upstream/oracle/userland-gate: components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11

363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	1	/*
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	2	* Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	3	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	4	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	5
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	6	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	7	* Redistribution and use in source and binary forms, with or without
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	8	* modification, are permitted provided that the following conditions
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	9	* are met:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	10	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	11	* 1. Redistributions of source code must retain the above copyright
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	12	* notice, this list of conditions and the following disclaimer.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	13	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	14	* 2. Redistributions in binary form must reproduce the above copyright
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	15	* notice, this list of conditions and the following disclaimer in
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	16	* the documentation and/or other materials provided with the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	17	* distribution.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	18	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	19	* 3. All advertising materials mentioning features or use of this
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	20	* software must display the following acknowledgment:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	21	* "This product includes software developed by the OpenSSL Project
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	22	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	23	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	24	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	25	* endorse or promote products derived from this software without
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	26	* prior written permission. For written permission, please contact
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	27	* [email protected].
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	28	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	29	* 5. Products derived from this software may not be called "OpenSSL"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	30	* nor may "OpenSSL" appear in their names without prior written
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	31	* permission of the OpenSSL Project.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	32	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	33	* 6. Redistributions of any form whatsoever must retain the following
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	34	* acknowledgment:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	35	* "This product includes software developed by the OpenSSL Project
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	36	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	37	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	38	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	39	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	40	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	41	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	42	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	43	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	44	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	45	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	46	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	47	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	48	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	49	* OF THE POSSIBILITY OF SUCH DAMAGE.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	50	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	51
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	52	#include <stdio.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	53	#include <stdlib.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	54	#include <string.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	55	#include <sys/types.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	56	#include <sys/wait.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	57	#include <sys/mman.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	58	#include <unistd.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	59	#include <strings.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	60	#include <libgen.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	61	#include <pthread.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	62	#include <assert.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	63	#include <errno.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	64
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	65	#include <openssl/crypto.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	66
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	67	#ifndef OPENSSL_NO_HW
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	68	#ifndef OPENSSL_NO_HW_PK11
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	69
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	70	#include <security/cryptoki.h>
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	71	#include <security/pkcs11.h>
1604 b6e3e1ed52a5 17777796 Change the pkcs11 engine into a dynamic engine for FIPS version jenny.yung@oracle.com <jenny.yung@oracle.com> parents: 1586 diff changeset	72	#include "e_pk11.h"
b6e3e1ed52a5 17777796 Change the pkcs11 engine into a dynamic engine for FIPS version jenny.yung@oracle.com <jenny.yung@oracle.com> parents: 1586 diff changeset	73	#include "e_pk11_uri.h"
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	74
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	75	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	76	* The keystore used is always from the pubkey slot so we need to know which one
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	77	* was selected so that we can get the information needed for the URI
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	78	* processing.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	79	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	80	extern CK_SLOT_ID pubkey_SLOTID;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	81	extern CK_FUNCTION_LIST_PTR pFuncList;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	82
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	83	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	84	* Cached PIN so that child can use it during the re-login. Note that we do not
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	85	* cache the PIN by default.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	86	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	87	static char *token_pin;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	88
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	89	static int mlock_pin_in_memory(char *pin);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	90	static char run_askpass(char dialog);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	91
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	92	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	93	* Get the PIN. Either run the command and use its standard output as a PIN to
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	94	* fill in the PKCS11 URI structure, or read the PIN from the terminal. Using
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	95	* the external command is of higher precedence. The memory for PIN is allocated
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	96	* in this function and the PIN is always NULL terminated. The caller must take
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	97	* care of freeing the memory used for the PIN. The maximum PIN length accepted
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	98	* is PK11_MAX_PIN_LEN.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	99	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	100	* The function is used also during the re-initialization of the engine after
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	101	* the fork.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	102	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	103	* The function must not be called under the protection of the mutex "uri_lock"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	104	* because the lock is acquired in the prefork function.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	105	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	106	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	107	* 0 in case of troubles (and sets "*pin" to NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	108	* 1 if we got the PIN
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	109	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	110	#define EXEC_SPEC "exec:"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	111	#define BUILTIN_SPEC "builtin"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	112	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	113	pk11_get_pin(char dialog, char *pin)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	114	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	115	/* Initialize as an error. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	116	*pin = NULL;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	117
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	118	if (strcmp(dialog, BUILTIN_SPEC) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	119	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	120	/* The getpassphrase() function is not MT safe. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	121	(void) pthread_mutex_lock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	122	/* Note that OpenSSL is not localized at all. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	123	*pin = getpassphrase("Enter token PIN: ");
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	124	if (*pin == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	125	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	126	PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	127	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	128	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	129	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	130	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	131	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	132	char *pw;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	133
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	134	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	135	* getpassphrase() uses an internal buffer to hold the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	136	* entered password. Note that it terminates the buffer
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	137	* with '\0'.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	138	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	139	if ((pw = strdup(*pin)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	140	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	141	PK11err(PK11_F_GET_PIN, PK11_R_MALLOC_FAILURE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	142	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	143	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	144	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	145	/* Zero the internal buffer to get rid of the PIN. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	146	memset(pin, 0, strlen(pin));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	147	*pin = pw;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	148	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	149	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	150	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	151	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	152	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	153	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	154	* This is the "exec:" case. We will get the PIN from the output
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	155	* of an external command.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	156	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	157	if (strncmp(dialog, EXEC_SPEC, strlen(EXEC_SPEC)) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	158	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	159	dialog += strlen(EXEC_SPEC);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	160	if ((*pin = run_askpass(dialog)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	161	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	162	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	163	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	164	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	165	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	166	* Invalid specification in the passphrasedialog
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	167	* keyword.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	168	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	169	PK11err(PK11_F_GET_PIN, PK11_R_BAD_PASSPHRASE_SPEC);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	170	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	171	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	172	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	173
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	174	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	175	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	176	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	177	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	178
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	179	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	180	* Process the PKCS#11 URI and get the PIN. It uses information from the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	181	* passphrasedialog keyword to get the PIN. If passphrasedialog is not present
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	182	* it is not considered an error since it depends on the token attributes
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	183	* whether C_Login() is required. The function expects an allocated 'uri_struct'
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	184	* structure.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	185	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	186	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	187	* 0 if URI is not valid at all, or if we could not get the PIN
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	188	* 1 if all is OK
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	189	* 2 if the URI is not the PKCS#11 URI. In that case, put the string
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	190	* pointer to the filename to "*file". Note that the pointer just points
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	191	* inside of the "uristr", possibly skipping the file:// prefix if present.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	192	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	193	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	194	pk11_process_pkcs11_uri(const char uristr, pkcs11_uri uri_struct,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	195	const char **file)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	196	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	197	char uristr2, l1, l2, tok, *name;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	198
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	199	/* Check the "file://" case. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	200	if (strncmp(uristr, FILE_URI_PREFIX, strlen(FILE_URI_PREFIX)) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	201	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	202	*file = uristr + strlen(FILE_URI_PREFIX);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	203	return (2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	204	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	205
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	206	/* This is the "pkcs11:" case. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	207	if (strncmp(uristr, PK11_URI_PREFIX, strlen(PK11_URI_PREFIX)) != 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	208	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	209	/* Not PKCS#11 URI at all, could be a filename. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	210	file = (const char )uristr;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	211	return (2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	212	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	213	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	214	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	215	/* Dup the string and skip over the pkcs11: prefix then. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	216	uristr2 = strdup(uristr + strlen(PK11_URI_PREFIX));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	217	if (uristr2 == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	218	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	219	PK11err(PK11_F_CHECK_TOKEN_ATTRS,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	220	PK11_R_MALLOC_FAILURE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	221	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	222	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	223	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	224
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	225	/* Initialize the structure. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	226	memset(uri_struct, 0, sizeof (*uri_struct));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	227
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	228	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	229	* Using strtok_r() would silently skip over multiple semicolons. We
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	230	* must check that before moving on. We must also avoid ';' as the first
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	231	* and the last character in the URI.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	232	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	233	if (strstr(uristr2, ";;") != NULL \|\| uristr2[0] == ';' \|\|
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	234	(strlen(uristr2) > 0 && uristr2[strlen(uristr2) - 1] == ';'))
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	235	goto bad_uri;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	236
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	237	tok = strtok_r(uristr2, ";", &l1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	238	for (; tok != NULL; tok = strtok_r(NULL, ";", &l1))
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	239	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	240	/* "tok" is not empty so there will be something in "name". */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	241	name = strtok_r(tok, "=", &l2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	242	/* Check whether there is '=' at all. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	243	if (l2 == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	244	goto bad_uri;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	245
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	246	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	247	* Fill out the URI structure. We do not accept duplicit
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	248	* attributes.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	249	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	250	if (strcmp(name, PK11_TOKEN) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	251	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	252	if (uri_struct->token == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	253	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	254	if ((uri_struct->token = strdup(l2)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	255	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	256	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	257	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	258	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	259	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	260	else if (strcmp(name, PK11_MANUF) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	261	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	262	if (uri_struct->manuf == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	263	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	264	if ((uri_struct->manuf = strdup(l2)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	265	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	266	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	267	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	268	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	269	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	270	else if (strcmp(name, PK11_SERIAL) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	271	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	272	if (uri_struct->serial == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	273	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	274	if ((uri_struct->serial = strdup(l2)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	275	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	276	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	277	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	278	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	279	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	280	else if (strcmp(name, PK11_MODEL) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	281	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	282	if (uri_struct->model == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	283	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	284	if ((uri_struct->model = strdup(l2)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	285	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	286	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	287	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	288	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	289	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	290	else if (strcmp(name, PK11_OBJECT) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	291	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	292	if (uri_struct->object == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	293	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	294	if ((uri_struct->object = strdup(l2)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	295	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	296	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	297	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	298	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	299	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	300	else if (strcmp(name, PK11_OBJECTTYPE) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	301	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	302	if (uri_struct->objecttype == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	303	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	304	uri_struct->objecttype = strdup(l2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	305	if (uri_struct->objecttype == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	306	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	307	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	308	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	309	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	310	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	311	else if (strcmp(name, PK11_ASKPASS) == 0)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	312	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	313	if (uri_struct->askpass == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	314	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	315	if ((uri_struct->askpass = strdup(l2)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	316	goto no_mem;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	317	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	318	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	319	goto bad_uri;
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	320	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	321	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	322	goto bad_uri;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	323	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	324
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	325	/* The "object" token is mandatory in the PKCS#11 URI. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	326	if (uri_struct->object == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	327	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	328	PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MISSING_OBJECT_LABEL);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	329	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	330	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	331
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	332	free(uristr2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	333	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	334	bad_uri:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	335	PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_INVALID_PKCS11_URI);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	336	if (uristr2 != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	337	free(uristr2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	338	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	339	no_mem:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	340	PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	341	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	342	pk11_free_pkcs11_uri(uri_struct, CK_FALSE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	343	if (uristr2 != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	344	free(uristr2);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	345	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	346	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	347
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	348	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	349	* Free the PKCS11 URI structure and anything that might be inside.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	350	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	351	void
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	352	pk11_free_pkcs11_uri(pkcs11_uri *uri_struct, CK_BBOOL free_uri_itself)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	353	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	354	if (uri_struct->token != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	355	free(uri_struct->token);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	356	if (uri_struct->manuf != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	357	free(uri_struct->manuf);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	358	if (uri_struct->serial != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	359	free(uri_struct->serial);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	360	if (uri_struct->model != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	361	free(uri_struct->model);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	362	if (uri_struct->object != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	363	free(uri_struct->object);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	364	if (uri_struct->objecttype != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	365	free(uri_struct->objecttype);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	366	if (uri_struct->askpass != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	367	free(uri_struct->askpass);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	368
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	369	if (free_uri_itself == CK_TRUE)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	370	OPENSSL_free(uri_struct);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	371	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	372
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	373	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	374	* While our keystore is always the one used by the pubkey slot (which is
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	375	* usually the Metaslot) we must make sure that those URI attributes that
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	376	* specify the keystore match the real attributes of our slot keystore. Note
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	377	* that one can use the METASLOT_OBJECTSTORE_TOKEN environment variable to
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	378	* change the Metaslot's keystore from the softtoken to something else (see
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	379	* libpkcs11(3LIB)). The user might want to use such attributes in the PKCS#11
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	380	* URI to make sure that the intended keystore is used.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	381	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	382	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	383	* 1 on success
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	384	* 0 on failure
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	385	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	386	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	387	pk11_check_token_attrs(pkcs11_uri *uri_struct)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	388	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	389	CK_RV rv;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	390	static CK_TOKEN_INFO_PTR token_info = NULL;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	391
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	392	(void) pthread_mutex_lock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	393	if (token_info == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	394	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	395	token_info = OPENSSL_malloc(sizeof (CK_TOKEN_INFO));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	396	if (token_info == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	397	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	398	PK11err(PK11_F_CHECK_TOKEN_ATTRS,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	399	PK11_R_MALLOC_FAILURE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	400	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	401	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	402
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	403	rv = pFuncList->C_GetTokenInfo(pubkey_SLOTID, token_info);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	404	if (rv != CKR_OK)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	405	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	406	PK11err_add_data(PK11_F_CHECK_TOKEN_ATTRS,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	407	PK11_R_GETTOKENINFO, rv);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	408	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	409	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	410	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	411
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	412	if (uri_struct->token != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	413	if (strncmp(uri_struct->token, (char *)token_info->label,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	414	strlen(uri_struct->token) > 32 ? 32 :
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	415	strlen(uri_struct->token)) != 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	416	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	417	goto urierr;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	418	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	419
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	420	if (uri_struct->manuf != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	421	if (strncmp(uri_struct->manuf,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	422	(char *)token_info->manufacturerID,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	423	strlen(uri_struct->manuf) > 32 ? 32 :
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	424	strlen(uri_struct->manuf)) != 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	425	goto urierr;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	426
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	427	if (uri_struct->model != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	428	if (strncmp(uri_struct->model, (char *)token_info->model,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	429	strlen(uri_struct->model) > 16 ? 16 :
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	430	strlen(uri_struct->model)) != 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	431	goto urierr;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	432
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	433	if (uri_struct->serial != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	434	if (strncmp(uri_struct->serial,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	435	(char *)token_info->serialNumber,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	436	strlen(uri_struct->serial) > 16 ? 16 :
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	437	strlen(uri_struct->serial)) != 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	438	goto urierr;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	439
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	440	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	441	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	442
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	443	urierr:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	444	PK11err(PK11_F_CHECK_TOKEN_ATTRS, PK11_R_TOKEN_ATTRS_DO_NOT_MATCH);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	445	/* Correct error already set above for the "err" label. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	446	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	447	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	448	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	449	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	450
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	451	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	452	* Return the process PIN caching policy. We initialize it just once so if the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	453	* process change OPENSSL_PKCS11_PIN_CACHING_POLICY during the operation it will
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	454	* not have any affect on the policy.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	455	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	456	* We assume that the "uri_lock" mutex is already locked.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	457	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	458	* Returns the caching policy number.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	459	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	460	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	461	pk11_get_pin_caching_policy(void)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	462	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	463	char *value = NULL;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	464	static int policy = POLICY_NOT_INITIALIZED;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	465
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	466	if (policy != POLICY_NOT_INITIALIZED)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	467	return (policy);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	468
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	469	value = getenv("OPENSSL_PKCS11_PIN_CACHING_POLICY");
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	470
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	471	if (value == NULL \|\| strcmp(value, "none") == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	472	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	473	policy = POLICY_NONE;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	474	goto done;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	475	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	476
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	477	if (strcmp(value, "memory") == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	478	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	479	policy = POLICY_MEMORY;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	480	goto done;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	481	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	482
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	483	if (strcmp(value, "mlocked-memory") == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	484	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	485	policy = POLICY_MLOCKED_MEMORY;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	486	goto done;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	487	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	488
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	489	return (POLICY_WRONG_VALUE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	490	done:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	491	return (policy);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	492	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	493
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	494	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	495	* Cache the PIN in memory once. We already know that we have either "memory" or
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	496	* "mlocked-memory" keyword correctly set.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	497	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	498	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	499	* 1 on success
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	500	* 0 on failure
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	501	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	502	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	503	pk11_cache_pin(char *pin)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	504	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	505	(void) pthread_mutex_lock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	506	/* We set the PIN only once since all URIs must have it the same. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	507	if (token_pin != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	508	goto ok;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	509
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	510	if (pk11_get_pin_caching_policy() == POLICY_MEMORY)
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	511	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	512	if ((token_pin = strdup(pin)) == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	513	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	514	PK11err(PK11_F_CACHE_PIN, PK11_R_MALLOC_FAILURE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	515	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	516	}
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	517	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	518	else
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	519	{
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	520	if (pk11_get_pin_caching_policy() == POLICY_MLOCKED_MEMORY)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	521	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	522	if (mlock_pin_in_memory(pin) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	523	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	524	}
4720 1ccedfc24ebb 21492687 PIN caching policy "mlocked-memory" does not work in the PKCS#11 engine Ivo Raisr <ivo.raisr@oracle.com> parents: 1604 diff changeset	525	}
363 9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	526
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	527	ok:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	528	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	529	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	530	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	531	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	532	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	533	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	534
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	535	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	536	* Cache the PIN in mlock(3C)ed memory. If mlock(3C) fails we will not resort to
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	537	* the normal memory caching.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	538	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	539	* Note that this function must be called under the protection of the "uri_lock"
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	540	* mutex.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	541	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	542	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	543	* 1 on success
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	544	* 0 on failure
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	545	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	546	static int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	547	mlock_pin_in_memory(char *pin)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	548	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	549	void *addr = NULL;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	550	long pagesize = 0;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	551
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	552	/* mlock(3C) locks pages so we need one whole page for the PIN. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	553	if ((pagesize = sysconf(_SC_PAGESIZE)) == -1)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	554	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	555	PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_SYSCONF_FAILED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	556	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	557	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	558
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	559	/* This will ensure we have a page aligned pointer... */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	560	if ((addr = mmap(0, pagesize, PROT_READ \| PROT_WRITE,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	561	MAP_PRIVATE \| MAP_ANON, -1, 0)) == MAP_FAILED)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	562	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	563	PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_MMAP_FAILED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	564	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	565	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	566
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	567	/* ...because "addr" must be page aligned here. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	568	if (mlock(addr, pagesize) == -1)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	569	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	570	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	571	* Missing the PRIV_PROC_LOCK_MEMORY privilege might be a common
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	572	* problem so distinguish this situation from other issues.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	573	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	574	if (errno == EPERM)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	575	PK11err(PK11_F_MLOCK_PIN_IN_MEMORY,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	576	PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	577	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	578	PK11err(PK11_F_MLOCK_PIN_IN_MEMORY,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	579	PK11_R_MLOCK_FAILED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	580
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	581	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	582	* We already have a problem here so there is no need to check
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	583	* that we could unmap the page. The PIN is not there yet
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	584	* anyway.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	585	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	586	(void) munmap(addr, pagesize);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	587	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	588	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	589
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	590	/* Copy the PIN to the mlocked memory. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	591	token_pin = (char *)addr;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	592	strlcpy(token_pin, pin, PK11_MAX_PIN_LEN + 1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	593	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	594	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	595	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	596	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	597
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	598	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	599	* Log in to the keystore if we are supposed to do that at all. Take care of
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	600	* reading and caching the PIN etc. Log in only once even when called from
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	601	* multiple threads.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	602	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	603	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	604	* 1 on success
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	605	* 0 on failure
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	606	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	607	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	608	pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	609	pkcs11_uri *uri_struct, CK_BBOOL is_private)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	610	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	611	CK_RV rv;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	612
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	613	if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	614	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	615	PK11err(PK11_F_TOKEN_LOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	616	PK11_R_TOKEN_NOT_INITIALIZED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	617	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	618	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	619
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	620	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	621	* If login is required or needed but the PIN has not been even
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	622	* initialized we can bail out right now. Note that we are supposed to
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	623	* always log in if we are going to access private keys. However, we may
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	624	* need to log in even for accessing public keys in case that the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	625	* CKF_LOGIN_REQUIRED flag is set.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	626	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	627	if ((pubkey_token_flags & CKF_LOGIN_REQUIRED \|\|
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	628	is_private == CK_TRUE) && ~pubkey_token_flags &
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	629	CKF_USER_PIN_INITIALIZED)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	630	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	631	PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	632	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	633	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	634
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	635	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	636	* Note on locking: it is possible that more than one thread gets into
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	637	* pk11_get_pin() so we must deal with that. We cannot avoid it since we
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	638	* cannot guard fork() in there with a lock because we could end up in
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	639	* a dead lock in the child. Why? Remember we are in a multithreaded
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	640	* environment so we must lock all mutexes in the prefork function to
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	641	* avoid a situation in which a thread that did not call fork() held a
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	642	* lock, making future unlocking impossible. We lock right before
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	643	* C_Login().
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	644	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	645	if (pubkey_token_flags & CKF_LOGIN_REQUIRED \|\| is_private == CK_TRUE)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	646	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	647	if (*login_done == CK_FALSE &&
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	648	uri_struct->askpass == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	649	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	650	PK11err(PK11_F_TOKEN_LOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	651	PK11_R_TOKEN_PIN_NOT_PROVIDED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	652	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	653	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	654
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	655	if (*login_done == CK_FALSE &&
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	656	uri_struct->askpass != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	657	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	658	if (pk11_get_pin(uri_struct->askpass,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	659	&uri_struct->pin) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	660	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	661	PK11err(PK11_F_TOKEN_LOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	662	PK11_R_TOKEN_PIN_NOT_PROVIDED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	663	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	664	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	665	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	666
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	667	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	668	* Note that what we are logging into is the keystore from
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	669	* pubkey_SLOTID because we work with OP_RSA session type here.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	670	* That also means that we can work with only one keystore in
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	671	* the engine.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	672	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	673	* We must make sure we do not try to login more than once.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	674	* Also, see the comment above on locking strategy.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	675	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	676	(void) pthread_mutex_lock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	677	if (*login_done == CK_FALSE)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	678	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	679	if ((rv = pFuncList->C_Login(session,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	680	CKU_USER, (CK_UTF8CHAR*)uri_struct->pin,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	681	strlen(uri_struct->pin))) != CKR_OK)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	682	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	683	PK11err_add_data(PK11_F_TOKEN_LOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	684	PK11_R_TOKEN_LOGIN_FAILED, rv);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	685	goto err_locked;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	686	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	687
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	688	*login_done = CK_TRUE;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	689
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	690	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	691	* Cache the passphrasedialog for possible child (which
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	692	* would need to relogin).
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	693	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	694	if (passphrasedialog == NULL &&
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	695	uri_struct->askpass != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	696	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	697	passphrasedialog =
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	698	strdup(uri_struct->askpass);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	699
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	700	if (passphrasedialog == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	701	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	702	PK11err_add_data(PK11_F_TOKEN_LOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	703	PK11_R_MALLOC_FAILURE, rv);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	704	goto err_locked;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	705	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	706	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	707
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	708	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	709	* Check the PIN caching policy. Note that user might
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	710	* have provided a PIN even when no PIN was required -
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	711	* in that case we always remove the PIN from memory.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	712	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	713	if (pk11_get_pin_caching_policy() ==
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	714	POLICY_WRONG_VALUE)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	715	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	716	PK11err(PK11_F_TOKEN_LOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	717	PK11_R_PIN_CACHING_POLICY_INVALID);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	718	goto err_locked;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	719	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	720
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	721	if (pk11_get_pin_caching_policy() != POLICY_NONE)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	722	if (pk11_cache_pin(uri_struct->pin) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	723	goto err_locked;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	724	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	725	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	726	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	727	else
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	728	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	729	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	730	* If token does not require login we take it as the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	731	* login was done.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	732	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	733	*login_done = CK_TRUE;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	734	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	735
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	736	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	737	* If we raced at pk11_get_pin() we must make sure that all threads that
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	738	* called pk11_get_pin() will erase the PIN from memory, not just the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	739	* one that called C_Login(). Note that if we were supposed to cache the
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	740	* PIN it was already cached by now so filling "uri_struct.pin" with
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	741	* zero bytes is always OK since pk11_cache_pin() makes a copy of it.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	742	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	743	if (uri_struct->pin != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	744	memset(uri_struct->pin, 0, strlen(uri_struct->pin));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	745
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	746	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	747
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	748	err_locked:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	749	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	750	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	751	/* Always get rid of the PIN. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	752	if (uri_struct->pin != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	753	memset(uri_struct->pin, 0, strlen(uri_struct->pin));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	754	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	755	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	756
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	757	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	758	* Log in to the keystore in the child if we were logged in in the parent. There
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	759	* are similarities in the code with pk11_token_login() but still it is quite
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	760	* different so we need a separate function for this.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	761	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	762	* Note that this function is called under the locked session mutex when fork is
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	763	* detected. That means that C_Login() will be called from the child just once.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	764	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	765	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	766	* 1 on success
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	767	* 0 on failure
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	768	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	769	int
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	770	pk11_token_relogin(CK_SESSION_HANDLE session)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	771	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	772	CK_RV rv;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	773
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	774	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	775	* We are in the child so check if we should login to the token again.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	776	* Note that it is enough to log in to the token through one session
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	777	* only, all already open and all future sessions can access the token
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	778	* then.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	779	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	780	if (passphrasedialog != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	781	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	782	char *pin = NULL;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	783
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	784	/* If we cached the PIN then use it. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	785	if (token_pin != NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	786	pin = token_pin;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	787	else if (pk11_get_pin(passphrasedialog, &pin) == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	788	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	789
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	790	(void) pthread_mutex_lock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	791	if ((rv = pFuncList->C_Login(session, CKU_USER,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	792	(CK_UTF8CHAR_PTR)pin, strlen(pin))) != CKR_OK)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	793	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	794	PK11err_add_data(PK11_F_TOKEN_RELOGIN,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	795	PK11_R_TOKEN_LOGIN_FAILED, rv);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	796	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	797	goto err;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	798	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	799	(void) pthread_mutex_unlock(uri_lock);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	800
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	801	/* Forget the PIN now if we did not cache it before. */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	802	if (pin != token_pin)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	803	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	804	memset(pin, 0, strlen(pin));
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	805	OPENSSL_free(pin);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	806	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	807	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	808
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	809	return (1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	810	err:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	811	return (0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	812	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	813
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	814	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	815	* This function forks and runs an external command. It would be nice if we
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	816	* could use popen(3C)/pclose(3C) for that but unfortunately we need to be able
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	817	* to get rid of the PIN from the memory. With p(open\|close) function calls we
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	818	* cannot control the stdio's memory used for buffering and our tests showed
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	819	* that the PIN really stays there even after pclose().
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	820	*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	821	* Returns:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	822	* allocated buffer on success
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	823	* NULL on failure
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	824	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	825	static char *
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	826	run_askpass(char *dialog)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	827	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	828	pid_t pid;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	829	int n, p[2];
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	830	char *buf = NULL;
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	831
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	832	if (pipe(p) == -1)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	833	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	834	PK11err(PK11_F_RUN_ASKPASS, PK11_R_PIPE_FAILED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	835	return (NULL);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	836	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	837
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	838	switch (pid = fork())
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	839	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	840	case -1:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	841	PK11err(PK11_F_RUN_ASKPASS, PK11_R_FORK_FAILED);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	842	return (NULL);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	843	/* child */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	844	case 0:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	845	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	846	* This should make sure that dup2() will not fail on
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	847	* file descriptor shortage.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	848	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	849	close(p[0]);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	850	(void) dup2(p[1], 1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	851	close(p[1]);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	852	/*
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	853	* Note that we cannot use PK11err() here since we are
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	854	* in the child. However, parent will get read() error
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	855	* so do not worry.
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	856	*/
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	857	(void) execl(dialog, basename(dialog), NULL);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	858	exit(1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	859	/* parent */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	860	default:
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	861	/* +1 is for the terminating '\0' */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	862	buf = (char *)OPENSSL_malloc(PK11_MAX_PIN_LEN + 1);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	863	if (buf == NULL)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	864	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	865	PK11err(PK11_F_RUN_ASKPASS,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	866	PK11_R_MALLOC_FAILURE);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	867	return (NULL);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	868	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	869
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	870	close(p[1]);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	871	n = read(p[0], buf, PK11_MAX_PIN_LEN);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	872	if (n == -1 \|\| n == 0)
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	873	{
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	874	PK11err(PK11_F_RUN_ASKPASS,
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	875	PK11_R_PIN_NOT_READ_FROM_COMMAND);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	876	OPENSSL_free(buf);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	877	return (NULL);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	878	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	879	buf[n] = '\0';
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	880
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	881	(void) waitpid(pid, NULL, 0);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	882	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	883
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	884	return (buf);
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	885	}
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	886
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	887	#endif /* OPENSSL_NO_HW_PK11 */
9c0cad004039 7039910 move OpenSSL from SFW to Userland gate Jan Pechanec <Jan.Pechanec@Oracle.COM> parents: diff changeset	888	#endif /* OPENSSL_NO_HW */

author	Ivo Raisr <ivo.raisr@oracle.com>
	Wed, 29 Jul 2015 14:06:05 -0700
changeset 4720	1ccedfc24ebb
parent 1604	b6e3e1ed52a5
permissions	-rw-r--r--