diff options
Diffstat (limited to 'src/libstrongswan/plugins/pkcs11')
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/Makefile.in | 14 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_creds.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c | 47 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 20 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c | 12 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_rng.c | 14 |
7 files changed, 67 insertions, 53 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 2ead77f5a..dc0ab1e82 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -49,6 +49,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; @@ -87,7 +88,7 @@ libstrongswan_pkcs11_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @MONOLITHIC_FALSE@am_libstrongswan_pkcs11_la_rpath = -rpath \ @MONOLITHIC_FALSE@ $(plugindir) @MONOLITHIC_TRUE@am_libstrongswan_pkcs11_la_rpath = -DEFAULT_INCLUDES = -I.@am__isrc@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f @@ -113,6 +114,7 @@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BFDLIB = @BFDLIB@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ @@ -207,11 +209,14 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ -default_pkcs11 = @default_pkcs11@ +dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -228,11 +233,12 @@ imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ -libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -248,6 +254,7 @@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ @@ -257,7 +264,6 @@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index a81ec1147..7536ce1d3 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -109,7 +109,8 @@ static void find_certificates(private_pkcs11_creds_t *this, if (cert) { DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", - entry->trusted ? "" : "un", entry->label.len, entry->label.ptr); + entry->trusted ? "" : "un", (int)entry->label.len, + entry->label.ptr); /* trusted certificates are also returned as untrusted */ this->untrusted->insert_last(this->untrusted, cert); if (entry->trusted) @@ -120,7 +121,7 @@ static void find_certificates(private_pkcs11_creds_t *this, else { DBG1(DBG_CFG, " loading cert '%.*s' failed", - entry->label.len, entry->label.ptr); + (int)entry->label.len, entry->label.ptr); } free(entry->value.ptr); free(entry->label.ptr); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index 069fa98b6..53a2bfca7 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -84,7 +84,7 @@ METHOD(hasher_t, get_hash_size, size_t, /** * Save the Operation state to host memory */ -static void save_state(private_pkcs11_hasher_t *this) +static bool save_state(private_pkcs11_hasher_t *this) { CK_RV rv; @@ -110,20 +110,20 @@ static void save_state(private_pkcs11_hasher_t *this) continue; case CKR_OK: this->have_state = TRUE; - return; + return TRUE; default: break; } break; } DBG1(DBG_CFG, "C_GetOperationState() failed: %N", ck_rv_names, rv); - abort(); + return FALSE; } /** * Load the Operation state from host memory */ -static void load_state(private_pkcs11_hasher_t *this) +static bool load_state(private_pkcs11_hasher_t *this) { CK_RV rv; @@ -132,18 +132,20 @@ static void load_state(private_pkcs11_hasher_t *this) if (rv != CKR_OK) { DBG1(DBG_CFG, "C_SetOperationState() failed: %N", ck_rv_names, rv); - abort(); + return FALSE; } this->have_state = FALSE; + return TRUE; } -METHOD(hasher_t, reset, void, +METHOD(hasher_t, reset, bool, private_pkcs11_hasher_t *this) { this->have_state = FALSE; + return TRUE; } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash) { CK_RV rv; @@ -152,7 +154,11 @@ METHOD(hasher_t, get_hash, void, this->mutex->lock(this->mutex); if (this->have_state) { - load_state(this); + if (!load_state(this)) + { + this->mutex->unlock(this->mutex); + return FALSE; + } } else { @@ -160,7 +166,8 @@ METHOD(hasher_t, get_hash, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_DigestInit() failed: %N", ck_rv_names, rv); - abort(); + this->mutex->unlock(this->mutex); + return FALSE; } } if (chunk.len) @@ -169,7 +176,8 @@ METHOD(hasher_t, get_hash, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_DigestUpdate() failed: %N", ck_rv_names, rv); - abort(); + this->mutex->unlock(this->mutex); + return FALSE; } } if (hash) @@ -180,28 +188,31 @@ METHOD(hasher_t, get_hash, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_DigestFinal() failed: %N", ck_rv_names, rv); - abort(); + this->mutex->unlock(this->mutex); + return FALSE; } } else { - save_state(this); + if (!save_state(this)) + { + this->mutex->unlock(this->mutex); + return FALSE; + } } this->mutex->unlock(this->mutex); + return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { *hash = chunk_alloc(this->size); - get_hash(this, chunk, hash->ptr); - } - else - { - get_hash(this, chunk, NULL); + return get_hash(this, chunk, hash->ptr); } + return get_hash(this, chunk, NULL); } METHOD(hasher_t, destroy, void, diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 5b321b26e..83c383671 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -61,8 +61,6 @@ typedef struct { char *path; /* loaded library */ pkcs11_library_t *lib; - /* event dispatcher job */ - callback_job_t *job; } lib_entry_t; /** @@ -70,10 +68,6 @@ typedef struct { */ static void lib_entry_destroy(lib_entry_t *entry) { - if (entry->job) - { - entry->job->cancel(entry->job); - } entry->lib->destroy(entry->lib); free(entry); } @@ -202,14 +196,6 @@ static job_requeue_t dispatch_slot_events(lib_entry_t *entry) } /** - * End dispatching, unset job - */ -static void end_dispatch(lib_entry_t *entry) -{ - entry->job = NULL; -} - -/** * Get the slot list of a library */ static CK_SLOT_ID_PTR get_slot_list(pkcs11_library_t *p11, CK_ULONG *out) @@ -384,9 +370,9 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, while (enumerator->enumerate(enumerator, &entry)) { query_slots(entry); - entry->job = callback_job_create_with_prio((void*)dispatch_slot_events, - entry, (void*)end_dispatch, NULL, JOB_PRIO_CRITICAL); - lib->processor->queue_job(lib->processor, (job_t*)entry->job); + lib->processor->queue_job(lib->processor, + (job_t*)callback_job_create_with_prio((void*)dispatch_slot_events, + entry, NULL, (void*)return_false, JOB_PRIO_CRITICAL)); } enumerator->destroy(enumerator); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index b616abc38..f7f7d3f79 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -266,13 +266,15 @@ METHOD(private_key_t, sign, bool, } if (hash_alg != HASH_UNKNOWN) { - hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); - if (!hasher) + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); this->lib->f->C_CloseSession(session); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); data = hash; } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index d4ec9235d..f0d7093db 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -235,13 +235,15 @@ METHOD(public_key_t, verify, bool, } if (hash_alg != HASH_UNKNOWN) { - hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); - if (!hasher) + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); this->lib->f->C_CloseSession(session); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); data = hash; } @@ -374,12 +376,12 @@ static bool fingerprint_ecdsa(private_pkcs11_public_key_t *this, return FALSE; } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, asn1, fp)) { + DESTROY_IF(hasher); chunk_clear(&asn1); return FALSE; } - hasher->allocate_hash(hasher, asn1, fp); hasher->destroy(hasher); chunk_clear(&asn1); lib->encoding->cache(lib->encoding, type, this, *fp); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c index 45cf0b7c2..20e4b6f76 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c @@ -43,7 +43,7 @@ struct private_pkcs11_rng_t { }; -METHOD(rng_t, get_bytes, void, +METHOD(rng_t, get_bytes, bool, private_pkcs11_rng_t *this, size_t bytes, u_int8_t *buffer) { CK_RV rv; @@ -51,15 +51,21 @@ METHOD(rng_t, get_bytes, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_GenerateRandom() failed: %N", ck_rv_names, rv); - abort(); + return FALSE; } + return TRUE; } -METHOD(rng_t, allocate_bytes, void, +METHOD(rng_t, allocate_bytes, bool, private_pkcs11_rng_t *this, size_t bytes, chunk_t *chunk) { *chunk = chunk_alloc(bytes); - get_bytes(this, chunk->len, chunk->ptr); + if (!get_bytes(this, chunk->len, chunk->ptr)) + { + chunk_clear(chunk); + return FALSE; + } + return TRUE; } METHOD(rng_t, destroy, void, |