34  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
126  * We use this lock to prevent multiple C_Login()s, guard getpassphrase(),
136  * We cache the flags so that we do not have to run C_GetTokenInfo() again when
145  * grouped together to form one atomic search operation. This is already
169  * to use for other sessions. These other sessions may be opened or closed
296 static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
401  * Structure to be used for the cipher_data/md_data in
402  * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11
411  * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets
447  * get_asn1_parameters fields are set to NULL.
517  * get_asn1_parameters are set to NULL.
737  * The definitions for control commands specific to this engine
744 	"Specifies the path to the 'pkcs#11' shared library",
770  * symbol names to bind to. We set it in the Configure script based on whether
947  * here, we wire it back to the OpenSSL software implementation.
981  * the function symbol names to bind to.
1052  * same situation as in parent - we need to unlock all locks to make them
1053  * accessible to all threads.
1084  * Helper function that unsets reference to current engine (pk11_engine = NULL).
1086  * Use of local variable only seems clumsy, it needs to be this way!
1087  * This is to prevent double free in the unlucky scenario:
1089  * Setting pk11_engine to NULL prior to ENGINE_free() avoids this.
1104  * count how many ciphers and digests to support. Since the cipher and
1106  * needs to be called before calling ENGINE_set_default.
1125 	 * pk11_library_initialized is set to 0 in pk11_finish() which is called
1127 	 * existing functional reference to the engine (see engine(3) for more
1129 	 * if an application forgets to clear one cipher context. In case of a
1132 	 * pk11_library_initialized to stay 1. In that case we need the PID
1141 			 * free the locks first to prevent memory leak in case
1169 	/* Attempt to load PKCS#11 library. */
1212 	 * error. The reason is that applications that try to set up the PKCS#11
1238 		    "setting digest_count to 0\n", PK11_DBG);
1277  * Termination function to clean up the session, the token, and the pk11
1290 	 * 	2) or last ref. to an already finished engine is being destroyed
1335 	 * There is no way how to unregister atfork handlers (other than
1349 /* Standard engine interface function to set the dynamic library path */
1514 	 * Will use it to find out if we forked. We cannot use the PID field in
1538 		 * It is a new session so it will look like a cache miss to the
1539 		 * code below. So, we must not try to to destroy its members so
1556 		 * We are a new process and thus need to free any inherited
1564 			 * NOTE: we do not want to call pk11_free_all_sessions()
1572 		/* we have to free the active list as well. */
1589 		 * usable slot before so we don't need to check any_slot_found.
1706 	 * We try to release as much as we can but any error means that we will
1854 	 * object. The key load functions set it to persistent if that is so.
1863  * public components 'n'/'e' are the key components we use to check for the
1919  * Destroy RSA key object wrapper. If session is NULL, try to destroy all
2008  * Destroy DSA key object wrapper. If session is NULL, try to destroy all
2079  * arg0: pointer to PKCS#11 engine session structure
2080  *       if session is NULL, try to destroy all objects in the free list
2125 	 * We never try to destroy persistent objects which are the objects
2191 	 * We expect pmech->mechanism to be already set and
2192 	 * pParameter/ulParameterLen initialized to NULL/0 before
2205 		 * For now, we are limited to the fixed length of the counter,
2222 	/* if we get here, the encryption needs to be reinitialized */
2261 	 * current cipher and it must be less or equal to the IV length in our
2264 	 * key length to be in some range, all other NIDs have a precise key
2270 	 * macro to define functions that return EVP structures for all DES
2294 	 * just reuse it. However, we must not forget to reinitialize the
2310 	 * needs to be created.
2319 		 * The previous encryption/decryption is different. Need to
2347  * decryption/encryption session, we need to close the active session
2351  * It is more appropriate to use C_En/DecryptFinish here. At the time of this
2354  * idea to try them again if performance is a problem here and fix
2380  * memory for the output buffer "out" to hold the results.
2428 	 * The application has guaranteed to call the block ciphers with
2439  * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal()
2443  * necessarily have to finalize the context here since reinitializing it with
2458 		 * We are not interested in the data here, we just need to get
2484  * Registered by the ENGINE when used to find out how to deal with
2619 	 * To use the same key object, we need to call EncryptFinal with
2622 	 * then create a new session to use the same key object. When a session
2624 	 * objects in a global session, an individual session may be closed to
2758 	 * to the pool
2767 pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
2775 	if (from->md_data == NULL || to->digest->ctx_size == 0) {
2785 	/* Initialize the copy-to state */
2786 	if (!pk11_digest_init(to)) {
2789 	state_to = (PK11_CIPHER_STATE *) to->md_data;
2818 	/* Set the operation state of the copy-to session */
2836 /* Return any pending session state to the pool */
2846 		 * been called yet. We must call it now to free any memory
2849 		 * will return the session to the cache.
2861  * is the same, no need to create a new key object. Otherwise, the old key
2862  * object needs to be destroyed and a new one will be created. Return 1 for
3151 		DEBUG_SLOT_SEL("%s: pubkey flags changed to "
3178 	 * the previous best one we change the current best to this one,
3183 		DEBUG_SLOT_SEL("%s: changing best slot to %d\n",

Indexes created Tue Jul 24 14:28:13 CEST 2018