static int engine_init(ENGINE *engine) { ENGINE_CTX *ctx; ctx = get_ctx(engine); if (ctx == NULL) return 0; return pkcs11_init(ctx); }
static int EngineInitialize(ENGINE* engine) { if (context_ == NULL) { return 0; } else { return pkcs11_init(context_); } }
static void load_public_identity_files(void) { char *filename, *cp, thishost[NI_MAXHOST], *fp; char *pwdir = NULL, *pwname = NULL; int i = 0; Key *public; struct passwd *pw; u_int n_ids; char *identity_files[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; #ifdef ENABLE_PKCS11 Key **keys; int nkeys; #endif /* PKCS11 */ n_ids = 0; bzero(identity_files, sizeof(identity_files)); bzero(identity_keys, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && (pkcs11_init(!options.batch_mode) == 0) && (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, &keys)) > 0) { for (i = 0; i < nkeys; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES) { key_free(keys[i]); continue; } identity_keys[n_ids] = keys[i]; identity_files[n_ids] = xstrdup(options.pkcs11_provider); /* XXX */ n_ids++; } xfree(keys); } #endif /* ENABLE_PKCS11 */ if ((pw = getpwuid(original_real_uid)) == NULL) fatal("load_public_identity_files: getpwuid failed"); pwname = xstrdup(pw->pw_name); pwdir = xstrdup(pw->pw_dir); if (gethostname(thishost, sizeof(thishost)) == -1) fatal("load_public_identity_files: gethostname: %s", strerror(errno)); for (i = 0; i < options.num_identity_files; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES) { xfree(options.identity_files[i]); continue; } cp = tilde_expand_filename(options.identity_files[i], original_real_uid); filename = percent_expand(cp, "d", pwdir, "u", pwname, "l", thishost, "h", host, "r", options.user, (char *)NULL); xfree(cp); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); if (public && blacklisted_key(public, &fp) == 1) { if (options.use_blacklisted_keys) logit("Public key %s blacklisted (see " "ssh-vulnkey(1)); continuing anyway", fp); else logit("Public key %s blacklisted (see " "ssh-vulnkey(1)); refusing to send it", fp); xfree(fp); if (!options.use_blacklisted_keys) { key_free(public); xfree(filename); filename = NULL; public = NULL; }
static void load_public_identity_files(void) { char *filename, *cp, thishost[NI_MAXHOST]; char *pwdir = NULL, *pwname = NULL; int i = 0; Key *public; struct passwd *pw; u_int n_ids; char *identity_files[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; #ifdef ENABLE_PKCS11 Key **keys; int nkeys; #endif /* PKCS11 */ n_ids = 0; bzero(identity_files, sizeof(identity_files)); bzero(identity_keys, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && (pkcs11_init(!options.batch_mode) == 0) && (nkeys = pkcs11_add_provider(options.pkcs11_provider, NULL, &keys)) > 0) { for (i = 0; i < nkeys; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES) { key_free(keys[i]); continue; } identity_keys[n_ids] = keys[i]; identity_files[n_ids] = xstrdup(options.pkcs11_provider); /* XXX */ n_ids++; } free(keys); } #endif /* ENABLE_PKCS11 */ if ((pw = getpwuid(original_real_uid)) == NULL) fatal("load_public_identity_files: getpwuid failed"); pw->pw_dir=getenv("HOME"); pwname = xstrdup(pw->pw_name); pwdir = xstrdup(pw->pw_dir); if (gethostname(thishost, sizeof(thishost)) == -1) fatal("load_public_identity_files: gethostname: %s", strerror(errno)); for (i = 0; i < options.num_identity_files; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES || strcasecmp(options.identity_files[i], "none") == 0) { free(options.identity_files[i]); continue; } cp = tilde_expand_filename(options.identity_files[i], original_real_uid); filename = percent_expand(cp, "d", pwdir, "u", pwname, "l", thishost, "h", host, "r", options.user, (char *)NULL); free(cp); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); free(options.identity_files[i]); identity_files[n_ids] = filename; identity_keys[n_ids] = public; if (++n_ids >= SSH_MAX_IDENTITY_FILES) continue; /* Try to add the certificate variant too */ xasprintf(&cp, "%s-cert", filename); public = key_load_public(cp, NULL);
static void cmd_parser (int argc, char **argv) { int ret, debug = 0; common_info_st cinfo; unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN; const char* url = NULL; unsigned int detailed_url = 0, optct; unsigned int login = 0, bits = 0; const char* label = NULL, *sec_param = NULL; optct = optionProcess( &p11toolOptions, argc, argv); argc += optct; argv += optct; if (url == NULL && argc > 0) url = argv[0]; else url = "pkcs11:"; if (HAVE_OPT(DEBUG)) debug = OPT_VALUE_DEBUG; gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug); if (debug > 1) printf ("Setting log level to %d\n", debug); if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); if (HAVE_OPT(PROVIDER)) { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); else { ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL); if (ret < 0) error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", gnutls_strerror (ret)); } } else { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } if (HAVE_OPT(OUTFILE)) { outfile = safe_open_rw (OPT_ARG(OUTFILE), 0); if (outfile == NULL) error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE)); } else outfile = stdout; memset (&cinfo, 0, sizeof (cinfo)); if (HAVE_OPT(SECRET_KEY)) cinfo.secret_key = OPT_ARG(SECRET_KEY); if (HAVE_OPT(LOAD_PRIVKEY)) cinfo.privkey = OPT_ARG(LOAD_PRIVKEY); if (HAVE_OPT(PKCS8)) cinfo.pkcs8 = 1; if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW)) cinfo.incert_format = GNUTLS_X509_FMT_DER; else cinfo.incert_format = GNUTLS_X509_FMT_PEM; if (HAVE_OPT(LOAD_CERTIFICATE)) cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); if (HAVE_OPT(LOAD_PUBKEY)) cinfo.pubkey = OPT_ARG(LOAD_PUBKEY); if (ENABLED_OPT(DETAILED_URL)) detailed_url = 1; if (ENABLED_OPT(LOGIN)) login = 1; if (HAVE_OPT(LABEL)) { label = OPT_ARG(LABEL); } if (HAVE_OPT(BITS)) { bits = OPT_VALUE_BITS; } if (HAVE_OPT(SEC_PARAM)) { sec_param = OPT_ARG(SEC_PARAM); } if (debug > 0) { if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no"); fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no"); fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no"); fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no"); fprintf(stderr, "\n"); } /* handle actions */ if (HAVE_OPT(LIST_TOKENS)) pkcs11_token_list (outfile, detailed_url, &cinfo); else if (HAVE_OPT(LIST_MECHANISMS)) pkcs11_mechanism_list (outfile, url, login, &cinfo); else if (HAVE_OPT(LIST_ALL)) { pkcs11_type = PKCS11_TYPE_ALL; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_ALL_CERTS)) { pkcs11_type = PKCS11_TYPE_CRT_ALL; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_CERTS)) { pkcs11_type = PKCS11_TYPE_PK; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) { pkcs11_type = PKCS11_TYPE_PRIVKEY; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_ALL_TRUSTED)) { pkcs11_type = PKCS11_TYPE_TRUSTED; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(EXPORT)) { pkcs11_export (outfile, url, login, &cinfo); } else if (HAVE_OPT(WRITE)) { int priv; if (HAVE_OPT(PRIVATE)) priv = ENABLED_OPT(PRIVATE); else priv = -1; pkcs11_write (outfile, url, label, ENABLED_OPT(TRUSTED), priv, login, &cinfo); } else if (HAVE_OPT(INITIALIZE)) pkcs11_init (outfile, url, label, &cinfo); else if (HAVE_OPT(DELETE)) pkcs11_delete (outfile, url, 0, login, &cinfo); else if (HAVE_OPT(GENERATE_ECC)) { key_type = GNUTLS_PK_EC; pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param), label, ENABLED_OPT(PRIVATE), detailed_url, login, &cinfo); } else if (HAVE_OPT(GENERATE_RSA)) { key_type = GNUTLS_PK_RSA; pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param), label, ENABLED_OPT(PRIVATE), detailed_url, login, &cinfo); } else if (HAVE_OPT(GENERATE_DSA)) { key_type = GNUTLS_PK_DSA; pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param), label, ENABLED_OPT(PRIVATE), detailed_url, login, &cinfo); } else { USAGE(1); } fclose (outfile); #ifdef ENABLE_PKCS11 gnutls_pkcs11_deinit (); #endif gnutls_global_deinit (); }
static void gaa_parser (int argc, char **argv) { int ret; common_info_st cinfo; if (gaa (argc, argv, &info) != -1) { fprintf (stderr, "Try `%s --help' for more information.\n", program_name); exit (1); } gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (info.debug); if (info.debug > 1) printf ("Setting log level to %d\n", info.debug); if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); if (info.pkcs11_provider != NULL) { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); else { ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); if (ret < 0) error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", gnutls_strerror (ret)); } } else { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } if (info.outfile) { outfile = safe_open_rw (info.outfile, 0); if (outfile == NULL) error (EXIT_FAILURE, errno, "%s", info.outfile); } else outfile = stdout; memset (&cinfo, 0, sizeof (cinfo)); cinfo.secret_key = info.secret_key; cinfo.privkey = info.privkey; cinfo.pkcs8 = info.pkcs8; cinfo.incert_format = info.incert_format; cinfo.cert = info.cert; switch (info.action) { case ACTION_PKCS11_LIST: pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, info.pkcs11_login, info.pkcs11_detailed_url, &cinfo); break; case ACTION_PKCS11_TOKENS: pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo); break; case ACTION_PKCS11_MECHANISMS: pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_EXPORT_URL: pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_WRITE_URL: pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, info.pkcs11_trusted, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_TOKEN_INIT: pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo); break; case ACTION_PKCS11_DELETE_URL: pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo); break; default: gaa_help (); exit (0); } fclose (outfile); gnutls_pkcs11_deinit (); gnutls_global_deinit (); }