CRL_SIGN, &trust_unknown, sizeof (trust_unknown) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *attrs; + CK_RV rv; + + p11_index_load (test.index); + rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); + assert_num_eq (CKR_OK, rv); + rv = p11_index_take (test.index, p11_attrs_dup (attached_ds_and_np), NULL); + assert_num_eq (CKR_OK, rv); + p11_index_finish (test.index); + + handle = p11_index_find (test.index, nss_trust_ds_and_np, 2); + assert (handle != 0); + + attrs = p11_index_lookup (test.index, handle); + test_check_attrs (nss_trust_ds_and_np, attrs); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_get_cache, "/builder/get_cache"); + p11_test (test_build_data, "/builder/build_data"); + p11_test (test_build_certificate, "/builder/build_certificate"); + p11_test (test_build_certificate_empty, "/builder/build_certificate_empty"); + p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca"); + p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca"); + p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca"); + p11_test (test_build_certificate_staple_ca_backwards, "/builder/build-certificate-staple-ca-backwards"); + p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type"); + p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type"); + p11_test (test_build_extension, "/builder/build_extension"); + p11_test (test_build_distant_end_date, "/builder/build_distant_end_date"); + + p11_test (test_valid_bool, "/builder/valid-bool"); + p11_test (test_valid_ulong, "/builder/valid-ulong"); + p11_test (test_valid_utf8, "/builder/valid-utf8"); + p11_test (test_valid_dates, "/builder/valid-date"); + p11_test (test_valid_name, "/builder/valid-name"); + p11_test (test_valid_serial, "/builder/valid-serial"); + p11_test (test_valid_cert, "/builder/valid-cert"); + p11_test (test_valid_false_or_time, "/builder/valid-false-or-time"); + p11_test (test_invalid_bool, "/builder/invalid-bool"); + p11_test (test_invalid_ulong, "/builder/invalid-ulong"); + p11_test (test_invalid_utf8, "/builder/invalid-utf8"); + p11_test (test_invalid_dates, "/builder/invalid-date"); + p11_test (test_invalid_name, "/builder/invalid-name"); + p11_test (test_invalid_serial, "/builder/invalid-serial"); + p11_test (test_invalid_cert, "/builder/invalid-cert"); + p11_test (test_invalid_false_or_time, "/builder/invalid-false-or-time"); + p11_test (test_invalid_schema, "/builder/invalid-schema"); + + p11_test (test_create_not_settable, "/builder/create_not_settable"); + p11_test (test_create_but_loadable, "/builder/create_but_loadable"); + p11_test (test_create_unsupported, "/builder/create_unsupported"); + p11_test (test_create_generated, "/builder/create_generated"); + p11_test (test_create_bad_attribute, "/builder/create_bad_attribute"); + p11_test (test_create_missing_attribute, "/builder/create_missing_attribute"); + p11_test (test_create_no_class, "/builder/create_no_class"); + p11_test (test_create_token_mismatch, "/builder/create_token_mismatch"); + p11_test (test_modify_success, "/builder/modify_success"); + p11_test (test_modify_read_only, "/builder/modify_read_only"); + p11_test (test_modify_unchanged, "/builder/modify_unchanged"); + p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable"); + + p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate"); + p11_test (test_changed_distrust_value, "/builder/changed_distrust_value"); + p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial"); + p11_test (test_changed_without_id, "/builder/changed_without_id"); + p11_test (test_changed_staple_ca, "/builder/changed_staple_ca"); + p11_test (test_changed_staple_ku, "/builder/changed_staple_ku"); + p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-bundle.c b/trust/test-bundle.c new file mode 100644 index 0000000..f1c2841 --- /dev/null +++ b/trust/test-bundle.c @@ -0,0 +1,276 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include +#include +#include +#include + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_not_reached (); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +test_file (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_pem_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3.pem"); + + free (destination); +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_pem_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3-twice.pem"); + + free (destination); +} + +static void +test_file_without (void) +{ + char *destination; + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_pem_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_data (test.directory, "extract.pem", "", 0); + + free (destination); +} + +static void +test_directory (void) +{ + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_pem_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL)); + test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem"); + test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem"); +} + +static void +test_directory_empty (void) +{ + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_pem_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, (NULL, NULL)); +} + +static void +test_directory_hash (void) +{ + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_pem_directory_hash (&test.ex, test.directory); + assert_num_eq (true, ret); + +#ifdef OS_UNIX + test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", + "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", + NULL)); +#else + test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", + NULL)); +#endif + test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem"); + test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem"); +#ifdef OS_UNIX + test_check_symlink (test.directory, "e5662767.0", "Cacert3_Here.pem"); + test_check_symlink (test.directory, "e5662767.1", "Cacert3_Here.1.pem"); + test_check_symlink (test.directory, "590d426f.0", "Cacert3_Here.pem"); + test_check_symlink (test.directory, "590d426f.1", "Cacert3_Here.1.pem"); +#endif +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file, "/pem/test_file"); + p11_test (test_file_multiple, "/pem/test_file_multiple"); + p11_test (test_file_without, "/pem/test_file_without"); + p11_test (test_directory, "/pem/test_directory"); + p11_test (test_directory_empty, "/pem/test_directory_empty"); + p11_test (test_directory_hash, "/pem/test_directory_hash"); + return p11_test_run (argc, argv); +} + +#include "enumerate.c" +#include "extract-pem.c" +#include "extract-openssl.c" +#include "save.c" diff --git a/trust/test-cer.c b/trust/test-cer.c new file mode 100644 index 0000000..a412eff --- /dev/null +++ b/trust/test-cer.c @@ -0,0 +1,248 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include +#include +#include +#include + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_fail ("rmdir() failed", test.directory); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +test_file (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + ret = p11_extract_x509_file (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der"); + + free (destination); +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + p11_message_quiet (); + + ret = p11_extract_x509_file (&test.ex, destination); + assert_num_eq (true, ret); + + assert (strstr (p11_message_last (), "multiple certificates") != NULL); + + p11_message_loud (); + + test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der"); + + free (destination); +} + +static void +test_file_without (void) +{ + char *destination; + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0) + assert_not_reached (); + + p11_message_quiet (); + + ret = p11_extract_x509_file (&test.ex, destination); + assert_num_eq (false, ret); + + assert (strstr (p11_message_last (), "no certificate") != NULL); + + p11_message_loud (); + + free (destination); +} + +static void +test_directory (void) +{ + bool ret; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_x509_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL)); + test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/trust/fixtures/cacert3.der"); + test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_directory_empty (void) +{ + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_x509_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, (NULL, NULL)); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file, "/x509/test_file"); + p11_test (test_file_multiple, "/x509/test_file_multiple"); + p11_test (test_file_without, "/x509/test_file_without"); + p11_test (test_directory, "/x509/test_directory"); + p11_test (test_directory_empty, "/x509/test_directory_empty"); + return p11_test_run (argc, argv); +} + +#include "enumerate.c" +#include "extract-cer.c" +#include "save.c" diff --git a/trust/test-digest.c b/trust/test-digest.c new file mode 100644 index 0000000..f2cb669 --- /dev/null +++ b/trust/test-digest.c @@ -0,0 +1,143 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#include "digest.h" + +const char *sha1_input[] = { + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL +}; + +const char *sha1_checksum[] = { + "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", + "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", + NULL +}; + +static void +test_sha1 (void) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + size_t len; + int i; + + for (i = 0; sha1_input[i] != NULL; i++) { + memset (checksum, 0, sizeof (checksum)); + len = strlen (sha1_input[i]); + + p11_digest_sha1 (checksum, sha1_input[i], len, NULL); + assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); + + if (len > 6) { + p11_digest_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL); + assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0); + } + } +} + +static void +test_sha1_long (void) +{ + unsigned char checksum[P11_DIGEST_SHA1_LEN]; + char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"; + char *input; + + input = malloc (1000000); + assert (input != NULL); + memset (input, 'a', 1000000); + + p11_digest_sha1 (checksum, input, 1000000, NULL); + assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0); + + free (input); +} + +const char *md5_input[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + NULL +}; + +const char *md5_checksum[] = { + "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e", + "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61", + "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", + "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0", + "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b", + NULL +}; + +static void +test_md5 (void) +{ + unsigned char checksum[P11_DIGEST_MD5_LEN]; + size_t len; + int i; + + for (i = 0; md5_input[i] != NULL; i++) { + memset (checksum, 0, sizeof (checksum)); + len = strlen (md5_input[i]); + + p11_digest_md5 (checksum, md5_input[i], len, NULL); + assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); + + if (len > 5) { + p11_digest_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL); + assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0); + } + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_sha1, "/digest/sha1"); + p11_test (test_sha1_long, "/digest/sha1-long"); + p11_test (test_md5, "/digest/md5"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-edk2.c b/trust/test-edk2.c new file mode 100644 index 0000000..33933cf --- /dev/null +++ b/trust/test-edk2.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2018, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Authors: Stef Walter + * Laszlo Ersek + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" /* test_cacert3_ca_der */ + +#include "attrs.h" /* p11_attrs_build() */ +#include "extract.h" /* p11_extract_edk2_cacerts() */ +#include "mock.h" /* mock_module_reset() */ +#include "pkcs11.h" /* CK_FUNCTION_LIST */ +#include "pkcs11x.h" /* CKO_X_CERTIFICATE_EXTENSION */ +#include "oid.h" /* P11_OID_EXTENDED_KEY_USAGE */ +#include "test.h" /* p11_test() */ + +#include /* va_list */ +#include /* asprintf() */ +#include /* free() */ +#include /* memcpy() */ +#include /* rmdir() */ + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_not_reached (); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + p11_kit_iter_free (test.ex.iter); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; +static CK_BBOOL vtrue = CK_TRUE; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE verisign_v1_attrs[] = { + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_reject_email[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) GNUC_NULL_TERMINATED; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) +{ + static CK_ULONG id_value = 8888; + + CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; + CK_ATTRIBUTE *copy; + va_list va; + + va_start (va, attrs); + while (attrs != NULL) { + copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); + assert (copy != NULL); + mock_module_take_object (MOCK_SLOT_ONE_ID, copy); + attrs = va_arg (va, const CK_ATTRIBUTE *); + } + va_end (va); + + id_value++; +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + setup_objects (verisign_v1_attrs, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.edk2") < 0) + assert_not_reached (); + + ret = p11_extract_edk2_cacerts (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.edk2", SRCDIR "/trust/fixtures/multiple.edk2"); + free (destination); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file_multiple, "/edk2/test_file_multiple"); + + return p11_test_run (argc, argv); +} + +#include "enumerate.c" /* p11_enumerate_init() */ +#include "extract-edk2.c" /* p11_extract_edk2_cacerts() */ diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c new file mode 100644 index 0000000..d82863f --- /dev/null +++ b/trust/test-enumerate.c @@ -0,0 +1,573 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include + + +static void +test_file_name_for_label (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_enumerate ex; + char *name; + + p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; + + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + name = p11_enumerate_filename (&ex); + assert_str_eq ("The_Label_", name); + free (name); + + p11_enumerate_cleanup (&ex); +} + +static void +test_file_name_for_class (void) +{ + p11_enumerate ex; + char *name; + + p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; + + ex.klass = CKO_CERTIFICATE; + + name = p11_enumerate_filename (&ex); + assert_str_eq ("certificate", name); + free (name); + + ex.klass = CKO_DATA; + + name = p11_enumerate_filename (&ex); + assert_str_eq ("unknown", name); + free (name); + + p11_enumerate_cleanup (&ex); +} + +static void +test_comment_for_label (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_enumerate ex; + char *comment; + + p11_enumerate_init (&ex); + + ex.flags = P11_EXTRACT_COMMENT | P11_ENUMERATE_CORRELATE; + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + comment = p11_enumerate_comment (&ex, true); + assert_str_eq ("# The Label!\n", comment); + free (comment); + + comment = p11_enumerate_comment (&ex, false); + assert_str_eq ("\n# The Label!\n", comment); + free (comment); + + p11_enumerate_cleanup (&ex); +} + +static void +test_comment_not_enabled (void) +{ + CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 }; + p11_enumerate ex; + char *comment; + + p11_enumerate_init (&ex); + + ex.flags |= P11_ENUMERATE_CORRELATE; + ex.attrs = p11_attrs_build (NULL, &label, NULL); + + comment = p11_enumerate_comment (&ex, true); + assert_ptr_eq (NULL, comment); + + comment = p11_enumerate_comment (&ex, false); + assert_ptr_eq (NULL, comment); + + p11_enumerate_cleanup (&ex); +} + +struct { + CK_FUNCTION_LIST module; + CK_FUNCTION_LIST_PTR modules[2]; + p11_enumerate ex; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; + + /* Prefill the modules */ + test.modules[0] = &test.module; + test.modules[1] = NULL; + test.ex.modules = test.modules; +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + /* Don't free the modules */ + test.ex.modules = NULL; + + p11_enumerate_cleanup (&test.ex); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS public_key_class = CKO_PUBLIC_KEY; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; +static CK_BBOOL truev = CK_TRUE; + +static CK_ATTRIBUTE cacert3_trusted[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Cacert3 Here", 11 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_ID, "ID1", 3 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_distrusted[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Another CaCert", 11 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE cacert3_distrusted_by_key[] = { + { CKA_CLASS, &public_key_class, sizeof (public_key_class) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server_client[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_invalid[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_any[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_ID, "ID1", 3 }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + /* anyExtendedKeyUsage ('2 5 29 37 0') and + * Microsoft Smart Card Logon ('1 3 6 1 4 1 311 20 2 2') */ + { CKA_VALUE, "\x30\x1b\x06\x03\x55\x1d\x25\x04\x14\x30\x12\x06\x04\x55\x1d\x25\x00\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x02", 29 }, + { CKA_INVALID }, +}; + +static void +test_info_simple_certificate (void) +{ + void *value; + size_t length; + CK_RV rv; + + assert_ptr_not_null (test.ex.asn1_defs); + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + assert_num_eq (CKO_CERTIFICATE, test.ex.klass); + assert_ptr_not_null (test.ex.attrs); + value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length); + assert_ptr_not_null (value); + assert (memcmp (value, test_cacert3_ca_der, length) == 0); + assert_ptr_not_null (test.ex.cert_der); + assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); + assert_ptr_not_null (test.ex.cert_asn); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_info_limit_purposes (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + /* This should not match the above, with the attached certificate ext */ + assert_ptr_eq (NULL, test.ex.limit_to_purposes); + p11_enumerate_opt_purpose (&test.ex, "1.1.1"); + assert_ptr_not_null (test.ex.limit_to_purposes); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_info_invalid_purposes (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_enumerate_ready (&test.ex, NULL); + + p11_kit_be_quiet (); + + /* No results due to invalid purpose on certificate */ + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); + + p11_kit_be_loud (); +} + +static void +test_info_skip_non_certificate (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + assert_num_eq (CKO_CERTIFICATE, test.ex.klass); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); + + p11_message_loud (); +} + +static void +test_limit_to_purpose_match (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR); + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + p11_message_loud (); +} + +static void +test_limit_to_purpose_no_match (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); + + p11_enumerate_opt_purpose (&test.ex, "3.3.3.3"); + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); + + p11_message_loud (); +} + +static void +test_limit_to_purpose_match_any (void) +{ + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_any); + + p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR); + p11_enumerate_ready (&test.ex, NULL); + + p11_message_quiet (); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + p11_message_loud (); +} + +static void +test_duplicate_extract (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_duplicate_distrusted (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_ATTRIBUTE attrs[] = { + { CKA_X_DISTRUSTED, NULL, 0 }, + }; + + CK_BBOOL val; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + + test.ex.flags = P11_ENUMERATE_COLLAPSE | P11_ENUMERATE_CORRELATE; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1); + assert_num_eq (CKR_OK, rv); + assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val)); + assert_num_eq (val, CK_TRUE); + free (attrs[0].pValue); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_trusted_match (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_CORRELATE; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_distrust_match (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_BBOOL boolv; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + test.ex.flags = P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv)) + boolv = CK_FALSE; + assert_num_eq (CK_TRUE, boolv); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_override_by_issuer_serial (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_BBOOL distrusted = CK_FALSE; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); + + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_OK, rv); + + assert (p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &distrusted)); + assert_num_eq (CK_TRUE, distrusted); + + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +static void +test_override_by_public_key (void) +{ + CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) }; + CK_RV rv; + + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); + mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key); + + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; + p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); + p11_enumerate_ready (&test.ex, NULL); + + /* No results returned, because distrust is not a cert */ + rv = p11_kit_iter_next (test.ex.iter); + assert_num_eq (CKR_CANCEL, rv); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_test (test_file_name_for_label, "/extract/test_file_name_for_label"); + p11_test (test_file_name_for_class, "/extract/test_file_name_for_class"); + p11_test (test_comment_for_label, "/extract/test_comment_for_label"); + p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled"); + + p11_fixture (setup, teardown); + p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate"); + p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes"); + p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes"); + p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate"); + p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match"); + p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match"); + p11_test (test_limit_to_purpose_match_any, "/extract/test_limit_to_purpose_no_match_any"); + p11_test (test_duplicate_extract, "/extract/test_duplicate_extract"); + p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted"); + p11_test (test_trusted_match, "/extract/test_trusted_match"); + p11_test (test_distrust_match, "/extract/test_distrust_match"); + p11_test (test_override_by_issuer_serial, "/extract/override-by-issuer-and-serial"); + p11_test (test_override_by_public_key, "/extract/override-by-public-key"); + + return p11_test_run (argc, argv); +} + +#include "enumerate.c" diff --git a/trust/test-extract.sh b/trust/test-extract.sh new file mode 100644 index 0000000..61745a9 --- /dev/null +++ b/trust/test-extract.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +. "${builddir=.}/test-init.sh" + +teardown() +{ + for x in $TD; do + if [ -d $x ]; then + rmdir $x + elif [ -f $x ]; then + rm $x + fi + done + TD="" +} + +openssl_quiet() +( + command='/Generating a|-----|^[.+]+$|writing new private key/d' + exec 3>&1 + openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&- +) + +setup() +{ + # Parse the trust paths + oldifs="$IFS" + IFS=: + set $with_trust_paths + IFS="$oldifs" + + if [ ! -d $1 ]; then + skip "$1 is not a directory" + return + fi + + SOURCE_1=$1 + if [ $# -lt 2 ]; then + warning "certain tests neutered if only 1 trust path: $with_trust_paths" + SOURCE_2=$1 + else + SOURCE_2=$2 + fi + + # Make a temporary directory + dir=$(mktemp -d) + cd $dir + CLEANUP="$dir $TD" + + # Generate a unique identifier + CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=') + + # Generate relevant certificates + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_1.pem -subj /CN=$CERT_1_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_2.pem -subj /CN=$CERT_2_CN + openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \ + -out cert_3.pem -subj /CN=$CERT_3_CN + + TD="cert_1.pem cert_2.pem cert_3.pem $TD" + + mkdir -p $SOURCE_1/anchors + cp cert_1.pem $SOURCE_1/anchors/ + + mkdir -p $SOURCE_2/anchors + cp cert_2.pem $SOURCE_2/anchors/ + cp cert_3.pem $SOURCE_2/anchors/ + + TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD" +} + +test_extract() +{ + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + extract-test.pem + + assert_contains extract-test.pem $CERT_1_CN + assert_contains extract-test.pem $CERT_2_CN + assert_contains extract-test.pem $CERT_3_CN +} + +test_blacklist() +{ + mkdir -p $SOURCE_1/blacklist + cp cert_3.pem $SOURCE_1/blacklist + TD="$SOURCE_1/blacklist/cert_3.pem $TD" + + trust extract --filter=ca-anchors --format=pem-bundle \ + --purpose=server-auth --comment \ + blacklist-test.pem + + assert_contains blacklist-test.pem $CERT_1_CN + assert_not_contains blacklist-test.pem $CERT_3_CN +} + +run test_extract test_blacklist diff --git a/trust/test-index.c b/trust/test-index.c new file mode 100644 index 0000000..fc861b2 --- /dev/null +++ b/trust/test-index.c @@ -0,0 +1,1144 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include +#include + +#include "attrs.h" +#include "debug.h" +#include "index.h" +#include "message.h" + +struct { + p11_index *index; +} test; + +static void +setup (void *unused) +{ + test.index = p11_index_new (NULL, NULL, NULL, NULL, NULL); + assert_ptr_not_null (test.index); +} + +static void +teardown (void *unused) +{ + p11_index_free (test.index); + memset (&test, 0, sizeof (test)); +} + +static void +test_take_lookup (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); + + check = p11_index_lookup (test.index, 1UL); + assert_ptr_eq (NULL, check); + + check = p11_index_lookup (test.index, 0UL); + assert_ptr_eq (NULL, check); +} + +static void +test_add_lookup (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + rv = p11_index_add (test.index, original, 2, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); +} + +static void +test_size (void) +{ + static CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_RV rv; + + rv = p11_index_add (test.index, original, 2, NULL); + assert (rv == CKR_OK); + + rv = p11_index_add (test.index, original, 2, NULL); + assert (rv == CKR_OK); + + rv = p11_index_add (test.index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (3, p11_index_size (test.index)); +} + +static int +compar_ulong (const void *one, + const void *two) +{ + const CK_ULONG *u1 = one; + const CK_ULONG *u2 = two; + + if (*u1 == *u2) + return 0; + if (*u1 < *u2) + return -1; + return 1; +} + +static void +test_snapshot (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + static const int NUM = 16; + CK_OBJECT_HANDLE expected[NUM]; + CK_OBJECT_HANDLE *snapshot; + int i; + + for (i = 0; i < NUM; i++) + p11_index_add (test.index, original, 2, expected + i); + + snapshot = p11_index_snapshot (test.index, NULL, NULL, 0); + assert_ptr_not_null (snapshot); + + for (i = 0; i < NUM; i++) + assert (snapshot[i] != 0); + assert (snapshot[NUM] == 0); + + qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong); + + for (i = 0; i < NUM; i++) + assert_num_eq (expected[i], snapshot[i]); + + free (snapshot); +} + +static void +test_snapshot_base (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + static const int NUM = 16; + CK_OBJECT_HANDLE expected[NUM]; + CK_OBJECT_HANDLE *snapshot; + CK_RV rv; + int i; + + for (i = 0; i < NUM; i++) { + rv = p11_index_add (test.index, original, 2, expected + i); + assert (rv == CKR_OK); + } + + snapshot = p11_index_snapshot (test.index, test.index, NULL, 0); + assert_ptr_not_null (snapshot); + + for (i = 0; i < NUM * 2; i++) + assert (snapshot[i] != 0); + assert (snapshot[NUM * 2] == 0); + + qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong); + + for (i = 0; i < NUM * 2; i++) + assert_num_eq (expected[i / 2], snapshot[i]); + + free (snapshot); +} + +static void +test_remove (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + assert_ptr_eq (attrs, check); + + rv = p11_index_remove (test.index, 1UL); + assert (rv == CKR_OBJECT_HANDLE_INVALID); + + rv = p11_index_remove (test.index, handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + assert_ptr_eq (NULL, check); +} + +static void +test_set (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; + + CK_ATTRIBUTE changed[] = { + { CKA_LABEL, "naay", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); + + rv = p11_index_set (test.index, handle, &change, 1); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (changed, check); + + rv = p11_index_set (test.index, 1UL, &change, 1); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_update (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 }; + + CK_ATTRIBUTE changed[] = { + { CKA_LABEL, "naay", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *check; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + attrs = p11_attrs_dup (original); + rv = p11_index_take (test.index, attrs, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (original, check); + + attrs = p11_attrs_build (NULL, &change, NULL); + rv = p11_index_update (test.index, handle, attrs); + assert (rv == CKR_OK); + + check = p11_index_lookup (test.index, handle); + test_check_attrs (changed, check); + + attrs = p11_attrs_build (NULL, &change, NULL); + rv = p11_index_update (test.index, 1L, attrs); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_find (void) +{ + CK_ATTRIBUTE first[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "two", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE third[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "three", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match3[] = { + { CKA_VALUE, "three", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_any[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_none[] = { + { CKA_VALUE, "blonononon", 10 }, + { CKA_LABEL, "yay", 3 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE check; + CK_OBJECT_HANDLE one; + CK_OBJECT_HANDLE two; + CK_OBJECT_HANDLE three; + + p11_index_add (test.index, first, 2, &one); + p11_index_add (test.index, second, 2, &two); + p11_index_add (test.index, third, 2, &three); + + check = p11_index_find (test.index, match3, -1); + assert_num_eq (three, check); + + check = p11_index_find (test.index, match3, 1); + assert_num_eq (three, check); + + check = p11_index_find (test.index, match_any, -1); + assert (check == one || check == two || check == three); + + check = p11_index_find (test.index, match_any, 1); + assert (check == one || check == two || check == three); + + check = p11_index_find (test.index, match_none, -1); + assert_num_eq (0, check); + + check = p11_index_find (test.index, match_none, 2); + assert_num_eq (0, check); +} + +static bool +handles_are (CK_OBJECT_HANDLE *handles, + ...) +{ + CK_OBJECT_HANDLE handle; + bool matched = true; + int count; + int num; + va_list va; + int i; + + if (!handles) + return false; + + /* Count number of handles */ + for (num = 0; handles[num]; num++); + + va_start (va, handles); + + for (count = 0; matched; count++) { + handle = va_arg (va, CK_OBJECT_HANDLE); + if (handle == 0) + break; + + for (i = 0; handles[i]; i++) { + if (handle == handles[i]) + break; + } + + if (handles[i] != handle) + matched = false; + } + + va_end (va); + + return matched && (count == num); +} + +static void +test_find_all (void) +{ + CK_ATTRIBUTE first[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "even", 4 }, + { CKA_VALUE, "two", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE third[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "three", 5 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_odd[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_3[] = { + { CKA_VALUE, "three", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_any[] = { + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_none[] = { + { CKA_VALUE, "blonononon", 10 }, + { CKA_LABEL, "yay", 3 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE *check; + CK_OBJECT_HANDLE one; + CK_OBJECT_HANDLE two; + CK_OBJECT_HANDLE three; + + p11_index_add (test.index, first, 3, &one); + p11_index_add (test.index, second, 3, &two); + p11_index_add (test.index, third, 3, &three); + + check = p11_index_find_all (test.index, match_3, -1); + assert (handles_are (check, three, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_none, -1); + assert (handles_are (check, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_odd, -1); + assert (handles_are (check, one, three, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_any, -1); + assert (handles_are (check, one, two, three, 0UL)); + free (check); + + check = p11_index_find_all (test.index, match_none, -1); + assert_ptr_not_null (check); + assert_num_eq (0, check[0]); + free (check); + + /* A double check of this method */ + one = 0UL; + check = &one; + assert (!handles_are (check, 29292929, 0UL)); + assert (!handles_are (NULL, 0UL)); +} + +static void +test_find_realloc (void) +{ + CK_ATTRIBUTE attrs[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE *check; + int i; + + for (i = 0; i < 1000; i++) + p11_index_add (test.index, attrs, 3, NULL); + + check = p11_index_find_all (test.index, match, -1); + assert_ptr_not_null (check); + + for (i = 0; i < 1000; i++) + assert (check[i] != 0); + assert_num_eq (0, check[1000]); + + free (check); +} + +static void +test_replace_all (void) +{ + CK_ATTRIBUTE first[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "even", 4 }, + { CKA_VALUE, "two", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE third[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "three", 5 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE fifth[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "five", 4 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE eins[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "replace", 7 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE sieben[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "seven", 5 }, + { CKA_APPLICATION, "replace", 7 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE neun[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "nine", 4 }, + { CKA_APPLICATION, "replace", 7 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE check; + CK_OBJECT_HANDLE one; + CK_OBJECT_HANDLE two; + CK_OBJECT_HANDLE three; + CK_OBJECT_HANDLE five; + p11_array *array; + CK_RV rv; + + p11_index_add (test.index, first, 3, &one); + assert (one != 0); + p11_index_add (test.index, second, 3, &two); + assert (two != 0); + p11_index_add (test.index, third, 3, &three); + assert (three != 0); + p11_index_add (test.index, fifth, 3, &five); + assert (five != 0); + + array = p11_array_new (p11_attrs_free); + p11_array_push (array, p11_attrs_buildn (NULL, eins, 3)); + p11_array_push (array, p11_attrs_buildn (NULL, sieben, 3)); + p11_array_push (array, p11_attrs_buildn (NULL, neun, 3)); + + rv = p11_index_replace_all (test.index, match, CKA_VALUE, array); + assert (rv == CKR_OK); + + assert_num_eq (0, array->num); + p11_array_free (array); + + /* eins should have replaced one */ + check = p11_index_find (test.index, eins, -1); + assert_num_eq (one, check); + + /* two should still be around */ + check = p11_index_find (test.index, second, -1); + assert_num_eq (two, check); + + /* three should have been removed */ + check = p11_index_find (test.index, third, -1); + assert_num_eq (0, check); + + /* five should have been removed */ + check = p11_index_find (test.index, fifth, -1); + assert_num_eq (0, check); + + /* sieben should have been added */ + check = p11_index_find (test.index, sieben, -1); + assert (check != one && check != two && check != three && check != five); + + /* neun should have been added */ + check = p11_index_find (test.index, neun, -1); + assert (check != one && check != two && check != three && check != five); + + assert_num_eq (4, p11_index_size (test.index)); +} + +static CK_RV +on_index_build_fail (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + CK_ATTRIBUTE *match = data; + + if (p11_attrs_match (merge, match)) + return CKR_FUNCTION_FAILED; + + return CKR_OK; +} + +static void +test_replace_all_build_fails (void) +{ + CK_ATTRIBUTE replace[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_VALUE, "one", 3 }, + { CKA_APPLICATION, "test", 4 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_LABEL, "odd", 3 }, + { CKA_INVALID } + }; + + p11_array *array; + p11_index *index; + CK_RV rv; + + index = p11_index_new (on_index_build_fail, NULL, NULL, NULL, &match); + assert_ptr_not_null (index); + + array = p11_array_new (p11_attrs_free); + if (!p11_array_push (array, p11_attrs_dup (replace))) + assert_not_reached (); + + rv = p11_index_replace_all (index, NULL, CKA_INVALID, array); + assert_num_eq (rv, CKR_FUNCTION_FAILED); + + p11_array_free (array); + p11_index_free (index); +} + + +static CK_RV +on_build_populate (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + CK_ATTRIBUTE more[] = { + { CKA_APPLICATION, "vigorous", 8 }, + { CKA_LABEL, "naay", 4 }, + }; + + assert_str_eq (data, "blah"); + assert_ptr_not_null (index); + assert_ptr_not_null (merge); + + *populate = p11_attrs_buildn (*populate, more, 2); + return CKR_OK; +} + +static void +test_build_populate (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_ATTRIBUTE after[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "vigorous", 8 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *check; + p11_index *index; + CK_RV rv; + + index = p11_index_new (on_build_populate, NULL, NULL, NULL, "blah"); + assert_ptr_not_null (index); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + check = p11_index_lookup (index, handle); + assert_ptr_not_null (check); + + test_check_attrs (after, check); + + rv = p11_index_set (index, handle, original, 2); + assert (rv == CKR_OK); + + check = p11_index_lookup (index, handle); + assert_ptr_not_null (check); + + test_check_attrs (after, check); + + p11_index_free (index); +} + +static CK_RV +on_build_fail (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **populate) +{ + CK_ATTRIBUTE check[] = { + { CKA_LABEL, "nay", 3 }, + { CKA_INVALID } + }; + + assert_str_eq (data, "testo"); + assert_ptr_not_null (merge); + + if (p11_attrs_match (merge, check)) + return CKR_DEVICE_ERROR; + + return CKR_OK; +} + + +static void +test_build_fail (void) +{ + CK_ATTRIBUTE okay[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE fails[] = { + { CKA_LABEL, "nay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (on_build_fail, NULL, NULL, NULL, "testo"); + assert_ptr_not_null (index); + + rv = p11_index_add (index, okay, 2, &handle); + assert (rv == CKR_OK); + + rv = p11_index_add (index, fails, 2, NULL); + assert (rv == CKR_DEVICE_ERROR); + + rv = p11_index_set (index, handle, fails, 2); + assert (rv == CKR_DEVICE_ERROR); + + rv = p11_index_set (index, handle, okay, 2); + assert (rv == CKR_OK); + + p11_index_free (index); +} + +static int on_change_called = 0; +static bool on_change_removing = false; +static bool on_change_batching = false; + +static void +on_change_check (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE check[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + assert_str_eq (data, "change-check"); + assert_ptr_not_null (index); + assert_ptr_not_null (attrs); + + if (!on_change_batching) { + if (on_change_removing) + assert_num_eq (0, handle); + else + assert (handle != 0); + } + + test_check_attrs (check, attrs); + on_change_called++; +} + +static void +test_change_called (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); + assert_ptr_not_null (index); + + on_change_removing = false; + on_change_called = 0; + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (1, on_change_called); + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (2, on_change_called); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + assert_num_eq (3, on_change_called); + + on_change_removing = true; + + rv = p11_index_remove (index, handle); + assert (rv == CKR_OK); + + assert_num_eq (4, on_change_called); + + p11_index_free (index); +} + +static void +test_change_batch (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check"); + assert_ptr_not_null (index); + + on_change_batching = true; + on_change_called = 0; + + p11_index_load (index); + + assert (p11_index_loading (index)); + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + /* Nested batch is a noop */ + p11_index_load (index); + + rv = p11_index_remove (index, handle); + assert (rv == CKR_OK); + + assert_num_eq (0, on_change_called); + + /* + * Batch finishes when first finish call is called, + * even when batches are nested + */ + p11_index_finish (index); + + assert (!p11_index_loading (index)); + + /* + * Only three calls, because later operations on the + * same handle override the earlier one. + */ + assert_num_eq (3, on_change_called); + + /* This is a noop */ + p11_index_finish (index); + + assert (!p11_index_loading (index)); + + p11_index_free (index); +} + +static void +on_change_nested (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + CK_RV rv; + + CK_ATTRIBUTE second[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + assert_str_eq (data, "change-nested"); + on_change_called++; + + /* A nested call */ + rv = p11_index_add (index, second, 2, NULL); + assert (rv == CKR_OK); +} + +static void +test_change_nested (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, NULL, on_change_nested, "change-nested"); + assert_ptr_not_null (index); + + on_change_called = 0; + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + assert_num_eq (1, on_change_called); + + + on_change_called = 0; + p11_index_load (index); + rv = p11_index_add (index, original, 2, NULL); + assert (rv == CKR_OK); + p11_index_finish (index); + assert_num_eq (1, on_change_called); + + p11_index_free (index); +} + +static CK_RV +on_remove_callback (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + int *removed = data; + assert_ptr_not_null (removed); + assert_num_eq (*removed, 0); + *removed = 1; + return CKR_OK; +} + +static void +test_remove_callback (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + int removed = 0; + CK_RV rv; + + index = p11_index_new (NULL, NULL, on_remove_callback, NULL, &removed); + assert_ptr_not_null (index); + + rv = p11_index_add (index, original, 2, &handle); + assert_num_eq (rv, CKR_OK); + + assert_ptr_not_null (p11_index_lookup (index, handle)); + + rv = p11_index_remove (index, handle); + assert_num_eq (rv, CKR_OK); + + assert_num_eq (removed, 1); + assert_ptr_eq (p11_index_lookup (index, handle), NULL); + + p11_index_free (index); +} + +static CK_RV +on_remove_fail (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + assert_str_eq (data, "remove-fail"); + return CKR_DEVICE_REMOVED; +} + +static void +test_remove_fail (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + + }; + + CK_OBJECT_HANDLE handle; + p11_index *index; + CK_RV rv; + + index = p11_index_new (NULL, NULL, on_remove_fail, NULL, "remove-fail"); + assert_ptr_not_null (index); + + rv = p11_index_add (index, original, 2, &handle); + assert (rv == CKR_OK); + + assert_ptr_not_null (p11_index_lookup (index, handle)); + + rv = p11_index_remove (index, handle); + assert_num_eq (rv, CKR_DEVICE_REMOVED); + + assert_ptr_not_null (p11_index_lookup (index, handle)); + + p11_index_free (index); +} + +int +main (int argc, + char *argv[]) +{ + p11_message_quiet (); + + p11_fixture (setup, teardown); + p11_test (test_add_lookup, "/index/add_lookup"); + p11_test (test_take_lookup, "/index/take_lookup"); + p11_test (test_size, "/index/size"); + p11_test (test_remove, "/index/remove"); + p11_test (test_snapshot, "/index/snapshot"); + p11_test (test_snapshot_base, "/index/snapshot_base"); + p11_test (test_set, "/index/set"); + p11_test (test_update, "/index/update"); + p11_test (test_find, "/index/find"); + p11_test (test_find_all, "/index/find_all"); + p11_test (test_find_realloc, "/index/find_realloc"); + p11_test (test_replace_all, "/index/replace_all"); + + p11_fixture (NULL, NULL); + p11_test (test_build_populate, "/index/build_populate"); + p11_test (test_build_fail, "/index/build_fail"); + p11_test (test_change_called, "/index/change_called"); + p11_test (test_change_batch, "/index/change_batch"); + p11_test (test_change_nested, "/index/change_nested"); + p11_test (test_replace_all_build_fails, "/index/replace-all-build-fails"); + p11_test (test_remove_callback, "/index/remove-callback"); + p11_test (test_remove_fail, "/index/remove-fail"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-init.sh.in b/trust/test-init.sh.in new file mode 100644 index 0000000..384fb25 --- /dev/null +++ b/trust/test-init.sh.in @@ -0,0 +1,106 @@ +#!/bin/sh + +set -euf + +# ----------------------------------------------------------------------------- +# Basic fundamentals + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +datarootdir=@datarootdir@ +datadir=@datadir@ +sysconfdir=@sysconfdir@ +libdir=@libdir@ +libexecdir=@libexecdir@ +privatedir=@privatedir@ +with_trust_paths=@with_trust_paths@ +script=$(basename $0) + +# ----------------------------------------------------------------------------- +# Testing + +warning() +{ + echo "$script: $@" >&2 +} + +assert_fail() +{ + warning $@ + exit 1 +} + +assert_contains() +{ + if ! grep -qF $2 $1; then + assert_fail "$1 does not contain $2" + fi +} + +assert_not_contains() +{ + if grep -qF $2 $1; then + assert_fail "$1 contains $2" + fi +} + +teardown() +{ + : +} + +teardown_dirty() +{ + echo "not ok $TEST_NUMBER $TEST_NAME" + teardown +} + +skip() +{ + TEST_SKIP=yes + echo "ok $TEST_NUMBER # skip $TEST_NAME: $@" +} + +setup() +{ + : +} + +run() +{ + TOTAL=0 + for TEST_NAME in $@; do + TOTAL=$(expr $TOTAL + 1) + done + + echo "1..$TOTAL" + + TEST_NUMBER=0 + for TEST_NAME in $@; do + TEST_NUMBER=$(expr $TEST_NUMBER + 1) + ( + trap teardown_dirty EXIT + trap "teardown_dirty; exit 127" INT TERM + TD="" + + PATH="$exec_prefix/bin:$PATH" + export PATH + + PKG_CONFIG_PATH="$libdir/pkgconfig:$datadir/pkgconfig" + export PKG_CONFIG_PATH + + TEST_SKIP=no + setup + + if [ $TEST_SKIP != "yes" ]; then + $TEST_NAME + fi + if [ $TEST_SKIP != "yes" ]; then + echo "ok $TEST_NUMBER $TEST_NAME" + fi + + trap - EXIT + teardown + ) + done +} diff --git a/trust/test-jks.c b/trust/test-jks.c new file mode 100644 index 0000000..886a4c5 --- /dev/null +++ b/trust/test-jks.c @@ -0,0 +1,271 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2019, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Authors: Stef Walter + * Laszlo Ersek + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" /* test_cacert3_ca_der */ + +#include "attrs.h" /* p11_attrs_build() */ +#include "extract.h" /* p11_extract_edk2_cacerts() */ +#include "mock.h" /* mock_module_reset() */ +#include "pkcs11.h" /* CK_FUNCTION_LIST */ +#include "pkcs11x.h" /* CKO_X_CERTIFICATE_EXTENSION */ +#include "oid.h" /* P11_OID_EXTENDED_KEY_USAGE */ +#include "parser.h" +#include "test.h" /* p11_test() */ + +#include /* va_list */ +#include /* asprintf() */ +#include /* free() */ +#include /* memcpy() */ + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + p11_test_directory_delete (test.directory); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + p11_kit_iter_free (test.ex.iter); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; +static CK_BBOOL vtrue = CK_TRUE; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE verisign_v1_attrs[] = { + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_reject_email[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) +{ + static CK_ULONG id_value = 8888; + + CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; + CK_ATTRIBUTE *copy; + va_list va; + + va_start (va, attrs); + while (attrs != NULL) { + copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); + assert (copy != NULL); + mock_module_take_object (MOCK_SLOT_ONE_ID, copy); + attrs = va_arg (va, const CK_ATTRIBUTE *); + } + va_end (va); + + id_value++; +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + setup_objects (verisign_v1_attrs, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.jks") < 0) + assert_not_reached (); + + ret = p11_extract_jks_cacerts (&test.ex, destination); + assert_num_eq (true, ret); + free (destination); + + test_check_file (test.directory, "extract.jks", SRCDIR "/trust/fixtures/multiple.jks"); +} + +static void +test_file_duplicated (void) +{ + char *destination; + p11_parser *parser; + p11_array *parsed; + CK_ATTRIBUTE *duplicated1; + CK_ATTRIBUTE *duplicated2; + bool ret; + + parser = p11_parser_new (NULL); + assert_ptr_not_null (parser); + + parsed = p11_parser_parsed (parser); + assert_ptr_not_null (parsed); + + p11_parser_formats (parser, p11_parser_format_x509, NULL); + + ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/duplicated1.der", NULL, + P11_PARSE_FLAG_NONE); + + assert_num_eq (1, parsed->num); + duplicated1 = parsed->elem[0]; + parsed->elem[0] = NULL; + + p11_parser_free (parser); + + parser = p11_parser_new (NULL); + assert_ptr_not_null (parser); + + parsed = p11_parser_parsed (parser); + assert_ptr_not_null (parsed); + + p11_parser_formats (parser, p11_parser_format_x509, NULL); + + ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/duplicated2.der", NULL, + P11_PARSE_FLAG_NONE); + + assert_num_eq (1, parsed->num); + duplicated2 = parsed->elem[0]; + parsed->elem[0] = NULL; + + p11_parser_free (parser); + + setup_objects (duplicated1, NULL); + p11_attrs_free (duplicated1); + setup_objects (duplicated2, NULL); + p11_attrs_free (duplicated2); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.jks") < 0) + assert_not_reached (); + + ret = p11_extract_jks_cacerts (&test.ex, destination); + assert_num_eq (true, ret); + free (destination); + + test_check_file (test.directory, "extract.jks", SRCDIR "/trust/fixtures/duplicated.jks"); +} + +extern time_t _p11_extract_jks_timestamp; + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + _p11_extract_jks_timestamp = 1514761200; + + p11_fixture (setup, teardown); + p11_test (test_file_multiple, "/jks/test_file_multiple"); + p11_test (test_file_duplicated, "/jks/test_file_duplicated"); + + return p11_test_run (argc, argv); +} + +#include "enumerate.c" /* p11_enumerate_init() */ +#include "extract-jks.c" /* p11_extract_jks_cacerts() */ diff --git a/trust/test-module.c b/trust/test-module.c new file mode 100644 index 0000000..227b483 --- /dev/null +++ b/trust/test-module.c @@ -0,0 +1,1409 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define CRYPTOKI_EXPORTS + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "attrs.h" +#include "digest.h" +#include "library.h" +#include "path.h" +#include "parser.h" +#include "pkcs11x.h" +#include "token.h" + +#include + +/* + * This is the number of input paths. Should match the + * paths below near : + * + * paths='%s' + */ +#define NUM_SLOTS 3 + +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL vtrue = CK_TRUE; +static CK_BBOOL vfalse = CK_FALSE; + +struct { + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[NUM_SLOTS]; + char *directory; + p11_asn1_cache *cache; + p11_parser *parser; + char *unreadable; +} test; + +static void +setup (void *unused) +{ + CK_C_INITIALIZE_ARGS args; + const char *paths; + char *arguments; + CK_ULONG count; + CK_RV rv; + + memset (&test, 0, sizeof (test)); + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&test.module); + assert (rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + paths = SRCDIR "/trust/input" P11_PATH_SEP \ + SRCDIR "/trust/fixtures/self-signed-with-ku.der" P11_PATH_SEP \ + SRCDIR "/trust/fixtures/thawte.pem"; + if (asprintf (&arguments, "paths='%s'", paths) < 0) + assert (false && "not reached"); + args.pReserved = arguments; + args.flags = CKF_OS_LOCKING_OK; + + rv = test.module->C_Initialize (&args); + assert (rv == CKR_OK); + + free (arguments); + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (test.parser) + p11_parser_free (test.parser); + p11_asn1_cache_free (test.cache); + + rv = test.module->C_Finalize (NULL); + assert (rv == CKR_OK); + + if (test.unreadable) + chmod (test.unreadable, 0644); + free (test.unreadable); + + if (test.directory) + p11_test_directory_delete (test.directory); + free (test.directory); + + memset (&test, 0, sizeof (test)); +} + +static void +setup_writable (void *unused) +{ + CK_C_INITIALIZE_ARGS args; + char *arguments; + CK_ULONG count; + CK_RV rv; + + memset (&test, 0, sizeof (test)); + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&test.module); + assert (rv == CKR_OK); + + test.directory = p11_test_directory ("test-module"); + + memset (&args, 0, sizeof (args)); + if (asprintf (&arguments, "paths='%s'", test.directory) < 0) + assert (false && "not reached"); + args.pReserved = arguments; + args.flags = CKF_OS_LOCKING_OK; + + rv = test.module->C_Initialize (&args); + assert (rv == CKR_OK); + + free (arguments); + + count = 1; + rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (count, 1); + + test.cache = p11_asn1_cache_new (); + test.parser = p11_parser_new (test.cache); + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); +} + +/* This is similar to setup(), but it adds an unreadable content in + * the anchor directory. */ +static void +setup_unreadable (void *unused) +{ + CK_C_INITIALIZE_ARGS args; + const char *paths; + char *p, *anchors; + FILE *f, *ff; + char buffer[4096]; + char *arguments; + CK_ULONG count; + CK_RV rv; + + memset (&test, 0, sizeof (test)); + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&test.module); + assert (rv == CKR_OK); + + test.directory = p11_test_directory ("test-module"); + anchors = p11_path_build (test.directory, "anchors", NULL); +#ifdef OS_UNIX + if (mkdir (anchors, S_IRWXU) < 0) +#else + if (mkdir (anchors) < 0) +#endif + assert_fail ("mkdir()", anchors); + + test.unreadable = p11_path_build (anchors, "unreadable", NULL); + f = fopen (test.unreadable, "w"); + fwrite ("foo", 3, 1, f); + fclose (f); + chmod (test.unreadable, 0); + + p = p11_path_build (anchors, "thawte", NULL); + ff = fopen (p, "w"); + f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r"); + while (!feof (f)) { + size_t size; + size = fread (buffer, 1, sizeof (buffer), f); + if (ferror (f)) + assert_fail ("fread()", + SRCDIR "/trust/fixtures/thawte.pem"); + fwrite (buffer, 1, size, ff); + if (ferror (ff)) + assert_fail ("write()", p); + } + free (p); + fclose (ff); + fclose (f); + free (anchors); + + memset (&args, 0, sizeof (args)); + paths = SRCDIR "/trust/input" P11_PATH_SEP \ + SRCDIR "/trust/fixtures/self-signed-with-ku.der"; + if (asprintf (&arguments, "paths='%s%c%s'", + paths, P11_PATH_SEP_C, test.directory) < 0) + assert (false && "not reached"); + args.pReserved = arguments; + args.flags = CKF_OS_LOCKING_OK; + + rv = test.module->C_Initialize (&args); + assert (rv == CKR_OK); + + free (arguments); + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); +} + +static void +test_get_slot_list (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_ULONG count; + CK_RV rv; + int i; + + rv = test.module->C_GetSlotList (TRUE, NULL, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + count = 1; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_BUFFER_TOO_SMALL, rv); + assert_num_eq (NUM_SLOTS, count); + + count = NUM_SLOTS; + memset (slots, 0, sizeof (slots)); + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + for (i = 0; i < NUM_SLOTS; i++) + assert (slots[i] != 0); +} + +static void +test_null_initialize (void) +{ + CK_FUNCTION_LIST *module; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Initialize (NULL); + assert_num_eq (rv, CKR_OK); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static void +test_multi_initialize (void) +{ + static CK_C_INITIALIZE_ARGS args = + { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; + CK_FUNCTION_LIST *module; + CK_SESSION_HANDLE session; + CK_SLOT_ID slots[8]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert_num_eq (rv, CKR_OK); + + args.pReserved = "paths='" SYSCONFDIR "/trust/input'"; + rv = module->C_Initialize (&args); + assert_num_eq (rv, CKR_OK); + + count = 8; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert_num_eq (rv, CKR_OK); + assert_num_cmp (count, ==, 1); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); + + rv = module->C_Initialize (&args); + assert_num_eq (rv, CKR_OK); + + rv = module->C_GetSessionInfo (session, &info); + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.slotID, slots[0]); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv); +} + +static void +test_get_slot_info (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_SLOT_INFO info; + char description[64]; + CK_ULONG count; + size_t length; + CK_RV rv; + int i; + + /* These are the paths passed in in setup() */ + const char *paths[] = { + SRCDIR "/trust/input", + SRCDIR "/trust/fixtures/self-signed-with-ku.der", + SRCDIR "/trust/fixtures/thawte.pem" + }; + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_GetSlotInfo (slots[i], &info); + assert_num_eq (CKR_OK, rv); + + memset (description, ' ', sizeof (description)); + length = strlen(paths[i]); + if (length > sizeof (description)) + length = sizeof (description); + memcpy (description, paths[i], length); + assert (memcmp (info.slotDescription, description, sizeof (description)) == 0); + } +} + +static void +test_get_token_info (void) +{ + CK_C_INITIALIZE_ARGS args; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[NUM_SLOTS]; + CK_TOKEN_INFO info; + char label[32]; + CK_ULONG count; + CK_RV rv; + int i; + + /* These are the paths passed in in setup() */ + const char *labels[] = { + "System Trust", + "Default Trust", + "the-basename", + }; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + args.pReserved = "paths='" \ + P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \ + P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \ + "/some/other/path/the-basename'"; + args.flags = CKF_OS_LOCKING_OK; + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = NUM_SLOTS; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); + + for (i = 0; i < NUM_SLOTS; i++) { + rv = module->C_GetTokenInfo (slots[i], &info); + assert_num_eq (CKR_OK, rv); + + memset (label, ' ', sizeof (label)); + memcpy (label, labels[i], strlen (labels[i])); + assert (memcmp (info.label, label, sizeof (label)) == 0); + } + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static void +test_get_session_info (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_SESSION_HANDLE sessions[NUM_SLOTS]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + int i; + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + /* Open two sessions with each token */ + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetSessionInfo (sessions[i], &info); + assert_num_eq (CKR_OK, rv); + + assert_num_eq (slots[i], info.slotID); + assert_num_eq (CKF_SERIAL_SESSION, info.flags); + } +} + +static void +test_close_all_sessions (void) +{ + CK_SLOT_ID slots[NUM_SLOTS]; + CK_SESSION_HANDLE sessions[NUM_SLOTS][2]; + CK_SESSION_INFO info; + CK_ULONG count; + CK_RV rv; + int i; + + count = NUM_SLOTS; + rv = test.module->C_GetSlotList (TRUE, slots, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (NUM_SLOTS, count); + + /* Open two sessions with each token */ + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + } + + /* Close all the sessions on the first token */ + rv = test.module->C_CloseAllSessions (slots[0]); + assert_num_eq (CKR_OK, rv); + + /* Those sessions should be closed */ + rv = test.module->C_GetSessionInfo (sessions[0][0], &info); + assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); + rv = test.module->C_GetSessionInfo (sessions[0][1], &info); + assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv); + + /* Other sessions should still be open */ + for (i = 1; i < NUM_SLOTS; i++) { + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_GetSessionInfo (sessions[i][0], &info); + assert_num_eq (CKR_OK, rv); + } +} + +static CK_ULONG +find_objects (CK_ATTRIBUTE *match, + CK_OBJECT_HANDLE *sessions, + CK_OBJECT_HANDLE *objects, + CK_ULONG max_objects) +{ + CK_SESSION_HANDLE session; + CK_RV rv; + CK_ULONG found; + CK_ULONG count; + int i, j; + + found = 0; + for (i = 0; i < NUM_SLOTS; i++) { + rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match)); + assert (rv == CKR_OK); + rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count); + assert (rv == CKR_OK); + rv = test.module->C_FindObjectsFinal (session); + assert (rv == CKR_OK); + + for (j = found ; j < found + count; j++) + sessions[j] = session; + found += count; + } + + assert (found < max_objects); + return found; +} + +static void +check_trust_object_equiv (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE trust, + CK_ATTRIBUTE *cert) +{ + unsigned char subject[1024]; + unsigned char issuer[1024]; + unsigned char serial[128]; + CK_BBOOL private; + CK_BBOOL token; + CK_RV rv; + + /* The following attributes should be equivalent to the certificate */ + CK_ATTRIBUTE equiv[] = { + { CKA_TOKEN, &token, sizeof (token) }, + { CKA_PRIVATE, &private, sizeof (private) }, + { CKA_ISSUER, issuer, sizeof (issuer) }, + { CKA_SUBJECT, subject, sizeof (subject) }, + { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, + { CKA_INVALID, }, + }; + + rv = test.module->C_GetAttributeValue (session, trust, equiv, 5); + assert_num_eq (CKR_OK, rv); + + test_check_attrs (equiv, cert); +} + +static void +check_trust_object_hashes (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE trust, + CK_ATTRIBUTE *cert) +{ + unsigned char sha1[P11_DIGEST_SHA1_LEN]; + unsigned char md5[P11_DIGEST_MD5_LEN]; + unsigned char check[128]; + CK_ATTRIBUTE *value; + CK_RV rv; + + CK_ATTRIBUTE hashes[] = { + { CKA_CERT_SHA1_HASH, sha1, sizeof (sha1) }, + { CKA_CERT_MD5_HASH, md5, sizeof (md5) }, + { CKA_INVALID, }, + }; + + rv = test.module->C_GetAttributeValue (session, trust, hashes, 2); + assert (rv == CKR_OK); + + value = p11_attrs_find_valid (cert, CKA_VALUE); + assert_ptr_not_null (value); + + p11_digest_md5 (check, value->pValue, value->ulValueLen, NULL); + assert (memcmp (md5, check, sizeof (md5)) == 0); + + p11_digest_sha1 (check, value->pValue, value->ulValueLen, NULL); + assert (memcmp (sha1, check, sizeof (sha1)) == 0); +} + +static void +check_has_trust_object (CK_ATTRIBUTE *cert) +{ + CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST; + CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) }; + CK_OBJECT_HANDLE objects[2]; + CK_SESSION_HANDLE sessions[2]; + CK_ATTRIBUTE *match; + CK_ATTRIBUTE *attr; + CK_ULONG count; + + attr = p11_attrs_find_valid (cert, CKA_ID); + assert_ptr_not_null (attr); + + match = p11_attrs_build (NULL, &klass, attr, NULL); + count = find_objects (match, sessions, objects, 2); + assert_num_eq (1, count); + + check_trust_object_equiv (sessions[0], objects[0], cert); + check_trust_object_hashes (sessions[0], objects[0], cert); + + p11_attrs_free (match); +} + +static void +check_certificate (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE handle) +{ + unsigned char label[4096]= { 0, }; + CK_OBJECT_CLASS klass; + unsigned char value[4096]; + unsigned char subject[1024]; + unsigned char issuer[1024]; + unsigned char serial[128]; + unsigned char id[128]; + CK_CERTIFICATE_TYPE type; + CK_BYTE check[3]; + CK_DATE start; + CK_DATE end; + CK_ULONG category; + CK_BBOOL private; + CK_BBOOL token; + CK_RV rv; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_TOKEN, &token, sizeof (token) }, + { CKA_PRIVATE, &private, sizeof (private) }, + { CKA_VALUE, value, sizeof (value) }, + { CKA_ISSUER, issuer, sizeof (issuer) }, + { CKA_SUBJECT, subject, sizeof (subject) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_START_DATE, &start, sizeof (start) }, + { CKA_END_DATE, &end, sizeof (end) }, + { CKA_SERIAL_NUMBER, serial, sizeof (serial) }, + { CKA_CHECK_VALUE, check, sizeof (check) }, + { CKA_ID, id, sizeof (id) }, + { CKA_LABEL, label, sizeof (label) }, + { CKA_INVALID, }, + }; + + /* Note that we don't pass the CKA_INVALID attribute in */ + rv = test.module->C_GetAttributeValue (session, handle, attrs, 14); + assert_num_eq (rv, CKR_OK); + + /* If this is the cacert3 certificate, check its values */ + if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) { + CK_BBOOL trusted; + CK_BBOOL vtrue = CK_TRUE; + + CK_ATTRIBUTE anchor[] = { + { CKA_TRUSTED, &trusted, sizeof (trusted) }, + { CKA_INVALID, }, + }; + + CK_ATTRIBUTE check[] = { + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID, }, + }; + + test_check_cacert3_ca (attrs, NULL); + + /* Get anchor specific attributes */ + rv = test.module->C_GetAttributeValue (session, handle, anchor, 1); + assert (rv == CKR_OK); + + /* It lives in the trusted directory */ + test_check_attrs (check, anchor); + + /* Other certificates, we can't check the values */ + } else { + test_check_object (attrs, CKO_CERTIFICATE, NULL); + } + + check_has_trust_object (attrs); +} + +static void +test_find_certificates (void) +{ + CK_OBJECT_CLASS klass = CKO_CERTIFICATE; + + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE objects[16]; + CK_SESSION_HANDLE sessions[16]; + CK_ULONG count; + CK_ULONG i; + + count = find_objects (match, sessions, objects, 16); + assert_num_eq (9, count); + + for (i = 0; i < count; i++) + check_certificate (sessions[i], objects[i]); +} + +static void +test_find_extensions (void) +{ + CK_OBJECT_CLASS klass = CKO_X_CERTIFICATE_EXTENSION; + unsigned char spki[] = { + 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, + 0x89, 0x02, 0x81, 0x81, 0x00, 0xd1, 0xb5, 0x36, + 0xa3, 0x89, 0xee, 0xaa, 0x80, 0x2f, 0x53, 0xfd, + 0x12, 0x75, 0x3e, 0xf3, 0x7a, 0x9e, 0xd6, 0xaf, + 0xfa, 0xbc, 0x1c, 0x60, 0x10, 0x4b, 0x26, 0x81, + 0x13, 0x1a, 0x59, 0xe3, 0xfe, 0x45, 0x6c, 0x38, + 0x04, 0x39, 0x27, 0x46, 0x57, 0xfd, 0xd5, 0xbc, + 0x8d, 0x8a, 0x10, 0xb6, 0x3b, 0xd4, 0x0a, 0x81, + 0x5a, 0x45, 0x2f, 0xec, 0x3e, 0x81, 0xf0, 0xd9, + 0x4e, 0x4f, 0x97, 0xdf, 0x4b, 0x32, 0x0f, 0x08, + 0xb1, 0x26, 0xa2, 0xbd, 0x69, 0x61, 0x5d, 0x66, + 0x39, 0x63, 0x2f, 0x10, 0x70, 0x35, 0xfb, 0x07, + 0x85, 0x0a, 0xff, 0x57, 0x12, 0xc1, 0xf4, 0x83, + 0x1d, 0xf9, 0xc6, 0xd3, 0xa4, 0xb6, 0x70, 0x2b, + 0x80, 0xa1, 0x40, 0x7f, 0x48, 0x4e, 0xd9, 0xad, + 0xeb, 0x80, 0xcc, 0xcf, 0x92, 0xc1, 0xd1, 0x83, + 0x64, 0x01, 0x23, 0x47, 0x8e, 0xbd, 0x31, 0x98, + 0x05, 0x6b, 0x6b, 0x7c, 0x37, 0x02, 0x03, 0x01, + 0x00, 0x01 + }; + + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_PUBLIC_KEY_INFO, spki, sizeof (spki) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE objects[16]; + CK_SESSION_HANDLE sessions[16]; + CK_ULONG count; + + count = find_objects (match, sessions, objects, 16); + assert_num_eq (1, count); +} + +static void +test_find_builtin (void) +{ + CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST; + + CK_ATTRIBUTE match[] = { + { CKA_CLASS, &klass, sizeof (klass) }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, + { CKA_INVALID, } + }; + + CK_OBJECT_HANDLE objects[16]; + CK_SESSION_HANDLE sessions[16]; + CK_ULONG count; + + /* One per token */ + count = find_objects (match, sessions, objects, 16); + assert_num_eq (NUM_SLOTS, count); +} + +static void +test_session_object (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_ULONG size; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert (rv == CKR_OK); + + rv = test.module->C_GetObjectSize (session, handle, &size); + assert (rv == CKR_OK); +} + +static void +test_session_find (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_FindObjectsInit (session, original, 2); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); + + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_session_find_no_attr (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_COLOR, "blah", 4 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, original, 3, &handle); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_FindObjectsInit (session, match, 1); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_lookup_invalid (void) +{ + CK_SESSION_HANDLE session; + CK_ULONG size; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_GetObjectSize (session, 88888, &size); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_remove_token (void) +{ + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjectsInit (session, NULL, 0); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjects (session, &handle, 1, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (1, count); + + rv = test.module->C_DestroyObject (session, handle); + if (rv != CKR_TOKEN_WRITE_PROTECTED) + assert_num_eq (rv, CKR_SESSION_READ_ONLY); +} + +static void +test_setattr_token (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjectsInit (session, NULL, 0); + assert_num_eq (rv, CKR_OK); + + rv = test.module->C_FindObjects (session, &handle, 1, &count); + assert_num_eq (rv, CKR_OK); + assert_num_eq (1, count); + + rv = test.module->C_SetAttributeValue (session, handle, original, 2); + if (rv != CKR_TOKEN_WRITE_PROTECTED) + assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY); +} + +static void +test_session_copy (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE copy; + CK_ULONG size; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CopyObject (session, handle, original, 2, ©); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_GetObjectSize (session, copy, &size); + assert_num_eq (CKR_OK, rv); +} + +static void +test_session_setattr (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert (rv == CKR_OK); + + rv = test.module->C_SetAttributeValue (session, handle, original, 2); + assert (rv == CKR_OK); +} + +static void +test_session_remove (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + rv = test.module->C_CreateObject (session, original, 2, &handle); + assert (rv == CKR_OK); + + rv = test.module->C_DestroyObject (session, handle); + assert (rv == CKR_OK); + + rv = test.module->C_DestroyObject (session, handle); + assert (rv == CKR_OBJECT_HANDLE_INVALID); +} + +static void +test_find_serial_der_decoded (void) +{ + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + + CK_ATTRIBUTE object[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match_decoded[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_SERIAL_NUMBER, "\x01\x02\x03", 3 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + /* + * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are + * not DER encoded. It shouldn't be doing this. We never return any certificate + * serial numbers that are not DER encoded. + * + * So work around the issue here while the NSS guys fix this issue. + * This code should be removed in future versions. + * + * See work_around_broken_nss_serial_number_lookups(). + */ + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, object, 2, &handle); + assert_num_eq (CKR_OK, rv); + + /* Do a standard find for the same object */ + rv = test.module->C_FindObjectsInit (session, object, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); + + /* Do a find for the serial number decoded */ + rv = test.module->C_FindObjectsInit (session, match_decoded, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (1, count); + assert_num_eq (handle, check); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_find_serial_der_mismatch (void) +{ + CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; + + CK_ATTRIBUTE object[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE match[] = { + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE check; + CK_ULONG count; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert_num_eq (CKR_OK, rv); + + rv = test.module->C_CreateObject (session, object, 2, &handle); + assert_num_eq (CKR_OK, rv); + + /* Do a find with a null serial number, no match */ + rv = test.module->C_FindObjectsInit (session, match, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); + + /* Do a find with a wrong length, no match */ + match[0].pValue = "at"; + match[0].ulValueLen = 2; + rv = test.module->C_FindObjectsInit (session, match, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); + + /* Do a find with a right length, wrong value, no match */ + match[0].pValue = "one"; + match[0].ulValueLen = 3; + rv = test.module->C_FindObjectsInit (session, match, 2); + assert_num_eq (CKR_OK, rv); + rv = test.module->C_FindObjects (session, &check, 1, &count); + assert_num_eq (CKR_OK, rv); + assert_num_eq (0, count); + rv = test.module->C_FindObjectsFinal (session); + assert_num_eq (CKR_OK, rv); +} + +static void +test_login_logout (void) +{ + CK_SESSION_HANDLE session; + CK_RV rv; + + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session); + assert (rv == CKR_OK); + + /* Just testing our stubs for now */ + + rv = test.module->C_Login (session, CKU_USER, NULL, 0); + assert (rv == CKR_USER_TYPE_INVALID); + + rv = test.module->C_Logout (session); + assert (rv == CKR_USER_NOT_LOGGED_IN); +} + +static void +test_token_writable (void) +{ + CK_TOKEN_INFO info; + CK_RV rv; + + rv = test.module->C_GetTokenInfo (test.slots[0], &info); + + assert_num_eq (rv, CKR_OK); + assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0); +} + +static void +test_session_read_only_create (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + CK_RV rv; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, + NULL, NULL, &session); + assert (rv == CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 4, &handle); + assert_num_eq (rv, CKR_SESSION_READ_ONLY); +} + +static void +test_create_and_write (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "yay.p11-kit", NULL); + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_modify_and_write (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_VALUE, "eight", 5 }, + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_MODIFIABLE, &vtrue, sizeof (vtrue) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "yay", 3 }, + { CKA_VALUE, "nine", 4 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_SESSION_HANDLE session; + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + /* Read-only session */ + rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, + NULL, NULL, &session); + assert_num_eq (rv, CKR_OK); + + /* Create a token object */ + rv = test.module->C_CreateObject (session, original, 5, &handle); + assert_num_eq (rv, CKR_OK); + + /* Now modify the object */ + original[0].pValue = "nine"; + original[0].ulValueLen = 4; + + rv = test.module->C_SetAttributeValue (session, handle, original, 5); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "yay.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_token_write_protected (void) +{ + CK_C_INITIALIZE_ARGS args; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[NUM_SLOTS]; + CK_TOKEN_INFO info; + char label[32]; + CK_ULONG count; + CK_RV rv; + int i; + + /* These are the paths passed in in setup() */ + const char *labels[] = { + "System Trust", + "Default Trust", + "the-basename", + }; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + args.pReserved = "paths='" \ + P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \ + P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \ + "/some/other/path/the-basename'"; + args.flags = CKF_OS_LOCKING_OK; + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = NUM_SLOTS; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); + + for (i = 0; i < NUM_SLOTS; i++) { + rv = module->C_GetTokenInfo (slots[i], &info); + assert_num_eq (CKR_OK, rv); + + memset (label, ' ', sizeof (label)); + memcpy (label, labels[i], strlen (labels[i])); + assert (memcmp (info.label, label, sizeof (label)) == 0); + + switch (i) { + case 0: + assert_num_cmp (0, ==, info.flags & CKF_WRITE_PROTECTED); + break; + case 1: + assert_num_cmp (0, !=, info.flags & CKF_WRITE_PROTECTED); + break; + default: + break; + } + } + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +int +main (int argc, + char *argv[]) +{ + p11_library_init (); + + p11_fixture (setup, teardown); + p11_test (test_get_slot_list, "/module/get_slot_list"); + p11_test (test_get_slot_info, "/module/get_slot_info"); + + p11_fixture (NULL, NULL); + p11_test (test_null_initialize, "/module/initialize-null"); + p11_test (test_multi_initialize, "/module/initialize-multi"); + p11_test (test_get_token_info, "/module/get_token_info"); + + p11_fixture (setup, teardown); + p11_test (test_get_session_info, "/module/get_session_info"); + p11_test (test_close_all_sessions, "/module/close_all_sessions"); + p11_test (test_find_certificates, "/module/find_certificates"); + p11_test (test_find_extensions, "/module/find_extensions"); + p11_test (test_find_builtin, "/module/find_builtin"); + p11_test (test_lookup_invalid, "/module/lookup_invalid"); + p11_test (test_remove_token, "/module/remove_token"); + p11_test (test_setattr_token, "/module/setattr_token"); + p11_test (test_session_object, "/module/session_object"); + p11_test (test_session_find, "/module/session_find"); + p11_test (test_session_find_no_attr, "/module/session_find_no_attr"); + p11_test (test_session_copy, "/module/session_copy"); + p11_test (test_session_remove, "/module/session_remove"); + p11_test (test_session_setattr, "/module/session_setattr"); + p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded"); + p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch"); + p11_test (test_login_logout, "/module/login_logout"); + + p11_fixture (setup_writable, teardown); + p11_test (test_token_writable, "/module/token-writable"); + p11_test (test_session_read_only_create, "/module/session-read-only-create"); + p11_test (test_create_and_write, "/module/create-and-write"); + p11_test (test_modify_and_write, "/module/modify-and-write"); + + p11_fixture (NULL, NULL); + p11_test (test_token_write_protected, "/module/token-write-protected"); + + p11_fixture (setup_unreadable, teardown); + p11_test (test_find_certificates, "/module/unreadable"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-oid.c b/trust/test-oid.c new file mode 100644 index 0000000..0635d0a --- /dev/null +++ b/trust/test-oid.c @@ -0,0 +1,127 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "debug.h" +#include "oid.h" + +#include + +#include "pkix.asn.h" + +static void +test_known_oids (void) +{ + char buffer[128]; + node_asn *definitions = NULL; + node_asn *node; + int ret; + int len; + int i; + + struct { + const unsigned char *oid; + size_t length; + const char *string; + } known_oids[] = { + { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), P11_OID_SUBJECT_KEY_IDENTIFIER_STR, }, + { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), P11_OID_KEY_USAGE_STR, }, + { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), P11_OID_BASIC_CONSTRAINTS_STR }, + { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), P11_OID_EXTENDED_KEY_USAGE_STR }, + { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), P11_OID_OPENSSL_REJECT_STR }, + { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR }, + { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR }, + { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR }, + { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR }, + { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR }, + { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR }, + { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR }, + { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR }, + { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR }, + { NULL }, + }; + + ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL); + assert (ret == ASN1_SUCCESS); + + for (i = 0; known_oids[i].oid != NULL; i++) { + + assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length)); + assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid)); + assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); + + if (i > 0) + assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); + + /* AttributeType is a OBJECT IDENTIFIER */ + ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node); + assert (ret == ASN1_SUCCESS); + + ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL); + assert (ret == ASN1_SUCCESS); + + len = sizeof (buffer); + ret = asn1_read_value (node, "", buffer, &len); + assert (ret == ASN1_SUCCESS); + + assert_str_eq (known_oids[i].string, buffer); + + asn1_delete_structure (&node); + } + + asn1_delete_structure (&definitions); +} + +static void +test_hash (void) +{ + assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, 0); + assert_num_cmp (p11_oid_hash (P11_OID_CN), ==, p11_oid_hash (P11_OID_CN)); + assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, p11_oid_hash (P11_OID_BASIC_CONSTRAINTS)); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_known_oids, "/oids/known"); + p11_test (test_hash, "/oids/hash"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-openssl.c b/trust/test-openssl.c new file mode 100644 index 0000000..3c20625 --- /dev/null +++ b/trust/test-openssl.c @@ -0,0 +1,666 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#define P11_KIT_DISABLE_DEPRECATED + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "extract.h" +#include "message.h" +#include "mock.h" +#include "path.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "oid.h" +#include "test.h" + +#include +#include +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +struct { + CK_FUNCTION_LIST module; + p11_enumerate ex; + char *directory; +} test; + +static void +setup (void *unused) +{ + CK_RV rv; + + mock_module_reset (); + memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST)); + rv = test.module.C_Initialize (NULL); + assert_num_eq (CKR_OK, rv); + + p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; + + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + CK_RV rv; + + if (rmdir (test.directory) < 0) + assert_not_reached (); + free (test.directory); + + p11_enumerate_cleanup (&test.ex); + p11_kit_iter_free (test.ex.iter); + + rv = test.module.C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + +static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE; +static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION; +static CK_CERTIFICATE_TYPE x509_type = CKC_X_509; +static CK_BBOOL vtrue = CK_TRUE; + +static CK_ATTRIBUTE cacert3_authority_attrs[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE verisign_v1_attrs[] = { + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_LABEL, "Custom Label", 12 }, + { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_eku_server[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE extension_reject_email[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_INVALID }, +}; + +static CK_ATTRIBUTE certificate_filter[] = { + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_INVALID }, +}; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) GNUC_NULL_TERMINATED; + +static void +setup_objects (const CK_ATTRIBUTE *attrs, + ...) +{ + static CK_ULONG id_value = 8888; + + CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) }; + CK_ATTRIBUTE *copy; + va_list va; + + va_start (va, attrs); + while (attrs != NULL) { + copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL); + assert (copy != NULL); + mock_module_take_object (MOCK_SLOT_ONE_ID, copy); + attrs = va_arg (va, const CK_ATTRIBUTE *); + } + va_end (va); + + id_value++; +} + +static void +test_file (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); + + free (destination); +} + +static void +test_plain (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-alias.pem"); + + free (destination); +} + +static void +test_keyid (void) +{ + char *destination; + bool ret; + + static CK_ATTRIBUTE cacert3_plain[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_TRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + static CK_ATTRIBUTE extension_subject_key_identifier[] = { + { CKA_CLASS, &extension_class, sizeof (extension_class) }, + { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 }, + { CKA_INVALID }, + }; + + setup_objects (cacert3_plain, extension_subject_key_identifier, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-keyid.pem"); + + free (destination); +} + +static void +test_not_authority (void) +{ + char *destination; + bool ret; + + static CK_ATTRIBUTE cacert3_not_trusted[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_INVALID }, + }; + + setup_objects (cacert3_not_trusted, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-not-trusted.pem"); + + free (destination); +} + +static void +test_distrust_all (void) +{ + char *destination; + bool ret; + + static CK_ATTRIBUTE cacert3_blacklist[] = { + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CLASS, &certificate_class, sizeof (certificate_class) }, + { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) }, + { CKA_INVALID }, + }; + + setup_objects (cacert3_blacklist, NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", + SRCDIR "/trust/fixtures/cacert3-distrust-all.pem"); + + free (destination); +} + +static void +test_file_multiple (void) +{ + char *destination; + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + setup_objects (verisign_v1_attrs, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/multiple.pem"); + free (destination); +} + +static void +test_file_without (void) +{ + char *destination; + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0) + assert_not_reached (); + + ret = p11_extract_openssl_bundle (&test.ex, destination); + assert_num_eq (true, ret); + + test_check_data (test.directory, "extract.pem", "", 0); + + free (destination); +} + +/* From extract-openssl.c */ +void p11_openssl_canon_string (char *str, size_t *len); + +static void +test_canon_string (void) +{ + struct { + char *input; + int input_len; + char *output; + int output_len; + } fixtures[] = { + { "A test", -1, "a test", -1 }, + { " Strip spaces ", -1, "strip spaces", -1 }, + { " Collapse \n\t spaces", -1, "collapse spaces", -1 }, + { "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 }, + { "no-space", -1, "no-space", -1 }, + }; + + char *str; + size_t len; + size_t out; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + if (fixtures[i].input_len < 0) + len = strlen (fixtures[i].input); + else + len = fixtures[i].input_len; + str = strndup (fixtures[i].input, len); + + p11_openssl_canon_string (str, &len); + + if (fixtures[i].output_len < 0) + out = strlen (fixtures[i].output); + else + out = fixtures[i].output_len; + assert_num_eq (out, len); + assert_str_eq (fixtures[i].output, str); + + free (str); + } +} + +bool p11_openssl_canon_string_der (p11_buffer *der); + +static void +test_canon_string_der (void) +{ + struct { + unsigned char input[100]; + int input_len; + unsigned char output[100]; + int output_len; + } fixtures[] = { + /* UTF8String */ + { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, + { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16, + }, + + /* NumericString */ + { { 0x12, 0x04, '0', '1', '2', '3', }, 6, + { 0x0c, 0x04, '0', '1', '2', '3' }, 6, + }, + + /* IA5String */ + { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, + { 0x0c, 0x02, 'a', 'b', }, 4, + }, + + /* TeletexString */ + { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, + }, + + /* PrintableString */ + { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8, + }, + + /* No change, not a known string type */ + { { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9 + }, + + /* UniversalString */ + { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, + { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10, + }, + + /* BMPString */ + { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, + { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8, + }, + }; + + p11_buffer buf; + bool ret; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), + fixtures[i].input_len, 0, realloc, free); + + ret = p11_openssl_canon_string_der (&buf); + assert_num_eq (true, ret); + + assert_num_eq (fixtures[i].output_len, buf.len); + assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); + + p11_buffer_uninit (&buf); + } +} + +bool p11_openssl_canon_name_der (p11_dict *asn1_defs, + p11_buffer *der); + +static void +test_canon_name_der (void) +{ + struct { + unsigned char input[100]; + int input_len; + unsigned char output[100]; + int output_len; + } fixtures[] = { + { { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, + 0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n', + 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, + 0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', + 'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r', + 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13, + 0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's', + 's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86, + { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a, + 0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n', + 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04, + 0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w', + 'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r', + 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c, + 0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's', + 's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84, + }, + { { '0', 0x00, }, 2, + { }, 0, + }, + }; + + p11_buffer buf; + p11_dict *asn1_defs; + bool ret; + int i; + + asn1_defs = p11_asn1_defs_load (); + + for (i = 0; i < ELEMS (fixtures); i++) { + p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), + fixtures[i].input_len, 0, realloc, free); + + ret = p11_openssl_canon_name_der (asn1_defs, &buf); + assert_num_eq (true, ret); + + assert_num_eq (fixtures[i].output_len, buf.len); + assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0); + + p11_buffer_uninit (&buf); + } + + p11_dict_free (asn1_defs); +} + +static void +test_canon_string_der_fail (void) +{ + struct { + unsigned char input[100]; + int input_len; + } fixtures[] = { + { { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 }, + { { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 }, + { { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 }, + }; + + p11_buffer buf; + bool ret; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len), + fixtures[i].input_len, 0, realloc, free); + + ret = p11_openssl_canon_string_der (&buf); + assert_num_eq (false, ret); + + p11_buffer_uninit (&buf); + } +} + +static void +test_directory (void) +{ + bool ret; + + setup_objects (cacert3_authority_attrs, + extension_eku_server, + extension_reject_email, + NULL); + + /* Accesses the above objects */ + setup_objects (cacert3_authority_attrs, + NULL); + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_openssl_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + +#ifdef OS_UNIX + test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem", + "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0", + NULL)); +#else + test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem", + NULL)); +#endif + test_check_file (test.directory, "Custom_Label.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); + test_check_file (test.directory, "Custom_Label.1.pem", + SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem"); +#ifdef OS_UNIX + test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem"); + test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem"); + test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem"); + test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem"); +#endif +} + +static void +test_directory_empty (void) +{ + bool ret; + + p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1); + p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0); + + /* Yes, this is a race, and why you shouldn't build software as root */ + if (rmdir (test.directory) < 0) + assert_not_reached (); + + ret = p11_extract_openssl_directory (&test.ex, test.directory); + assert_num_eq (true, ret); + + test_check_directory (test.directory, (NULL, NULL)); +} + +int +main (int argc, + char *argv[]) +{ + mock_module_init (); + + p11_fixture (setup, teardown); + p11_test (test_file, "/openssl/test_file"); + p11_test (test_plain, "/openssl/test_plain"); + p11_test (test_keyid, "/openssl/test_keyid"); + p11_test (test_not_authority, "/openssl/test_not_authority"); + p11_test (test_distrust_all, "/openssl/test_distrust_all"); + p11_test (test_file_multiple, "/openssl/test_file_multiple"); + p11_test (test_file_without, "/openssl/test_file_without"); + + p11_fixture (NULL, NULL); + p11_test (test_canon_string, "/openssl/test_canon_string"); + p11_test (test_canon_string_der, "/openssl/test_canon_string_der"); + p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail"); + p11_test (test_canon_name_der, "/openssl/test_canon_name_der"); + + p11_fixture (setup, teardown); + p11_test (test_directory, "/openssl/test_directory"); + p11_test (test_directory_empty, "/openssl/test_directory_empty"); + + return p11_test_run (argc, argv); +} + +#include "enumerate.c" +#include "extract-openssl.c" +#include "save.c" diff --git a/trust/test-parser.c b/trust/test-parser.c new file mode 100644 index 0000000..8b9c240 --- /dev/null +++ b/trust/test-parser.c @@ -0,0 +1,567 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include "array.h" +#include "attrs.h" +#include "builder.h" +#include "debug.h" +#include "message.h" +#include "oid.h" +#include "parser.h" +#include "pkcs11x.h" + +struct { + p11_parser *parser; + p11_array *parsed; + p11_asn1_cache *cache; +} test; + +static void +setup (void *unused) +{ + test.cache = p11_asn1_cache_new (); + test.parser = p11_parser_new (test.cache); + assert_ptr_not_null (test.parser); + + test.parsed = p11_parser_parsed (test.parser); + assert_ptr_not_null (test.parsed); +} + +static void +teardown (void *unused) +{ + p11_parser_free (test.parser); + p11_asn1_cache_free (test.cache); + memset (&test, 0, sizeof (test)); +} + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION; +static CK_BBOOL falsev = CK_FALSE; +static CK_BBOOL truev = CK_TRUE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; + +static CK_ATTRIBUTE certificate_match[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_INVALID, }, +}; + +static CK_ATTRIBUTE * +parsed_attrs (CK_ATTRIBUTE *match, + int length) +{ + int i; + + if (length < 0) + length = p11_attrs_count (match); + for (i = 0; i < test.parsed->num; i++) { + if (p11_attrs_matchn (test.parsed->elem[i], match, length)) + return test.parsed->elem[i]; + } + + return NULL; +} + +static void +test_parse_der_certificate (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_pem_certificate (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.pem", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_p11_kit_persist (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/input/verisign-v1.p11-kit", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_openssl_trusted (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE eku_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE reject_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *expected[] = { + cacert3, + eku_extension, + reject_extension, + NULL + }; + + CK_ATTRIBUTE *cert; + CK_ATTRIBUTE *object; + int ret; + int i; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3-trusted.pem", NULL, + P11_PARSE_FLAG_ANCHOR); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* + * Should have gotten: + * - 1 certificate + * - 2 attached extensions + */ + assert_num_eq (3, test.parsed->num); + + /* The certificate */ + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected[0], cert); + + /* The other objects */ + for (i = 1; expected[i]; i++) { + object = parsed_attrs (expected[i], 2); + assert_ptr_not_null (object); + + test_check_attrs (expected[i], object); + } +} + +static void +test_parse_openssl_distrusted (void) +{ + static const char distrust_public_key[] = { + 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d, + 0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6, + 0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5, + 0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f, + 0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f, + 0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c, + 0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8, + 0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee, + 0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01, + 0x00, 0x01, + }; + + CK_ATTRIBUTE distrust_cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate), }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE eku_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) }, + { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, + { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE reject_extension[] = { + { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), }, + { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) }, + { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) }, + { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *expected[] = { + distrust_cert, + eku_extension, + reject_extension, + NULL + }; + + CK_ATTRIBUTE *cert; + CK_ATTRIBUTE *object; + int ret; + int i; + + /* + * OpenSSL style is to litter the blacklist in with the anchors, + * so we parse this as an anchor, but expect it to be blacklisted + */ + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/distrusted.pem", NULL, + P11_PARSE_FLAG_ANCHOR); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* + * Should have gotten: + * - 1 certificate + * - 2 attached extensions + */ + assert_num_eq (3, test.parsed->num); + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected[0], cert); + + /* The other objects */ + for (i = 1; expected[i]; i++) { + object = parsed_attrs (expected[i], 2); + assert_ptr_not_null (object); + + test_check_attrs (expected[i], object); + } +} + +static void +test_openssl_trusted_no_trust (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + char expected_value[] = { + 0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d, + 0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64, + 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, + 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, + 0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, + 0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20, + 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54, + 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55, + 0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20, + 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e, + 0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b, + 0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f, + 0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4, + 0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a, + 0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea, + 0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b, + 0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53, + 0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc, + 0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39, + 0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84, + 0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27, + 0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17, + 0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d, + 0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3, + 0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8, + 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34, + 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16, + 0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, + 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, + 0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03, + 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, + 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63, + 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, + 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d, + 0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5, + 0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3, + 0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f, + 0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50, + 0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf, + 0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c, + 0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23, + 0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c, + 0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a, + 0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13, + 0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a, + 0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe, + 0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9, + 0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15, + 0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3, + 0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0, + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_VALUE, expected_value, sizeof (expected_value) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/openssl-trust-no-trust.pem", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +static void +test_parse_anchor (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *cert; + int ret; + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, + P11_PARSE_FLAG_ANCHOR); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* + * Should have gotten: + * - 1 certificate + */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (cacert3, cert); +} + +static void +test_parse_thawte (void) +{ + CK_ATTRIBUTE *cert; + int ret; + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/thawte.pem", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, test.parsed->num); + + cert = parsed_attrs (certificate_match, -1); + test_check_attrs (expected, cert); +} + +/* TODO: A certificate that uses generalTime needs testing */ + +static void +test_parse_invalid_file (void) +{ + int ret; + + p11_message_quiet (); + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, "/nonexistent", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_FAILURE, ret); + + p11_message_loud (); +} + +static void +test_parse_unrecognized (void) +{ + int ret; + + p11_message_quiet (); + + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/unrecognized-file.txt", NULL, + P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_UNRECOGNIZED, ret); + + p11_message_loud (); +} + +static void +test_parse_no_asn1_cache (void) +{ + p11_parser *parser; + int ret; + + parser = p11_parser_new (NULL); + assert_ptr_not_null (parser); + + p11_parser_formats (parser, p11_parser_format_x509, NULL); + ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, P11_PARSE_FLAG_NONE); + assert_num_eq (P11_PARSE_SUCCESS, ret); + + /* Should have gotten certificate */ + assert_num_eq (1, p11_parser_parsed (parser)->num); + + p11_parser_free (parser); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_parse_der_certificate, "/parser/parse_der_certificate"); + p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate"); + p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist"); + p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted"); + p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted"); + p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust"); + p11_test (test_parse_anchor, "/parser/parse_anchor"); + p11_test (test_parse_thawte, "/parser/parse_thawte"); + p11_test (test_parse_invalid_file, "/parser/parse_invalid_file"); + p11_test (test_parse_unrecognized, "/parser/parse_unrecognized"); + + p11_fixture (NULL, NULL); + p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-pem.c b/trust/test-pem.c new file mode 100644 index 0000000..6feff86 --- /dev/null +++ b/trust/test-pem.c @@ -0,0 +1,359 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include +#include +#include + +#include "compat.h" +#include "pem.h" + +struct { + const char *input; + struct { + const char *type; + const char *data; + unsigned int length; + } output[8]; +} success_fixtures[] = { + { + /* one block */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + { + { + "BLOCK1", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + NULL, + } + } + }, + + { + /* one block, with header */ + "-----BEGIN BLOCK1-----\n" + "Header1: value1 \n" + " Header2: value2\n" + "\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + { + { + "BLOCK1", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + NULL, + } + } + }, + + { + /* two blocks, junk data */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "blah blah\n" + "-----BEGIN TWO-----\n" + "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n" + "-----END TWO-----\n" + "trailing data", + { + { + "BLOCK1", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + "TWO", + "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b" + "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82" + "\x35\x06\xae\x92\x6c\xbe\x77\x92", + 40 + }, + { + NULL, + } + } + }, + + { + /* one block with empty type */ + "-----BEGIN -----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END -----", + { + { + "", + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, + }, + { + NULL, + } + } + }, + + { + NULL, + } +}; + +typedef struct { + int input_index; + int output_index; + int parsed; +} Closure; + +static void +on_parse_pem_success (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + Closure *cl = user_data; + + assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length); + assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, + success_fixtures[cl->input_index].output[cl->output_index].length) == 0); + + cl->output_index++; + cl->parsed++; +} + +static void +test_pem_success (void) +{ + Closure cl; + int ret; + int i; + int j; + + for (i = 0; success_fixtures[i].input != NULL; i++) { + cl.input_index = i; + cl.output_index = 0; + cl.parsed = 0; + + ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input), + on_parse_pem_success, &cl); + + assert (success_fixtures[i].output[cl.output_index].type == NULL); + + /* Count number of outputs, return from p11_pem_parse() should match */ + for (j = 0; success_fixtures[i].output[j].type != NULL; j++); + assert_num_eq (j, ret); + assert_num_eq (ret, cl.parsed); + } +} + +const char *failure_fixtures[] = { + /* too short at end of opening line */ + "-----BEGIN BLOCK1---\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + + /* truncated */ + "-----BEGIN BLOCK1---", + + /* no ending */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n", + + /* wrong ending */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK2-----", + + /* wrong ending */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END INVALID-----", + + /* too short at end of ending line */ + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1---", + + /* invalid base64 data */ + "-----BEGIN BLOCK1-----\n" + "!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----", + + NULL, +}; + +static void +on_parse_pem_failure (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + assert (false && "not reached"); +} + +static void +test_pem_failure (void) +{ + int ret; + int i; + + for (i = 0; failure_fixtures[i] != NULL; i++) { + ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]), + on_parse_pem_failure, NULL); + assert_num_eq (0, ret); + } +} + +typedef struct { + const char *input; + size_t length; + const char *type; + const char *output; +} WriteFixture; + +static WriteFixture write_fixtures[] = { + { + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", + 30, "BLOCK1", + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n", + }, + { + "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65" + "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20" + "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b" + "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50" + "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61" + "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e" + "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61" + "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f" + "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20" + "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65" + "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a" + "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62" + "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69" + "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f" + "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66" + "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74" + "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c" + "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d" + "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a", + 299, "LONG TYPE WITH SPACES", + "-----BEGIN LONG TYPE WITH SPACES-----\n" + "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n" + "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n" + "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n" + "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n" + "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n" + "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n" + "ZSBwcm9jZXNzLgo=\n" + "-----END LONG TYPE WITH SPACES-----\n" + }, + { + "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" + "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf", + 28, "BLOCK1", + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n" + "-----END BLOCK1-----\n", + }, + { + NULL, + } +}; + +static void +on_parse_written (const char *type, + const unsigned char *contents, + size_t length, + void *user_data) +{ + WriteFixture *fixture = user_data; + + assert_str_eq (fixture->type, type); + assert_num_eq (fixture->length, length); + assert (memcmp (contents, fixture->input, length) == 0); +} + +static void +test_pem_write (void) +{ + WriteFixture *fixture; + p11_buffer buf; + unsigned int count; + int i; + + for (i = 0; write_fixtures[i].input != NULL; i++) { + fixture = write_fixtures + i; + + if (!p11_buffer_init_null (&buf, 0)) + assert_not_reached (); + + if (!p11_pem_write ((unsigned char *)fixture->input, + fixture->length, + fixture->type, &buf)) + assert_not_reached (); + assert_str_eq (fixture->output, buf.data); + assert_num_eq (strlen (fixture->output), buf.len); + + count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture); + assert_num_eq (1, count); + + p11_buffer_uninit (&buf); + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_pem_success, "/pem/success"); + p11_test (test_pem_failure, "/pem/failure"); + p11_test (test_pem_write, "/pem/write"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-persist.c b/trust/test-persist.c new file mode 100644 index 0000000..238a3c4 --- /dev/null +++ b/trust/test-persist.c @@ -0,0 +1,635 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include +#include + +#include "array.h" +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "persist.h" +#include "pkcs11.h" +#include "pkcs11i.h" +#include "pkcs11x.h" + +static void +test_magic (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + const char *other = " " + "\n\n[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + assert (p11_persist_magic ((unsigned char *)input, strlen (input))); + assert (!p11_persist_magic ((unsigned char *)input, 5)); + assert (p11_persist_magic ((unsigned char *)other, strlen (other))); + assert (!p11_persist_magic ((unsigned char *)"blah", 4)); +} + +static p11_array * +args_to_array (void *arg, + ...) GNUC_NULL_TERMINATED; + +static p11_array * +args_to_array (void *arg, + ...) +{ + p11_array *array = p11_array_new (NULL); + + va_list (va); + va_start (va, arg); + + while (arg != NULL) { + p11_array_push (array, arg); + arg = va_arg (va, void *); + } + + va_end (va); + + return array; +} + +static void +check_read_msg (const char *file, + int line, + const char *function, + const char *input, + p11_array *expected) +{ + p11_array *objects; + p11_persist *persist; + int i; + + persist = p11_persist_new (); + objects = p11_array_new (p11_attrs_free); + + if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) { + if (expected == NULL) + p11_test_fail (file, line, function, "decoding should have failed"); + for (i = 0; i < expected->num; i++) { + if (i >= objects->num) + p11_test_fail (file, line, function, "too few objects read"); + test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]); + } + if (i != objects->num) + p11_test_fail (file, line, function, "too many objects read"); + } else { + if (expected != NULL) + p11_test_fail (file, line, function, "decoding failed"); + } + + p11_array_free (objects); + p11_persist_free (persist); + p11_array_free (expected); +} + +static void +check_write_msg (const char *file, + int line, + const char *function, + const char *expected, + p11_array *input) +{ + p11_persist *persist; + p11_buffer buf; + int i; + + persist = p11_persist_new (); + p11_buffer_init_null (&buf, 0); + + for (i = 0; i < input->num; i++) { + if (!p11_persist_write (persist, input->elem[i], &buf)) + p11_test_fail (file, line, function, "persist write failed"); + } + + if (strcmp (buf.data, expected) != 0) { + p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \ + expected, (char *)buf.data); + } + + p11_buffer_uninit (&buf); + p11_array_free (input); + p11_persist_free (persist); +} + +#define check_read_success(input, objs) \ + check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs) + +#define check_read_failure(input) \ + check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL) + +#define check_write_success(expected, inputs) \ + check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs) + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; +static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL truev = CK_TRUE; +static CK_BBOOL falsev = CK_FALSE; + +static void +test_simple (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "blah", 4 }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_number (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "value-len: 29202390\n" + "application: \"test-persist\"\n\n"; + + CK_ULONG value = 29202390; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE_LEN, &value, sizeof (value) }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_bool (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "private: true\n" + "modifiable: false\n" + "application: \"test-persist\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_PRIVATE, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_oid (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_constant (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "certificate-type: x-509-attr-cert\n" + "key-type: rsa\n" + "x-assertion-type: x-pinned-certificate\n" + "certificate-category: authority\n" + "mechanism-type: rsa-pkcs-key-pair-gen\n" + "trust-server-auth: nss-trust-unknown\n\n"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT; + CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE; + CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN; + CK_ULONG category = 2; + CK_KEY_TYPE key = CKK_RSA; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_CERTIFICATE_TYPE, &type, sizeof (type) }, + { CKA_KEY_TYPE, &key, sizeof (key) }, + { CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_MECHANISM_TYPE, &mech, sizeof (mech) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_unknown (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "38383838: \"the-value-here\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &data, sizeof (data) }, + { 38383838, "the-value-here", 14 }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_multiple (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4\n\n" + "[p11-kit-object-v1]\n" + "class: nss-trust\n" + "trust-server-auth: nss-trust-unknown\n\n"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE attrs1[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE attrs2[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs1, attrs2, NULL)); + check_write_success (output, (attrs1, attrs2, NULL)); +} + +static void +test_pem_block (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "id: \"292c92\"\n" + "trusted: true\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATE-----\n" + "\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_ID, "292c92", 6, }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_VALUE, (unsigned char *)&verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + +static void +test_pem_middle (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "id: \"292c92\"\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATE-----\n" + "\n" + "trusted: true"; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_VALUE, (unsigned char *)&verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + check_read_success (input, (expected, NULL)); +} + +static void +test_pem_public_key (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "id: \"292c92\"\n" + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO\n" + "3Hy8PEUcuyvg/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4/4uVW3sbdLs/6PfgdX\n" + "7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvS\n" + "j+hwUU3RiWl7x3D2s9wSdNt7XUtW05a/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTd\n" + "OrUZ/wK69Dzu4IvrN4vs9Nes8vbwPa/ddZEzGR0cQMt0JBkhk9kU/qwqUseP1QRJ\n" + "5I1jR4g8aYPL/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+gl\n" + "FQIDAQAB\n" + "-----END PUBLIC KEY-----\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_ID, "292c92", 6, }, + { CKA_PUBLIC_KEY_INFO, (unsigned char *)&example_public_key, sizeof (example_public_key) }, + { CKA_INVALID }, + }; + + check_read_success (output, (attrs, NULL)); + check_write_success (output, (attrs, NULL)); +} + + +static void +test_pem_invalid (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "-----BEGIN CERT-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATEXXX-----\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_pem_unsupported (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_pem_first (void) +{ + const char *input = "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "[p11-kit-object-v1]\n" + "class: certificate\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_skip_unknown (void) +{ + const char *input = "[version-2]\n" + "class: data\n" + "object-id: 1.2.3.4\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "[p11-kit-object-v1]\n" + "class: nss-trust\n" + "trust-server-auth: nss-trust-unknown"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE expected2[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + check_read_success (input, (expected2, NULL)); + + p11_message_loud (); +} + +static void +test_bad_value (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"%38%\"\n"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_bad_oid (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_bad_field (void) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "invalid-field: true"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_attribute_first (void) +{ + const char *input = "class: data\n" + "[p11-kit-object-v1]\n" + "invalid-field: true"; + + p11_message_quiet (); + + check_read_failure (input); + + p11_message_loud (); +} + +static void +test_not_boolean (void) +{ + const char *output = "[p11-kit-object-v1]\n" + "private: \"x\"\n\n"; + + CK_ATTRIBUTE attrs[] = { + { CKA_PRIVATE, "x", 1 }, + { CKA_INVALID }, + }; + + check_write_success (output, (attrs, NULL)); +} + +static void +test_not_ulong (void) +{ + char buffer[sizeof (CK_ULONG) + 1]; + char *output; + + CK_ATTRIBUTE attrs[] = { + { CKA_BITS_PER_PIXEL, "xx", 2 }, + { CKA_VALUE, buffer, sizeof (CK_ULONG) }, + { CKA_INVALID }, + }; + + memset (buffer, 'x', sizeof (buffer)); + buffer[sizeof (CK_ULONG)] = 0; + + if (asprintf (&output, "[p11-kit-object-v1]\n" + "bits-per-pixel: \"xx\"\n" + "value: \"%s\"\n\n", buffer) < 0) + assert_not_reached (); + + check_write_success (output, (attrs, NULL)); + free (output); +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_magic, "/persist/magic"); + p11_test (test_simple, "/persist/simple"); + p11_test (test_number, "/persist/number"); + p11_test (test_bool, "/persist/bool"); + p11_test (test_oid, "/persist/oid"); + p11_test (test_constant, "/persist/constant"); + p11_test (test_unknown, "/persist/unknown"); + p11_test (test_multiple, "/persist/multiple"); + p11_test (test_pem_block, "/persist/pem_block"); + p11_test (test_pem_middle, "/persist/pem-middle"); + p11_test (test_pem_public_key, "/persist/pem-public-key"); + p11_test (test_pem_invalid, "/persist/pem_invalid"); + p11_test (test_pem_unsupported, "/persist/pem_unsupported"); + p11_test (test_pem_first, "/persist/pem_first"); + p11_test (test_bad_value, "/persist/bad_value"); + p11_test (test_bad_oid, "/persist/bad_oid"); + p11_test (test_bad_field, "/persist/bad_field"); + p11_test (test_skip_unknown, "/persist/skip_unknown"); + p11_test (test_attribute_first, "/persist/attribute_first"); + p11_test (test_not_boolean, "/persist/not-boolean"); + p11_test (test_not_ulong, "/persist/not-ulong"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-save.c b/trust/test-save.c new file mode 100644 index 0000000..0609e79 --- /dev/null +++ b/trust/test-save.c @@ -0,0 +1,603 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "test-trust.h" + +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "dict.h" +#include "message.h" +#include "path.h" +#include "save.h" +#include "test.h" + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +struct { + char *directory; +} test; + +static void +setup (void *unused) +{ + test.directory = p11_test_directory ("test-extract"); +} + +static void +teardown (void *unused) +{ + if (rmdir (test.directory) < 0) + assert_fail ("rmdir() failed", strerror (errno)); + free (test.directory); +} + +static void +write_zero_file (const char *directory, + const char *name) +{ + char *filename; + int res; + int fd; + + if (asprintf (&filename, "%s/%s", directory, name) < 0) + assert_not_reached (); + + fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); + assert (fd != -1); + res = close (fd); + assert (res >= 0); + + free (filename); +} + +static void +test_file_write (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_file_exists (void) +{ + p11_save_file *file; + char *filename; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + write_zero_file (test.directory, "extract-file"); + + p11_message_quiet (); + + file = p11_save_open_file (filename, NULL, 0); + assert (file != NULL); + + if (p11_save_finish_file (file, NULL, true)) + assert_not_reached (); + + p11_message_loud (); + + unlink (filename); + free (filename); +} + +static void +test_file_bad_directory (void) +{ + p11_save_file *file; + char *filename; + + if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + p11_message_quiet (); + + file = p11_save_open_file (filename, NULL, 0); + assert (file == NULL); + + p11_message_loud (); + + free (filename); +} + +static void +test_file_overwrite (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + write_zero_file (test.directory, "extract-file"); + + file = p11_save_open_file (filename, NULL, P11_SAVE_OVERWRITE); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_file_unique (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + write_zero_file (test.directory, "extract-file"); + + file = p11_save_open_file (filename, NULL, P11_SAVE_UNIQUE); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file"); + test_check_file (test.directory, "extract-file.1", SRCDIR "/trust/fixtures/cacert3.der"); +} + +static void +test_file_auto_empty (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, NULL, -1); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file"); +} + +static void +test_file_auto_length (void) +{ + p11_save_file *file; + char *filename; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + ret = p11_save_write_and_finish (file, "The simple string is hairy", -1); + assert_num_eq (true, ret); + free (filename); + + test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/simple-string"); +} + +static void +test_write_with_null (void) +{ + bool ret; + + ret = p11_save_write (NULL, "test", 4); + assert_num_eq (false, ret); +} + +static void +test_write_and_finish_with_null (void) +{ + bool ret; + + ret = p11_save_write_and_finish (NULL, "test", 4); + assert_num_eq (false, ret); +} + +static void +test_file_abort (void) +{ + struct stat st; + p11_save_file *file; + char *filename; + char *path; + bool ret; + + if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0) + assert_not_reached (); + + file = p11_save_open_file (filename, NULL, 0); + assert_ptr_not_null (file); + + path = NULL; + ret = p11_save_finish_file (file, &path, false); + assert_num_eq (true, ret); + assert (path == NULL); + + if (stat (filename, &st) >= 0 || errno != ENOENT) + assert_fail ("file should not exist", filename); + + free (filename); +} + + +static void +test_directory_empty (void) +{ + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_not_null (dir); + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + + test_check_directory (subdir, (NULL, NULL)); + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +static void +test_directory_files (void) +{ + char *path; + char *check; + p11_save_file *file; + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_not_null (dir); + + file = p11_save_open_file_in (dir, "blah", ".cer"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, strlen (test_text)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + +#ifdef OS_UNIX + ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination"); + assert_num_eq (true, ret); +#endif + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + +#ifdef OS_UNIX + test_check_directory (subdir, ("blah.cer", "file.txt", + "link.ext", + NULL)); +#else + test_check_directory (subdir, ("blah.cer", "file.txt", + NULL)); +#endif + test_check_file (subdir, "blah.cer", SRCDIR "/trust/fixtures/cacert3.der"); + test_check_data (subdir, "file.txt", test_text, strlen (test_text)); +#ifdef OS_UNIX + test_check_symlink (subdir, "link.ext", "/the/destination"); +#endif + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +static void +test_directory_dups (void) +{ + char *path; + char *check; + p11_save_file *file; + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_not_null (dir); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, 5); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, 10); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), + test_text, 15); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), + test_text, 8); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL), + test_text, 16); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), + test_text, 14); + assert_num_eq (true, ret); + + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"), + test_text, 15); + assert_num_eq (true, ret); + +#ifdef OS_UNIX + ret = p11_save_symlink_in (dir, "link", ".0", "/destination1"); + assert_num_eq (true, ret); + + ret = p11_save_symlink_in (dir, "link", ".0", "/destination2"); + assert_num_eq (true, ret); +#endif + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + +#ifdef OS_UNIX + test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt", + "no-ext", "no-ext.1", + "with-num.0", "with-num.1", + "link.0", "link.1", + NULL)); +#else + test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt", + "no-ext", "no-ext.1", + "with-num.0", "with-num.1", + NULL)); +#endif + test_check_data (subdir, "file.txt", test_text, 5); + test_check_data (subdir, "file.1.txt", test_text, 10); + test_check_data (subdir, "file.2.txt", test_text, 15); + test_check_data (subdir, "no-ext", test_text, 8); + test_check_data (subdir, "no-ext.1", test_text, 16); + test_check_data (subdir, "with-num.0", test_text, 14); + test_check_data (subdir, "with-num.1", test_text, 15); +#ifdef OS_UNIX + test_check_symlink (subdir, "link.0", "/destination1"); + test_check_symlink (subdir, "link.1", "/destination2"); +#endif + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +static void +test_directory_exists (void) +{ + p11_save_dir *dir; + char *subdir; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + +#ifdef OS_UNIX + if (mkdir (subdir, S_IRWXU) < 0) +#else + if (mkdir (subdir) < 0) +#endif + assert_fail ("mkdir() failed", subdir); + + p11_message_quiet (); + + dir = p11_save_open_directory (subdir, 0); + assert_ptr_eq (NULL, dir); + + p11_message_loud (); + + rmdir (subdir); + free (subdir); +} + +static void +test_directory_overwrite (void) +{ + char *path; + char *check; + p11_save_file *file; + p11_save_dir *dir; + char *subdir; + bool ret; + + if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0) + assert_not_reached (); + + /* Some initial files into this directory, which get overwritten */ + dir = p11_save_open_directory (subdir, 0); + ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), "", 0) && + p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL), "", 0) && + p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL), "", 0) && + p11_save_finish_directory (dir, true); + assert (ret && dir); + + /* Now the actual test, using the same directory */ + dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE); + assert_ptr_not_null (dir); + + file = p11_save_open_file_in (dir, "blah", ".cer"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, strlen (test_text)); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + file = p11_save_open_file_in (dir, "file", ".txt"); + assert_ptr_not_null (file); + ret = p11_save_write (file, test_text, 10); + assert_num_eq (true, ret); + ret = p11_save_finish_file (file, &path, true); + assert_num_eq (true, ret); + if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0) + assert_not_reached (); + assert_str_eq (check, path); + free (check); + free (path); + + ret = p11_save_finish_directory (dir, true); + assert_num_eq (true, ret); + + test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL)); + test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der)); + test_check_data (subdir, "file.txt", test_text, strlen (test_text)); + test_check_data (subdir, "file.1.txt", test_text, 10); + + assert (rmdir (subdir) >= 0); + free (subdir); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_file_write, "/save/test_file_write"); + p11_test (test_file_exists, "/save/test_file_exists"); + p11_test (test_file_bad_directory, "/save/test_file_bad_directory"); + p11_test (test_file_overwrite, "/save/test_file_overwrite"); + p11_test (test_file_unique, "/save/file-unique"); + p11_test (test_file_auto_empty, "/save/test_file_auto_empty"); + p11_test (test_file_auto_length, "/save/test_file_auto_length"); + + p11_fixture (NULL, NULL); + p11_test (test_write_with_null, "/save/test_write_with_null"); + p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null"); + + p11_fixture (setup, teardown); + p11_test (test_file_abort, "/save/test_file_abort"); + + p11_test (test_directory_empty, "/save/test_directory_empty"); + p11_test (test_directory_files, "/save/test_directory_files"); + p11_test (test_directory_dups, "/save/test_directory_dups"); + p11_test (test_directory_exists, "/save/test_directory_exists"); + p11_test (test_directory_overwrite, "/save/test_directory_overwrite"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-token.c b/trust/test-token.c new file mode 100644 index 0000000..436e964 --- /dev/null +++ b/trust/test-token.c @@ -0,0 +1,849 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" +#include "test-trust.h" + +#include +#include +#include + +#include +#include +#include + +#include "attrs.h" +#include "debug.h" +#include "parser.h" +#include "path.h" +#include "pkcs11x.h" +#include "message.h" +#include "token.h" + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL falsev = CK_FALSE; +static CK_BBOOL truev = CK_TRUE; + +struct { + p11_token *token; + p11_index *index; + p11_parser *parser; + char *directory; + char *unwritable; +} test; + +static void +setup (void *path) +{ + test.token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE); + assert_ptr_not_null (test.token); + + test.index = p11_token_index (test.token); + assert_ptr_not_null (test.token); + + test.parser = p11_token_parser (test.token); + assert_ptr_not_null (test.parser); +} + +static void +setup_temp (void *unused) +{ + test.directory = p11_test_directory ("test-module"); + setup (test.directory); +} + +static void +setup_writable (void *unused) +{ + setup_temp (unused); + + test.unwritable = p11_path_build (test.directory, "unwritable", NULL); +#ifdef OS_UNIX + if (mkdir (test.unwritable, S_IRWXU) < 0) +#else + if (mkdir (test.unwritable) < 0) +#endif + assert_fail ("mkdir() failed", test.unwritable); + + chmod (test.unwritable, 0); +} + +static void +teardown (void *path) +{ + p11_token_free (test.token); +} + +static void +teardown_temp (void *unused) +{ + p11_test_directory_delete (test.directory); + teardown (test.directory); + free (test.directory); + memset (&test, 0, sizeof (test)); +} + +static void +teardown_writable (void *unused) +{ + chmod (test.unwritable, 0644); + free (test.unwritable); + + teardown_temp (unused); +} + +static void +test_token_load (void *path) +{ + p11_index *index; + int count; + + count = p11_token_load (test.token); + assert_num_eq (8, count); + + /* A certificate and trust object for each parsed object */ + index = p11_token_index (test.token); + assert (((count - 1) * 2) + 1 <= p11_index_size (index)); +} + +static void +test_token_flags (void *path) +{ + /* + * blacklist comes from the input/distrust.pem file. It is not in the blacklist + * directory, but is an OpenSSL trusted certificate file, and is marked + * in the blacklist style for OpenSSL. + */ + + CK_ATTRIBUTE blacklist[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_LABEL, "Red Hat Is the CA", 17 }, + { CKA_SERIAL_NUMBER, "\x02\x01\x01", 3 }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + /* + * blacklist2 comes from the input/blacklist/self-server.der file. It is + * explicitly put on the blacklist, even though it contains no trust + * policy information. + */ + + const unsigned char self_server_subject[] = { + 0x30, 0x4b, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, + 0x01, 0x19, 0x16, 0x03, 0x43, 0x4f, 0x4d, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26, + 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x45, 0x58, 0x41, 0x4d, 0x50, 0x4c, 0x45, + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + }; + + CK_ATTRIBUTE blacklist2[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)self_server_subject, sizeof (self_server_subject) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &truev, sizeof (truev) }, + { CKA_INVALID }, + }; + + /* + * anchor comes from the input/anchors/cacert3.der file. It is + * explicitly marked as an anchor, even though it contains no trust + * policy information. + */ + + CK_ATTRIBUTE anchor[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + const unsigned char cacert_root_subject[] = { + 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, + 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, + }; + + /* + * notrust comes from the input/cacert-ca.der file. It contains no + * trust information, and is not explicitly marked as an anchor, so + * it's neither trusted or distrusted. + */ + + CK_ATTRIBUTE notrust[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)cacert_root_subject, sizeof (cacert_root_subject) }, + { CKA_TRUSTED, &falsev, sizeof (falsev) }, + { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *expected[] = { + anchor, + blacklist, + blacklist2, + notrust, + NULL, + }; + + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE *object; + int i; + + if (p11_token_load (test.token) < 0) + assert_not_reached (); + + /* The other objects */ + for (i = 0; expected[i]; i++) { + handle = p11_index_find (p11_token_index (test.token), expected[i], 2); + assert (handle != 0); + + object = p11_index_lookup (p11_token_index (test.token), handle); + assert_ptr_not_null (object); + + test_check_attrs (expected[i], object); + } +} + +static void +test_token_path (void *path) +{ + assert_str_eq (path, p11_token_get_path (test.token)); +} + +static void +test_token_label (void *path) +{ + assert_str_eq ("Label", p11_token_get_label (test.token)); +} + +static void +test_token_slot (void *path) +{ + assert_num_eq (333, p11_token_get_slot (test.token)); +} + +static void +test_not_writable (void) +{ + p11_token *token; + char *path; + int fd; + + path = p11_path_build (test.unwritable, "test", NULL); + fd = open (path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); + free (path); + + if (fd >= 0) { + close (fd); + assert_skip ("cannot perform non-writable test", NULL); + } + + token = p11_token_new (333, test.unwritable, "Label", P11_TOKEN_FLAG_NONE); + assert (!p11_token_is_writable (token)); + p11_token_free (token); + + token = p11_token_new (333, "", "Label", P11_TOKEN_FLAG_NONE); + assert (!p11_token_is_writable (token)); + p11_token_free (token); + + path = p11_path_build (test.unwritable, "non-existent", NULL); + token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE); + free (path); + assert (!p11_token_is_writable (token)); + p11_token_free (token); +} + +static void +test_writable_exists (void) +{ + /* A writable directory since we created it */ + assert (p11_token_is_writable (test.token)); +} + +static void +test_writable_no_exist (void) +{ + char *directory; + p11_token *token; + char *path; + + directory = p11_test_directory ("test-module"); + + path = p11_path_build (directory, "subdir", NULL); + assert (path != NULL); + + token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE); + free (path); + + /* A writable directory since parent is writable */ + assert (p11_token_is_writable (token)); + + p11_token_free (token); + + if (rmdir (directory) < 0) + assert_not_reached (); + + free (directory); +} + +static void +test_load_already (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + CK_OBJECT_HANDLE handle; + int ret; + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + handle = p11_index_find (test.index, cert, -1); + assert (handle != 0); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert_num_eq (p11_index_find (test.index, cert, -1), handle); +} + +static void +test_load_unreadable (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + int ret; + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + assert (p11_index_find (test.index, cert, -1) != 0); + + p11_test_file_write (test.directory, "test.cer", "", 0); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert (p11_index_find (test.index, cert, -1) == 0); +} + +static void +test_load_gone (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + int ret; + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + assert (p11_index_find (test.index, cert, -1) != 0); + + p11_test_file_delete (test.directory, "test.cer"); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert (p11_index_find (test.index, cert, -1) == 0); +} + +static void +test_load_found (void) +{ + CK_ATTRIBUTE cert[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + int ret; + + ret = p11_token_load (test.token); + assert_num_eq (ret, 0); + assert (p11_index_find (test.index, cert, -1) == 0); + + /* Have to wait to make sure changes are detected */ + p11_sleep_ms (1100); + + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + assert (p11_index_find (test.index, cert, -1) != 0); +} + +static void +test_load_contrived (void) +{ + int ret; + p11_index *index; + + p11_test_file_write (test.directory, "contrived.der", test_contrived_der, + sizeof (test_contrived_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + + index = p11_token_index (test.token); + ret = p11_index_size (index); + assert_num_eq (ret, 3); +} + +static void +test_reload_changed (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE verisign[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE handle; + int ret; + + /* Just one file */ + p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 1); + handle = p11_index_find (test.index, cacert3, -1); + assert (handle != 0); + + /* Replace the file with verisign */ + p11_test_file_write (test.directory, "test.cer", verisign_v1_ca, + sizeof (verisign_v1_ca)); + + /* Add another file with cacert3, but not reloaded */ + p11_test_file_write (test.directory, "another.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + if (!p11_token_reload (test.token, attrs)) + assert_not_reached (); + + assert (p11_index_find (test.index, cacert3, -1) == 0); + assert (p11_index_find (test.index, verisign, -1) != 0); +} + +static void +test_reload_gone (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE verisign[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE *attrs; + CK_OBJECT_HANDLE handle; + int ret; + + /* Just one file */ + p11_test_file_write (test.directory, "cacert3.cer", test_cacert3_ca_der, + sizeof (test_cacert3_ca_der)); + p11_test_file_write (test.directory, "verisign.cer", verisign_v1_ca, + sizeof (verisign_v1_ca)); + + ret = p11_token_load (test.token); + assert_num_eq (ret, 2); + handle = p11_index_find (test.index, cacert3, -1); + assert (handle != 0); + assert (p11_index_find (test.index, verisign, -1) != 0); + + p11_test_file_delete (test.directory, "cacert3.cer"); + p11_test_file_delete (test.directory, "verisign.cer"); + + attrs = p11_index_lookup (test.index, handle); + assert_ptr_not_null (attrs); + if (p11_token_reload (test.token, attrs)) + assert_not_reached (); + + assert (p11_index_find (test.index, cacert3, -1) == 0); + assert (p11_index_find (test.index, verisign, -1) != 0); +} + +static void +test_reload_no_origin (void) +{ + CK_ATTRIBUTE cacert3[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_INVALID }, + }; + + if (p11_token_reload (test.token, cacert3)) + assert_not_reached (); +} + +static void +test_write_new (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "Yay!", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "Yay!", 4 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + rv = p11_index_add (test.index, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "Yay_.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_write_no_label (void) +{ + CK_ATTRIBUTE original[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "eight", 5 }, + { CKA_TOKEN, &truev, sizeof (truev) }, + { CKA_INVALID } + }; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "", 0 }, + { CKA_VALUE, "eight", 5 }, + { CKA_APPLICATION, "", 0 }, + { CKA_OBJECT_ID, "", 0 }, + { CKA_INVALID } + }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + CK_RV rv; + int ret; + + rv = p11_index_add (test.index, original, 4, &handle); + assert_num_eq (rv, CKR_OK); + + /* The expected file name */ + path = p11_path_build (test.directory, "data.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 1); + + test_check_attrs (expected, parsed->elem[0]); +} + +static void +test_modify_multiple (void) +{ + const char *test_data = + "# This file has been auto-generated and written by p11-kit.\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"first\"\n" + "value: \"1\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"second\"\n" + "value: \"2\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"third\"\n" + "value: \"3\"\n"; + + CK_ATTRIBUTE first[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "first", 5 }, + { CKA_VALUE, "1", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE second[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "zwei", 4 }, + { CKA_VALUE, "2", 2 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE third[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "third", 5 }, + { CKA_VALUE, "3", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + int ret; + CK_RV rv; + + p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); + + /* Reload now that we have this new file */ + p11_token_load (test.token); + + handle = p11_index_find (test.index, &match, 1); + + rv = p11_index_update (test.index, handle, p11_attrs_dup (second)); + assert_num_eq (rv, CKR_OK); + + /* Now read in the file and make sure it has all the objects */ + path = p11_path_build (test.directory, "Test.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 3); + + /* The modified one will be first */ + test_check_attrs (second, parsed->elem[0]); + test_check_attrs (first, parsed->elem[1]); + test_check_attrs (third, parsed->elem[2]); +} + +static void +test_remove_one (void) +{ + const char *test_data = + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"first\"\n" + "value: \"1\"\n" + "\n"; + + CK_ATTRIBUTE match = { CKA_LABEL, "first", 5 }; + + CK_OBJECT_HANDLE handle; + CK_RV rv; + + p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); + test_check_directory (test.directory, ("Test.p11-kit", NULL)); + + /* Reload now that we have this new file */ + p11_token_load (test.token); + + handle = p11_index_find (test.index, &match, 1); + assert_num_cmp (handle, !=, 0); + + rv = p11_index_remove (test.index, handle); + assert_num_eq (rv, CKR_OK); + + /* No other files in the test directory, all files gone */ + test_check_directory (test.directory, (NULL, NULL)); +} + +static void +test_remove_multiple (void) +{ + const char *test_data = + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"first\"\n" + "value: \"1\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"second\"\n" + "value: \"2\"\n" + "\n" + "[p11-kit-object-v1]\n" + "class: data\n" + "label: \"third\"\n" + "value: \"3\"\n"; + + CK_ATTRIBUTE first[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "first", 5 }, + { CKA_VALUE, "1", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE third[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_LABEL, "third", 5 }, + { CKA_VALUE, "3", 1 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 }; + + CK_OBJECT_HANDLE handle; + p11_array *parsed; + char *path; + int ret; + CK_RV rv; + + p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data)); + + /* Reload now that we have this new file */ + p11_token_load (test.token); + + handle = p11_index_find (test.index, &match, 1); + assert_num_cmp (handle, !=, 0); + + rv = p11_index_remove (test.index, handle); + assert_num_eq (rv, CKR_OK); + + /* Now read in the file and make sure it has all the objects */ + path = p11_path_build (test.directory, "Test.p11-kit", NULL); + ret = p11_parse_file (test.parser, path, NULL, 0); + assert_num_eq (ret, P11_PARSE_SUCCESS); + free (path); + + parsed = p11_parser_parsed (test.parser); + assert_num_eq (parsed->num, 2); + + /* The modified one will be first */ + test_check_attrs (first, parsed->elem[0]); + test_check_attrs (third, parsed->elem[1]); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_testx (test_token_load, SRCDIR "/trust/input", "/token/load"); + p11_testx (test_token_flags, SRCDIR "/trust/input", "/token/flags"); + p11_testx (test_token_path, "/wheee", "/token/path"); + p11_testx (test_token_label, "/wheee", "/token/label"); + p11_testx (test_token_slot, "/unneeded", "/token/slot"); + + p11_fixture (setup_writable, teardown_writable); + p11_test (test_not_writable, "/token/not-writable"); + p11_test (test_writable_no_exist, "/token/writable-no-exist"); + + p11_fixture (setup_temp, teardown_temp); + p11_test (test_writable_exists, "/token/writable-exists"); + p11_test (test_load_found, "/token/load-found"); + p11_test (test_load_already, "/token/load-already"); + p11_test (test_load_unreadable, "/token/load-unreadable"); + p11_test (test_load_gone, "/token/load-gone"); + p11_test (test_load_contrived, "/token/load-contrived"); + p11_test (test_reload_changed, "/token/reload-changed"); + p11_test (test_reload_gone, "/token/reload-gone"); + p11_test (test_reload_no_origin, "/token/reload-no-origin"); + p11_test (test_write_new, "/token/write-new"); + p11_test (test_write_no_label, "/token/write-no-label"); + p11_test (test_modify_multiple, "/token/modify-multiple"); + p11_test (test_remove_one, "/token/remove-one"); + p11_test (test_remove_multiple, "/token/remove-multiple"); + + return p11_test_run (argc, argv); +} diff --git a/trust/test-trust.c b/trust/test-trust.c new file mode 100644 index 0000000..29b2797 --- /dev/null +++ b/trust/test-trust.c @@ -0,0 +1,335 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "attrs.h" +#include "debug.h" +#include "message.h" +#include "path.h" +#include "test.h" + +#include "test-trust.h" + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef OS_UNIX +#include +#endif + +void +test_check_object_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + CK_OBJECT_CLASS klass, + const char *label) +{ + CK_BBOOL vfalse = CK_FALSE; + + CK_ATTRIBUTE expected[] = { + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_CLASS, &klass, sizeof (klass) }, + { label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 }, + { CKA_INVALID }, + }; + + test_check_attrs_msg (file, line, function, expected, attrs); +} + +void +test_check_cacert3_ca_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + const char *label) +{ + CK_CERTIFICATE_TYPE x509 = CKC_X_509; + CK_ULONG category = 2; /* authority */ + + CK_ATTRIBUTE expected[] = { + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) }, + { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 }, + { CKA_START_DATE, "20110523", 8 }, + { CKA_END_DATE, "20210520", 8, }, + { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) }, + { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) }, + { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) }, + { CKA_INVALID }, + }; + + test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label); + test_check_attrs_msg (file, line, function, expected, attrs); +} + +void +test_check_id_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr) +{ + CK_ATTRIBUTE *one; + CK_ATTRIBUTE *two; + + one = p11_attrs_find (expected, CKA_ID); + two = p11_attrs_find (attr, CKA_ID); + + test_check_attr_msg (file, line, function, CKA_INVALID, one, two); +} + +void +test_check_attrs_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attrs) +{ + CK_OBJECT_CLASS klass; + CK_ATTRIBUTE *attr; + + assert (expected != NULL); + + if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass)) + klass = CKA_INVALID; + + while (!p11_attrs_terminator (expected)) { + attr = p11_attrs_find (attrs, expected->type); + test_check_attr_msg (file, line, function, klass, expected, attr); + expected++; + } +} + +void +test_check_attr_msg (const char *file, + int line, + const char *function, + CK_OBJECT_CLASS klass, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr) +{ + assert (expected != NULL); + + if (attr == NULL) { + p11_test_fail (file, line, function, + "attribute does not match: (expected %s but found NULL)", + p11_attr_to_string (expected, klass)); + } + + if (!p11_attr_equal (attr, expected)) { + p11_test_fail (file, line, function, + "attribute does not match: (expected %s but found %s)", + p11_attr_to_string (expected, klass), + attr ? p11_attr_to_string (attr, klass) : "(null)"); + } +} + +static char * +read_file (const char *file, + int line, + const char *function, + const char *filename, + long *len) +{ + struct stat sb; + FILE *f = NULL; + char *data; + + f = fopen (filename, "rb"); + if (f == NULL) + p11_test_fail (file, line, function, "Couldn't open file: %s", filename); + + /* Figure out size */ + if (stat (filename, &sb) < 0) + p11_test_fail (file, line, function, "Couldn't stat file: %s", filename); + + *len = sb.st_size; + data = malloc (*len ? *len : 1); + assert (data != NULL); + + /* And read in one block */ + if (fread (data, 1, *len, f) != *len) + p11_test_fail (file, line, function, "Couldn't read file: %s", filename); + + fclose (f); + + return data; +} + +void +test_check_file_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const char *reference) +{ + char *refdata; + long reflen; + + refdata = read_file (file, line, function, reference, &reflen); + test_check_data_msg (file, line, function, directory, name, refdata, reflen); + free (refdata); +} + +void +test_check_data_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const void *refdata, + long reflen) +{ + char *filedata; + char *filename; + long filelen; + + if (asprintf (&filename, "%s/%s", directory, name) < 0) + assert_not_reached (); + + filedata = read_file (file, line, function, filename, &filelen); + + if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0) + p11_test_fail (file, line, function, "File contents not as expected: %s", filename); + + if (unlink (filename) < 0) + p11_test_fail (file, line, function, "Couldn't remove file: %s", filename); + free (filename); + free (filedata); +} + +#ifdef OS_UNIX + +void +test_check_symlink_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const char *destination) +{ + char buf[1024] = { 0, }; + char *filename; + + if (asprintf (&filename, "%s/%s", directory, name) < 0) + assert_not_reached (); + + if (readlink (filename, buf, sizeof (buf)) < 0) + p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename); + + if (strcmp (destination, buf) != 0) + p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf); + + if (unlink (filename) < 0) + p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename); + free (filename); +} + +#endif /* OS_UNIX */ + +p11_dict * +test_check_directory_files (const char *file, + ...) +{ + p11_dict *files; + va_list va; + + files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + + va_start (va, file); + + while (file != NULL) { + if (!p11_dict_set (files, (void *)file, (void *)file)) { + va_end (va); + return_val_if_reached (NULL); + } + file = va_arg (va, const char *); + } + + va_end (va); + + return files; +} + +void +test_check_directory_msg (const char *file, + int line, + const char *function, + const char *directory, + p11_dict *files) +{ + p11_dictiter iter; + struct dirent *dp; + const char *name; + DIR *dir; + + dir = opendir (directory); + if (dir == NULL) + p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory); + + while ((dp = readdir (dir)) != NULL) { + if (strcmp (dp->d_name, ".") == 0 || + strcmp (dp->d_name, "..") == 0) + continue; + + if (!p11_dict_remove (files, dp->d_name)) + p11_test_fail (file, line, function, "Unexpected file in directory: %s", dp->d_name); + } + + closedir (dir); + +#ifdef OS_UNIX + if (chmod (directory, S_IRWXU) < 0) + p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno)); +#endif + + p11_dict_iterate (files, &iter); + while (p11_dict_next (&iter, (void **)&name, NULL)) + p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name); + + p11_dict_free (files); +} diff --git a/trust/test-trust.h b/trust/test-trust.h new file mode 100644 index 0000000..5ce3508 --- /dev/null +++ b/trust/test-trust.h @@ -0,0 +1,527 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "dict.h" +#include "pkcs11.h" +#include "test.h" + +#include +#include + +#ifndef TEST_DATA_H_ +#define TEST_DATA_H_ + +#define test_check_object(attrs, klass, label) \ + test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label) + +void test_check_object_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + CK_OBJECT_CLASS klass, + const char *label); + +#define test_check_cacert3_ca(attrs, label) \ + test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label) + +void test_check_cacert3_ca_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *attrs, + const char *label); + +#define test_check_attrs(expected, attrs) \ + test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) + +void test_check_attrs_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attrs); + +#define test_check_attr(expected, attr) \ + test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr) + +void test_check_attr_msg (const char *file, + int line, + const char *function, + CK_OBJECT_CLASS klass, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr); + +#define test_check_id(expected, attrs) \ + test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs) + +void test_check_id_msg (const char *file, + int line, + const char *function, + CK_ATTRIBUTE *expected, + CK_ATTRIBUTE *attr); + +static const unsigned char test_cacert3_ca_der[] = { + 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, + 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, + 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, + 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, + 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, + 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, + 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, + 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, + 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, + 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, + 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, + 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, + 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, + 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, + 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, + 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, + 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, + 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, + 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, + 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, + 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, + 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, + 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, + 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, + 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, + 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, + 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, + 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, + 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, + 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, + 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, + 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, + 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, + 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, + 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, + 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, + 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, + 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, + 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, + 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, + 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, + 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, + 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, + 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, + 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, + 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, + 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, + 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, + 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, + 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, + 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, + 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, + 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, + 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, + 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, + 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, + 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, + 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, + 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, + 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, + 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, + 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, + 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, + 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, + 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, + 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, + 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, + 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, + 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, + 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, + 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, + 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, + 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, + 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, + 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, + 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, + 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, + 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, + 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, + 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, + 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, + 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, + 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, + 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, + 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, + 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, + 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, + 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, +}; + +static const char test_cacert3_ca_subject[] = { + 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, + 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, + 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74, +}; + +static const char test_cacert3_ca_issuer[] = { + 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, + 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, + 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, +}; + +static const char test_cacert3_ca_serial[] = { + 0x02, 0x03, 0x0a, 0x41, 0x8a, +}; + +static const char test_cacert3_ca_public_key[] = { + 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, + 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, 0xa9, 0xdd, + 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, 0x89, 0x7d, + 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, 0x99, 0x73, + 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, 0x7f, 0x64, + 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, 0x69, 0x01, + 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, 0xc5, 0x79, + 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, 0x9f, 0xcb, + 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, 0x8d, 0x09, + 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, 0xe3, 0xeb, + 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, 0x33, 0xbf, + 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, 0xa4, 0xd9, + 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, 0xec, 0x85, + 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, 0xd5, 0x3b, + 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, 0x15, 0x71, + 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, 0x8c, 0xf9, + 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, 0x64, 0x27, + 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, 0x5d, 0xaa, + 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, 0x0e, 0x42, + 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, 0x62, 0x34, + 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, 0xa0, 0x5b, + 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, 0xb7, 0xa2, + 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, 0x6c, 0x5f, + 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, 0x47, 0xd5, + 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, 0x03, 0x68, + 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, 0x3a, 0x98, + 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, 0xae, 0x60, + 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, 0x56, 0xe7, + 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, 0xa1, 0xd1, + 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, 0x2c, 0x86, + 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, 0x9d, 0xaf, + 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, 0x42, 0x74, + 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, 0x05, 0xfb, + 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +static const unsigned char verisign_v1_ca[] = { + 0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0, + 0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, + 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, + 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36, + 0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, + 0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, + 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, + 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, + 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, + 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d, + 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e, + 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f, + 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73, + 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06, + 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2, + 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9, + 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a, + 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, + 0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09, + 0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96, + 0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d, + 0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe, + 0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15, + 0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36, + 0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa, + 0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b, +}; + +static const unsigned char verisign_v1_ca_subject[] = { + 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, + 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, +}; + +static const unsigned char verisign_v1_ca_public_key[] = { + 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, + 0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, + 0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, + 0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, + 0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, + 0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, + 0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, + 0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, + 0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, + 0x00, 0x01, +}; + +static const unsigned char example_public_key[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e, + 0xdc, 0x7c, 0xbc, 0x3c, 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3, + 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, 0xe8, 0x2a, 0xaa, 0xa6, + 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57, + 0xec, 0xef, 0x43, 0xdb, 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0, + 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, 0x26, 0xe5, 0x2b, 0x8f, + 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2, + 0x8f, 0xe8, 0x70, 0x51, 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74, + 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, 0xf4, 0xa2, 0x25, 0xf2, + 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd, + 0x3a, 0xb5, 0x19, 0xff, 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4, + 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, 0x1d, 0x1c, 0x40, 0xcb, + 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49, + 0xe4, 0x8d, 0x63, 0x47, 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5, + 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, 0x08, 0x7e, 0xe5, 0x3f, + 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25, + 0x15, 0x02, 0x03, 0x01, 0x00, 0x01 +}; + +static const char test_contrived_der[] = { + 0x30, 0x82, 0x05, 0xbd, 0x30, 0x82, 0x05, 0x62, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0c, 0x57, + 0xea, 0x3b, 0x20, 0x31, 0x8a, 0x20, 0x40, 0xac, 0xad, 0x0a, 0xf1, 0x30, 0x0a, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x82, 0x02, 0x46, 0x31, 0x82, 0x02, 0x42, 0x30, + 0x82, 0x02, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x82, 0x02, 0x35, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x69, 0x76, 0x65, 0x64, 0x20, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x20, 0x63, 0x61, 0x0a, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, + 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, 0x5a, + 0x6a, 0x43, 0x43, 0x41, 0x51, 0x79, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4d, 0x56, + 0x2b, 0x6f, 0x36, 0x41, 0x67, 0x51, 0x70, 0x74, 0x75, 0x63, 0x6c, 0x62, 0x5a, 0x34, 0x72, 0x4d, + 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d, 0x43, 0x4d, + 0x42, 0x30, 0x78, 0x47, 0x7a, 0x41, 0x5a, 0x42, 0x67, 0x4e, 0x56, 0x0a, 0x42, 0x41, 0x4d, 0x54, + 0x45, 0x6d, 0x4e, 0x76, 0x62, 0x6e, 0x52, 0x79, 0x61, 0x58, 0x5a, 0x6c, 0x5a, 0x43, 0x42, 0x70, + 0x62, 0x6d, 0x35, 0x6c, 0x63, 0x69, 0x42, 0x6a, 0x59, 0x54, 0x41, 0x65, 0x46, 0x77, 0x30, 0x78, + 0x4e, 0x6a, 0x41, 0x35, 0x4d, 0x6a, 0x63, 0x77, 0x4f, 0x54, 0x49, 0x78, 0x4d, 0x44, 0x5a, 0x61, + 0x46, 0x77, 0x30, 0x78, 0x4e, 0x7a, 0x41, 0x35, 0x4d, 0x6a, 0x63, 0x77, 0x0a, 0x4f, 0x54, 0x49, + 0x78, 0x4d, 0x44, 0x5a, 0x61, 0x4d, 0x42, 0x30, 0x78, 0x47, 0x7a, 0x41, 0x5a, 0x42, 0x67, 0x4e, + 0x56, 0x42, 0x41, 0x4d, 0x54, 0x45, 0x6d, 0x4e, 0x76, 0x62, 0x6e, 0x52, 0x79, 0x61, 0x58, 0x5a, + 0x6c, 0x5a, 0x43, 0x42, 0x70, 0x62, 0x6d, 0x35, 0x6c, 0x63, 0x69, 0x42, 0x6a, 0x59, 0x54, 0x42, + 0x5a, 0x4d, 0x42, 0x4d, 0x47, 0x42, 0x79, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x0a, 0x41, 0x67, + 0x45, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x41, 0x77, 0x45, 0x48, 0x41, 0x30, + 0x49, 0x41, 0x42, 0x4f, 0x55, 0x7a, 0x42, 0x77, 0x4a, 0x51, 0x6b, 0x70, 0x55, 0x69, 0x76, 0x6b, + 0x65, 0x70, 0x4a, 0x51, 0x79, 0x7a, 0x76, 0x59, 0x64, 0x6b, 0x41, 0x4d, 0x38, 0x4c, 0x4a, 0x64, + 0x77, 0x37, 0x72, 0x61, 0x71, 0x4f, 0x58, 0x39, 0x72, 0x46, 0x79, 0x58, 0x71, 0x4b, 0x0a, 0x38, + 0x44, 0x52, 0x57, 0x50, 0x75, 0x71, 0x67, 0x79, 0x74, 0x32, 0x6e, 0x38, 0x34, 0x4c, 0x6b, 0x64, + 0x35, 0x72, 0x78, 0x61, 0x70, 0x41, 0x62, 0x36, 0x63, 0x39, 0x45, 0x37, 0x66, 0x43, 0x38, 0x63, + 0x34, 0x36, 0x71, 0x44, 0x34, 0x31, 0x45, 0x54, 0x61, 0x32, 0x6a, 0x4d, 0x6a, 0x41, 0x77, 0x4d, + 0x41, 0x38, 0x47, 0x41, 0x31, 0x55, 0x64, 0x45, 0x77, 0x45, 0x42, 0x2f, 0x77, 0x51, 0x46, 0x0a, + 0x4d, 0x41, 0x4d, 0x42, 0x41, 0x66, 0x38, 0x77, 0x48, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x4f, + 0x42, 0x42, 0x59, 0x45, 0x46, 0x50, 0x49, 0x4b, 0x67, 0x4c, 0x36, 0x78, 0x6f, 0x4d, 0x6b, 0x7a, + 0x54, 0x6d, 0x56, 0x4c, 0x77, 0x72, 0x53, 0x4b, 0x64, 0x76, 0x58, 0x46, 0x45, 0x44, 0x73, 0x66, + 0x4d, 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d, 0x43, + 0x0a, 0x41, 0x30, 0x67, 0x41, 0x4d, 0x45, 0x55, 0x43, 0x49, 0x45, 0x4a, 0x46, 0x64, 0x75, 0x32, + 0x61, 0x61, 0x4e, 0x63, 0x41, 0x4b, 0x4e, 0x77, 0x4b, 0x4b, 0x75, 0x6d, 0x6d, 0x52, 0x33, 0x52, + 0x59, 0x65, 0x4f, 0x49, 0x6b, 0x33, 0x45, 0x4c, 0x53, 0x61, 0x65, 0x46, 0x6e, 0x39, 0x6e, 0x6b, + 0x6d, 0x38, 0x36, 0x39, 0x6c, 0x41, 0x69, 0x45, 0x41, 0x7a, 0x2b, 0x70, 0x2b, 0x6d, 0x39, 0x36, + 0x78, 0x0a, 0x45, 0x63, 0x39, 0x4d, 0x64, 0x66, 0x6b, 0x61, 0x6c, 0x6e, 0x74, 0x71, 0x6d, 0x6d, + 0x4b, 0x46, 0x33, 0x55, 0x59, 0x31, 0x2f, 0x6b, 0x65, 0x4f, 0x66, 0x59, 0x5a, 0x62, 0x6b, 0x4f, + 0x6e, 0x46, 0x48, 0x45, 0x59, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, + 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, + 0x0a, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x39, 0x32, 0x37, 0x30, 0x39, 0x32, 0x35, 0x35, + 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x39, 0x32, 0x37, 0x30, 0x39, 0x32, 0x35, 0x35, 0x32, + 0x5a, 0x30, 0x82, 0x02, 0x46, 0x31, 0x82, 0x02, 0x42, 0x30, 0x82, 0x02, 0x3e, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x82, 0x02, 0x35, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x69, 0x76, 0x65, 0x64, 0x20, + 0x6f, 0x75, 0x74, 0x65, 0x72, 0x20, 0x63, 0x61, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, + 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, 0x5a, 0x6a, 0x43, 0x43, 0x41, 0x51, 0x79, + 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4d, 0x56, 0x2b, 0x6f, 0x36, 0x41, 0x67, 0x51, + 0x70, 0x74, 0x75, 0x63, 0x6c, 0x62, 0x5a, 0x34, 0x72, 0x4d, 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, + 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d, 0x43, 0x4d, 0x42, 0x30, 0x78, 0x47, 0x7a, 0x41, + 0x5a, 0x42, 0x67, 0x4e, 0x56, 0x0a, 0x42, 0x41, 0x4d, 0x54, 0x45, 0x6d, 0x4e, 0x76, 0x62, 0x6e, + 0x52, 0x79, 0x61, 0x58, 0x5a, 0x6c, 0x5a, 0x43, 0x42, 0x70, 0x62, 0x6d, 0x35, 0x6c, 0x63, 0x69, + 0x42, 0x6a, 0x59, 0x54, 0x41, 0x65, 0x46, 0x77, 0x30, 0x78, 0x4e, 0x6a, 0x41, 0x35, 0x4d, 0x6a, + 0x63, 0x77, 0x4f, 0x54, 0x49, 0x78, 0x4d, 0x44, 0x5a, 0x61, 0x46, 0x77, 0x30, 0x78, 0x4e, 0x7a, + 0x41, 0x35, 0x4d, 0x6a, 0x63, 0x77, 0x0a, 0x4f, 0x54, 0x49, 0x78, 0x4d, 0x44, 0x5a, 0x61, 0x4d, + 0x42, 0x30, 0x78, 0x47, 0x7a, 0x41, 0x5a, 0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x4d, 0x54, 0x45, + 0x6d, 0x4e, 0x76, 0x62, 0x6e, 0x52, 0x79, 0x61, 0x58, 0x5a, 0x6c, 0x5a, 0x43, 0x42, 0x70, 0x62, + 0x6d, 0x35, 0x6c, 0x63, 0x69, 0x42, 0x6a, 0x59, 0x54, 0x42, 0x5a, 0x4d, 0x42, 0x4d, 0x47, 0x42, + 0x79, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x0a, 0x41, 0x67, 0x45, 0x47, 0x43, 0x43, 0x71, 0x47, + 0x53, 0x4d, 0x34, 0x39, 0x41, 0x77, 0x45, 0x48, 0x41, 0x30, 0x49, 0x41, 0x42, 0x4f, 0x55, 0x7a, + 0x42, 0x77, 0x4a, 0x51, 0x6b, 0x70, 0x55, 0x69, 0x76, 0x6b, 0x65, 0x70, 0x4a, 0x51, 0x79, 0x7a, + 0x76, 0x59, 0x64, 0x6b, 0x41, 0x4d, 0x38, 0x4c, 0x4a, 0x64, 0x77, 0x37, 0x72, 0x61, 0x71, 0x4f, + 0x58, 0x39, 0x72, 0x46, 0x79, 0x58, 0x71, 0x4b, 0x0a, 0x38, 0x44, 0x52, 0x57, 0x50, 0x75, 0x71, + 0x67, 0x79, 0x74, 0x32, 0x6e, 0x38, 0x34, 0x4c, 0x6b, 0x64, 0x35, 0x72, 0x78, 0x61, 0x70, 0x41, + 0x62, 0x36, 0x63, 0x39, 0x45, 0x37, 0x66, 0x43, 0x38, 0x63, 0x34, 0x36, 0x71, 0x44, 0x34, 0x31, + 0x45, 0x54, 0x61, 0x32, 0x6a, 0x4d, 0x6a, 0x41, 0x77, 0x4d, 0x41, 0x38, 0x47, 0x41, 0x31, 0x55, + 0x64, 0x45, 0x77, 0x45, 0x42, 0x2f, 0x77, 0x51, 0x46, 0x0a, 0x4d, 0x41, 0x4d, 0x42, 0x41, 0x66, + 0x38, 0x77, 0x48, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x4f, 0x42, 0x42, 0x59, 0x45, 0x46, 0x50, + 0x49, 0x4b, 0x67, 0x4c, 0x36, 0x78, 0x6f, 0x4d, 0x6b, 0x7a, 0x54, 0x6d, 0x56, 0x4c, 0x77, 0x72, + 0x53, 0x4b, 0x64, 0x76, 0x58, 0x46, 0x45, 0x44, 0x73, 0x66, 0x4d, 0x41, 0x6f, 0x47, 0x43, 0x43, + 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d, 0x43, 0x0a, 0x41, 0x30, 0x67, 0x41, 0x4d, + 0x45, 0x55, 0x43, 0x49, 0x45, 0x4a, 0x46, 0x64, 0x75, 0x32, 0x61, 0x61, 0x4e, 0x63, 0x41, 0x4b, + 0x4e, 0x77, 0x4b, 0x4b, 0x75, 0x6d, 0x6d, 0x52, 0x33, 0x52, 0x59, 0x65, 0x4f, 0x49, 0x6b, 0x33, + 0x45, 0x4c, 0x53, 0x61, 0x65, 0x46, 0x6e, 0x39, 0x6e, 0x6b, 0x6d, 0x38, 0x36, 0x39, 0x6c, 0x41, + 0x69, 0x45, 0x41, 0x7a, 0x2b, 0x70, 0x2b, 0x6d, 0x39, 0x36, 0x78, 0x0a, 0x45, 0x63, 0x39, 0x4d, + 0x64, 0x66, 0x6b, 0x61, 0x6c, 0x6e, 0x74, 0x71, 0x6d, 0x6d, 0x4b, 0x46, 0x33, 0x55, 0x59, 0x31, + 0x2f, 0x6b, 0x65, 0x4f, 0x66, 0x59, 0x5a, 0x62, 0x6b, 0x4f, 0x6e, 0x46, 0x48, 0x45, 0x59, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, + 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x30, 0x59, 0x30, 0x13, 0x06, + 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, + 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xfc, 0xc7, 0x64, 0xf8, 0x11, 0x1a, 0x27, 0x9e, 0x42, 0x2a, + 0x23, 0xae, 0xcf, 0x61, 0x75, 0x5e, 0xb7, 0xe0, 0x11, 0xf1, 0x39, 0x92, 0xd1, 0x45, 0xe3, 0x51, + 0xaa, 0xd6, 0x66, 0x46, 0x1e, 0xa6, 0x50, 0xb2, 0x6e, 0xf0, 0x08, 0xc0, 0x8d, 0x09, 0xdc, 0xb1, + 0xf2, 0x95, 0xed, 0x2b, 0xdf, 0x83, 0xa8, 0x8e, 0x9b, 0x0f, 0x8a, 0x05, 0xc5, 0x6b, 0xe0, 0x9b, + 0xc9, 0x64, 0xc1, 0x4c, 0x8e, 0xd9, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, + 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x85, 0xf2, 0xf0, 0xac, 0xc5, 0x37, 0x20, 0x96, 0x5a, 0x1e, + 0xa1, 0x80, 0xf2, 0x06, 0x2f, 0x99, 0xd4, 0x25, 0x5b, 0x37, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb9, 0xd3, + 0x11, 0x9f, 0x0c, 0x71, 0x61, 0x6d, 0xe3, 0xa9, 0xc2, 0xb6, 0x27, 0x6c, 0x53, 0x02, 0x6d, 0x73, + 0x52, 0x0e, 0xfc, 0x8c, 0x44, 0xad, 0x5d, 0x77, 0xed, 0xfe, 0x31, 0x53, 0xbe, 0xcd, 0x02, 0x21, + 0x00, 0xe2, 0xa7, 0x91, 0x40, 0x21, 0x45, 0xc3, 0xb2, 0xe9, 0x54, 0x5d, 0x09, 0xa0, 0x45, 0x4f, + 0xc2, 0x9d, 0x0b, 0xba, 0xee, 0x7a, 0x66, 0xf5, 0xd3, 0x55, 0xd7, 0xf5, 0xab, 0x22, 0xb4, 0xbd, + 0x05, +}; + +static const char test_text[] = "This is the file text"; + +static const char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static const char test_eku_server[] = { + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, +}; + +static const char test_eku_email[] = { + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 +}; + +static const char test_eku_none[] = { + 0x30, 0x00, +}; + +void test_check_file_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *filename, + const char *reference); + +void test_check_data_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *filename, + const void *refdata, + long reflen); + +#ifdef OS_UNIX + +void test_check_symlink_msg (const char *file, + int line, + const char *function, + const char *directory, + const char *name, + const char *destination); + +#endif /* OS_UNIX */ + +p11_dict * test_check_directory_files (const char *file, + ...) GNUC_NULL_TERMINATED; + +void test_check_directory_msg (const char *file, + int line, + const char *function, + const char *directory, + p11_dict *files); + +#define test_check_file(directory, name, reference) \ + (test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference)) + +#define test_check_data(directory, name, data, length) \ + (test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length)) + +#ifdef OS_UNIX + +#define test_check_symlink(directory, name, destination) \ + (test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination)) + +#endif /* OS_UNIX */ + +#define test_check_directory(directory, files) \ + (test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \ + test_check_directory_files files)) + +#endif /* TEST_DATA_H_ */ diff --git a/trust/test-trust.sh b/trust/test-trust.sh new file mode 100644 index 0000000..03f2988 --- /dev/null +++ b/trust/test-trust.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +. "${builddir=.}/test-init.sh" + +test_disable_in_proxy() +{ + : ${PKCS11_TOOL=pkcs11-tool} + if ! (type ${PKCS11_TOOL}) > /dev/null 2>&1; then + skip "pkcs11-tool not found" + fi + : ${PKG_CONFIG=pkg-config} + if ! (type ${PKG_CONFIG}) > /dev/null 2>&1; then + skip "pkg-config not found" + fi + proxy_module=$(${PKG_CONFIG} --variable=proxy_module p11-kit-1) + if ${PKCS11_TOOL} --module="$proxy_module" -T | grep '^ *token model *: *p11-kit-trust' > /dev/null 2>&1; then + assert_fail "p11-kit-trust is not disabled in proxy module" + fi +} + +run test_disable_in_proxy diff --git a/trust/test-utf8.c b/trust/test-utf8.c new file mode 100644 index 0000000..324975d --- /dev/null +++ b/trust/test-utf8.c @@ -0,0 +1,246 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "utf8.h" + +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +static void +test_ucs2be (void) +{ + char *output; + size_t length; + int i; + + struct { + const char *output; + size_t output_len; + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { "This is a test", 14, + { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ', + 0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28, + }, + { "V\303\266gel", 6, + { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10, + }, + { "M\303\244nwich \340\264\205", 12, + { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h', + 0x00, ' ', 0x0D, 0x05 }, 18, + } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs2be (fixtures[i].input, + fixtures[i].input_len, + &length); + + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, output); + free (output); + } +} + +static void +test_ucs2be_fail (void) +{ + char *output; + size_t length; + int i; + + struct { + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs2be (fixtures[i].input, + fixtures[i].input_len, + &length); + assert_ptr_eq (NULL, output); + } +} + +static void +test_ucs4be (void) +{ + char *output; + size_t length; + int i; + + struct { + const char *output; + size_t output_len; + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { "This is a test", 14, + { 0x00, 0x00, 0x00, 'T', + 0x00, 0x00, 0x00, 'h', + 0x00, 0x00, 0x00, 'i', + 0x00, 0x00, 0x00, 's', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x00, 0x00, 'i', + 0x00, 0x00, 0x00, 's', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x00, 0x00, 'a', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x00, 0x00, 't', + 0x00, 0x00, 0x00, 'e', + 0x00, 0x00, 0x00, 's', + 0x00, 0x00, 0x00, 't', + }, 56, + }, + { "Fun \360\220\214\231", 8, + { 0x00, 0x00, 0x00, 'F', + 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', + 0x00, 0x00, 0x00, ' ', + 0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */ + }, 20, + } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs4be (fixtures[i].input, + fixtures[i].input_len, + &length); + + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, output); + + free (output); + } +} + +static void +test_ucs4be_fail (void) +{ + char *output; + size_t length; + int i; + + struct { + const unsigned char input[100]; + size_t input_len; + } fixtures[] = { + { { 0x00, 0x00, 'T', + }, 7 /* truncated */ }, + { { 0x00, 0x00, 0x00, 'F', + 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', + 0x00, 0x00, 0x00, ' ', + 0xD8, 0x00, 0xDF, 0x19, + }, 20, + } + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + output = p11_utf8_for_ucs4be (fixtures[i].input, + fixtures[i].input_len, + &length); + assert_ptr_eq (NULL, output); + } +} + +static void +test_utf8 (void) +{ + bool ret; + int i; + + struct { + const char *input; + size_t input_len; + } fixtures[] = { + { "This is a test", 14 }, + { "Good news everyone", -1 }, + { "Fun \360\220\214\231", -1 }, + { "Fun invalid here: \xfe", 4 }, /* but limited length */ + { "V\303\266gel", 6, }, + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + ret = p11_utf8_validate (fixtures[i].input, + fixtures[i].input_len); + assert_num_eq (true, ret); + } +} + +static void +test_utf8_fail (void) +{ + bool ret; + int i; + + struct { + const char *input; + size_t input_len; + } fixtures[] = { + { "This is a test\x80", 15 }, + { "Good news everyone\x88", -1 }, + { "Bad \xe0v following chars should be |0x80", -1 }, + { "Truncated \xe0", -1 }, + { "Surrogate \xed\xa0\x80", -1, }, + { "Out of range \xf4\x90\x80\x80", -1, }, + }; + + for (i = 0; i < ELEMS (fixtures); i++) { + ret = p11_utf8_validate (fixtures[i].input, + fixtures[i].input_len); + assert_num_eq (false, ret); + } +} + +int +main (int argc, + char *argv[]) +{ + p11_test (test_ucs2be, "/utf8/ucs2be"); + p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail"); + p11_test (test_ucs4be, "/utf8/ucs4be"); + p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail"); + p11_test (test_utf8, "/utf8/utf8"); + p11_test (test_utf8_fail, "/utf8/utf8_fail"); + return p11_test_run (argc, argv); +} diff --git a/trust/test-x509.c b/trust/test-x509.c new file mode 100644 index 0000000..9f7d258 --- /dev/null +++ b/trust/test-x509.c @@ -0,0 +1,416 @@ +/* + * Copyright (c) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "test.h" + +#include "asn1.h" +#include "debug.h" +#include "oid.h" +#include "x509.h" + +#include +#include +#include + +#define ELEMS(x) (sizeof (x) / sizeof (x[0])) + +struct { + p11_dict *asn1_defs; +} test; + +static void +setup (void *unused) +{ + test.asn1_defs = p11_asn1_defs_load (); + assert_ptr_not_null (test.asn1_defs); +} + +static void +teardown (void *unused) +{ + p11_dict_free (test.asn1_defs); + memset (&test, 0, sizeof (test)); +} + +static const char test_ku_ds_and_np[] = { + 0x03, 0x03, 0x07, 0xc0, 0x00, +}; + +static const char test_ku_none[] = { + 0x03, 0x03, 0x07, 0x00, 0x00, +}; + +static const char test_ku_cert_crl_sign[] = { + 0x03, 0x03, 0x07, 0x06, 0x00, +}; + +static const char test_eku_server_and_client[] = { + 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, +}; + +static const char test_eku_none[] = { + 0x30, 0x00, +}; + +static const char test_eku_client_email_and_timestamp[] = { + 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, +}; + +static const unsigned char test_cacert3_ca_der[] = { + 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, + 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, + 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, + 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, + 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, + 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, + 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, + 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, + 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, + 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, + 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, + 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, + 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, + 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, + 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, + 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, + 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, + 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, + 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, + 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, + 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, + 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, + 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, + 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, + 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, + 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, + 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, + 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, + 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, + 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, + 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, + 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, + 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, + 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, + 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, + 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, + 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, + 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, + 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, + 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, + 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, + 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, + 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, + 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, + 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, + 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, + 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, + 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, + 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, + 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, + 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, + 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, + 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, + 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, + 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, + 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, + 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, + 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, + 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, + 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, + 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, + 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, + 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, + 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, + 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, + 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, + 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, + 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, + 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, + 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, + 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, + 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, + 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, + 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, + 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, + 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, + 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, + 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, + 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, + 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, + 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, + 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, + 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, + 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, + 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, + 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, + 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, + 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, + 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, + 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, + 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, + 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, + 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, + 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, + 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, +}; + +struct { + const char *eku; + size_t length; + const char *expected[16]; +} extended_key_usage_fixtures[] = { + { test_eku_server_and_client, sizeof (test_eku_server_and_client), + { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, }, + { test_eku_none, sizeof (test_eku_none), + { NULL, }, }, + { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp), + { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, }, + { NULL }, +}; + +static void +test_parse_extended_key_usage (void) +{ + p11_array *ekus; + int i, j, count; + + for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) { + ekus = p11_x509_parse_extended_key_usage (test.asn1_defs, + (const unsigned char *)extended_key_usage_fixtures[i].eku, + extended_key_usage_fixtures[i].length); + assert_ptr_not_null (ekus); + + for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); + + assert_num_eq (count, ekus->num); + for (j = 0; j < count; j++) + assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); + + p11_array_free (ekus); + } +} + +struct { + const char *ku; + size_t length; + unsigned int expected; +} key_usage_fixtures[] = { + { test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION }, + { test_ku_none, sizeof (test_ku_none), 0 }, + { test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN }, + { NULL }, +}; + +static void +test_parse_key_usage (void) +{ + unsigned int ku; + int i; + bool ret; + + for (i = 0; key_usage_fixtures[i].ku != NULL; i++) { + ku = 0; + + ret = p11_x509_parse_key_usage (test.asn1_defs, + (const unsigned char *)key_usage_fixtures[i].ku, + key_usage_fixtures[i].length, &ku); + assert_num_eq (true, ret); + + assert_num_eq (key_usage_fixtures[i].expected, ku); + } +} + +static void +test_parse_extension (void) +{ + node_asn *cert; + unsigned char *ext; + size_t length; + bool is_ca; + + cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + assert_ptr_not_null (cert); + + ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), + &length); + assert_ptr_not_null (ext); + assert (length > 0); + + asn1_delete_structure (&cert); + + if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) + assert_fail ("failed to parse message", "basic constraints"); + + free (ext); +} +static void +test_parse_extension_not_found (void) +{ + node_asn *cert; + unsigned char *ext; + size_t length; + + cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); + assert_ptr_not_null (cert); + + ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, + test_cacert3_ca_der, sizeof (test_cacert3_ca_der), + &length); + assert_ptr_eq (NULL, ext); + + asn1_delete_structure (&cert); +} + +static void +test_directory_string (void) +{ + struct { + unsigned char input[100]; + int input_len; + char *output; + int output_len; + } fixtures[] = { + /* UTF8String */ + { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, + "\xc3\x84 UTF8 string ", 15, + }, + + /* NumericString */ + { { 0x12, 0x04, '0', '1', '2', '3', }, 6, + "0123", 4, + }, + + /* IA5String */ + { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, + " AB ", 4 + }, + + /* TeletexString */ + { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + "A nice", 7 + }, + + /* PrintableString */ + { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, + "A nice", 7, + }, + + /* UniversalString */ + { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', + 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, + "Fun \xf0\x90\x8c\x99", 8 + }, + + /* BMPString */ + { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, + "V\xc3\xb6gel", 6 + }, + }; + + char *string; + bool unknown; + size_t length; + int i; + + for (i = 0; i < ELEMS (fixtures); i++) { + string = p11_x509_parse_directory_string (fixtures[i].input, + fixtures[i].input_len, + &unknown, &length); + assert_ptr_not_null (string); + assert_num_eq (false, unknown); + + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, string); + free (string); + } +} + +static void +test_directory_string_unknown (void) +{ + /* Not a valid choice in DirectoryString */ + unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; + char *string; + bool unknown = false; + size_t length; + + string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); + assert_ptr_eq (NULL, string); + assert_num_eq (true, unknown); +} + +int +main (int argc, + char *argv[]) +{ + p11_fixture (setup, teardown); + p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage"); + p11_test (test_parse_key_usage, "/x509/parse-key-usage"); + p11_test (test_parse_extension, "/x509/parse-extension"); + p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found"); + + p11_fixture (NULL, NULL); + p11_test (test_directory_string, "/x509/directory-string"); + p11_test (test_directory_string_unknown, "/x509/directory-string-unknown"); + return p11_test_run (argc, argv); +} diff --git a/trust/token.c b/trust/token.c new file mode 100644 index 0000000..8c75d06 --- /dev/null +++ b/trust/token.c @@ -0,0 +1,919 @@ +/* + * Copyright (C) 2012-2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "asn1.h" +#include "attrs.h" +#include "builder.h" +#include "compat.h" +#include "constants.h" +#define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "debug.h" +#include "errno.h" +#include "message.h" +#include "module.h" +#include "parser.h" +#include "path.h" +#include "persist.h" +#include "pkcs11.h" +#include "pkcs11x.h" +#include "save.h" +#include "token.h" + +#include +#include + +#include +#include +#include +#include +#include + +struct _p11_token { + p11_parser *parser; /* Parser we use to load files */ + p11_index *index; /* Index we load objects into */ + p11_builder *builder; /* Expands objects and applies policy */ + p11_dict *loaded; /* stat structs for loaded files, track reloads */ + + char *path; /* Main path to load from */ + char *anchors; /* Path to load anchors from */ + char *blacklist; /* Path to load blacklist from */ + char *label; /* The token label */ + CK_SLOT_ID slot; /* The slot id */ + + bool checked_path; + bool is_writable; + bool make_directory; +}; + +static bool +loader_is_necessary (p11_token *token, + const char *filename, + struct stat *sb) +{ + struct stat *last; + + last = p11_dict_get (token->loaded, filename); + + /* Never seen this before, load it */ + if (last == NULL) + return true; + + /* + * If any of these are different assume that the file + * needs to be reloaded + */ + return (sb->st_mode != last->st_mode || + sb->st_mtime != last->st_mtime || + sb->st_size != last->st_size); +} + +static void +loader_was_loaded (p11_token *token, + const char *filename, + struct stat *sb) +{ + char *key; + + key = strdup (filename); + return_if_fail (key != NULL); + + sb = memdup (sb, sizeof (struct stat)); + return_if_fail (sb != NULL); + + /* Track the info about this file, so we don't reload unnecessarily */ + if (!p11_dict_set (token->loaded, key, sb)) + return_if_reached (); +} + +static bool +loader_not_loaded (p11_token *token, + const char *filename) +{ + /* No longer track info about this file */ + return p11_dict_remove (token->loaded, filename); +} + +static void +loader_gone_file (p11_token *token, + const char *filename) +{ + CK_ATTRIBUTE origin[] = { + { CKA_X_ORIGIN, (void *)filename, strlen (filename) }, + { CKA_INVALID }, + }; + + CK_RV rv; + + p11_index_load (token->index); + + /* Remove everything at this origin */ + rv = p11_index_replace_all (token->index, origin, CKA_INVALID, NULL); + return_if_fail (rv == CKR_OK); + + p11_index_finish (token->index); + + /* No longer track info about this file */ + loader_not_loaded (token, filename); +} + +static int +loader_load_file (p11_token *token, + const char *filename, + struct stat *sb) +{ + CK_ATTRIBUTE origin[] = { + { CKA_X_ORIGIN, (void *)filename, strlen (filename) }, + { CKA_INVALID }, + }; + + p11_array *parsed; + CK_RV rv; + int flags; + int ret; + int i; + + /* Check if this file is already loaded */ + if (!loader_is_necessary (token, filename, sb)) + return 0; + + flags = P11_PARSE_FLAG_NONE; + + /* If it's in the anchors subdirectory, treat as an anchor */ + if (p11_path_prefix (filename, token->anchors)) + flags = P11_PARSE_FLAG_ANCHOR; + + /* If it's in the blacklist subdirectory, treat as a blacklist */ + else if (p11_path_prefix (filename, token->blacklist)) + flags = P11_PARSE_FLAG_BLACKLIST; + + /* If the token is just one path, then assume they are anchors */ + else if (strcmp (filename, token->path) == 0 && !S_ISDIR (sb->st_mode)) + flags = P11_PARSE_FLAG_ANCHOR; + + ret = p11_parse_file (token->parser, filename, sb, flags); + + switch (ret) { + case P11_PARSE_SUCCESS: + p11_debug ("loaded: %s", filename); + break; + case P11_PARSE_UNRECOGNIZED: + p11_debug ("skipped: %s", filename); + loader_gone_file (token, filename); + return 0; + default: + p11_debug ("failed to parse: %s", filename); + loader_gone_file (token, filename); + return -1; + } + + /* Update each parsed object with the origin */ + parsed = p11_parser_parsed (token->parser); + for (i = 0; i < parsed->num; i++) { + parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL); + return_val_if_fail (parsed->elem[i] != NULL, -1); + } + + p11_index_load (token->index); + + /* Now place all of these in the index */ + rv = p11_index_replace_all (token->index, origin, CKA_CLASS, parsed); + + p11_index_finish (token->index); + + if (rv != CKR_OK) { + p11_message ("couldn't load file into objects: %s", filename); + return -1; + } + + loader_was_loaded (token, filename, sb); + return 1; +} + +static int +loader_load_if_file (p11_token *token, + const char *path) +{ + struct stat sb; + + if (stat (path, &sb) < 0) { + if (errno != ENOENT) + p11_message_err (errno, "couldn't stat path: %d: %s", errno, path); + + } else if (!S_ISDIR (sb.st_mode)) { + return loader_load_file (token, path, &sb); + } + + /* Perhaps the file became unloadable, so track properly */ + loader_gone_file (token, path); + return 0; +} + +static int +loader_load_directory (p11_token *token, + const char *directory, + p11_dict *present) +{ + p11_dictiter iter; + struct dirent *dp; + char *path; + int total = 0; + int ret; + DIR *dir; + + /* First we load all the modules */ + dir = opendir (directory); + if (!dir) { + p11_message_err (errno, "couldn't list directory: %s", directory); + loader_not_loaded (token, directory); + return 0; + } + + while ((dp = readdir (dir)) != NULL) { + path = p11_path_build (directory, dp->d_name, NULL); + return_val_if_fail (path != NULL, -1); + + ret = loader_load_if_file (token, path); + if (ret >= 0) + total += ret; + + /* Make note that this file was seen */ + p11_dict_remove (present, path); + + free (path); + } + + closedir (dir); + + /* All other files that were present, not here now */ + p11_dict_iterate (present, &iter); + while (p11_dict_next (&iter, (void **)&path, NULL)) + loader_gone_file (token, path); + + return total; +} + +static int +loader_load_path (p11_token *token, + const char *path, + bool *is_dir) +{ + p11_dictiter iter; + p11_dict *present; + char *filename; + struct stat sb; + int total; + int ret; + + if (stat (path, &sb) < 0) { + if (errno != ENOENT) + p11_message_err (errno, "cannot access trust certificate path: %s", path); + loader_gone_file (token, path); + *is_dir = false; + ret = 0; + + } else if (S_ISDIR (sb.st_mode)) { + *is_dir = true; + ret = 0; + + /* All the files we know about at this path */ + present = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); + p11_dict_iterate (token->loaded, &iter); + while (p11_dict_next (&iter, (void **)&filename, NULL)) { + if (p11_path_prefix (filename, path)) { + if (!p11_dict_set (present, filename, filename)) + return_val_if_reached (-1); + } + } + + /* If the directory has changed, reload it */ + if (loader_is_necessary (token, path, &sb)) { + ret = loader_load_directory (token, path, present); + + /* Directory didn't change, but maybe files changed? */ + } else { + total = 0; + p11_dict_iterate (present, &iter); + while (p11_dict_next (&iter, (void **)&filename, NULL)) { + ret = loader_load_if_file (token, filename); + if (ret >= 0) + total += ret; + } + } + + p11_dict_free (present); + loader_was_loaded (token, path, &sb); + + } else { + *is_dir = false; + ret = loader_load_file (token, path, &sb); + } + + return ret; +} + +static int +load_builtin_objects (p11_token *token) +{ + CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST; + CK_BBOOL vtrue = CK_TRUE; + CK_BBOOL vfalse = CK_FALSE; + CK_RV rv; + + const char *trust_anchor_roots = "Trust Anchor Roots"; + CK_ATTRIBUTE builtin_root_list[] = { + { CKA_CLASS, &builtin, sizeof (builtin) }, + { CKA_TOKEN, &vtrue, sizeof (vtrue) }, + { CKA_PRIVATE, &vfalse, sizeof (vfalse) }, + { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) }, + { CKA_LABEL, (void *)trust_anchor_roots, strlen (trust_anchor_roots) }, + { CKA_INVALID }, + }; + + p11_index_load (token->index); + rv = p11_index_take (token->index, p11_attrs_dup (builtin_root_list), NULL); + return_val_if_fail (rv == CKR_OK, 0); + p11_index_finish (token->index); + return 1; +} + +int +p11_token_load (p11_token *token) +{ + int total = 0; + bool is_dir; + int ret; + + ret = loader_load_path (token, token->path, &is_dir); + if (ret >= 0) + total += ret; + + if (is_dir) { + ret = loader_load_path (token, token->anchors, &is_dir); + if (ret >= 0) + total += ret; + + ret = loader_load_path (token, token->blacklist, &is_dir); + if (ret >= 0) + total += ret; + } + + return total; +} + +bool +p11_token_reload (p11_token *token, + CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE *attr; + struct stat sb; + char *origin; + bool ret; + + attr = p11_attrs_find (attrs, CKA_X_ORIGIN); + if (attr == NULL) + return false; + + origin = strndup (attr->pValue, attr->ulValueLen); + return_val_if_fail (origin != NULL, false); + + if (stat (origin, &sb) < 0) { + if (errno == ENOENT) { + loader_gone_file (token, origin); + } else { + p11_message_err (errno, "cannot access trust file: %s", origin); + } + ret = false; + + } else { + ret = loader_load_file (token, origin, &sb) > 0; + } + + free (origin); + return ret; +} + +static bool +check_directory (const char *path, + bool *make_directory, + bool *is_writable) +{ + struct stat sb; + char *parent; + bool dummy; + bool ret; + + /* + * This function attempts to determine whether a later write + * to this token will succeed so we can setup the appropriate + * token flags. Yes, it is racy, but that's inherent to the problem. + */ + + if (stat (path, &sb) == 0) { + *make_directory = false; + *is_writable = S_ISDIR (sb.st_mode) && access (path, W_OK) == 0; + return true; + } + + switch (errno) { + case EACCES: + *is_writable = false; + *make_directory = false; + return true; + case ENOENT: + *make_directory = true; + parent = p11_path_parent (path); + if (parent == NULL) + ret = false; + else + ret = check_directory (parent, &dummy, is_writable); + free (parent); + return ret; + default: + p11_message_err (errno, "couldn't access: %s", path); + return false; + } +} + +static bool +check_token_directory (p11_token *token) +{ + if (!token->checked_path) { + token->checked_path = check_directory (token->path, + &token->make_directory, + &token->is_writable); + } + + return token->checked_path; +} + +static bool +writer_remove_origin (p11_token *token, + CK_ATTRIBUTE *origin) +{ + bool ret = true; + char *path; + + path = strndup (origin->pValue, origin->ulValueLen); + return_val_if_fail (path != NULL, false); + + if (unlink (path) < 0) { + p11_message_err (errno, "couldn't remove file: %s", path); + ret = false; + } + + free (path); + return ret; +} + +static p11_save_file * +writer_overwrite_origin (p11_token *token, + CK_ATTRIBUTE *origin) +{ + p11_save_file *file; + char *path; + + path = strndup (origin->pValue, origin->ulValueLen); + return_val_if_fail (path != NULL, NULL); + + file = p11_save_open_file (path, NULL, P11_SAVE_OVERWRITE); + free (path); + + return file; +} + +static char * +writer_suggest_name (CK_ATTRIBUTE *attrs) +{ + CK_ATTRIBUTE *label; + CK_OBJECT_CLASS klass; + const char *nick; + + label = p11_attrs_find (attrs, CKA_LABEL); + if (label && label->ulValueLen) + return strndup (label->pValue, label->ulValueLen); + + nick = NULL; + if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass)) + nick = p11_constant_nick (p11_constant_classes, klass); + if (nick == NULL) + nick = "object"; + return strdup (nick); +} + +static p11_save_file * +writer_create_origin (p11_token *token, + CK_ATTRIBUTE *attrs) +{ + p11_save_file *file; + char *name; + char *path; + + name = writer_suggest_name (attrs); + return_val_if_fail (name != NULL, NULL); + + p11_path_canon (name); + + path = p11_path_build (token->path, name, NULL); + free (name); + + file = p11_save_open_file (path, ".p11-kit", P11_SAVE_UNIQUE); + free (path); + + return file; +} + +static CK_RV +writer_put_header (p11_save_file *file) +{ + const char *header = + "# This file has been auto-generated and written by p11-kit. Changes will be\n" + "# unceremoniously overwritten.\n" + "#\n" + "# The format is designed to be somewhat human readable and debuggable, and a\n" + "# bit transparent but it is not encouraged to read/write this format from other\n" + "# applications or tools without first discussing this at the the mailing list:\n" + "#\n" + "# p11-glue@lists.freedesktop.org\n" + "#\n"; + + if (!p11_save_write (file, header, -1)) + return CKR_FUNCTION_FAILED; + + return CKR_OK; +} + +static CK_RV +writer_put_object (p11_save_file *file, + p11_persist *persist, + p11_buffer *buffer, + CK_ATTRIBUTE *attrs) +{ + if (!p11_buffer_reset (buffer, 0)) + assert_not_reached (); + if (!p11_persist_write (persist, attrs, buffer)) + return_val_if_reached (CKR_GENERAL_ERROR); + if (!p11_save_write (file, buffer->data, buffer->len)) + return CKR_FUNCTION_FAILED; + + return CKR_OK; +} + +static bool +mkdir_with_parents (const char *path) +{ + char *parent; + bool ret; + +#ifdef OS_UNIX + int mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; + if (mkdir (path, mode) == 0) +#else + if (mkdir (path) == 0) +#endif + return true; + + switch (errno) { + case ENOENT: + parent = p11_path_parent (path); + if (parent != NULL) { + ret = mkdir_with_parents (parent); + free (parent); + if (ret == true) { +#ifdef OS_UNIX + if (mkdir (path, mode) == 0) +#else + if (mkdir (path) == 0) +#endif + return true; + } + } + /* fall through */ + default: + p11_message_err (errno, "couldn't create directory: %s", path); + return false; + } +} + +static CK_RV +on_index_build (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE *merge, + CK_ATTRIBUTE **extra) +{ + p11_token *token = data; + return p11_builder_build (token->builder, index, attrs, merge, extra); +} + +static CK_RV +on_index_store (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE **attrs) +{ + p11_token *token = data; + CK_OBJECT_HANDLE *other; + p11_persist *persist; + p11_buffer buffer; + CK_ATTRIBUTE *origin; + CK_ATTRIBUTE *object; + p11_save_file *file; + bool creating = false; + char *path; + CK_RV rv; + int i; + + /* Signifies that data is being loaded, don't write out */ + if (p11_index_loading (index)) + return CKR_OK; + + if (!check_token_directory (token)) + return CKR_FUNCTION_FAILED; + + if (token->make_directory) { + if (!mkdir_with_parents (token->path)) + return CKR_FUNCTION_FAILED; + token->make_directory = false; + } + + /* Do we already have a filename? */ + origin = p11_attrs_find (*attrs, CKA_X_ORIGIN); + if (origin == NULL) { + file = writer_create_origin (token, *attrs); + creating = true; + other = NULL; + + } else { + other = p11_index_find_all (index, origin, 1); + file = writer_overwrite_origin (token, origin); + creating = false; + } + + if (file == NULL) { + free (origin); + free (other); + return CKR_GENERAL_ERROR; + } + + persist = p11_persist_new (); + p11_buffer_init (&buffer, 1024); + + rv = writer_put_header (file); + if (rv == CKR_OK) + rv = writer_put_object (file, persist, &buffer, *attrs); + + for (i = 0; rv == CKR_OK && other && other[i] != 0; i++) { + if (other[i] != handle) { + object = p11_index_lookup (index, other[i]); + if (object != NULL) + rv = writer_put_object (file, persist, &buffer, object); + } + } + + p11_buffer_uninit (&buffer); + p11_persist_free (persist); + free (other); + + if (rv == CKR_OK) { + if (!p11_save_finish_file (file, &path, true)) + rv = CKR_FUNCTION_FAILED; + else if (creating) + *attrs = p11_attrs_take (*attrs, CKA_X_ORIGIN, path, strlen (path)); + else + free (path); + } else { + p11_save_finish_file (file, NULL, false); + } + + return rv; +} + +static CK_RV +on_index_remove (void *data, + p11_index *index, + CK_ATTRIBUTE *attrs) +{ + p11_token *token = data; + CK_OBJECT_HANDLE *other; + p11_persist *persist; + p11_buffer buffer; + CK_ATTRIBUTE *origin; + CK_ATTRIBUTE *object; + p11_save_file *file; + CK_RV rv = CKR_OK; + int i; + + /* Signifies that data is being loaded, don't write out */ + if (p11_index_loading (index)) + return CKR_OK; + + if (!check_token_directory (token)) + return CKR_FUNCTION_FAILED; + + /* We should have a file name */ + origin = p11_attrs_find (attrs, CKA_X_ORIGIN); + return_val_if_fail (origin != NULL, CKR_GENERAL_ERROR); + + /* If there are other objects in this file, then rewrite it */ + other = p11_index_find_all (index, origin, 1); + if (other && other[0]) { + file = writer_overwrite_origin (token, origin); + if (file == NULL) { + free (other); + return CKR_GENERAL_ERROR; + } + + persist = p11_persist_new (); + p11_buffer_init (&buffer, 1024); + + rv = writer_put_header (file); + for (i = 0; rv == CKR_OK && other && other[i] != 0; i++) { + object = p11_index_lookup (index, other[i]); + if (object != NULL) + rv = writer_put_object (file, persist, &buffer, object); + } + + if (rv == CKR_OK) { + if (!p11_save_finish_file (file, NULL, true)) + rv = CKR_FUNCTION_FAILED; + } else { + p11_save_finish_file (file, NULL, false); + } + + p11_persist_free (persist); + p11_buffer_uninit (&buffer); + + /* Otherwise just remove the file */ + } else { + if (!writer_remove_origin (token, origin)) + rv = CKR_FUNCTION_FAILED; + } + + free (other); + + return rv; +} + +static void +on_index_notify (void *data, + p11_index *index, + CK_OBJECT_HANDLE handle, + CK_ATTRIBUTE *attrs) +{ + p11_token *token = data; + p11_builder_changed (token->builder, index, handle, attrs); +} + +void +p11_token_free (p11_token *token) +{ + if (!token) + return; + + p11_index_free (token->index); + p11_parser_free (token->parser); + p11_builder_free (token->builder); + p11_dict_free (token->loaded); + free (token->path); + free (token->anchors); + free (token->blacklist); + free (token->label); + free (token); +} + +p11_token * +p11_token_new (CK_SLOT_ID slot, + const char *path, + const char *label, + int flags) +{ + p11_token *token; + + return_val_if_fail (path != NULL, NULL); + return_val_if_fail (label != NULL, NULL); + + token = calloc (1, sizeof (p11_token)); + return_val_if_fail (token != NULL, NULL); + + token->builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN); + if (token->builder == NULL) { + p11_token_free (token); + return_val_if_reached (NULL); + } + + token->index = p11_index_new (on_index_build, + on_index_store, + on_index_remove, + on_index_notify, + token); + return_val_if_fail (token->index != NULL, NULL); + + token->parser = p11_parser_new (p11_builder_get_cache (token->builder)); + return_val_if_fail (token->parser != NULL, NULL); + p11_parser_formats (token->parser, p11_parser_format_persist, + p11_parser_format_x509, p11_parser_format_pem, NULL); + + token->loaded = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); + return_val_if_fail (token->loaded != NULL, NULL); + + token->path = p11_path_expand (path); + return_val_if_fail (token->path != NULL, NULL); + + token->anchors = p11_path_build (token->path, "anchors", NULL); + return_val_if_fail (token->anchors != NULL, NULL); + + token->blacklist = p11_path_build (token->path, "blacklist", NULL); + return_val_if_fail (token->blacklist != NULL, NULL); + + token->label = strdup (label); + return_val_if_fail (token->label != NULL, NULL); + + token->slot = slot; + + if (flags & P11_TOKEN_FLAG_WRITE_PROTECTED) { + token->checked_path = true; + token->make_directory = false; + token->is_writable = false; + } + + load_builtin_objects (token); + + p11_debug ("token: %s: %s", token->label, token->path); + return token; +} + +const char * +p11_token_get_label (p11_token *token) +{ + return_val_if_fail (token != NULL, NULL); + return token->label; +} + +const char * +p11_token_get_path (p11_token *token) +{ + return_val_if_fail (token != NULL, NULL); + return token->path; +} + +CK_SLOT_ID +p11_token_get_slot (p11_token *token) +{ + return_val_if_fail (token != NULL, 0); + return token->slot; +} + +p11_index * +p11_token_index (p11_token *token) +{ + return_val_if_fail (token != NULL, NULL); + return token->index; +} + +p11_parser * +p11_token_parser (p11_token *token) +{ + return_val_if_fail (token != NULL, NULL); + return token->parser; +} + +bool +p11_token_is_writable (p11_token *token) +{ + if (!check_token_directory (token)) + return false; + return token->is_writable; +} diff --git a/trust/token.h b/trust/token.h new file mode 100644 index 0000000..87641d0 --- /dev/null +++ b/trust/token.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_TOKEN_H_ +#define P11_TOKEN_H_ + +#include "dict.h" +#include "index.h" +#include "parser.h" +#include "pkcs11.h" + +enum { + P11_TOKEN_FLAG_NONE = 0, + P11_TOKEN_FLAG_WRITE_PROTECTED = 1 << 0, +}; + +typedef struct _p11_token p11_token; + +p11_token * p11_token_new (CK_SLOT_ID slot, + const char *path, + const char *label, + int flags); + +void p11_token_free (p11_token *token); + +int p11_token_load (p11_token *token); + +bool p11_token_reload (p11_token *token, + CK_ATTRIBUTE *attrs); + +p11_index * p11_token_index (p11_token *token); + +p11_parser * p11_token_parser (p11_token *token); + +const char * p11_token_get_path (p11_token *token); + +const char * p11_token_get_label (p11_token *token); + +CK_SLOT_ID p11_token_get_slot (p11_token *token); + +bool p11_token_is_writable (p11_token *token); + +#endif /* P11_TOKEN_H_ */ diff --git a/trust/trust-extract-compat.in b/trust/trust-extract-compat.in new file mode 100755 index 0000000..b1b7a08 --- /dev/null +++ b/trust/trust-extract-compat.in @@ -0,0 +1,32 @@ +#!/bin/sh + +# This script is a placeholder designed to be replaced when this software +# has been customized for distribution. It should be symlinked linked to the +# distribution's update-ca-certificates or update-ca-trust command as +# appropriate. In the future this script will be called when the PKCS#11 +# trust module is used to modify trust anchors and related data. + +if [ $# -ne 0 ]; then + echo "usage: trust extract-compat" >&2 + exit 2 +fi + +uid=$(id -u) +if [ "$uid" != 0 ]; then + echo "trust: running as non-root user: skip extracting compat bundles" >&2 + exit 0 +fi + +echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2 + +# You can use commands like this to extract data from trust modules +# into appropriate locations for your distribution. +# +# trust extract --format=openssl-bundle --filter=ca-anchors \ +# --overwrite /tmp/openssl-bundle.pem +# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \ +# --purpose server-auth /tmp/server-auth-bundle.pem +# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \ +# --purpose server-auth /tmp/cacerts + +exit 1 diff --git a/trust/trust.c b/trust/trust.c new file mode 100644 index 0000000..64eddae --- /dev/null +++ b/trust/trust.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "anchor.h" +#include "dump.h" +#include "extract.h" +#include "list.h" + +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "path.h" +#include "tool.h" + +#include +#include +#include +#include +#include +#include +#include + +static const p11_tool_command commands[] = { + { "list", p11_trust_list, "List trust or certificates" }, + { "extract", p11_trust_extract, "Extract certificates and trust" }, + { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" }, + { "anchor", p11_trust_anchor, "Add, remove, change trust anchors" }, + { "dump", p11_trust_dump, "Dump trust objects in internal format" }, + { 0, } +}; + +int +main (int argc, + char *argv[]) +{ + return p11_tool_main (argc, argv, commands); +} diff --git a/trust/types.h b/trust/types.h new file mode 100644 index 0000000..64a92b1 --- /dev/null +++ b/trust/types.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef TYPES_H_ +#define TYPES_H_ 1 + +#include "pkcs11x.h" + +/* + * A boolean value which denotes whether we auto generated + * this object, as opposed to coming from outside the builder. + * + * We set this on all objects. It will always be either CK_TRUE + * or CK_FALSE for all objects built by this builder. + */ +#define CKA_X_GENERATED (CKA_X_VENDOR + 8000) + +/* + * A string pointing to the filename from which this was loaded. + */ +#define CKA_X_ORIGIN (CKA_X_VENDOR + 8001) + +#endif /* TYPES_H_ */ diff --git a/trust/utf8.c b/trust/utf8.c new file mode 100644 index 0000000..8d1c6ce --- /dev/null +++ b/trust/utf8.c @@ -0,0 +1,335 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "buffer.h" +#include "debug.h" +#include "utf8.h" + +#include +#include +#include +#include + +/* + * Some parts come from FreeBSD utf8.c + * + * Copyright (c) 2002-2004 Tim J. Robbins + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +static ssize_t +utf8_to_uchar (const char *str, + size_t len, + uint32_t *uc) +{ + int ch, i, mask, want; + uint32_t lbound, uch; + + assert (str != NULL); + assert (len > 0); + assert (uc != NULL); + + if (((ch = (unsigned char)*str) & ~0x7f) == 0) { + /* Fast path for plain ASCII characters. */ + *uc = ch; + return 1; + } + + /* + * Determine the number of octets that make up this character + * from the first octet, and a mask that extracts the + * interesting bits of the first octet. We already know + * the character is at least two bytes long. + * + * We also specify a lower bound for the character code to + * detect redundant, non-"shortest form" encodings. For + * example, the sequence C0 80 is _not_ a legal representation + * of the null character. This enforces a 1-to-1 mapping + * between character codes and their multibyte representations. + */ + ch = (unsigned char)*str; + if ((ch & 0xe0) == 0xc0) { + mask = 0x1f; + want = 2; + lbound = 0x80; + } else if ((ch & 0xf0) == 0xe0) { + mask = 0x0f; + want = 3; + lbound = 0x800; + } else if ((ch & 0xf8) == 0xf0) { + mask = 0x07; + want = 4; + lbound = 0x10000; + } else if ((ch & 0xfc) == 0xf8) { + mask = 0x03; + want = 5; + lbound = 0x200000; + } else if ((ch & 0xfe) == 0xfc) { + mask = 0x01; + want = 6; + lbound = 0x4000000; + } else { + /* + * Malformed input; input is not UTF-8. + */ + return -1; + } + + if (want > len) { + /* Incomplete multibyte sequence. */ + return -1; + } + + /* + * Decode the octet sequence representing the character in chunks + * of 6 bits, most significant first. + */ + uch = (unsigned char)*str++ & mask; + for (i = 1; i < want; i++) { + if ((*str & 0xc0) != 0x80) { + /* + * Malformed input; bad characters in the middle + * of a character. + */ + return -1; + } + uch <<= 6; + uch |= *str++ & 0x3f; + } + if (uch < lbound) { + /* + * Malformed input; redundant encoding. + */ + return -1; + } + if ((uch >= 0xd800 && uch <= 0xdfff) || uch > 0x10ffff) { + /* + * Malformed input; invalid code points. + */ + return -1; + } + + *uc = uch; + return want; +} + +static size_t +utf8_for_uchar (uint32_t uc, + char *str, + size_t len) +{ + unsigned char lead; + int i, want; + + assert (str != NULL); + assert (len >= 6); + + if ((uc & ~0x7f) == 0) { + /* Fast path for plain ASCII characters. */ + *str = (char)uc; + return 1; + } + + /* + * Determine the number of octets needed to represent this character. + * We always output the shortest sequence possible. Also specify the + * first few bits of the first octet, which contains the information + * about the sequence length. + */ + if ((uc & ~0x7ff) == 0) { + lead = 0xc0; + want = 2; + } else if ((uc & ~0xffff) == 0) { + lead = 0xe0; + want = 3; + } else if ((uc & ~0x1fffff) == 0) { + lead = 0xf0; + want = 4; + } else if ((uc & ~0x3ffffff) == 0) { + lead = 0xf8; + want = 5; + } else if ((uc & ~0x7fffffff) == 0) { + lead = 0xfc; + want = 6; + } else { + return -1; + } + + assert (want <= len); + + /* + * Output the octets representing the character in chunks + * of 6 bits, least significant last. The first octet is + * a special case because it contains the sequence length + * information. + */ + for (i = want - 1; i > 0; i--) { + str[i] = (uc & 0x3f) | 0x80; + uc >>= 6; + } + *str = (uc & 0xff) | lead; + return want; +} + +static ssize_t +ucs2be_to_uchar (const unsigned char *str, + size_t len, + uint32_t *wc) +{ + assert (str != NULL); + assert (len != 0); + assert (wc != NULL); + + if (len < 2) + return -1; + + *wc = (str[0] << 8 | str[1]); + return 2; +} + +static ssize_t +ucs4be_to_uchar (const unsigned char *str, + size_t len, + uint32_t *uc) +{ + assert (str != NULL); + assert (len != 0); + assert (uc != NULL); + + if (len < 4) + return -1; + + *uc = ((uint32_t) str[0] << 24 | str[1] << 16 | str[2] << 8 | str[3]); + return 4; +} + +bool +p11_utf8_validate (const char *str, + ssize_t len) +{ + uint32_t dummy; + ssize_t ret; + + if (len < 0) + len = strlen (str); + + while (len > 0) { + ret = utf8_to_uchar (str, len, &dummy); + if (ret < 0) + return false; + str += ret; + len -= ret; + } + + return true; +} + +static char * +utf8_for_convert (ssize_t (* convert) (const unsigned char *, size_t, uint32_t *), + const unsigned char *str, + size_t num_bytes, + size_t *ret_len) +{ + p11_buffer buf; + char block[6]; + uint32_t uc; + ssize_t ret; + + assert (convert); + + if (!p11_buffer_init_null (&buf, num_bytes)) + return_val_if_reached (NULL); + + while (num_bytes != 0) { + ret = (convert) (str, num_bytes, &uc); + if (ret < 0) { + p11_buffer_uninit (&buf); + return NULL; + } + + str += ret; + num_bytes -= ret; + + ret = utf8_for_uchar (uc, block, 6); + if (ret < 0) { + p11_buffer_uninit (&buf); + return NULL; + } + p11_buffer_add (&buf, block, ret); + } + + return_val_if_fail (p11_buffer_ok (&buf), NULL); + return p11_buffer_steal (&buf, ret_len); +} + +char * +p11_utf8_for_ucs2be (const unsigned char *str, + size_t num_bytes, + size_t *ret_len) +{ + assert (str != NULL); + return utf8_for_convert (ucs2be_to_uchar, str, num_bytes, ret_len); +} + +char * +p11_utf8_for_ucs4be (const unsigned char *str, + size_t num_bytes, + size_t *ret_len) +{ + assert (str != NULL); + return utf8_for_convert (ucs4be_to_uchar, str, num_bytes, ret_len); +} diff --git a/trust/utf8.h b/trust/utf8.h new file mode 100644 index 0000000..8efa66f --- /dev/null +++ b/trust/utf8.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_UTF8_H_ +#define P11_UTF8_H_ + +#include "compat.h" + +#include + +bool p11_utf8_validate (const char *str, + ssize_t len); + +char * p11_utf8_for_ucs2be (const unsigned char *str, + size_t num_bytes, + size_t *ret_len); + +char * p11_utf8_for_ucs4be (const unsigned char *str, + size_t num_bytes, + size_t *ret_len); + +#endif /* P11_UTF8_H_ */ diff --git a/trust/x509.c b/trust/x509.c new file mode 100644 index 0000000..079730a --- /dev/null +++ b/trust/x509.c @@ -0,0 +1,370 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "asn1.h" +#define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "debug.h" +#include "digest.h" +#include "oid.h" +#include "utf8.h" +#include "x509.h" + +#include +#include + +unsigned char * +p11_x509_find_extension (node_asn *cert, + const unsigned char *oid, + const unsigned char *der, + size_t der_len, + size_t *ext_len) +{ + char field[128]; + int start; + int end; + int ret; + int i; + + return_val_if_fail (cert != NULL, NULL); + return_val_if_fail (oid != NULL, NULL); + return_val_if_fail (ext_len != NULL, NULL); + + for (i = 1; ; i++) { + if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0) + return_val_if_reached (NULL); + + ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end); + + /* No more extensions */ + if (ret == ASN1_ELEMENT_NOT_FOUND) + break; + + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + /* Make sure it's a straightforward oid with certain assumptions */ + if (!p11_oid_simple (der + start, (end - start) + 1)) + continue; + + /* The one we're lookin for? */ + if (!p11_oid_equal (der + start, oid)) + continue; + + if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0) + return_val_if_reached (NULL); + + return p11_asn1_read (cert, field, ext_len); + } + + return NULL; +} + +bool +p11_x509_hash_subject_public_key (node_asn *cert, + const unsigned char *der, + size_t der_len, + unsigned char *keyid) +{ + int start, end; + size_t len; + int ret; + + return_val_if_fail (cert != NULL, false); + return_val_if_fail (der != NULL, false); + + ret = asn1_der_decoding_startEnd (cert, der, der_len, "tbsCertificate.subjectPublicKeyInfo", &start, &end); + return_val_if_fail (ret == ASN1_SUCCESS, false); + return_val_if_fail (end >= start, false); + + len = (end - start) + 1; + p11_digest_sha1 (keyid, (der + start), len, NULL); + return true; +} + +unsigned char * +p11_x509_parse_subject_key_identifier (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len, + size_t *keyid_len) +{ + unsigned char *keyid; + node_asn *ext; + + return_val_if_fail (keyid_len != NULL, false); + + ext = p11_asn1_decode (asn1_defs, "PKIX1.SubjectKeyIdentifier", ext_der, ext_len, NULL); + if (ext == NULL) + return NULL; + + keyid = p11_asn1_read (ext, "", keyid_len); + return_val_if_fail (keyid != NULL, NULL); + + asn1_delete_structure (&ext); + + return keyid; +} + +bool +p11_x509_parse_basic_constraints (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len, + bool *is_ca) +{ + char buffer[8]; + node_asn *ext; + int ret; + int len; + + return_val_if_fail (is_ca != NULL, false); + + ext = p11_asn1_decode (asn1_defs, "PKIX1.BasicConstraints", ext_der, ext_len, NULL); + if (ext == NULL) + return false; + + len = sizeof (buffer); + ret = asn1_read_value (ext, "cA", buffer, &len); + + /* Default value for cA is FALSE */ + if (ret == ASN1_ELEMENT_NOT_FOUND) { + *is_ca = false; + + } else { + return_val_if_fail (ret == ASN1_SUCCESS, false); + *is_ca = (strcmp (buffer, "TRUE") == 0); + } + + asn1_delete_structure (&ext); + + return true; +} + +bool +p11_x509_parse_key_usage (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len, + unsigned int *ku) +{ + char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; + unsigned char buf[2]; + node_asn *ext; + int len; + int ret; + + ext = p11_asn1_decode (asn1_defs, "PKIX1.KeyUsage", ext_der, ext_len, message); + if (ext == NULL) + return false; + + len = sizeof (buf); + ret = asn1_read_value (ext, "", buf, &len); + return_val_if_fail (ret == ASN1_SUCCESS, false); + + /* A bit string, so combine into one set of flags */ + *ku = buf[0] | (buf[1] << 8); + + asn1_delete_structure (&ext); + + return true; +} + +p11_array * +p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len) +{ + node_asn *asn; + char field[128]; + p11_array *ekus; + size_t len; + char *eku; + int i; + + asn = p11_asn1_decode (asn1_defs, "PKIX1.ExtKeyUsageSyntax", ext_der, ext_len, NULL); + if (asn == NULL) + return NULL; + + ekus = p11_array_new (free); + + for (i = 1; ; i++) { + if (snprintf (field, sizeof (field), "?%u", i) < 0) + return_val_if_reached (NULL); + + eku = p11_asn1_read (asn, field, &len); + if (eku == NULL) + break; + + eku[len] = 0; + + /* If it's our reserved OID, then skip */ + if (strcmp (eku, P11_OID_RESERVED_PURPOSE_STR) == 0) { + free (eku); + continue; + } + + if (!p11_array_push (ekus, eku)) + return_val_if_reached (NULL); + } + + asn1_delete_structure (&asn); + + return ekus; +} + +char * +p11_x509_parse_directory_string (const unsigned char *input, + size_t input_len, + bool *unknown_string, + size_t *string_len) +{ + unsigned long tag; + unsigned char cls; + int tag_len; + int len_len; + const void *octets; + long octet_len; + int ret; + + ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag); + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len); + return_val_if_fail (octet_len >= 0, false); + return_val_if_fail (tag_len + len_len + octet_len == input_len, NULL); + + octets = input + tag_len + len_len; + + if (unknown_string) + *unknown_string = false; + + /* The following strings are the ones we normalize */ + switch (tag) { + case 12: /* UTF8String */ + case 18: /* NumericString */ + case 22: /* IA5String */ + case 20: /* TeletexString */ + case 19: /* PrintableString */ + if (!p11_utf8_validate (octets, octet_len)) + return NULL; + if (string_len) + *string_len = octet_len; + return strndup (octets, octet_len); + + case 28: /* UniversalString */ + return p11_utf8_for_ucs4be (octets, octet_len, string_len); + + case 30: /* BMPString */ + return p11_utf8_for_ucs2be (octets, octet_len, string_len); + + /* Just pass through all the non-string types */ + default: + if (unknown_string) + *unknown_string = true; + return NULL; + } + +} + +char * +p11_x509_parse_dn_name (p11_dict *asn_defs, + const unsigned char *der, + size_t der_len, + const unsigned char *oid) +{ + node_asn *asn; + char *part; + + asn = p11_asn1_decode (asn_defs, "PKIX1.Name", der, der_len, NULL); + if (asn == NULL) + return NULL; + + part = p11_x509_lookup_dn_name (asn, NULL, der, der_len, oid); + asn1_delete_structure (&asn); + return part; +} + +char * +p11_x509_lookup_dn_name (node_asn *asn, + const char *dn_field, + const unsigned char *der, + size_t der_len, + const unsigned char *oid) +{ + unsigned char *value; + char field[128]; + size_t value_len; + char *part; + int i, j; + int start; + int end; + int ret; + + for (i = 1; true; i++) { + for (j = 1; true; j++) { + snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.type", + dn_field, dn_field ? "." : "", i, j); + + ret = asn1_der_decoding_startEnd (asn, der, der_len, field, &start, &end); + + /* No more dns */ + if (ret == ASN1_ELEMENT_NOT_FOUND) + break; + + return_val_if_fail (ret == ASN1_SUCCESS, NULL); + + /* Make sure it's a straightforward oid with certain assumptions */ + if (!p11_oid_simple (der + start, (end - start) + 1)) + continue; + + /* The one we're lookin for? */ + if (!p11_oid_equal (der + start, oid)) + continue; + + snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.value", + dn_field, dn_field ? "." : "", i, j); + + value = p11_asn1_read (asn, field, &value_len); + return_val_if_fail (value != NULL, NULL); + + part = p11_x509_parse_directory_string (value, value_len, NULL, NULL); + free (value); + + return part; + } + + if (j == 1) + break; + } + + return NULL; +} diff --git a/trust/x509.h b/trust/x509.h new file mode 100644 index 0000000..45fa628 --- /dev/null +++ b/trust/x509.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include + +#include "array.h" +#include "dict.h" + +#ifndef P11_X509_H_ +#define P11_X509_H_ + +unsigned char * p11_x509_find_extension (node_asn *cert, + const unsigned char *oid, + const unsigned char *der, + size_t der_len, + size_t *ext_len); + +bool p11_x509_hash_subject_public_key (node_asn *cert, + const unsigned char *der, + size_t der_len, + unsigned char *keyid); + +bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len, + bool *is_ca); + +bool p11_x509_parse_key_usage (p11_dict *asn1_defs, + const unsigned char *data, + size_t length, + unsigned int *ku); + +p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len); + +unsigned char * p11_x509_parse_subject_key_identifier (p11_dict *asn1_defs, + const unsigned char *ext_der, + size_t ext_len, + size_t *keyid_len); + +char * p11_x509_parse_dn_name (p11_dict *asn_defs, + const unsigned char *der, + size_t der_len, + const unsigned char *oid); + +char * p11_x509_lookup_dn_name (node_asn *asn, + const char *dn_field, + const unsigned char *der, + size_t der_len, + const unsigned char *oid); + +char * p11_x509_parse_directory_string (const unsigned char *input, + size_t input_len, + bool *unknown_string, + size_t *string_len); + +#endif /* P11_X509_H_ */