]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
[master] better error output when initializing pkcs11
authorEvan Hunt <each@isc.org>
Thu, 13 Mar 2014 03:52:01 +0000 (20:52 -0700)
committerEvan Hunt <each@isc.org>
Thu, 13 Mar 2014 03:52:01 +0000 (20:52 -0700)
3786. [func] Provide more detailed error codes when using
native PKCS#11. "pkcs11-tokens" now fails robustly
rather than asserting when run against an HSM with
an incomplete PCKS#11 API implementation. [RT #35479]

55 files changed:
CHANGES
bin/dnssec/dnssec-dsfromkey.c
bin/dnssec/dnssec-importkey.c
bin/dnssec/dnssec-keyfromlabel.c
bin/dnssec/dnssec-keygen.c
bin/dnssec/dnssec-revoke.c
bin/dnssec/dnssec-settime.c
bin/dnssec/dnssec-signzone.c
bin/dnssec/dnssec-verify.c
bin/named/main.c
bin/pkcs11/Makefile.in
bin/pkcs11/pkcs11-destroy.c
bin/pkcs11/pkcs11-keygen.c
bin/pkcs11/pkcs11-list.c
bin/pkcs11/pkcs11-tokens.c
bin/tests/pkcs11/benchmarks/create.c
bin/tests/pkcs11/benchmarks/find.c
bin/tests/pkcs11/benchmarks/genrsa.c
bin/tests/pkcs11/benchmarks/privrsa.c
bin/tests/pkcs11/benchmarks/pubrsa.c
bin/tests/pkcs11/benchmarks/random.c
bin/tests/pkcs11/benchmarks/sha1.c
bin/tests/pkcs11/benchmarks/sign.c
bin/tests/pkcs11/benchmarks/verify.c
bin/tests/pkcs11/pkcs11-hmacmd5.c
bin/tests/pkcs11/pkcs11-md5sum.c
configure
configure.in
lib/dns/dst_api.c
lib/dns/dst_internal.h
lib/dns/dst_result.c
lib/dns/pkcs11dh_link.c
lib/dns/pkcs11dsa_link.c
lib/dns/pkcs11ecdsa_link.c
lib/dns/pkcs11gost_link.c
lib/dns/pkcs11rsa_link.c
lib/dns/tests/gost_test.c
lib/isc/Makefile.in
lib/isc/aes.c
lib/isc/hmacmd5.c
lib/isc/hmacsha.c
lib/isc/include/isc/resultclass.h
lib/isc/include/pk11/Makefile.in
lib/isc/include/pk11/pk11.h
lib/isc/include/pk11/result.h [new file with mode: 0644]
lib/isc/md5.c
lib/isc/pk11.c
lib/isc/pk11_result.c [new file with mode: 0644]
lib/isc/sha1.c
lib/isc/sha2.c
lib/isc/win32/libisc.def.in
lib/isc/win32/libisc.dsp.in
lib/isc/win32/libisc.mak.in
lib/isc/win32/libisc.vcxproj.filters.in
lib/isc/win32/libisc.vcxproj.in

diff --git a/CHANGES b/CHANGES
index ca3e7ebe5aec1918a0c6d887ac42fa45315c41cc..0381c61285130e26688cf43d2c65f8f1a84da80b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+3786.  [func]          Provide more detailed error codes when using
+                       native PKCS#11. "pkcs11-tokens" now fails robustly
+                       rather than asserting when run against an HSM with
+                       an incomplete PCKS#11 API implementation. [RT #35479]
+
 3785.  [bug]           Debugging code dumphex didn't accept arbitarily long
                        input (only compiled with -DDEBUG). [RT #35544]
 
index a06cf69b88bf60f02dbe811df10f42b88706c37e..01e0a9b4f34bf695ee9bd8370d747b453efe7c82 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #ifndef PATH_MAX
@@ -370,6 +374,9 @@ main(int argc, char **argv) {
        if (result != ISC_R_SUCCESS)
                fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 44529a9f306ead71c99151fd099724974b2df219..ff0d67765c41cf58744e81b2fd6761cadeb6f4a4 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #ifndef PATH_MAX
@@ -302,6 +306,9 @@ main(int argc, char **argv) {
        if (result != ISC_R_SUCCESS)
                fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index cdd441daf8a884977f76e4850fa0e5ff07631acd..c21d54d3d2539759718d9592c5207ffa45d823be 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #define MAX_RSA 4096 /* should be long enough... */
@@ -174,6 +178,9 @@ main(int argc, char **argv) {
 
        RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 610fc24d061b456f6548cbfd67c5025108b33961..495ed5c438f1933e6747c707d12a9e8c4c92fab8 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #define MAX_RSA 4096 /* should be long enough... */
@@ -254,6 +258,9 @@ main(int argc, char **argv) {
        if (argc == 1)
                usage();
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 8f774c3c5018acf9f54b9087cf8082fb80fb8b03..75f0a3d4ad3354a05516800fe5756724269faff0 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 const char *program = "dnssec-revoke";
@@ -103,6 +107,9 @@ main(int argc, char **argv) {
        if (result != ISC_R_SUCCESS)
                fatal("Out of memory");
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 3cb989f53d0d424db87eba17f3ae389da175d252..5e8744fd7ade3dfdecd9788d613417d74f2c5244 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 const char *program = "dnssec-settime";
@@ -168,6 +172,9 @@ main(int argc, char **argv) {
 
        setup_logging(verbose, mctx, &log);
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 7091458b47750e26b5968f6ea82531a783b88e59..dfbd7c631faf6d39b4564d3052052e821adb7841 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #ifndef PATH_MAX
@@ -3136,6 +3140,9 @@ main(int argc, char *argv[]) {
        if (result != ISC_R_SUCCESS)
                fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 8d8d22f8f9e016b0a9cc1e7c730f4a1590ed4ef6..3e3a523085c834c394084d7d3c9bce2df4950cb6 100644 (file)
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 const char *program = "dnssec-verify";
@@ -199,6 +203,9 @@ main(int argc, char *argv[]) {
        if (result != ISC_R_SUCCESS)
                fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
        dns_result_register();
 
        isc_commandline_errprint = ISC_FALSE;
index 075597d0721618452bc08a01b01e6850d67f92d0..b473732388d192c0a9ca8f450b9841ae9d69b9f0 100644 (file)
 #include <dns/view.h>
 
 #include <dst/result.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
 
 #include <dlz/dlz_dlopen_driver.h>
 
+
 /*
  * Defining NS_MAIN provides storage declarations (rather than extern)
  * for variables in named/globals.h.
@@ -1131,6 +1135,9 @@ main(int argc, char *argv[]) {
        dns_result_register();
        dst_result_register();
        isccc_result_register();
+#ifdef PKCS11CRYPTO
+       pk11_result_register();
+#endif
 
        parse_command_line(argc, argv);
 
index 4657a8af901f2d2ee71687f6b981129dca86dd57..dac3832da0dc939fdc6a554f2a83cffd6bc0d721 100644 (file)
@@ -26,6 +26,10 @@ CDEFINES =
 
 ISCLIBS =      ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 
+ISCDEPLIBS =   ../../lib/isc/libisc.@A@
+
+DEPLIBS =      ${ISCDEPLIBS}
+
 # if FORCE_STATIC_PROVIDER: LIBS += ${PROVIDER}
 LIBS =         ${ISCLIBS} @LIBS@
 
@@ -47,19 +51,19 @@ MANOBJS =   ${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-pkcs11-list@EXEEXT@: @srcdir@/pkcs11-list.@O@
+pkcs11-list@EXEEXT@: @srcdir@/pkcs11-list.@O@ ${DEPLIBS}
        ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
                -o $@ @srcdir@/pkcs11-list.@O@ ${LIBS}
 
-pkcs11-destroy@EXEEXT@: @srcdir@/pkcs11-destroy.@O@
+pkcs11-destroy@EXEEXT@: @srcdir@/pkcs11-destroy.@O@ ${DEPLIBS}
        ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
                -o $@ @srcdir@/pkcs11-destroy.@O@ ${LIBS}
 
-pkcs11-keygen@EXEEXT@: @srcdir@/pkcs11-keygen.@O@
+pkcs11-keygen@EXEEXT@: @srcdir@/pkcs11-keygen.@O@ ${DEPLIBS}
        ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
                -o $@ @srcdir@/pkcs11-keygen.@O@ ${LIBS}
 
-pkcs11-tokens@EXEEXT@: @srcdir@/pkcs11-tokens.@O@
+pkcs11-tokens@EXEEXT@: @srcdir@/pkcs11-tokens.@O@ ${DEPLIBS}
        ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
                -o $@ @srcdir@/pkcs11-tokens.@O@ ${LIBS}
 
index cdcde42270a9d0d085db66c2d69f8cdbce1dee74..d0b23ea57bc3bf41e423952a9d1702e221223cd2 100644 (file)
@@ -61,6 +61,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #ifdef WIN32
 #define sleep(x)       Sleep(x)
@@ -142,6 +143,8 @@ main(int argc, char *argv[]) {
                search_template[0].ulValueLen = strlen(label);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -149,11 +152,17 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
-               fprintf(stderr, "Error initializing PKCS#11: %s\n",
-                       isc_result_totext(result));
+       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if (result == PK11_R_NORANDOMSERVICE ||
+           result == PK11_R_NODIGESTSERVICE ||
+           result == PK11_R_NOAESSERVICE) {
+               fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+               fprintf(stderr, "This HSM will not work with BIND 9 "
+                               "using native PKCS#11.\n");
+       } else if (result != ISC_R_SUCCESS) {
+               fprintf(stderr, "Unrecoverable error initializing "
+                               "PKCS#11: %s\n", isc_result_totext(result));
                exit(1);
        }
 
@@ -253,7 +262,7 @@ main(int argc, char *argv[]) {
 
  exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index ad6ced1fa685a7484fe7cf80071ad893f52e780d..d8a4a3ce77f922f56ef9f95ce36655f6efb40790 100644 (file)
@@ -68,6 +68,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 #define WANT_DH_PRIMES
 #define WANT_ECC_CURVES
 #include <pk11/constants.h>
@@ -291,6 +292,7 @@ main(int argc, char *argv[]) {
        CK_ULONG public_attrcnt = 0, private_attrcnt = PRIVATE_ATTRS;
        CK_ULONG domain_attrcnt = 0, param_attrcnt = 0;
        key_class_t keyclass = key_rsa;
+       pk11_optype_t op_type = OP_ANY;
 
 #define OPTIONS ":a:b:ei:l:m:Pp:qSs:"
        while ((c = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
@@ -364,6 +366,7 @@ main(int argc, char *argv[]) {
 
        switch (keyclass) {
        case key_rsa:
+               op_type = OP_RSA;
                if (expsize == 0)
                        expsize = 3;
                if (bits == 0)
@@ -394,6 +397,7 @@ main(int argc, char *argv[]) {
                public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
                break;
        case key_ecc:
+               op_type = OP_EC;
                if (bits == 0)
                        bits = 256;
                else if (bits != 256 && bits != 384) {
@@ -422,6 +426,7 @@ main(int argc, char *argv[]) {
 
                break;
        case key_dsa:
+               op_type = OP_DSA;
                if (bits == 0)
                        usage();
 
@@ -445,6 +450,7 @@ main(int argc, char *argv[]) {
                domain_template[DSA_DOMAIN_PRIMEBITS].ulValueLen = sizeof(bits);
                break;
        case key_dh:
+               op_type = OP_DH;
                if (special && bits == 0)
                        bits = 1024;
                else if (special &&
@@ -511,6 +517,8 @@ main(int argc, char *argv[]) {
                private_template[PRIVATE_ID].ulValueLen = idlen;
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -518,11 +526,17 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
-               fprintf(stderr, "Error initializing PKCS#11: %s\n",
-                       isc_result_totext(result));
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if (result == PK11_R_NORANDOMSERVICE ||
+           result == PK11_R_NODIGESTSERVICE ||
+           result == PK11_R_NOAESSERVICE) {
+               fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+               fprintf(stderr, "This HSM will not work with BIND 9 "
+                               "using native PKCS#11.\n");
+       } else if (result != ISC_R_SUCCESS) {
+               fprintf(stderr, "Unrecoverable error initializing "
+                               "PKCS#11: %s\n", isc_result_totext(result));
                exit(1);
        }
 
@@ -684,7 +698,7 @@ main(int argc, char *argv[]) {
 
  exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index fcd14397d84d69746c95d045770a4954e4b276d6..8374f01bb79f225479c0db6d94f4fdc5615e271d 100644 (file)
@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)               getpass(x)
@@ -141,6 +142,8 @@ main(int argc, char *argv[]) {
                search_template[0].ulValueLen = strlen(label);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -148,11 +151,19 @@ main(int argc, char *argv[]) {
        if (logon && pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
-                                 pin, slot);
-       if (result != ISC_R_SUCCESS) {
-               fprintf(stderr, "Error initializing PKCS#11: %s\n",
-                       isc_result_totext(result));
+       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
+                                 logon, pin, slot);
+       if (result == PK11_R_NORANDOMSERVICE ||
+           result == PK11_R_NODIGESTSERVICE ||
+           result == PK11_R_NOAESSERVICE) {
+               fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+               fprintf(stderr, "This HSM will not work with BIND 9 "
+                               "using native PKCS#11.\n");
+       } else if (result != ISC_R_SUCCESS) {
+               fprintf(stderr, "Unrecoverable error initializing "
+                       "PKCS#11: %s\n", isc_result_totext(result));
+               fprintf(stderr, "Unrecoverable error initializing "
+                               "PKCS#11: %s\n", isc_result_totext(result));
                exit(1);
        }
 
@@ -246,7 +257,7 @@ main(int argc, char *argv[]) {
 
  exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 046477305c9dd335e30adb9427d6beafb6cf9070..860c4e90bb536443ebbe7c120a9d515afad131af 100644 (file)
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
-
-extern void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
+#include <pk11/result.h>
 
 int
 main(int argc, char *argv[]) {
+       isc_result_t result;
        char *lib_name = NULL;
        int c, errflg = 0;
        isc_mem_t *mctx = NULL;
+       pk11_context_t pctx;
 
        while ((c = isc_commandline_parse(argc, argv, ":m:")) != -1) {
                switch (c) {
@@ -73,11 +74,31 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
-       dst__pkcs11_init(mctx, lib_name);
+       pk11_result_register();
+
+       /* Initialize the CRYPTOKI library */
+       if (lib_name != NULL)
+               pk11_set_lib_name(lib_name);
+
+       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
+                                 ISC_FALSE, NULL, 0);
+       if (result == PK11_R_NORANDOMSERVICE ||
+           result == PK11_R_NODIGESTSERVICE ||
+           result == PK11_R_NOAESSERVICE) {
+               fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+               fprintf(stderr, "This HSM will not work with BIND 9 "
+                               "using native PKCS#11.\n\n");
+       } else if (result != ISC_R_SUCCESS) {
+               fprintf(stderr, "Unrecoverable error initializing "
+                               "PKCS#11: %s\n", isc_result_totext(result));
+               exit(1);
+       }
 
        pk11_dump_tokens();
 
-       pk11_shutdown();
+       if (pctx.handle != NULL)
+               pk11_return_session(&pctx);
+       (void) pk11_finalize();
 
        isc_mem_destroy(&mctx);
 
index 7d3816aad2a5118f8a97ecaefa99b9cfe5a528c0..dc11c6f67800bd9671a8e09dff1dfc577ae6e510 100644 (file)
@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -155,6 +156,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Allocate hanles */
        hKey = (CK_SESSION_HANDLE *)
                malloc(count * sizeof(CK_SESSION_HANDLE));
@@ -173,8 +176,11 @@ main(int argc, char *argv[]) {
                pin = getpassphrase("Enter Pin: ");
 
        result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -249,7 +255,7 @@ main(int argc, char *argv[]) {
 
        free(hKey);
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 988c69b6b8db47572431dee66210d70712298492..493513a02d7f9059e336dfed8b13a2086479f8e7 100644 (file)
@@ -55,6 +55,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -95,6 +96,7 @@ main(int argc, char *argv[]) {
        CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
        CK_ULONG found = 0;
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RSA;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -111,6 +113,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'p':
                        pin = isc_commandline_argument;
@@ -139,6 +142,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -146,9 +151,12 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -213,7 +221,7 @@ main(int argc, char *argv[]) {
 
     exit_objects:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 02cb5eee76812a2ea748152fb1deb0629956c4f8..4d340bbd7ebcec55c01af7dab0122b9ac20c6c81 100644 (file)
@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -118,6 +119,7 @@ main(int argc, char *argv[]) {
                { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
        };
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RSA;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -135,6 +137,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'p':
                        pin = isc_commandline_argument;
@@ -170,6 +173,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Allocate hanles */
        pubKey = (CK_SESSION_HANDLE *)
                malloc(count * sizeof(CK_SESSION_HANDLE));
@@ -196,9 +201,12 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -281,7 +289,7 @@ main(int argc, char *argv[]) {
        free(privKey);
 
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index f62b2f5b24eda35aef369449af7b7ffc3e6ec7ea..9f755959a9a1fd9db45217aa2b63297819381600 100644 (file)
@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -209,6 +210,7 @@ main(int argc, char *argv[]) {
                { CKA_COEFFICIENT, coeff, (CK_ULONG) sizeof(coeff) }
        };
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RSA;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -226,6 +228,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'p':
                        pin = isc_commandline_argument;
@@ -258,6 +261,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Allocate hanles */
        hKey = (CK_SESSION_HANDLE *)
                malloc(count * sizeof(CK_SESSION_HANDLE));
@@ -275,9 +280,12 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                free(hKey);
@@ -347,7 +355,7 @@ main(int argc, char *argv[]) {
        free(hKey);
 
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 705c6dd290eeea1a87e8866c665a978e496fca07..ad6d9ae843996cdfe738f84aaecbc8b890d89596 100644 (file)
@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -130,6 +131,7 @@ main(int argc, char *argv[]) {
                { CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) }
        };
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RSA;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -147,6 +149,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'p':
                        pin = isc_commandline_argument;
@@ -179,6 +182,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Allocate hanles */
        hKey = (CK_SESSION_HANDLE *)
                malloc(count * sizeof(CK_SESSION_HANDLE));
@@ -196,9 +201,12 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                free(hKey);
@@ -268,7 +276,7 @@ main(int argc, char *argv[]) {
        free(hKey);
 
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index f7a5bba27e329b3e77e6ce8b4468b655ffcd1e29..fb0ee1eb5459867274a56715b3678ecaafb5eb9d 100644 (file)
@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #ifndef HAVE_CLOCK_GETTIME
 #ifndef CLOCK_REALTIME
@@ -88,6 +89,7 @@ main(int argc, char *argv[]) {
        CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
        CK_ULONG len = sizeof(buf);
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RAND;
        char *lib_name = NULL;
        int error = 0;
        int c, errflg = 0;
@@ -103,6 +105,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'n':
                        count = atoi(isc_commandline_argument);
@@ -128,13 +131,17 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
-                                 NULL, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+                                 ISC_FALSE, NULL, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -179,7 +186,7 @@ main(int argc, char *argv[]) {
 
     exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 524996d0fa6e28ad6ec550a970e503f1f33c2508..a330ee7bfa465ea3d18eac491e90bd262fb1c2b8 100644 (file)
@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #ifndef HAVE_CLOCK_GETTIME
 #ifndef CLOCK_REALTIME
@@ -89,6 +90,7 @@ main(int argc, char *argv[]) {
        CK_MECHANISM mech = { CKM_SHA_1, NULL, 0 };
        CK_ULONG len = sizeof(buf);
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_DIGEST;
        char *lib_name = NULL;
        int error = 0;
        int c, errflg = 0;
@@ -104,6 +106,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'n':
                        count = atoi(isc_commandline_argument);
@@ -129,13 +132,17 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
-                                 NULL, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+                                 ISC_FALSE, NULL, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -201,7 +208,7 @@ main(int argc, char *argv[]) {
 
     exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index c51bc3c72545cababc2c8709c8d0b779eb4167e9..fdb5eee3f3313ad1796cebadff2a81300e18fb06 100644 (file)
@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -211,6 +212,7 @@ main(int argc, char *argv[]) {
        };
        CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 };
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RSA;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -228,6 +230,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'p':
                        pin = isc_commandline_argument;
@@ -260,6 +263,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -267,9 +272,12 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -354,7 +362,7 @@ main(int argc, char *argv[]) {
        }
 
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index a5cb872bed8abf35dba0082f204b4eacc9e50d5e..0607927f6dc08bfac82c924ea4d2ffe51f057c50 100644 (file)
@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -132,6 +133,7 @@ main(int argc, char *argv[]) {
        };
        CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 };
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_RSA;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -149,6 +151,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'p':
                        pin = isc_commandline_argument;
@@ -181,6 +184,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -188,9 +193,12 @@ main(int argc, char *argv[]) {
        if (pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-                                 (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+                                 ISC_TRUE, (const char *) pin, slot);
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NODIGESTSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -278,7 +286,7 @@ main(int argc, char *argv[]) {
        }
 
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 8f212572aa63a722e80600f2cb9d6f122779a75a..2ab18ccbc479287c097e494d0c95acabec2a9e21 100644 (file)
@@ -72,6 +72,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -107,6 +108,7 @@ main(int argc, char *argv[]) {
                { CKA_VALUE, NULL, 0 }
        };
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_DIGEST;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -123,6 +125,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'n':
                        logon = ISC_FALSE;
@@ -211,6 +214,8 @@ main(int argc, char *argv[]) {
        keyTemplate[5].pValue = buffer;
        keyTemplate[5].ulValueLen = (CK_ULONG) len;
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -218,9 +223,11 @@ main(int argc, char *argv[]) {
        if (logon && pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon,
                                  (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -319,7 +326,7 @@ partial_block:
 
     exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 0507e9a7a3eebf6294f1dea0fd33d0e9b26285f8..abbf4e923d56e261f7bf50e3a56ecf439628dab8 100644 (file)
@@ -71,6 +71,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)       getpass(x)
@@ -90,6 +91,7 @@ main(int argc, char *argv[]) {
        CK_MECHANISM mech = { CKM_MD5, NULL, 0 };
        CK_ULONG len;
        pk11_context_t pctx;
+       pk11_optype_t op_type = OP_DIGEST;
        char *lib_name = NULL;
        char *pin = NULL;
        int error = 0;
@@ -105,6 +107,7 @@ main(int argc, char *argv[]) {
                        break;
                case 's':
                        slot = atoi(isc_commandline_argument);
+                       op_type = OP_ANY;
                        break;
                case 'n':
                        logon = ISC_FALSE;
@@ -133,6 +136,8 @@ main(int argc, char *argv[]) {
                exit(1);
        }
 
+       pk11_result_register();
+
        /* Initialize the CRYPTOKI library */
        if (lib_name != NULL)
                pk11_set_lib_name(lib_name);
@@ -140,9 +145,11 @@ main(int argc, char *argv[]) {
        if (logon && pin == NULL)
                pin = getpassphrase("Enter Pin: ");
 
-       result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
+       result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon,
                                  (const char *) pin, slot);
-       if (result != ISC_R_SUCCESS) {
+       if ((result != ISC_R_SUCCESS) &&
+           (result != PK11_R_NORANDOMSERVICE) &&
+           (result != PK11_R_NOAESSERVICE)) {
                fprintf(stderr, "Error initializing PKCS#11: %s\n",
                        isc_result_totext(result));
                exit(1);
@@ -222,7 +229,7 @@ partial_block:
 
     exit_session:
        pk11_return_session(&pctx);
-       pk11_shutdown();
+       (void) pk11_finalize();
 
        exit(error);
 }
index 572f685b516f193c853b529d9d1d0efe0f274bc6..4c9797ededb77f08e027ebae620e037cecbc103a 100755 (executable)
--- a/configure
+++ b/configure
@@ -807,6 +807,8 @@ PKCS11LINKOBJS
 PKCS11_PROVIDER
 ISC_ISCPK11_API_O
 ISC_ISCPK11_API_C
+ISC_PK11_RESULT_O
+ISC_PK11_RESULT_C
 ISC_PK11_API_O
 ISC_PK11_API_C
 ISC_PK11_O
@@ -15991,6 +15993,8 @@ $as_echo "no" >&6; }
                ISC_PK11_O=""
                ISC_PK11_API_C=""
                ISC_PK11_API_O=""
+               ISC_PK11_RESULT_C=""
+               ISC_PK11_RESULT_O=""
                ISC_ISCPK11_API_C=""
                ISC_ISCPK11_API_O=""
                ;;
@@ -16069,6 +16073,8 @@ fi
                ISC_PK11_O="pk11.$O"
                ISC_PK11_API_C="pk11_api.c"
                ISC_PK11_API_O="pk11_api.$O"
+               ISC_PK11_RESULT_C="pk11_result.c"
+               ISC_PK11_RESULT_O="pk11_result.$O"
                ISC_ISCPK11_API_C="unix/pk11_api.c"
                ISC_ISCPK11_API_O="unix/pk11_api.$O"
                ;;
@@ -16083,6 +16089,8 @@ esac
 
 
 
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS11 tools" >&5
 $as_echo_n "checking for PKCS11 tools... " >&6; }
 case "$use_pkcs11" in
index 213c177086260fd87e78cb20f18b7bcff4516a43..e1978078c562cdf0bd71a6870dfdea3d643fc0c6 100644 (file)
@@ -1817,6 +1817,8 @@ case "$use_pkcs11" in
                ISC_PK11_O=""
                ISC_PK11_API_C=""
                ISC_PK11_API_O=""
+               ISC_PK11_RESULT_C=""
+               ISC_PK11_RESULT_O=""
                ISC_ISCPK11_API_C=""
                ISC_ISCPK11_API_O=""
                ;;
@@ -1873,6 +1875,8 @@ int main() {
                ISC_PK11_O="pk11.$O"
                ISC_PK11_API_C="pk11_api.c"
                ISC_PK11_API_O="pk11_api.$O"
+               ISC_PK11_RESULT_C="pk11_result.c"
+               ISC_PK11_RESULT_O="pk11_result.$O"
                ISC_ISCPK11_API_C="unix/pk11_api.c"
                ISC_ISCPK11_API_O="unix/pk11_api.$O"
                ;;
@@ -1884,6 +1888,8 @@ AC_SUBST(ISC_PK11_C)
 AC_SUBST(ISC_PK11_O)
 AC_SUBST(ISC_PK11_API_C)
 AC_SUBST(ISC_PK11_API_O)
+AC_SUBST(ISC_PK11_RESULT_C)
+AC_SUBST(ISC_PK11_RESULT_O)
 AC_SUBST(ISC_ISCPK11_API_C)
 AC_SUBST(ISC_ISCPK11_API_O)
 
index 3ee71447c930c777233c1e788ae177adfd97b97d..d02c367c07178b04cd2a0ebec7d29ad848cf5ef0 100644 (file)
@@ -228,7 +228,7 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
        RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
 #endif
 #elif PKCS11CRYPTO
-       dst__pkcs11_init(mctx, engine);
+       RETERR(dst__pkcs11_init(mctx, engine));
        RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSAMD5]));
        RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA1]));
        RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1]));
index bc6764f96eec0d7a391f9c73e9897f69ea3167b4..47d6d80ea938c19d2dbff35f608c6ad2397ee0c7 100644 (file)
@@ -222,7 +222,7 @@ struct dst_func {
  * Initializers
  */
 isc_result_t dst__openssl_init(const char *engine);
-void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
+#define dst__pkcs11_init pk11_initialize
 
 isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
 isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
@@ -255,7 +255,7 @@ isc_result_t dst__pkcs11gost_init(struct dst_func **funcp);
  * Destructors
  */
 void dst__openssl_destroy(void);
-isc_result_t dst__pkcs11_destroy(void);
+#define dst__pkcs11_destroy pk11_finalize
 
 /*%
  * Memory allocators using the DST memory pool.
index 8f94caf655737071a4eae7c9c0e8081850f310c2..7b6d562a50e5cb8fb463926be1a89ba26dd403d4 100644 (file)
@@ -51,7 +51,7 @@ static const char *text[DST_R_NRESULTS] = {
        "no randomness available",              /*%< 19 */
        "bad key type",                         /*%< 20 */
        "no engine",                            /*%< 21 */
-       "illegal operation for an external key" /*%< 22 */
+       "illegal operation for an external key",/*%< 22 */
 };
 
 #define DST_RESULT_RESULTSET                   2
index b65d526464f21a4a6409849ac43b0b1885f096f0..c4d16d47acf479a9aef08b96e48f61ab53dd9f5a 100644 (file)
@@ -196,8 +196,8 @@ pkcs11dh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
        if (attr == NULL)
                return (DST_R_INVALIDPUBLICKEY);
 
-       ret = pk11_get_session(&ctx, OP_DH, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_DH));
+       ret = pk11_get_session(&ctx, OP_DH, ISC_TRUE, ISC_FALSE, ISC_FALSE,
+                              NULL, pk11_get_best_token(OP_DH));
        if (ret != ISC_R_SUCCESS)
                return (ret);
 
@@ -405,8 +405,8 @@ pkcs11dh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_DH, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_DH));
+       ret = pk11_get_session(pk11_ctx, OP_DH, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_DH));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
index 8caca787b0692c0c954a89c22872b38823d603d8..be31f72c55ad91f8014989d087732bde2cc75f57 100644 (file)
@@ -104,8 +104,8 @@ pkcs11dsa_createctx_sign(dst_key_t *key, dst_context_t *dctx) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_DSA));
+       ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
@@ -234,8 +234,8 @@ pkcs11dsa_createctx_verify(dst_key_t *key, dst_context_t *dctx) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_DSA));
+       ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
@@ -540,8 +540,8 @@ pkcs11dsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_DSA));
+       ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
index 3982c3e09fd86fe36449d9babb8fd25539a5252c..7925259f28a1540132fd4470c393c95feb67832f 100644 (file)
@@ -101,7 +101,7 @@ pkcs11ecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
                slotid = ec->slot;
        else
                slotid = pk11_get_best_token(OP_EC);
-       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE, ISC_FALSE,
                               NULL, slotid);
        if (ret != ISC_R_SUCCESS)
                goto err;
@@ -495,8 +495,8 @@ pkcs11ecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_EC));
+       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_EC));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
@@ -856,7 +856,7 @@ pkcs11ecdsa_fetch(dst_key_t *key, const char *engine, const char *label,
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                DST_RET(ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
                               ec->reqlogon, NULL, ec->slot);
        if (ret != ISC_R_SUCCESS)
                goto err;
@@ -1065,7 +1065,7 @@ pkcs11ecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                DST_RET(ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
                               ec->reqlogon, NULL, ec->slot);
        if (ret != ISC_R_SUCCESS)
                goto err;
index 2a4becbda4be2a4d4df232bed85a47a09a2890f6..8471a194c1ceea48113946d765af6a778432d8a6 100644 (file)
@@ -82,7 +82,8 @@ isc_gost_init(isc_gost_t *ctx) {
        CK_MECHANISM mech = { CKM_GOSTR3411, NULL, 0 };
        int ret = ISC_R_SUCCESS;
 
-       ret = pk11_get_session(ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL, 0);
+       ret = pk11_get_session(ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, 0);
        if (ret != ISC_R_SUCCESS)
                return (ret);
        PK11_CALL(pkcs_C_DigestInit, (ctx->session, &mech), ISC_R_FAILURE);
@@ -167,8 +168,8 @@ pkcs11gost_createctx_sign(dst_key_t *key, dst_context_t *dctx) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_GOST));
+       ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_GOST));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
@@ -268,8 +269,8 @@ pkcs11gost_createctx_verify(dst_key_t *key, dst_context_t *dctx) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_GOST));
+       ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_GOST));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
@@ -505,8 +506,8 @@ pkcs11gost_generate(dst_key_t *key, int unused, void (*callback)(int)) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_GOST));
+       ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_GOST));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
index 61abdf349b26f81965795d500df09b364e743fa7..17030716711c80a056be2207aabd3f895663074c 100644 (file)
@@ -100,7 +100,7 @@ pkcs11rsa_createctx_sign(dst_key_t *key, dst_context_t *dctx) {
                slotid = rsa->slot;
        else
                slotid = pk11_get_best_token(OP_RSA);
-       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
                               rsa->reqlogon, NULL, slotid);
        if (ret != ISC_R_SUCCESS)
                goto err;
@@ -295,7 +295,7 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits,
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
                               rsa->reqlogon, NULL,
                               pk11_get_best_token(OP_RSA));
        if (ret != ISC_R_SUCCESS)
@@ -578,8 +578,8 @@ pkcs11rsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                return (ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE, ISC_FALSE, NULL,
-                              pk11_get_best_token(OP_RSA));
+       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
+                              ISC_FALSE, NULL, pk11_get_best_token(OP_RSA));
        if (ret != ISC_R_SUCCESS)
                goto err;
 
@@ -1100,7 +1100,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label,
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                DST_RET(ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
                               rsa->reqlogon, NULL, rsa->slot);
        if (ret != ISC_R_SUCCESS)
                goto err;
@@ -1440,7 +1440,7 @@ pkcs11rsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
                                                  sizeof(*pk11_ctx));
        if (pk11_ctx == NULL)
                DST_RET(ISC_R_NOMEMORY);
-       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+       ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
                               rsa->reqlogon, NULL, rsa->slot);
        if (ret != ISC_R_SUCCESS)
                goto err;
index b216aa93302b0e2f6e33cb3a634f1c53583e821f..b254f60462bb9e3846057ac384377af13f431be1 100644 (file)
@@ -337,8 +337,9 @@ ATF_TC_BODY(isc_gost_private, tc) {
 
        /* create the private key */
        memset(&pk11_ctx, 0, sizeof(pk11_ctx));
-       ATF_REQUIRE(pk11_get_session(&pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE,
-                                    NULL, pk11_get_best_token(OP_GOST)) ==
+       ATF_REQUIRE(pk11_get_session(&pk11_ctx, OP_GOST, ISC_TRUE,
+                                    ISC_FALSE, ISC_FALSE, NULL,
+                                    pk11_get_best_token(OP_GOST)) ==
                    ISC_R_SUCCESS);
        pk11_ctx.object = CK_INVALID_HANDLE;
        pk11_ctx.ontoken = ISC_FALSE;
index 6dce1169e03421ac708be1e9fc2a13c22f35d957..ba0838f65fe6599945cb3dfeaf553094bb738554 100644 (file)
@@ -54,7 +54,7 @@ WIN32OBJS =   win32/condition.@O@ win32/dir.@O@ win32/file.@O@ \
                win32/thread.@O@ win32/time.@O@
 
 # Alphabetically
-OBJS =         @ISC_EXTRA_OBJS@ @ISC_PK11_O@ \
+OBJS =         @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
                aes.@O@ assertions.@O@ backtrace.@O@ base32.@O@ base64.@O@ \
                bind9.@O@ buffer.@O@ bufferlist.@O@ \
                commandline.@O@ crc64.@O@ error.@O@ event.@O@ \
@@ -73,7 +73,7 @@ OBJS =                @ISC_EXTRA_OBJS@ @ISC_PK11_O@ \
 SYMTBLOBJS =   backtrace-emptytbl.@O@
 
 # Alphabetically
-SRCS =         @ISC_EXTRA_SRCS@ @ISC_PK11_C@ \
+SRCS =         @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
                aes.c assertions.c backtrace.c base32.c base64.c bind9.c \
                buffer.c bufferlist.c commandline.c crc64.c \
                error.c event.c heap.c hex.c hmacmd5.c hmacsha.c \
index 7c594774460b80d17467c2f044b62e285ca96ed9..fdb35b97c88fc3bd3be93170eea6b8582e63848d 100644 (file)
@@ -27,6 +27,7 @@
 #include <isc/types.h>
 #include <isc/util.h>
 
+#ifdef ISC_PLATFORM_WANTAES
 #if HAVE_OPENSSL_EVP_AES
 
 #include <openssl/evp.h>
@@ -167,8 +168,8 @@ isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
        pk11_context_t ctx;
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx.object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx.session, keyTemplate,
@@ -192,3 +193,4 @@ isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
 }
 
 #endif
+#endif /* ISC_PLATFORM_WANTAES */
index fa14500091c91a5ca893d43218be545d4f2ac37c..b9e3a94b7e998f0d0a3157fcd1c81bf0df761d31 100644 (file)
@@ -89,8 +89,8 @@ isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
        };
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx->object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx->session, keyTemplate,
@@ -154,8 +154,8 @@ isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
        unsigned char ipad[PADLEN];
        unsigned int i;
 
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        RUNTIME_CHECK((ctx->key = pk11_mem_get(PADLEN)) != NULL);
        if (len > PADLEN) {
                CK_BYTE_PTR kPart;
index 2df4742e3ffdb554a00b930a8d73a9a692ded94f..0480c59d28e0dd6c69647ca1da571b5cc4e459e7 100644 (file)
@@ -219,8 +219,8 @@ isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
        };
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx->object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx->session, keyTemplate,
@@ -292,8 +292,8 @@ isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
        };
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx->object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx->session, keyTemplate,
@@ -365,8 +365,8 @@ isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
        };
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx->object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx->session, keyTemplate,
@@ -438,8 +438,8 @@ isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
        };
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx->object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx->session, keyTemplate,
@@ -511,8 +511,8 @@ isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
        };
 
        DE_CONST(key, keyTemplate[5].pValue);
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        ctx->object = CK_INVALID_HANDLE;
        PK11_FATALCHECK(pkcs_C_CreateObject,
                        (ctx->session, keyTemplate,
index d91e800e063ccb2b5902146bf99ad89ee91e2f7f..44b0eb454e987e8e2a6196da55de4208eac73e98 100644 (file)
@@ -46,6 +46,6 @@
 #define        ISC_RESULTCLASS_OMAPI           ISC_RESULTCLASS_FROMNUM(4)
 #define        ISC_RESULTCLASS_ISCCC           ISC_RESULTCLASS_FROMNUM(5)
 #define        ISC_RESULTCLASS_DHCP            ISC_RESULTCLASS_FROMNUM(6)
-
+#define        ISC_RESULTCLASS_PK11            ISC_RESULTCLASS_FROMNUM(7)
 
 #endif /* ISC_RESULTCLASS_H */
index e6a62f15146bc9b6552f5951f4bbbefa55e8dc64..744c40e9038ab17e32f8b422c455e8aec8dd5621 100644 (file)
@@ -23,7 +23,7 @@ top_srcdir =  @top_srcdir@
 # machine generated.  The latter are handled specially in the
 # install target below.
 #
-HEADERS =      constants.h internal.h pk11.h
+HEADERS =      constants.h internal.h pk11.h result.h
 SUBDIRS =
 TARGETS =
 
index 535a7cb7d9538815ab1c4b0d22ca504aeec18df1..964a2a7717958c30c23d95d28c1bc6c5622c56fc 100644 (file)
@@ -82,8 +82,25 @@ void pk11_set_lib_name(const char *lib_name);
  * Set the PKCS#11 provider (aka library) path/name.
  */
 
+isc_result_t pk11_initialize(isc_mem_t *mctx, const char *engine);
+/*%<
+ * Initialize PKCS#11 device
+ *
+ * mctx:   memory context to attach to pk11_mctx.
+ * engine: PKCS#11 provider (aka library) path/name.
+ *
+ * returns:
+ *         ISC_R_SUCCESS
+ *         PK11_R_NOPROVIDER: can't load the provider
+ *         PK11_R_INITFAILED: C_Initialize() failed
+ *         PK11_R_NORANDOMSERVICE: can't find required random service
+ *         PK11_R_NODIGESTSERVICE: can't find required digest service
+ *         PK11_R_NOAESSERVICE: can't find required AES service
+ */
+
 isc_result_t pk11_get_session(pk11_context_t *ctx,
                              pk11_optype_t optype,
+                             isc_boolean_t need_services,
                              isc_boolean_t rw,
                              isc_boolean_t logon,
                              const char *pin,
@@ -91,6 +108,13 @@ isc_result_t pk11_get_session(pk11_context_t *ctx,
 /*%<
  * Initialize PKCS#11 device and acquire a session.
  *
+ * need_services:
+ *       if ISC_TRUE, this session requires full PKCS#11 API
+ *       support including random and digest services, and
+ *       the lack of these services will cause the session not
+ *       to be initialized.  If ISC_FALSE, the function will return
+ *       an error code indicating the missing service, but the
+ *       session will be usable for other purposes.
  * rw:    if ISC_TRUE, session will be read/write (useful for
  *        generating or destroying keys); otherwise read-only.
  * login: indicates whether to log in to the device
@@ -104,7 +128,7 @@ void pk11_return_session(pk11_context_t *ctx);
  * Release an active PKCS#11 session for reuse.
  */
 
-void pk11_shutdown(void);
+isc_result_t pk11_finalize(void);
 /*%<
  * Shut down PKCS#11 device and free all sessions.
  */
diff --git a/lib/isc/include/pk11/result.h b/lib/isc/include/pk11/result.h
new file mode 100644 (file)
index 0000000..f624140
--- /dev/null
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PK11_RESULT_H
+#define PK11_RESULT_H 1
+
+/*! \file pk11/result.h */
+
+#include <isc/lang.h>
+#include <isc/resultclass.h>
+
+/*
+ * Nothing in this file truly depends on <isc/result.h>, but the
+ * PK11 result codes are considered to be publicly derived from
+ * the ISC result codes, so including this file buys you the ISC_R_
+ * namespace too.
+ */
+#include <isc/result.h>                /* Contractual promise. */
+
+#define PK11_R_INITFAILED              (ISC_RESULTCLASS_PK11 + 0)
+#define PK11_R_NOPROVIDER              (ISC_RESULTCLASS_PK11 + 1)
+#define PK11_R_NORANDOMSERVICE         (ISC_RESULTCLASS_PK11 + 2)
+#define PK11_R_NODIGESTSERVICE         (ISC_RESULTCLASS_PK11 + 3)
+#define PK11_R_NOAESSERVICE            (ISC_RESULTCLASS_PK11 + 4)
+
+#define PK11_R_NRESULTS                        5       /* Number of results */
+
+ISC_LANG_BEGINDECLS
+
+LIBISC_EXTERNAL_DATA extern isc_msgcat_t *pk11_msgcat;
+
+void
+pk11_initmsgcat(void);
+
+const char *
+pk11_result_totext(isc_result_t);
+
+void
+pk11_result_register(void);
+
+ISC_LANG_ENDDECLS
+
+#endif /* PK11_RESULT_H */
index c1237a47f3227eaba286fb2b6874f86ca3588880..383c1c349209041247e827839413b604038e7d60 100644 (file)
@@ -77,8 +77,8 @@ isc_md5_init(isc_md5_t *ctx) {
        CK_RV rv;
        CK_MECHANISM mech = { CKM_MD5, NULL, 0 };
 
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        PK11_FATALCHECK(pkcs_C_DigestInit, (ctx->session, &mech));
 }
 
index 7ea4353654a2433003b9b32d31dda2970d68c5a4..4108345d3935adec8f5394d9fc68600d4a7be6f6 100644 (file)
 
 #include <pk11/pk11.h>
 #include <pk11/internal.h>
+#include <pk11/result.h>
 
 #include <pkcs11/cryptoki.h>
 #include <pkcs11/pkcs11.h>
 
-void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
-isc_result_t dst__pkcs11_destroy(void);
-
 #define PINLEN 32
 
 #ifndef PK11_NO_LOGERR
@@ -272,8 +270,9 @@ pk11_mem_put(void *ptr, size_t size) {
        UNLOCK(&alloclock);
 }
 
-void
-dst__pkcs11_init(isc_mem_t *mctx, const char *engine) {
+isc_result_t
+pk11_initialize(isc_mem_t *mctx, const char *engine) {
+       isc_result_t result;
        CK_RV rv;
 
        RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
@@ -283,48 +282,56 @@ dst__pkcs11_init(isc_mem_t *mctx, const char *engine) {
                isc_mem_attach(mctx, &pk11_mctx);
        if (initialized) {
                UNLOCK(&alloclock);
-               return;
+               return (ISC_R_SUCCESS);
        } else {
                LOCK(&sessionlock);
                initialized = ISC_TRUE;
                UNLOCK(&alloclock);
        }
 
+       ISC_LIST_INIT(tokens);
+       ISC_LIST_INIT(actives);
+
        if (engine != NULL)
                lib_name = engine;
 
        /* Initialize the CRYPTOKI library */
        rv = pkcs_C_Initialize((CK_VOID_PTR) &pk11_init_args);
 
+       if (rv == 0xfe) {
+               result = PK11_R_NOPROVIDER;
+               goto unlock;
+       }
        if (rv != CKR_OK) {
-               if (rv == 0xfe)
-                       FATAL_ERROR(__FILE__, __LINE__,
-                                   "Can't load or link module \"%s\"",
-                                   lib_name);
-               else
-                       FATAL_ERROR(__FILE__, __LINE__,
-                                   "pkcs_C_Initialize: Error = 0x%.8lX", rv);
+               result = PK11_R_INITFAILED;
+               goto unlock;
        }
 
-       ISC_LIST_INIT(tokens);
-       ISC_LIST_INIT(actives);
-
        choose_slots();
 #ifdef PKCS11CRYPTO
-       if (rand_token == NULL)
-               FATAL_ERROR(__FILE__, __LINE__, "Can't find random service");
-       if (digest_token == NULL)
-               FATAL_ERROR(__FILE__, __LINE__, "Can't find digest service");
+       if (rand_token == NULL) {
+               result = PK11_R_NORANDOMSERVICE;
+               goto unlock;
+       }
+       if (digest_token == NULL) {
+               result = PK11_R_NODIGESTSERVICE;
+               goto unlock;
+       }
 #if defined(ISC_PLATFORM_USESIT) && defined(AES_SIT)
-       if (aes_token == NULL)
-               FATAL_ERROR(__FILE__, __LINE__, "Can't find AES encrypt");
+       if (aes_token == NULL) {
+               result = PK11_R_NOAESSERVICE;
+               goto unlock;
+       }
 #endif
 #endif /* PKCS11CRYPTO */
+       result = ISC_R_SUCCESS;
+ unlock:
        UNLOCK(&sessionlock);
+       return (result);
 }
 
 isc_result_t
-dst__pkcs11_destroy(void) {
+pk11_finalize(void) {
        pk11_token_t *token, *next;
        isc_result_t ret;
 
@@ -359,19 +366,17 @@ dst__pkcs11_destroy(void) {
        return (ret);
 }
 
-void
-pk11_shutdown(void) {
-       (void) dst__pkcs11_destroy();
-}
-
 isc_result_t
 pk11_rand_bytes(unsigned char *buf, int num) {
        isc_result_t ret;
        CK_RV rv;
        pk11_context_t ctx;
 
-       ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE, NULL, 0);
-       if (ret != ISC_R_SUCCESS)
+       ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE,
+                              ISC_FALSE, NULL, 0);
+       if ((ret != ISC_R_SUCCESS) &&
+           (ret != PK11_R_NODIGESTSERVICE) &&
+           (ret != PK11_R_NOAESSERVICE))
                return (ret);
        RUNTIME_CHECK(ctx.session != CK_INVALID_HANDLE);
        rv = pkcs_C_GenerateRandom(ctx.session,
@@ -394,8 +399,11 @@ pk11_rand_seed_fromfile(const char *randomfile) {
        size_t cc = 0;
        isc_result_t ret;
 
-       ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE, NULL, 0);
-       if (ret != ISC_R_SUCCESS)
+       ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE,
+                              ISC_FALSE, NULL, 0);
+       if ((ret != ISC_R_SUCCESS) &&
+           (ret != PK11_R_NODIGESTSERVICE) &&
+           (ret != PK11_R_NOAESSERVICE))
                return;
        RUNTIME_CHECK(ctx.session != CK_INVALID_HANDLE);
        ret = isc_stdio_open(randomfile, "r", &stream);
@@ -418,22 +426,41 @@ pk11_rand_seed_fromfile(const char *randomfile) {
 
 isc_result_t
 pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
-                isc_boolean_t rw, isc_boolean_t logon,
-                const char *pin, CK_SLOT_ID slot)
+                isc_boolean_t need_services, isc_boolean_t rw,
+                isc_boolean_t logon, const char *pin, CK_SLOT_ID slot)
 {
        pk11_token_t *token = NULL;
        pk11_sessionlist_t *freelist;
        pk11_session_t *sp;
-       isc_result_t ret = ISC_R_SUCCESS;
+       isc_result_t ret;
+#ifdef PKCS11CRYPTO
+       isc_result_t service_ret = ISC_R_SUCCESS;
+#else
+       UNUSED(need_services);
+#endif 
+
+       memset(ctx, 0, sizeof(pk11_context_t));
+       ctx->handle = NULL;
+       ctx->session = CK_INVALID_HANDLE;
+
+       ret = pk11_initialize(NULL, NULL);
+#ifdef PKCS11CRYPTO
+       if (ret == PK11_R_NORANDOMSERVICE ||
+           ret == PK11_R_NODIGESTSERVICE ||
+           ret == PK11_R_NOAESSERVICE) {
+               if (need_services)
+                       return (ret);
+               service_ret = ret;
+       }
+       else
+#endif /* PKCS11CRYPTO */
+       if (ret != ISC_R_SUCCESS)
+               return (ret);
 
-       dst__pkcs11_init(NULL, NULL);
        LOCK(&sessionlock);
        /* wait for initialization to finish */
        UNLOCK(&sessionlock);
 
-       memset(ctx, 0, sizeof(pk11_context_t));
-       ctx->handle = NULL;
-       ctx->session = CK_INVALID_HANDLE;
        switch(optype) {
 #ifdef PKCS11CRYPTO
        case OP_RAND:
@@ -506,6 +533,10 @@ pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
        UNLOCK(&sessionlock);
        ctx->handle = sp;
        ctx->session = sp->session;
+#ifdef PKCS11CRYPTO
+       if (ret == ISC_R_SUCCESS)
+               ret = service_ret;
+#endif
        return (ret);
 }
 
@@ -1082,10 +1113,10 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
        /* get the URI scheme */
        p = strchr(uri, ':');
        if (p == NULL)
-               DST_RET(DST_R_NOENGINE);
+               DST_RET(PK11_R_NOPROVIDER);
        *p++ = '\0';
        if (strcmp(uri, "pkcs11") != 0)
-               DST_RET(DST_R_NOENGINE);
+               DST_RET(PK11_R_NOPROVIDER);
 
        /* get attributes */
        for (na = p; na != NULL;) {
@@ -1107,12 +1138,12 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
                l = 0;
                v = percent_decode(v, &l);
                if (v == NULL)
-                       DST_RET(DST_R_NOENGINE);
+                       DST_RET(PK11_R_NOPROVIDER);
                if ((a == v) || (strcmp(a, "object") == 0)) {
                        /* object: CKA_LABEL */
                        attr = pk11_attribute_bytype(obj, CKA_LABEL);
                        if (attr != NULL)
-                               DST_RET(DST_R_NOENGINE);
+                               DST_RET(PK11_R_NOPROVIDER);
                        attr = push_attribute(obj, mctx, l);
                        if (attr == NULL)
                                DST_RET(ISC_R_NOMEMORY);
@@ -1160,12 +1191,12 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
                        /* object-type: CKA_CLASS */
                        /* only private makes sense */
                        if (strcmp(v, "private") != 0)
-                               DST_RET(DST_R_NOENGINE);
+                               DST_RET(PK11_R_NOPROVIDER);
                } else if (strcmp(a, "id") == 0) {
                        /* id: CKA_ID */
                        attr = pk11_attribute_bytype(obj, CKA_ID);
                        if (attr != NULL)
-                               DST_RET(DST_R_NOENGINE);
+                               DST_RET(PK11_R_NOPROVIDER);
                        attr = push_attribute(obj, mctx, l);
                        if (attr == NULL)
                                DST_RET(ISC_R_NOMEMORY);
@@ -1186,7 +1217,7 @@ pk11_parse_uri(pk11_object_t *obj, const char *label,
                                goto err;
                        gotpin = ISC_TRUE;
                } else
-                       DST_RET(DST_R_NOENGINE);
+                       DST_RET(PK11_R_NOPROVIDER);
        }
 
        if ((pk11_attribute_bytype(obj, CKA_LABEL) == NULL) &&
diff --git a/lib/isc/pk11_result.c b/lib/isc/pk11_result.c
new file mode 100644 (file)
index 0000000..0ada753
--- /dev/null
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+#include <stddef.h>
+
+#include <isc/once.h>
+#include <isc/msgcat.h>
+#include <isc/util.h>
+
+#include <pk11/result.h>
+
+LIBISC_EXTERNAL_DATA isc_msgcat_t *            pk11_msgcat = NULL;
+
+static isc_once_t              msgcat_once = ISC_ONCE_INIT;
+
+static const char *text[PK11_R_NRESULTS] = {
+       "PKCS#11 initialization failed",                /*%< 0 */
+       "no PKCS#11 provider",                          /*%< 1 */
+       "PKCS#11 provider has no random service",       /*%< 2 */
+       "PKCS#11 provider has no digest service",       /*%< 3 */
+       "PKCS#11 provider has no AES service",          /*%< 4 */
+};
+
+#define PK11_RESULT_RESULTSET                  2
+
+static isc_once_t              once = ISC_ONCE_INIT;
+
+static void
+open_msgcat(void) {
+       isc_msgcat_open("libpk11.cat", &pk11_msgcat);
+}
+
+void
+pk11_initmsgcat(void) {
+
+       /*
+        * Initialize the PKCS#11 support's message catalog,
+        * pk11_msgcat, if it has not already been initialized.
+        */
+
+       RUNTIME_CHECK(isc_once_do(&msgcat_once, open_msgcat) == ISC_R_SUCCESS);
+}
+
+static void
+initialize_action(void) {
+       isc_result_t result;
+
+       result = isc_result_register(ISC_RESULTCLASS_PK11, PK11_R_NRESULTS,
+                                    text, pk11_msgcat, PK11_RESULT_RESULTSET);
+       if (result != ISC_R_SUCCESS)
+               UNEXPECTED_ERROR(__FILE__, __LINE__,
+                                "isc_result_register() failed: %u", result);
+}
+
+static void
+initialize(void) {
+       pk11_initmsgcat();
+       RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS);
+}
+
+const char *
+pk11_result_totext(isc_result_t result) {
+       initialize();
+
+       return (isc_result_totext(result));
+}
+
+void
+pk11_result_register(void) {
+       initialize();
+}
index 83fcdb33cc14220d18a00eed7113ce85ef0f6854..190f0627ecc6831982052b20bb1eab12c7b06527 100644 (file)
@@ -88,8 +88,8 @@ isc_sha1_init(isc_sha1_t *ctx) {
        CK_RV rv;
        CK_MECHANISM mech = { CKM_SHA_1, NULL, 0 };
 
-       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        PK11_FATALCHECK(pkcs_C_DigestInit, (ctx->session, &mech));
 }
 
index 9463cbe0fdd1fe7150c15adbc1206c69b7d1ceb7..49503d8507df185a18ddd612cadf5f6c36cfe2b7 100644 (file)
@@ -234,8 +234,8 @@ isc_sha224_init(isc_sha224_t *context) {
        if (context == (isc_sha224_t *)0) {
                return;
        }
-       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
 }
 
@@ -300,8 +300,8 @@ isc_sha256_init(isc_sha256_t *context) {
        if (context == (isc_sha256_t *)0) {
                return;
        }
-       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
 }
 
@@ -366,8 +366,8 @@ isc_sha512_init(isc_sha512_t *context) {
        if (context == (isc_sha512_t *)0) {
                return;
        }
-       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
 }
 
@@ -432,8 +432,8 @@ isc_sha384_init(isc_sha384_t *context) {
        if (context == (isc_sha384_t *)0) {
                return;
        }
-       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
-                                      NULL, 0) == ISC_R_SUCCESS);
+       RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+                                      ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
        PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
 }
 
index f631eed02580223f6486142472efbe857592d4ee..be445df9ccab5de078239e1c1694836fda00e5b0 100644 (file)
@@ -6,8 +6,6 @@ EXPORTS
 NTReportError
 closelog
 @IF PKCS11
-dst__pkcs11_init
-dst__pkcs11_destroy
 getpassphrase
 @END PKCS11
 isc___socketmgr_maxudp
@@ -662,18 +660,22 @@ pk11_attribute_first
 pk11_attribute_next
 pk11_dump_tokens
 pk11_error_fatalcheck
+pk11_finalize
 pk11_get_best_token
 pk11_get_lib_name
 pk11_get_session
+pk11_initialize
+pk11_initmsgcat
 pk11_mem_get
 pk11_mem_put
 pk11_numbits
 pk11_parse_uri
 pk11_rand_bytes
 pk11_rand_seed_fromfile
+pk11_result_register
+pk11_result_totext
 pk11_return_session
 pk11_set_lib_name
-pk11_shutdown
 pkcs_C_CloseSession
 pkcs_C_CreateObject
 pkcs_C_DeriveKey
index 81b7647f63b793b0f93f97591fec593d51bd542d..b5de4c3b393c11016338de1f74ebc3946a94309f 100644 (file)
@@ -519,6 +519,12 @@ SOURCE=..\include\isc\resource.h
 
 SOURCE=..\include\isc\result.h
 # End Source File
+@IF PKCS11
+# Begin Source File
+
+SOURCE=..\include\pk11\result.h
+# End Source File
+@END PKCS11
 # Begin Source File
 
 SOURCE=..\include\isc\resultclass.h
@@ -790,6 +796,10 @@ SOURCE=..\parseint.c
 
 SOURCE=..\pk11.c
 # End Source File
+# Begin Source File
+
+SOURCE=..\pk11_result.c
+# End Source File
 @END PKCS11
 # Begin Source File
 
index ca3ff6c2d13ca8fe7748920200c3e9e978d5a390..9ea19a3870a1e4faa6569019dc9c35d686b6dcfb 100644 (file)
@@ -169,6 +169,7 @@ CLEAN :
 @IF PKCS11
        -@erase "$(INTDIR)\pk11.obj"
        -@erase "$(INTDIR)\pk11_api.obj"
+       -@erase "$(INTDIR)\pk11_result.obj"
 @END PKCS11
        -@erase "$(INTDIR)\pool.obj"
        -@erase "$(INTDIR)\portset.obj"
@@ -293,6 +294,7 @@ LINK32_OBJS= \
        "$(INTDIR)\ondestroy.obj" \
 @IF PKCS11
        "$(INTDIR)\pk11.obj" \
+       "$(INTDIR)\pk11_result.obj" \
 @END PKCS11
        "$(INTDIR)\quota.obj" \
        "$(INTDIR)\radix.obj" \
@@ -442,6 +444,7 @@ CLEAN :
 @IF PKCS11
        -@erase "$(INTDIR)\pk11.obj"
        -@erase "$(INTDIR)\pk11_api.obj"
+       -@erase "$(INTDIR)\pk11_result.obj"
 @END PKCS11
        -@erase "$(INTDIR)\pool.obj"
        -@erase "$(INTDIR)\pool.sbr"
@@ -598,6 +601,7 @@ BSC32_SBRS= \
        "$(INTDIR)\ondestroy.sbr" \
 @IF PKCS11
        "$(INTDIR)\pk11.sbr" \
+       "$(INTDIR)\pk11_result.sbr" \
 @END PKCS11
        "$(INTDIR)\quota.sbr" \
        "$(INTDIR)\radix.sbr" \
@@ -700,6 +704,7 @@ LINK32_OBJS= \
        "$(INTDIR)\ondestroy.obj" \
 @IF PKCS11
        "$(INTDIR)\pk11.obj" \
+       "$(INTDIR)\pk11_result.obj" \
 @END PKCS11
        "$(INTDIR)\quota.obj" \
        "$(INTDIR)\radix.obj" \
@@ -1840,6 +1845,24 @@ SOURCE=..\pk11.c
        $(CPP) $(CPP_PROJ) $(SOURCE)
 
 
+!ENDIF 
+
+SOURCE=..\pk11_result.c
+
+!IF  "$(CFG)" == "libisc - @PLATFORM@ Release"
+
+
+"$(INTDIR)\pk11_result.obj" : $(SOURCE) "$(INTDIR)"
+       $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "libisc - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\pk11_result.obj"    "$(INTDIR)\pk11_result.sbr" : $(SOURCE) "$(INTDIR)"
+       $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
 !ENDIF 
 
 SOURCE=..\pool.c
index 16b49a236c82d5ca63e38eb32d0545ea36731647..9d91678719611db66aaca8ecefa97c354da163a7 100644 (file)
     <ClInclude Include="..\include\pk11\pk11.h">\r
       <Filter>Library Header Files</Filter>\r
     </ClInclude>\r
+    <ClInclude Include="..\include\pk11\result.h">\r
+      <Filter>Library Header Files</Filter>\r
+    </ClInclude>\r
     <ClInclude Include="..\include\pkcs11\pkcs11.h">\r
       <Filter>Pkcs11 Header Files</Filter>\r
     </ClInclude>\r
     <ClCompile Include="..\pk11.c">\r
       <Filter>Library Source Files</Filter>\r
     </ClCompile>\r
+    <ClCompile Include="..\pk11_result.c">\r
+      <Filter>Library Source Files</Filter>\r
+    </ClCompile>\r
 @END PKCS11\r
   </ItemGroup>\r
 </Project>\r
index 789515350ba787dfeb0b0e571ffc095662f6aa58..30d404bb5cb1f09837221f28a969a370b2ebfb59 100644 (file)
@@ -346,6 +346,7 @@ copy /Y @VCREDIST_PATH@ ..\Build\Release\
     <ClInclude Include="..\include\pk11\constants.h" />\r
     <ClInclude Include="..\include\pk11\internal.h" />\r
     <ClInclude Include="..\include\pk11\pk11.h" />\r
+    <ClInclude Include="..\include\pk11\result.h" />\r
     <ClInclude Include="..\include\pkcs11\pkcs11.h" />\r
     <ClInclude Include="..\include\pkcs11\pkcs11f.h" />\r
     <ClInclude Include="..\include\pkcs11\pkcs11t.h" />\r
@@ -448,6 +449,7 @@ copy /Y @VCREDIST_PATH@ ..\Build\Release\
     <ClCompile Include="..\tm.c" />\r
 @IF PKCS11\r
     <ClCompile Include="..\pk11.c" />\r
+    <ClCompile Include="..\pk11_result.c" />\r
 @END PKCS11\r
     <ClCompile Include="app.c" />\r
     <ClCompile Include="condition.c" />\r