OpenCoverage

ssh-pkcs11.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/ssh-pkcs11.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5-
6-
7-
8-
9-
10-
11-
12-
13-
14-
15-
16struct pkcs11_slotinfo {-
17 CK_TOKEN_INFO token;-
18 CK_SESSION_HANDLE session;-
19 int logged_in;-
20};-
21-
22struct pkcs11_provider {-
23 char *name;-
24 void *handle;-
25 CK_FUNCTION_LIST *function_list;-
26 CK_INFO info;-
27 CK_ULONG nslots;-
28 CK_SLOT_ID *slotlist;-
29 struct pkcs11_slotinfo *slotinfo;-
30 int valid;-
31 int refcount;-
32 struct { struct pkcs11_provider *tqe_next; struct pkcs11_provider **tqe_prev; } next;-
33};-
34-
35struct { struct pkcs11_provider *tqh_first; struct pkcs11_provider **tqh_last; } pkcs11_providers;-
36-
37struct pkcs11_key {-
38 struct pkcs11_provider *provider;-
39 CK_ULONG slotidx;-
40 int (*orig_finish)(RSA *rsa);-
41 RSA_METHOD *rsa_method;-
42 char *keyid;-
43 int keyid_len;-
44};-
45-
46int pkcs11_interactive = 0;-
47-
48int-
49pkcs11_init(int interactive)-
50{-
51 pkcs11_interactive = interactive;-
52 do { (&pkcs11_providers)->tqh_first = -
53((void *)0)-
54; (&pkcs11_providers)->tqh_last = &(&pkcs11_providers)->tqh_first; } while (0);-
55 return
never executed: return (0);
(0);
never executed: return (0);
0
56}-
57-
58-
59-
60-
61-
62-
63-
64static void-
65pkcs11_provider_finalize(struct pkcs11_provider *p)-
66{-
67 CK_RV rv;-
68 CK_ULONG i;-
69-
70 debug("pkcs11_provider_finalize: %p refcount %d valid %d",-
71 p, p->refcount, p->valid);-
72 if (!p->valid
!p->validDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
73 return;
never executed: return;
0
74 for (i = 0; i < p->nslots
i < p->nslotsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
75 if (p->slotinfo[i].session
p->slotinfo[i].sessionDescription
TRUEnever evaluated
FALSEnever evaluated
&&
0
76 (
(rv = p->funct...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = p->function_list->C_CloseSession(
(rv = p->funct...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
77 p->slotinfo[i].session)) != (0)
(rv = p->funct...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
78 error("C_CloseSession failed: %lu", rv);
never executed: error("C_CloseSession failed: %lu", rv);
0
79 }
never executed: end of block
0
80 if ((
(rv = p->funct...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = p->function_list->C_Finalize(
(rv = p->funct...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
81 ((void *)0)
(rv = p->funct...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
82 )) != (0)
(rv = p->funct...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
83 error("C_Finalize failed: %lu", rv);
never executed: error("C_Finalize failed: %lu", rv);
0
84 p->valid = 0;-
85 p->function_list = -
86 ((void *)0)-
87 ;-
88 dlclose(p->handle);-
89}
never executed: end of block
0
90-
91-
92-
93-
94-
95static void-
96pkcs11_provider_unref(struct pkcs11_provider *p)-
97{-
98 debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);-
99 if (--
--p->refcount <= 0Description
TRUEnever evaluated
FALSEnever evaluated
p->refcount <= 0
--p->refcount <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
100 if (p->valid
p->validDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
101 error("pkcs11_provider_unref: %p still valid", p);
never executed: error("pkcs11_provider_unref: %p still valid", p);
0
102 free(p->slotlist);-
103 free(p->slotinfo);-
104 free(p);-
105 }
never executed: end of block
0
106}
never executed: end of block
0
107-
108-
109void-
110pkcs11_terminate(void)-
111{-
112 struct pkcs11_provider *p;-
113-
114 while ((
(p = ((&pkcs11...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
p = ((&pkcs11_providers)->tqh_first)) !=
(p = ((&pkcs11...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
115 ((void *)0)
(p = ((&pkcs11...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
116 ) {-
117 do { if (((
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
p)->next.tqe_next) !=
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
118 ((void *)0)
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
119 ) (
never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
else (
never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev;
&pkcs11_providers)->tqh_last = (p)->next.tqe_prev;
never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev;
*(p)->next.tqe_prev = (p)->next.tqe_next; ; ; } while (0);
0
120 pkcs11_provider_finalize(p);-
121 pkcs11_provider_unref(p);-
122 }
never executed: end of block
0
123}
never executed: end of block
0
124-
125-
126static struct pkcs11_provider *-
127pkcs11_provider_lookup(char *provider_id)-
128{-
129 struct pkcs11_provider *p;-
130-
131 for((p) = ((&pkcs11_providers)->tqh_first); (
(p) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
p) !=
(p) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
132((
(p) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(p) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
void *)0)
(p) != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
133; (p) = ((p)->next.tqe_next)) {-
134 debug("check %p %s", p, p->name);-
135 if (!
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
136 __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
137 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
138 ) && __builtin_constant_p (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
139 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
140 ) && (__s1_len = __builtin_strlen (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
141 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
142 ), __s2_len = __builtin_strlen (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
143 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
144 ), (!((size_t)(const void *)((
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
145 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
146 ) + 1) - (size_t)(const void *)(
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
147 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
148 ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
149 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
150 ) + 1) - (size_t)(const void *)(
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
151 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
152 ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
153 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
154 ,
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
155 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
156 ) : (__builtin_constant_p (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
157 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
158 ) && ((size_t)(const void *)((
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
159 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
160 ) + 1) - (size_t)(const void *)(
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
161 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
162 ) == 1) && (__s1_len = __builtin_strlen (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
163 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
164 ), __s1_len < 4) ? (__builtin_constant_p (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
165 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
166 ) && ((size_t)(const void *)((
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
167 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
168 ) + 1) - (size_t)(const void *)(
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
169 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
170 ) == 1) ? __builtin_strcmp (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
171 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
172 ,
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
173 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
174 ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
175 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
176 ); int __result = (((const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
177 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
178 ))[0] - __s2[0]); if (__s1_len > 0
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
179 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
180 ))[1] - __s2[1]); if (__s1_len > 1
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
181 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
182 ))[2] - __s2[2]); if (__s1_len > 2
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) __result = (((const unsigned char *) (const char *) (
never executed: __result = (((const unsigned char *) (const char *) ( provider_id ))[3] - __s2[3]);
0
183 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
never executed: __result = (((const unsigned char *) (const char *) ( provider_id ))[3] - __s2[3]);
0
184 ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
185 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
186 ) && ((size_t)(const void *)((
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
187 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
188 ) + 1) - (size_t)(const void *)(
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
189 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
190 ) == 1) && (__s2_len = __builtin_strlen (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
191 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
192 ), __s2_len < 4) ? (__builtin_constant_p (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
193 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
194 ) && ((size_t)(const void *)((
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
195 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
196 ) + 1) - (size_t)(const void *)(
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
197 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
198 ) == 1) ? __builtin_strcmp (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
199 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
200 ,
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
201 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
202 ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
203 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
204 ); int __result = (((const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
205 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
206 ))[0] - __s2[0]); if (__s2_len > 0
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
207 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
208 ))[1] - __s2[1]); if (__s2_len > 1
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
209 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
210 ))[2] - __s2[2]); if (__s2_len > 2
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) __result = (((const unsigned char *) (const char *) (
never executed: __result = (((const unsigned char *) (const char *) ( p->name ))[3] - __s2[3]);
0
211 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
never executed: __result = (((const unsigned char *) (const char *) ( p->name ))[3] - __s2[3]);
0
212 ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
213 provider_id
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
214 ,
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
215 p->name
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
216 )))); })
! __extension_...>name )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
217 )-
218 return
never executed: return (p);
(p);
never executed: return (p);
0
219 }
never executed: end of block
0
220 return
never executed: return ( ((void *)0) );
(
never executed: return ( ((void *)0) );
0
221 ((void *)0)
never executed: return ( ((void *)0) );
0
222 );
never executed: return ( ((void *)0) );
0
223}-
224-
225-
226int-
227pkcs11_del_provider(char *provider_id)-
228{-
229 struct pkcs11_provider *p;-
230-
231 if ((
(p = pkcs11_pr...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
p = pkcs11_provider_lookup(provider_id)) !=
(p = pkcs11_pr...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
232 ((void *)0)
(p = pkcs11_pr...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
233 ) {-
234 do { if (((
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
p)->next.tqe_next) !=
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
235 ((void *)0)
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
236 ) (
never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
else (
never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev;
&pkcs11_providers)->tqh_last = (p)->next.tqe_prev;
never executed: (&pkcs11_providers)->tqh_last = (p)->next.tqe_prev;
*(p)->next.tqe_prev = (p)->next.tqe_next; ; ; } while (0);
0
237 pkcs11_provider_finalize(p);-
238 pkcs11_provider_unref(p);-
239 return
never executed: return (0);
(0);
never executed: return (0);
0
240 }-
241 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
242}-
243-
244-
245static int-
246pkcs11_rsa_finish(RSA *rsa)-
247{-
248 struct pkcs11_key *k11;-
249 int rv = -1;-
250-
251 if ((
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
k11 =
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
252 RSA_get_ex_data(
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
253 rsa
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
254 ,0)
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
255 ) !=
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
256 ((void *)0)
(k11 = RSA_get...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
257 ) {-
258 if (k11->orig_finish
k11->orig_finishDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
259 rv = k11->orig_finish(rsa);
never executed: rv = k11->orig_finish(rsa);
0
260 if (k11->provider
k11->providerDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
261 pkcs11_provider_unref(k11->provider);
never executed: pkcs11_provider_unref(k11->provider);
0
262 RSA_meth_free(k11->rsa_method);-
263 free(k11->keyid);-
264 free(k11);-
265 }
never executed: end of block
0
266 return
never executed: return (rv);
(rv);
never executed: return (rv);
0
267}-
268-
269-
270static int-
271pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr,-
272 CK_ULONG nattr, CK_OBJECT_HANDLE *obj)-
273{-
274 CK_FUNCTION_LIST *f;-
275 CK_SESSION_HANDLE session;-
276 CK_ULONG nfound = 0;-
277 CK_RV rv;-
278 int ret = -1;-
279-
280 f = p->function_list;-
281 session = p->slotinfo[slotidx].session;-
282 if ((
(rv = f->C_Fin...nattr)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_FindObjectsInit(session, attr, nattr)) != (0)
(rv = f->C_Fin...nattr)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
283 error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv);-
284 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
285 }-
286 if ((
(rv = f->C_Fin...found)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_FindObjects(session, obj, 1, &nfound)) != (0)
(rv = f->C_Fin...found)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
||
0
287 nfound != 1
nfound != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
288 debug("C_FindObjects failed (nfound %lu nattr %lu): %lu",-
289 nfound, nattr, rv);-
290 }
never executed: end of block
else
0
291 ret = 0;
never executed: ret = 0;
0
292 if ((
(rv = f->C_Fin...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_FindObjectsFinal(session)) != (0)
(rv = f->C_Fin...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
293 error("C_FindObjectsFinal failed: %lu", rv);
never executed: error("C_FindObjectsFinal failed: %lu", rv);
0
294 return
never executed: return (ret);
(ret);
never executed: return (ret);
0
295}-
296-
297-
298static int-
299pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,-
300 int padding)-
301{-
302 struct pkcs11_key *k11;-
303 struct pkcs11_slotinfo *si;-
304 CK_FUNCTION_LIST *f;-
305 CK_OBJECT_HANDLE obj;-
306 CK_ULONG tlen = 0;-
307 CK_RV rv;-
308 CK_OBJECT_CLASS private_key_class = (3);-
309 CK_BBOOL true_val = 1;-
310 CK_MECHANISM mech = {-
311 (1), -
312 ((void *)0)-
313 , 0-
314 };-
315 CK_ATTRIBUTE key_filter[] = {-
316 {(0), -
317 ((void *)0)-
318 , sizeof(private_key_class) },-
319 {(0x102), -
320 ((void *)0)-
321 , 0},-
322 {(0x108), -
323 ((void *)0)-
324 , sizeof(true_val) }-
325 };-
326 char *pin = -
327 ((void *)0)-
328 , prompt[1024];-
329 int rval = -1;-
330-
331 key_filter[0].pValue = &private_key_class;-
332 key_filter[2].pValue = &true_val;-
333-
334 if ((
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
k11 =
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
335 RSA_get_ex_data(
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
336 rsa
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
337 ,0)
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
338 ) ==
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
339 ((void *)0)
(k11 = RSA_get...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
340 ) {-
341 error("RSA_get_app_data failed for rsa %p", rsa);-
342 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
343 }-
344 if (!k11->provider
!k11->providerDescription
TRUEnever evaluated
FALSEnever evaluated
|| !k11->provider->valid
!k11->provider->validDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
345 error("no pkcs11 (valid) provider for rsa %p", rsa);-
346 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
347 }-
348 f = k11->provider->function_list;-
349 si = &k11->provider->slotinfo[k11->slotidx];-
350 if ((
(si->token.flags & (1 << 2))Description
TRUEnever evaluated
FALSEnever evaluated
si->token.flags & (1 << 2))
(si->token.flags & (1 << 2))Description
TRUEnever evaluated
FALSEnever evaluated
&& !si->logged_in
!si->logged_inDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
351 if (!pkcs11_interactive
!pkcs11_interactiveDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
352 error("need pin entry%s", (si->token.flags &-
353 (1 << 8)) ?-
354 " on reader keypad" : "");-
355 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
356 }-
357 if (si->token.flags & (1 << 8)
si->token.flags & (1 << 8)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
358 verbose("Deferring PIN entry to reader keypad.");
never executed: verbose("Deferring PIN entry to reader keypad.");
0
359 else {-
360 snprintf(prompt, sizeof(prompt),-
361 "Enter PIN for '%s': ", si->token.label);-
362 pin = read_passphrase(prompt, 0x0004);-
363 if (pin ==
pin == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
364 ((void *)0)
pin == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
365 )-
366 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
367 }
never executed: end of block
0
368 rv = f->C_Login(si->session, (1), (u_char *)pin,-
369 (pin != -
370 ((void *)0)-
371 ) ? strlen(pin) : 0);-
372 if (pin !=
pin != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
373 ((void *)0)
pin != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
374 ) {-
375 explicit_bzero(pin, strlen(pin));-
376 free(pin);-
377 }
never executed: end of block
0
378 if (rv != (0)
rv != (0)Description
TRUEnever evaluated
FALSEnever evaluated
&& rv != (0x100)
rv != (0x100)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
379 error("C_Login failed: %lu", rv);-
380 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
381 }-
382 si->logged_in = 1;-
383 }
never executed: end of block
0
384 key_filter[1].pValue = k11->keyid;-
385 key_filter[1].ulValueLen = k11->keyid_len;-
386-
387 if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0
pkcs11_find(k1..., 3, &obj) < 0Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
388 pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0
pkcs11_find(k1..., 2, &obj) < 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
389 error("cannot find private key");-
390 }
never executed: end of block
else if ((
(rv = f->C_Sig..., obj)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_SignInit(si->session, &mech, obj)) != (0)
(rv = f->C_Sig..., obj)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
391 error("C_SignInit failed: %lu", rv);-
392 }
never executed: end of block
else {
0
393-
394 tlen = RSA_size(rsa);-
395 rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);-
396 if (rv == (0)
rv == (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
397 rval = tlen;
never executed: rval = tlen;
0
398 else-
399 error("C_Sign failed: %lu", rv);
never executed: error("C_Sign failed: %lu", rv);
0
400 }-
401 return
never executed: return (rval);
(rval);
never executed: return (rval);
0
402}-
403-
404static int-
405pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa,-
406 int padding)-
407{-
408 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
409}-
410-
411-
412static int-
413pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,-
414 CK_ATTRIBUTE *keyid_attrib, RSA *rsa)-
415{-
416 struct pkcs11_key *k11;-
417 const RSA_METHOD *def = RSA_get_default_method();-
418-
419 k11 = xcalloc(1, sizeof(*k11));-
420 k11->provider = provider;-
421 provider->refcount++;-
422 k11->slotidx = slotidx;-
423-
424 k11->keyid_len = keyid_attrib->ulValueLen;-
425 if (k11->keyid_len > 0
k11->keyid_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
426 k11->keyid = xmalloc(k11->keyid_len);-
427 memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);-
428 }
never executed: end of block
0
429 k11->rsa_method = RSA_meth_dup(def);-
430 if (k11->rsa_method ==
k11->rsa_method == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
431 ((void *)0)
k11->rsa_method == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
432 )-
433 fatal("%s: RSA_meth_dup failed", __func__);
never executed: fatal("%s: RSA_meth_dup failed", __func__);
0
434 k11->orig_finish = RSA_meth_get_finish(def);-
435 if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11")
!RSA_meth_set1...hod, "pkcs11")Description
TRUEnever evaluated
FALSEnever evaluated
||
0
436 !RSA_meth_set_priv_enc(k11->rsa_method,
!RSA_meth_set_...ivate_encrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
437 pkcs11_rsa_private_encrypt)
!RSA_meth_set_...ivate_encrypt)Description
TRUEnever evaluated
FALSEnever evaluated
||
0
438 !RSA_meth_set_priv_dec(k11->rsa_method,
!RSA_meth_set_...ivate_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
439 pkcs11_rsa_private_decrypt)
!RSA_meth_set_...ivate_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
||
0
440 !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish)
!RSA_meth_set_...11_rsa_finish)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
441 fatal("%s: setup pkcs11 method failed", __func__);
never executed: fatal("%s: setup pkcs11 method failed", __func__);
0
442 RSA_set_method(rsa, k11->rsa_method);-
443 -
444RSA_set_ex_data(-
445rsa-
446,0,-
447k11-
448)-
449 ;-
450 return
never executed: return (0);
(0);
never executed: return (0);
0
451}-
452-
453-
454static void-
455rmspace(u_char *buf, size_t len)-
456{-
457 size_t i;-
458-
459 if (!len
!lenDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
460 return;
never executed: return;
0
461 for (i = len - 1; i > 0
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
; i--)
0
462 if (i == len - 1
i == len - 1Description
TRUEnever evaluated
FALSEnever evaluated
|| buf[i] == ' '
buf[i] == ' 'Description
TRUEnever evaluated
FALSEnever evaluated
)
0
463 buf[i] = '\0';
never executed: buf[i] = '\0';
0
464 else-
465 break;
never executed: break;
0
466}
never executed: end of block
0
467-
468-
469-
470-
471-
472static int-
473pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)-
474{-
475 CK_RV rv;-
476 CK_FUNCTION_LIST *f;-
477 CK_SESSION_HANDLE session;-
478 int login_required;-
479-
480 f = p->function_list;-
481 login_required = p->slotinfo[slotidx].token.flags & (1 << 2);-
482 if (pin
pinDescription
TRUEnever evaluated
FALSEnever evaluated
&& login_required
login_requiredDescription
TRUEnever evaluated
FALSEnever evaluated
&& !strlen(pin)
!strlen(pin)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
483 error("pin required");-
484 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
485 }-
486 if ((
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_OpenSession(p->slotlist[slotidx], (1 << 1)|
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
487 (1 << 2),
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
488 ((void *)0)
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
489 ,
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
490 ((void *)0)
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
491 , &session))
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
492 != (0)
(rv = f->C_Ope...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
493 error("C_OpenSession failed: %lu", rv);-
494 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
495 }-
496 if (login_required
login_requiredDescription
TRUEnever evaluated
FALSEnever evaluated
&& pin
pinDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
497 rv = f->C_Login(session, (1),-
498 (u_char *)pin, strlen(pin));-
499 if (rv != (0)
rv != (0)Description
TRUEnever evaluated
FALSEnever evaluated
&& rv != (0x100)
rv != (0x100)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
500 error("C_Login failed: %lu", rv);-
501 if ((
(rv = f->C_Clo...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_CloseSession(session)) != (0)
(rv = f->C_Clo...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
502 error("C_CloseSession failed: %lu", rv);
never executed: error("C_CloseSession failed: %lu", rv);
0
503 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
504 }-
505 p->slotinfo[slotidx].logged_in = 1;-
506 }
never executed: end of block
0
507 p->slotinfo[slotidx].session = session;-
508 return
never executed: return (0);
(0);
never executed: return (0);
0
509}-
510-
511-
512-
513-
514-
515-
516static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG,-
517 CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *)-
518 __attribute__(());-
519-
520static int-
521pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,-
522 struct sshkey ***keysp, int *nkeys)-
523{-
524 CK_OBJECT_CLASS pubkey_class = (2);-
525 CK_OBJECT_CLASS cert_class = (1);-
526 CK_ATTRIBUTE pubkey_filter[] = {-
527 { (0), -
528 ((void *)0)-
529 , sizeof(pubkey_class) }-
530 };-
531 CK_ATTRIBUTE cert_filter[] = {-
532 { (0), -
533 ((void *)0)-
534 , sizeof(cert_class) }-
535 };-
536 CK_ATTRIBUTE pubkey_attribs[] = {-
537 { (0x102), -
538 ((void *)0)-
539 , 0 },-
540 { (0x120), -
541 ((void *)0)-
542 , 0 },-
543 { (0x122), -
544 ((void *)0)-
545 , 0 }-
546 };-
547 CK_ATTRIBUTE cert_attribs[] = {-
548 { (0x102), -
549 ((void *)0)-
550 , 0 },-
551 { (0x101), -
552 ((void *)0)-
553 , 0 },-
554 { (0x11), -
555 ((void *)0)-
556 , 0 }-
557 };-
558 pubkey_filter[0].pValue = &pubkey_class;-
559 cert_filter[0].pValue = &cert_class;-
560-
561 if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs,
pkcs11_fetch_k...sp, nkeys) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
562 keysp, nkeys) < 0
pkcs11_fetch_k...sp, nkeys) < 0Description
TRUEnever evaluated
FALSEnever evaluated
||
0
563 pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs,
pkcs11_fetch_k...sp, nkeys) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
564 keysp, nkeys) < 0
pkcs11_fetch_k...sp, nkeys) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
565 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
566 return
never executed: return (0);
(0);
never executed: return (0);
0
567}-
568-
569static int-
570pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)-
571{-
572 int i;-
573-
574 for (i = 0; i < *nkeys
i < *nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
575 if (sshkey_equal(key, (*keysp)[i])
sshkey_equal(key, (*keysp)[i])Description
TRUEnever evaluated
FALSEnever evaluated
)
0
576 return
never executed: return (1);
(1);
never executed: return (1);
0
577 return
never executed: return (0);
(0);
never executed: return (0);
0
578}-
579-
580static int-
581have_rsa_key(const RSA *rsa)-
582{-
583 const BIGNUM *rsa_n, *rsa_e;-
584-
585 RSA_get0_key(rsa, &rsa_n, &rsa_e, -
586 ((void *)0)-
587 );-
588 return
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ;
rsa_n !=
rsa_n != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ;
0
589 ((void *)0)
rsa_n != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ;
0
590 && rsa_e !=
rsa_e != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ;
0
591 ((void *)0)
rsa_e != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ;
0
592 ;
never executed: return rsa_n != ((void *)0) && rsa_e != ((void *)0) ;
0
593}-
594-
595static int-
596pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,-
597 CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],-
598 struct sshkey ***keysp, int *nkeys)-
599{-
600 struct sshkey *key;-
601 RSA *rsa;-
602 X509 *x509;-
603 EVP_PKEY *evp;-
604 int i;-
605 const u_char *cp;-
606 CK_RV rv;-
607 CK_OBJECT_HANDLE obj;-
608 CK_ULONG nfound;-
609 CK_SESSION_HANDLE session;-
610 CK_FUNCTION_LIST *f;-
611-
612 f = p->function_list;-
613 session = p->slotinfo[slotidx].session;-
614-
615 if ((
(rv = f->C_Fin...er, 1)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_FindObjectsInit(session, filter, 1)) != (0)
(rv = f->C_Fin...er, 1)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
616 error("C_FindObjectsInit failed: %lu", rv);-
617 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
618 }-
619 while (1) {-
620-
621 for (i = 0; i < 3
i < 3Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
622 attribs[i].pValue = -
623 ((void *)0)-
624 ;-
625 attribs[i].ulValueLen = 0;-
626 }
never executed: end of block
0
627 if ((
(rv = f->C_Fin...found)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_FindObjects(session, &obj, 1, &nfound)) != (0)
(rv = f->C_Fin...found)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
628 || nfound == 0
nfound == 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
629 break;
never executed: break;
0
630-
631 if ((
(rv = f->C_Get...bs, 3)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_GetAttributeValue(session, obj, attribs, 3))
(rv = f->C_Get...bs, 3)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
632 != (0)
(rv = f->C_Get...bs, 3)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
633 error("C_GetAttributeValue failed: %lu", rv);-
634 continue;
never executed: continue;
0
635 }-
636-
637-
638-
639-
640-
641 if (attribs[1].ulValueLen == 0
attribs[1].ulValueLen == 0Description
TRUEnever evaluated
FALSEnever evaluated
||
0
642 attribs[2].ulValueLen == 0
attribs[2].ulValueLen == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
643 continue;
never executed: continue;
0
644 }-
645-
646 for (i = 0; i < 3
i < 3Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
647 if (attribs[i].ulValueLen > 0
attribs[i].ulValueLen > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
648 attribs[i].pValue = xmalloc(-
649 attribs[i].ulValueLen);-
650 }
never executed: end of block
0
651 }
never executed: end of block
0
652-
653-
654-
655-
656-
657 rsa = -
658 ((void *)0)-
659 ;-
660 if ((
(rv = f->C_Get...bs, 3)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_GetAttributeValue(session, obj, attribs, 3))
(rv = f->C_Get...bs, 3)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
661 != (0)
(rv = f->C_Get...bs, 3)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
662 error("C_GetAttributeValue failed: %lu", rv);-
663 }
never executed: end of block
else if (attribs[1].type == (0x120)
attribs[1].type == (0x120)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
664 if ((
(rsa = RSA_new...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
rsa = RSA_new()) ==
(rsa = RSA_new...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
665 ((void *)0)
(rsa = RSA_new...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
666 ) {-
667 error("RSA_new failed");-
668 }
never executed: end of block
else {
0
669 BIGNUM *rsa_n, *rsa_e;-
670-
671 rsa_n = BN_bin2bn(attribs[1].pValue,-
672 attribs[1].ulValueLen, -
673 ((void *)0)-
674 );-
675 rsa_e = BN_bin2bn(attribs[2].pValue,-
676 attribs[2].ulValueLen, -
677 ((void *)0)-
678 );-
679 if (rsa_n !=
rsa_n != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
680 ((void *)0)
rsa_n != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
681 && rsa_e !=
rsa_e != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
682 ((void *)0)
rsa_e != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
683 ) {-
684 if (!RSA_set0_key(rsa,
!RSA_set0_key(... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
685 rsa_n, rsa_e,
!RSA_set0_key(... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
686 ((void *)0)
!RSA_set0_key(... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
687 )
!RSA_set0_key(... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
)
0
688 fatal("%s: set key", __func__);
never executed: fatal("%s: set key", __func__);
0
689 rsa_n = rsa_e = -
690 ((void *)0)-
691 ;-
692 }
never executed: end of block
0
693 BN_free(rsa_n);-
694 BN_free(rsa_e);-
695 }
never executed: end of block
0
696 } else {-
697 cp = attribs[2].pValue;-
698 if ((
(x509 = X509_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
x509 = X509_new()) ==
(x509 = X509_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
699 ((void *)0)
(x509 = X509_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
700 ) {-
701 error("X509_new failed");-
702 }
never executed: end of block
else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen)
d2i_X509(&x509...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
703 ==
d2i_X509(&x509...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
704 ((void *)0)
d2i_X509(&x509...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
705 ) {-
706 error("d2i_X509 failed");-
707 }
never executed: end of block
else if ((
(evp = X509_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
evp = X509_get_pubkey(x509)) ==
(evp = X509_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
708 ((void *)0)
(evp = X509_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
709 ||-
710 EVP_PKEY_base_id(evp) !=
EVP_PKEY_base_id(evp) != 6Description
TRUEnever evaluated
FALSEnever evaluated
0
711 6
EVP_PKEY_base_id(evp) != 6Description
TRUEnever evaluated
FALSEnever evaluated
0
712 ||-
713 EVP_PKEY_get0_RSA(evp) ==
EVP_PKEY_get0_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
714 ((void *)0)
EVP_PKEY_get0_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
715 ) {-
716 debug("X509_get_pubkey failed or no rsa");-
717 }
never executed: end of block
else if ((
(rsa = RSAPubl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
rsa = RSAPublicKey_dup(
(rsa = RSAPubl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
718 EVP_PKEY_get0_RSA(evp))) ==
(rsa = RSAPubl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
719 ((void *)0)
(rsa = RSAPubl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
720 ) {-
721 error("RSAPublicKey_dup");-
722 }
never executed: end of block
0
723 X509_free(x509);-
724 }
never executed: end of block
0
725 if (rsa
rsaDescription
TRUEnever evaluated
FALSEnever evaluated
&& have_rsa_key(rsa)
have_rsa_key(rsa)Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
726 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0
pkcs11_rsa_wra...[0], rsa) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
727 if ((
(key = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
key = sshkey_new(KEY_UNSPEC)) ==
(key = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
728 ((void *)0)
(key = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
729 )-
730 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
731 key->rsa = rsa;-
732 key->type = KEY_RSA;-
733 key->flags |= 0x0001;-
734 if (pkcs11_key_included(keysp, nkeys, key)
pkcs11_key_inc...p, nkeys, key)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
735 sshkey_free(key);-
736 }
never executed: end of block
else {
0
737-
738 *keysp = xrecallocarray(*keysp, *nkeys,-
739 *nkeys + 1, sizeof(struct sshkey *));-
740 (*keysp)[*nkeys] = key;-
741 *nkeys = *nkeys + 1;-
742 debug("have %d keys", *nkeys);-
743 }
never executed: end of block
0
744 } else if (rsa
rsaDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
745 RSA_free(rsa);-
746 }
never executed: end of block
0
747 for (i = 0; i < 3
i < 3Description
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
748 free(attribs[i].pValue);
never executed: free(attribs[i].pValue);
0
749 }
never executed: end of block
0
750 if ((
(rv = f->C_Fin...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_FindObjectsFinal(session)) != (0)
(rv = f->C_Fin...ssion)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
751 error("C_FindObjectsFinal failed: %lu", rv);
never executed: error("C_FindObjectsFinal failed: %lu", rv);
0
752 return
never executed: return (0);
(0);
never executed: return (0);
0
753}-
754-
755-
756int-
757pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)-
758{-
759 int nkeys, need_finalize = 0;-
760 struct pkcs11_provider *p = -
761 ((void *)0)-
762 ;-
763 void *handle = -
764 ((void *)0)-
765 ;-
766 CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **);-
767 CK_RV rv;-
768 CK_FUNCTION_LIST *f = -
769 ((void *)0)-
770 ;-
771 CK_TOKEN_INFO *token;-
772 CK_ULONG i;-
773-
774 *keyp = -
775 ((void *)0)-
776 ;-
777 if (pkcs11_provider_lookup(provider_id) !=
pkcs11_provide...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
778 ((void *)0)
pkcs11_provide...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
779 ) {-
780 debug("%s: provider already registered: %s",-
781 __func__, provider_id);-
782 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
783 }-
784-
785 if ((
(handle = dlop...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
handle = dlopen(provider_id,
(handle = dlop...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
786 0x00002
(handle = dlop...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
787 )) ==
(handle = dlop...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
788 ((void *)0)
(handle = dlop...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
789 ) {-
790 error("dlopen %s failed: %s", provider_id, dlerror());-
791 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
792 }-
793 if ((
(getfunctionli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
getfunctionlist = dlsym(handle, "C_GetFunctionList")) ==
(getfunctionli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
794 ((void *)0)
(getfunctionli...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
795 ) {-
796 error("dlsym(C_GetFunctionList) failed: %s", dlerror());-
797 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
798 }-
799 p = xcalloc(1, sizeof(*p));-
800 p->name = xstrdup(provider_id);-
801 p->handle = handle;-
802-
803 if ((
(rv = (*getfun...t)(&f)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = (*getfunctionlist)(&f)) != (0)
(rv = (*getfun...t)(&f)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
804 error("C_GetFunctionList for provider %s failed: %lu",-
805 provider_id, rv);-
806 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
807 }-
808 p->function_list = f;-
809 if ((
(rv = f->C_Ini...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_Initialize(
(rv = f->C_Ini...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
810 ((void *)0)
(rv = f->C_Ini...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
811 )) != (0)
(rv = f->C_Ini...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
812 error("C_Initialize for provider %s failed: %lu",-
813 provider_id, rv);-
814 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
815 }-
816 need_finalize = 1;-
817 if ((
(rv = f->C_Get...>info)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_GetInfo(&p->info)) != (0)
(rv = f->C_Get...>info)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
818 error("C_GetInfo for provider %s failed: %lu",-
819 provider_id, rv);-
820 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
821 }-
822 rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID));-
823 rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription));-
824 debug("provider %s: manufacturerID <%s> cryptokiVersion %d.%d"-
825 " libraryDescription <%s> libraryVersion %d.%d",-
826 provider_id,-
827 p->info.manufacturerID,-
828 p->info.cryptokiVersion.major,-
829 p->info.cryptokiVersion.minor,-
830 p->info.libraryDescription,-
831 p->info.libraryVersion.major,-
832 p->info.libraryVersion.minor);-
833 if ((
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_GetSlotList(1,
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
834 ((void *)0)
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
835 , &p->nslots)) != (0)
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
836 error("C_GetSlotList failed: %lu", rv);-
837 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
838 }-
839 if (p->nslots == 0
p->nslots == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
840 debug("%s: provider %s returned no slots", __func__,-
841 provider_id);-
842 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
843 }-
844 p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID));-
845 if ((
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_GetSlotList(1, p->slotlist, &p->nslots))
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
846 != (0)
(rv = f->C_Get...slots)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
847 error("C_GetSlotList for provider %s failed: %lu",-
848 provider_id, rv);-
849 goto
never executed: goto fail;
fail;
never executed: goto fail;
0
850 }-
851 p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo));-
852 p->valid = 1;-
853 nkeys = 0;-
854 for (i = 0; i < p->nslots
i < p->nslotsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
855 token = &p->slotinfo[i].token;-
856 if ((
(rv = f->C_Get...token)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_GetTokenInfo(p->slotlist[i], token))
(rv = f->C_Get...token)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
857 != (0)
(rv = f->C_Get...token)) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
858 error("C_GetTokenInfo for provider %s slot %lu "-
859 "failed: %lu", provider_id, (unsigned long)i, rv);-
860 continue;
never executed: continue;
0
861 }-
862 if ((
(token->flags ...1 << 10)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
token->flags & (1 << 10)) == 0
(token->flags ...1 << 10)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
863 debug2("%s: ignoring uninitialised token in "-
864 "provider %s slot %lu", __func__,-
865 provider_id, (unsigned long)i);-
866 continue;
never executed: continue;
0
867 }-
868 rmspace(token->label, sizeof(token->label));-
869 rmspace(token->manufacturerID, sizeof(token->manufacturerID));-
870 rmspace(token->model, sizeof(token->model));-
871 rmspace(token->serialNumber, sizeof(token->serialNumber));-
872 debug("provider %s slot %lu: label <%s> manufacturerID <%s> "-
873 "model <%s> serial <%s> flags 0x%lx",-
874 provider_id, (unsigned long)i,-
875 token->label, token->manufacturerID, token->model,-
876 token->serialNumber, token->flags);-
877-
878 if (pkcs11_open_session(p, i, pin) == 0
pkcs11_open_se..., i, pin) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
879 pkcs11_fetch_keys(p, i, keyp, &nkeys);
never executed: pkcs11_fetch_keys(p, i, keyp, &nkeys);
0
880 }
never executed: end of block
0
881 if (nkeys > 0
nkeys > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
882 do { (p)->next.tqe_next = -
883 ((void *)0)-
884 ; (p)->next.tqe_prev = (&pkcs11_providers)->tqh_last; *(&pkcs11_providers)->tqh_last = (p); (&pkcs11_providers)->tqh_last = &(p)->next.tqe_next; } while (0);-
885 p->refcount++;-
886 return
never executed: return (nkeys);
(nkeys);
never executed: return (nkeys);
0
887 }-
888 debug("%s: provider %s returned no keys", __func__, provider_id);-
889-
890fail:
code before this statement never executed: fail:
0
891 if (need_finalize
need_finalizeDescription
TRUEnever evaluated
FALSEnever evaluated
&& (
(rv = f->C_Fin...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
rv = f->C_Finalize(
(rv = f->C_Fin...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
892 ((void *)0)
(rv = f->C_Fin...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
0
893 )) != (0)
(rv = f->C_Fin...*)0) )) != (0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
894 error("C_Finalize for provider %s failed: %lu",
never executed: error("C_Finalize for provider %s failed: %lu", provider_id, rv);
0
895 provider_id, rv);
never executed: error("C_Finalize for provider %s failed: %lu", provider_id, rv);
0
896 if (p
pDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
897 free(p->slotlist);-
898 free(p->slotinfo);-
899 free(p);-
900 }
never executed: end of block
0
901 if (handle
handleDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
902 dlclose(handle);
never executed: dlclose(handle);
0
903 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
904}-
Switch to Source codePreprocessed file

Generated by Squish Coco 4.2.2