From: Nikos Mavrogiannopoulos Date: Fri, 20 Jul 2012 20:07:20 +0000 (+0200) Subject: Eliminated p11common.c. X-Git-Tag: gnutls_3_1_0pre0~35 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9ec660655aa8ff5b311489082c8482c85895f879;p=thirdparty%2Fgnutls.git Eliminated p11common.c. --- diff --git a/src/Makefile.am b/src/Makefile.am index cf775c3944..2f29d57a16 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -52,9 +52,6 @@ endif if ENABLE_PKCS11 bin_PROGRAMS += p11tool -PKCS11_SRCS = p11common.c p11common.h -else -PKCS11_SRCS = endif noinst_LTLIBRARIES = @@ -64,8 +61,7 @@ gnutls_serv_SOURCES = \ udp-serv.c udp-serv.h \ socket.c socket.h \ common.h common.c \ - certtool-common.h \ - $(PKCS11_SRCS) + certtool-common.h gnutls_serv_LDADD = ../lib/libgnutls.la gnutls_serv_LDADD += libcmd-serv.la ../gl/libgnu.la $(LIBOPTS_LDADD) $(LTLIBINTL) gnutls_serv_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB) @@ -103,7 +99,7 @@ BENCHMARK_SRCS = benchmark-cipher.c benchmark.c benchmark.h benchmark-tls.c gnutls_cli_SOURCES = cli.c common.h common.c \ socket.c socket.h ocsptool-common.c \ - $(PKCS11_SRCS) $(BENCHMARK_SRCS) + $(BENCHMARK_SRCS) gnutls_cli_LDADD = ../lib/libgnutls.la gnutls_cli_LDADD += libcmd-cli.la ../gl/libgnu.la $(LIBOPTS_LDADD) $(LTLIBINTL) gnutls_cli_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB) $(LIB_CLOCK_GETTIME) \ @@ -113,8 +109,7 @@ libcmd_cli_la_CFLAGS = libcmd_cli_la_SOURCES = cli-args.def cli-args.c cli-args.h gnutls_cli_debug_SOURCES = tls_test.c tests.h tests.c \ - socket.c socket.h common.h common.c \ - $(PKCS11_SRCS) + socket.c socket.h common.h common.c gnutls_cli_debug_LDADD = ../lib/libgnutls.la libcmd-cli-debug.la gnutls_cli_debug_LDADD += $(LIBOPTS_LDADD) $(LTLIBINTL) gnutls_cli_debug_LDADD += ../gl/libgnu.la $(LIBSOCKET) $(GETADDRINFO_LIB) @@ -124,7 +119,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args #certtool -certtool_SOURCES = certtool.c dh.c certtool-common.c certtool-extras.c $(PKCS11_SRCS) +certtool_SOURCES = certtool.c dh.c certtool-common.c certtool-extras.c common.c certtool_LDADD = ../lib/libgnutls.la certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la @@ -140,7 +135,8 @@ libcmd_certtool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB) # p11 tool if ENABLE_PKCS11 -p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c certtool-extras.c p11tool.h $(PKCS11_SRCS) +p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c \ + certtool-extras.c p11tool.h common.c p11tool_LDADD = ../lib/libgnutls.la $(LIBOPTS_LDADD) $(LTLIBINTL) p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la @@ -156,7 +152,7 @@ endif # ENABLE_PKCS11 if ENABLE_TROUSERS -tpmtool_SOURCES = tpmtool-args.def tpmtool.c certtool-common.c certtool-extras.c +tpmtool_SOURCES = tpmtool-args.def tpmtool.c certtool-common.c certtool-extras.c common.c tpmtool_LDADD = ../lib/libgnutls.la $(LIBOPTS_LDADD) $(LTLIBINTL) tpmtool_LDADD += libcmd-tpmtool.la ../gl/libgnu.la diff --git a/src/certtool-common.c b/src/certtool-common.c index 9942da0ca4..3bf6536070 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -38,6 +38,7 @@ #include #include #include +#include #include "certtool-common.h" #include "certtool-cfg.h" @@ -716,27 +717,6 @@ print_key_usage (FILE * outfile, unsigned int usage) } } -const char * -raw_to_string (const unsigned char *raw, size_t raw_size) -{ - static char buf[1024]; - size_t i; - if (raw_size == 0) - return NULL; - - if (raw_size * 3 + 1 >= sizeof (buf)) - return NULL; - - for (i = 0; i < raw_size; i++) - { - sprintf (&(buf[i * 3]), "%02X%s", raw[i], - (i == raw_size - 1) ? "" : ":"); - } - buf[sizeof (buf) - 1] = '\0'; - - return buf; -} - void _pubkey_info(FILE* outfile, gnutls_pubkey_t pubkey) { unsigned int usage; diff --git a/src/certtool-common.h b/src/certtool-common.h index 7bedfb5fc8..8e1af6b23d 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -87,9 +87,6 @@ print_dsa_pkey (FILE* outfile, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_da FILE *safe_open_rw (const char *file, int privkey_op); -const char * -raw_to_string (const unsigned char *raw, size_t raw_size); - extern unsigned char buffer[]; extern const int buffer_size; diff --git a/src/certtool.c b/src/certtool.c index 7078d243b7..a8e5f6c6a7 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -45,7 +45,7 @@ #include #include -#include +#include #include "certtool-args.h" #include "certtool-common.h" diff --git a/src/cli.c b/src/cli.c index 4256903b29..3ef997436d 100644 --- a/src/cli.c +++ b/src/cli.c @@ -151,6 +151,7 @@ load_keys (void) { crt_num = 1; gnutls_x509_crt_init (&crt_list[0]); + gnutls_x509_crt_set_pin_function(crt_list[0], pin_callback, NULL); ret = gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0); @@ -224,7 +225,10 @@ load_keys (void) gnutls_strerror (ret)); exit (1); } - else if (gnutls_url_is_supported(x509_keyfile) != 0) + + gnutls_privkey_set_pin_function(x509_key, pin_callback, NULL); + + if (gnutls_url_is_supported(x509_keyfile) != 0) { ret = gnutls_privkey_import_url (x509_key, x509_keyfile, 0); @@ -299,6 +303,8 @@ load_keys (void) exit (1); } + gnutls_privkey_set_pin_function(pgp_key, pin_callback, NULL); + if (gnutls_url_is_supported (pgp_keyfile)) { ret = gnutls_privkey_import_url( pgp_key, pgp_keyfile, 0); @@ -770,7 +776,7 @@ main (int argc, char **argv) } #ifdef ENABLE_PKCS11 - pkcs11_common (); +// pkcs11_common (); #endif if (hostname == NULL) @@ -1189,7 +1195,7 @@ do_handshake (socket_st * socket) if (ret == 0) { /* print some information */ - print_info (socket->session, print_cert); + print_info (socket->session, print_cert, verbose); socket->secure = 1; } else @@ -1311,6 +1317,7 @@ init_global_tls_stuff (void) fprintf (stderr, "Certificate allocation memory error\n"); exit (1); } + gnutls_certificate_set_pin_function(xcred, pin_callback, NULL); if (x509_cafile != NULL) { diff --git a/src/common.c b/src/common.c index 95de4b4af4..4b58d94efa 100644 --- a/src/common.c +++ b/src/common.c @@ -37,9 +37,11 @@ #include #include -#define SU(x) (x!=NULL?x:"Unknown") +#ifdef ENABLE_PKCS11 +# include +#endif -extern int verbose; +#define SU(x) (x!=NULL?x:"Unknown") const char str_unknown[] = "(unknown)"; @@ -579,7 +581,7 @@ print_ecdh_info (gnutls_session_t session, const char *str) } int -print_info (gnutls_session_t session, int print_cert) +print_info (gnutls_session_t session, int print_cert, int verbose) { const char *tmp; gnutls_credentials_type_t cred; @@ -1051,3 +1053,108 @@ int len = strlen(str); } return 0; } + +#define MIN(x,y) ((x)<(y))?(x):(y) +#define MAX_CACHE_TRIES 5 +int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) +{ + const char *password; + const char * desc; + int len, cache = MAX_CACHE_TRIES; +/* allow caching of PIN */ + static char *cached_url = NULL; + static char cached_pin[32] = ""; + + if (flags & GNUTLS_PKCS11_PIN_SO) + desc = "security officer"; + else + desc = "user"; + + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + { + cache = 0; + printf ("*** This is the final try before locking!\n"); + } + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + { + cache = 0; + printf ("*** Only few tries left before locking!\n"); + } + + if (flags & GNUTLS_PKCS11_PIN_WRONG) + { + cache = 0; + printf ("*** Wrong PIN has been provided!\n"); + } + + if (cache > 0 && cached_url != NULL) + { + if (strcmp (cached_url, token_url) == 0) + { + if (strlen(pin) >= sizeof(cached_pin)) + { + fprintf (stderr, "Too long PIN given\n"); + exit (1); + } + + fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label); + strcpy (pin, cached_pin); + cache--; + return 0; + } + } + + printf ("Token '%s' with URL '%s' ", token_label, token_url); + printf ("requires %s PIN\n", desc); + + password = getpass ("Enter PIN: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + /* cache */ + strcpy (cached_pin, pin); + free (cached_url); + cached_url = strdup (token_url); + cache = MAX_CACHE_TRIES; + + return 0; +} + +#ifdef ENABLE_PKCS11 + +static int +token_callback (void *user, const char *label, const unsigned retry) +{ + char buf[32]; + + if (retry > 0) + { + fprintf (stderr, "Could not find token %s\n", label); + return -1; + } + printf ("Please insert token '%s' in slot and press enter\n", label); + fgets (buf, sizeof (buf), stdin); + + return 0; +} + +void +pkcs11_common (void) +{ + + gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_token_function (token_callback, NULL); + +} + +#endif diff --git a/src/common.h b/src/common.h index 09f19332ca..26cadb4873 100644 --- a/src/common.h +++ b/src/common.h @@ -48,7 +48,7 @@ extern const char str_unknown[]; -int print_info (gnutls_session_t state, int print_cert); +int print_info (gnutls_session_t state, int print_cert, int verbose); void print_cert_info (gnutls_session_t, int flag, int print_cert); void print_cert_info_compact (gnutls_session_t session); @@ -58,3 +58,10 @@ int cert_verify (gnutls_session_t session, const char* hostname); const char *raw_to_string (const unsigned char *raw, size_t raw_size); void pkcs11_common (void); int check_command(gnutls_session_t session, const char* str); + +int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max); + +void pkcs11_common (void); diff --git a/src/p11common.c b/src/p11common.c deleted file mode 100644 index ab039f4fd7..0000000000 --- a/src/p11common.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * GnuTLS is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -#include - -#include - -#include -#include -#include -#include -#include - -#ifdef ENABLE_PKCS11 - -#define MIN(x,y) ((x)<(y))?(x):(y) - -#define MAX_CACHE_TRIES 5 -static int -pin_callback (void *user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char *pin, - size_t pin_max) -{ - const char *password; - const char * desc; - int len, cache = MAX_CACHE_TRIES; -/* allow caching of PIN */ - static char *cached_url = NULL; - static char cached_pin[32] = ""; - - if (flags & GNUTLS_PKCS11_PIN_SO) - desc = "security officer"; - else - desc = "user"; - - if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) - { - cache = 0; - printf ("*** This is the final try before locking!\n"); - } - if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) - { - cache = 0; - printf ("*** Only few tries left before locking!\n"); - } - - if (flags & GNUTLS_PKCS11_PIN_WRONG) - { - cache = 0; - printf ("*** Wrong PIN has been provided!\n"); - } - - if (cache > 0 && cached_url != NULL) - { - if (strcmp (cached_url, token_url) == 0) - { - if (strlen(pin) >= sizeof(cached_pin)) - { - fprintf (stderr, "Too long PIN given\n"); - exit (1); - } - - fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label); - strcpy (pin, cached_pin); - cache--; - return 0; - } - } - - printf ("Token '%s' with URL '%s' ", token_label, token_url); - printf ("requires %s PIN\n", desc); - - password = getpass ("Enter PIN: "); - if (password == NULL || password[0] == 0) - { - fprintf (stderr, "No password given\n"); - exit (1); - } - - len = MIN (pin_max, strlen (password)); - memcpy (pin, password, len); - pin[len] = 0; - - /* cache */ - strcpy (cached_pin, pin); - free (cached_url); - cached_url = strdup (token_url); - cache = MAX_CACHE_TRIES; - - return 0; -} - -static int -token_callback (void *user, const char *label, const unsigned retry) -{ - char buf[32]; - - if (retry > 0) - { - fprintf (stderr, "Could not find token %s\n", label); - return -1; - } - printf ("Please insert token '%s' in slot and press enter\n", label); - fgets (buf, sizeof (buf), stdin); - - return 0; -} - -void -pkcs11_common (void) -{ - - gnutls_pkcs11_set_pin_function (pin_callback, NULL); - gnutls_pkcs11_set_token_function (token_callback, NULL); - -} - -#endif diff --git a/src/p11common.h b/src/p11common.h deleted file mode 100644 index e007b38f92..0000000000 --- a/src/p11common.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * GnuTLS is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -void pkcs11_common (void); diff --git a/src/pkcs11.c b/src/pkcs11.c index d7843b04cd..36a291976f 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -31,7 +31,7 @@ #include "certtool-common.h" #include #include -#include +#include void pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, diff --git a/src/serv.c b/src/serv.c index c60e1b6601..eba281a8a4 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1300,7 +1300,7 @@ static void tcp_server(const char* name, int port) human_addr ((struct sockaddr *) &client_address, calen, topbuf, sizeof (topbuf))); - print_info (j->tls_session, verbose); + print_info (j->tls_session, verbose, verbose); if (gnutls_auth_get_type (j->tls_session) == GNUTLS_CRD_CERTIFICATE) cert_verify(j->tls_session, NULL); } @@ -1425,7 +1425,7 @@ static void tcp_server(const char* name, int port) &client_address, calen, topbuf, sizeof (topbuf))); - print_info (j->tls_session, verbose); + print_info (j->tls_session, verbose, verbose); if (gnutls_auth_get_type (j->tls_session) == GNUTLS_CRD_CERTIFICATE) cert_verify(j->tls_session, NULL); }