diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2017-06-08 10:10:29 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2017-06-08 10:10:29 +0000 |
| commit | 8cb9f5acecaded019a9a55454a31dcf4328d0d1b (patch) | |
| tree | 7c69e28b9b9b5ac2d9f928324a663becf2efa2d7 /usr/src/man/man3lib/libpkcs11.3lib | |
| parent | 3a5445f1b9d90e4f1538503bd60913c8f302c17f (diff) | |
| parent | 79809f9cf402f130667349b2d4007ecd65d63c6f (diff) | |
| download | illumos-joyent-8cb9f5acecaded019a9a55454a31dcf4328d0d1b.tar.gz | |
[illumos-gate merge]release-20170608
commit 79809f9cf402f130667349b2d4007ecd65d63c6f
8269 dtrace stddev aggregation is normalized incorrectly
commit 22c8b9583d07895c16549075a53668d7bc988cf3
8108 zdb -l fails to read labels 2 and 3
commit 0255edcc85fc0cd1dda0e49bcd52eb66c06a1b16
8056 zfs send size estimate is inaccurate for some zvols
commit dbfd9f930004c390a2ce2cf850c71b4f880eef9c
8156 dbuf_evict_notify() does not need dbuf_evict_lock
commit 690031d326342fa4ea28b5e80f1ad6a16281519d
8168 NULL pointer dereference in zfs_create()
commit 7c4ab494ff60bbbcc0889e71388ae63e903bbf57
8276 rpcbind leaks memory due to libumem per thread caching.
commit f176a0a4cd61cbd708a7f25dc30d221f4d5902ba
8270 dnlc_reverse_lookup() is unsafe at any speed
commit 72d3dbb9ab4481606cb93caca98ba3b3a8eb6ce2
8300 fix man page issues found by mandoc 1.14.1
commit cb4d790db8fe85bce9f9647fe4e1bdc274c7af1c
8337 gss: misleading-indentation
commit f53522305c07915a44e86f2455cc62e7aac27037
8324 more: misleading-indentation
Conflicts:
usr/src/uts/common/fs/lookup.c
usr/src/man/man3c/thrd_equal.3c
Diffstat (limited to 'usr/src/man/man3lib/libpkcs11.3lib')
| -rw-r--r-- | usr/src/man/man3lib/libpkcs11.3lib | 76 |
1 files changed, 43 insertions, 33 deletions
diff --git a/usr/src/man/man3lib/libpkcs11.3lib b/usr/src/man/man3lib/libpkcs11.3lib index fb9581ee80..b065411f3c 100644 --- a/usr/src/man/man3lib/libpkcs11.3lib +++ b/usr/src/man/man3lib/libpkcs11.3lib @@ -26,20 +26,23 @@ slots. .Lp The .Nm -library provides a special slot called the meta slot. The -meta slot provides a virtual union of capabilities of all other slots. When -available, the meta slot is always the first slot provided by +library provides a special slot called the meta slot. +The meta slot provides a virtual union of capabilities of all other slots. +When available, the meta slot is always the first slot provided by .Nm . .Lp The meta slot feature can be configured either system-wide or by individual -users. System-wide configuration for meta slot features is done with the +users. +System-wide configuration for meta slot features is done with the .Xr cryptoadm 1M -utility. User configuration for meta slot features is -performed with environment variables. +utility. +User configuration for meta slot features is performed with environment +variables. .Lp -By default, the following is the system-wide configuration for meta slot. Meta -slot is enabled. Meta slot provides token-based object support with the -Software RSA PKCS#11 softtoken +By default, the following is the system-wide configuration for meta slot. +Meta slot is enabled. +Meta slot provides token-based object support with the Software RSA PKCS#11 +softtoken .Pf ( Xr pkcs11_softtoken 5 ) . Meta slot is allowed to move sensitive token objects to other slots if that is necessary to @@ -52,12 +55,13 @@ The .Ev ${METASLOT_OBJECTSTORE_SLOT} and .Ev ${METASLOT_OBJECTSTORE_TOKEN} -environment variables are used to specify an alternate token object store. A -user can specify either slot-description in +environment variables are used to specify an alternate token object store. +A user can specify either slot-description in .Ev ${METASLOT_OBJECTSTORE_SLOT} or token-label in -.Ev ${METASLOT_OBJECTSTORE_TOKEN} , or both. Valid values -for slot-description and token-label are available from output of the command: +.Ev ${METASLOT_OBJECTSTORE_TOKEN} , or both. +Valid values for slot-description and token-label are available from output of +the command: .Bd -literal -offset indent # cryptoadm list -v .Ed @@ -65,29 +69,32 @@ for slot-description and token-label are available from output of the command: The .Ev ${METASLOT_ENABLED} environment variable is used to specify whether -the user wants to turn the metaslot feature on or off. Only two values are -recognized. The value "true" means meta slot will be on. The value "false" -means meta slot will be off. +the user wants to turn the metaslot feature on or off. +Only two values are recognized. +The value "true" means meta slot will be on. +The value "false" means meta slot will be off. .Lp The .Ev ${METASLOT_AUTO_KEY_MIGRATE} environment variable is used to specify whether the user wants sensitive token objects to move to other slots for -cryptographic operations. Only two values are recognized. The value "true" -means meta slot will migrate sensitive token objects to other slots if -necessary. The value "false" means meta slot will not migrate sensitive token -objects to other slots even if it is necessary. +cryptographic operations. +Only two values are recognized. +The value "true" means meta slot will migrate sensitive token objects to other +slots if necessary. +The value "false" means meta slot will not migrate sensitive token objects to +other slots even if it is necessary. .Lp When the meta slot feature is enabled, the slot that provides token-based -object support is not shown as one of the available slots. All of its -functionality can be used with the meta slot. +object support is not shown as one of the available slots. +All of its functionality can be used with the meta slot. .Lp This library filters the list of mechanisms available from plug-ins based on the policy set by .Xr cryptoadm 1M . .Lp -This library provides entry points for all PKCS#11 v2.40 functions. See the -PKCS#11 v2.40 specifications at +This library provides entry points for all PKCS#11 v2.40 functions. +See the PKCS#11 v2.40 specifications at .Lk http://www.oasis-open.org. .Lp Plug-ins are added to @@ -123,16 +130,18 @@ utility. .Lp The .In security/pkcs11f.h -header contains function definitions. The +header contains function definitions. +The .In security/pkcs11t.h -header contains type definitions. Applications can -include either of these headers in place of +header contains type definitions. +Applications can include either of these headers in place of .In security/pkcs11.h , which contains both function and type definitions. .Sh INTERFACES The shared object .Lb libpkcs11.so.1 -provides the public interfaces defined below. See +provides the public interfaces defined below. +See .Xr Intro 3 for additional information on shared object interfaces. .Ss "PKCS#11 Standard" @@ -193,10 +202,10 @@ for descriptions of the following attributes: .Sh INTERFACE STABILITY .Sy Committed .Sh MT-LEVEL -The SUNW Extension functions are MT-Safe. The PKCS#11 Standard functions are -MT-Safe with exceptions. See Section 2.5.3 of PKCS#11 Cryptographic Token Usage -Guide v2.40 and Section 5.1.5 of PKCS#11 Cryptographic Token Interface Base -Standard v2.40 +The SUNW Extension functions are MT-Safe. +The PKCS#11 Standard functions are MT-Safe with exceptions. +See Section 2.5.3 of PKCS#11 Cryptographic Token Usage Guide v2.40 and +Section 5.1.5 of PKCS#11 Cryptographic Token Interface Base Standard v2.40 .Sh STANDARD The PKCS#11 Standard functions conform to PKCS#11 Cryptographic Token Interface Profiles v2.40 Extended Provider. @@ -228,7 +237,8 @@ without the .Dv CKF_DONT_BLOCK flag set, .Nm -must create threads internally. If, however, +must create threads internally. +If, however, .Dv CKF_LIBRARY_CANT_CREATE_OS_THREADS is set, .Fn C_WaitForSlotEvent |