mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code

Merged with Alon's r688.

Browse Source 
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@689 e7ae566f-a301-0410-adde-c780ea21d3b5
This commit is contained in:
james 2005-10-20 05:58:08 +00:00
parent f78687162b
commit 984cf0036c
18 changed files with 3806 additions and 2781 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -67,7 +67,7 @@ openvpn_SOURCES = \
multi.c multi.h \
ntlm.c ntlm.h \
occ.c occ.h occ-inline.h \
pkcs11.c pkcs11.h cryptoki.h \
pkcs11.c pkcs11.h pkcs11-helper.c pkcs11-helper.h pkcs11-helper-config.h cryptoki.h \
openvpn.c openvpn.h \
openvpn-plugin.h \
options.c options.h \

15
error.c
View File

@ -300,26 +300,29 @@ void x_msg (const unsigned int flags, const char *format, ...)
if ((flags & M_NOPREFIX) || suppress_timestamps)
{
fprintf (fp, "%s%s%s\n",
fprintf (fp, "%s%s%s%s",
prefix,
prefix_sep,
m1);
m1,
(flags&M_NOLF) ? "" : "\n");
}
else
{
#ifdef USE_PTHREAD
fprintf (fp, "%s [%d] %s%s%s\n",
fprintf (fp, "%s [%d] %s%s%s%s",
time_string (0, 0, show_usec, &gc),
(int) openvpn_thread_self (),
prefix,
prefix_sep,
m1);
m1,
(flags&M_NOLF) ? "" : "\n");
#else
fprintf (fp, "%s %s%s%s\n",
fprintf (fp, "%s %s%s%s%s",
time_string (0, 0, show_usec, &gc),
prefix,
prefix_sep,
m1);
m1,
(flags&M_NOLF) ? "" : "\n");
#endif
}
fflush(fp);

1
error.h
View File

@ -97,6 +97,7 @@ extern int x_msg_line_num;
#define M_USAGE_SMALL (1<<13) /* fatal options error, call usage_small */
#define M_MSG_VIRT_OUT (1<<14) /* output message through msg_status_output callback */
#define M_OPTERR (1<<15) /* print "Options error:" prefix */
#define M_NOLF (1<<16) /* don't print new line */
/* flag combinations which are frequently used */
#define M_ERR (M_FATAL | M_ERRNO)

10
init.c
View File

@ -116,12 +116,12 @@ context_init_1 (struct context *c)
#if defined(ENABLE_PKCS11)
{
int i;
init_pkcs11 (c->options.pkcs11_pin_cache_period);
pkcs11_initialize (c->options.pkcs11_pin_cache_period);
for (i=0;i<MAX_PARMS && c->options.pkcs11_providers[i] != NULL;i++)
add_pkcs11 (c->options.pkcs11_providers[i], c->options.pkcs11_sign_mode[i]);
pkcs11_addProvider (c->options.pkcs11_providers[i], c->options.pkcs11_sign_mode[i]);
}
#endif
#if P2MP
/* Auth user/pass input */
if (c->options.auth_user_pass_file)
@ -236,7 +236,7 @@ uninit_static (void)
#endif
#ifdef ENABLE_PKCS11
free_pkcs11 ();
pkcs11_terminate ();
#endif
#if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(USE_CRYPTO) && defined(USE_SSL)
@ -376,7 +376,7 @@ possibly_become_daemon (const struct options *options, const bool first_time)
set_std_files_to_null (true);
#if defined(ENABLE_PKCS11)
fork_fix_pkcs11 ();
pkcs11_forkFixup ();
#endif
ret = true;

4
makefile.w32
View File

@ -96,7 +96,7 @@ HEADERS = \
ntlm.h \
occ-inline.h \
occ.h \
pkcs11.h \
pkcs11.h pkcs11-helper.h cryptoki.h \
openvpn.h \
openvpn-plugin.h \
options.h \
@ -151,7 +151,7 @@ OBJS = base64.o \
multi.o \
ntlm.o \
occ.o \
pkcs11.o \
pkcs11.o pkcs11-helper.o \
openvpn.o \
options.o \
otime.o \

4
makefile.w32-vc
View File

@ -81,7 +81,7 @@ HEADERS = \
ntlm.h \
occ-inline.h \
occ.h \
pkcs11.h \
pkcs11.h pkcs11-helper.h cryptoki.h \
openvpn.h \
openvpn-plugin.h \
options.h \
@ -136,7 +136,7 @@ OBJS = base64.obj \
multi.obj \
ntlm.obj \
occ.obj \
pkcs11.obj \
pkcs11.obj pkcs11-helper.obj \
openvpn.obj \
options.obj \
otime.obj \

50
manage.c
View File

@ -39,6 +39,7 @@
#include "event.h"
#include "otime.h"
#include "integer.h"
#include "misc.h"
#include "manage.h"
#include "memdbg.h"
@ -74,6 +75,7 @@ man_help ()
msg (M_CLIENT, " + show last N lines or 'all' for entire history.");
msg (M_CLIENT, "mute [n] : Set log mute level to n, or show level if n is absent.");
msg (M_CLIENT, "net : (Windows only) Show network info and routing table.");
msg (M_CLIENT, "ok type : Enter confirmation for NEED-OK request.");
msg (M_CLIENT, "password type p : Enter password p for a queried OpenVPN password.");
msg (M_CLIENT, "signal s : Send signal s to daemon,");
msg (M_CLIENT, " s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.");
@ -467,6 +469,10 @@ man_up_finalize (struct management *man)
if (strlen (man->connection.up_query.password))
man->connection.up_query.defined = true;
break;
case UP_QUERY_NEED_OK:
if (strlen (man->connection.up_query.password))
man->connection.up_query.defined = true;
break;
default:
ASSERT (0);
}
@ -520,6 +526,13 @@ man_query_password (struct management *man, const char *type, const char *string
man_query_user_pass (man, type, string, needed, "password", man->connection.up_query.password, USER_PASS_LEN);
}
static void
man_query_need_ok (struct management *man, const char *type)
{
const bool needed = ((man->connection.up_query_mode == UP_QUERY_NEED_OK) && man->connection.up_query_type);
man_query_user_pass (man, type, "ok", needed, "ok-confirmation", man->connection.up_query.password, USER_PASS_LEN);
}
static void
man_net (struct management *man)
{
@ -708,6 +721,11 @@ man_dispatch_command (struct management *man, struct status_output *so, const ch
if (man_need (man, p, 2, 0))
man_query_password (man, p[1], p[2]);
}
else if (streq (p[0], "ok"))
{
if (man_need (man, p, 1, 0))
man_query_need_ok (man, p[1]);
}
else if (streq (p[0], "net"))
{
man_net (man);
@ -1130,7 +1148,7 @@ man_settings_init (struct man_settings *ms,
* Get username/password
*/
if (pass_file)
get_user_pass (&ms->up, pass_file, true, "Management", 0);
get_user_pass (&ms->up, pass_file, "Management", GET_USER_PASS_PASSWORD_ONLY);
/*
* Should OpenVPN query the management layer for
@ -1728,7 +1746,7 @@ bool
management_query_user_pass (struct management *man,
struct user_pass *up,
const char *type,
const bool password_only)
const unsigned int flags)
{
struct gc_arena gc = gc_new ();
bool ret = false;
@ -1738,6 +1756,9 @@ management_query_user_pass (struct management *man,
volatile int signal_received = 0;
const bool standalone_disabled_save = man->persist.standalone_disabled;
struct buffer alert_msg = alloc_buf_gc (128, &gc);
const char *alert_type = NULL;
const char *prefix = NULL;
unsigned int up_query_mode = 0;
ret = true;
man->persist.standalone_disabled = false; /* This is so M_CLIENT messages will be correctly passed through msg() */
@ -1745,9 +1766,28 @@ management_query_user_pass (struct management *man,
CLEAR (man->connection.up_query);
buf_printf (&alert_msg, ">PASSWORD:Need '%s' %s",
if (flags & GET_USER_PASS_NEED_OK)
{
up_query_mode = UP_QUERY_NEED_OK;
prefix= "NEED-OK";
alert_type = "confirmation";
}
else if (flags & GET_USER_PASS_PASSWORD_ONLY)
{
up_query_mode = UP_QUERY_PASS;
prefix = "PASSWORD";
alert_type = "password";
}
else
{
up_query_mode = UP_QUERY_USER_PASS;
prefix = "PASSWORD";
alert_type = "username/password";
}
buf_printf (&alert_msg, ">%s:Need '%s' %s",
prefix,
type,
password_only ? "password" : "username/password");
alert_type);
man_wait_for_client_connection (man, &signal_received, 0, MWCC_PASSWORD_WAIT);
if (signal_received)
@ -1759,7 +1799,7 @@ management_query_user_pass (struct management *man,
msg (M_CLIENT, "%s", man->persist.special_state_msg);
/* tell command line parser which info we need */
man->connection.up_query_mode = password_only ? UP_QUERY_PASS : UP_QUERY_USER_PASS;
man->connection.up_query_mode = up_query_mode;
man->connection.up_query_type = type;
/* run command processing event loop until we get our username/password */

3
manage.h
View File

@ -203,6 +203,7 @@ struct man_settings {
#define UP_QUERY_DISABLED 0
#define UP_QUERY_USER_PASS 1
#define UP_QUERY_PASS 2
#define UP_QUERY_NEED_OK 3
/* states */
#define MS_INITIAL 0 /* all sockets are closed */
@ -282,7 +283,7 @@ void management_set_callback (struct management *man,
void management_clear_callback (struct management *man);
bool management_query_user_pass (struct management *man, struct user_pass *up, const char *type, const bool password_only);
bool management_query_user_pass (struct management *man, struct user_pass *up, const char *type, const unsigned int flags);
bool management_would_hold (struct management *man);
bool management_hold (struct management *man);

41
misc.c
View File

@ -1155,7 +1155,6 @@ get_console_input (const char *prompt, const bool echo, char *input, const int c
void
get_user_pass (struct user_pass *up,
const char *auth_file,
const bool password_only,
const char *prefix,
const unsigned int flags)
{
@ -1173,32 +1172,44 @@ get_user_pass (struct user_pass *up,
&& ((auth_file && streq (auth_file, "management")) || (from_stdin && (flags & GET_USER_PASS_MANAGEMENT)))
&& management_query_user_pass_enabled (management))
{
if (!management_query_user_pass (management, up, prefix, password_only))
msg (M_FATAL, "ERROR: could not read %s username/password from management interface", prefix);
if (!management_query_user_pass (management, up, prefix, flags))
msg (M_FATAL, "ERROR: could not read %s username/password/ok from management interface", prefix);
}
else
#endif
/*
* Get username/password from standard input?
*/
if (from_stdin)
if (from_stdin || (flags & GET_USER_PASS_NEED_OK))
{
struct buffer user_prompt = alloc_buf_gc (128, &gc);
struct buffer pass_prompt = alloc_buf_gc (128, &gc);
buf_printf (&user_prompt, "Enter %s Username:", prefix);
buf_printf (&pass_prompt, "Enter %s Password:", prefix);
if (!password_only)
if (flags & GET_USER_PASS_NEED_OK)
{
if (!get_console_input (BSTR (&user_prompt), true, up->username, USER_PASS_LEN))
msg (M_FATAL, "ERROR: could not read %s username from stdin", prefix);
if (strlen (up->username) == 0)
msg (M_FATAL, "ERROR: %s username is empty", prefix);
buf_printf (&pass_prompt, "NEED-OK:%s:", prefix);
}
else
{
buf_printf (&user_prompt, "Enter %s Username:", prefix);
buf_printf (&pass_prompt, "Enter %s Password:", prefix);
if (!(flags & GET_USER_PASS_PASSWORD_ONLY))
{
if (!get_console_input (BSTR (&user_prompt), true, up->username, USER_PASS_LEN))
msg (M_FATAL, "ERROR: could not read %s username from stdin", prefix);
if (strlen (up->username) == 0)
msg (M_FATAL, "ERROR: %s username is empty", prefix);
}
}
if (!get_console_input (BSTR (&pass_prompt), false, up->password, USER_PASS_LEN))
msg (M_FATAL, "ERROR: could not not read %s password from stdin", prefix);
msg (M_FATAL, "ERROR: could not not read %s %s from stdin",
prefix,
(flags & GET_USER_PASS_NEED_OK) ? "ok-confirmation" : "password");
if (flags & GET_USER_PASS_NEED_OK)
strcpy (up->password, "ok");
}
else
{
@ -1222,7 +1233,7 @@ get_user_pass (struct user_pass *up,
if (!fp)
msg (M_ERR, "Error opening '%s' auth file: %s", prefix, auth_file);
if (password_only)
if (flags & GET_USER_PASS_PASSWORD_ONLY)
{
if (fgets (up->password, USER_PASS_LEN, fp) == NULL)
msg (M_FATAL, "Error reading password from %s authfile: %s",
@ -1243,7 +1254,7 @@ get_user_pass (struct user_pass *up,
chomp (up->username);
chomp (up->password);
if (!password_only && strlen (up->username) == 0)
if (!(flags & GET_USER_PASS_PASSWORD_ONLY) && strlen (up->username) == 0)
msg (M_FATAL, "ERROR: username from %s authfile '%s' is empty", prefix, auth_file);
}

10
misc.h
View File

@ -229,12 +229,16 @@ struct user_pass
bool get_console_input (const char *prompt, const bool echo, char *input, const int capacity);
#define GET_USER_PASS_MANAGEMENT (1<<0)
#define GET_USER_PASS_SENSITIVE (1<<1)
/*
* Flags for get_user_pass and management_query_user_pass
*/
#define GET_USER_PASS_MANAGEMENT (1<<0)
#define GET_USER_PASS_SENSITIVE (1<<1)
#define GET_USER_PASS_PASSWORD_ONLY (1<<2)
#define GET_USER_PASS_NEED_OK (1<<3)
void get_user_pass (struct user_pass *up,
const char *auth_file,
const bool password_only,
const char *prefix,
const unsigned int flags);

4
options.c
View File

@ -4896,7 +4896,7 @@ add_option (struct options *options,
{
char *module = p[i++];
VERIFY_PERMISSION (OPT_P_GENERAL);
show_pkcs11_slots (M_INFO|M_NOPREFIX, M_WARN|M_NOPREFIX, module);
show_pkcs11_slots (module);
openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */
}
else if (streq (p[0], "show-pkcs11-objects") && p[1] && p[2])
@ -4916,7 +4916,7 @@ add_option (struct options *options,
gc_free (&gc);
show_pkcs11_objects (M_INFO|M_NOPREFIX, M_WARN|M_NOPREFIX, provider, slot, pin);
show_pkcs11_objects (provider, slot, pin);
openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */
}
else if (streq (p[0], "pkcs11-providers") && p[1])

84
pkcs11-helper-config.h Normal file
View File

@ -0,0 +1,84 @@
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef __PKCS11_HELPER_CONFIG_H
#define __PKCS11_HELPER_CONFIG_H
#if!defined(PKCS11H_NO_NEED_INCLUDE_CONFIG)
#if defined(WIN32)
#include "config-win32.h"
#else
#include "config.h"
#endif
#include "syshead.h"
#endif /* PKCS11H_NO_NEED_INCLUDE_CONFIG */
#ifdef ENABLE_PKCS11
#define PKCS11H_ENABLE_HELPER
#endif
#ifdef PKCS11H_ENABLE_HELPER
#if defined(WIN32)
#include "cryptoki-win32.h"
#else
#include "cryptoki.h"
#endif
#include "error.h"
#include "misc.h"
#include "ssl.h"
#define PKCS11ASSERT ASSERT
#define PKCS11LOG msg
#define PKCS11_LOG_DEBUG2 D_PKCS11_DEBUG
#define PKCS11_LOG_DEBUG1 D_SHOW_PKCS11
#define PKCS11_LOG_INFO M_INFO
#define PKCS11_LOG_WARN M_WARN
#define PKCS11_LOG_ERROR M_FATAL
#if !defined(false)
#define false 0
#endif
#if !defined(true)
#define true (!false)
#endif
#if !defined(IN)
#define IN
#endif
#if !defined(OUT)
#define OUT
#endif
#define PKCS11_PRM_SLOT_TYPE "--pkcs11-slot-type"
#define PKCS11_PRM_SLOT_ID "--pkcs11-slot"
#define PKCS11_PRM_OBJ_TYPE "--pkcs11-id-type"
#define PKCS11_PRM_OBJ_ID "--pkcs11-id"
#endif /* PKCS11H_ENABLE_HELPER */
#endif /* __PKCS11_HELPER_CONFIG_H */

3239
pkcs11-helper.c Normal file
View File

File diff suppressed because it is too large Load Diff

252
pkcs11-helper.h Normal file
View File

@ -0,0 +1,252 @@
/*
* Copyright (c) 2005 Alon Bar-Lev <alon.barlev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modifi-
* cation, are permitted provided that the following conditions are met:
*
* o Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* o Redistributions in binary form must reproduce the above copyright no-
* tice, this list of conditions and the following disclaimer in the do-
* cumentation and/or other materials provided with the distribution.
*
* o The names of the contributors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
* ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
* TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
* ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
* LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* The routines in this file deal with providing private key cryptography
* using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
*
*/
#ifndef __PKCS11_HELPER_H
#define __PKCS11_HELPER_H
#include "pkcs11-helper-config.h"
#define PKCS11H_MAX_ATTRIBUTE_SIZE (10*1024)
typedef void (*pkcs11h_output_print_t)(
IN const void *pData,
IN const char * const szFormat,
IN ...
);
typedef bool (*pkcs11h_hook_card_prompt_t)(
IN const void *pData,
IN const char * const szLabel
);
typedef bool (*pkcs11h_hook_pin_prompt_t)(
IN const void *pData,
IN const char * const szLabel,
OUT char * const szPIN,
IN const size_t nMaxPIN
);
typedef struct pkcs11h_hooks_s {
void *card_prompt_data;
void *pin_prompt_data;
pkcs11h_hook_card_prompt_t card_prompt;
pkcs11h_hook_pin_prompt_t pin_prompt;
} *pkcs11h_hooks_t;
typedef struct pkcs11h_provider_s {
struct pkcs11h_provider_s *next;
bool fEnabled;
char *szName;
#if defined(WIN32)
HANDLE hLibrary;
#else
void *hLibrary;
#endif
CK_FUNCTION_LIST_PTR f;
bool fShouldFinalize;
char *szSignMode;
} *pkcs11h_provider_t;
typedef struct pkcs11h_session_s {
pkcs11h_provider_t provider;
bool fProtectedAuthentication;
char szLabel[sizeof (((CK_TOKEN_INFO *)NULL)->label)+1];
CK_CHAR serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)];
unsigned char *certificate;
size_t certificate_size;
unsigned char *certificate_id;
size_t certificate_id_size;
CK_SLOT_ID slot;
bool fKeySignRecover;
CK_SESSION_HANDLE session;
CK_OBJECT_HANDLE key;
time_t timePINExpire;
} *pkcs11h_session_t;
typedef struct pkcs11h_data_s {
bool fInitialized;
int nPINCachePeriod;
pkcs11h_provider_t providers;
pkcs11h_hooks_t hooks;
} *pkcs11h_data_t;
typedef struct pkcs11h_openssl_session_s {
int nReferenceCount;
bool fInitialized;
bool fShouldPadSign;
X509 *x509;
RSA_METHOD smart_rsa;
int (*orig_finish)(RSA *rsa);
pkcs11h_session_t pkcs11h_session;
} *pkcs11h_openssl_session_t;
CK_RV
pkcs11h_initialize ();
CK_RV
pkcs11h_terminate ();
CK_RV
pkcs11h_setCardPromptHook (
IN const pkcs11h_hook_card_prompt_t hook,
IN void * const pData
);
CK_RV
pkcs11h_setPINPromptHook (
IN const pkcs11h_hook_pin_prompt_t hook,
IN void * const pData
);
CK_RV
pkcs11h_setPINCachePeriod (
IN const int nPINCachePeriod
);
CK_RV
pkcs11h_addProvider (
IN const char * const szProvider,
IN const char * const szSignMode
);
CK_RV
pkcs11h_forkFixup ();
CK_RV
pkcs11h_createSession (
IN const char * const szSlotType,
IN const char * const szSlot,
IN const char * const szIdType,
IN const char * const szId,
IN const bool fProtectedAuthentication,
OUT pkcs11h_session_t * const pkcs11h_session
);
CK_RV
pkcs11h_freeSession (
IN const pkcs11h_session_t pkcs11h_session
);
CK_RV
pkcs11h_sign (
IN const pkcs11h_session_t pkcs11h_session,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const target_size
);
CK_RV
pkcs11h_signRecover (
IN const pkcs11h_session_t pkcs11h_session,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const target_size
);
CK_RV
pkcs11h_decrypt (
IN const pkcs11h_session_t pkcs11h_session,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const target_size
);
CK_RV
pkcs11h_getCertificate (
IN const pkcs11h_session_t pkcs11h_session,
OUT unsigned char * const certificate,
IN OUT size_t * const certificate_size
);
char *
pkcs11h_getMessage (
IN const int rv
);
pkcs11h_openssl_session_t
pkcs11h_openssl_createSession (
IN const bool fShouldPadSign
);
void
pkcs11h_openssl_freeSession (
IN const pkcs11h_openssl_session_t pkcs11h_openssl_session
);
RSA *
pkcs11h_openssl_getRSA (
IN const pkcs11h_openssl_session_t pkcs11h_openssl_session
);
X509 *
pkcs11h_openssl_getX509 (
IN const pkcs11h_openssl_session_t pkcs11h_openssl_session
);
void
pkcs11h_standalone_dump_slots (
IN const pkcs11h_output_print_t my_output,
IN const void *pData,
IN const char * const provider
);
void
pkcs11h_standalone_dump_objects (
IN const pkcs11h_output_print_t my_output,
IN const void *pData,
IN const char * const provider,
IN const char * const slot,
IN const char * const pin
);
#endif

2851
pkcs11.c
View File

File diff suppressed because it is too large Load Diff

12
pkcs11.h
View File

@ -30,18 +30,18 @@
#include <openssl/ssl.h>
void
init_pkcs11 (
pkcs11_initialize (
const int nPINCachePeriod
);
void
free_pkcs11 ();
pkcs11_terminate ();
void
fork_fix_pkcs11 ();
pkcs11_forkFixup ();
void
add_pkcs11 (
pkcs11_addProvider (
const char * const provider,
const char * const sign_mode
);
@ -58,15 +58,11 @@ SSL_CTX_use_pkcs11 (
void
show_pkcs11_slots (
const int msglev,
const int warnlev,
const char * const provider
);
void
show_pkcs11_objects (
const int msglev,
const int warnlev,
const char * const provider,
const char * const slot,
const char * const pin

1
proxy.c
View File

@ -280,7 +280,6 @@ new_http_proxy (const struct http_proxy_options *o,
{
get_user_pass (&static_proxy_user_pass,
o->auth_file,
false,
"HTTP Proxy",
GET_USER_PASS_MANAGEMENT);
p->up = static_proxy_user_pass;

4
ssl.c
View File

@ -266,7 +266,7 @@ void
pem_password_setup (const char *auth_file)
{
if (!strlen (passbuf.password))
get_user_pass (&passbuf, auth_file, true, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE);
get_user_pass (&passbuf, auth_file, UP_TYPE_PRIVATE_KEY, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE|GET_USER_PASS_PASSWORD_ONLY);
}
int
@ -296,7 +296,7 @@ auth_user_pass_setup (const char *auth_file)
{
auth_user_pass_enabled = true;
if (!auth_user_pass.defined)
get_user_pass (&auth_user_pass, auth_file, false, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE);
get_user_pass (&auth_user_pass, auth_file, UP_TYPE_AUTH, GET_USER_PASS_MANAGEMENT|GET_USER_PASS_SENSITIVE);
}
/*