[pkg-opensc-commit] [libp11] 36/86: ATFORK checks moved into a separate file
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:20 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 1a82499c69f75ee87c47d5bf273a3fb5e526bd21
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Fri Feb 5 22:54:11 2016 +0100
ATFORK checks moved into a separate file
---
src/Makefile.am | 4 +-
src/Makefile.mak | 2 +-
src/libp11-int.h | 168 +++++++++++++++++----
src/libp11.h | 8 +-
src/p11_cert.c | 10 +-
src/p11_ec.c | 144 +++++++++++++++++-
src/p11_front.c | 453 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/p11_key.c | 47 ++----
src/p11_load.c | 13 +-
src/p11_misc.c | 111 --------------
src/p11_ops.c | 334 ----------------------------------------
src/p11_rsa.c | 168 ++++++++++++++++++++-
src/p11_slot.c | 65 ++------
13 files changed, 940 insertions(+), 587 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 7183381..e1ace15 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -10,8 +10,8 @@ engines_LTLIBRARIES = libpkcs11.la
pkgconfig_DATA = libp11.pc
libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_key.c \
- p11_load.c p11_misc.c p11_ops.c p11_rsa.c p11_ec.c p11_slot.c \
- libp11.exports atfork.c
+ p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_slot.c p11_front.c \
+ atfork.c libp11.exports
if WIN32
libp11_la_SOURCES += libp11.rc
else
diff --git a/src/Makefile.mak b/src/Makefile.mak
index 96e9683..7f23509 100644
--- a/src/Makefile.mak
+++ b/src/Makefile.mak
@@ -4,7 +4,7 @@ TOPDIR = ..
LIBP11_OBJECTS = libpkcs11.obj p11_attr.obj p11_cert.obj \
p11_err.obj p11_key.obj p11_load.obj p11_misc.obj p11_rsa.obj \
- p11_ec.obj p11_slot.obj p11_ops.obj
+ p11_ec.obj p11_slot.obj p11_front.obj
LIBP11_LIB = libp11.lib
LIBP11_TARGET = libp11.dll
diff --git a/src/libp11-int.h b/src/libp11-int.h
index a2c0533..2fab1d1 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -53,9 +53,6 @@ typedef struct pkcs11_ctx_private {
} PKCS11_CTX_private;
#define PRIVCTX(ctx) ((PKCS11_CTX_private *) ((ctx)->_private))
-int check_fork(PKCS11_CTX *);
-#define CHECK_FORK(ctx) if (check_fork(ctx) < 0) return -1
-
typedef struct pkcs11_slot_private {
PKCS11_CTX *parent;
unsigned char haveSession, loggedIn;
@@ -74,12 +71,6 @@ typedef struct pkcs11_slot_private {
#define PRIVSLOT(slot) ((PKCS11_SLOT_private *) ((slot)->_private))
#define SLOT2CTX(slot) (PRIVSLOT(slot)->parent)
-int check_slot_fork(PKCS11_SLOT *);
-#define CHECK_SLOT_FORK(slot_ctx) if (check_slot_fork(slot_ctx) < 0) return -1
-
-int check_key_fork(PKCS11_KEY *);
-#define CHECK_KEY_FORK(key) if (check_key_fork(key) < 0) return -1
-
typedef struct pkcs11_keys {
int num;
PKCS11_KEY *keys;
@@ -199,28 +190,153 @@ extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *);
extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *);
extern void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR, unsigned int);
-int PKCS11_reopen_session(PKCS11_SLOT * slot);
-int PKCS11_relogin(PKCS11_SLOT * slot);
+int pkcs11_reopen_session(PKCS11_SLOT * slot);
+int pkcs11_relogin(PKCS11_SLOT * slot);
extern PKCS11_KEY_ops pkcs11_rsa_ops;
extern PKCS11_KEY_ops *pkcs11_ec_ops;
-#if OPENSSL_VERSION_NUMBER >= 0x10100002L
-/**
- * @param out returned secret
- * @param outlen length of returned secret
- * @param ecdh_mechanism CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE or others in future
- * @param ec_params ptr to CK_ECDH1_DERIVE_PARAMS or in future CK_ECMQV_DERIVE_PARAMS
- * @param outnewkey ptr to CK_OBJECT_HANDLE
- * @param key optional returned private key object
- */
+/* Internal implementation of current features */
+
+/* Allocate the context */
+extern PKCS11_CTX *pkcs11_CTX_new(void);
+
+/* Specify any private PKCS#11 module initialization args, if necessary */
+extern void pkcs11_CTX_init_args(PKCS11_CTX * ctx, const char * init_args);
+
+/* Load a PKCS#11 module */
+extern int pkcs11_CTX_load(PKCS11_CTX * ctx, const char * ident);
+
+/* Reinitialize a PKCS#11 module (after a fork) */
+extern int pkcs11_CTX_reload(PKCS11_CTX * ctx);
+
+/* Unload a PKCS#11 module */
+extern void pkcs11_CTX_unload(PKCS11_CTX * ctx);
+
+/* Free a libp11 context */
+extern void pkcs11_CTX_free(PKCS11_CTX * ctx);
+
+/* Open a session in RO or RW mode */
+extern int pkcs11_open_session(PKCS11_SLOT * slot, int rw, int relogin);
+
+/* Get a list of all slots */
+extern int pkcs11_enumerate_slots(PKCS11_CTX * ctx,
+ PKCS11_SLOT **slotsp, unsigned int *nslotsp);
+
+/* Get the slot_id from a slot as it is stored in private */
+extern unsigned long pkcs11_get_slotid_from_slot(PKCS11_SLOT *slot);
+
+/* Free the list of slots allocated by PKCS11_enumerate_slots() */
+extern void pkcs11_release_all_slots(PKCS11_CTX * ctx,
+ PKCS11_SLOT *slots, unsigned int nslots);
+
+/* Find the first slot with a token */
+extern PKCS11_SLOT *pkcs11_find_token(PKCS11_CTX * ctx,
+ PKCS11_SLOT *slots, unsigned int nslots);
+
+/* Check if user is already authenticated to a card */
+extern int pkcs11_is_logged_in(PKCS11_SLOT * slot, int so, int * res);
+
+/* Authenticate to the card */
+extern int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin);
+
+/* De-authenticate from the card */
+extern int pkcs11_logout(PKCS11_SLOT * slot);
+
+/* Get a list of keys associated with this token */
+extern int pkcs11_enumerate_keys(PKCS11_TOKEN *token, unsigned int type,
+ PKCS11_KEY **keys, unsigned int *nkeys);
+
+/* Get the key type (as EVP_PKEY_XXX) */
+extern int pkcs11_get_key_type(PKCS11_KEY *key);
+
+/* Returns a EVP_PKEY object for the private key */
+extern EVP_PKEY *pkcs11_get_private_key(PKCS11_KEY *key);
+
+/* Returns a EVP_PKEY object with the public key */
+extern EVP_PKEY *pkcs11_get_public_key(PKCS11_KEY *key);
+
+/* Find the corresponding certificate (if any) */
+extern PKCS11_CERT *pkcs11_find_certificate(PKCS11_KEY *key);
+
+/* Find the corresponding key (if any) */
+extern PKCS11_KEY *pkcs11_find_key(PKCS11_CERT *cert);
+
+/* Find the corresponding key (if any) pub <-> priv base on ID */
+extern PKCS11_KEY *pkcs11_find_key_from_key(PKCS11_KEY *key);
+
+/* Get a list of all certificates associated with this token */
+extern int pkcs11_enumerate_certs(PKCS11_TOKEN *token,
+ PKCS11_CERT **certs, unsigned int *ncerts);
+
+/* Initialize a token */
+extern int pkcs11_init_token(PKCS11_TOKEN * token, const char *pin,
+ const char *label);
+
+/* Initialize the user PIN on a token */
+extern int pkcs11_init_pin(PKCS11_TOKEN * token, const char *pin);
+
+/* Change the user PIN on a token */
+extern int pkcs11_change_pin(PKCS11_SLOT * slot,
+ const char *old_pin, const char *new_pin);
+
+/* Store private key on a token */
+extern int pkcs11_store_private_key(PKCS11_TOKEN * token,
+ EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len);
+
+/* Store public key on a token */
+extern int pkcs11_store_public_key(PKCS11_TOKEN * token,
+ EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len);
+
+/* Store certificate on a token */
+extern int pkcs11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
+ char *label, unsigned char *id, size_t id_len,
+ PKCS11_CERT **ret_cert);
+
+/* Access the random number generator */
+extern int pkcs11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
+extern int pkcs11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
+
+/* Internal implementation of deprecated features */
+
+/* Sign with the EC private key */
+extern int pkcs11_ecdsa_sign(
+ const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key);
+
+/* Generate and store a private key on the token */
+extern int pkcs11_generate_key(PKCS11_TOKEN * token,
+ int algorithm, unsigned int bits,
+ char *label, unsigned char* id, size_t id_len);
+
+/* Get the RSA key modulus size (in bytes) */
+extern int pkcs11_get_key_size(PKCS11_KEY *);
+
+/* Get the RSA key modules as BIGNUM */
+extern int pkcs11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
+
+/* Get the RSA key public exponent as BIGNUM */
+extern int pkcs11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
+
+/* Sign with the RSA private key */
+extern int pkcs11_sign(int type,
+ const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key);
+
+/* This function has never been implemented */
+extern int pkcs11_verify(int type,
+ const unsigned char *m, unsigned int m_len,
+ unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
+
+/* Encrypts data using the private key */
+extern int pkcs11_private_encrypt(
+ int flen, const unsigned char *from,
+ unsigned char *to, PKCS11_KEY * rsa, int padding);
-extern int pkcs11_ecdh_derive_internal(unsigned char **out, size_t *out_len,
- const unsigned long ecdh_mechanism,
- const void * ec_params,
- void * outnewkey, /* CK_OBJECT_HANDLE */
- PKCS11_KEY * key);
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10100002L */
+/* Decrypts data using the private key */
+extern int pkcs11_private_decrypt(
+ int flen, const unsigned char *from,
+ unsigned char *to, PKCS11_KEY * key, int padding);
#endif
diff --git a/src/libp11.h b/src/libp11.h
index 83aa11e..d9ae6aa 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -120,7 +120,7 @@ typedef struct PKCS11_ctx_st {
extern PKCS11_CTX *PKCS11_CTX_new(void);
/**
- * Specify any private PKCS#11 module initializtion args, if necessary
+ * Specify any private PKCS#11 module initialization args, if necessary
*
* @return none
*/
@@ -363,8 +363,8 @@ extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
PKCS11_CERT **ret_cert);
/* Access the random number generator */
-extern int PKCS11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
-extern int PKCS11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
+extern int PKCS11_seed_random(PKCS11_SLOT *slot, const unsigned char *s, unsigned int s_len);
+extern int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_len);
/*
* PKCS#11 implementation for OpenSSL methods
@@ -427,7 +427,7 @@ P11_DEPRECATED_FUNC extern int PKCS11_generate_key(PKCS11_TOKEN * token,
char *label, unsigned char* id, size_t id_len);
/* Get the RSA key modulus size (in bytes) */
-P11_DEPRECATED_FUNC extern int PKCS11_get_key_size(const PKCS11_KEY *);
+P11_DEPRECATED_FUNC extern int PKCS11_get_key_size(PKCS11_KEY *);
/* Get the RSA key modules as BIGNUM */
P11_DEPRECATED_FUNC extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
diff --git a/src/p11_cert.c b/src/p11_cert.c
index fc3a710..a63fde3 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -33,8 +33,7 @@ static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
/*
* Enumerate all certs on the card
*/
-int
-PKCS11_enumerate_certs(PKCS11_TOKEN * token,
+int pkcs11_enumerate_certs(PKCS11_TOKEN * token,
PKCS11_CERT ** certp, unsigned int *countp)
{
PKCS11_SLOT *slot = TOKEN2SLOT(token);
@@ -66,7 +65,7 @@ PKCS11_enumerate_certs(PKCS11_TOKEN * token,
/*
* Find certificate matching a key
*/
-PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
+PKCS11_CERT *pkcs11_find_certificate(PKCS11_KEY * key)
{
PKCS11_KEY_private *kpriv;
PKCS11_CERT_private *cpriv;
@@ -237,8 +236,7 @@ void pkcs11_destroy_certs(PKCS11_TOKEN * token)
/*
* Store certificate
*/
-int
-PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
+int pkcs11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
unsigned char *id, size_t id_len, PKCS11_CERT ** ret_cert)
{
PKCS11_SLOT *slot = TOKEN2SLOT(token);
@@ -249,8 +247,6 @@ PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
unsigned int n = 0;
int rv;
- CHECK_SLOT_FORK(slot);
-
/* First, make sure we have a session */
if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 1))
return -1;
diff --git a/src/p11_ec.c b/src/p11_ec.c
index ae22b90..134c0b2 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -42,8 +42,146 @@
#error "BUILD_WITH_ECS_LOCL_H is no longer supported"
#endif
-#if !defined(LIBP11_BUILD_WITHOUT_ECDSA)
+#if OPENSSL_VERSION_NUMBER >= 0x10100002L
+/* initial code will only support what is needed for pkcs11_ec_ckey
+ * i.e. CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE
+ * and CK_EC_KDF_TYPE supported by token
+ * The secret key object is deleted
+ *
+ * In future CKM_ECMQV_DERIVE with CK_ECMQV_DERIVE_PARAMS
+ * could also be supported, and the secret key object could be returned.
+ */
+static int pkcs11_ecdh_derive_internal(unsigned char **out, size_t *outlen,
+ const unsigned long ecdh_mechanism,
+ const void * ec_params,
+ void *outnewkey,
+ PKCS11_KEY * key)
+{
+ PKCS11_SLOT *slot = KEY2SLOT(key);
+ PKCS11_CTX *ctx = KEY2CTX(key);
+ PKCS11_TOKEN *token = KEY2TOKEN(key);
+ PKCS11_KEY_private *kpriv = PRIVKEY(key);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+ CK_MECHANISM mechanism;
+ int rv;
+ int ret = -1;
+ unsigned char * buf = NULL;
+ size_t buflen;
+
+ CK_BBOOL true = TRUE;
+ CK_BBOOL false = FALSE;
+ CK_OBJECT_HANDLE newkey = CK_INVALID_HANDLE;
+ CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
+ CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
+ CK_OBJECT_HANDLE * tmpnewkey = (CK_OBJECT_HANDLE *)outnewkey;
+ CK_ATTRIBUTE newkey_template[] = {
+ {CKA_TOKEN, &false, sizeof(false)}, /* session only object */
+ {CKA_CLASS, &newkey_class, sizeof(newkey_class)},
+ {CKA_KEY_TYPE, &newkey_type, sizeof(newkey_type)},
+ {CKA_ENCRYPT, &true, sizeof(true)},
+ {CKA_DECRYPT, &true, sizeof(true)}
+ };
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = ecdh_mechanism;
+ mechanism.pParameter = (void*)ec_params;
+ switch (ecdh_mechanism) {
+ case CKM_ECDH1_DERIVE:
+ case CKM_ECDH1_COFACTOR_DERIVE:
+ mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
+ break;
+// case CK_ECMQV_DERIVE_PARAMS:
+// mechanism.ulParameterLen = sizeof(CK_ECMQV_DERIVE_PARAMS);
+// break;
+ default:
+ PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, PKCS11_NOT_SUPPORTED);
+ goto err;
+ }
+
+ rv = CRYPTOKI_call(ctx, C_DeriveKey(spriv->session, &mechanism, kpriv->object, newkey_template, 5, &newkey));
+ if (rv) {
+ PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, pkcs11_map_err(rv));
+ goto err;
+ }
+
+ /* Return the value of the secret key and/or the object handle of the secret key */
+ /* pkcs11_ec_ckey only asks for the value */
+
+ if (out && outlen) {
+ /* get size of secret key value */
+ if (!pkcs11_getattr_var(token, newkey, CKA_VALUE, NULL, &buflen)
+ && buflen > 0) {
+ buf = OPENSSL_malloc(buflen);
+ if (buf == NULL) {
+ PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
+ pkcs11_map_err(CKR_HOST_MEMORY));
+ goto err;
+ }
+ } else {
+ PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
+ pkcs11_map_err(CKR_ATTRIBUTE_VALUE_INVALID));
+ goto err;
+ }
+
+ pkcs11_getattr_var(token, newkey, CKA_VALUE, buf, &buflen);
+ *out = buf;
+ *outlen = buflen;
+ buf = NULL;
+ }
+
+ /* not used by pkcs11_ec_ckey for future use */
+ if (tmpnewkey) {
+ *tmpnewkey = newkey;
+ newkey = CK_INVALID_HANDLE;
+ }
+
+ ret = 1;
+err:
+ if (buf)
+ OPENSSL_free(buf);
+ if (newkey != CK_INVALID_HANDLE && spriv->session != CK_INVALID_HANDLE)
+ CRYPTOKI_call(ctx, C_DestroyObject(spriv->session, newkey));
+
+ return ret;
+}
+#endif
+
+/* Signature size is the issue, will assume the caller has a big buffer! */
+/* No padding or other stuff needed. We can call PKCS11 from here */
+int
+pkcs11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key)
+{
+ int rv;
+ PKCS11_SLOT *slot = KEY2SLOT(key);
+ PKCS11_CTX *ctx = KEY2CTX(key);
+ PKCS11_KEY_private *kpriv = PRIVKEY(key);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+ CK_MECHANISM mechanism;
+ CK_ULONG ck_sigsize;
+
+ ck_sigsize = *siglen;
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = CKM_ECDSA;
+
+ pkcs11_w_lock(PRIVSLOT(slot)->lockid);
+ rv = CRYPTOKI_call(ctx, C_SignInit(spriv->session, &mechanism, kpriv->object)) ||
+ CRYPTOKI_call(ctx,
+ C_Sign(spriv->session, (CK_BYTE *) m, m_len, sigret, &ck_sigsize));
+ pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
+
+ if (rv) {
+ PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));
+ return -1;
+ }
+ *siglen = ck_sigsize;
+
+ return ck_sigsize;
+}
+
+#if !defined(LIBP11_BUILD_WITHOUT_ECDSA)
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
static EC_KEY_METHOD *ops = NULL;
@@ -105,7 +243,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY * key)
}
/* Now get the ec_point */
- pubkey = key->isPrivate ? PKCS11_find_key_from_key(key) : key;
+ pubkey = key->isPrivate ? pkcs11_find_key_from_key(key) : key;
if (pubkey) {
ckrv = key_getattr_var(pubkey, CKA_EC_POINT, NULL, &ec_pointlen);
if (ckrv == CKR_OK && ec_pointlen > 0) {
@@ -195,7 +333,7 @@ static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
siglen = sizeof(sigret);
- rv = PKCS11_ecdsa_sign(dgst, dlen, sigret, &siglen, key);
+ rv = pkcs11_ecdsa_sign(dgst, dlen, sigret, &siglen, key);
nLen = siglen / 2;
if (rv > 0) {
sig = ECDSA_SIG_new();
diff --git a/src/p11_front.c b/src/p11_front.c
new file mode 100644
index 0000000..ddf6ba8
--- /dev/null
+++ b/src/p11_front.c
@@ -0,0 +1,453 @@
+/* libp11, a simple layer on to of PKCS#11 API
+ * Copyright (C) 2016 Michał Trojnara <Michal.Trojnara at stunnel.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include "libp11-int.h"
+
+/* The following exported functions are *not* implemented here:
+ * ERR_load_PKCS11_strings
+ * PKCS11_get_rsa_method
+ * PKCS11_get_ecdsa_method
+ * PKCS11_ecdsa_method_free
+ * PKCS11_get_ec_key_method
+ */
+
+/*
+ * PKCS#11 reinitialization after fork
+ * It wipes out the internal state of the PKCS#11 library
+ * Any libp11 references to this state are no longer valid
+ */
+static int check_fork_int(PKCS11_CTX *ctx)
+{
+ PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+
+ if (_P11_detect_fork(cpriv->forkid)) {
+ if (pkcs11_CTX_reload(ctx) < 0)
+ return -1;
+ cpriv->forkid = _P11_get_forkid();
+ }
+ return 0;
+}
+
+/*
+ * PKCS#11 reinitialization after fork
+ * Also relogins and reopens the session if needed
+ */
+static int check_slot_fork_int(PKCS11_SLOT *slot)
+{
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+ PKCS11_CTX *ctx = SLOT2CTX(slot);
+ PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+
+ if (check_fork_int(SLOT2CTX(slot)) < 0)
+ return -1;
+ if (spriv->forkid != cpriv->forkid) {
+ if (spriv->loggedIn) {
+ int saved = spriv->haveSession;
+ spriv->haveSession = 0;
+ spriv->loggedIn = 0;
+ if (pkcs11_relogin(slot) < 0)
+ return -1;
+ spriv->haveSession = saved;
+ }
+ if (spriv->haveSession) {
+ spriv->haveSession = 0;
+ if (pkcs11_reopen_session(slot) < 0)
+ return -1;
+ }
+ spriv->forkid = cpriv->forkid;
+ }
+ return 0;
+}
+
+/*
+ * PKCS#11 reinitialization after fork
+ * Also reloads the key
+ */
+static int check_key_fork_int(PKCS11_KEY *key)
+{
+ PKCS11_SLOT *slot = KEY2SLOT(key);
+ PKCS11_KEY_private *kpriv = PRIVKEY(key);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+
+ if (check_slot_fork_int(slot) < 0)
+ return -1;
+ if (spriv->forkid != kpriv->forkid) {
+ pkcs11_reload_key(key);
+ kpriv->forkid = spriv->forkid;
+ }
+ return 0;
+}
+
+/*
+ * Locking interface to check_fork_int()
+ */
+static int check_fork(PKCS11_CTX *ctx)
+{
+ PKCS11_CTX_private *cpriv;
+ int rv;
+
+ if (ctx == NULL)
+ return -1;
+ cpriv = PRIVCTX(ctx);
+ pkcs11_w_lock(cpriv->lockid);
+ rv = check_fork_int(ctx);
+ pkcs11_w_unlock(cpriv->lockid);
+ return rv;
+}
+
+/*
+ * Locking interface to check_slot_fork_int()
+ */
+static int check_slot_fork(PKCS11_SLOT *slot)
+{
+ PKCS11_CTX_private *cpriv;
+ int rv;
+
+ if (slot == NULL)
+ return -1;
+ cpriv = PRIVCTX(SLOT2CTX(slot));
+ pkcs11_w_lock(cpriv->lockid);
+ rv = check_slot_fork_int(slot);
+ pkcs11_w_unlock(cpriv->lockid);
+ return rv;
+}
+
+/*
+ * Reinitialize token (just its slot)
+ */
+static int check_token_fork(PKCS11_TOKEN *token)
+{
+ if (token == NULL)
+ return -1;
+ return check_slot_fork(TOKEN2SLOT(token));
+}
+
+/*
+ * Locking interface to check_key_fork_int()
+ */
+static int check_key_fork(PKCS11_KEY *key)
+{
+ PKCS11_CTX_private *cpriv;
+ int rv;
+
+ if (key == NULL)
+ return -1;
+ cpriv = PRIVCTX(KEY2CTX(key));
+ CRYPTO_w_lock(cpriv->lockid);
+ rv = check_key_fork_int(key);
+ CRYPTO_w_unlock(cpriv->lockid);
+ return rv;
+}
+
+/*
+ * Reinitialize cert (just its token)
+ */
+static int check_cert_fork(PKCS11_CERT *cert)
+{
+ if (cert == NULL)
+ return -1;
+ return check_token_fork(CERT2TOKEN(cert));
+}
+
+/* External interface to the libp11 features */
+
+PKCS11_CTX *pkcs11_CTX_new(void)
+{
+ return pkcs11_CTX_new();
+}
+
+void PKCS11_CTX_init_args(PKCS11_CTX *ctx, const char *init_args)
+{
+ if (check_fork(ctx) < 0)
+ return;
+ pkcs11_CTX_init_args(ctx, init_args);
+}
+
+int PKCS11_CTX_load(PKCS11_CTX *ctx, const char *ident)
+{
+ if (check_fork(ctx) < 0)
+ return -1;
+ return pkcs11_CTX_load(ctx, ident);
+}
+
+void PKCS11_CTX_unload(PKCS11_CTX *ctx)
+{
+ if (check_fork(ctx) < 0)
+ return;
+ pkcs11_CTX_unload(ctx);
+}
+
+void PKCS11_CTX_free(PKCS11_CTX *ctx)
+{
+ if (check_fork(ctx) < 0)
+ return;
+ pkcs11_CTX_free(ctx);
+}
+
+int PKCS11_open_session(PKCS11_SLOT *slot, int rw)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_open_session(slot, rw, 0);
+}
+
+int PKCS11_enumerate_slots(PKCS11_CTX *ctx,
+ PKCS11_SLOT **slotsp, unsigned int *nslotsp)
+{
+ if (check_fork(ctx) < 0)
+ return -1;
+ return pkcs11_enumerate_slots(ctx, slotsp, nslotsp);
+}
+
+unsigned long PKCS11_get_slotid_from_slot(PKCS11_SLOT *slot)
+{
+ if (check_slot_fork(slot) < 0)
+ return 0L;
+ return pkcs11_get_slotid_from_slot(slot);
+}
+
+void PKCS11_release_all_slots(PKCS11_CTX *ctx,
+ PKCS11_SLOT *slots, unsigned int nslots)
+{
+ if (check_fork(ctx) < 0)
+ return;
+ pkcs11_release_all_slots(ctx, slots, nslots);
+}
+
+PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX *ctx,
+ PKCS11_SLOT *slots, unsigned int nslots)
+{
+ if (check_fork(ctx) < 0)
+ return NULL;
+ return pkcs11_find_token(ctx, slots, nslots);
+}
+
+int PKCS11_is_logged_in(PKCS11_SLOT *slot, int so, int *res)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_is_logged_in(slot, so, res);
+}
+
+int PKCS11_login(PKCS11_SLOT *slot, int so, const char *pin)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_login(slot, so, pin, 0);
+}
+
+int PKCS11_logout(PKCS11_SLOT *slot)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_logout(slot);
+}
+
+int PKCS11_enumerate_keys(PKCS11_TOKEN *token,
+ PKCS11_KEY **keys, unsigned int *nkeys)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_enumerate_keys(token, CKO_PRIVATE_KEY, keys, nkeys);
+}
+
+int PKCS11_enumerate_public_keys(PKCS11_TOKEN *token,
+ PKCS11_KEY **keys, unsigned int *nkeys)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_enumerate_keys(token, CKO_PUBLIC_KEY, keys, nkeys);
+}
+
+int PKCS11_get_key_type(PKCS11_KEY *key)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_get_key_type(key);
+}
+
+EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key)
+{
+ if (check_key_fork(key) < 0)
+ return NULL;
+ return pkcs11_get_private_key(key);
+}
+
+EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key)
+{
+ if (check_key_fork(key) < 0)
+ return NULL;
+ return pkcs11_get_public_key(key);
+}
+
+PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *key)
+{
+ if (check_key_fork(key) < 0)
+ return NULL;
+ return pkcs11_find_certificate(key);
+}
+
+PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
+{
+ if (check_cert_fork(cert) < 0)
+ return NULL;
+ return pkcs11_find_key(cert);
+}
+
+int PKCS11_enumerate_certs(PKCS11_TOKEN *token,
+ PKCS11_CERT **certs, unsigned int *ncerts)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_enumerate_certs(token, certs, ncerts);
+}
+
+int PKCS11_init_token(PKCS11_TOKEN *token, const char *pin,
+ const char *label)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_init_token(token, pin, label);
+}
+
+int PKCS11_init_pin(PKCS11_TOKEN *token, const char *pin)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_init_pin(token, pin);
+}
+
+int PKCS11_change_pin(PKCS11_SLOT *slot,
+ const char *old_pin, const char *new_pin)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_change_pin(slot, old_pin, new_pin);
+}
+
+int PKCS11_store_private_key(PKCS11_TOKEN *token,
+ EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_store_private_key(token, pk, label, id, id_len);
+}
+
+int PKCS11_store_public_key(PKCS11_TOKEN *token,
+ EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_store_public_key(token, pk, label, id, id_len);
+}
+
+int PKCS11_store_certificate(PKCS11_TOKEN *token, X509 *x509,
+ char *label, unsigned char *id, size_t id_len,
+ PKCS11_CERT **ret_cert)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_store_certificate(token, x509, label, id, id_len, ret_cert);
+}
+
+int PKCS11_seed_random(PKCS11_SLOT *slot, const unsigned char *s, unsigned int s_len)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_seed_random(slot, s, s_len);
+}
+
+int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_len)
+{
+ if (check_slot_fork(slot) < 0)
+ return -1;
+ return pkcs11_generate_random(slot, r, r_len);
+}
+
+/* External interface to the deprecated features */
+
+int PKCS11_generate_key(PKCS11_TOKEN *token,
+ int algorithm, unsigned int bits,
+ char *label, unsigned char *id, size_t id_len)
+{
+ if (check_token_fork(token) < 0)
+ return -1;
+ return pkcs11_generate_key(token, algorithm, bits, label, id, id_len);
+}
+
+int PKCS11_get_key_size(PKCS11_KEY *key)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_get_key_size(key);
+}
+
+int PKCS11_get_key_modulus(PKCS11_KEY *key, BIGNUM **bn)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_get_key_modulus(key, bn);
+}
+
+int PKCS11_get_key_exponent(PKCS11_KEY *key, BIGNUM **bn)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_get_key_exponent(key, bn);
+}
+
+int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, PKCS11_KEY *key)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_sign(type, m, m_len, sigret, siglen, key);
+}
+
+int PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
+ PKCS11_KEY *key, int padding)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_private_encrypt(flen, from, to, key, padding);
+}
+
+int PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ PKCS11_KEY *key, int padding)
+{
+ if (check_key_fork(key) < 0)
+ return -1;
+ return pkcs11_private_decrypt(flen, from, to, key, padding);
+}
+
+int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *signature, unsigned int siglen, PKCS11_KEY *key)
+{
+ (void)type;
+ (void)m;
+ (void)m_len;
+ (void)signature;
+ (void)siglen;
+ (void)key;
+
+ /* PKCS11 calls go here */
+ PKCS11err(PKCS11_F_PKCS11_RSA_VERIFY, PKCS11_NOT_SUPPORTED);
+ return -1;
+}
+
+/* vim: set noexpandtab: */
diff --git a/src/p11_key.c b/src/p11_key.c
index c2fa5ed..a178651 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -25,8 +25,6 @@
#define strncasecmp strnicmp
#endif
-static int pkcs11_enumerate_keys(PKCS11_TOKEN *, unsigned int,
- PKCS11_KEY **, unsigned int *);
static int pkcs11_find_keys(PKCS11_TOKEN *, unsigned int);
static int pkcs11_next_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
CK_SESSION_HANDLE session, CK_OBJECT_CLASS type);
@@ -37,29 +35,9 @@ static int pkcs11_store_key(PKCS11_TOKEN *, EVP_PKEY *, unsigned int,
char *, unsigned char *, size_t, PKCS11_KEY **);
/*
- * Enumerate private keys on the card
- */
-int
-PKCS11_enumerate_keys(PKCS11_TOKEN * token,
- PKCS11_KEY ** keyp, unsigned int *countp)
-{
- return pkcs11_enumerate_keys(token, CKO_PRIVATE_KEY, keyp, countp);
-}
-
-/*
- * Enumerate public keys on the card
- */
-int
-PKCS11_enumerate_public_keys(PKCS11_TOKEN * token,
- PKCS11_KEY ** keyp, unsigned int *countp)
-{
- return pkcs11_enumerate_keys(token, CKO_PUBLIC_KEY, keyp, countp);
-}
-
-/*
* Find key matching a certificate
*/
-PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
+PKCS11_KEY *pkcs11_find_key(PKCS11_CERT *cert)
{
PKCS11_CERT_private *cpriv;
PKCS11_KEY_private *kpriv;
@@ -81,7 +59,7 @@ PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
/*
* Find key matching a key of the other type (public vs private)
*/
-PKCS11_KEY *PKCS11_find_key_from_key(PKCS11_KEY * keyin)
+PKCS11_KEY *pkcs11_find_key_from_key(PKCS11_KEY * keyin)
{
PKCS11_KEY_private *kinpriv = PRIVKEY(keyin);
PKCS11_KEY *keys;
@@ -137,8 +115,7 @@ int pkcs11_reload_key(PKCS11_KEY * key)
* FIXME: We should check first whether the token supports
* on-board key generation, and if it does, use its own algorithm
*/
-int
-PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits,
+int pkcs11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits,
char *label, unsigned char* id, size_t id_len)
{
PKCS11_KEY *key_obj;
@@ -200,7 +177,7 @@ PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits,
/*
* Store a private key on the token
*/
-int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
+int pkcs11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
char *label, unsigned char *id, size_t id_len)
{
if (pkcs11_store_key(token, pk, CKO_PRIVATE_KEY, label, id, id_len, NULL))
@@ -208,7 +185,7 @@ int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
return 0;
}
-int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
+int pkcs11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
char *label, unsigned char *id, size_t id_len)
{
if (pkcs11_store_key(token, pk, CKO_PUBLIC_KEY, label, id, id_len, NULL))
@@ -231,8 +208,6 @@ static int pkcs11_store_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
unsigned int n = 0;
int rv;
- CHECK_SLOT_FORK(slot);
-
/* First, make sure we have a session */
if (!spriv->haveSession && PKCS11_open_session(slot, 1))
return -1;
@@ -294,7 +269,7 @@ static int pkcs11_store_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
/*
* Get the key type
*/
-int PKCS11_get_key_type(PKCS11_KEY * key)
+int pkcs11_get_key_type(PKCS11_KEY * key)
{
PKCS11_KEY_private *kpriv = PRIVKEY(key);
@@ -305,14 +280,14 @@ int PKCS11_get_key_type(PKCS11_KEY * key)
* Create an EVP_PKEY OpenSSL object for a given key
* Always returns the private key object
*/
-EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key)
+EVP_PKEY *pkcs11_get_private_key(PKCS11_KEY * key)
{
PKCS11_KEY_private *kpriv;
if (key == NULL)
return NULL;
if (!key->isPrivate) {
- key = PKCS11_find_key_from_key(key);
+ key = pkcs11_find_key_from_key(key);
if (key == NULL)
return NULL;
}
@@ -327,14 +302,14 @@ EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key)
* Create an EVP_PKEY OpenSSL object for a given key
* Always returns the public key object
*/
-EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY * key)
+EVP_PKEY *pkcs11_get_public_key(PKCS11_KEY * key)
{
PKCS11_KEY_private *kpriv;
if (key == NULL)
return NULL;
if (key->isPrivate) {
- key = PKCS11_find_key_from_key(key);
+ key = pkcs11_find_key_from_key(key);
if (key == NULL)
return NULL;
}
@@ -349,7 +324,7 @@ EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY * key)
* Return keys of a given type (public or private)
* Use the cached values if available
*/
-static int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
+int pkcs11_enumerate_keys(PKCS11_TOKEN * token, unsigned int type,
PKCS11_KEY ** keyp, unsigned int * countp)
{
PKCS11_SLOT *slot = TOKEN2SLOT(token);
diff --git a/src/p11_load.c b/src/p11_load.c
index 93a7427..e66c266 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -54,7 +54,7 @@ PKCS11_CTX *PKCS11_CTX_new(void)
/*
* Set private init args for module
*/
-void PKCS11_CTX_init_args(PKCS11_CTX * ctx, const char *init_args)
+void pkcs11_CTX_init_args(PKCS11_CTX * ctx, const char *init_args)
{
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
/* Free previously duplicated string */
@@ -67,7 +67,7 @@ void PKCS11_CTX_init_args(PKCS11_CTX * ctx, const char *init_args)
/*
* Load the shared library, and initialize it.
*/
-int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
+int pkcs11_CTX_load(PKCS11_CTX * ctx, const char *name)
{
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
CK_C_INITIALIZE_ARGS _args;
@@ -112,13 +112,16 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
/*
* Reinitialize (e.g., after a fork).
*/
-int PKCS11_CTX_reload(PKCS11_CTX * ctx)
+int pkcs11_CTX_reload(PKCS11_CTX * ctx)
{
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
CK_C_INITIALIZE_ARGS _args;
CK_C_INITIALIZE_ARGS *args = NULL;
int rv;
+ if (cpriv->method == NULL) /* Module not loaded */
+ return 0;
+
/* Tell the PKCS11 to initialize itself */
if (cpriv->init_args != NULL) {
memset(&_args, 0, sizeof(_args));
@@ -138,7 +141,7 @@ int PKCS11_CTX_reload(PKCS11_CTX * ctx)
/*
* Unload the shared library
*/
-void PKCS11_CTX_unload(PKCS11_CTX * ctx)
+void pkcs11_CTX_unload(PKCS11_CTX * ctx)
{
PKCS11_CTX_private *cpriv;
cpriv = PRIVCTX(ctx);
@@ -154,7 +157,7 @@ void PKCS11_CTX_unload(PKCS11_CTX * ctx)
/*
* Free a context
*/
-void PKCS11_CTX_free(PKCS11_CTX * ctx)
+void pkcs11_CTX_free(PKCS11_CTX * ctx)
{
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
diff --git a/src/p11_misc.c b/src/p11_misc.c
index 04ae04f..26410c7 100644
--- a/src/p11_misc.c
+++ b/src/p11_misc.c
@@ -40,117 +40,6 @@ char *pkcs11_strdup(char *mem, size_t size)
}
/*
- * PKCS#11 reinitialization after fork
- * It wipes out the internal state of the PKCS#11 library
- * Any libp11 references to this state are no longer valid
- */
-static int check_fork_int(PKCS11_CTX *ctx)
-{
- PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
-
- if (_P11_detect_fork(cpriv->forkid)) {
- if (PKCS11_CTX_reload(ctx) < 0)
- return -1;
- cpriv->forkid = _P11_get_forkid();
- }
- return 0;
-}
-
-/*
- * PKCS#11 reinitialization after fork
- * Also relogins and reopens the session if needed
- */
-static int check_slot_fork_int(PKCS11_SLOT *slot)
-{
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
- PKCS11_CTX *ctx = SLOT2CTX(slot);
- PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
-
- if (check_fork_int(SLOT2CTX(slot)) < 0)
- return -1;
- if (spriv->forkid != cpriv->forkid) {
- if (spriv->loggedIn) {
- int saved = spriv->haveSession;
- spriv->haveSession = 0;
- spriv->loggedIn = 0;
- if (PKCS11_relogin(slot) < 0)
- return -1;
- spriv->haveSession = saved;
- }
- if (spriv->haveSession) {
- spriv->haveSession = 0;
- if (PKCS11_reopen_session(slot) < 0)
- return -1;
- }
- spriv->forkid = cpriv->forkid;
- }
- return 0;
-}
-
-/*
- * PKCS#11 reinitialization after fork
- * Also reloads the key
- */
-static int check_key_fork_int(PKCS11_KEY *key)
-{
- PKCS11_SLOT *slot = KEY2SLOT(key);
- PKCS11_KEY_private *kpriv = PRIVKEY(key);
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
-
- if (check_slot_fork_int(slot) < 0)
- return -1;
- if (spriv->forkid != kpriv->forkid) {
- pkcs11_reload_key(key);
- kpriv->forkid = spriv->forkid;
- }
- return 0;
-}
-
-/*
- * Locking interface to check_fork_int()
- */
-int check_fork(PKCS11_CTX *ctx)
-{
- PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
- int rv;
-
- pkcs11_w_lock(cpriv->lockid);
- rv = check_fork_int(ctx);
- pkcs11_w_unlock(cpriv->lockid);
- return rv;
-}
-
-/*
- * Locking interface to check_slot_fork_int()
- */
-int check_slot_fork(PKCS11_SLOT *slot)
-{
- PKCS11_CTX *ctx = SLOT2CTX(slot);
- PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
- int rv;
-
- pkcs11_w_lock(cpriv->lockid);
- rv = check_slot_fork_int(slot);
- pkcs11_w_unlock(cpriv->lockid);
- return rv;
-}
-
-/*
- * Locking interface to check_key_fork_int()
- */
-int check_key_fork(PKCS11_KEY *key)
-{
- PKCS11_CTX *ctx = KEY2CTX(key);
- PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
- int rv;
-
- CRYPTO_w_lock(cpriv->lockid);
- rv = check_key_fork_int(key);
- CRYPTO_w_unlock(cpriv->lockid);
- return rv;
-}
-
-/*
* CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID
*/
int pkcs11_get_new_dynlockid()
diff --git a/src/p11_ops.c b/src/p11_ops.c
deleted file mode 100644
index fa8e4d2..0000000
--- a/src/p11_ops.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/* libp11, a simple layer on to of PKCS#11 API
- * Copyright (C) 2005 Olaf Kirch <okir at lst.de>
- * Copyright (C) 2005 Kevin Stefanik <kstef at mtppi.org>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-
-/* this file does certain cryptographic operations via the pkcs11 library */
-
-#include "libp11-int.h"
-#include <string.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/asn1.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100002L
-/* initial code will only support what is needed for pkcs11_ec_ckey
- * i.e. CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE
- * and CK_EC_KDF_TYPE supported by token
- * The secret key object is deleted
- *
- * In future CKM_ECMQV_DERIVE with CK_ECMQV_DERIVE_PARAMS
- * could also be supported, and the secret key object could be returned.
- */
-int pkcs11_ecdh_derive_internal(unsigned char **out, size_t *outlen,
- const unsigned long ecdh_mechanism,
- const void * ec_params,
- void *outnewkey,
- PKCS11_KEY * key)
-{
- PKCS11_SLOT *slot = KEY2SLOT(key);
- PKCS11_CTX *ctx = KEY2CTX(key);
- PKCS11_TOKEN *token = KEY2TOKEN(key);
- PKCS11_KEY_private *kpriv = PRIVKEY(key);
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
- CK_MECHANISM mechanism;
- int rv;
- int ret = -1;
- unsigned char * buf = NULL;
- size_t buflen;
-
- CK_BBOOL true = TRUE;
- CK_BBOOL false = FALSE;
- CK_OBJECT_HANDLE newkey = CK_INVALID_HANDLE;
- CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
- CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
- CK_OBJECT_HANDLE * tmpnewkey = (CK_OBJECT_HANDLE *)outnewkey;
- CK_ATTRIBUTE newkey_template[] = {
- {CKA_TOKEN, &false, sizeof(false)}, /* session only object */
- {CKA_CLASS, &newkey_class, sizeof(newkey_class)},
- {CKA_KEY_TYPE, &newkey_type, sizeof(newkey_type)},
- {CKA_ENCRYPT, &true, sizeof(true)},
- {CKA_DECRYPT, &true, sizeof(true)}
- };
-
- CHECK_KEY_FORK(key);
-
- memset(&mechanism, 0, sizeof(mechanism));
- mechanism.mechanism = ecdh_mechanism;
- mechanism.pParameter = (void*)ec_params;
- switch (ecdh_mechanism) {
- case CKM_ECDH1_DERIVE:
- case CKM_ECDH1_COFACTOR_DERIVE:
- mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
- break;
-// case CK_ECMQV_DERIVE_PARAMS:
-// mechanism.ulParameterLen = sizeof(CK_ECMQV_DERIVE_PARAMS);
-// break;
- default:
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, PKCS11_NOT_SUPPORTED);
- goto err;
- }
-
- rv = CRYPTOKI_call(ctx, C_DeriveKey(spriv->session, &mechanism, kpriv->object, newkey_template, 5, &newkey));
- if (rv) {
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, pkcs11_map_err(rv));
- goto err;
- }
-
- /* Return the value of the secret key and/or the object handle of the secret key */
-
- /* pkcs11_ec_ckey only asks for the value */
-
- if (out && outlen) {
- /* get size of secret key value */
- if (!pkcs11_getattr_var(token, newkey, CKA_VALUE, NULL, &buflen)
- && buflen > 0) {
- buf = OPENSSL_malloc(buflen);
- if (buf == NULL) {
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
- pkcs11_map_err(CKR_HOST_MEMORY));
- goto err;
- }
- } else {
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
- pkcs11_map_err(CKR_ATTRIBUTE_VALUE_INVALID));
- goto err;
- }
-
- pkcs11_getattr_var(token, newkey, CKA_VALUE, buf, &buflen);
- *out = buf;
- *outlen = buflen;
- buf = NULL;
- }
-
- /* not used by pkcs11_ec_ckey for future use */
- if (tmpnewkey) {
- *tmpnewkey = newkey;
- newkey = CK_INVALID_HANDLE;
- }
-
- ret = 1;
-err:
- if (buf)
- OPENSSL_free(buf);
- if (newkey != CK_INVALID_HANDLE && spriv->session != CK_INVALID_HANDLE)
- CRYPTOKI_call(ctx, C_DestroyObject(spriv->session, newkey));
-
- return ret;
-}
-#endif
-
-/* Signature size is the issue, will assume the caller has a big buffer! */
-/* No padding or other stuff needed. We can call PKCS11 from here */
-int
-PKCS11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key)
-{
- int rv;
- PKCS11_SLOT *slot = KEY2SLOT(key);
- PKCS11_CTX *ctx = KEY2CTX(key);
- PKCS11_KEY_private *kpriv = PRIVKEY(key);
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
- CK_MECHANISM mechanism;
- CK_ULONG ck_sigsize;
-
- CHECK_KEY_FORK(key);
-
- ck_sigsize = *siglen;
-
- memset(&mechanism, 0, sizeof(mechanism));
- mechanism.mechanism = CKM_ECDSA;
-
- pkcs11_w_lock(PRIVSLOT(slot)->lockid);
- rv = CRYPTOKI_call(ctx, C_SignInit(spriv->session, &mechanism, kpriv->object)) ||
- CRYPTOKI_call(ctx,
- C_Sign(spriv->session, (CK_BYTE *) m, m_len, sigret, &ck_sigsize));
- pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
-
- if (rv) {
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));
- return -1;
- }
- *siglen = ck_sigsize;
-
- return ck_sigsize;
-}
-
-/* Following used for RSA */
-int
-PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key)
-{
- int rv, ssl = ((type == NID_md5_sha1) ? 1 : 0);
- unsigned char *encoded = NULL;
- int sigsize;
-
- CHECK_KEY_FORK(key);
-
- sigsize = PKCS11_get_key_size(key);
-
- if (ssl) {
- if ((m_len != 36) /* SHA1 + MD5 */ ||
- ((m_len + RSA_PKCS1_PADDING_SIZE) > (unsigned)sigsize)) {
- return 0; /* the size is wrong */
- }
- } else {
- ASN1_TYPE parameter = { V_ASN1_NULL, { NULL } };
- ASN1_STRING digest = { m_len, V_ASN1_OCTET_STRING, (unsigned char *)m, 0 };
- X509_ALGOR algor = { NULL, ¶meter };
- X509_SIG digest_info = { &algor, &digest };
- int size;
- /* Fetch the OID of the algorithm used */
- if ((algor.algorithm = OBJ_nid2obj(type)) &&
- (algor.algorithm) &&
- /* Get the size of the encoded DigestInfo */
- (size = i2d_X509_SIG(&digest_info, NULL)) &&
- /* Check that size is compatible with PKCS#11 padding */
- (size + RSA_PKCS1_PADDING_SIZE <= sigsize) &&
- (encoded = OPENSSL_malloc(sigsize))) {
- unsigned char *tmp = encoded;
- /* Actually do the encoding */
- i2d_X509_SIG(&digest_info,&tmp);
- m = encoded;
- m_len = size;
- } else {
- return 0;
- }
- }
-
- rv = PKCS11_private_encrypt(m_len, m, sigret, key, RSA_PKCS1_PADDING);
-
- if (rv <= 0)
- rv = 0;
- else {
- *siglen = rv;
- rv = 1;
- }
-
- if (encoded != NULL) /* NULL on SSL case */
- OPENSSL_free(encoded);
-
- return rv;
-}
-
-int
-PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
- PKCS11_KEY * key, int padding)
-{
- PKCS11_SLOT *slot = KEY2SLOT(key);
- PKCS11_CTX *ctx = KEY2CTX(key);
- PKCS11_KEY_private *kpriv = PRIVKEY(key);
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
- CK_MECHANISM mechanism;
- int rv;
- int sigsize;
- CK_ULONG ck_sigsize;
-
- sigsize = PKCS11_get_key_size(key);
- ck_sigsize = sigsize;
-
- memset(&mechanism, 0, sizeof(mechanism));
-
- switch (padding) {
- case RSA_NO_PADDING:
- mechanism.mechanism = CKM_RSA_X_509;
- break;
- case RSA_PKCS1_PADDING:
- if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
- return -1; /* the size is wrong */
- }
- mechanism.mechanism = CKM_RSA_PKCS;
- break;
- default:
- printf("pkcs11 engine: only RSA_NO_PADDING or RSA_PKCS1_PADDING allowed so far\n");
- return -1;
- }
-
- CHECK_KEY_FORK(key);
-
- pkcs11_w_lock(PRIVSLOT(slot)->lockid);
- /* API is somewhat fishy here. *siglen is 0 on entry (cleared
- * by OpenSSL). The library assumes that the memory passed
- * by the caller is always big enough */
- rv = CRYPTOKI_call(ctx, C_SignInit(spriv->session, &mechanism, kpriv->object)) ||
- CRYPTOKI_call(ctx,
- C_Sign(spriv->session, (CK_BYTE *) from, flen, to, &ck_sigsize));
- pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
-
- if (rv) {
- PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv));
- return -1;
- }
-
- if ((unsigned)sigsize != ck_sigsize)
- return -1;
-
- return sigsize;
-}
-
-int
-PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
- PKCS11_KEY * key, int padding)
-{
- PKCS11_SLOT *slot = KEY2SLOT(key);
- PKCS11_CTX *ctx = KEY2CTX(key);
- PKCS11_KEY_private *kpriv = PRIVKEY(key);
- PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
- CK_MECHANISM mechanism;
- CK_ULONG size = flen;
- CK_RV rv;
-
- if (padding != RSA_PKCS1_PADDING) {
- printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
- return -1;
- }
-
- CHECK_KEY_FORK(key);
-
- memset(&mechanism, 0, sizeof(mechanism));
- mechanism.mechanism = CKM_RSA_PKCS;
-
- pkcs11_w_lock(PRIVSLOT(slot)->lockid);
- rv = CRYPTOKI_call(ctx, C_DecryptInit(spriv->session, &mechanism, kpriv->object)) ||
- CRYPTOKI_call(ctx,
- C_Decrypt(spriv->session, (CK_BYTE *) from, (CK_ULONG)flen,
- (CK_BYTE_PTR)to, &size));
- pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
-
- if (rv)
- PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
-
- return rv ? 0 : size;
-}
-
-int
-PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *signature, unsigned int siglen, PKCS11_KEY * key)
-{
- (void)type;
- (void)m;
- (void)m_len;
- (void)signature;
- (void)siglen;
- (void)key;
-
- /* PKCS11 calls go here */
- PKCS11err(PKCS11_F_PKCS11_RSA_VERIFY, PKCS11_NOT_SUPPORTED);
- return -1;
-}
-
-/* vim: set noexpandtab: */
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index 395e0f3..7aa25bd 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -29,6 +29,162 @@
static int rsa_ex_index = 0;
+int
+pkcs11_sign(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key)
+{
+ int rv, ssl = ((type == NID_md5_sha1) ? 1 : 0);
+ unsigned char *encoded = NULL;
+ int sigsize;
+
+ sigsize = pkcs11_get_key_size(key);
+
+ if (ssl) {
+ if ((m_len != 36) /* SHA1 + MD5 */ ||
+ ((m_len + RSA_PKCS1_PADDING_SIZE) > (unsigned)sigsize)) {
+ return 0; /* the size is wrong */
+ }
+ } else {
+ ASN1_TYPE parameter = { V_ASN1_NULL, { NULL } };
+ ASN1_STRING digest = { m_len, V_ASN1_OCTET_STRING, (unsigned char *)m, 0 };
+ X509_ALGOR algor = { NULL, ¶meter };
+ X509_SIG digest_info = { &algor, &digest };
+ int size;
+ /* Fetch the OID of the algorithm used */
+ if ((algor.algorithm = OBJ_nid2obj(type)) &&
+ (algor.algorithm) &&
+ /* Get the size of the encoded DigestInfo */
+ (size = i2d_X509_SIG(&digest_info, NULL)) &&
+ /* Check that size is compatible with PKCS#11 padding */
+ (size + RSA_PKCS1_PADDING_SIZE <= sigsize) &&
+ (encoded = OPENSSL_malloc(sigsize))) {
+ unsigned char *tmp = encoded;
+ /* Actually do the encoding */
+ i2d_X509_SIG(&digest_info,&tmp);
+ m = encoded;
+ m_len = size;
+ } else {
+ return 0;
+ }
+ }
+
+ rv = pkcs11_private_encrypt(m_len, m, sigret, key, RSA_PKCS1_PADDING);
+
+ if (rv <= 0)
+ rv = 0;
+ else {
+ *siglen = rv;
+ rv = 1;
+ }
+
+ if (encoded != NULL) /* NULL on SSL case */
+ OPENSSL_free(encoded);
+
+ return rv;
+}
+
+int
+pkcs11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
+ PKCS11_KEY * key, int padding)
+{
+ PKCS11_SLOT *slot = KEY2SLOT(key);
+ PKCS11_CTX *ctx = KEY2CTX(key);
+ PKCS11_KEY_private *kpriv = PRIVKEY(key);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+ CK_MECHANISM mechanism;
+ int rv;
+ int sigsize;
+ CK_ULONG ck_sigsize;
+
+ sigsize = pkcs11_get_key_size(key);
+ ck_sigsize = sigsize;
+
+ memset(&mechanism, 0, sizeof(mechanism));
+
+ switch (padding) {
+ case RSA_NO_PADDING:
+ mechanism.mechanism = CKM_RSA_X_509;
+ break;
+ case RSA_PKCS1_PADDING:
+ if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
+ return -1; /* the size is wrong */
+ }
+ mechanism.mechanism = CKM_RSA_PKCS;
+ break;
+ default:
+ printf("pkcs11 engine: only RSA_NO_PADDING or RSA_PKCS1_PADDING allowed so far\n");
+ return -1;
+ }
+
+ pkcs11_w_lock(PRIVSLOT(slot)->lockid);
+ /* API is somewhat fishy here. *siglen is 0 on entry (cleared
+ * by OpenSSL). The library assumes that the memory passed
+ * by the caller is always big enough */
+ rv = CRYPTOKI_call(ctx, C_SignInit(spriv->session, &mechanism, kpriv->object)) ||
+ CRYPTOKI_call(ctx,
+ C_Sign(spriv->session, (CK_BYTE *) from, flen, to, &ck_sigsize));
+ pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
+
+ if (rv) {
+ PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv));
+ return -1;
+ }
+
+ if ((unsigned)sigsize != ck_sigsize)
+ return -1;
+
+ return sigsize;
+}
+
+int
+pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ PKCS11_KEY * key, int padding)
+{
+ PKCS11_SLOT *slot = KEY2SLOT(key);
+ PKCS11_CTX *ctx = KEY2CTX(key);
+ PKCS11_KEY_private *kpriv = PRIVKEY(key);
+ PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
+ CK_MECHANISM mechanism;
+ CK_ULONG size = flen;
+ CK_RV rv;
+
+ if (padding != RSA_PKCS1_PADDING) {
+ printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
+ return -1;
+ }
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = CKM_RSA_PKCS;
+
+ pkcs11_w_lock(PRIVSLOT(slot)->lockid);
+ rv = CRYPTOKI_call(ctx, C_DecryptInit(spriv->session, &mechanism, kpriv->object)) ||
+ CRYPTOKI_call(ctx,
+ C_Decrypt(spriv->session, (CK_BYTE *) from, (CK_ULONG)flen,
+ (CK_BYTE_PTR)to, &size));
+ pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
+
+ if (rv)
+ PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
+
+ return rv ? 0 : size;
+}
+
+int
+pkcs11_verify(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *signature, unsigned int siglen, PKCS11_KEY * key)
+{
+ (void)type;
+ (void)m;
+ (void)m_len;
+ (void)signature;
+ (void)siglen;
+ (void)key;
+
+ /* PKCS11 calls go here */
+ PKCS11err(PKCS11_F_PKCS11_RSA_VERIFY, PKCS11_NOT_SUPPORTED);
+ return -1;
+}
+
/*
* Get RSA key material
*/
@@ -115,7 +271,7 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY * key)
return pk;
}
-int PKCS11_get_key_modulus(PKCS11_KEY * key, BIGNUM **bn)
+int pkcs11_get_key_modulus(PKCS11_KEY * key, BIGNUM **bn)
{
if (pkcs11_getattr_bn(KEY2TOKEN(key), PRIVKEY(key)->object,
CKA_MODULUS, bn))
@@ -123,7 +279,7 @@ int PKCS11_get_key_modulus(PKCS11_KEY * key, BIGNUM **bn)
return 1;
}
-int PKCS11_get_key_exponent(PKCS11_KEY * key, BIGNUM **bn)
+int pkcs11_get_key_exponent(PKCS11_KEY * key, BIGNUM **bn)
{
if (pkcs11_getattr_bn(KEY2TOKEN(key), PRIVKEY(key)->object,
CKA_PUBLIC_EXPONENT, bn))
@@ -131,7 +287,7 @@ int PKCS11_get_key_exponent(PKCS11_KEY * key, BIGNUM **bn)
return 1;
}
-int PKCS11_get_key_size(const PKCS11_KEY * key)
+int pkcs11_get_key_size(PKCS11_KEY * key)
{
BIGNUM *n = NULL;
int numbytes = 0;
@@ -145,21 +301,21 @@ int PKCS11_get_key_size(const PKCS11_KEY * key)
static int pkcs11_rsa_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA * rsa, int padding)
{
- return PKCS11_private_decrypt(flen, from, to,
+ return pkcs11_private_decrypt(flen, from, to,
(PKCS11_KEY *) RSA_get_ex_data(rsa, rsa_ex_index), padding);
}
static int pkcs11_rsa_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA * rsa, int padding)
{
- return PKCS11_private_encrypt(flen, from, to,
+ return pkcs11_private_encrypt(flen, from, to,
(PKCS11_KEY *) RSA_get_ex_data(rsa, rsa_ex_index), padding);
}
static int pkcs11_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const RSA * rsa)
{
- return PKCS11_sign(type, m, m_len, sigret, siglen,
+ return pkcs11_sign(type, m, m_len, sigret, siglen,
(PKCS11_KEY *) RSA_get_ex_data(rsa, rsa_ex_index));
}
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 43280a8..af19f8b 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -27,8 +27,7 @@ static void pkcs11_destroy_token(PKCS11_TOKEN *);
/*
* Get slotid from private
*/
-unsigned long
-PKCS11_get_slotid_from_slot(PKCS11_SLOT *slot)
+unsigned long pkcs11_get_slotid_from_slot(PKCS11_SLOT *slot)
{
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
@@ -38,15 +37,7 @@ PKCS11_get_slotid_from_slot(PKCS11_SLOT *slot)
/*
* Enumerate slots
*/
-int
-PKCS11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *countp)
-{
- CHECK_FORK(ctx);
- return pkcs11_enumerate_slots(ctx, slotp, countp);
-}
-
-int
-pkcs11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *countp)
+int pkcs11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *countp)
{
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
CK_SLOT_ID *slotid;
@@ -91,7 +82,7 @@ pkcs11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *cou
/*
* Find a slot with a token that looks "valuable"
*/
-PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, PKCS11_SLOT * slots, unsigned int nslots)
+PKCS11_SLOT *pkcs11_find_token(PKCS11_CTX * ctx, PKCS11_SLOT * slots, unsigned int nslots)
{
PKCS11_SLOT *slot, *best;
PKCS11_TOKEN *tok;
@@ -118,7 +109,6 @@ PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, PKCS11_SLOT * slots, unsigned
/*
* Open a session with this slot
*/
-static
int pkcs11_open_session(PKCS11_SLOT * slot, int rw, int relogin)
{
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
@@ -126,8 +116,6 @@ int pkcs11_open_session(PKCS11_SLOT * slot, int rw, int relogin)
int rv;
if (relogin == 0) {
- CHECK_SLOT_FORK(slot);
-
if (spriv->haveSession) {
CRYPTOKI_call(ctx, C_CloseSession(spriv->session));
spriv->haveSession = 0;
@@ -144,12 +132,7 @@ int pkcs11_open_session(PKCS11_SLOT * slot, int rw, int relogin)
return 0;
}
-int PKCS11_open_session(PKCS11_SLOT * slot, int rw)
-{
- return pkcs11_open_session(slot, rw, 0);
-}
-
-int PKCS11_reopen_session(PKCS11_SLOT * slot)
+int pkcs11_reopen_session(PKCS11_SLOT * slot)
{
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX *ctx = SLOT2CTX(slot);
@@ -168,7 +151,7 @@ int PKCS11_reopen_session(PKCS11_SLOT * slot)
/*
* Determines if user is authenticated with token
*/
-int PKCS11_is_logged_in(PKCS11_SLOT * slot, int so, int * res)
+int pkcs11_is_logged_in(PKCS11_SLOT * slot, int so, int * res)
{
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
@@ -200,7 +183,6 @@ int PKCS11_is_logged_in(PKCS11_SLOT * slot, int so, int * res)
* Authenticate with the card. relogin should be set if we automatically
* relogin after a fork.
*/
-static
int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin)
{
PKCS11_CTX *ctx = SLOT2CTX(slot);
@@ -208,8 +190,6 @@ int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin)
int rv;
if (relogin == 0) {
- CHECK_SLOT_FORK(slot);
-
/* Calling PKCS11_login invalidates all cached
* keys we have */
if (slot->token) {
@@ -250,14 +230,7 @@ int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin)
/*
* Authenticate with the card
*/
-int PKCS11_login(PKCS11_SLOT * slot, int so, const char *pin)
-{
- return pkcs11_login(slot, so, pin, 0);
-}
-
-
-
-int PKCS11_relogin(PKCS11_SLOT * slot)
+int pkcs11_relogin(PKCS11_SLOT * slot)
{
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
@@ -267,14 +240,12 @@ int PKCS11_relogin(PKCS11_SLOT * slot)
/*
* Log out
*/
-int PKCS11_logout(PKCS11_SLOT * slot)
+int pkcs11_logout(PKCS11_SLOT * slot)
{
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
int rv;
- CHECK_SLOT_FORK(slot);
-
/* Calling PKCS11_logout invalidates all cached
* keys we have */
if (slot->token) {
@@ -295,15 +266,13 @@ int PKCS11_logout(PKCS11_SLOT * slot)
/*
* Initialize the token
*/
-int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin, const char *label)
+int pkcs11_init_token(PKCS11_TOKEN * token, const char *pin, const char *label)
{
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
int rv;
- CHECK_FORK(ctx);
-
if (label == NULL)
label = "PKCS#11 Token";
rv = CRYPTOKI_call(ctx,
@@ -328,15 +297,13 @@ int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin, const char *label)
/*
* Set the User PIN
*/
-int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin)
+int pkcs11_init_pin(PKCS11_TOKEN * token, const char *pin)
{
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
int len, rv;
- CHECK_FORK(ctx);
-
if (!spriv->haveSession) {
PKCS11err(PKCS11_F_PKCS11_INIT_PIN, PKCS11_NO_SESSION);
return -1;
@@ -352,15 +319,13 @@ int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin)
/*
* Change the User PIN
*/
-int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
+int pkcs11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
const char *new_pin)
{
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
int old_len, new_len, rv;
- CHECK_SLOT_FORK(slot);
-
if (!spriv->haveSession) {
PKCS11err(PKCS11_F_PKCS11_CHANGE_PIN, PKCS11_NO_SESSION);
return -1;
@@ -379,15 +344,13 @@ int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
/*
* Seed the random number generator
*/
-int PKCS11_seed_random(PKCS11_SLOT *slot, const unsigned char *s,
+int pkcs11_seed_random(PKCS11_SLOT *slot, const unsigned char *s,
unsigned int s_len)
{
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
int rv;
- CHECK_SLOT_FORK(slot);
-
if (!spriv->haveSession && PKCS11_open_session(slot, 0)) {
PKCS11err(PKCS11_F_PKCS11_SEED_RANDOM, PKCS11_NO_SESSION);
return -1;
@@ -403,15 +366,13 @@ int PKCS11_seed_random(PKCS11_SLOT *slot, const unsigned char *s,
/*
* Generate random numbers
*/
-int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r,
+int pkcs11_generate_random(PKCS11_SLOT *slot, unsigned char *r,
unsigned int r_len)
{
PKCS11_CTX *ctx = SLOT2CTX(slot);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
int rv;
- CHECK_SLOT_FORK(slot);
-
if (!spriv->haveSession && PKCS11_open_session(slot, 0)) {
PKCS11err(PKCS11_F_PKCS11_GENERATE_RANDOM, PKCS11_NO_SESSION);
return -1;
@@ -460,7 +421,7 @@ static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
return 0;
}
-void PKCS11_release_all_slots(PKCS11_CTX * ctx, PKCS11_SLOT *slots, unsigned int nslots)
+void pkcs11_release_all_slots(PKCS11_CTX * ctx, PKCS11_SLOT *slots, unsigned int nslots)
{
unsigned int i;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list