+3786. [func] Provide more detailed error codes when using
+ native PKCS#11. "pkcs11-tokens" now fails robustly
+ rather than asserting when run against an HSM with
+ an incomplete PCKS#11 API implementation. [RT #35479]
+
3785. [bug] Debugging code dumphex didn't accept arbitarily long
input (only compiled with -DDEBUG). [RT #35544]
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
#ifndef PATH_MAX
if (result != ISC_R_SUCCESS)
fatal("out of memory");
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
#ifndef PATH_MAX
if (result != ISC_R_SUCCESS)
fatal("out of memory");
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
#define MAX_RSA 4096 /* should be long enough... */
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
#define MAX_RSA 4096 /* should be long enough... */
if (argc == 1)
usage();
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
const char *program = "dnssec-revoke";
if (result != ISC_R_SUCCESS)
fatal("Out of memory");
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
const char *program = "dnssec-settime";
setup_logging(verbose, mctx, &log);
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
#ifndef PATH_MAX
if (result != ISC_R_SUCCESS)
fatal("out of memory");
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dst/dst.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
#include "dnssectool.h"
const char *program = "dnssec-verify";
if (result != ISC_R_SUCCESS)
fatal("out of memory");
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
#include <dns/view.h>
#include <dst/result.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
#include <dlz/dlz_dlopen_driver.h>
+
/*
* Defining NS_MAIN provides storage declarations (rather than extern)
* for variables in named/globals.h.
dns_result_register();
dst_result_register();
isccc_result_register();
+#ifdef PKCS11CRYPTO
+ pk11_result_register();
+#endif
parse_command_line(argc, argv);
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+ISCDEPLIBS = ../../lib/isc/libisc.@A@
+
+DEPLIBS = ${ISCDEPLIBS}
+
# if FORCE_STATIC_PROVIDER: LIBS += ${PROVIDER}
LIBS = ${ISCLIBS} @LIBS@
@BIND9_MAKE_RULES@
-pkcs11-list@EXEEXT@: @srcdir@/pkcs11-list.@O@
+pkcs11-list@EXEEXT@: @srcdir@/pkcs11-list.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/pkcs11-list.@O@ ${LIBS}
-pkcs11-destroy@EXEEXT@: @srcdir@/pkcs11-destroy.@O@
+pkcs11-destroy@EXEEXT@: @srcdir@/pkcs11-destroy.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/pkcs11-destroy.@O@ ${LIBS}
-pkcs11-keygen@EXEEXT@: @srcdir@/pkcs11-keygen.@O@
+pkcs11-keygen@EXEEXT@: @srcdir@/pkcs11-keygen.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/pkcs11-keygen.@O@ ${LIBS}
-pkcs11-tokens@EXEEXT@: @srcdir@/pkcs11-tokens.@O@
+pkcs11-tokens@EXEEXT@: @srcdir@/pkcs11-tokens.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/pkcs11-tokens.@O@ ${LIBS}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#ifdef WIN32
#define sleep(x) Sleep(x)
search_template[0].ulValueLen = strlen(label);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "Error initializing PKCS#11: %s\n",
- isc_result_totext(result));
+ result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if (result == PK11_R_NORANDOMSERVICE ||
+ result == PK11_R_NODIGESTSERVICE ||
+ result == PK11_R_NOAESSERVICE) {
+ fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+ fprintf(stderr, "This HSM will not work with BIND 9 "
+ "using native PKCS#11.\n");
+ } else if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "Unrecoverable error initializing "
+ "PKCS#11: %s\n", isc_result_totext(result));
exit(1);
}
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#define WANT_DH_PRIMES
#define WANT_ECC_CURVES
#include <pk11/constants.h>
CK_ULONG public_attrcnt = 0, private_attrcnt = PRIVATE_ATTRS;
CK_ULONG domain_attrcnt = 0, param_attrcnt = 0;
key_class_t keyclass = key_rsa;
+ pk11_optype_t op_type = OP_ANY;
#define OPTIONS ":a:b:ei:l:m:Pp:qSs:"
while ((c = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
switch (keyclass) {
case key_rsa:
+ op_type = OP_RSA;
if (expsize == 0)
expsize = 3;
if (bits == 0)
public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
break;
case key_ecc:
+ op_type = OP_EC;
if (bits == 0)
bits = 256;
else if (bits != 256 && bits != 384) {
break;
case key_dsa:
+ op_type = OP_DSA;
if (bits == 0)
usage();
domain_template[DSA_DOMAIN_PRIMEBITS].ulValueLen = sizeof(bits);
break;
case key_dh:
+ op_type = OP_DH;
if (special && bits == 0)
bits = 1024;
else if (special &&
private_template[PRIVATE_ID].ulValueLen = idlen;
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "Error initializing PKCS#11: %s\n",
- isc_result_totext(result));
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if (result == PK11_R_NORANDOMSERVICE ||
+ result == PK11_R_NODIGESTSERVICE ||
+ result == PK11_R_NOAESSERVICE) {
+ fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+ fprintf(stderr, "This HSM will not work with BIND 9 "
+ "using native PKCS#11.\n");
+ } else if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "Unrecoverable error initializing "
+ "PKCS#11: %s\n", isc_result_totext(result));
exit(1);
}
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
search_template[0].ulValueLen = strlen(label);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (logon && pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
- pin, slot);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "Error initializing PKCS#11: %s\n",
- isc_result_totext(result));
+ result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
+ logon, pin, slot);
+ if (result == PK11_R_NORANDOMSERVICE ||
+ result == PK11_R_NODIGESTSERVICE ||
+ result == PK11_R_NOAESSERVICE) {
+ fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+ fprintf(stderr, "This HSM will not work with BIND 9 "
+ "using native PKCS#11.\n");
+ } else if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "Unrecoverable error initializing "
+ "PKCS#11: %s\n", isc_result_totext(result));
+ fprintf(stderr, "Unrecoverable error initializing "
+ "PKCS#11: %s\n", isc_result_totext(result));
exit(1);
}
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
-
-extern void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
+#include <pk11/result.h>
int
main(int argc, char *argv[]) {
+ isc_result_t result;
char *lib_name = NULL;
int c, errflg = 0;
isc_mem_t *mctx = NULL;
+ pk11_context_t pctx;
while ((c = isc_commandline_parse(argc, argv, ":m:")) != -1) {
switch (c) {
exit(1);
}
- dst__pkcs11_init(mctx, lib_name);
+ pk11_result_register();
+
+ /* Initialize the CRYPTOKI library */
+ if (lib_name != NULL)
+ pk11_set_lib_name(lib_name);
+
+ result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
+ ISC_FALSE, NULL, 0);
+ if (result == PK11_R_NORANDOMSERVICE ||
+ result == PK11_R_NODIGESTSERVICE ||
+ result == PK11_R_NOAESSERVICE) {
+ fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+ fprintf(stderr, "This HSM will not work with BIND 9 "
+ "using native PKCS#11.\n\n");
+ } else if (result != ISC_R_SUCCESS) {
+ fprintf(stderr, "Unrecoverable error initializing "
+ "PKCS#11: %s\n", isc_result_totext(result));
+ exit(1);
+ }
pk11_dump_tokens();
- pk11_shutdown();
+ if (pctx.handle != NULL)
+ pk11_return_session(&pctx);
+ (void) pk11_finalize();
isc_mem_destroy(&mctx);
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
exit(1);
}
+ pk11_result_register();
+
/* Allocate hanles */
hKey = (CK_SESSION_HANDLE *)
malloc(count * sizeof(CK_SESSION_HANDLE));
pin = getpassphrase("Enter Pin: ");
result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
free(hKey);
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
CK_ULONG found = 0;
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
exit(1);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
exit_objects:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
};
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
exit(1);
}
+ pk11_result_register();
+
/* Allocate hanles */
pubKey = (CK_SESSION_HANDLE *)
malloc(count * sizeof(CK_SESSION_HANDLE));
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
free(privKey);
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
{ CKA_COEFFICIENT, coeff, (CK_ULONG) sizeof(coeff) }
};
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
exit(1);
}
+ pk11_result_register();
+
/* Allocate hanles */
hKey = (CK_SESSION_HANDLE *)
malloc(count * sizeof(CK_SESSION_HANDLE));
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
free(hKey);
free(hKey);
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
{ CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) }
};
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
exit(1);
}
+ pk11_result_register();
+
/* Allocate hanles */
hKey = (CK_SESSION_HANDLE *)
malloc(count * sizeof(CK_SESSION_HANDLE));
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
free(hKey);
free(hKey);
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#ifndef HAVE_CLOCK_GETTIME
#ifndef CLOCK_REALTIME
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
CK_ULONG len = sizeof(buf);
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RAND;
char *lib_name = NULL;
int error = 0;
int c, errflg = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'n':
count = atoi(isc_commandline_argument);
exit(1);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
- result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
- NULL, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+ ISC_FALSE, NULL, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#ifndef HAVE_CLOCK_GETTIME
#ifndef CLOCK_REALTIME
CK_MECHANISM mech = { CKM_SHA_1, NULL, 0 };
CK_ULONG len = sizeof(buf);
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_DIGEST;
char *lib_name = NULL;
int error = 0;
int c, errflg = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'n':
count = atoi(isc_commandline_argument);
exit(1);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
- result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
- NULL, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+ ISC_FALSE, NULL, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
};
CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 };
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
exit(1);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
}
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
};
CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 };
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
exit(1);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
- (const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+ ISC_TRUE, (const char *) pin, slot);
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NODIGESTSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
}
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
{ CKA_VALUE, NULL, 0 }
};
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_DIGEST;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'n':
logon = ISC_FALSE;
keyTemplate[5].pValue = buffer;
keyTemplate[5].ulValueLen = (CK_ULONG) len;
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (logon && pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon,
(const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
#include <isc/types.h>
#include <pk11/pk11.h>
+#include <pk11/result.h>
#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x) getpass(x)
CK_MECHANISM mech = { CKM_MD5, NULL, 0 };
CK_ULONG len;
pk11_context_t pctx;
+ pk11_optype_t op_type = OP_DIGEST;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
break;
case 's':
slot = atoi(isc_commandline_argument);
+ op_type = OP_ANY;
break;
case 'n':
logon = ISC_FALSE;
exit(1);
}
+ pk11_result_register();
+
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (logon && pin == NULL)
pin = getpassphrase("Enter Pin: ");
- result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
+ result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon,
(const char *) pin, slot);
- if (result != ISC_R_SUCCESS) {
+ if ((result != ISC_R_SUCCESS) &&
+ (result != PK11_R_NORANDOMSERVICE) &&
+ (result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
exit_session:
pk11_return_session(&pctx);
- pk11_shutdown();
+ (void) pk11_finalize();
exit(error);
}
PKCS11_PROVIDER
ISC_ISCPK11_API_O
ISC_ISCPK11_API_C
+ISC_PK11_RESULT_O
+ISC_PK11_RESULT_C
ISC_PK11_API_O
ISC_PK11_API_C
ISC_PK11_O
ISC_PK11_O=""
ISC_PK11_API_C=""
ISC_PK11_API_O=""
+ ISC_PK11_RESULT_C=""
+ ISC_PK11_RESULT_O=""
ISC_ISCPK11_API_C=""
ISC_ISCPK11_API_O=""
;;
ISC_PK11_O="pk11.$O"
ISC_PK11_API_C="pk11_api.c"
ISC_PK11_API_O="pk11_api.$O"
+ ISC_PK11_RESULT_C="pk11_result.c"
+ ISC_PK11_RESULT_O="pk11_result.$O"
ISC_ISCPK11_API_C="unix/pk11_api.c"
ISC_ISCPK11_API_O="unix/pk11_api.$O"
;;
+
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS11 tools" >&5
$as_echo_n "checking for PKCS11 tools... " >&6; }
case "$use_pkcs11" in
ISC_PK11_O=""
ISC_PK11_API_C=""
ISC_PK11_API_O=""
+ ISC_PK11_RESULT_C=""
+ ISC_PK11_RESULT_O=""
ISC_ISCPK11_API_C=""
ISC_ISCPK11_API_O=""
;;
ISC_PK11_O="pk11.$O"
ISC_PK11_API_C="pk11_api.c"
ISC_PK11_API_O="pk11_api.$O"
+ ISC_PK11_RESULT_C="pk11_result.c"
+ ISC_PK11_RESULT_O="pk11_result.$O"
ISC_ISCPK11_API_C="unix/pk11_api.c"
ISC_ISCPK11_API_O="unix/pk11_api.$O"
;;
AC_SUBST(ISC_PK11_O)
AC_SUBST(ISC_PK11_API_C)
AC_SUBST(ISC_PK11_API_O)
+AC_SUBST(ISC_PK11_RESULT_C)
+AC_SUBST(ISC_PK11_RESULT_O)
AC_SUBST(ISC_ISCPK11_API_C)
AC_SUBST(ISC_ISCPK11_API_O)
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
#endif
#elif PKCS11CRYPTO
- dst__pkcs11_init(mctx, engine);
+ RETERR(dst__pkcs11_init(mctx, engine));
RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSAMD5]));
RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA1]));
RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1]));
* Initializers
*/
isc_result_t dst__openssl_init(const char *engine);
-void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
+#define dst__pkcs11_init pk11_initialize
isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
* Destructors
*/
void dst__openssl_destroy(void);
-isc_result_t dst__pkcs11_destroy(void);
+#define dst__pkcs11_destroy pk11_finalize
/*%
* Memory allocators using the DST memory pool.
"no randomness available", /*%< 19 */
"bad key type", /*%< 20 */
"no engine", /*%< 21 */
- "illegal operation for an external key" /*%< 22 */
+ "illegal operation for an external key",/*%< 22 */
};
#define DST_RESULT_RESULTSET 2
if (attr == NULL)
return (DST_R_INVALIDPUBLICKEY);
- ret = pk11_get_session(&ctx, OP_DH, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_DH));
+ ret = pk11_get_session(&ctx, OP_DH, ISC_TRUE, ISC_FALSE, ISC_FALSE,
+ NULL, pk11_get_best_token(OP_DH));
if (ret != ISC_R_SUCCESS)
return (ret);
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_DH, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_DH));
+ ret = pk11_get_session(pk11_ctx, OP_DH, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_DH));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_DSA));
+ ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_DSA));
+ ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_DSA));
+ ret = pk11_get_session(pk11_ctx, OP_DSA, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_DSA));
if (ret != ISC_R_SUCCESS)
goto err;
slotid = ec->slot;
else
slotid = pk11_get_best_token(OP_EC);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE, ISC_FALSE,
NULL, slotid);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_EC));
+ ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_EC));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
DST_RET(ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
ec->reqlogon, NULL, ec->slot);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
DST_RET(ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_EC, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_EC, ISC_TRUE, ISC_FALSE,
ec->reqlogon, NULL, ec->slot);
if (ret != ISC_R_SUCCESS)
goto err;
CK_MECHANISM mech = { CKM_GOSTR3411, NULL, 0 };
int ret = ISC_R_SUCCESS;
- ret = pk11_get_session(ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL, 0);
+ ret = pk11_get_session(ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0);
if (ret != ISC_R_SUCCESS)
return (ret);
PK11_CALL(pkcs_C_DigestInit, (ctx->session, &mech), ISC_R_FAILURE);
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_GOST));
+ ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_GOST));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_GOST));
+ ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_GOST));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_GOST));
+ ret = pk11_get_session(pk11_ctx, OP_GOST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_GOST));
if (ret != ISC_R_SUCCESS)
goto err;
slotid = rsa->slot;
else
slotid = pk11_get_best_token(OP_RSA);
- ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
rsa->reqlogon, NULL, slotid);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
rsa->reqlogon, NULL,
pk11_get_best_token(OP_RSA));
if (ret != ISC_R_SUCCESS)
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
return (ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE, ISC_FALSE, NULL,
- pk11_get_best_token(OP_RSA));
+ ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, pk11_get_best_token(OP_RSA));
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
DST_RET(ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
rsa->reqlogon, NULL, rsa->slot);
if (ret != ISC_R_SUCCESS)
goto err;
sizeof(*pk11_ctx));
if (pk11_ctx == NULL)
DST_RET(ISC_R_NOMEMORY);
- ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_FALSE,
+ ret = pk11_get_session(pk11_ctx, OP_RSA, ISC_TRUE, ISC_FALSE,
rsa->reqlogon, NULL, rsa->slot);
if (ret != ISC_R_SUCCESS)
goto err;
/* create the private key */
memset(&pk11_ctx, 0, sizeof(pk11_ctx));
- ATF_REQUIRE(pk11_get_session(&pk11_ctx, OP_GOST, ISC_FALSE, ISC_FALSE,
- NULL, pk11_get_best_token(OP_GOST)) ==
+ ATF_REQUIRE(pk11_get_session(&pk11_ctx, OP_GOST, ISC_TRUE,
+ ISC_FALSE, ISC_FALSE, NULL,
+ pk11_get_best_token(OP_GOST)) ==
ISC_R_SUCCESS);
pk11_ctx.object = CK_INVALID_HANDLE;
pk11_ctx.ontoken = ISC_FALSE;
win32/thread.@O@ win32/time.@O@
# Alphabetically
-OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ \
+OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
aes.@O@ assertions.@O@ backtrace.@O@ base32.@O@ base64.@O@ \
bind9.@O@ buffer.@O@ bufferlist.@O@ \
commandline.@O@ crc64.@O@ error.@O@ event.@O@ \
SYMTBLOBJS = backtrace-emptytbl.@O@
# Alphabetically
-SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ \
+SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
aes.c assertions.c backtrace.c base32.c base64.c bind9.c \
buffer.c bufferlist.c commandline.c crc64.c \
error.c event.c heap.c hex.c hmacmd5.c hmacsha.c \
#include <isc/types.h>
#include <isc/util.h>
+#ifdef ISC_PLATFORM_WANTAES
#if HAVE_OPENSSL_EVP_AES
#include <openssl/evp.h>
pk11_context_t ctx;
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx.object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx.session, keyTemplate,
}
#endif
+#endif /* ISC_PLATFORM_WANTAES */
};
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx->object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx->session, keyTemplate,
unsigned char ipad[PADLEN];
unsigned int i;
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
RUNTIME_CHECK((ctx->key = pk11_mem_get(PADLEN)) != NULL);
if (len > PADLEN) {
CK_BYTE_PTR kPart;
};
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx->object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx->session, keyTemplate,
};
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx->object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx->session, keyTemplate,
};
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx->object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx->session, keyTemplate,
};
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx->object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx->session, keyTemplate,
};
DE_CONST(key, keyTemplate[5].pValue);
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
ctx->object = CK_INVALID_HANDLE;
PK11_FATALCHECK(pkcs_C_CreateObject,
(ctx->session, keyTemplate,
#define ISC_RESULTCLASS_OMAPI ISC_RESULTCLASS_FROMNUM(4)
#define ISC_RESULTCLASS_ISCCC ISC_RESULTCLASS_FROMNUM(5)
#define ISC_RESULTCLASS_DHCP ISC_RESULTCLASS_FROMNUM(6)
-
+#define ISC_RESULTCLASS_PK11 ISC_RESULTCLASS_FROMNUM(7)
#endif /* ISC_RESULTCLASS_H */
# machine generated. The latter are handled specially in the
# install target below.
#
-HEADERS = constants.h internal.h pk11.h
+HEADERS = constants.h internal.h pk11.h result.h
SUBDIRS =
TARGETS =
* Set the PKCS#11 provider (aka library) path/name.
*/
+isc_result_t pk11_initialize(isc_mem_t *mctx, const char *engine);
+/*%<
+ * Initialize PKCS#11 device
+ *
+ * mctx: memory context to attach to pk11_mctx.
+ * engine: PKCS#11 provider (aka library) path/name.
+ *
+ * returns:
+ * ISC_R_SUCCESS
+ * PK11_R_NOPROVIDER: can't load the provider
+ * PK11_R_INITFAILED: C_Initialize() failed
+ * PK11_R_NORANDOMSERVICE: can't find required random service
+ * PK11_R_NODIGESTSERVICE: can't find required digest service
+ * PK11_R_NOAESSERVICE: can't find required AES service
+ */
+
isc_result_t pk11_get_session(pk11_context_t *ctx,
pk11_optype_t optype,
+ isc_boolean_t need_services,
isc_boolean_t rw,
isc_boolean_t logon,
const char *pin,
/*%<
* Initialize PKCS#11 device and acquire a session.
*
+ * need_services:
+ * if ISC_TRUE, this session requires full PKCS#11 API
+ * support including random and digest services, and
+ * the lack of these services will cause the session not
+ * to be initialized. If ISC_FALSE, the function will return
+ * an error code indicating the missing service, but the
+ * session will be usable for other purposes.
* rw: if ISC_TRUE, session will be read/write (useful for
* generating or destroying keys); otherwise read-only.
* login: indicates whether to log in to the device
* Release an active PKCS#11 session for reuse.
*/
-void pk11_shutdown(void);
+isc_result_t pk11_finalize(void);
/*%<
* Shut down PKCS#11 device and free all sessions.
*/
--- /dev/null
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PK11_RESULT_H
+#define PK11_RESULT_H 1
+
+/*! \file pk11/result.h */
+
+#include <isc/lang.h>
+#include <isc/resultclass.h>
+
+/*
+ * Nothing in this file truly depends on <isc/result.h>, but the
+ * PK11 result codes are considered to be publicly derived from
+ * the ISC result codes, so including this file buys you the ISC_R_
+ * namespace too.
+ */
+#include <isc/result.h> /* Contractual promise. */
+
+#define PK11_R_INITFAILED (ISC_RESULTCLASS_PK11 + 0)
+#define PK11_R_NOPROVIDER (ISC_RESULTCLASS_PK11 + 1)
+#define PK11_R_NORANDOMSERVICE (ISC_RESULTCLASS_PK11 + 2)
+#define PK11_R_NODIGESTSERVICE (ISC_RESULTCLASS_PK11 + 3)
+#define PK11_R_NOAESSERVICE (ISC_RESULTCLASS_PK11 + 4)
+
+#define PK11_R_NRESULTS 5 /* Number of results */
+
+ISC_LANG_BEGINDECLS
+
+LIBISC_EXTERNAL_DATA extern isc_msgcat_t *pk11_msgcat;
+
+void
+pk11_initmsgcat(void);
+
+const char *
+pk11_result_totext(isc_result_t);
+
+void
+pk11_result_register(void);
+
+ISC_LANG_ENDDECLS
+
+#endif /* PK11_RESULT_H */
CK_RV rv;
CK_MECHANISM mech = { CKM_MD5, NULL, 0 };
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
PK11_FATALCHECK(pkcs_C_DigestInit, (ctx->session, &mech));
}
#include <pk11/pk11.h>
#include <pk11/internal.h>
+#include <pk11/result.h>
#include <pkcs11/cryptoki.h>
#include <pkcs11/pkcs11.h>
-void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
-isc_result_t dst__pkcs11_destroy(void);
-
#define PINLEN 32
#ifndef PK11_NO_LOGERR
UNLOCK(&alloclock);
}
-void
-dst__pkcs11_init(isc_mem_t *mctx, const char *engine) {
+isc_result_t
+pk11_initialize(isc_mem_t *mctx, const char *engine) {
+ isc_result_t result;
CK_RV rv;
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
isc_mem_attach(mctx, &pk11_mctx);
if (initialized) {
UNLOCK(&alloclock);
- return;
+ return (ISC_R_SUCCESS);
} else {
LOCK(&sessionlock);
initialized = ISC_TRUE;
UNLOCK(&alloclock);
}
+ ISC_LIST_INIT(tokens);
+ ISC_LIST_INIT(actives);
+
if (engine != NULL)
lib_name = engine;
/* Initialize the CRYPTOKI library */
rv = pkcs_C_Initialize((CK_VOID_PTR) &pk11_init_args);
+ if (rv == 0xfe) {
+ result = PK11_R_NOPROVIDER;
+ goto unlock;
+ }
if (rv != CKR_OK) {
- if (rv == 0xfe)
- FATAL_ERROR(__FILE__, __LINE__,
- "Can't load or link module \"%s\"",
- lib_name);
- else
- FATAL_ERROR(__FILE__, __LINE__,
- "pkcs_C_Initialize: Error = 0x%.8lX", rv);
+ result = PK11_R_INITFAILED;
+ goto unlock;
}
- ISC_LIST_INIT(tokens);
- ISC_LIST_INIT(actives);
-
choose_slots();
#ifdef PKCS11CRYPTO
- if (rand_token == NULL)
- FATAL_ERROR(__FILE__, __LINE__, "Can't find random service");
- if (digest_token == NULL)
- FATAL_ERROR(__FILE__, __LINE__, "Can't find digest service");
+ if (rand_token == NULL) {
+ result = PK11_R_NORANDOMSERVICE;
+ goto unlock;
+ }
+ if (digest_token == NULL) {
+ result = PK11_R_NODIGESTSERVICE;
+ goto unlock;
+ }
#if defined(ISC_PLATFORM_USESIT) && defined(AES_SIT)
- if (aes_token == NULL)
- FATAL_ERROR(__FILE__, __LINE__, "Can't find AES encrypt");
+ if (aes_token == NULL) {
+ result = PK11_R_NOAESSERVICE;
+ goto unlock;
+ }
#endif
#endif /* PKCS11CRYPTO */
+ result = ISC_R_SUCCESS;
+ unlock:
UNLOCK(&sessionlock);
+ return (result);
}
isc_result_t
-dst__pkcs11_destroy(void) {
+pk11_finalize(void) {
pk11_token_t *token, *next;
isc_result_t ret;
return (ret);
}
-void
-pk11_shutdown(void) {
- (void) dst__pkcs11_destroy();
-}
-
isc_result_t
pk11_rand_bytes(unsigned char *buf, int num) {
isc_result_t ret;
CK_RV rv;
pk11_context_t ctx;
- ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE, NULL, 0);
- if (ret != ISC_R_SUCCESS)
+ ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE,
+ ISC_FALSE, NULL, 0);
+ if ((ret != ISC_R_SUCCESS) &&
+ (ret != PK11_R_NODIGESTSERVICE) &&
+ (ret != PK11_R_NOAESSERVICE))
return (ret);
RUNTIME_CHECK(ctx.session != CK_INVALID_HANDLE);
rv = pkcs_C_GenerateRandom(ctx.session,
size_t cc = 0;
isc_result_t ret;
- ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE, NULL, 0);
- if (ret != ISC_R_SUCCESS)
+ ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE,
+ ISC_FALSE, NULL, 0);
+ if ((ret != ISC_R_SUCCESS) &&
+ (ret != PK11_R_NODIGESTSERVICE) &&
+ (ret != PK11_R_NOAESSERVICE))
return;
RUNTIME_CHECK(ctx.session != CK_INVALID_HANDLE);
ret = isc_stdio_open(randomfile, "r", &stream);
isc_result_t
pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
- isc_boolean_t rw, isc_boolean_t logon,
- const char *pin, CK_SLOT_ID slot)
+ isc_boolean_t need_services, isc_boolean_t rw,
+ isc_boolean_t logon, const char *pin, CK_SLOT_ID slot)
{
pk11_token_t *token = NULL;
pk11_sessionlist_t *freelist;
pk11_session_t *sp;
- isc_result_t ret = ISC_R_SUCCESS;
+ isc_result_t ret;
+#ifdef PKCS11CRYPTO
+ isc_result_t service_ret = ISC_R_SUCCESS;
+#else
+ UNUSED(need_services);
+#endif
+
+ memset(ctx, 0, sizeof(pk11_context_t));
+ ctx->handle = NULL;
+ ctx->session = CK_INVALID_HANDLE;
+
+ ret = pk11_initialize(NULL, NULL);
+#ifdef PKCS11CRYPTO
+ if (ret == PK11_R_NORANDOMSERVICE ||
+ ret == PK11_R_NODIGESTSERVICE ||
+ ret == PK11_R_NOAESSERVICE) {
+ if (need_services)
+ return (ret);
+ service_ret = ret;
+ }
+ else
+#endif /* PKCS11CRYPTO */
+ if (ret != ISC_R_SUCCESS)
+ return (ret);
- dst__pkcs11_init(NULL, NULL);
LOCK(&sessionlock);
/* wait for initialization to finish */
UNLOCK(&sessionlock);
- memset(ctx, 0, sizeof(pk11_context_t));
- ctx->handle = NULL;
- ctx->session = CK_INVALID_HANDLE;
switch(optype) {
#ifdef PKCS11CRYPTO
case OP_RAND:
UNLOCK(&sessionlock);
ctx->handle = sp;
ctx->session = sp->session;
+#ifdef PKCS11CRYPTO
+ if (ret == ISC_R_SUCCESS)
+ ret = service_ret;
+#endif
return (ret);
}
/* get the URI scheme */
p = strchr(uri, ':');
if (p == NULL)
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
*p++ = '\0';
if (strcmp(uri, "pkcs11") != 0)
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
/* get attributes */
for (na = p; na != NULL;) {
l = 0;
v = percent_decode(v, &l);
if (v == NULL)
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
if ((a == v) || (strcmp(a, "object") == 0)) {
/* object: CKA_LABEL */
attr = pk11_attribute_bytype(obj, CKA_LABEL);
if (attr != NULL)
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
attr = push_attribute(obj, mctx, l);
if (attr == NULL)
DST_RET(ISC_R_NOMEMORY);
/* object-type: CKA_CLASS */
/* only private makes sense */
if (strcmp(v, "private") != 0)
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
} else if (strcmp(a, "id") == 0) {
/* id: CKA_ID */
attr = pk11_attribute_bytype(obj, CKA_ID);
if (attr != NULL)
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
attr = push_attribute(obj, mctx, l);
if (attr == NULL)
DST_RET(ISC_R_NOMEMORY);
goto err;
gotpin = ISC_TRUE;
} else
- DST_RET(DST_R_NOENGINE);
+ DST_RET(PK11_R_NOPROVIDER);
}
if ((pk11_attribute_bytype(obj, CKA_LABEL) == NULL) &&
--- /dev/null
+/*
+ * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+#include <stddef.h>
+
+#include <isc/once.h>
+#include <isc/msgcat.h>
+#include <isc/util.h>
+
+#include <pk11/result.h>
+
+LIBISC_EXTERNAL_DATA isc_msgcat_t * pk11_msgcat = NULL;
+
+static isc_once_t msgcat_once = ISC_ONCE_INIT;
+
+static const char *text[PK11_R_NRESULTS] = {
+ "PKCS#11 initialization failed", /*%< 0 */
+ "no PKCS#11 provider", /*%< 1 */
+ "PKCS#11 provider has no random service", /*%< 2 */
+ "PKCS#11 provider has no digest service", /*%< 3 */
+ "PKCS#11 provider has no AES service", /*%< 4 */
+};
+
+#define PK11_RESULT_RESULTSET 2
+
+static isc_once_t once = ISC_ONCE_INIT;
+
+static void
+open_msgcat(void) {
+ isc_msgcat_open("libpk11.cat", &pk11_msgcat);
+}
+
+void
+pk11_initmsgcat(void) {
+
+ /*
+ * Initialize the PKCS#11 support's message catalog,
+ * pk11_msgcat, if it has not already been initialized.
+ */
+
+ RUNTIME_CHECK(isc_once_do(&msgcat_once, open_msgcat) == ISC_R_SUCCESS);
+}
+
+static void
+initialize_action(void) {
+ isc_result_t result;
+
+ result = isc_result_register(ISC_RESULTCLASS_PK11, PK11_R_NRESULTS,
+ text, pk11_msgcat, PK11_RESULT_RESULTSET);
+ if (result != ISC_R_SUCCESS)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "isc_result_register() failed: %u", result);
+}
+
+static void
+initialize(void) {
+ pk11_initmsgcat();
+ RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS);
+}
+
+const char *
+pk11_result_totext(isc_result_t result) {
+ initialize();
+
+ return (isc_result_totext(result));
+}
+
+void
+pk11_result_register(void) {
+ initialize();
+}
CK_RV rv;
CK_MECHANISM mech = { CKM_SHA_1, NULL, 0 };
- RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
PK11_FATALCHECK(pkcs_C_DigestInit, (ctx->session, &mech));
}
if (context == (isc_sha224_t *)0) {
return;
}
- RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
}
if (context == (isc_sha256_t *)0) {
return;
}
- RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
}
if (context == (isc_sha512_t *)0) {
return;
}
- RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
}
if (context == (isc_sha384_t *)0) {
return;
}
- RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_FALSE, ISC_FALSE,
- NULL, 0) == ISC_R_SUCCESS);
+ RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
+ ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
}
NTReportError
closelog
@IF PKCS11
-dst__pkcs11_init
-dst__pkcs11_destroy
getpassphrase
@END PKCS11
isc___socketmgr_maxudp
pk11_attribute_next
pk11_dump_tokens
pk11_error_fatalcheck
+pk11_finalize
pk11_get_best_token
pk11_get_lib_name
pk11_get_session
+pk11_initialize
+pk11_initmsgcat
pk11_mem_get
pk11_mem_put
pk11_numbits
pk11_parse_uri
pk11_rand_bytes
pk11_rand_seed_fromfile
+pk11_result_register
+pk11_result_totext
pk11_return_session
pk11_set_lib_name
-pk11_shutdown
pkcs_C_CloseSession
pkcs_C_CreateObject
pkcs_C_DeriveKey
SOURCE=..\include\isc\result.h
# End Source File
+@IF PKCS11
+# Begin Source File
+
+SOURCE=..\include\pk11\result.h
+# End Source File
+@END PKCS11
# Begin Source File
SOURCE=..\include\isc\resultclass.h
SOURCE=..\pk11.c
# End Source File
+# Begin Source File
+
+SOURCE=..\pk11_result.c
+# End Source File
@END PKCS11
# Begin Source File
@IF PKCS11
-@erase "$(INTDIR)\pk11.obj"
-@erase "$(INTDIR)\pk11_api.obj"
+ -@erase "$(INTDIR)\pk11_result.obj"
@END PKCS11
-@erase "$(INTDIR)\pool.obj"
-@erase "$(INTDIR)\portset.obj"
"$(INTDIR)\ondestroy.obj" \
@IF PKCS11
"$(INTDIR)\pk11.obj" \
+ "$(INTDIR)\pk11_result.obj" \
@END PKCS11
"$(INTDIR)\quota.obj" \
"$(INTDIR)\radix.obj" \
@IF PKCS11
-@erase "$(INTDIR)\pk11.obj"
-@erase "$(INTDIR)\pk11_api.obj"
+ -@erase "$(INTDIR)\pk11_result.obj"
@END PKCS11
-@erase "$(INTDIR)\pool.obj"
-@erase "$(INTDIR)\pool.sbr"
"$(INTDIR)\ondestroy.sbr" \
@IF PKCS11
"$(INTDIR)\pk11.sbr" \
+ "$(INTDIR)\pk11_result.sbr" \
@END PKCS11
"$(INTDIR)\quota.sbr" \
"$(INTDIR)\radix.sbr" \
"$(INTDIR)\ondestroy.obj" \
@IF PKCS11
"$(INTDIR)\pk11.obj" \
+ "$(INTDIR)\pk11_result.obj" \
@END PKCS11
"$(INTDIR)\quota.obj" \
"$(INTDIR)\radix.obj" \
$(CPP) $(CPP_PROJ) $(SOURCE)
+!ENDIF
+
+SOURCE=..\pk11_result.c
+
+!IF "$(CFG)" == "libisc - @PLATFORM@ Release"
+
+
+"$(INTDIR)\pk11_result.obj" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "libisc - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\pk11_result.obj" "$(INTDIR)\pk11_result.sbr" : $(SOURCE) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
!ENDIF
SOURCE=..\pool.c
<ClInclude Include="..\include\pk11\pk11.h">\r
<Filter>Library Header Files</Filter>\r
</ClInclude>\r
+ <ClInclude Include="..\include\pk11\result.h">\r
+ <Filter>Library Header Files</Filter>\r
+ </ClInclude>\r
<ClInclude Include="..\include\pkcs11\pkcs11.h">\r
<Filter>Pkcs11 Header Files</Filter>\r
</ClInclude>\r
<ClCompile Include="..\pk11.c">\r
<Filter>Library Source Files</Filter>\r
</ClCompile>\r
+ <ClCompile Include="..\pk11_result.c">\r
+ <Filter>Library Source Files</Filter>\r
+ </ClCompile>\r
@END PKCS11\r
</ItemGroup>\r
</Project>\r
<ClInclude Include="..\include\pk11\constants.h" />\r
<ClInclude Include="..\include\pk11\internal.h" />\r
<ClInclude Include="..\include\pk11\pk11.h" />\r
+ <ClInclude Include="..\include\pk11\result.h" />\r
<ClInclude Include="..\include\pkcs11\pkcs11.h" />\r
<ClInclude Include="..\include\pkcs11\pkcs11f.h" />\r
<ClInclude Include="..\include\pkcs11\pkcs11t.h" />\r
<ClCompile Include="..\tm.c" />\r
@IF PKCS11\r
<ClCompile Include="..\pk11.c" />\r
+ <ClCompile Include="..\pk11_result.c" />\r
@END PKCS11\r
<ClCompile Include="app.c" />\r
<ClCompile Include="condition.c" />\r