diff --git a/src/sslengines/engine_opensc.c b/src/sslengines/engine_opensc.c index 2442258d..2ba9c9c9 100644 --- a/src/sslengines/engine_opensc.c +++ b/src/sslengines/engine_opensc.c @@ -36,14 +36,15 @@ #include "engine_opensc.h" /* static state info one card/reader at a time */ -static int quiet=1; -static int sc_reader_id= 0; +static int quiet = 1; +static int sc_reader_id = 0; static sc_context_t *ctx = NULL; static sc_card_t *card = NULL; static sc_pkcs15_card_t *p15card = NULL; -static char* sc_pin=NULL; +static char *sc_pin = NULL; -int opensc_finish(void) { +int opensc_finish(void) +{ if (p15card) { sc_pkcs15_unbind(p15card); p15card = NULL; @@ -59,11 +60,12 @@ int opensc_finish(void) { return 1; } -int opensc_init(void) { - int r=0; +int opensc_init(void) +{ + int r = 0; - if(!quiet) - fprintf(stderr,"initializing engine"); + if (!quiet) + fprintf(stderr, "initializing engine"); r = sc_establish_context(&ctx, "openssl"); if (r) @@ -76,48 +78,53 @@ int opensc_init(void) { if (r) goto err; return 1; -err: + err: /* need to do engine stuff? */ - fprintf(stderr, "error: %d",r); + fprintf(stderr, "error: %d", r); opensc_finish(); return 0; } -int -opensc_rsa_finish(RSA* rsa) { +int opensc_rsa_finish(RSA * rsa) +{ struct sc_pkcs15_key_id *key_id; + key_id = (struct sc_pkcs15_key_id *) RSA_get_app_data(rsa); free(key_id); - if(sc_pin) {free(sc_pin);} + if (sc_pin) { + free(sc_pin); + } return 1; - } -BIGNUM *sc_bignum_t_to_BIGNUM(sc_pkcs15_bignum_t* bignum, BIGNUM* BN) { - BN_bin2bn( (unsigned char *) bignum->data, bignum->len, BN); +BIGNUM *sc_bignum_t_to_BIGNUM(sc_pkcs15_bignum_t * bignum, BIGNUM * BN) +{ + BN_bin2bn((unsigned char *) bignum->data, bignum->len, BN); return BN; } -void sc_set_pubkey_data(EVP_PKEY* key_out, sc_pkcs15_pubkey_t* pubkey) { - key_out->pkey.rsa->n=sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.modulus),BN_new()); - key_out->pkey.rsa->e=sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.exponent),BN_new()); +void sc_set_pubkey_data(EVP_PKEY * key_out, sc_pkcs15_pubkey_t * pubkey) +{ + key_out->pkey.rsa->n = + sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.modulus), BN_new()); + key_out->pkey.rsa->e = + sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.exponent), BN_new()); } /* private key operations */ -int -sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out) +int sc_prkey_op_init(const RSA * rsa, struct sc_pkcs15_object **key_obj_out) { int r; struct sc_pkcs15_object *key_obj; struct sc_pkcs15_prkey_info *key; - struct sc_pkcs15_id* key_id; + struct sc_pkcs15_id *key_id; struct sc_pkcs15_object *pin_obj; struct sc_pkcs15_pin_info *pin; key_id = (struct sc_pkcs15_id *) RSA_get_app_data(rsa); - if(key_id==NULL) { - fprintf(stderr,"key not loaded yet"); + if (key_id == NULL) { + fprintf(stderr, "key not loaded yet"); return -1; } @@ -125,29 +132,28 @@ sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out) opensc_finish(); r = opensc_init(); if (r) { - fprintf(stderr,"SmartCard init failed: %s", sc_strerror(r)); + fprintf(stderr, "SmartCard init failed: %s", sc_strerror(r)); goto err; } } - r = sc_pkcs15_find_prkey_by_id(p15card, key_id , &key_obj); + r = sc_pkcs15_find_prkey_by_id(p15card, key_id, &key_obj); if (r) { - fprintf(stderr,"Unable to find private key from SmartCard: %s", - sc_strerror(r)); + fprintf(stderr, "Unable to find private key from SmartCard: %s", + sc_strerror(r)); goto err; } key = (struct sc_pkcs15_prkey_info *) key_obj->data; - r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id, - &pin_obj); + r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id, &pin_obj); if (r) { - fprintf(stderr,"Unable to find PIN object from SmartCard: %s", - sc_strerror(r)); + fprintf(stderr, "Unable to find PIN object from SmartCard: %s", + sc_strerror(r)); goto err; } pin = (struct sc_pkcs15_pin_info *) pin_obj->data; r = sc_lock(card); if (r) { - fprintf(stderr,"Unable to lock smartcard: %s", sc_strerror(r)); + fprintf(stderr, "Unable to lock smartcard: %s", sc_strerror(r)); goto err; } if (sc_pin != NULL) { @@ -155,32 +161,32 @@ sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out) strlen(sc_pin)); if (r) { sc_unlock(card); - fprintf(stderr,"PIN code verification failed: %s", - sc_strerror(r)); + fprintf(stderr, "PIN code verification failed: %s", + sc_strerror(r)); goto err; } } else { - fprintf(stderr,"Warning: PIN not verified"); + fprintf(stderr, "Warning: PIN not verified"); } *key_obj_out = key_obj; return 0; -err: + err: return -1; } -EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data) { - +EVP_PKEY *opensc_load_public_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data) +{ int r; - struct sc_pkcs15_id* id; + struct sc_pkcs15_id *id; struct sc_pkcs15_object *obj; sc_pkcs15_pubkey_t *pubkey = NULL; sc_pkcs15_cert_t *cert = NULL; - EVP_PKEY* key_out=NULL; + EVP_PKEY *key_out = NULL; - if(!quiet) - fprintf(stderr,"Loading public key!\n"); - id = (struct sc_pkcs15_id *) malloc(sizeof(struct sc_pkcs15_id)); + if (!quiet) + fprintf(stderr, "Loading public key!\n"); + id = (struct sc_pkcs15_id *) malloc(sizeof(struct sc_pkcs15_id)); id->len = SC_PKCS15_MAX_ID_SIZE; sc_pkcs15_hex_string_to_id(s_key_id, id); @@ -194,10 +200,11 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id, r = sc_pkcs15_find_cert_by_id(p15card, id, &obj); if (r >= 0) { if (!quiet) - printf("Reading certificate with ID '%s'\n", s_key_id); + printf("Reading certificate with ID '%s'\n", + s_key_id); r = sc_pkcs15_read_certificate(p15card, - (sc_pkcs15_cert_info_t *) obj->data, - &cert); + (sc_pkcs15_cert_info_t *) + obj->data, &cert); } if (r >= 0) pubkey = &cert->key; @@ -208,19 +215,22 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id, return NULL; } if (r < 0) { - fprintf(stderr, "Public key enumeration failed: %s\n", sc_strerror(r)); + fprintf(stderr, "Public key enumeration failed: %s\n", + sc_strerror(r)); return NULL; } /* now, set EVP_PKEY data from pubkey object */ - key_out=EVP_PKEY_new(); - if(!key_out) - {fprintf(stderr, "failed to create new EVP_PKEY\n"); return NULL;}; - EVP_PKEY_assign_RSA(key_out,RSA_new_method(e)); + key_out = EVP_PKEY_new(); + if (!key_out) { + fprintf(stderr, "failed to create new EVP_PKEY\n"); + return NULL; + }; + EVP_PKEY_assign_RSA(key_out, RSA_new_method(e)); #if 0 RSA_set_method(keyout->rsa, sc_get_rsa_method()); #endif - key_out->pkey.rsa->flags|=RSA_FLAG_EXT_PKEY||RSA_FLAG_SIGN_VER; + key_out->pkey.rsa->flags |= RSA_FLAG_EXT_PKEY || RSA_FLAG_SIGN_VER; RSA_set_app_data(key_out->pkey.rsa, id); sc_set_pubkey_data(key_out, pubkey); @@ -231,40 +241,49 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id, return key_out; } -char* get_pin(UI_METHOD* ui_method, char* sc_pin, int maxlen) { - UI* ui; - ui=UI_new(); - UI_set_method(ui,ui_method); - if(!UI_add_input_string(ui, "SmartCard Password: ", 0, sc_pin, 1, maxlen)) { - fprintf(stderr, "UI_add_input_string failed"); - UI_free(ui); return NULL; } - if(!UI_process(ui)) { - fprintf(stderr, "UI_process failed"); return NULL;} +char *get_pin(UI_METHOD * ui_method, char *sc_pin, int maxlen) +{ + UI *ui; + + ui = UI_new(); + UI_set_method(ui, ui_method); + if (!UI_add_input_string(ui, "SmartCard Password: ", 0, sc_pin, 1, maxlen)) { + fprintf(stderr, "UI_add_input_string failed"); + UI_free(ui); + return NULL; + } + if (!UI_process(ui)) { + fprintf(stderr, "UI_process failed"); + return NULL; + } UI_free(ui); return sc_pin; - } -EVP_PKEY *opensc_load_private_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data) { - EVP_PKEY* key_out; - if(!quiet) - fprintf(stderr,"Loading private key!"); +EVP_PKEY *opensc_load_private_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data) +{ + EVP_PKEY *key_out; - if(sc_pin) {free(sc_pin); sc_pin=NULL;} - key_out=opensc_load_public_key(e, s_key_id, ui_method, callback_data); - sc_pin=(char *) malloc(12); - get_pin(ui_method,sc_pin,12); /* do this here, when storing sc_pin in RSA */ - if(!key_out) { - fprintf(stderr,"Failed to get private key"); - return NULL; + if (!quiet) + fprintf(stderr, "Loading private key!"); + if (sc_pin) { + free(sc_pin); + sc_pin = NULL; + } + key_out = opensc_load_public_key(e, s_key_id, ui_method, callback_data); + sc_pin = (char *) malloc(12); + get_pin(ui_method, sc_pin, 12); /* do this here, when storing sc_pin in RSA */ + if (!key_out) { + fprintf(stderr, "Failed to get private key"); + return NULL; } return key_out; } int -sc_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - int padding) +sc_private_decrypt(int flen, const u_char * from, u_char * to, RSA * rsa, + int padding) { struct sc_pkcs15_object *key_obj; int r; @@ -277,50 +296,52 @@ sc_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, r = sc_pkcs15_decipher(p15card, key_obj, 0, from, flen, to, flen); sc_unlock(card); if (r < 0) { - fprintf(stderr,"sc_pkcs15_decipher() failed: %s", sc_strerror(r)); + fprintf(stderr, "sc_pkcs15_decipher() failed: %s", sc_strerror(r)); goto err; } return r; -err: + err: return -1; } int -sc_sign(int type, const u_char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) +sc_sign(int type, const u_char * m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA * rsa) { struct sc_pkcs15_object *key_obj; int r; unsigned long flags = 0; - if(!quiet) - fprintf(stderr,"signing with type %d\n", type); + if (!quiet) + fprintf(stderr, "signing with type %d\n", type); r = sc_prkey_op_init(rsa, &key_obj); if (r) return -1; /* FIXME: length of sigret correct? */ /* FIXME: check 'type' and modify flags accordingly */ flags |= SC_ALGORITHM_RSA_PAD_PKCS1; - if(type==NID_sha1) flags|=SC_ALGORITHM_RSA_HASH_SHA1; - if(type==NID_md5) flags|=SC_ALGORITHM_RSA_HASH_MD5; + if (type == NID_sha1) + flags |= SC_ALGORITHM_RSA_HASH_SHA1; + if (type == NID_md5) + flags |= SC_ALGORITHM_RSA_HASH_MD5; r = sc_pkcs15_compute_signature(p15card, key_obj, flags, m, m_len, sigret, RSA_size(rsa)); sc_unlock(card); if (r < 0) { - fprintf(stderr,"sc_pkcs15_compute_signature() failed: %s", - sc_strerror(r)); + fprintf(stderr, "sc_pkcs15_compute_signature() failed: %s", + sc_strerror(r)); goto err; } *siglen = r; return 1; -err: + err: return 0; } int -sc_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - int padding) +sc_private_encrypt(int flen, const u_char * from, u_char * to, RSA * rsa, + int padding) { - fprintf(stderr,"Private key encryption not supported"); + fprintf(stderr, "Private key encryption not supported"); return -1; } diff --git a/src/sslengines/engine_opensc.h b/src/sslengines/engine_opensc.h index b3e53197..d51d4b49 100644 --- a/src/sslengines/engine_opensc.h +++ b/src/sslengines/engine_opensc.h @@ -8,16 +8,16 @@ int opensc_finish(void); int opensc_init(void); -EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data); -EVP_PKEY *opensc_load_private_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data); -int sc_private_decrypt(int flen, const u_char *from, u_char *to, - RSA *rsa, int padding); -int sc_sign(int type, const u_char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); -int sc_private_encrypt(int flen, const u_char *from, u_char *to, - RSA *rsa, int padding); -int opensc_rsa_finish(RSA* rsa); +EVP_PKEY *opensc_load_public_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data); +EVP_PKEY *opensc_load_private_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data); +int sc_private_decrypt(int flen, const u_char * from, u_char * to, + RSA * rsa, int padding); +int sc_sign(int type, const u_char * m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA * rsa); +int sc_private_encrypt(int flen, const u_char * from, u_char * to, + RSA * rsa, int padding); +int opensc_rsa_finish(RSA * rsa); #endif diff --git a/src/sslengines/engine_pkcs11.c b/src/sslengines/engine_pkcs11.c index eaf6694b..8940860b 100644 --- a/src/sslengines/engine_pkcs11.c +++ b/src/sslengines/engine_pkcs11.c @@ -34,63 +34,68 @@ #define fail(msg) { fprintf(stderr,msg); return NULL;} -PKCS11_CTX *ctx; -char* pin; -int quiet=1; +PKCS11_CTX *ctx; +char *pin = NULL; +int quiet = 1; const char *module = PKCS11_DEFAULT_MODULE_NAME; -int set_module(const char *modulename) { - module=modulename; +int set_module(const char *modulename) +{ + module = modulename; return 1; } -char* get_pin(UI_METHOD* ui_method, char* sc_pin, int maxlen) { - UI* ui; - ui=UI_new(); - UI_set_method(ui,ui_method); - if(!UI_add_input_string(ui, "SmartCard PIN: ", 0, sc_pin, 1, maxlen)) { - fprintf(stderr, "UI_add_input_string failed\n"); - UI_free(ui); return NULL; } - if(!UI_process(ui)) { - fprintf(stderr, "UI_process failed\n"); return NULL;} +char *get_pin(UI_METHOD * ui_method, char *sc_pin, int maxlen) +{ + UI *ui; + + ui = UI_new(); + UI_set_method(ui, ui_method); + if (!UI_add_input_string(ui, "SmartCard PIN: ", 0, sc_pin, 1, maxlen)) { + fprintf(stderr, "UI_add_input_string failed\n"); + UI_free(ui); + return NULL; + } + if (!UI_process(ui)) { + fprintf(stderr, "UI_process failed\n"); + return NULL; + } UI_free(ui); return sc_pin; - } -int pkcs11_finish(ENGINE *engine) { - +int pkcs11_finish(ENGINE * engine) +{ if (ctx) { PKCS11_CTX_free(ctx); } - return 1; } -int pkcs11_init(ENGINE *engine) { - if(!quiet) - fprintf(stderr,"initializing engine\n"); +int pkcs11_init(ENGINE * engine) +{ + if (!quiet) + fprintf(stderr, "initializing engine\n"); ctx = PKCS11_CTX_new(); if (PKCS11_CTX_load(ctx, module) < 0) { fprintf(stderr, "unable to load module\n"); return 0; } - return 1; } -int -pkcs11_rsa_finish(RSA* rsa) { - - if(pin) {free(pin);} +int pkcs11_rsa_finish(RSA * rsa) +{ + if (pin) { + free(pin); + } /* need to free RSA_ex_data? */ return 1; - } -static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen) +static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen) { size_t left, count = 0; @@ -99,7 +104,7 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen) return 1; } - left = *outlen; + left = *outlen; while (*in != '\0') { int byte = 0, nybbles = 2; @@ -110,11 +115,9 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen) c = *in++; if ('0' <= c && c <= '9') c -= '0'; - else - if ('a' <= c && c <= 'f') + else if ('a' <= c && c <= 'f') c = c - 'a' + 10; - else - if ('A' <= c && c <= 'F') + else if ('A' <= c && c <= 'F') c = c - 'A' + 10; else { printf("hex_to_bin(): invalid char '%c' in hex string\n", c); @@ -141,21 +144,21 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen) #define MAX_VALUE_LEN 200 -EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, - UI_METHOD *ui_method, void *callback_data, int isPrivate) { - - PKCS11_SLOT *slot_list, *slot; - PKCS11_TOKEN *tok; - PKCS11_KEY *keys, *selected_key = NULL; - PKCS11_CERT *certs; - EVP_PKEY *pk; - unsigned int count, n, m; - unsigned char key_id[MAX_VALUE_LEN / 2]; - char *s_key_id = NULL, buf[MAX_VALUE_LEN]; - size_t key_id_len = sizeof(key_id); - int slot_nr = -1; - char flags[64]; - int logged_in = 0; +EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id, + UI_METHOD * ui_method, void *callback_data, int isPrivate) +{ + PKCS11_SLOT *slot_list, *slot; + PKCS11_TOKEN *tok; + PKCS11_KEY *keys, *selected_key = NULL; + PKCS11_CERT *certs; + EVP_PKEY *pk; + unsigned int count, n, m; + unsigned char key_id[MAX_VALUE_LEN / 2]; + char *s_key_id = NULL, buf[MAX_VALUE_LEN]; + size_t key_id_len = sizeof(key_id); + int slot_nr = -1; + char flags[64]; + int logged_in = 0; /* Parse s_slot_key_id: [slot:][;][id:] or NULL, with slotNr in decimal (0 = first slot, ...), and keyID in hex. @@ -194,29 +197,27 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, printf("Slot number \"%s\" should be an integer\n", val); return NULL; } - } - else if (strncasecmp(s_slot_key_id, "id", p_sep1 - s_slot_key_id) == 0) { + } else if (strncasecmp(s_slot_key_id, "id", p_sep1 - s_slot_key_id) + == 0) { if (!hex_to_bin(val, key_id, &key_id_len)) { printf("Key id \"%s\" should be a hex string\n", val); return NULL; } strcpy(buf, val); s_key_id = buf; - } - else { + } else { memcpy(val, s_slot_key_id, p_sep1 - s_slot_key_id); val[p_sep1 - s_slot_key_id] = '\0'; printf("Now allowed in -key: \"%s\"\n", val); return NULL; } - s_slot_key_id = (*p_sep2 == '\0' ? p_sep2 : p_sep2 + 1); } if (PKCS11_enumerate_slots(ctx, &slot_list, &count) < 0) fail("failed to enumerate slots\n"); - printf("Found %u slot%s\n", count, (count <= 1)? "" : "s"); + printf("Found %u slot%s\n", count, (count <= 1) ? "" : "s"); for (n = 0; n < count; n++) { slot = slot_list + n; flags[0] = '\0'; @@ -233,13 +234,13 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, strcpy(flags, "no token"); } if ((m = strlen(flags)) != 0) { - flags[m-2] = '\0'; + flags[m - 2] = '\0'; } printf("[%u] %-25.25s %-16s", n, slot->description, flags); if (slot->token) { printf(" (%s)", - slot->token->label[0]? - slot->token->label : "no label"); + slot->token->label[0] ? + slot->token->label : "no label"); } printf("\n"); } @@ -247,8 +248,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, if (slot_nr == -1) { if (!(slot = PKCS11_find_token(ctx))) fail("didn't find any tokens\n"); - } - else if (slot_nr >= 0 && slot_nr < count) + } else if (slot_nr >= 0 && slot_nr < count) slot = slot_list + slot_nr; else { printf("Invalid slot number: %d\n", slot_nr); @@ -261,7 +261,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, return NULL; } - if (isPrivate && !tok->userPinSet && !tok->readOnly) { + if (isPrivate && !tok->userPinSet && !tok->readOnly) { printf("Found slot without user PIN\n"); return NULL; } @@ -272,13 +272,12 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, if (PKCS11_enumerate_certs(tok, &certs, &count)) fail("unable to enumerate certificates\n"); - printf("Found %u certificate%s:\n", count, (count <= 1)? "" : "s"); + printf("Found %u certificate%s:\n", count, (count <= 1) ? "" : "s"); for (n = 0; n < count; n++) { - PKCS11_CERT *c = certs + n; - char *dn = NULL; + PKCS11_CERT *c = certs + n; + char *dn = NULL; - printf(" %2u %s", n+1, - c->label); + printf(" %2u %s", n + 1, c->label); if (c->x509) dn = X509_NAME_oneline(X509_get_subject_name(c->x509), NULL, 0); if (dn) { @@ -296,8 +295,8 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, if (logged_in || !tok->loginRequired) break; if (pin == NULL) { - pin=(char *) malloc(12); - get_pin(ui_method,pin,12); + pin = (char *) malloc(12); + get_pin(ui_method, pin, 12); } if (PKCS11_login(slot, 0, pin)) fail("Card login failed\n"); @@ -309,14 +308,12 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, return NULL; } - printf("Found %u key%s:\n", count, (count <= 1)? "" : "s"); + printf("Found %u key%s:\n", count, (count <= 1) ? "" : "s"); for (n = 0; n < count; n++) { - PKCS11_KEY *k = keys + n; + PKCS11_KEY *k = keys + n; - printf(" %2u %c%c %s\n", n+1, - k->isPrivate? 'P' : ' ', - k->needLogin? 'L' : ' ', - k->label); + printf(" %2u %c%c %s\n", n + 1, + k->isPrivate ? 'P' : ' ', k->needLogin ? 'L' : ' ', k->label); if (key_id_len != 0 && k->id_len == key_id_len && memcmp(k->id, key_id, key_id_len) == 0) { @@ -329,36 +326,39 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id, if (s_key_id != NULL) { printf("No key with ID \"%s\" found.\n", s_key_id); return NULL; - } - else /* Take the first key that was found */ + } else /* Take the first key that was found */ selected_key = &keys[0]; } - if(isPrivate) { + if (isPrivate) { pk = PKCS11_get_private_key(selected_key); } else { /*pk = PKCS11_get_public_key(&keys[0]); - need a get_public_key? */ + need a get_public_key? */ pk = PKCS11_get_private_key(selected_key); } return pk; } -EVP_PKEY *pkcs11_load_public_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data) { +EVP_PKEY *pkcs11_load_public_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data) +{ EVP_PKEY *pk; - pk=pkcs11_load_key(e, s_key_id, ui_method, callback_data, 0); + + pk = pkcs11_load_key(e, s_key_id, ui_method, callback_data, 0); if (pk == NULL) - fail("PKCS11_load_public_key returned NULL\n"); + fail("PKCS11_load_public_key returned NULL\n"); return pk; } -EVP_PKEY *pkcs11_load_private_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data) { - EVP_PKEY* pk; - pk=pkcs11_load_key(e, s_key_id, ui_method, callback_data, 1); - if (pk == NULL) - fail("PKCS11_get_private_key returned NULL\n"); - return pk; +EVP_PKEY *pkcs11_load_private_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data) +{ + EVP_PKEY *pk; + + pk = pkcs11_load_key(e, s_key_id, ui_method, callback_data, 1); + if (pk == NULL) + fail("PKCS11_get_private_key returned NULL\n"); + return pk; } diff --git a/src/sslengines/engine_pkcs11.h b/src/sslengines/engine_pkcs11.h index 38198a03..d236a410 100644 --- a/src/sslengines/engine_pkcs11.h +++ b/src/sslengines/engine_pkcs11.h @@ -35,19 +35,19 @@ int set_module(const char *modulename); -int pkcs11_finish(ENGINE *engine); +int pkcs11_finish(ENGINE * engine); -int pkcs11_init(ENGINE *engine); +int pkcs11_init(ENGINE * engine); -int pkcs11_rsa_finish(RSA* rsa); +int pkcs11_rsa_finish(RSA * rsa); -EVP_PKEY *pkcs11_load_public_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *pkcs11_load_public_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data); -EVP_PKEY *pkcs11_load_private_key(ENGINE *e, const char *s_key_id, - UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *pkcs11_load_private_key(ENGINE * e, const char *s_key_id, + UI_METHOD * ui_method, void *callback_data); /* defined in p11_rsa.c */ -RSA_METHOD * pkcs11_get_rsa_method(void); +RSA_METHOD *pkcs11_get_rsa_method(void); #endif diff --git a/src/sslengines/hw_opensc.c b/src/sslengines/hw_opensc.c index cbbc89c8..c3919ce8 100644 --- a/src/sslengines/hw_opensc.c +++ b/src/sslengines/hw_opensc.c @@ -79,10 +79,10 @@ #define CMD_SO_PATH ENGINE_CMD_BASE -static int opensc_engine_destroy(ENGINE *e); -static int opensc_engine_init(ENGINE *e); -static int opensc_engine_finish(ENGINE *e); -static int opensc_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int opensc_engine_destroy(ENGINE * e); +static int opensc_engine_init(ENGINE * e); +static int opensc_engine_finish(ENGINE * e); +static int opensc_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()); /* The definitions for control commands specific to this engine */ @@ -90,54 +90,52 @@ static int opensc_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); static const ENGINE_CMD_DEFN opensc_cmd_defns[] = { {CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'opensc-engine' shared library", - ENGINE_CMD_FLAG_STRING}, + "SO_PATH", + "Specifies the path to the 'opensc-engine' shared library", + ENGINE_CMD_FLAG_STRING}, {0, NULL, NULL, 0} - }; +}; -static int opensc_engine_finish(ENGINE *e) { +static int opensc_engine_finish(ENGINE * e) +{ return opensc_finish(); } -static int -opensc_engine_init(ENGINE *e) +static int opensc_engine_init(ENGINE * e) { return opensc_init(); } /* Destructor */ -static int opensc_engine_destroy(ENGINE *e) - { +static int opensc_engine_destroy(ENGINE * e) +{ return 1; - } +} -static int opensc_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - switch(cmd) - { +static int opensc_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) +{ + switch (cmd) { default: break; - } - return 0; } + return 0; +} + /* set up default rsa_meth_st with overloaded rsa functions */ /* the actual implementation needs to be in another object */ -static int (*orig_finish)(RSA* rsa); +static int (*orig_finish) (RSA * rsa); -static int -opensc_engine_rsa_finish(RSA* rsa) { - - opensc_rsa_finish(rsa); +static int opensc_engine_rsa_finish(RSA * rsa) +{ + opensc_rsa_finish(rsa); if (orig_finish) orig_finish(rsa); return 1; - } -static RSA_METHOD * sc_get_rsa_method(void) +static RSA_METHOD *sc_get_rsa_method(void) { static RSA_METHOD smart_rsa; const RSA_METHOD *def = RSA_get_default_method(); @@ -145,64 +143,66 @@ static RSA_METHOD * sc_get_rsa_method(void) /* use the OpenSSL version */ memcpy(&smart_rsa, def, sizeof(smart_rsa)); - smart_rsa.name = "opensc"; + smart_rsa.name = "opensc"; /* overload */ - smart_rsa.rsa_priv_enc = sc_private_encrypt; - smart_rsa.rsa_priv_dec = sc_private_decrypt; - smart_rsa.rsa_sign = sc_sign; + smart_rsa.rsa_priv_enc = sc_private_encrypt; + smart_rsa.rsa_priv_dec = sc_private_decrypt; + smart_rsa.rsa_sign = sc_sign; /* save original */ - orig_finish = def->finish; - smart_rsa.finish = opensc_engine_rsa_finish; + orig_finish = def->finish; + smart_rsa.finish = opensc_engine_rsa_finish; /* set flags for sign version */ - smart_rsa.flags|=RSA_FLAG_SIGN_VER; + smart_rsa.flags |= RSA_FLAG_SIGN_VER; return &smart_rsa; } /* This internal function is used by ENGINE_opensc() and possibly by the * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { - if( - !ENGINE_set_id(e, OPENSC_ENGINE_ID) || - !ENGINE_set_destroy_function(e, opensc_engine_destroy) || - !ENGINE_set_init_function(e, opensc_engine_init) || - !ENGINE_set_finish_function(e, opensc_engine_finish) || - !ENGINE_set_ctrl_function(e, opensc_engine_ctrl) || - !ENGINE_set_cmd_defns(e, opensc_cmd_defns) || - !ENGINE_set_name(e, OPENSC_ENGINE_NAME) || +static int bind_helper(ENGINE * e) +{ + if (!ENGINE_set_id(e, OPENSC_ENGINE_ID) || + !ENGINE_set_destroy_function(e, opensc_engine_destroy) || + !ENGINE_set_init_function(e, opensc_engine_init) || + !ENGINE_set_finish_function(e, opensc_engine_finish) || + !ENGINE_set_ctrl_function(e, opensc_engine_ctrl) || + !ENGINE_set_cmd_defns(e, opensc_cmd_defns) || + !ENGINE_set_name(e, OPENSC_ENGINE_NAME) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, sc_get_rsa_method())|| + !ENGINE_set_RSA(e, sc_get_rsa_method()) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, DSA_get_default_method()) || + !ENGINE_set_DSA(e, DSA_get_default_method()) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, DH_get_default_method()) || + !ENGINE_set_DH(e, DH_get_default_method()) || #endif - !ENGINE_set_RAND(e, RAND_SSLeay()) || + !ENGINE_set_RAND(e, RAND_SSLeay()) || #if 0 - !ENGINE_set_BN_mod_exp(e, BN_mod_exp) || + !ENGINE_set_BN_mod_exp(e, BN_mod_exp) || #endif - !ENGINE_set_load_pubkey_function(e, opensc_load_public_key ) || - !ENGINE_set_load_privkey_function(e, opensc_load_private_key) ) - { - return 0; - } else { + !ENGINE_set_load_pubkey_function(e, opensc_load_public_key) || + !ENGINE_set_load_privkey_function(e, opensc_load_private_key)) { + return 0; + } else { return 1; - } } +} -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, OPENSC_ENGINE_ID) != 0)) - {fprintf(stderr, "bad engine id");return 0;} - if(!bind_helper(e)) - {fprintf(stderr, "bind failed"); return 0;} +static int bind_fn(ENGINE * e, const char *id) +{ + if (id && (strcmp(id, OPENSC_ENGINE_ID) != 0)) { + fprintf(stderr, "bad engine id"); + return 0; + } + if (!bind_helper(e)) { + fprintf(stderr, "bind failed"); + return 0; + } return 1; - } +} -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +IMPLEMENT_DYNAMIC_CHECK_FN(); +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn); diff --git a/src/sslengines/hw_pkcs11.c b/src/sslengines/hw_pkcs11.c index 59d38209..01994225 100644 --- a/src/sslengines/hw_pkcs11.c +++ b/src/sslengines/hw_pkcs11.c @@ -76,8 +76,8 @@ #define CMD_SO_PATH ENGINE_CMD_BASE #define CMD_MODULE_PATH (ENGINE_CMD_BASE+1) -static int pkcs11_engine_destroy(ENGINE *e); -static int pkcs11_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int pkcs11_engine_destroy(ENGINE * e); +static int pkcs11_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()); /* The definitions for control commands specific to this engine */ @@ -85,44 +85,44 @@ static int pkcs11_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); static const ENGINE_CMD_DEFN pkcs11_cmd_defns[] = { {CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'pkcs11-engine' shared library", - ENGINE_CMD_FLAG_STRING}, + "SO_PATH", + "Specifies the path to the 'pkcs11-engine' shared library", + ENGINE_CMD_FLAG_STRING}, {CMD_MODULE_PATH, - "MODULE_PATH", - "Specifies the path to the pkcs11 module shared library", - ENGINE_CMD_FLAG_STRING}, + "MODULE_PATH", + "Specifies the path to the pkcs11 module shared library", + ENGINE_CMD_FLAG_STRING}, {0, NULL, NULL, 0} - }; +}; /* Destructor */ -static int pkcs11_engine_destroy(ENGINE *e) - { +static int pkcs11_engine_destroy(ENGINE * e) +{ return 1; - } +} -static int pkcs11_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - /*int initialised = ((pkcs11_dso == NULL) ? 0 : 1);*/ - switch(cmd) - { +static int pkcs11_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) +{ + /*int initialised = ((pkcs11_dso == NULL) ? 0 : 1); */ + switch (cmd) { case CMD_MODULE_PATH: - return set_module((const char *)p); + return set_module((const char *) p); default: break; - } - return 0; } + return 0; +} + /* set up default rsa_meth_st with overloaded rsa functions */ /* the actual implementation needs to be in another object */ -static int (*orig_finish)(RSA* rsa); +static int (*orig_finish) (RSA * rsa); -static int -pkcs11_engine_rsa_finish(RSA* rsa) { +static int pkcs11_engine_rsa_finish(RSA * rsa) +{ - pkcs11_rsa_finish(rsa); + pkcs11_rsa_finish(rsa); if (orig_finish) orig_finish(rsa); @@ -132,46 +132,48 @@ pkcs11_engine_rsa_finish(RSA* rsa) { /* This internal function is used by ENGINE_pkcs11() and possibly by the * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { - if( - !ENGINE_set_id(e, PKCS11_ENGINE_ID) || - !ENGINE_set_destroy_function(e, pkcs11_engine_destroy) || - !ENGINE_set_init_function(e, pkcs11_init) || - !ENGINE_set_finish_function(e, pkcs11_finish) || - !ENGINE_set_ctrl_function(e, pkcs11_engine_ctrl) || - !ENGINE_set_cmd_defns(e, pkcs11_cmd_defns) || - !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || +static int bind_helper(ENGINE * e) +{ + if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) || + !ENGINE_set_destroy_function(e, pkcs11_engine_destroy) || + !ENGINE_set_init_function(e, pkcs11_init) || + !ENGINE_set_finish_function(e, pkcs11_finish) || + !ENGINE_set_ctrl_function(e, pkcs11_engine_ctrl) || + !ENGINE_set_cmd_defns(e, pkcs11_cmd_defns) || + !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, pkcs11_get_rsa_method())|| + !ENGINE_set_RSA(e, pkcs11_get_rsa_method()) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, DSA_get_default_method()) || + !ENGINE_set_DSA(e, DSA_get_default_method()) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, DH_get_default_method()) || + !ENGINE_set_DH(e, DH_get_default_method()) || #endif - !ENGINE_set_RAND(e, RAND_SSLeay()) || + !ENGINE_set_RAND(e, RAND_SSLeay()) || #if 0 - !ENGINE_set_BN_mod_exp(e, BN_mod_exp) || + !ENGINE_set_BN_mod_exp(e, BN_mod_exp) || #endif - !ENGINE_set_load_pubkey_function(e, pkcs11_load_public_key ) || - !ENGINE_set_load_privkey_function(e, pkcs11_load_private_key) ) - { - return 0; - } else { + !ENGINE_set_load_pubkey_function(e, pkcs11_load_public_key) || + !ENGINE_set_load_privkey_function(e, pkcs11_load_private_key)) { + return 0; + } else { return 1; - } } +} -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, PKCS11_ENGINE_ID) != 0)) - {fprintf(stderr, "bad engine id");return 0;} - if(!bind_helper(e)) - {fprintf(stderr, "bind failed"); return 0;} +static int bind_fn(ENGINE * e, const char *id) +{ + if (id && (strcmp(id, PKCS11_ENGINE_ID) != 0)) { + fprintf(stderr, "bad engine id"); + return 0; + } + if (!bind_helper(e)) { + fprintf(stderr, "bind failed"); + return 0; + } return 1; - } +} -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +IMPLEMENT_DYNAMIC_CHECK_FN(); +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn); diff --git a/src/sslengines/p11_attr.c b/src/sslengines/p11_attr.c index 75616722..f67a4f5c 100644 --- a/src/sslengines/p11_attr.c +++ b/src/sslengines/p11_attr.c @@ -11,19 +11,19 @@ #include #include -static int pkcs11_getattr_int(PKCS11_CTX *, CK_SESSION_HANDLE, - CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE, - void *, size_t *); +static int pkcs11_getattr_int(PKCS11_CTX *, CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE, void *, size_t *); /* * Query pkcs11 attributes */ static int -pkcs11_getattr_int(PKCS11_CTX *ctx, CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value, size_t *size) +pkcs11_getattr_int(PKCS11_CTX * ctx, CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value, + size_t * size) { - CK_ATTRIBUTE templ; - int rv; + CK_ATTRIBUTE templ; + int rv; templ.type = type; templ.pValue = value; @@ -37,52 +37,51 @@ pkcs11_getattr_int(PKCS11_CTX *ctx, CK_SESSION_HANDLE session, } int -pkcs11_getattr_var(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object, - unsigned int type, void *value, size_t *size) +pkcs11_getattr_var(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object, + unsigned int type, void *value, size_t * size) { return pkcs11_getattr_int(TOKEN2CTX(token), - PRIVSLOT(TOKEN2SLOT(token))->session, - object, type, value, size); + PRIVSLOT(TOKEN2SLOT(token))->session, + object, type, value, size); } int -pkcs11_getattr(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object, - unsigned int type, void *value, size_t size) +pkcs11_getattr(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object, + unsigned int type, void *value, size_t size) { return pkcs11_getattr_var(token, object, type, value, &size); } int -pkcs11_getattr_s(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object, - unsigned int type, void *value, size_t size) +pkcs11_getattr_s(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object, + unsigned int type, void *value, size_t size) { memset(value, 0, size); return pkcs11_getattr_var(token, object, type, value, &size); } int -pkcs11_getattr_bn(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object, - unsigned int type, BIGNUM **bn) +pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object, + unsigned int type, BIGNUM ** bn) { - CK_BYTE binary[4196 / 8]; - size_t size = sizeof(binary); + CK_BYTE binary[4196 / 8]; + size_t size = sizeof(binary); if (pkcs11_getattr_var(token, object, type, binary, &size)) return -1; if (size == -1) { PKCS11err(PKCS11_F_PKCS11_GETATTR, - pkcs11_map_err(CKR_ATTRIBUTE_TYPE_INVALID)); + pkcs11_map_err(CKR_ATTRIBUTE_TYPE_INVALID)); return -1; } *bn = BN_bin2bn(binary, size, NULL); - return *bn? 0 : -1; + return *bn ? 0 : -1; } /* * Add attributes to template */ -void -pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size) +void pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size) { ap->type = type; ap->pValue = malloc(size); @@ -91,35 +90,31 @@ pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size) } /* In PKCS11, virtually every integer is a CK_ULONG */ -void -pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value) +void pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value) { - CK_ULONG ulValue = value; + CK_ULONG ulValue = value; pkcs11_addattr(ap, type, &ulValue, sizeof(ulValue)); } -void -pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s) +void pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s) { - pkcs11_addattr(ap, type, s, s? strlen(s) + 1 : 0); + pkcs11_addattr(ap, type, s, s ? strlen(s) + 1 : 0); } -void -pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM *bn) +void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM * bn) { - unsigned char temp[1024]; - unsigned int n; + unsigned char temp[1024]; + unsigned int n; - assert (BN_num_bytes(bn) <= sizeof(temp)); + assert(BN_num_bytes(bn) <= sizeof(temp)); n = BN_bn2bin(bn, temp); pkcs11_addattr(ap, type, temp, n); } -void -pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj) +void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj) { - unsigned char *p; + unsigned char *p; ap->type = type; ap->ulValueLen = enc(obj, NULL); @@ -127,8 +122,7 @@ pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj) enc(obj, &p); } -void -pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n) +void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n) { while (n--) { if (ap[n].pValue) diff --git a/src/sslengines/p11_cert.c b/src/sslengines/p11_cert.c index 8c877655..c84c6893 100644 --- a/src/sslengines/p11_cert.c +++ b/src/sslengines/p11_cert.c @@ -7,19 +7,18 @@ #include "pkcs11-internal.h" #include -static int pkcs11_find_certs(PKCS11_TOKEN *); -static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *, - CK_SESSION_HANDLE); -static int pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, - CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, - PKCS11_CERT **); -static int pkcs11_store_certificate(PKCS11_TOKEN *, X509 *, - char *, unsigned char *, unsigned int, - PKCS11_CERT **); +static int pkcs11_find_certs(PKCS11_TOKEN *); +static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *, CK_SESSION_HANDLE); +static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, + CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, + PKCS11_CERT **); +static int pkcs11_store_certificate(PKCS11_TOKEN *, X509 *, + char *, unsigned char *, unsigned int, + PKCS11_CERT **); -static CK_OBJECT_CLASS cert_search_class; -static CK_ATTRIBUTE cert_search_attrs[] = { - { CKA_CLASS, &cert_search_class, sizeof(cert_search_class) }, +static CK_OBJECT_CLASS cert_search_class; +static CK_ATTRIBUTE cert_search_attrs[] = { + {CKA_CLASS, &cert_search_class, sizeof(cert_search_class)}, }; #define numof(arr) (sizeof(arr)/sizeof((arr)[0])) @@ -27,9 +26,8 @@ static CK_ATTRIBUTE cert_search_attrs[] = { * Enumerate all certs on the card */ int -PKCS11_enumerate_certs(PKCS11_TOKEN *token, - PKCS11_CERT **certp, - unsigned int *countp) +PKCS11_enumerate_certs(PKCS11_TOKEN * token, + PKCS11_CERT ** certp, unsigned int *countp) { PKCS11_TOKEN_private *priv = PRIVTOKEN(token); @@ -48,13 +46,12 @@ PKCS11_enumerate_certs(PKCS11_TOKEN *token, /* * Find certificate matching a key */ -PKCS11_CERT * -PKCS11_find_certificate(PKCS11_KEY *key) +PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key) { - PKCS11_KEY_private *kpriv; - PKCS11_CERT_private *cpriv; - PKCS11_CERT *cert; - unsigned int n, count; + PKCS11_KEY_private *kpriv; + PKCS11_CERT_private *cpriv; + PKCS11_CERT *cert; + unsigned int n, count; kpriv = PRIVKEY(key); if (PKCS11_enumerate_certs(KEY2TOKEN(key), &cert, &count)) @@ -62,7 +59,7 @@ PKCS11_find_certificate(PKCS11_KEY *key) for (n = 0; n < count; n++, cert++) { cpriv = PRIVCERT(cert); if (cpriv->id_len == kpriv->id_len - && !memcmp(cpriv->id, kpriv->id, kpriv->id_len)) + && !memcmp(cpriv->id, kpriv->id, kpriv->id_len)) return cert; } return NULL; @@ -71,13 +68,12 @@ PKCS11_find_certificate(PKCS11_KEY *key) /* * Find all certs of a given type (public or private) */ -int -pkcs11_find_certs(PKCS11_TOKEN *token) +int pkcs11_find_certs(PKCS11_TOKEN * token) { - PKCS11_SLOT *slot = TOKEN2SLOT(token); - PKCS11_CTX *ctx = TOKEN2CTX(token); + PKCS11_SLOT *slot = TOKEN2SLOT(token); + PKCS11_CTX *ctx = TOKEN2CTX(token); CK_SESSION_HANDLE session; - int rv, res = -1; + int rv, res = -1; /* Make sure we have a session */ if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 0)) @@ -87,7 +83,7 @@ pkcs11_find_certs(PKCS11_TOKEN *token) /* Tell the PKCS11 lib to enumerate all matching objects */ cert_search_class = CKO_CERTIFICATE; rv = CRYPTOKI_call(ctx, C_FindObjectsInit(session, cert_search_attrs, - numof(cert_search_attrs))); + numof(cert_search_attrs))); CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv); do { @@ -95,16 +91,15 @@ pkcs11_find_certs(PKCS11_TOKEN *token) } while (res == 0); CRYPTOKI_call(ctx, C_FindObjectsFinal(session)); - return (res < 0)? -1 : 0; + return (res < 0) ? -1 : 0; } int -pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, - CK_SESSION_HANDLE session) +pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, CK_SESSION_HANDLE session) { CK_OBJECT_HANDLE obj; - CK_ULONG count; - int rv; + CK_ULONG count; + int rv; /* Get the next matching object */ rv = CRYPTOKI_call(ctx, C_FindObjects(session, &obj, 1, &count)); @@ -120,21 +115,19 @@ pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, } int -pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, - CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, - PKCS11_CERT **ret) +pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, + CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret) { PKCS11_TOKEN_private *tpriv; PKCS11_CERT_private *kpriv; - PKCS11_CERT *cert; - char label[256], data[2048]; - unsigned char id[256]; + PKCS11_CERT *cert; + char label[256], data[2048]; + unsigned char id[256]; CK_CERTIFICATE_TYPE cert_type; - size_t size; + size_t size; size = sizeof(cert_type); - if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE, - &cert_type, &size)) + if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE, &cert_type, &size)) return -1; /* Ignore any certs we don't understand */ @@ -143,7 +136,8 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, tpriv = PRIVTOKEN(token); tpriv->certs = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs, - (tpriv->ncerts + 1) * sizeof(PKCS11_CERT)); + (tpriv->ncerts + + 1) * sizeof(PKCS11_CERT)); cert = tpriv->certs + tpriv->ncerts++; memset(cert, 0, sizeof(*cert)); @@ -155,12 +149,12 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, cert->label = BUF_strdup(label); size = sizeof(data); if (!pkcs11_getattr_var(token, obj, CKA_VALUE, data, &size)) { - unsigned char *p = (unsigned char *) data; + unsigned char *p = (unsigned char *) data; cert->x509 = d2i_X509(NULL, &p, size); } cert->id_len = sizeof(id); - if (!pkcs11_getattr_var(token, obj, CKA_ID, id, (size_t *) &cert->id_len)) { + if (!pkcs11_getattr_var(token, obj, CKA_ID, id, (size_t *) & cert->id_len)) { cert->id = (unsigned char *) malloc(cert->id_len); memcpy(cert->id, id, cert->id_len); } @@ -179,13 +173,12 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, /* * Destroy all certs */ -void -pkcs11_destroy_certs(PKCS11_TOKEN *token) +void pkcs11_destroy_certs(PKCS11_TOKEN * token) { PKCS11_TOKEN_private *priv = PRIVTOKEN(token); while (priv->ncerts > 0) { - PKCS11_CERT *cert = &priv->certs[--(priv->ncerts)]; + PKCS11_CERT *cert = &priv->certs[--(priv->ncerts)]; if (cert->x509) X509_free(cert->x509); @@ -203,17 +196,17 @@ pkcs11_destroy_certs(PKCS11_TOKEN *token) * Store certificate */ int -pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label, - unsigned char *id, unsigned int id_len, - PKCS11_CERT **ret_cert) +pkcs11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label, + unsigned char *id, unsigned int id_len, + PKCS11_CERT ** ret_cert) { - PKCS11_SLOT *slot = TOKEN2SLOT(token); - PKCS11_CTX *ctx = TOKEN2CTX(token); + PKCS11_SLOT *slot = TOKEN2SLOT(token); + PKCS11_CTX *ctx = TOKEN2CTX(token); CK_SESSION_HANDLE session; CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[32]; - unsigned int n = 0; - int rv; + CK_ATTRIBUTE attrs[32]; + unsigned int n = 0; + int rv; /* First, make sure we have a session */ if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 1)) @@ -223,8 +216,7 @@ pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label, /* Now build the template */ pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_CERTIFICATE); pkcs11_addattr_int(attrs + n++, CKA_CERTIFICATE_TYPE, CKC_X_509); - pkcs11_addattr_obj(attrs + n++, CKA_VALUE, - (pkcs11_i2d_fn) i2d_X509, x509); + pkcs11_addattr_obj(attrs + n++, CKA_VALUE, (pkcs11_i2d_fn) i2d_X509, x509); if (label) pkcs11_addattr_s(attrs + n++, CKA_LABEL, label); if (id && id_len) @@ -239,6 +231,5 @@ pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label, CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_CERTIFICATE, rv); /* Gobble the key object */ - return pkcs11_init_cert(ctx, token, session, - object, ret_cert); + return pkcs11_init_cert(ctx, token, session, object, ret_cert); } diff --git a/src/sslengines/p11_err.c b/src/sslengines/p11_err.c index 4c784df9..588b06a2 100644 --- a/src/sslengines/p11_err.c +++ b/src/sslengines/p11_err.c @@ -60,141 +60,131 @@ /* BEGIN ERROR CODES */ #ifndef NO_ERR static ERR_STRING_DATA PKCS11_str_library[] = { -{ERR_PACK(ERR_LIB_PKCS11,0,0) ,"PKCS11 library"}, -{0, NULL} + {ERR_PACK(ERR_LIB_PKCS11, 0, 0), "PKCS11 library"}, + {0, NULL} }; static ERR_STRING_DATA PKCS11_str_functs[] = { -{ERR_PACK(0, PKCS11_F_PKCS11_CTX_LOAD, 0), "PKCS11_CTX_load" }, -{ERR_PACK(0, PKCS11_F_PKCS11_ENUM_SLOTS, 0), "PKCS11_enum_slots" }, -{ERR_PACK(0, PKCS11_F_PKCS11_CHECK_TOKEN, 0), "PKCS11_check_token" }, -{ERR_PACK(0, PKCS11_F_PKCS11_OPEN_SESSION, 0), "PKCS11_open_session" }, -{ERR_PACK(0, PKCS11_F_PKCS11_LOGIN, 0), "PKCS11_login" }, -{ERR_PACK(0, PKCS11_F_PKCS11_ENUM_KEYS, 0), "PKCS11_enum_keys" }, -{ERR_PACK(0, PKCS11_F_PKCS11_GET_KEY, 0), "PKCS11_get_key" }, -{ERR_PACK(0, PKCS11_F_PKCS11_RSA_DECRYPT, 0), "PKCS11_rsa_decrypt" }, -{ERR_PACK(0, PKCS11_F_PKCS11_RSA_ENCRYPT, 0), "PKCS11_rsa_encrypt" }, -{ERR_PACK(0, PKCS11_F_PKCS11_RSA_SIGN, 0), "PKCS11_rsa_sign" }, -{ERR_PACK(0, PKCS11_F_PKCS11_RSA_VERIFY, 0), "PKCS11_rsa_verify" }, -{ERR_PACK(0, PKCS11_F_PKCS11_ENUM_CERTS, 0), "PKCS11_enum_certs" }, -{ERR_PACK(0, PKCS11_F_PKCS11_INIT_TOKEN, 0), "PKCS11_init_token" }, -{ERR_PACK(0, PKCS11_F_PKCS11_INIT_PIN, 0), "PKCS11_init_pin" }, -{ERR_PACK(0, PKCS11_F_PKCS11_GETATTR, 0), "PKCS11_get_attribute" }, -{ERR_PACK(0, PKCS11_F_PKCS11_LOGOUT, 0), "PKCS11_logout" }, -{ERR_PACK(0, PKCS11_F_PKCS11_STORE_PRIVATE_KEY, 0),"PKCS11_store_private_key" }, -{ERR_PACK(0, PKCS11_F_PKCS11_GENERATE_KEY, 0), "PKCS11_generate_key" }, -{ERR_PACK(0, PKCS11_F_PKCS11_STORE_PUBLIC_KEY, 0),"PKCS11_store_public_key" }, -{ERR_PACK(0, PKCS11_F_PKCS11_STORE_CERTIFICATE, 0),"PKCS11_store_certificate" }, -{0, NULL} + {ERR_PACK(0, PKCS11_F_PKCS11_CTX_LOAD, 0), "PKCS11_CTX_load"}, + {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_SLOTS, 0), "PKCS11_enum_slots"}, + {ERR_PACK(0, PKCS11_F_PKCS11_CHECK_TOKEN, 0), "PKCS11_check_token"}, + {ERR_PACK(0, PKCS11_F_PKCS11_OPEN_SESSION, 0), "PKCS11_open_session"}, + {ERR_PACK(0, PKCS11_F_PKCS11_LOGIN, 0), "PKCS11_login"}, + {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_KEYS, 0), "PKCS11_enum_keys"}, + {ERR_PACK(0, PKCS11_F_PKCS11_GET_KEY, 0), "PKCS11_get_key"}, + {ERR_PACK(0, PKCS11_F_PKCS11_RSA_DECRYPT, 0), "PKCS11_rsa_decrypt"}, + {ERR_PACK(0, PKCS11_F_PKCS11_RSA_ENCRYPT, 0), "PKCS11_rsa_encrypt"}, + {ERR_PACK(0, PKCS11_F_PKCS11_RSA_SIGN, 0), "PKCS11_rsa_sign"}, + {ERR_PACK(0, PKCS11_F_PKCS11_RSA_VERIFY, 0), "PKCS11_rsa_verify"}, + {ERR_PACK(0, PKCS11_F_PKCS11_ENUM_CERTS, 0), "PKCS11_enum_certs"}, + {ERR_PACK(0, PKCS11_F_PKCS11_INIT_TOKEN, 0), "PKCS11_init_token"}, + {ERR_PACK(0, PKCS11_F_PKCS11_INIT_PIN, 0), "PKCS11_init_pin"}, + {ERR_PACK(0, PKCS11_F_PKCS11_GETATTR, 0), "PKCS11_get_attribute"}, + {ERR_PACK(0, PKCS11_F_PKCS11_LOGOUT, 0), "PKCS11_logout"}, + {ERR_PACK(0, PKCS11_F_PKCS11_STORE_PRIVATE_KEY, 0), "PKCS11_store_private_key"}, + {ERR_PACK(0, PKCS11_F_PKCS11_GENERATE_KEY, 0), "PKCS11_generate_key"}, + {ERR_PACK(0, PKCS11_F_PKCS11_STORE_PUBLIC_KEY, 0), "PKCS11_store_public_key"}, + {ERR_PACK(0, PKCS11_F_PKCS11_STORE_CERTIFICATE, 0), "PKCS11_store_certificate"}, + {0, NULL} }; static ERR_STRING_DATA PKCS11_str_reasons[] = { -{PKCS11_LOAD_MODULE_ERROR ,"Unable to load PKCS#11 module" }, -{PKCS11_MODULE_LOADED_ERROR ,"Already loaded module for PKCS11 context" }, -{PKCS11_SYMBOL_NOT_FOUND_ERROR ,"Symbol not found in PKCS#11 module" }, -{PKCS11_NOT_SUPPORTED ,"Not supported" }, -{PKCS11_NO_SESSION ,"No session open" }, - -{CKR_CANCEL, "Cancel" }, -{CKR_HOST_MEMORY, "Host memory error" }, -{CKR_SLOT_ID_INVALID, "Invalid slot ID" }, -{CKR_GENERAL_ERROR, "General Error" }, -{CKR_FUNCTION_FAILED, "Function failed" }, -{CKR_ARGUMENTS_BAD, "Invalid arguments" }, -{CKR_NO_EVENT, "No event" }, -{CKR_NEED_TO_CREATE_THREADS, "Need to create threads" }, -{CKR_CANT_LOCK, "Cannott lock" }, -{CKR_ATTRIBUTE_READ_ONLY, "Attribute read only" }, -{CKR_ATTRIBUTE_SENSITIVE, "Attribute sensitive" }, -{CKR_ATTRIBUTE_TYPE_INVALID, "Attribute type invalid" }, -{CKR_ATTRIBUTE_VALUE_INVALID, "Attribute value invalid" }, -{CKR_DATA_INVALID, "Data invalid" }, -{CKR_DATA_LEN_RANGE, "Data len range" }, -{CKR_DEVICE_ERROR, "Device error" }, -{CKR_DEVICE_MEMORY, "Device memory" }, -{CKR_DEVICE_REMOVED, "Device removed" }, -{CKR_ENCRYPTED_DATA_INVALID, "Encrypted data invalid" }, -{CKR_ENCRYPTED_DATA_LEN_RANGE, "Encrypted data len range" }, -{CKR_FUNCTION_CANCELED, "Function canceled" }, -{CKR_FUNCTION_NOT_PARALLEL, "Function not parallel" }, -{CKR_FUNCTION_NOT_SUPPORTED, "Function not supported" }, -{CKR_KEY_HANDLE_INVALID, "Key handle invalid" }, -{CKR_KEY_SIZE_RANGE, "Key size range" }, -{CKR_KEY_TYPE_INCONSISTENT, "Key type inconsistent" }, -{CKR_KEY_NOT_NEEDED, "Key not needed" }, -{CKR_KEY_CHANGED, "Key changed" }, -{CKR_KEY_NEEDED, "Key needed" }, -{CKR_KEY_INDIGESTIBLE, "Key indigestible" }, -{CKR_KEY_FUNCTION_NOT_PERMITTED,"Key function not permitted" }, -{CKR_KEY_NOT_WRAPPABLE, "Key not wrappable" }, -{CKR_KEY_UNEXTRACTABLE, "Key unextractable" }, -{CKR_MECHANISM_INVALID, "Mechanism invalid" }, -{CKR_MECHANISM_PARAM_INVALID, "Mechanism param invalid" }, -{CKR_OBJECT_HANDLE_INVALID, "Object handle invalid" }, -{CKR_OPERATION_ACTIVE, "Operation active" }, -{CKR_OPERATION_NOT_INITIALIZED, "Operation not initialized" }, -{CKR_PIN_INCORRECT, "PIN incorrect" }, -{CKR_PIN_INVALID, "PIN invalid" }, -{CKR_PIN_LEN_RANGE, "Invalid PIN length" }, -{CKR_PIN_EXPIRED, "PIN expired" }, -{CKR_PIN_LOCKED, "PIN locked" }, -{CKR_SESSION_CLOSED, "Session closed" }, -{CKR_SESSION_COUNT, "Session count" }, -{CKR_SESSION_HANDLE_INVALID, "Session handle invalid" }, -{CKR_SESSION_PARALLEL_NOT_SUPPORTED, - "Session parallel not supported" }, -{CKR_SESSION_READ_ONLY, "Session read only" }, -{CKR_SESSION_EXISTS, "Session exists" }, -{CKR_SESSION_READ_ONLY_EXISTS, "Read-only session exists" }, -{CKR_SESSION_READ_WRITE_SO_EXISTS, - "Read/write SO session exists" }, -{CKR_SIGNATURE_INVALID, "Signature invalid" }, -{CKR_SIGNATURE_LEN_RANGE, "Signature len range" }, -{CKR_TEMPLATE_INCOMPLETE, "Incomplete template" }, -{CKR_TEMPLATE_INCONSISTENT, "Inconsistent template" }, -{CKR_TOKEN_NOT_PRESENT, "No PKCS#11 token present" }, -{CKR_TOKEN_NOT_RECOGNIZED, "PKCS#11 token not recognized" }, -{CKR_TOKEN_WRITE_PROTECTED, "Token write protected" }, -{CKR_UNWRAPPING_KEY_HANDLE_INVALID, - "Unwrapping key handle invalid" }, -{CKR_UNWRAPPING_KEY_SIZE_RANGE, "Unwrapping key size range" }, -{CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, - "Unwrapping key type inconsistent" }, -{CKR_USER_ALREADY_LOGGED_IN, "User already logged in" }, -{CKR_USER_NOT_LOGGED_IN, "User not logged in" }, -{CKR_USER_PIN_NOT_INITIALIZED, "User pin not initialized" }, -{CKR_USER_TYPE_INVALID, "User type invalid" }, -{CKR_USER_ANOTHER_ALREADY_LOGGED_IN, - "User another is already logged in" }, -{CKR_USER_TOO_MANY_TYPES, "User too many types" }, -{CKR_WRAPPED_KEY_INVALID, "Wrapped key invalid" }, -{CKR_WRAPPED_KEY_LEN_RANGE, "Wrapped key len range" }, -{CKR_WRAPPING_KEY_HANDLE_INVALID, - "Wrapping key handle invalid" }, -{CKR_WRAPPING_KEY_SIZE_RANGE, "Wrapping key size range" }, -{CKR_WRAPPING_KEY_TYPE_INCONSISTENT, - "Wrapping key type inconsistent" }, -{CKR_RANDOM_SEED_NOT_SUPPORTED, "Random seed not supported" }, -{CKR_RANDOM_NO_RNG, "Random no rng" }, -{CKR_DOMAIN_PARAMS_INVALID, "Domain params invalid" }, -{CKR_BUFFER_TOO_SMALL, "Buffer too small" }, -{CKR_SAVED_STATE_INVALID, "Saved state invalid" }, -{CKR_INFORMATION_SENSITIVE, "Information sensitive" }, -{CKR_STATE_UNSAVEABLE, "State unsaveable" }, -{CKR_CRYPTOKI_NOT_INITIALIZED, "Cryptoki not initialized" }, -{CKR_CRYPTOKI_ALREADY_INITIALIZED, - "Cryptoki already initialized" }, -{CKR_MUTEX_BAD, "Mutex bad" }, -{CKR_MUTEX_NOT_LOCKED, "Mutex not locked" }, -{CKR_VENDOR_DEFINED, "Vendor defined" }, -{0, NULL} + {PKCS11_LOAD_MODULE_ERROR, "Unable to load PKCS#11 module"}, + {PKCS11_MODULE_LOADED_ERROR, "Already loaded module for PKCS11 context"}, + {PKCS11_SYMBOL_NOT_FOUND_ERROR, "Symbol not found in PKCS#11 module"}, + {PKCS11_NOT_SUPPORTED, "Not supported"}, + {PKCS11_NO_SESSION, "No session open"}, + {CKR_CANCEL, "Cancel"}, + {CKR_HOST_MEMORY, "Host memory error"}, + {CKR_SLOT_ID_INVALID, "Invalid slot ID"}, + {CKR_GENERAL_ERROR, "General Error"}, + {CKR_FUNCTION_FAILED, "Function failed"}, + {CKR_ARGUMENTS_BAD, "Invalid arguments"}, + {CKR_NO_EVENT, "No event"}, + {CKR_NEED_TO_CREATE_THREADS, "Need to create threads"}, + {CKR_CANT_LOCK, "Cannott lock"}, + {CKR_ATTRIBUTE_READ_ONLY, "Attribute read only"}, + {CKR_ATTRIBUTE_SENSITIVE, "Attribute sensitive"}, + {CKR_ATTRIBUTE_TYPE_INVALID, "Attribute type invalid"}, + {CKR_ATTRIBUTE_VALUE_INVALID, "Attribute value invalid"}, + {CKR_DATA_INVALID, "Data invalid"}, + {CKR_DATA_LEN_RANGE, "Data len range"}, + {CKR_DEVICE_ERROR, "Device error"}, + {CKR_DEVICE_MEMORY, "Device memory"}, + {CKR_DEVICE_REMOVED, "Device removed"}, + {CKR_ENCRYPTED_DATA_INVALID, "Encrypted data invalid"}, + {CKR_ENCRYPTED_DATA_LEN_RANGE, "Encrypted data len range"}, + {CKR_FUNCTION_CANCELED, "Function canceled"}, + {CKR_FUNCTION_NOT_PARALLEL, "Function not parallel"}, + {CKR_FUNCTION_NOT_SUPPORTED, "Function not supported"}, + {CKR_KEY_HANDLE_INVALID, "Key handle invalid"}, + {CKR_KEY_SIZE_RANGE, "Key size range"}, + {CKR_KEY_TYPE_INCONSISTENT, "Key type inconsistent"}, + {CKR_KEY_NOT_NEEDED, "Key not needed"}, + {CKR_KEY_CHANGED, "Key changed"}, + {CKR_KEY_NEEDED, "Key needed"}, + {CKR_KEY_INDIGESTIBLE, "Key indigestible"}, + {CKR_KEY_FUNCTION_NOT_PERMITTED, "Key function not permitted"}, + {CKR_KEY_NOT_WRAPPABLE, "Key not wrappable"}, + {CKR_KEY_UNEXTRACTABLE, "Key unextractable"}, + {CKR_MECHANISM_INVALID, "Mechanism invalid"}, + {CKR_MECHANISM_PARAM_INVALID, "Mechanism param invalid"}, + {CKR_OBJECT_HANDLE_INVALID, "Object handle invalid"}, + {CKR_OPERATION_ACTIVE, "Operation active"}, + {CKR_OPERATION_NOT_INITIALIZED, "Operation not initialized"}, + {CKR_PIN_INCORRECT, "PIN incorrect"}, + {CKR_PIN_INVALID, "PIN invalid"}, + {CKR_PIN_LEN_RANGE, "Invalid PIN length"}, + {CKR_PIN_EXPIRED, "PIN expired"}, + {CKR_PIN_LOCKED, "PIN locked"}, + {CKR_SESSION_CLOSED, "Session closed"}, + {CKR_SESSION_COUNT, "Session count"}, + {CKR_SESSION_HANDLE_INVALID, "Session handle invalid"}, + {CKR_SESSION_PARALLEL_NOT_SUPPORTED, "Session parallel not supported"}, + {CKR_SESSION_READ_ONLY, "Session read only"}, + {CKR_SESSION_EXISTS, "Session exists"}, + {CKR_SESSION_READ_ONLY_EXISTS, "Read-only session exists"}, + {CKR_SESSION_READ_WRITE_SO_EXISTS, "Read/write SO session exists"}, + {CKR_SIGNATURE_INVALID, "Signature invalid"}, + {CKR_SIGNATURE_LEN_RANGE, "Signature len range"}, + {CKR_TEMPLATE_INCOMPLETE, "Incomplete template"}, + {CKR_TEMPLATE_INCONSISTENT, "Inconsistent template"}, + {CKR_TOKEN_NOT_PRESENT, "No PKCS#11 token present"}, + {CKR_TOKEN_NOT_RECOGNIZED, "PKCS#11 token not recognized"}, + {CKR_TOKEN_WRITE_PROTECTED, "Token write protected"}, + {CKR_UNWRAPPING_KEY_HANDLE_INVALID, "Unwrapping key handle invalid"}, + {CKR_UNWRAPPING_KEY_SIZE_RANGE, "Unwrapping key size range"}, + {CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "Unwrapping key type inconsistent"}, + {CKR_USER_ALREADY_LOGGED_IN, "User already logged in"}, + {CKR_USER_NOT_LOGGED_IN, "User not logged in"}, + {CKR_USER_PIN_NOT_INITIALIZED, "User pin not initialized"}, + {CKR_USER_TYPE_INVALID, "User type invalid"}, + {CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "User another is already logged in"}, + {CKR_USER_TOO_MANY_TYPES, "User too many types"}, + {CKR_WRAPPED_KEY_INVALID, "Wrapped key invalid"}, + {CKR_WRAPPED_KEY_LEN_RANGE, "Wrapped key len range"}, + {CKR_WRAPPING_KEY_HANDLE_INVALID, "Wrapping key handle invalid"}, + {CKR_WRAPPING_KEY_SIZE_RANGE, "Wrapping key size range"}, + {CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "Wrapping key type inconsistent"}, + {CKR_RANDOM_SEED_NOT_SUPPORTED, "Random seed not supported"}, + {CKR_RANDOM_NO_RNG, "Random no rng"}, + {CKR_DOMAIN_PARAMS_INVALID, "Domain params invalid"}, + {CKR_BUFFER_TOO_SMALL, "Buffer too small"}, + {CKR_SAVED_STATE_INVALID, "Saved state invalid"}, + {CKR_INFORMATION_SENSITIVE, "Information sensitive"}, + {CKR_STATE_UNSAVEABLE, "State unsaveable"}, + {CKR_CRYPTOKI_NOT_INITIALIZED, "Cryptoki not initialized"}, + {CKR_CRYPTOKI_ALREADY_INITIALIZED, "Cryptoki already initialized"}, + {CKR_MUTEX_BAD, "Mutex bad"}, + {CKR_MUTEX_NOT_LOCKED, "Mutex not locked"}, + {CKR_VENDOR_DEFINED, "Vendor defined"}, + {0, NULL} }; #endif -void -ERR_load_PKCS11_strings(void) +void ERR_load_PKCS11_strings(void) { - static int init = 1; + static int init = 1; if (init) { init = 0; diff --git a/src/sslengines/p11_key.c b/src/sslengines/p11_key.c index 307c67a6..198675bd 100644 --- a/src/sslengines/p11_key.c +++ b/src/sslengines/p11_key.c @@ -58,22 +58,20 @@ #include "pkcs11-internal.h" #include -static int pkcs11_find_keys(PKCS11_TOKEN *, unsigned int); -static int pkcs11_next_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, - CK_SESSION_HANDLE session, CK_OBJECT_CLASS type); -static int pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, - CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, - CK_OBJECT_CLASS type, PKCS11_KEY **); -static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *, - unsigned char *, unsigned int, - PKCS11_KEY **); -static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *, - unsigned char *, unsigned int, - PKCS11_KEY **); +static int pkcs11_find_keys(PKCS11_TOKEN *, unsigned int); +static int pkcs11_next_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token, + CK_SESSION_HANDLE session, CK_OBJECT_CLASS type); +static int pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token, + CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, + CK_OBJECT_CLASS type, PKCS11_KEY **); +static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *, + unsigned char *, unsigned int, PKCS11_KEY **); +static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *, + unsigned char *, unsigned int, PKCS11_KEY **); -static CK_OBJECT_CLASS key_search_class; -static CK_ATTRIBUTE key_search_attrs[] = { - { CKA_CLASS, &key_search_class, sizeof(key_search_class) }, +static CK_OBJECT_CLASS key_search_class; +static CK_ATTRIBUTE key_search_attrs[] = { + {CKA_CLASS, &key_search_class, sizeof(key_search_class)}, }; #define numof(arr) (sizeof(arr)/sizeof((arr)[0])) @@ -82,9 +80,7 @@ static CK_ATTRIBUTE key_search_attrs[] = { * For now, we enumerate just the private keys. */ int -PKCS11_enumerate_keys(PKCS11_TOKEN *token, - PKCS11_KEY **keyp, - unsigned int *countp) +PKCS11_enumerate_keys(PKCS11_TOKEN * token, PKCS11_KEY ** keyp, unsigned int *countp) { PKCS11_TOKEN_private *priv = PRIVTOKEN(token); @@ -108,8 +104,7 @@ PKCS11_enumerate_keys(PKCS11_TOKEN *token, /* * Store a private key on the token */ -int -PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label) +int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label) { if (pkcs11_store_private_key(token, pk, label, NULL, 0, NULL)) return -1; @@ -122,28 +117,25 @@ PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label) * on-board key generation, and if it does, use its own algorithm */ int -PKCS11_generate_key(PKCS11_TOKEN *token, - int algorithm, unsigned int bits, - char *label) +PKCS11_generate_key(PKCS11_TOKEN * token, + int algorithm, unsigned int bits, char *label) { - PKCS11_KEY *key_obj; - EVP_PKEY *pk; - RSA *rsa; - BIO *err; - int rc; + PKCS11_KEY *key_obj; + EVP_PKEY *pk; + RSA *rsa; + BIO *err; + int rc; if (algorithm != EVP_PKEY_RSA) { - PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, - PKCS11_NOT_SUPPORTED); + PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED); return -1; } - err = BIO_new_fp(stderr, BIO_NOCLOSE); + err = BIO_new_fp(stderr, BIO_NOCLOSE); rsa = RSA_generate_key(bits, 0x10001, NULL, err); BIO_free(err); if (rsa == NULL) { - PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, - PKCS11_KEYGEN_FAILED); + PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED); return -1; } @@ -156,7 +148,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token, kpriv = PRIVKEY(key_obj); rc = pkcs11_store_public_key(token, pk, label, - kpriv->id, kpriv->id_len, NULL); + kpriv->id, kpriv->id_len, NULL); } EVP_PKEY_free(pk); return rc; @@ -165,8 +157,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token, /* * Get the key type */ -int -PKCS11_get_key_type(PKCS11_KEY *key) +int PKCS11_get_key_type(PKCS11_KEY * key) { PKCS11_KEY_private *priv = PRIVKEY(key); @@ -177,15 +168,14 @@ PKCS11_get_key_type(PKCS11_KEY *key) * Create a key object that will allow an OpenSSL application * to use the token via an EVP_PKEY */ -EVP_PKEY * -PKCS11_get_private_key(PKCS11_KEY *key) +EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key) { PKCS11_KEY_private *priv = PRIVKEY(key); - EVP_PKEY *pk; + EVP_PKEY *pk; pk = EVP_PKEY_new(); if (priv->ops->get_private(key, pk) - || priv->ops->get_public(key, pk)) { + || priv->ops->get_public(key, pk)) { EVP_PKEY_free(pk); return NULL; } @@ -196,13 +186,12 @@ PKCS11_get_private_key(PKCS11_KEY *key) /* * Find all keys of a given type (public or private) */ -int -pkcs11_find_keys(PKCS11_TOKEN *token, unsigned int type) +int pkcs11_find_keys(PKCS11_TOKEN * token, unsigned int type) { - PKCS11_SLOT *slot = TOKEN2SLOT(token); - PKCS11_CTX *ctx = TOKEN2CTX(token); + PKCS11_SLOT *slot = TOKEN2SLOT(token); + PKCS11_CTX *ctx = TOKEN2CTX(token); CK_SESSION_HANDLE session; - int rv, res = -1; + int rv, res = -1; /* Make sure we have a session */ if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 0)) @@ -212,7 +201,7 @@ pkcs11_find_keys(PKCS11_TOKEN *token, unsigned int type) /* Tell the PKCS11 lib to enumerate all matching objects */ key_search_class = type; rv = CRYPTOKI_call(ctx, C_FindObjectsInit(session, key_search_attrs, - numof(key_search_attrs))); + numof(key_search_attrs))); CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_KEYS, rv); do { @@ -220,16 +209,16 @@ pkcs11_find_keys(PKCS11_TOKEN *token, unsigned int type) } while (res == 0); CRYPTOKI_call(ctx, C_FindObjectsFinal(session)); - return (res < 0)? -1 : 0; + return (res < 0) ? -1 : 0; } int -pkcs11_next_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, +pkcs11_next_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token, CK_SESSION_HANDLE session, CK_OBJECT_CLASS type) { CK_OBJECT_HANDLE obj; - CK_ULONG count; - int rv; + CK_ULONG count; + int rv; /* Get the next matching object */ rv = CRYPTOKI_call(ctx, C_FindObjects(session, &obj, 1, &count)); @@ -245,19 +234,18 @@ pkcs11_next_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, } int -pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, +pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, - CK_OBJECT_CLASS type, - PKCS11_KEY **ret) + CK_OBJECT_CLASS type, PKCS11_KEY ** ret) { PKCS11_TOKEN_private *tpriv; PKCS11_KEY_private *kpriv; - PKCS11_KEY *key; - char label[256]; - unsigned char id[256]; - CK_KEY_TYPE key_type; - PKCS11_KEY_ops *ops; - size_t size; + PKCS11_KEY *key; + char label[256]; + unsigned char id[256]; + CK_KEY_TYPE key_type; + PKCS11_KEY_ops *ops; + size_t size; size = sizeof(key_type); if (pkcs11_getattr_var(token, obj, CKA_KEY_TYPE, &key_type, &size)) @@ -274,7 +262,8 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, tpriv = PRIVTOKEN(token); tpriv->keys = (PKCS11_KEY *) OPENSSL_realloc(tpriv->keys, - (tpriv->nkeys + 1) * sizeof(PKCS11_KEY)); + (tpriv->nkeys + + 1) * sizeof(PKCS11_KEY)); key = tpriv->keys + tpriv->nkeys++; memset(key, 0, sizeof(*key)); @@ -285,7 +274,7 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, if (!pkcs11_getattr_s(token, obj, CKA_LABEL, label, sizeof(label))) key->label = BUF_strdup(label); key->id_len = sizeof(id); - if (!pkcs11_getattr_var(token, obj, CKA_ID, id, (size_t *) &key->id_len)) { + if (!pkcs11_getattr_var(token, obj, CKA_ID, id, (size_t *) & key->id_len)) { key->id = (unsigned char *) malloc(key->id_len); memcpy(key->id, id, key->id_len); } @@ -305,13 +294,12 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, /* * Destroy all keys */ -void -pkcs11_destroy_keys(PKCS11_TOKEN *token) +void pkcs11_destroy_keys(PKCS11_TOKEN * token) { PKCS11_TOKEN_private *priv = PRIVTOKEN(token); while (priv->nkeys > 0) { - PKCS11_KEY *key = &priv->keys[--(priv->nkeys)]; + PKCS11_KEY *key = &priv->keys[--(priv->nkeys)]; if (key->evp_key) EVP_PKEY_free(key->evp_key); @@ -330,17 +318,17 @@ pkcs11_destroy_keys(PKCS11_TOKEN *token) * Store private key */ int -pkcs11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, - unsigned char *id, unsigned int id_len, - PKCS11_KEY **ret_key) +pkcs11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, + unsigned char *id, unsigned int id_len, + PKCS11_KEY ** ret_key) { - PKCS11_SLOT *slot = TOKEN2SLOT(token); - PKCS11_CTX *ctx = TOKEN2CTX(token); + PKCS11_SLOT *slot = TOKEN2SLOT(token); + PKCS11_CTX *ctx = TOKEN2CTX(token); CK_SESSION_HANDLE session; CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[32]; - unsigned int n = 0; - int rv; + CK_ATTRIBUTE attrs[32]; + unsigned int n = 0; + int rv; /* First, make sure we have a session */ if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 1)) @@ -349,7 +337,7 @@ pkcs11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, /* Now build the key attrs */ if (pk->type == EVP_PKEY_RSA) { - RSA *rsa = EVP_PKEY_get1_RSA(pk); + RSA *rsa = EVP_PKEY_get1_RSA(pk); pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PRIVATE_KEY); pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA); @@ -363,8 +351,7 @@ pkcs11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, if (id && id_len) pkcs11_addattr(attrs + n++, CKA_ID, id, id_len); } else { - PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, - PKCS11_NOT_SUPPORTED); + PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, PKCS11_NOT_SUPPORTED); return -1; } @@ -378,24 +365,24 @@ pkcs11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, /* Gobble the key object */ return pkcs11_init_key(ctx, token, session, object, - CKO_PRIVATE_KEY, ret_key); + CKO_PRIVATE_KEY, ret_key); } /* * Store public key */ int -pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, - unsigned char *id, unsigned int id_len, - PKCS11_KEY **ret_key) +pkcs11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, + unsigned char *id, unsigned int id_len, + PKCS11_KEY ** ret_key) { - PKCS11_SLOT *slot = TOKEN2SLOT(token); - PKCS11_CTX *ctx = TOKEN2CTX(token); + PKCS11_SLOT *slot = TOKEN2SLOT(token); + PKCS11_CTX *ctx = TOKEN2CTX(token); CK_SESSION_HANDLE session; CK_OBJECT_HANDLE object; - CK_ATTRIBUTE attrs[32]; - unsigned int n = 0; - int rv; + CK_ATTRIBUTE attrs[32]; + unsigned int n = 0; + int rv; /* First, make sure we have a session */ if (!PRIVSLOT(slot)->haveSession && PKCS11_open_session(slot, 1)) @@ -404,7 +391,7 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, /* Now build the key attrs */ if (pk->type == EVP_PKEY_RSA) { - RSA *rsa = EVP_PKEY_get1_RSA(pk); + RSA *rsa = EVP_PKEY_get1_RSA(pk); pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_PUBLIC_KEY); pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA); @@ -415,8 +402,7 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, if (id && id_len) pkcs11_addattr(attrs + n++, CKA_ID, id, id_len); } else { - PKCS11err(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, - PKCS11_NOT_SUPPORTED); + PKCS11err(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, PKCS11_NOT_SUPPORTED); return -1; } @@ -429,6 +415,5 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, rv); /* Gobble the key object */ - return pkcs11_init_key(ctx, token, session, - object, CKO_PUBLIC_KEY, ret_key); + return pkcs11_init_key(ctx, token, session, object, CKO_PUBLIC_KEY, ret_key); } diff --git a/src/sslengines/p11_load.c b/src/sslengines/p11_load.c index 699802b5..3a3bed09 100644 --- a/src/sslengines/p11_load.c +++ b/src/sslengines/p11_load.c @@ -63,17 +63,16 @@ static void *handle = NULL; /* * Create a new context */ -PKCS11_CTX * -PKCS11_CTX_new(void) +PKCS11_CTX *PKCS11_CTX_new(void) { PKCS11_CTX_private *priv; - PKCS11_CTX *ctx; + PKCS11_CTX *ctx; /* Load error strings */ ERR_load_PKCS11_strings(); priv = PKCS11_NEW(PKCS11_CTX_private); - ctx = PKCS11_NEW(PKCS11_CTX); + ctx = PKCS11_NEW(PKCS11_CTX); ctx->_private = priv; /* Mark list of slots as "need to fetch from card" */ @@ -85,18 +84,17 @@ PKCS11_CTX_new(void) /* * Load the shared library, and initialize it. */ -int -PKCS11_CTX_load(PKCS11_CTX *ctx, const char *name) +int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name) { PKCS11_CTX_private *priv = PRIVCTX(ctx); - CK_INFO ck_info; - int rv; + CK_INFO ck_info; + int rv; if (priv->libinfo != NULL) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_MODULE_LOADED_ERROR); return -1; } - handle=C_LoadModule(name, &priv->method ); + handle = C_LoadModule(name, &priv->method); if (!handle) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR); return -1; @@ -119,11 +117,10 @@ PKCS11_CTX_load(PKCS11_CTX *ctx, const char *name) /* * Unload the shared library */ -void -PKCS11_CTX_unload(PKCS11_CTX *ctx) +void PKCS11_CTX_unload(PKCS11_CTX * ctx) { PKCS11_CTX_private *priv; - priv= PRIVCTX(ctx); + priv = PRIVCTX(ctx); /* Free any slot info we have allocated */ pkcs11_destroy_all_slots(ctx); @@ -138,10 +135,9 @@ PKCS11_CTX_unload(PKCS11_CTX *ctx) /* * Free a context */ -void -PKCS11_CTX_free(PKCS11_CTX *ctx) +void PKCS11_CTX_free(PKCS11_CTX * ctx) { - PKCS11_CTX_unload(ctx); /* Make sure */ + PKCS11_CTX_unload(ctx); /* Make sure */ OPENSSL_free(ctx->manufacturer); OPENSSL_free(ctx->description); OPENSSL_free(ctx->_private); diff --git a/src/sslengines/p11_misc.c b/src/sslengines/p11_misc.c index c99de462..669be3f5 100644 --- a/src/sslengines/p11_misc.c +++ b/src/sslengines/p11_misc.c @@ -59,10 +59,9 @@ #include #include -void * -pkcs11_malloc(size_t size) +void *pkcs11_malloc(size_t size) { - void *p = OPENSSL_malloc(size); + void *p = OPENSSL_malloc(size); memset(p, 0, size); return p; } @@ -71,14 +70,13 @@ pkcs11_malloc(size_t size) * so when strduping them we must make sure * we stop at the end of the buffer, and while we're * at it it's nice to remove the padding */ -char * -pkcs11_strdup(char *mem, size_t size) +char *pkcs11_strdup(char *mem, size_t size) { - char *res; + char *res; - while (size && mem[size-1] == ' ') + while (size && mem[size - 1] == ' ') size--; - res = (char *) OPENSSL_malloc(size+1); + res = (char *) OPENSSL_malloc(size + 1); memcpy(res, mem, size); res[size] = '\0'; return res; @@ -87,10 +85,9 @@ pkcs11_strdup(char *mem, size_t size) /* * Dup memory */ -void * -memdup(const void *src, size_t size) +void *memdup(const void *src, size_t size) { - void *dst; + void *dst; dst = malloc(size); memcpy(dst, src, size); diff --git a/src/sslengines/p11_rsa.c b/src/sslengines/p11_rsa.c index ccef22d3..8b9b2552 100644 --- a/src/sslengines/p11_rsa.c +++ b/src/sslengines/p11_rsa.c @@ -65,9 +65,9 @@ #include #include -static int pkcs11_get_rsa_public(PKCS11_KEY *, EVP_PKEY *); -static int pkcs11_get_rsa_private(PKCS11_KEY *, EVP_PKEY *); -RSA_METHOD * pkcs11_get_rsa_method(void); +static int pkcs11_get_rsa_public(PKCS11_KEY *, EVP_PKEY *); +static int pkcs11_get_rsa_private(PKCS11_KEY *, EVP_PKEY *); +RSA_METHOD *pkcs11_get_rsa_method(void); #define key_getattr(k, t, p, s) \ pkcs11_getattr(KEY2TOKEN(key), PRIVKEY(key)->object, t, p, s) @@ -77,20 +77,19 @@ RSA_METHOD * pkcs11_get_rsa_method(void); /* * Get RSA key material */ -int -pkcs11_get_rsa_private(PKCS11_KEY *key, EVP_PKEY *pk) +int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk) { - CK_BBOOL sensitive, extractable; - RSA *rsa; + CK_BBOOL sensitive, extractable; + RSA *rsa; if (!(rsa = EVP_PKEY_get1_RSA(pk))) { - ERR_clear_error(); /* the above flags an error */ + ERR_clear_error(); /* the above flags an error */ rsa = RSA_new(); EVP_PKEY_set1_RSA(pk, rsa); } if (key_getattr(key, CKA_SENSITIVE, &sensitive, sizeof(sensitive)) - || key_getattr(key, CKA_EXTRACTABLE, &extractable, sizeof(extractable))) + || key_getattr(key, CKA_EXTRACTABLE, &extractable, sizeof(extractable))) return -1; if (!rsa->n && key_getattr_bn(key, CKA_MODULUS, &rsa->n)) @@ -112,8 +111,7 @@ pkcs11_get_rsa_private(PKCS11_KEY *key, EVP_PKEY *pk) return -1; } -int -pkcs11_get_rsa_public(PKCS11_KEY *key, EVP_PKEY *pk) +int pkcs11_get_rsa_public(PKCS11_KEY * key, EVP_PKEY * pk) { /* TBD */ return 0; @@ -121,9 +119,9 @@ pkcs11_get_rsa_public(PKCS11_KEY *key, EVP_PKEY *pk) static int pkcs11_rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) + RSA * rsa, int padding) { - PKCS11_KEY *key = (PKCS11_KEY *) RSA_get_app_data(rsa); + PKCS11_KEY *key = (PKCS11_KEY *) RSA_get_app_data(rsa); if (padding != RSA_PKCS1_PADDING) return -1; @@ -137,7 +135,7 @@ pkcs11_rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, static int pkcs11_rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) + RSA * rsa, int padding) { /* PKCS11 calls go here */ PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, PKCS11_NOT_SUPPORTED); @@ -146,16 +144,16 @@ pkcs11_rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, static int pkcs11_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + unsigned char *sigret, unsigned int *siglen, const RSA * rsa) { - PKCS11_KEY *key = (PKCS11_KEY *) RSA_get_app_data(rsa); + PKCS11_KEY *key = (PKCS11_KEY *) RSA_get_app_data(rsa); PKCS11_KEY_private *priv; - PKCS11_SLOT *slot; - PKCS11_CTX *ctx; + PKCS11_SLOT *slot; + PKCS11_CTX *ctx; CK_SESSION_HANDLE session; - CK_MECHANISM mechanism; - CK_ULONG sigsize; - int rv; + CK_MECHANISM mechanism; + CK_ULONG sigsize; + int rv; if (key == NULL) return -1; @@ -175,14 +173,15 @@ pkcs11_rsa_sign(int type, const unsigned char *m, unsigned int m_len, * by OpenSSL). The library assumes that the memory passed * by the caller is always big enough */ sigsize = BN_num_bytes(rsa->n); - rv = CRYPTOKI_call(ctx, C_Sign(session, (CK_BYTE *) m, m_len, sigret, &sigsize)); + rv = CRYPTOKI_call(ctx, + C_Sign(session, (CK_BYTE *) m, m_len, sigret, &sigsize)); if (rv) goto fail; *siglen = sigsize; return 1; -fail: PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv)); + fail:PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv)); return 0; } @@ -194,10 +193,10 @@ fail: PKCS11err(PKCS11_F_PKCS11_RSA_SIGN, pkcs11_map_err(rv)); */ static int pkcs11_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *signature, unsigned int siglen, const RSA *rsa) + unsigned char *signature, unsigned int siglen, const RSA * rsa) { RSA *r = (RSA *) rsa; /* Ugly hack to get rid of compiler warning */ - int res; + int res; if (r->flags & RSA_FLAG_SIGN_VER) { r->flags &= ~RSA_FLAG_SIGN_VER; @@ -213,8 +212,7 @@ pkcs11_rsa_verify(int type, const unsigned char *m, unsigned int m_len, /* * Overload the default OpenSSL methods for RSA */ -RSA_METHOD * -pkcs11_get_rsa_method(void) +RSA_METHOD *pkcs11_get_rsa_method(void) { static RSA_METHOD ops; @@ -222,13 +220,13 @@ pkcs11_get_rsa_method(void) ops = *RSA_get_default_method(); ops.rsa_priv_enc = pkcs11_rsa_encrypt; ops.rsa_priv_dec = pkcs11_rsa_decrypt; - ops.rsa_sign = pkcs11_rsa_sign; - ops.rsa_verify = pkcs11_rsa_verify; + ops.rsa_sign = pkcs11_rsa_sign; + ops.rsa_verify = pkcs11_rsa_verify; } return &ops; } -PKCS11_KEY_ops pkcs11_rsa_ops = { +PKCS11_KEY_ops pkcs11_rsa_ops = { EVP_PKEY_RSA, pkcs11_get_rsa_public, pkcs11_get_rsa_private diff --git a/src/sslengines/p11_slot.c b/src/sslengines/p11_slot.c index ca62a578..ac4be947 100644 --- a/src/sslengines/p11_slot.c +++ b/src/sslengines/p11_slot.c @@ -59,31 +59,28 @@ #include #include -static int pkcs11_init_slot(PKCS11_CTX *, PKCS11_SLOT *, CK_SLOT_ID); -static int pkcs11_check_token(PKCS11_CTX *, PKCS11_SLOT *); -static void pkcs11_destroy_token(PKCS11_TOKEN *); +static int pkcs11_init_slot(PKCS11_CTX *, PKCS11_SLOT *, CK_SLOT_ID); +static int pkcs11_check_token(PKCS11_CTX *, PKCS11_SLOT *); +static void pkcs11_destroy_token(PKCS11_TOKEN *); /* * Enumerate slots */ int -PKCS11_enumerate_slots(PKCS11_CTX *ctx, - PKCS11_SLOT **slotp, - unsigned int *countp) +PKCS11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *countp) { PKCS11_CTX_private *priv = PRIVCTX(ctx); if (priv->nslots < 0) { - CK_SLOT_ID slotid[64]; - CK_ULONG nslots = sizeof(slotid), n; - PKCS11_SLOT *slots; - int rv; + CK_SLOT_ID slotid[64]; + CK_ULONG nslots = sizeof(slotid), n; + PKCS11_SLOT *slots; + int rv; rv = priv->method->C_GetSlotList(FALSE, slotid, &nslots); CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv); - slots = (PKCS11_SLOT *) pkcs11_malloc(nslots - * sizeof(PKCS11_SLOT)); + slots = (PKCS11_SLOT *) pkcs11_malloc(nslots * sizeof(PKCS11_SLOT)); for (n = 0; n < nslots; n++) { if (pkcs11_init_slot(ctx, &slots[n], slotid[n])) { while (n--) @@ -104,12 +101,11 @@ PKCS11_enumerate_slots(PKCS11_CTX *ctx, /* * Find a slot with a token that looks "valuable" */ -PKCS11_SLOT * -PKCS11_find_token(PKCS11_CTX *ctx) +PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx) { - PKCS11_SLOT *slot_list, *slot, *best; - PKCS11_TOKEN *tok; - unsigned int n, nslots; + PKCS11_SLOT *slot_list, *slot, *best; + PKCS11_TOKEN *tok; + unsigned int n, nslots; if (PKCS11_enumerate_slots(ctx, &slot_list, &nslots)) return NULL; @@ -118,9 +114,9 @@ PKCS11_find_token(PKCS11_CTX *ctx) for (n = 0, slot = slot_list; n < nslots; n++, slot++) { if ((tok = slot->token) != NULL) { if (best == NULL - || (tok->initialized > best->token->initialized - && tok->userPinSet > best->token->userPinSet - && tok->loginRequired > best->token->loginRequired)) + || (tok->initialized > best->token->initialized + && tok->userPinSet > best->token->userPinSet + && tok->loginRequired > best->token->loginRequired)) best = slot; } } @@ -130,21 +126,21 @@ PKCS11_find_token(PKCS11_CTX *ctx) /* * Open a session with this slot */ -int -PKCS11_open_session(PKCS11_SLOT *slot, int rw) +int PKCS11_open_session(PKCS11_SLOT * slot, int rw) { PKCS11_SLOT_private *priv = PRIVSLOT(slot); - PKCS11_CTX *ctx = SLOT2CTX(slot); - int rv; + PKCS11_CTX *ctx = SLOT2CTX(slot); + int rv; if (priv->haveSession) { CRYPTOKI_call(ctx, C_CloseSession(priv->session)); priv->haveSession = 0; } rv = CRYPTOKI_call(ctx, - C_OpenSession(priv->id, - CKF_SERIAL_SESSION | (rw? CKF_RW_SESSION : 0), - NULL, NULL, &priv->session)); + C_OpenSession(priv->id, + CKF_SERIAL_SESSION | (rw ? CKF_RW_SESSION : + 0), NULL, NULL, + &priv->session)); CRYPTOKI_checkerr(PKCS11_F_PKCS11_OPEN_SESSION, rv); priv->haveSession = 1; @@ -154,12 +150,11 @@ PKCS11_open_session(PKCS11_SLOT *slot, int rw) /* * Authenticate with the card */ -int -PKCS11_login(PKCS11_SLOT *slot, int so, char *pin) +int PKCS11_login(PKCS11_SLOT * slot, int so, char *pin) { PKCS11_SLOT_private *priv = PRIVSLOT(slot); - PKCS11_CTX *ctx = priv->parent; - int rv; + PKCS11_CTX *ctx = priv->parent; + int rv; /* Calling PKCS11_login invalidates all cached * keys we have */ @@ -178,8 +173,8 @@ PKCS11_login(PKCS11_SLOT *slot, int so, char *pin) } rv = CRYPTOKI_call(ctx, C_Login(priv->session, - so? CKU_SO : CKU_USER, - (CK_UTF8CHAR *) pin, strlen(pin))); + so ? CKU_SO : CKU_USER, + (CK_UTF8CHAR *) pin, strlen(pin))); CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGIN, rv); priv->loggedIn = 1; return 0; @@ -188,12 +183,11 @@ PKCS11_login(PKCS11_SLOT *slot, int so, char *pin) /* * Log out */ -int -PKCS11_logout(PKCS11_SLOT *slot) +int PKCS11_logout(PKCS11_SLOT * slot) { PKCS11_SLOT_private *priv = PRIVSLOT(slot); - PKCS11_CTX *ctx = priv->parent; - int rv; + PKCS11_CTX *ctx = priv->parent; + int rv; /* Calling PKCS11_logout invalidates all cached * keys we have */ @@ -213,18 +207,18 @@ PKCS11_logout(PKCS11_SLOT *slot) /* * Initialize the token */ -int -PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label) +int PKCS11_init_token(PKCS11_TOKEN * token, char *pin, char *label) { PKCS11_SLOT_private *priv = PRIVSLOT(TOKEN2SLOT(token)); PKCS11_CTX_private *cpriv; - PKCS11_CTX *ctx = priv->parent; - int n, rv; + PKCS11_CTX *ctx = priv->parent; + int n, rv; if (!label) label = "PKCS#11 Token"; rv = CRYPTOKI_call(ctx, C_InitToken(priv->id, - (CK_UTF8CHAR *) pin, strlen(pin), (CK_UTF8CHAR *) label)); + (CK_UTF8CHAR *) pin, strlen(pin), + (CK_UTF8CHAR *) label)); CRYPTOKI_checkerr(PKCS11_F_PKCS11_INIT_TOKEN, rv); cpriv = PRIVCTX(ctx); @@ -239,19 +233,18 @@ PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label) /* * Set the User PIN */ -int -PKCS11_init_pin(PKCS11_TOKEN *token, char *pin) +int PKCS11_init_pin(PKCS11_TOKEN * token, char *pin) { PKCS11_SLOT_private *priv = PRIVSLOT(TOKEN2SLOT(token)); - PKCS11_CTX *ctx = priv->parent; - int len, rv; + PKCS11_CTX *ctx = priv->parent; + int len, rv; if (!priv->haveSession) { PKCS11err(PKCS11_F_PKCS11_INIT_PIN, PKCS11_NO_SESSION); return -1; } - len = pin? strlen(pin) : 0; + len = pin ? strlen(pin) : 0; rv = CRYPTOKI_call(ctx, C_InitPIN(priv->session, (CK_UTF8CHAR *) pin, len)); CRYPTOKI_checkerr(PKCS11_F_PKCS11_INIT_PIN, rv); @@ -261,12 +254,11 @@ PKCS11_init_pin(PKCS11_TOKEN *token, char *pin) /* * Helper functions */ -int -pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id) +int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id) { - PKCS11_SLOT_private *priv; - CK_SLOT_INFO info; - int rv; + PKCS11_SLOT_private *priv; + CK_SLOT_INFO info; + int rv; rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info)); CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv); @@ -277,7 +269,7 @@ pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id) slot->description = PKCS11_DUP(info.slotDescription); slot->manufacturer = PKCS11_DUP(info.manufacturerID); - slot->removable = (info.flags & CKF_REMOVABLE_DEVICE)? 1 : 0; + slot->removable = (info.flags & CKF_REMOVABLE_DEVICE) ? 1 : 0; slot->_private = priv; if ((info.flags & CKF_TOKEN_PRESENT) && pkcs11_check_token(ctx, slot)) @@ -286,8 +278,7 @@ pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id) return 0; } -void -pkcs11_destroy_all_slots(PKCS11_CTX *ctx) +void pkcs11_destroy_all_slots(PKCS11_CTX * ctx) { PKCS11_CTX_private *priv = PRIVCTX(ctx); @@ -298,8 +289,7 @@ pkcs11_destroy_all_slots(PKCS11_CTX *ctx) priv->nslots = -1; } -void -pkcs11_destroy_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot) +void pkcs11_destroy_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot) { PKCS11_SLOT_private *priv = PRIVSLOT(slot); @@ -314,14 +304,13 @@ pkcs11_destroy_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot) memset(slot, 0, sizeof(*slot)); } -int -pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot) +int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot) { PKCS11_SLOT_private *priv = PRIVSLOT(slot); PKCS11_TOKEN_private *tpriv; - CK_TOKEN_INFO info; - PKCS11_TOKEN *token; - int rv; + CK_TOKEN_INFO info; + PKCS11_TOKEN *token; + int rv; if (slot->token) pkcs11_destroy_token(slot->token); @@ -346,17 +335,16 @@ pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot) token->label = PKCS11_DUP(info.label); token->manufacturer = PKCS11_DUP(info.manufacturerID); token->model = PKCS11_DUP(info.model); - token->initialized = (info.flags & CKF_TOKEN_INITIALIZED)? 1 : 0; - token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED)? 1 : 0; - token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED)? 1 : 0; - token->readOnly = (info.flags & CKF_WRITE_PROTECTED)? 1 : 0; + token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0; + token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0; + token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0; + token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0; token->_private = tpriv; return 0; } -void -pkcs11_destroy_token(PKCS11_TOKEN *token) +void pkcs11_destroy_token(PKCS11_TOKEN * token) { /* XXX destroy keys associated with this token */ OPENSSL_free(token->label); diff --git a/src/sslengines/pkcs11-internal.h b/src/sslengines/pkcs11-internal.h index 6386d4aa..fe03432c 100644 --- a/src/sslengines/pkcs11-internal.h +++ b/src/sslengines/pkcs11-internal.h @@ -87,108 +87,97 @@ ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__) * * - no support for any operations that alter the card, * i.e. readonly-login - * - * Rather than include the complete PKCS#11 type definition - * header file here, I'm defining my own bunch of types, - * leaving out those that are not needed. - * I also hope that they will be more in line with OpenSSL - * coding style. */ /* PKCS11 key object (public or private) */ typedef struct PKCS11_key_st { - char * label; - unsigned char * id; - int id_len; - unsigned char isPrivate; /* private key present? */ - unsigned char needLogin; /* login to read private key? */ - EVP_PKEY * evp_key; /* initially NULL, need to call PKCS11_load_key */ - void * _private; + char *label; + unsigned char *id; + int id_len; + unsigned char isPrivate; /* private key present? */ + unsigned char needLogin; /* login to read private key? */ + EVP_PKEY *evp_key; /* initially NULL, need to call PKCS11_load_key */ + void *_private; } PKCS11_KEY; /* PKCS11 certificate object */ typedef struct PKCS11_cert_st { - char * label; - unsigned char * id; - int id_len; - X509 * x509; - void * _private; + char *label; + unsigned char *id; + int id_len; + X509 *x509; + void *_private; } PKCS11_CERT; /* PKCS11 token, e.g. smart card or USB key */ typedef struct PKCS11_token_st { - char * label; - char * manufacturer; - char * model; - unsigned char initialized; - unsigned char loginRequired; - unsigned char userPinSet; - unsigned char readOnly; - void * _private; + char *label; + char *manufacturer; + char *model; + unsigned char initialized; + unsigned char loginRequired; + unsigned char userPinSet; + unsigned char readOnly; + void *_private; } PKCS11_TOKEN; /* PKCS11 slot, e.g. card reader */ typedef struct PKCS11_slot_st { - char * manufacturer; - char * description; - unsigned char removable; - PKCS11_TOKEN * token; /* NULL if no token present */ - void * _private; + char *manufacturer; + char *description; + unsigned char removable; + PKCS11_TOKEN *token; /* NULL if no token present */ + void *_private; } PKCS11_SLOT; typedef struct PKCS11_ctx_st { - char * manufacturer; - char * description; - void * _private; + char *manufacturer; + char *description; + void *_private; } PKCS11_CTX; -extern PKCS11_CTX * PKCS11_CTX_new(void); -extern int PKCS11_CTX_load(PKCS11_CTX *, const char *ident); -extern void PKCS11_CTX_unload(PKCS11_CTX *); -extern void PKCS11_CTX_free(PKCS11_CTX *); +extern PKCS11_CTX *PKCS11_CTX_new(void); +extern int PKCS11_CTX_load(PKCS11_CTX *, const char *ident); +extern void PKCS11_CTX_unload(PKCS11_CTX *); +extern void PKCS11_CTX_free(PKCS11_CTX *); /* Get a list of all slots */ -extern int PKCS11_enumerate_slots(PKCS11_CTX *, PKCS11_SLOT **, unsigned int *); +extern int PKCS11_enumerate_slots(PKCS11_CTX *, PKCS11_SLOT **, unsigned int *); /* Find the first slot with a token */ -extern PKCS11_SLOT * PKCS11_find_token(PKCS11_CTX *); +extern PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX *); /* Authenticate to the card */ -extern int PKCS11_login(PKCS11_SLOT *, int so, char *pin); -extern int PKCS11_logout(PKCS11_SLOT *); +extern int PKCS11_login(PKCS11_SLOT *, int so, char *pin); +extern int PKCS11_logout(PKCS11_SLOT *); /* Get a list of all keys associated with this token */ -extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, - PKCS11_KEY **, unsigned int *); +extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *); /* Get the key type (as EVP_PKEY_XXX) */ -extern int PKCS11_get_key_type(PKCS11_KEY *); +extern int PKCS11_get_key_type(PKCS11_KEY *); /* Get the enveloped private key */ -extern EVP_PKEY * PKCS11_get_private_key(PKCS11_KEY *); +extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *); /* Find the corresponding certificate (if any) */ -extern PKCS11_CERT * PKCS11_find_certificate(PKCS11_KEY *); +extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *); /* Get a list of all certificates associated with this token */ -extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, - PKCS11_CERT **, unsigned int *); +extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *); /* Initialize a token */ -extern int PKCS11_init_token(PKCS11_TOKEN *, - char *pin, char *label); +extern int PKCS11_init_token(PKCS11_TOKEN *, char *pin, char *label); /* Initialize the user PIN on a token */ -extern int PKCS11_init_pin(PKCS11_TOKEN *, char *pin); +extern int PKCS11_init_pin(PKCS11_TOKEN *, char *pin); /* Store various objects on the token */ -extern int PKCS11_generate_key(PKCS11_TOKEN *, int, - unsigned int, char *); -extern int PKCS11_store_private_key(PKCS11_TOKEN *, - EVP_PKEY *, char *); +extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *); +extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *); /* Load PKCS11 error strings */ -extern void ERR_load_PKCS11_strings(void); +extern void ERR_load_PKCS11_strings(void); /* * Function and reason codes @@ -228,49 +217,48 @@ extern void ERR_load_PKCS11_strings(void); * PKCS11_CTX: context for a PKCS11 implementation */ typedef struct pkcs11_ctx_private { - char * name; - void * libinfo; - CK_FUNCTION_LIST_PTR method; + char *name; + void *libinfo; + CK_FUNCTION_LIST_PTR method; - CK_SESSION_HANDLE session; - int nslots; - PKCS11_SLOT * slots; + CK_SESSION_HANDLE session; + int nslots; + PKCS11_SLOT *slots; } PKCS11_CTX_private; #define PRIVCTX(ctx) ((PKCS11_CTX_private *) (ctx->_private)) typedef struct pkcs11_slot_private { - PKCS11_CTX * parent; - unsigned char haveSession, - loggedIn; - CK_SLOT_ID id; - CK_SESSION_HANDLE session; + PKCS11_CTX *parent; + unsigned char haveSession, loggedIn; + CK_SLOT_ID id; + CK_SESSION_HANDLE session; } PKCS11_SLOT_private; #define PRIVSLOT(slot) ((PKCS11_SLOT_private *) (slot->_private)) #define SLOT2CTX(slot) (PRIVSLOT(slot)->parent) typedef struct pkcs11_token_private { - PKCS11_SLOT * parent; - int nkeys, nprkeys; - PKCS11_KEY * keys; - int ncerts; - PKCS11_CERT * certs; + PKCS11_SLOT *parent; + int nkeys, nprkeys; + PKCS11_KEY *keys; + int ncerts; + PKCS11_CERT *certs; } PKCS11_TOKEN_private; #define PRIVTOKEN(token) ((PKCS11_TOKEN_private *) (token->_private)) #define TOKEN2SLOT(token) (PRIVTOKEN(token)->parent) #define TOKEN2CTX(token) SLOT2CTX(TOKEN2SLOT(token)) typedef struct pkcs11_key_ops { - int type; /* EVP_PKEY_xxx */ - int (*get_public)(PKCS11_KEY *, EVP_PKEY *); - int (*get_private)(PKCS11_KEY *, EVP_PKEY *); + int type; /* EVP_PKEY_xxx */ + int (*get_public) (PKCS11_KEY *, EVP_PKEY *); + int (*get_private) (PKCS11_KEY *, EVP_PKEY *); } PKCS11_KEY_ops; typedef struct pkcs11_key_private { - PKCS11_TOKEN * parent; - CK_OBJECT_HANDLE object; - unsigned char id[32]; - size_t id_len; - PKCS11_KEY_ops * ops; + PKCS11_TOKEN *parent; + CK_OBJECT_HANDLE object; + unsigned char id[32]; + size_t id_len; + PKCS11_KEY_ops *ops; } PKCS11_KEY_private; #define PRIVKEY(key) ((PKCS11_KEY_private *) key->_private) #define KEY2SLOT(key) TOKEN2SLOT(KEY2TOKEN(key)) @@ -278,10 +266,10 @@ typedef struct pkcs11_key_private { #define KEY2CTX(key) TOKEN2CTX(KEY2TOKEN(key)) typedef struct pkcs11_cert_private { - PKCS11_TOKEN * parent; - CK_OBJECT_HANDLE object; - unsigned char id[32]; - size_t id_len; + PKCS11_TOKEN *parent; + CK_OBJECT_HANDLE object; + unsigned char id[32]; + size_t id_len; } PKCS11_CERT_private; #define PRIVCERT(cert) ((PKCS11_CERT_private *) cert->_private) @@ -311,35 +299,34 @@ typedef struct pkcs11_cert_private { #define PKCS11_DUP(s) \ pkcs11_strdup((char *) s, sizeof(s)) -extern int PKCS11_open_session(PKCS11_SLOT *, int); -extern void pkcs11_destroy_all_slots(PKCS11_CTX *); -extern void pkcs11_destroy_slot(PKCS11_CTX *, PKCS11_SLOT *); -extern void pkcs11_destroy_keys(PKCS11_TOKEN *); -extern void pkcs11_destroy_certs(PKCS11_TOKEN *); -extern void * pkcs11_malloc(size_t); -extern char * pkcs11_strdup(char *, size_t); +extern int PKCS11_open_session(PKCS11_SLOT *, int); +extern void pkcs11_destroy_all_slots(PKCS11_CTX *); +extern void pkcs11_destroy_slot(PKCS11_CTX *, PKCS11_SLOT *); +extern void pkcs11_destroy_keys(PKCS11_TOKEN *); +extern void pkcs11_destroy_certs(PKCS11_TOKEN *); +extern void *pkcs11_malloc(size_t); +extern char *pkcs11_strdup(char *, size_t); -extern int pkcs11_getattr(PKCS11_TOKEN *, CK_OBJECT_HANDLE, - unsigned int, void *, size_t); -extern int pkcs11_getattr_s(PKCS11_TOKEN *, CK_OBJECT_HANDLE, - unsigned int, void *, size_t); -extern int pkcs11_getattr_var(PKCS11_TOKEN *, CK_OBJECT_HANDLE, - unsigned int, void *, size_t *); -extern int pkcs11_getattr_bn(PKCS11_TOKEN *, CK_OBJECT_HANDLE, - unsigned int, BIGNUM **); +extern int pkcs11_getattr(PKCS11_TOKEN *, CK_OBJECT_HANDLE, + unsigned int, void *, size_t); +extern int pkcs11_getattr_s(PKCS11_TOKEN *, CK_OBJECT_HANDLE, + unsigned int, void *, size_t); +extern int pkcs11_getattr_var(PKCS11_TOKEN *, CK_OBJECT_HANDLE, + unsigned int, void *, size_t *); +extern int pkcs11_getattr_bn(PKCS11_TOKEN *, CK_OBJECT_HANDLE, + unsigned int, BIGNUM **); -typedef int (*pkcs11_i2d_fn)(void *, unsigned char **); -extern void pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t); -extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long); -extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *); -extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *); -extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, - pkcs11_i2d_fn, void *); -extern void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR, unsigned int); +typedef int (*pkcs11_i2d_fn) (void *, unsigned char **); +extern void pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t); +extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long); +extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *); +extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *); +extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *); +extern void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR, unsigned int); -extern void * memdup(const void *, size_t); +extern void *memdup(const void *, size_t); -extern PKCS11_KEY_ops pkcs11_rsa_ops; +extern PKCS11_KEY_ops pkcs11_rsa_ops; #ifdef __cplusplus }