| Line | Source | Count |
|---|
| 1 | | - |
| 2 | | - |
| 3 | | - |
| 4 | | - |
| 5 | | - |
| 6 | | - |
| 7 | | - |
| 8 | | - |
| 9 | | - |
| 10 | | - |
| 11 | | - |
| 12 | | - |
| 13 | | - |
| 14 | | - |
| 15 | | - |
| 16 | struct pkcs11_slotinfo { | - |
| 17 | CK_TOKEN_INFO token; | - |
| 18 | CK_SESSION_HANDLE session; | - |
| 19 | int logged_in; | - |
| 20 | }; | - |
| 21 | | - |
| 22 | struct pkcs11_provider { | - |
| 23 | char *name; | - |
| 24 | void *handle; | - |
| 25 | CK_FUNCTION_LIST *function_list; | - |
| 26 | CK_INFO info; | - |
| 27 | CK_ULONG nslots; | - |
| 28 | CK_SLOT_ID *slotlist; | - |
| 29 | struct pkcs11_slotinfo *slotinfo; | - |
| 30 | int valid; | - |
| 31 | int refcount; | - |
| 32 | struct { struct pkcs11_provider *tqe_next; struct pkcs11_provider **tqe_prev; } next; | - |
| 33 | }; | - |
| 34 | | - |
| 35 | struct { struct pkcs11_provider *tqh_first; struct pkcs11_provider **tqh_last; } pkcs11_providers; | - |
| 36 | | - |
| 37 | struct pkcs11_key { | - |
| 38 | struct pkcs11_provider *provider; | - |
| 39 | CK_ULONG slotidx; | - |
| 40 | int (*orig_finish)(RSA *rsa); | - |
| 41 | RSA_METHOD *rsa_method; | - |
| 42 | char *keyid; | - |
| 43 | int keyid_len; | - |
| 44 | }; | - |
| 45 | | - |
| 46 | int pkcs11_interactive = 0; | - |
| 47 | | - |
| 48 | int | - |
| 49 | pkcs11_init(int interactive) | - |
| 50 | { | - |
| 51 | pkcs11_interactive = interactive; | - |
| 52 | do { (&pkcs11_providers)->tqh_first = | - |
| 53 | ((void *)0) | - |
| 54 | ; (&pkcs11_providers)->tqh_last = &(&pkcs11_providers)->tqh_first; } while (0); | - |
| 55 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 56 | } | - |
| 57 | | - |
| 58 | | - |
| 59 | | - |
| 60 | | - |
| 61 | | - |
| 62 | | - |
| 63 | | - |
| 64 | static void | - |
| 65 | pkcs11_provider_finalize(struct pkcs11_provider *p) | - |
| 66 | { | - |
| 67 | CK_RV rv; | - |
| 68 | CK_ULONG i; | - |
| 69 | | - |
| 70 | debug("pkcs11_provider_finalize: %p refcount %d valid %d", | - |
| 71 | p, p->refcount, p->valid); | - |
| 72 | if (!p->valid| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 73 | return; never executed: return; | 0 |
| 74 | for (i = 0; i < p->nslots| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 75 | if (p->slotinfo[i].session| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 76 | (| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 77 | p->slotinfo[i].session)) != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 78 | error("C_CloseSession failed: %lu", rv); never executed: error("C_CloseSession failed: %lu", rv); | 0 |
| 79 | } never executed: end of block | 0 |
| 80 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 81 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 82 | )) != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 83 | error("C_Finalize failed: %lu", rv); never executed: error("C_Finalize failed: %lu", rv); | 0 |
| 84 | p->valid = 0; | - |
| 85 | p->function_list = | - |
| 86 | ((void *)0) | - |
| 87 | ; | - |
| 88 | dlclose(p->handle); | - |
| 89 | } never executed: end of block | 0 |
| 90 | | - |
| 91 | | - |
| 92 | | - |
| 93 | | - |
| 94 | | - |
| 95 | static void | - |
| 96 | pkcs11_provider_unref(struct pkcs11_provider *p) | - |
| 97 | { | - |
| 98 | debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount); | - |
| 99 | if (--| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 100 | if (p->valid| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 101 | error("pkcs11_provider_unref: %p still valid", p); never executed: error("pkcs11_provider_unref: %p still valid", p); | 0 |
| 102 | free(p->slotlist); | - |
| 103 | free(p->slotinfo); | - |
| 104 | free(p); | - |
| 105 | } never executed: end of block | 0 |
| 106 | } never executed: end of block | 0 |
| 107 | | - |
| 108 | | - |
| 109 | void | - |
| 110 | pkcs11_terminate(void) | - |
| 111 | { | - |
| 112 | struct pkcs11_provider *p; | - |
| 113 | | - |
| 114 | while ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 115 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 116 | ) { | - |
| 117 | do { if (((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 118 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 119 | ) ( never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev; p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev; else (never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev; &pkcs11_providers)->tqh_last = (p)->next.tqe_prev;never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev; *(p)->next.tqe_prev = (p)->next.tqe_next; ; ; } while (0); | 0 |
| 120 | pkcs11_provider_finalize(p); | - |
| 121 | pkcs11_provider_unref(p); | - |
| 122 | } never executed: end of block | 0 |
| 123 | } never executed: end of block | 0 |
| 124 | | - |
| 125 | | - |
| 126 | static struct pkcs11_provider * | - |
| 127 | pkcs11_provider_lookup(char *provider_id) | - |
| 128 | { | - |
| 129 | struct pkcs11_provider *p; | - |
| 130 | | - |
| 131 | for((p) = ((&pkcs11_providers)->tqh_first); (| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 132 | ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 133 | ; (p) = ((p)->next.tqe_next)) { | - |
| 134 | debug("check %p %s", p, p->name); | - |
| 135 | if (!| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 136 | __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 137 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 138 | ) && __builtin_constant_p (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 139 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 140 | ) && (__s1_len = __builtin_strlen (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 141 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 142 | ), __s2_len = __builtin_strlen (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 143 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 144 | ), (!((size_t)(const void *)((| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 145 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 146 | ) + 1) - (size_t)(const void *)(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 147 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 148 | ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 149 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 150 | ) + 1) - (size_t)(const void *)(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 151 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 152 | ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 153 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 154 | , | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 155 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 156 | ) : (__builtin_constant_p (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 157 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 158 | ) && ((size_t)(const void *)((| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 159 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 160 | ) + 1) - (size_t)(const void *)(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 161 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 162 | ) == 1) && (__s1_len = __builtin_strlen (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 163 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 164 | ), __s1_len < 4) ? (__builtin_constant_p (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 165 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 166 | ) && ((size_t)(const void *)((| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 167 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 168 | ) + 1) - (size_t)(const void *)(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 169 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 170 | ) == 1) ? __builtin_strcmp (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 171 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 172 | , | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 173 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 174 | ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 175 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 176 | ); int __result = (((const unsigned char *) (const char *) (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 177 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 178 | ))[0] - __s2[0]); if (__s1_len > 0| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 179 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 180 | ))[1] - __s2[1]); if (__s1_len > 1| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 181 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 182 | ))[2] - __s2[2]); if (__s1_len > 2| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( provider_id ))[3] - __s2[3]); | 0 |
| 183 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( provider_id ))[3] - __s2[3]); | 0 |
| 184 | ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 185 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 186 | ) && ((size_t)(const void *)((| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 187 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 188 | ) + 1) - (size_t)(const void *)(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 189 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 190 | ) == 1) && (__s2_len = __builtin_strlen (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 191 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 192 | ), __s2_len < 4) ? (__builtin_constant_p (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 193 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 194 | ) && ((size_t)(const void *)((| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 195 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 196 | ) + 1) - (size_t)(const void *)(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 197 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 198 | ) == 1) ? __builtin_strcmp (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 199 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 200 | , | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 201 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 202 | ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 203 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 204 | ); int __result = (((const unsigned char *) (const char *) (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 205 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 206 | ))[0] - __s2[0]); if (__s2_len > 0| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 207 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 208 | ))[1] - __s2[1]); if (__s2_len > 1| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 209 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 210 | ))[2] - __s2[2]); if (__s2_len > 2| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( p->name ))[3] - __s2[3]); | 0 |
| 211 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
never executed: __result = (((const unsigned char *) (const char *) ( p->name ))[3] - __s2[3]); | 0 |
| 212 | ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 213 | provider_id| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 214 | , | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 215 | p->name| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 216 | )))); })| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 217 | ) | - |
| 218 | return never executed: return (p); (p);never executed: return (p); | 0 |
| 219 | } never executed: end of block | 0 |
| 220 | return never executed: return ( ((void *)0) ); (never executed: return ( ((void *)0) ); | 0 |
| 221 | ((void *)0) never executed: return ( ((void *)0) ); | 0 |
| 222 | ); never executed: return ( ((void *)0) ); | 0 |
| 223 | } | - |
| 224 | | - |
| 225 | | - |
| 226 | int | - |
| 227 | pkcs11_del_provider(char *provider_id) | - |
| 228 | { | - |
| 229 | struct pkcs11_provider *p; | - |
| 230 | | - |
| 231 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 232 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 233 | ) { | - |
| 234 | do { if (((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 235 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 236 | ) ( never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev; p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev; else (never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev; &pkcs11_providers)->tqh_last = (p)->next.tqe_prev;never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev; *(p)->next.tqe_prev = (p)->next.tqe_next; ; ; } while (0); | 0 |
| 237 | pkcs11_provider_finalize(p); | - |
| 238 | pkcs11_provider_unref(p); | - |
| 239 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 240 | } | - |
| 241 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 242 | } | - |
| 243 | | - |
| 244 | | - |
| 245 | static int | - |
| 246 | pkcs11_rsa_finish(RSA *rsa) | - |
| 247 | { | - |
| 248 | struct pkcs11_key *k11; | - |
| 249 | int rv = -1; | - |
| 250 | | - |
| 251 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 252 | RSA_get_ex_data(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 253 | rsa| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 254 | ,0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 255 | ) != | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 256 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 257 | ) { | - |
| 258 | if (k11->orig_finish| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 259 | rv = k11->orig_finish(rsa); never executed: rv = k11->orig_finish(rsa); | 0 |
| 260 | if (k11->provider| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 261 | pkcs11_provider_unref(k11->provider); never executed: pkcs11_provider_unref(k11->provider); | 0 |
| 262 | RSA_meth_free(k11->rsa_method); | - |
| 263 | free(k11->keyid); | - |
| 264 | free(k11); | - |
| 265 | } never executed: end of block | 0 |
| 266 | return never executed: return (rv); (rv);never executed: return (rv); | 0 |
| 267 | } | - |
| 268 | | - |
| 269 | | - |
| 270 | static int | - |
| 271 | pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, | - |
| 272 | CK_ULONG nattr, CK_OBJECT_HANDLE *obj) | - |
| 273 | { | - |
| 274 | CK_FUNCTION_LIST *f; | - |
| 275 | CK_SESSION_HANDLE session; | - |
| 276 | CK_ULONG nfound = 0; | - |
| 277 | CK_RV rv; | - |
| 278 | int ret = -1; | - |
| 279 | | - |
| 280 | f = p->function_list; | - |
| 281 | session = p->slotinfo[slotidx].session; | - |
| 282 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 283 | error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv); | - |
| 284 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 285 | } | - |
| 286 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 287 | nfound != 1| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 288 | debug("C_FindObjects failed (nfound %lu nattr %lu): %lu", | - |
| 289 | nfound, nattr, rv); | - |
| 290 | } never executed: end of block else | 0 |
| 291 | ret = 0; never executed: ret = 0; | 0 |
| 292 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 293 | error("C_FindObjectsFinal failed: %lu", rv); never executed: error("C_FindObjectsFinal failed: %lu", rv); | 0 |
| 294 | return never executed: return (ret); (ret);never executed: return (ret); | 0 |
| 295 | } | - |
| 296 | | - |
| 297 | | - |
| 298 | static int | - |
| 299 | pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | - |
| 300 | int padding) | - |
| 301 | { | - |
| 302 | struct pkcs11_key *k11; | - |
| 303 | struct pkcs11_slotinfo *si; | - |
| 304 | CK_FUNCTION_LIST *f; | - |
| 305 | CK_OBJECT_HANDLE obj; | - |
| 306 | CK_ULONG tlen = 0; | - |
| 307 | CK_RV rv; | - |
| 308 | CK_OBJECT_CLASS private_key_class = (3); | - |
| 309 | CK_BBOOL true_val = 1; | - |
| 310 | CK_MECHANISM mech = { | - |
| 311 | (1), | - |
| 312 | ((void *)0) | - |
| 313 | , 0 | - |
| 314 | }; | - |
| 315 | CK_ATTRIBUTE key_filter[] = { | - |
| 316 | {(0), | - |
| 317 | ((void *)0) | - |
| 318 | , sizeof(private_key_class) }, | - |
| 319 | {(0x102), | - |
| 320 | ((void *)0) | - |
| 321 | , 0}, | - |
| 322 | {(0x108), | - |
| 323 | ((void *)0) | - |
| 324 | , sizeof(true_val) } | - |
| 325 | }; | - |
| 326 | char *pin = | - |
| 327 | ((void *)0) | - |
| 328 | , prompt[1024]; | - |
| 329 | int rval = -1; | - |
| 330 | | - |
| 331 | key_filter[0].pValue = &private_key_class; | - |
| 332 | key_filter[2].pValue = &true_val; | - |
| 333 | | - |
| 334 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 335 | RSA_get_ex_data(| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 336 | rsa| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 337 | ,0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 338 | ) == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 339 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 340 | ) { | - |
| 341 | error("RSA_get_app_data failed for rsa %p", rsa); | - |
| 342 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 343 | } | - |
| 344 | if (!k11->provider| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 345 | error("no pkcs11 (valid) provider for rsa %p", rsa); | - |
| 346 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 347 | } | - |
| 348 | f = k11->provider->function_list; | - |
| 349 | si = &k11->provider->slotinfo[k11->slotidx]; | - |
| 350 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 351 | if (!pkcs11_interactive| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 352 | error("need pin entry%s", (si->token.flags & | - |
| 353 | (1 << 8)) ? | - |
| 354 | " on reader keypad" : ""); | - |
| 355 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 356 | } | - |
| 357 | if (si->token.flags & (1 << 8)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 358 | verbose("Deferring PIN entry to reader keypad."); never executed: verbose("Deferring PIN entry to reader keypad."); | 0 |
| 359 | else { | - |
| 360 | snprintf(prompt, sizeof(prompt), | - |
| 361 | "Enter PIN for '%s': ", si->token.label); | - |
| 362 | pin = read_passphrase(prompt, 0x0004); | - |
| 363 | if (pin == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 364 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 365 | ) | - |
| 366 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 367 | } never executed: end of block | 0 |
| 368 | rv = f->C_Login(si->session, (1), (u_char *)pin, | - |
| 369 | (pin != | - |
| 370 | ((void *)0) | - |
| 371 | ) ? strlen(pin) : 0); | - |
| 372 | if (pin != | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 373 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 374 | ) { | - |
| 375 | explicit_bzero(pin, strlen(pin)); | - |
| 376 | free(pin); | - |
| 377 | } never executed: end of block | 0 |
| 378 | if (rv != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 379 | error("C_Login failed: %lu", rv); | - |
| 380 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 381 | } | - |
| 382 | si->logged_in = 1; | - |
| 383 | } never executed: end of block | 0 |
| 384 | key_filter[1].pValue = k11->keyid; | - |
| 385 | key_filter[1].ulValueLen = k11->keyid_len; | - |
| 386 | | - |
| 387 | if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 388 | pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 389 | error("cannot find private key"); | - |
| 390 | } never executed: end of block else if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 391 | error("C_SignInit failed: %lu", rv); | - |
| 392 | } never executed: end of block else { | 0 |
| 393 | | - |
| 394 | tlen = RSA_size(rsa); | - |
| 395 | rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); | - |
| 396 | if (rv == (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 397 | rval = tlen; never executed: rval = tlen; | 0 |
| 398 | else | - |
| 399 | error("C_Sign failed: %lu", rv); never executed: error("C_Sign failed: %lu", rv); | 0 |
| 400 | } | - |
| 401 | return never executed: return (rval); (rval);never executed: return (rval); | 0 |
| 402 | } | - |
| 403 | | - |
| 404 | static int | - |
| 405 | pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | - |
| 406 | int padding) | - |
| 407 | { | - |
| 408 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 409 | } | - |
| 410 | | - |
| 411 | | - |
| 412 | static int | - |
| 413 | pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, | - |
| 414 | CK_ATTRIBUTE *keyid_attrib, RSA *rsa) | - |
| 415 | { | - |
| 416 | struct pkcs11_key *k11; | - |
| 417 | const RSA_METHOD *def = RSA_get_default_method(); | - |
| 418 | | - |
| 419 | k11 = xcalloc(1, sizeof(*k11)); | - |
| 420 | k11->provider = provider; | - |
| 421 | provider->refcount++; | - |
| 422 | k11->slotidx = slotidx; | - |
| 423 | | - |
| 424 | k11->keyid_len = keyid_attrib->ulValueLen; | - |
| 425 | if (k11->keyid_len > 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 426 | k11->keyid = xmalloc(k11->keyid_len); | - |
| 427 | memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); | - |
| 428 | } never executed: end of block | 0 |
| 429 | k11->rsa_method = RSA_meth_dup(def); | - |
| 430 | if (k11->rsa_method == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 431 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 432 | ) | - |
| 433 | fatal("%s: RSA_meth_dup failed", __func__); never executed: fatal("%s: RSA_meth_dup failed", __func__); | 0 |
| 434 | k11->orig_finish = RSA_meth_get_finish(def); | - |
| 435 | if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11")| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 436 | !RSA_meth_set_priv_enc(k11->rsa_method,| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 437 | pkcs11_rsa_private_encrypt)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 438 | !RSA_meth_set_priv_dec(k11->rsa_method,| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 439 | pkcs11_rsa_private_decrypt)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 440 | !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 441 | fatal("%s: setup pkcs11 method failed", __func__); never executed: fatal("%s: setup pkcs11 method failed", __func__); | 0 |
| 442 | RSA_set_method(rsa, k11->rsa_method); | - |
| 443 | | - |
| 444 | RSA_set_ex_data( | - |
| 445 | rsa | - |
| 446 | ,0, | - |
| 447 | k11 | - |
| 448 | ) | - |
| 449 | ; | - |
| 450 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 451 | } | - |
| 452 | | - |
| 453 | | - |
| 454 | static void | - |
| 455 | rmspace(u_char *buf, size_t len) | - |
| 456 | { | - |
| 457 | size_t i; | - |
| 458 | | - |
| 459 | if (!len| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 460 | return; never executed: return; | 0 |
| 461 | for (i = len - 1; i > 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 462 | if (i == len - 1| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 463 | buf[i] = '\0'; never executed: buf[i] = '\0'; | 0 |
| 464 | else | - |
| 465 | break; never executed: break; | 0 |
| 466 | } never executed: end of block | 0 |
| 467 | | - |
| 468 | | - |
| 469 | | - |
| 470 | | - |
| 471 | | - |
| 472 | static int | - |
| 473 | pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) | - |
| 474 | { | - |
| 475 | CK_RV rv; | - |
| 476 | CK_FUNCTION_LIST *f; | - |
| 477 | CK_SESSION_HANDLE session; | - |
| 478 | int login_required; | - |
| 479 | | - |
| 480 | f = p->function_list; | - |
| 481 | login_required = p->slotinfo[slotidx].token.flags & (1 << 2); | - |
| 482 | if (pin| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 483 | error("pin required"); | - |
| 484 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 485 | } | - |
| 486 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 487 | (1 << 2), | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 488 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 489 | , | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 490 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 491 | , &session))| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 492 | != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 493 | error("C_OpenSession failed: %lu", rv); | - |
| 494 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 495 | } | - |
| 496 | if (login_required| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 497 | rv = f->C_Login(session, (1), | - |
| 498 | (u_char *)pin, strlen(pin)); | - |
| 499 | if (rv != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 500 | error("C_Login failed: %lu", rv); | - |
| 501 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 502 | error("C_CloseSession failed: %lu", rv); never executed: error("C_CloseSession failed: %lu", rv); | 0 |
| 503 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 504 | } | - |
| 505 | p->slotinfo[slotidx].logged_in = 1; | - |
| 506 | } never executed: end of block | 0 |
| 507 | p->slotinfo[slotidx].session = session; | - |
| 508 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 509 | } | - |
| 510 | | - |
| 511 | | - |
| 512 | | - |
| 513 | | - |
| 514 | | - |
| 515 | | - |
| 516 | static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, | - |
| 517 | CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *) | - |
| 518 | __attribute__(()); | - |
| 519 | | - |
| 520 | static int | - |
| 521 | pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, | - |
| 522 | struct sshkey ***keysp, int *nkeys) | - |
| 523 | { | - |
| 524 | CK_OBJECT_CLASS pubkey_class = (2); | - |
| 525 | CK_OBJECT_CLASS cert_class = (1); | - |
| 526 | CK_ATTRIBUTE pubkey_filter[] = { | - |
| 527 | { (0), | - |
| 528 | ((void *)0) | - |
| 529 | , sizeof(pubkey_class) } | - |
| 530 | }; | - |
| 531 | CK_ATTRIBUTE cert_filter[] = { | - |
| 532 | { (0), | - |
| 533 | ((void *)0) | - |
| 534 | , sizeof(cert_class) } | - |
| 535 | }; | - |
| 536 | CK_ATTRIBUTE pubkey_attribs[] = { | - |
| 537 | { (0x102), | - |
| 538 | ((void *)0) | - |
| 539 | , 0 }, | - |
| 540 | { (0x120), | - |
| 541 | ((void *)0) | - |
| 542 | , 0 }, | - |
| 543 | { (0x122), | - |
| 544 | ((void *)0) | - |
| 545 | , 0 } | - |
| 546 | }; | - |
| 547 | CK_ATTRIBUTE cert_attribs[] = { | - |
| 548 | { (0x102), | - |
| 549 | ((void *)0) | - |
| 550 | , 0 }, | - |
| 551 | { (0x101), | - |
| 552 | ((void *)0) | - |
| 553 | , 0 }, | - |
| 554 | { (0x11), | - |
| 555 | ((void *)0) | - |
| 556 | , 0 } | - |
| 557 | }; | - |
| 558 | pubkey_filter[0].pValue = &pubkey_class; | - |
| 559 | cert_filter[0].pValue = &cert_class; | - |
| 560 | | - |
| 561 | if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs,| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 562 | keysp, nkeys) < 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 563 | pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs,| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 564 | keysp, nkeys) < 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 565 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 566 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 567 | } | - |
| 568 | | - |
| 569 | static int | - |
| 570 | pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) | - |
| 571 | { | - |
| 572 | int i; | - |
| 573 | | - |
| 574 | for (i = 0; i < *nkeys| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 575 | if (sshkey_equal(key, (*keysp)[i])| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 576 | return never executed: return (1); (1);never executed: return (1); | 0 |
| 577 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 578 | } | - |
| 579 | | - |
| 580 | static int | - |
| 581 | have_rsa_key(const RSA *rsa) | - |
| 582 | { | - |
| 583 | const BIGNUM *rsa_n, *rsa_e; | - |
| 584 | | - |
| 585 | RSA_get0_key(rsa, &rsa_n, &rsa_e, | - |
| 586 | ((void *)0) | - |
| 587 | ); | - |
| 588 | return never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ; rsa_n != | TRUE | never evaluated | | FALSE | never evaluated |
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ; | 0 |
| 589 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ; | 0 |
| 590 | && rsa_e != | TRUE | never evaluated | | FALSE | never evaluated |
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ; | 0 |
| 591 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ; | 0 |
| 592 | ; never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ; | 0 |
| 593 | } | - |
| 594 | | - |
| 595 | static int | - |
| 596 | pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, | - |
| 597 | CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], | - |
| 598 | struct sshkey ***keysp, int *nkeys) | - |
| 599 | { | - |
| 600 | struct sshkey *key; | - |
| 601 | RSA *rsa; | - |
| 602 | X509 *x509; | - |
| 603 | EVP_PKEY *evp; | - |
| 604 | int i; | - |
| 605 | const u_char *cp; | - |
| 606 | CK_RV rv; | - |
| 607 | CK_OBJECT_HANDLE obj; | - |
| 608 | CK_ULONG nfound; | - |
| 609 | CK_SESSION_HANDLE session; | - |
| 610 | CK_FUNCTION_LIST *f; | - |
| 611 | | - |
| 612 | f = p->function_list; | - |
| 613 | session = p->slotinfo[slotidx].session; | - |
| 614 | | - |
| 615 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 616 | error("C_FindObjectsInit failed: %lu", rv); | - |
| 617 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 618 | } | - |
| 619 | while (1) { | - |
| 620 | | - |
| 621 | for (i = 0; i < 3| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 622 | attribs[i].pValue = | - |
| 623 | ((void *)0) | - |
| 624 | ; | - |
| 625 | attribs[i].ulValueLen = 0; | - |
| 626 | } never executed: end of block | 0 |
| 627 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 628 | || nfound == 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 629 | break; never executed: break; | 0 |
| 630 | | - |
| 631 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 632 | != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 633 | error("C_GetAttributeValue failed: %lu", rv); | - |
| 634 | continue; never executed: continue; | 0 |
| 635 | } | - |
| 636 | | - |
| 637 | | - |
| 638 | | - |
| 639 | | - |
| 640 | | - |
| 641 | if (attribs[1].ulValueLen == 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 642 | attribs[2].ulValueLen == 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 643 | continue; never executed: continue; | 0 |
| 644 | } | - |
| 645 | | - |
| 646 | for (i = 0; i < 3| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 647 | if (attribs[i].ulValueLen > 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 648 | attribs[i].pValue = xmalloc( | - |
| 649 | attribs[i].ulValueLen); | - |
| 650 | } never executed: end of block | 0 |
| 651 | } never executed: end of block | 0 |
| 652 | | - |
| 653 | | - |
| 654 | | - |
| 655 | | - |
| 656 | | - |
| 657 | rsa = | - |
| 658 | ((void *)0) | - |
| 659 | ; | - |
| 660 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 661 | != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 662 | error("C_GetAttributeValue failed: %lu", rv); | - |
| 663 | } never executed: end of block else if (attribs[1].type == (0x120)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 664 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 665 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 666 | ) { | - |
| 667 | error("RSA_new failed"); | - |
| 668 | } never executed: end of block else { | 0 |
| 669 | BIGNUM *rsa_n, *rsa_e; | - |
| 670 | | - |
| 671 | rsa_n = BN_bin2bn(attribs[1].pValue, | - |
| 672 | attribs[1].ulValueLen, | - |
| 673 | ((void *)0) | - |
| 674 | ); | - |
| 675 | rsa_e = BN_bin2bn(attribs[2].pValue, | - |
| 676 | attribs[2].ulValueLen, | - |
| 677 | ((void *)0) | - |
| 678 | ); | - |
| 679 | if (rsa_n != | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 680 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 681 | && rsa_e != | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 682 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 683 | ) { | - |
| 684 | if (!RSA_set0_key(rsa,| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 685 | rsa_n, rsa_e, | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 686 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 687 | )| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 688 | fatal("%s: set key", __func__); never executed: fatal("%s: set key", __func__); | 0 |
| 689 | rsa_n = rsa_e = | - |
| 690 | ((void *)0) | - |
| 691 | ; | - |
| 692 | } never executed: end of block | 0 |
| 693 | BN_free(rsa_n); | - |
| 694 | BN_free(rsa_e); | - |
| 695 | } never executed: end of block | 0 |
| 696 | } else { | - |
| 697 | cp = attribs[2].pValue; | - |
| 698 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 699 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 700 | ) { | - |
| 701 | error("X509_new failed"); | - |
| 702 | } never executed: end of block else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 703 | == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 704 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 705 | ) { | - |
| 706 | error("d2i_X509 failed"); | - |
| 707 | } never executed: end of block else if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 708 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 709 | || | - |
| 710 | EVP_PKEY_base_id(evp) != | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 711 | 6| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 712 | || | - |
| 713 | EVP_PKEY_get0_RSA(evp) == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 714 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 715 | ) { | - |
| 716 | debug("X509_get_pubkey failed or no rsa"); | - |
| 717 | } never executed: end of block else if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 718 | EVP_PKEY_get0_RSA(evp))) == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 719 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 720 | ) { | - |
| 721 | error("RSAPublicKey_dup"); | - |
| 722 | } never executed: end of block | 0 |
| 723 | X509_free(x509); | - |
| 724 | } never executed: end of block | 0 |
| 725 | if (rsa| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 726 | pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 727 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 728 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 729 | ) | - |
| 730 | fatal("sshkey_new failed"); never executed: fatal("sshkey_new failed"); | 0 |
| 731 | key->rsa = rsa; | - |
| 732 | key->type = KEY_RSA; | - |
| 733 | key->flags |= 0x0001; | - |
| 734 | if (pkcs11_key_included(keysp, nkeys, key)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 735 | sshkey_free(key); | - |
| 736 | } never executed: end of block else { | 0 |
| 737 | | - |
| 738 | *keysp = xrecallocarray(*keysp, *nkeys, | - |
| 739 | *nkeys + 1, sizeof(struct sshkey *)); | - |
| 740 | (*keysp)[*nkeys] = key; | - |
| 741 | *nkeys = *nkeys + 1; | - |
| 742 | debug("have %d keys", *nkeys); | - |
| 743 | } never executed: end of block | 0 |
| 744 | } else if (rsa| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 745 | RSA_free(rsa); | - |
| 746 | } never executed: end of block | 0 |
| 747 | for (i = 0; i < 3| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 748 | free(attribs[i].pValue); never executed: free(attribs[i].pValue); | 0 |
| 749 | } never executed: end of block | 0 |
| 750 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 751 | error("C_FindObjectsFinal failed: %lu", rv); never executed: error("C_FindObjectsFinal failed: %lu", rv); | 0 |
| 752 | return never executed: return (0); (0);never executed: return (0); | 0 |
| 753 | } | - |
| 754 | | - |
| 755 | | - |
| 756 | int | - |
| 757 | pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) | - |
| 758 | { | - |
| 759 | int nkeys, need_finalize = 0; | - |
| 760 | struct pkcs11_provider *p = | - |
| 761 | ((void *)0) | - |
| 762 | ; | - |
| 763 | void *handle = | - |
| 764 | ((void *)0) | - |
| 765 | ; | - |
| 766 | CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **); | - |
| 767 | CK_RV rv; | - |
| 768 | CK_FUNCTION_LIST *f = | - |
| 769 | ((void *)0) | - |
| 770 | ; | - |
| 771 | CK_TOKEN_INFO *token; | - |
| 772 | CK_ULONG i; | - |
| 773 | | - |
| 774 | *keyp = | - |
| 775 | ((void *)0) | - |
| 776 | ; | - |
| 777 | if (pkcs11_provider_lookup(provider_id) != | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 778 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 779 | ) { | - |
| 780 | debug("%s: provider already registered: %s", | - |
| 781 | __func__, provider_id); | - |
| 782 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 783 | } | - |
| 784 | | - |
| 785 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 786 | 0x00002| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 787 | )) == | TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 788 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 789 | ) { | - |
| 790 | error("dlopen %s failed: %s", provider_id, dlerror()); | - |
| 791 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 792 | } | - |
| 793 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 794 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 795 | ) { | - |
| 796 | error("dlsym(C_GetFunctionList) failed: %s", dlerror()); | - |
| 797 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 798 | } | - |
| 799 | p = xcalloc(1, sizeof(*p)); | - |
| 800 | p->name = xstrdup(provider_id); | - |
| 801 | p->handle = handle; | - |
| 802 | | - |
| 803 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 804 | error("C_GetFunctionList for provider %s failed: %lu", | - |
| 805 | provider_id, rv); | - |
| 806 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 807 | } | - |
| 808 | p->function_list = f; | - |
| 809 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 810 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 811 | )) != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 812 | error("C_Initialize for provider %s failed: %lu", | - |
| 813 | provider_id, rv); | - |
| 814 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 815 | } | - |
| 816 | need_finalize = 1; | - |
| 817 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 818 | error("C_GetInfo for provider %s failed: %lu", | - |
| 819 | provider_id, rv); | - |
| 820 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 821 | } | - |
| 822 | rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID)); | - |
| 823 | rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription)); | - |
| 824 | debug("provider %s: manufacturerID <%s> cryptokiVersion %d.%d" | - |
| 825 | " libraryDescription <%s> libraryVersion %d.%d", | - |
| 826 | provider_id, | - |
| 827 | p->info.manufacturerID, | - |
| 828 | p->info.cryptokiVersion.major, | - |
| 829 | p->info.cryptokiVersion.minor, | - |
| 830 | p->info.libraryDescription, | - |
| 831 | p->info.libraryVersion.major, | - |
| 832 | p->info.libraryVersion.minor); | - |
| 833 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 834 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 835 | , &p->nslots)) != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 836 | error("C_GetSlotList failed: %lu", rv); | - |
| 837 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 838 | } | - |
| 839 | if (p->nslots == 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 840 | debug("%s: provider %s returned no slots", __func__, | - |
| 841 | provider_id); | - |
| 842 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 843 | } | - |
| 844 | p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID)); | - |
| 845 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 846 | != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 847 | error("C_GetSlotList for provider %s failed: %lu", | - |
| 848 | provider_id, rv); | - |
| 849 | goto never executed: goto fail; fail;never executed: goto fail; | 0 |
| 850 | } | - |
| 851 | p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo)); | - |
| 852 | p->valid = 1; | - |
| 853 | nkeys = 0; | - |
| 854 | for (i = 0; i < p->nslots| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 855 | token = &p->slotinfo[i].token; | - |
| 856 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 857 | != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 858 | error("C_GetTokenInfo for provider %s slot %lu " | - |
| 859 | "failed: %lu", provider_id, (unsigned long)i, rv); | - |
| 860 | continue; never executed: continue; | 0 |
| 861 | } | - |
| 862 | if ((| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 863 | debug2("%s: ignoring uninitialised token in " | - |
| 864 | "provider %s slot %lu", __func__, | - |
| 865 | provider_id, (unsigned long)i); | - |
| 866 | continue; never executed: continue; | 0 |
| 867 | } | - |
| 868 | rmspace(token->label, sizeof(token->label)); | - |
| 869 | rmspace(token->manufacturerID, sizeof(token->manufacturerID)); | - |
| 870 | rmspace(token->model, sizeof(token->model)); | - |
| 871 | rmspace(token->serialNumber, sizeof(token->serialNumber)); | - |
| 872 | debug("provider %s slot %lu: label <%s> manufacturerID <%s> " | - |
| 873 | "model <%s> serial <%s> flags 0x%lx", | - |
| 874 | provider_id, (unsigned long)i, | - |
| 875 | token->label, token->manufacturerID, token->model, | - |
| 876 | token->serialNumber, token->flags); | - |
| 877 | | - |
| 878 | if (pkcs11_open_session(p, i, pin) == 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 879 | pkcs11_fetch_keys(p, i, keyp, &nkeys); never executed: pkcs11_fetch_keys(p, i, keyp, &nkeys); | 0 |
| 880 | } never executed: end of block | 0 |
| 881 | if (nkeys > 0| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 882 | do { (p)->next.tqe_next = | - |
| 883 | ((void *)0) | - |
| 884 | ; (p)->next.tqe_prev = (&pkcs11_providers)->tqh_last; *(&pkcs11_providers)->tqh_last = (p); (&pkcs11_providers)->tqh_last = &(p)->next.tqe_next; } while (0); | - |
| 885 | p->refcount++; | - |
| 886 | return never executed: return (nkeys); (nkeys);never executed: return (nkeys); | 0 |
| 887 | } | - |
| 888 | debug("%s: provider %s returned no keys", __func__, provider_id); | - |
| 889 | | - |
| 890 | fail: code before this statement never executed: fail: | 0 |
| 891 | if (need_finalize| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 892 | ((void *)0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 893 | )) != (0)| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 894 | error("C_Finalize for provider %s failed: %lu", never executed: error("C_Finalize for provider %s failed: %lu", provider_id, rv); | 0 |
| 895 | provider_id, rv); never executed: error("C_Finalize for provider %s failed: %lu", provider_id, rv); | 0 |
| 896 | if (p| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 897 | free(p->slotlist); | - |
| 898 | free(p->slotinfo); | - |
| 899 | free(p); | - |
| 900 | } never executed: end of block | 0 |
| 901 | if (handle| TRUE | never evaluated | | FALSE | never evaluated |
| 0 |
| 902 | dlclose(handle); never executed: dlclose(handle); | 0 |
| 903 | return never executed: return (-1); (-1);never executed: return (-1); | 0 |
| 904 | } | - |
| | |