[pkg-opensc-commit] [libp11] 13/27: PKCS11 errors separated into P11 and CKR
Eric Dorland
eric at moszumanska.debian.org
Mon Aug 7 19:48:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit e4c641b1d99720ff90f945dba09902977a95c15a
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Sat Jun 10 18:43:10 2017 +0200
PKCS11 errors separated into P11 and CKR
---
src/Makefile.am | 6 +-
src/Makefile.mak | 4 +-
src/libp11-int.h | 12 +--
src/libp11.h | 84 ++++++++--------
src/p11_attr.c | 7 +-
src/p11_cert.c | 6 +-
src/{p11_err.c => p11_ckr.c} | 76 ++++++++-------
src/p11_ec.c | 9 +-
src/p11_err.c | 226 +++++++++++++++----------------------------
src/p11_err.h | 53 ++++++++++
src/p11_front.c | 9 +-
src/p11_key.c | 27 +++---
src/p11_load.c | 8 +-
src/p11_rsa.c | 6 +-
src/p11_slot.c | 38 ++++----
15 files changed, 277 insertions(+), 294 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index b74ea03..5c79b35 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,15 +5,15 @@ CLEANFILES = libp11.pc
EXTRA_DIST = Makefile.mak libp11.rc.in pkcs11.rc.in
noinst_HEADERS= libp11-int.h pkcs11.h atfork.h
-include_HEADERS= libp11.h
+include_HEADERS= libp11.h p11_err.h
lib_LTLIBRARIES = libp11.la
enginesexec_LTLIBRARIES = pkcs11.la
pkgconfig_DATA = libp11.pc
SHARED_EXT=@SHARED_EXT@
-libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_key.c \
- p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_slot.c p11_front.c \
+libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_ckr.c \
+ p11_key.c p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_slot.c p11_front.c \
atfork.c libp11.exports
if WIN32
libp11_la_SOURCES += libp11.rc
diff --git a/src/Makefile.mak b/src/Makefile.mak
index d26a2c6..de3d58f 100644
--- a/src/Makefile.mak
+++ b/src/Makefile.mak
@@ -3,8 +3,8 @@ TOPDIR = ..
!INCLUDE $(TOPDIR)\make.rules.mak
LIBP11_OBJECTS = libpkcs11.obj p11_attr.obj p11_cert.obj \
- p11_err.obj p11_key.obj p11_load.obj p11_misc.obj p11_rsa.obj \
- p11_ec.obj p11_slot.obj p11_front.obj
+ p11_err.obj p11_ckr.obj p11_key.obj p11_load.obj p11_misc.obj \
+ p11_rsa.obj p11_ec.obj p11_slot.obj p11_front.obj
LIBP11_LIB = libp11.lib
LIBP11_TARGET = libp11.dll
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 1e54976..040f9ce 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -116,27 +116,19 @@ typedef struct pkcs11_cert_private {
#define CERT2CTX(cert) TOKEN2CTX(CERT2TOKEN(cert))
/*
- * Mapping Cryptoki error codes to those used internally
- * by this code.
- * Right now, we just map them directly, and make sure
- * that the few genuine messages we use don't clash with
- * PKCS#11
- */
-#define CKR_to_PKCS11(rv) (rv)
-
-/*
* Internal functions
*/
#define CRYPTOKI_checkerr(f, rv) \
do { \
if (rv) { \
- PKCS11err(f, CKR_to_PKCS11(rv)); \
+ CKRerr(f, rv); \
return -1; \
} \
ERR_clear_error(); \
} while (0)
#define CRYPTOKI_call(ctx, func_and_args) \
PRIVCTX(ctx)->method->func_and_args
+extern void ERR_load_CKR_strings(void);
/* Memory allocation */
#define PKCS11_DUP(s) \
diff --git a/src/libp11.h b/src/libp11.h
index 391f55a..87e1097 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -29,16 +29,17 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
+#include <p11_err.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Get some structures for local code to handle PKCS#11 data readily */
-#define ERR_LIB_PKCS11 ERR_LIB_USER
+#define ERR_LIB_CKR ERR_LIB_USER
-#define PKCS11err(f,r) \
- ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
+#define CKRerr(f,r) \
+ ERR_PUT_error(ERR_LIB_CKR,(f),(r),__FILE__,__LINE__)
/*
* The purpose of this library is to provide a simple PKCS11
@@ -474,45 +475,44 @@ P11_DEPRECATED_FUNC extern int PKCS11_private_decrypt(
int flen, const unsigned char *from,
unsigned char *to, PKCS11_KEY * key, int padding);
-/*
- * Function and reason codes
- */
-#define PKCS11_F_PKCS11_CTX_LOAD 1
-#define PKCS11_F_PKCS11_ENUM_SLOTS 2
-#define PKCS11_F_PKCS11_CHECK_TOKEN 3
-#define PKCS11_F_PKCS11_OPEN_SESSION 4
-#define PKCS11_F_PKCS11_LOGIN 5
-#define PKCS11_F_PKCS11_ENUM_KEYS 6
-#define PKCS11_F_PKCS11_GET_KEY 7
-#define PKCS11_F_PKCS11_RSA_DECRYPT 8
-#define PKCS11_F_PKCS11_RSA_ENCRYPT 9
-#define PKCS11_F_PKCS11_RSA_SIGN 10
-#define PKCS11_F_PKCS11_RSA_VERIFY 11
-#define PKCS11_F_PKCS11_ENUM_CERTS 12
-#define PKCS11_F_PKCS11_INIT_TOKEN 13
-#define PKCS11_F_PKCS11_INIT_PIN 14
-#define PKCS11_F_PKCS11_LOGOUT 15
-#define PKCS11_F_PKCS11_STORE_PRIVATE_KEY 16
-#define PKCS11_F_PKCS11_GENERATE_KEY 17
-#define PKCS11_F_PKCS11_STORE_PUBLIC_KEY 18
-#define PKCS11_F_PKCS11_STORE_CERTIFICATE 19
-#define PKCS11_F_PKCS11_SEED_RANDOM 20
-#define PKCS11_F_PKCS11_GENERATE_RANDOM 21
-#define PKCS11_F_PKCS11_CHANGE_PIN 22
-#define PKCS11_F_PKCS11_GETATTR 40
-#define PKCS11_F_PKCS11_EC_KEY_SIGN 41
-#define PKCS11_F_PKCS11_EC_KEY_VERIFY 42
-#define PKCS11_F_PKCS11_GETSESSIONINFO 43
-#define PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY 44
-
-#define PKCS11_ERR_BASE 1024
-#define PKCS11_LOAD_MODULE_ERROR (PKCS11_ERR_BASE+1)
-#define PKCS11_MODULE_LOADED_ERROR (PKCS11_ERR_BASE+2)
-#define PKCS11_SYMBOL_NOT_FOUND_ERROR (PKCS11_ERR_BASE+3)
-#define PKCS11_NOT_SUPPORTED (PKCS11_ERR_BASE+4)
-#define PKCS11_NO_SESSION (PKCS11_ERR_BASE+5)
-#define PKCS11_KEYGEN_FAILED (PKCS11_ERR_BASE+6)
-#define PKCS11_UI_FAILED (PKCS11_ERR_BASE+7)
+/* Function codes */
+# define CKR_F_PKCS11_CHANGE_PIN 100
+# define CKR_F_PKCS11_CHECK_TOKEN 101
+# define CKR_F_PKCS11_CTX_LOAD 102
+# define CKR_F_PKCS11_ECDH_DERIVE 103
+# define CKR_F_PKCS11_ECDSA_SIGN 104
+# define CKR_F_PKCS11_ENUMERATE_SLOTS 105
+# define CKR_F_PKCS11_FIND_CERTS 106
+# define CKR_F_PKCS11_FIND_KEYS 107
+# define CKR_F_PKCS11_GENERATE_RANDOM 108
+# define CKR_F_PKCS11_GETATTR_ALLOC 109
+# define CKR_F_PKCS11_GETATTR_BN 110
+# define CKR_F_PKCS11_GETATTR_INT 111
+# define CKR_F_PKCS11_INIT_PIN 112
+# define CKR_F_PKCS11_INIT_SLOT 113
+# define CKR_F_PKCS11_INIT_TOKEN 114
+# define CKR_F_PKCS11_IS_LOGGED_IN 115
+# define CKR_F_PKCS11_LOGIN 116
+# define CKR_F_PKCS11_LOGOUT 117
+# define CKR_F_PKCS11_NEXT_CERT 118
+# define CKR_F_PKCS11_NEXT_KEY 119
+# define CKR_F_PKCS11_OPEN_SESSION 120
+# define CKR_F_PKCS11_PRIVATE_DECRYPT 121
+# define CKR_F_PKCS11_PRIVATE_ENCRYPT 122
+# define CKR_F_PKCS11_RELOAD_KEY 123
+# define CKR_F_PKCS11_REOPEN_SESSION 124
+# define CKR_F_PKCS11_SEED_RANDOM 125
+# define CKR_F_PKCS11_STORE_CERTIFICATE 126
+# define CKR_F_PKCS11_STORE_KEY 127
+
+/* For backward compatibility */
+#define PKCS11_LOAD_MODULE_ERROR P11_LOAD_MODULE_ERROR
+#define PKCS11_MODULE_LOADED_ERROR -1
+#define PKCS11_SYMBOL_NOT_FOUND_ERROR -1
+#define PKCS11_NOT_SUPPORTED P11_R_NOT_SUPPORTED
+#define PKCS11_NO_SESSION P11_R_NO_SESSION
+#define PKCS11_KEYGEN_FAILED P11_R_KEYGEN_FAILED
+#define PKCS11_UI_FAILED P11_R_UI_FAILED
#ifdef __cplusplus
}
diff --git a/src/p11_attr.c b/src/p11_attr.c
index f6b6e35..59d3a35 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -45,7 +45,7 @@ static int pkcs11_getattr_int(PKCS11_CTX *ctx, CK_SESSION_HANDLE session,
templ.ulValueLen = *size;
rv = CRYPTOKI_call(ctx, C_GetAttributeValue(session, o, &templ, 1));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_GETATTR, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_GETATTR_INT, rv);
*size = templ.ulValueLen;
return 0;
@@ -75,7 +75,7 @@ int pkcs11_getattr_alloc(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object,
return -1;
data = OPENSSL_malloc(len+1);
if (data == NULL) {
- PKCS11err(PKCS11_F_PKCS11_GETATTR, CKR_to_PKCS11(CKR_HOST_MEMORY));
+ CKRerr(CKR_F_PKCS11_GETATTR_ALLOC, CKR_HOST_MEMORY);
return -1;
}
memset(data, 0, len+1); /* also null-terminate the allocated data */
@@ -102,8 +102,7 @@ int pkcs11_getattr_bn(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object,
* not sure it will survive the ulValueLen->size_t and keep sign at all platforms
*/
if (size == (size_t)-1) {
- PKCS11err(PKCS11_F_PKCS11_GETATTR,
- CKR_to_PKCS11(CKR_ATTRIBUTE_TYPE_INVALID));
+ CKRerr(CKR_F_PKCS11_GETATTR_BN, CKR_ATTRIBUTE_TYPE_INVALID);
OPENSSL_free(binary);
return -1;
}
diff --git a/src/p11_cert.c b/src/p11_cert.c
index b20e229..9bc28a0 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -101,7 +101,7 @@ static int pkcs11_find_certs(PKCS11_TOKEN *token)
/* Tell the PKCS11 lib to enumerate all matching objects */
cert_search_class = CKO_CERTIFICATE;
rv = CRYPTOKI_call(ctx, C_FindObjectsInit(spriv->session, cert_search_attrs, 1));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_FIND_CERTS, rv);
do {
res = pkcs11_next_cert(ctx, token, spriv->session);
@@ -121,7 +121,7 @@ static int pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
/* Get the next matching object */
rv = CRYPTOKI_call(ctx, C_FindObjects(session, &obj, 1, &count));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_NEXT_CERT, rv);
if (count == 0)
return 1;
@@ -257,7 +257,7 @@ int pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label,
/* Zap all memory allocated when building the template */
pkcs11_zap_attrs(attrs, n);
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_CERTIFICATE, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_STORE_CERTIFICATE, rv);
/* Gobble the key object */
return pkcs11_init_cert(ctx, token, spriv->session, object, ret_cert);
diff --git a/src/p11_err.c b/src/p11_ckr.c
similarity index 70%
copy from src/p11_err.c
copy to src/p11_ckr.c
index 6491a8a..2af546a 100644
--- a/src/p11_err.c
+++ b/src/p11_ckr.c
@@ -16,48 +16,52 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#include "libp11.h"
#include "libp11-int.h"
/* BEGIN ERROR CODES */
#ifndef NO_ERR
-static ERR_STRING_DATA PKCS11_str_library[] = {
- {ERR_PACK(ERR_LIB_PKCS11, 0, 0), "PKCS11 library"},
+static ERR_STRING_DATA CKR_str_library[] = {
+ {ERR_PACK(ERR_LIB_CKR, 0, 0), "PKCS11 module"},
{0, NULL}
};
-static ERR_STRING_DATA PKCS11_str_functs[] = {
- {ERR_PACK(0, PKCS11_F_PKCS11_CTX_LOAD, 0), "PKCS11_CTX_load"},
- {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_SLOTS, 0), "PKCS11_enum_slots"},
- {ERR_PACK(0, PKCS11_F_PKCS11_CHECK_TOKEN, 0), "PKCS11_check_token"},
- {ERR_PACK(0, PKCS11_F_PKCS11_OPEN_SESSION, 0), "PKCS11_open_session"},
- {ERR_PACK(0, PKCS11_F_PKCS11_LOGIN, 0), "PKCS11_login"},
- {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_KEYS, 0), "PKCS11_enum_keys"},
- {ERR_PACK(0, PKCS11_F_PKCS11_GET_KEY, 0), "PKCS11_get_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_DECRYPT, 0), "PKCS11_rsa_decrypt"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_ENCRYPT, 0), "PKCS11_rsa_encrypt"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_SIGN, 0), "PKCS11_rsa_sign"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_VERIFY, 0), "PKCS11_rsa_verify"},
- {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_CERTS, 0), "PKCS11_enum_certs"},
- {ERR_PACK(0, PKCS11_F_PKCS11_INIT_TOKEN, 0), "PKCS11_init_token"},
- {ERR_PACK(0, PKCS11_F_PKCS11_INIT_PIN, 0), "PKCS11_init_pin"},
- {ERR_PACK(0, PKCS11_F_PKCS11_GETATTR, 0), "pkcs11_getattr"},
- {ERR_PACK(0, PKCS11_F_PKCS11_LOGOUT, 0), "PKCS11_logout"},
- {ERR_PACK(0, PKCS11_F_PKCS11_STORE_PRIVATE_KEY, 0), "PKCS11_store_private_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_GENERATE_KEY, 0), "PKCS11_generate_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_STORE_PUBLIC_KEY, 0), "PKCS11_store_public_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_STORE_CERTIFICATE, 0), "PKCS11_store_certificate"},
- {ERR_PACK(0, PKCS11_F_PKCS11_CHANGE_PIN, 0), "PKCS11_change_pin"},
- {ERR_PACK(0, PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, 0), "PKCS11_ecdh_derive"},
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CKR_str_functs[] = {
+ {ERR_FUNC(CKR_F_PKCS11_CHANGE_PIN), "pkcs11_change_pin"},
+ {ERR_FUNC(CKR_F_PKCS11_CHECK_TOKEN), "pkcs11_check_token"},
+ {ERR_FUNC(CKR_F_PKCS11_CTX_LOAD), "pkcs11_CTX_load"},
+ {ERR_FUNC(CKR_F_PKCS11_ECDH_DERIVE), "pkcs11_ecdh_derive"},
+ {ERR_FUNC(CKR_F_PKCS11_ECDSA_SIGN), "pkcs11_ecdsa_sign"},
+ {ERR_FUNC(CKR_F_PKCS11_ENUMERATE_SLOTS), "pkcs11_enumerate_slots"},
+ {ERR_FUNC(CKR_F_PKCS11_FIND_CERTS), "pkcs11_find_certs"},
+ {ERR_FUNC(CKR_F_PKCS11_FIND_KEYS), "pkcs11_find_keys"},
+ {ERR_FUNC(CKR_F_PKCS11_GENERATE_RANDOM), "pkcs11_generate_random"},
+ {ERR_FUNC(CKR_F_PKCS11_GETATTR_ALLOC), "pkcs11_getattr_alloc"},
+ {ERR_FUNC(CKR_F_PKCS11_GETATTR_BN), "pkcs11_getattr_bn"},
+ {ERR_FUNC(CKR_F_PKCS11_GETATTR_INT), "pkcs11_getattr_int"},
+ {ERR_FUNC(CKR_F_PKCS11_INIT_PIN), "pkcs11_init_pin"},
+ {ERR_FUNC(CKR_F_PKCS11_INIT_SLOT), "pkcs11_init_slot"},
+ {ERR_FUNC(CKR_F_PKCS11_INIT_TOKEN), "pkcs11_init_token"},
+ {ERR_FUNC(CKR_F_PKCS11_IS_LOGGED_IN), "pkcs11_is_logged_in"},
+ {ERR_FUNC(CKR_F_PKCS11_LOGIN), "pkcs11_login"},
+ {ERR_FUNC(CKR_F_PKCS11_LOGOUT), "pkcs11_logout"},
+ {ERR_FUNC(CKR_F_PKCS11_NEXT_CERT), "pkcs11_next_cert"},
+ {ERR_FUNC(CKR_F_PKCS11_NEXT_KEY), "pkcs11_next_key"},
+ {ERR_FUNC(CKR_F_PKCS11_OPEN_SESSION), "pkcs11_open_session"},
+ {ERR_FUNC(CKR_F_PKCS11_PRIVATE_DECRYPT), "pkcs11_private_decrypt"},
+ {ERR_FUNC(CKR_F_PKCS11_PRIVATE_ENCRYPT), "pkcs11_private_encrypt"},
+ {ERR_FUNC(CKR_F_PKCS11_RELOAD_KEY), "pkcs11_reload_key"},
+ {ERR_FUNC(CKR_F_PKCS11_REOPEN_SESSION), "pkcs11_reopen_session"},
+ {ERR_FUNC(CKR_F_PKCS11_SEED_RANDOM), "pkcs11_seed_random"},
+ {ERR_FUNC(CKR_F_PKCS11_STORE_CERTIFICATE), "pkcs11_store_certificate"},
+ {ERR_FUNC(CKR_F_PKCS11_STORE_KEY), "pkcs11_store_key"},
{0, NULL}
};
-static ERR_STRING_DATA PKCS11_str_reasons[] = {
- {PKCS11_LOAD_MODULE_ERROR, "Unable to load PKCS#11 module"},
- {PKCS11_MODULE_LOADED_ERROR, "Already loaded module for PKCS#11 context"},
- {PKCS11_SYMBOL_NOT_FOUND_ERROR, "Symbol not found in PKCS#11 module"},
- {PKCS11_NOT_SUPPORTED, "Not supported"},
- {PKCS11_NO_SESSION, "No session open"},
- {PKCS11_UI_FAILED, "UI request failed"},
+static ERR_STRING_DATA CKR_str_reasons[] = {
{CKR_CANCEL, "Cancel"},
{CKR_HOST_MEMORY, "Host memory error"},
{CKR_SLOT_ID_INVALID, "Invalid slot ID"},
@@ -146,16 +150,16 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
};
#endif
-void ERR_load_PKCS11_strings(void)
+void ERR_load_CKR_strings(void)
{
static int init = 1;
if (init) {
init = 0;
#ifndef NO_ERR
- ERR_load_strings(0, PKCS11_str_library);
- ERR_load_strings(ERR_LIB_PKCS11, PKCS11_str_functs);
- ERR_load_strings(ERR_LIB_PKCS11, PKCS11_str_reasons);
+ ERR_load_strings(0, CKR_str_library);
+ ERR_load_strings(ERR_LIB_CKR, CKR_str_functs);
+ ERR_load_strings(ERR_LIB_CKR, CKR_str_reasons);
#endif
}
}
diff --git a/src/p11_ec.c b/src/p11_ec.c
index bbd10c2..8647fd8 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -333,7 +333,7 @@ static int pkcs11_ecdsa_sign(const unsigned char *msg, unsigned int msg_len,
CRYPTO_THREAD_unlock(PRIVCTX(ctx)->rwlock);
if (rv) {
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, CKR_to_PKCS11(rv));
+ CKRerr(CKR_F_PKCS11_ECDSA_SIGN, rv);
return -1;
}
*siglen = ck_sigsize;
@@ -509,18 +509,17 @@ static int pkcs11_ecdh_derive(unsigned char **out, size_t *outlen,
break;
#endif
default:
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, PKCS11_NOT_SUPPORTED);
+ P11err(P11_F_PKCS11_ECDH_DERIVE, P11_R_NOT_SUPPORTED);
return -1;
}
rv = CRYPTOKI_call(ctx, C_DeriveKey(spriv->session, &mechanism, kpriv->object, newkey_template, 5, &newkey));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_ECDH_DERIVE, rv);
/* Return the value of the secret key and/or the object handle of the secret key */
if (out && outlen) { /* pkcs11_ec_ckey only asks for the value */
if (pkcs11_getattr_alloc(token, newkey, CKA_VALUE, out, outlen)) {
- PKCS11err(PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY,
- CKR_to_PKCS11(CKR_ATTRIBUTE_VALUE_INVALID));
+ CKRerr(CKR_F_PKCS11_ECDH_DERIVE, CKR_ATTRIBUTE_VALUE_INVALID);
CRYPTOKI_call(ctx, C_DestroyObject(spriv->session, newkey));
return -1;
}
diff --git a/src/p11_err.c b/src/p11_err.c
index 6491a8a..2c563c1 100644
--- a/src/p11_err.c
+++ b/src/p11_err.c
@@ -1,163 +1,97 @@
-/* libp11, a simple layer on to of PKCS#11 API
- * Copyright (C) 2005 Olaf Kirch <okir at lst.de>
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "libp11-int.h"
+#include <stdio.h>
+#include <openssl/err.h>
+#include "p11_err.h"
/* BEGIN ERROR CODES */
-#ifndef NO_ERR
-static ERR_STRING_DATA PKCS11_str_library[] = {
- {ERR_PACK(ERR_LIB_PKCS11, 0, 0), "PKCS11 library"},
- {0, NULL}
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA P11_str_functs[] = {
+ {ERR_FUNC(P11_F_PKCS11_CHANGE_PIN), "pkcs11_change_pin"},
+ {ERR_FUNC(P11_F_PKCS11_CTX_LOAD), "pkcs11_CTX_load"},
+ {ERR_FUNC(P11_F_PKCS11_CTX_RELOAD), "pkcs11_CTX_reload"},
+ {ERR_FUNC(P11_F_PKCS11_ECDH_DERIVE), "pkcs11_ecdh_derive"},
+ {ERR_FUNC(P11_F_PKCS11_GENERATE_KEY), "pkcs11_generate_key"},
+ {ERR_FUNC(P11_F_PKCS11_GENERATE_RANDOM), "pkcs11_generate_random"},
+ {ERR_FUNC(P11_F_PKCS11_INIT_PIN), "pkcs11_init_pin"},
+ {ERR_FUNC(P11_F_PKCS11_LOGOUT), "pkcs11_logout"},
+ {ERR_FUNC(P11_F_PKCS11_SEED_RANDOM), "pkcs11_seed_random"},
+ {ERR_FUNC(P11_F_PKCS11_STORE_KEY), "pkcs11_store_key"},
+ {ERR_FUNC(P11_F_PKCS11_VERIFY), "PKCS11_verify"},
+ {0, NULL}
};
-static ERR_STRING_DATA PKCS11_str_functs[] = {
- {ERR_PACK(0, PKCS11_F_PKCS11_CTX_LOAD, 0), "PKCS11_CTX_load"},
- {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_SLOTS, 0), "PKCS11_enum_slots"},
- {ERR_PACK(0, PKCS11_F_PKCS11_CHECK_TOKEN, 0), "PKCS11_check_token"},
- {ERR_PACK(0, PKCS11_F_PKCS11_OPEN_SESSION, 0), "PKCS11_open_session"},
- {ERR_PACK(0, PKCS11_F_PKCS11_LOGIN, 0), "PKCS11_login"},
- {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_KEYS, 0), "PKCS11_enum_keys"},
- {ERR_PACK(0, PKCS11_F_PKCS11_GET_KEY, 0), "PKCS11_get_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_DECRYPT, 0), "PKCS11_rsa_decrypt"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_ENCRYPT, 0), "PKCS11_rsa_encrypt"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_SIGN, 0), "PKCS11_rsa_sign"},
- {ERR_PACK(0, PKCS11_F_PKCS11_RSA_VERIFY, 0), "PKCS11_rsa_verify"},
- {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_CERTS, 0), "PKCS11_enum_certs"},
- {ERR_PACK(0, PKCS11_F_PKCS11_INIT_TOKEN, 0), "PKCS11_init_token"},
- {ERR_PACK(0, PKCS11_F_PKCS11_INIT_PIN, 0), "PKCS11_init_pin"},
- {ERR_PACK(0, PKCS11_F_PKCS11_GETATTR, 0), "pkcs11_getattr"},
- {ERR_PACK(0, PKCS11_F_PKCS11_LOGOUT, 0), "PKCS11_logout"},
- {ERR_PACK(0, PKCS11_F_PKCS11_STORE_PRIVATE_KEY, 0), "PKCS11_store_private_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_GENERATE_KEY, 0), "PKCS11_generate_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_STORE_PUBLIC_KEY, 0), "PKCS11_store_public_key"},
- {ERR_PACK(0, PKCS11_F_PKCS11_STORE_CERTIFICATE, 0), "PKCS11_store_certificate"},
- {ERR_PACK(0, PKCS11_F_PKCS11_CHANGE_PIN, 0), "PKCS11_change_pin"},
- {ERR_PACK(0, PKCS11_F_PKCS11_EC_KEY_COMPUTE_KEY, 0), "PKCS11_ecdh_derive"},
- {0, NULL}
+static ERR_STRING_DATA P11_str_reasons[] = {
+ {ERR_REASON(P11_R_KEYGEN_FAILED), "Key generation failed"},
+ {ERR_REASON(P11_R_LOAD_MODULE_ERROR), "Unable to load PKCS#11 module"},
+ {ERR_REASON(P11_R_NOT_SUPPORTED), "Not supported"},
+ {ERR_REASON(P11_R_NO_SESSION), "No session open"},
+ {ERR_REASON(P11_R_UI_FAILED), "UI request failed"},
+ {0, NULL}
};
-static ERR_STRING_DATA PKCS11_str_reasons[] = {
- {PKCS11_LOAD_MODULE_ERROR, "Unable to load PKCS#11 module"},
- {PKCS11_MODULE_LOADED_ERROR, "Already loaded module for PKCS#11 context"},
- {PKCS11_SYMBOL_NOT_FOUND_ERROR, "Symbol not found in PKCS#11 module"},
- {PKCS11_NOT_SUPPORTED, "Not supported"},
- {PKCS11_NO_SESSION, "No session open"},
- {PKCS11_UI_FAILED, "UI request failed"},
- {CKR_CANCEL, "Cancel"},
- {CKR_HOST_MEMORY, "Host memory error"},
- {CKR_SLOT_ID_INVALID, "Invalid slot ID"},
- {CKR_GENERAL_ERROR, "General Error"},
- {CKR_FUNCTION_FAILED, "Function failed"},
- {CKR_ARGUMENTS_BAD, "Invalid arguments"},
- {CKR_NO_EVENT, "No event"},
- {CKR_NEED_TO_CREATE_THREADS, "Need to create threads"},
- {CKR_CANT_LOCK, "Cannott lock"},
- {CKR_ATTRIBUTE_READ_ONLY, "Attribute read only"},
- {CKR_ATTRIBUTE_SENSITIVE, "Attribute sensitive"},
- {CKR_ATTRIBUTE_TYPE_INVALID, "Attribute type invalid"},
- {CKR_ATTRIBUTE_VALUE_INVALID, "Attribute value invalid"},
- {CKR_DATA_INVALID, "Data invalid"},
- {CKR_DATA_LEN_RANGE, "Data len range"},
- {CKR_DEVICE_ERROR, "Device error"},
- {CKR_DEVICE_MEMORY, "Device memory"},
- {CKR_DEVICE_REMOVED, "Device removed"},
- {CKR_ENCRYPTED_DATA_INVALID, "Encrypted data invalid"},
- {CKR_ENCRYPTED_DATA_LEN_RANGE, "Encrypted data len range"},
- {CKR_FUNCTION_CANCELED, "Function canceled"},
- {CKR_FUNCTION_NOT_PARALLEL, "Function not parallel"},
- {CKR_FUNCTION_NOT_SUPPORTED, "Function not supported"},
- {CKR_KEY_HANDLE_INVALID, "Key handle invalid"},
- {CKR_KEY_SIZE_RANGE, "Key size range"},
- {CKR_KEY_TYPE_INCONSISTENT, "Key type inconsistent"},
- {CKR_KEY_NOT_NEEDED, "Key not needed"},
- {CKR_KEY_CHANGED, "Key changed"},
- {CKR_KEY_NEEDED, "Key needed"},
- {CKR_KEY_INDIGESTIBLE, "Key indigestible"},
- {CKR_KEY_FUNCTION_NOT_PERMITTED, "Key function not permitted"},
- {CKR_KEY_NOT_WRAPPABLE, "Key not wrappable"},
- {CKR_KEY_UNEXTRACTABLE, "Key unextractable"},
- {CKR_MECHANISM_INVALID, "Mechanism invalid"},
- {CKR_MECHANISM_PARAM_INVALID, "Mechanism param invalid"},
- {CKR_OBJECT_HANDLE_INVALID, "Object handle invalid"},
- {CKR_OPERATION_ACTIVE, "Operation active"},
- {CKR_OPERATION_NOT_INITIALIZED, "Operation not initialized"},
- {CKR_PIN_INCORRECT, "PIN incorrect"},
- {CKR_PIN_INVALID, "PIN invalid"},
- {CKR_PIN_LEN_RANGE, "Invalid PIN length"},
- {CKR_PIN_EXPIRED, "PIN expired"},
- {CKR_PIN_LOCKED, "PIN locked"},
- {CKR_SESSION_CLOSED, "Session closed"},
- {CKR_SESSION_COUNT, "Session count"},
- {CKR_SESSION_HANDLE_INVALID, "Session handle invalid"},
- {CKR_SESSION_PARALLEL_NOT_SUPPORTED, "Session parallel not supported"},
- {CKR_SESSION_READ_ONLY, "Session read only"},
- {CKR_SESSION_EXISTS, "Session exists"},
- {CKR_SESSION_READ_ONLY_EXISTS, "Read-only session exists"},
- {CKR_SESSION_READ_WRITE_SO_EXISTS, "Read/write SO session exists"},
- {CKR_SIGNATURE_INVALID, "Signature invalid"},
- {CKR_SIGNATURE_LEN_RANGE, "Signature len range"},
- {CKR_TEMPLATE_INCOMPLETE, "Incomplete template"},
- {CKR_TEMPLATE_INCONSISTENT, "Inconsistent template"},
- {CKR_TOKEN_NOT_PRESENT, "No PKCS#11 token present"},
- {CKR_TOKEN_NOT_RECOGNIZED, "PKCS#11 token not recognized"},
- {CKR_TOKEN_WRITE_PROTECTED, "Token write protected"},
- {CKR_UNWRAPPING_KEY_HANDLE_INVALID, "Unwrapping key handle invalid"},
- {CKR_UNWRAPPING_KEY_SIZE_RANGE, "Unwrapping key size range"},
- {CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "Unwrapping key type inconsistent"},
- {CKR_USER_ALREADY_LOGGED_IN, "User already logged in"},
- {CKR_USER_NOT_LOGGED_IN, "User not logged in"},
- {CKR_USER_PIN_NOT_INITIALIZED, "User pin not initialized"},
- {CKR_USER_TYPE_INVALID, "User type invalid"},
- {CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "User another is already logged in"},
- {CKR_USER_TOO_MANY_TYPES, "User too many types"},
- {CKR_WRAPPED_KEY_INVALID, "Wrapped key invalid"},
- {CKR_WRAPPED_KEY_LEN_RANGE, "Wrapped key len range"},
- {CKR_WRAPPING_KEY_HANDLE_INVALID, "Wrapping key handle invalid"},
- {CKR_WRAPPING_KEY_SIZE_RANGE, "Wrapping key size range"},
- {CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "Wrapping key type inconsistent"},
- {CKR_RANDOM_SEED_NOT_SUPPORTED, "Random seed not supported"},
- {CKR_RANDOM_NO_RNG, "Random no rng"},
- {CKR_DOMAIN_PARAMS_INVALID, "Domain params invalid"},
- {CKR_BUFFER_TOO_SMALL, "Buffer too small"},
- {CKR_SAVED_STATE_INVALID, "Saved state invalid"},
- {CKR_INFORMATION_SENSITIVE, "Information sensitive"},
- {CKR_STATE_UNSAVEABLE, "State unsaveable"},
- {CKR_CRYPTOKI_NOT_INITIALIZED, "Cryptoki not initialized"},
- {CKR_CRYPTOKI_ALREADY_INITIALIZED, "Cryptoki already initialized"},
- {CKR_MUTEX_BAD, "Mutex bad"},
- {CKR_MUTEX_NOT_LOCKED, "Mutex not locked"},
- {CKR_VENDOR_DEFINED, "Vendor defined"},
- {0, NULL}
+#endif
+
+#ifdef P11_LIB_NAME
+static ERR_STRING_DATA P11_lib_name[] = {
+ {0, P11_LIB_NAME},
+ {0, NULL}
};
#endif
-void ERR_load_PKCS11_strings(void)
+static int P11_lib_error_code = 0;
+static int P11_error_init = 1;
+
+int ERR_load_P11_strings(void)
{
- static int init = 1;
+ if (P11_lib_error_code == 0)
+ P11_lib_error_code = ERR_get_next_error_library();
+
+ if (P11_error_init) {
+ P11_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(P11_lib_error_code, P11_str_functs);
+ ERR_load_strings(P11_lib_error_code, P11_str_reasons);
+#endif
- if (init) {
- init = 0;
-#ifndef NO_ERR
- ERR_load_strings(0, PKCS11_str_library);
- ERR_load_strings(ERR_LIB_PKCS11, PKCS11_str_functs);
- ERR_load_strings(ERR_LIB_PKCS11, PKCS11_str_reasons);
+#ifdef P11_LIB_NAME
+ P11_lib_name->error = ERR_PACK(P11_lib_error_code, 0, 0);
+ ERR_load_strings(0, P11_lib_name);
#endif
- }
+ }
+ return 1;
}
-/* vim: set noexpandtab: */
+void ERR_unload_P11_strings(void)
+{
+ if (P11_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(P11_lib_error_code, P11_str_functs);
+ ERR_unload_strings(P11_lib_error_code, P11_str_reasons);
+#endif
+
+#ifdef P11_LIB_NAME
+ ERR_unload_strings(0, P11_lib_name);
+#endif
+ P11_error_init = 1;
+ }
+}
+
+void ERR_P11_error(int function, int reason, char *file, int line)
+{
+ if (P11_lib_error_code == 0)
+ P11_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(P11_lib_error_code, function, reason, file, line);
+}
diff --git a/src/p11_err.h b/src/p11_err.h
new file mode 100644
index 0000000..d5ca897
--- /dev/null
+++ b/src/p11_err.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_P11_ERR_H
+# define HEADER_P11_ERR_H
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_P11_strings(void);
+void ERR_unload_P11_strings(void);
+void ERR_P11_error(int function, int reason, char *file, int line);
+# define P11err(f,r) ERR_P11_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the P11 functions. */
+
+/* Function codes. */
+# define P11_F_PKCS11_CHANGE_PIN 100
+# define P11_F_PKCS11_CTX_LOAD 101
+# define P11_F_PKCS11_CTX_RELOAD 102
+# define P11_F_PKCS11_ECDH_DERIVE 103
+# define P11_F_PKCS11_GENERATE_KEY 104
+# define P11_F_PKCS11_GENERATE_RANDOM 105
+# define P11_F_PKCS11_INIT_PIN 106
+# define P11_F_PKCS11_LOGOUT 107
+# define P11_F_PKCS11_SEED_RANDOM 108
+# define P11_F_PKCS11_STORE_KEY 109
+# define P11_F_PKCS11_VERIFY 110
+
+/* Reason codes. */
+# define P11_R_LOAD_MODULE_ERROR 1025
+# define P11_R_NOT_SUPPORTED 1028
+# define P11_R_NO_SESSION 1029
+# define P11_R_KEYGEN_FAILED 1030
+# define P11_R_UI_FAILED 1031
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/src/p11_front.c b/src/p11_front.c
index 0294c87..ff3b459 100644
--- a/src/p11_front.c
+++ b/src/p11_front.c
@@ -19,7 +19,6 @@
#include "libp11-int.h"
/* The following exported functions are *not* implemented here:
- * ERR_load_PKCS11_strings
* PKCS11_get_rsa_method
* PKCS11_get_ecdsa_method
* PKCS11_ecdsa_method_free
@@ -379,6 +378,12 @@ int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_l
return pkcs11_generate_random(slot, r, r_len);
}
+void ERR_load_PKCS11_strings(void)
+{
+ ERR_load_P11_strings();
+ ERR_load_CKR_strings();
+}
+
int PKCS11_set_ui_method(PKCS11_CTX *ctx, UI_METHOD *ui_method, void *ui_user_data)
{
if (check_fork(ctx) < 0)
@@ -453,7 +458,7 @@ int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
(void)key;
/* PKCS11 calls go here */
- PKCS11err(PKCS11_F_PKCS11_RSA_VERIFY, PKCS11_NOT_SUPPORTED);
+ P11err(P11_F_PKCS11_VERIFY, P11_R_NOT_SUPPORTED);
return -1;
}
diff --git a/src/p11_key.c b/src/p11_key.c
index 17eee79..f20435c 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -115,11 +115,11 @@ int pkcs11_reload_key(PKCS11_KEY *key)
rv = CRYPTOKI_call(ctx,
C_FindObjectsInit(spriv->session, key_search_attrs, 2));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_KEYS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_RELOAD_KEY, rv);
rv = CRYPTOKI_call(ctx,
C_FindObjects(spriv->session, &kpriv->object, 1, &count));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_KEYS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_RELOAD_KEY, rv);
CRYPTOKI_call(ctx, C_FindObjectsFinal(spriv->session));
@@ -145,7 +145,7 @@ int pkcs11_generate_key(PKCS11_TOKEN *token, int algorithm, unsigned int bits,
int rc;
if (algorithm != EVP_PKEY_RSA) {
- PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED);
+ P11err(P11_F_PKCS11_GENERATE_KEY, P11_R_NOT_SUPPORTED);
return -1;
}
@@ -170,7 +170,7 @@ int pkcs11_generate_key(PKCS11_TOKEN *token, int algorithm, unsigned int bits,
#endif
BIO_free(err);
if (rsa == NULL) {
- PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED);
+ P11err(P11_F_PKCS11_GENERATE_KEY, P11_R_KEYGEN_FAILED);
return -1;
}
@@ -274,10 +274,7 @@ static int pkcs11_store_key(PKCS11_TOKEN *token, EVP_PKEY *pk,
}
} else {
pkcs11_zap_attrs(attrs, n);
- PKCS11err(type == CKO_PRIVATE_KEY ?
- PKCS11_F_PKCS11_STORE_PRIVATE_KEY :
- PKCS11_F_PKCS11_STORE_PUBLIC_KEY,
- PKCS11_NOT_SUPPORTED);
+ P11err(P11_F_PKCS11_STORE_KEY, P11_R_NOT_SUPPORTED);
return -1;
}
@@ -287,7 +284,7 @@ static int pkcs11_store_key(PKCS11_TOKEN *token, EVP_PKEY *pk,
/* Zap all memory allocated when building the template */
pkcs11_zap_attrs(attrs, n);
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_STORE_KEY, rv);
/* Gobble the key object */
return pkcs11_init_key(ctx, token, spriv->session, object, type, ret_key);
@@ -358,25 +355,25 @@ int pkcs11_authenticate(PKCS11_KEY *key)
/* Call UI to ask for a PIN */
ui = UI_new_method(cpriv->ui_method);
if (ui == NULL)
- return PKCS11_UI_FAILED;
+ return P11_R_UI_FAILED;
if (cpriv->ui_user_data != NULL)
UI_add_user_data(ui, cpriv->ui_user_data);
memset(pin, 0, MAX_PIN_LENGTH+1);
prompt = UI_construct_prompt(ui, "PKCS#11 key PIN", key->label);
if (!prompt) {
- return PKCS11_UI_FAILED;
+ return P11_R_UI_FAILED;
}
if (!UI_dup_input_string(ui, prompt,
UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) {
UI_free(ui);
OPENSSL_free(prompt);
- return PKCS11_UI_FAILED;
+ return P11_R_UI_FAILED;
}
OPENSSL_free(prompt);
if (UI_process(ui)) {
UI_free(ui);
- return PKCS11_UI_FAILED;
+ return P11_R_UI_FAILED;
}
UI_free(ui);
@@ -451,7 +448,7 @@ static int pkcs11_find_keys(PKCS11_TOKEN *token, unsigned int type)
key_search_class = type;
rv = CRYPTOKI_call(ctx,
C_FindObjectsInit(spriv->session, key_search_attrs, 1));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_KEYS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_FIND_KEYS, rv);
do {
res = pkcs11_next_key(ctx, token, spriv->session, type);
@@ -471,7 +468,7 @@ static int pkcs11_next_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
/* Get the next matching object */
rv = CRYPTOKI_call(ctx, C_FindObjects(session, &obj, 1, &count));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_KEYS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_NEXT_KEY, rv);
if (count == 0)
return 1;
diff --git a/src/p11_load.c b/src/p11_load.c
index b0e5336..a95f94b 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -74,7 +74,7 @@ int pkcs11_CTX_load(PKCS11_CTX *ctx, const char *name)
cpriv->handle = C_LoadModule(name, &cpriv->method);
if (cpriv->handle == NULL) {
- PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR);
+ P11err(P11_F_PKCS11_CTX_LOAD, P11_R_LOAD_MODULE_ERROR);
return -1;
}
@@ -85,13 +85,13 @@ int pkcs11_CTX_load(PKCS11_CTX *ctx, const char *name)
args.pReserved = cpriv->init_args;
rv = cpriv->method->C_Initialize(&args);
if (rv && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
- PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv);
+ P11err(P11_F_PKCS11_CTX_LOAD, rv);
return -1;
}
/* Get info on the library */
rv = cpriv->method->C_GetInfo(&ck_info);
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_CTX_LOAD, rv);
ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID);
ctx->description = PKCS11_DUP(ck_info.libraryDescription);
@@ -120,7 +120,7 @@ int pkcs11_CTX_reload(PKCS11_CTX *ctx)
}
rv = cpriv->method->C_Initialize(args);
if (rv && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
- PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv);
+ P11err(P11_F_PKCS11_CTX_RELOAD, rv);
return -1;
}
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index 69e8758..efa40d4 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -117,7 +117,7 @@ int pkcs11_private_encrypt(int flen,
CRYPTO_THREAD_unlock(PRIVCTX(ctx)->rwlock);
if (rv) {
- PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, CKR_to_PKCS11(rv));
+ CKRerr(CKR_F_PKCS11_PRIVATE_ENCRYPT, rv);
return -1;
}
@@ -151,7 +151,7 @@ int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *t
CRYPTO_THREAD_unlock(PRIVCTX(ctx)->rwlock);
if (rv) {
- PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, CKR_to_PKCS11(rv));
+ CKRerr(CKR_F_PKCS11_PRIVATE_DECRYPT, rv);
return -1;
}
@@ -170,7 +170,7 @@ int pkcs11_verify(int type, const unsigned char *m, unsigned int m_len,
(void)key;
/* PKCS11 calls go here */
- PKCS11err(PKCS11_F_PKCS11_RSA_VERIFY, PKCS11_NOT_SUPPORTED);
+ P11err(P11_F_PKCS11_VERIFY, P11_R_NOT_SUPPORTED);
return -1;
}
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 3953064..cba1583 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -46,14 +46,14 @@ int pkcs11_enumerate_slots(PKCS11_CTX *ctx, PKCS11_SLOT **slotp, unsigned int *c
int rv;
rv = cpriv->method->C_GetSlotList(FALSE, NULL_PTR, &nslots);
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_ENUMERATE_SLOTS, rv);
slotid = OPENSSL_malloc(nslots * sizeof(CK_SLOT_ID));
if (slotid == NULL)
return -1;
rv = cpriv->method->C_GetSlotList(FALSE, slotid, &nslots);
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_ENUMERATE_SLOTS, rv);
slots = OPENSSL_malloc(nslots * sizeof(PKCS11_SLOT));
if (slots == NULL)
@@ -125,7 +125,7 @@ int pkcs11_open_session(PKCS11_SLOT *slot, int rw, int relogin)
C_OpenSession(spriv->id,
CKF_SERIAL_SESSION | (rw ? CKF_RW_SESSION : 0),
NULL, NULL, &spriv->session));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_OPEN_SESSION, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_OPEN_SESSION, rv);
spriv->haveSession = 1;
spriv->prev_rw = rw;
@@ -142,7 +142,7 @@ int pkcs11_reopen_session(PKCS11_SLOT *slot)
C_OpenSession(spriv->id,
CKF_SERIAL_SESSION | (spriv->prev_rw ? CKF_RW_SESSION : 0),
NULL, NULL, &spriv->session));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_OPEN_SESSION, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_REOPEN_SESSION, rv);
spriv->haveSession = 1;
return 0;
@@ -170,7 +170,7 @@ int pkcs11_is_logged_in(PKCS11_SLOT *slot, int so, int *res)
}
rv = CRYPTOKI_call(ctx, C_GetSessionInfo(spriv->session, &session_info));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_GETSESSIONINFO, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_IS_LOGGED_IN, rv);
if (so) {
*res = session_info.state == CKS_RW_SO_FUNCTIONS;
} else {
@@ -203,7 +203,7 @@ int pkcs11_login(PKCS11_SLOT *slot, int so, const char *pin, int relogin)
C_Login(spriv->session, so ? CKU_SO : CKU_USER,
(CK_UTF8CHAR *) pin, pin ? (unsigned long) strlen(pin) : 0));
if (rv && rv != CKR_USER_ALREADY_LOGGED_IN) /* logged in -> OK */
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGIN, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_LOGIN, rv);
spriv->loggedIn = 1;
if (spriv->prev_pin != pin) {
@@ -244,12 +244,12 @@ int pkcs11_logout(PKCS11_SLOT *slot)
pkcs11_destroy_certs(slot->token);
}
if (!spriv->haveSession) {
- PKCS11err(PKCS11_F_PKCS11_LOGOUT, PKCS11_NO_SESSION);
+ P11err(P11_F_PKCS11_LOGOUT, P11_R_NO_SESSION);
return -1;
}
rv = CRYPTOKI_call(ctx, C_Logout(spriv->session));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGOUT, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_LOGOUT, rv);
spriv->loggedIn = 0;
return 0;
}
@@ -270,7 +270,7 @@ int pkcs11_init_token(PKCS11_TOKEN *token, const char *pin, const char *label)
C_InitToken(spriv->id,
(CK_UTF8CHAR *) pin, (unsigned long) strlen(pin),
(CK_UTF8CHAR *) label));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_INIT_TOKEN, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_INIT_TOKEN, rv);
/* FIXME: how to update the token?
* PKCS11_CTX_private *cpriv;
@@ -296,13 +296,13 @@ int pkcs11_init_pin(PKCS11_TOKEN *token, const char *pin)
int len, rv;
if (!spriv->haveSession) {
- PKCS11err(PKCS11_F_PKCS11_INIT_PIN, PKCS11_NO_SESSION);
+ P11err(P11_F_PKCS11_INIT_PIN, P11_R_NO_SESSION);
return -1;
}
len = pin ? (int) strlen(pin) : 0;
rv = CRYPTOKI_call(ctx, C_InitPIN(spriv->session, (CK_UTF8CHAR *) pin, len));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_INIT_PIN, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_INIT_PIN, rv);
return pkcs11_check_token(ctx, TOKEN2SLOT(token));
}
@@ -318,7 +318,7 @@ int pkcs11_change_pin(PKCS11_SLOT *slot, const char *old_pin,
int old_len, new_len, rv;
if (!spriv->haveSession) {
- PKCS11err(PKCS11_F_PKCS11_CHANGE_PIN, PKCS11_NO_SESSION);
+ P11err(P11_F_PKCS11_CHANGE_PIN, P11_R_NO_SESSION);
return -1;
}
@@ -327,7 +327,7 @@ int pkcs11_change_pin(PKCS11_SLOT *slot, const char *old_pin,
rv = CRYPTOKI_call(ctx,
C_SetPIN(spriv->session, (CK_UTF8CHAR *) old_pin, old_len,
(CK_UTF8CHAR *) new_pin, new_len));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_CHANGE_PIN, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_CHANGE_PIN, rv);
return pkcs11_check_token(ctx, slot);
}
@@ -343,13 +343,13 @@ int pkcs11_seed_random(PKCS11_SLOT *slot, const unsigned char *s,
int rv;
if (!spriv->haveSession && PKCS11_open_session(slot, 0)) {
- PKCS11err(PKCS11_F_PKCS11_SEED_RANDOM, PKCS11_NO_SESSION);
+ P11err(P11_F_PKCS11_SEED_RANDOM, P11_R_NO_SESSION);
return -1;
}
rv = CRYPTOKI_call(ctx,
C_SeedRandom(spriv->session, (CK_BYTE_PTR) s, s_len));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_SEED_RANDOM, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_SEED_RANDOM, rv);
return pkcs11_check_token(ctx, slot);
}
@@ -365,13 +365,13 @@ int pkcs11_generate_random(PKCS11_SLOT *slot, unsigned char *r,
int rv;
if (!spriv->haveSession && PKCS11_open_session(slot, 0)) {
- PKCS11err(PKCS11_F_PKCS11_GENERATE_RANDOM, PKCS11_NO_SESSION);
+ P11err(P11_F_PKCS11_GENERATE_RANDOM, P11_R_NO_SESSION);
return -1;
}
rv = CRYPTOKI_call(ctx,
C_GenerateRandom(spriv->session, (CK_BYTE_PTR) r, r_len));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_GENERATE_RANDOM, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_GENERATE_RANDOM, rv);
return pkcs11_check_token(ctx, slot);
}
@@ -386,7 +386,7 @@ static int pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id)
int rv;
rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info));
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_INIT_SLOT, rv);
spriv = OPENSSL_malloc(sizeof(PKCS11_SLOT_private));
if (spriv == NULL)
@@ -464,7 +464,7 @@ static int pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
slot->token = NULL;
return 0;
}
- CRYPTOKI_checkerr(PKCS11_F_PKCS11_CHECK_TOKEN, rv);
+ CRYPTOKI_checkerr(CKR_F_PKCS11_CHECK_TOKEN, rv);
/* We have a token */
tpriv = OPENSSL_malloc(sizeof(PKCS11_TOKEN_private));
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list