diff --git a/src/engine_pkcs11.c b/src/engine_pkcs11.c
index 17a5fc3571eb2fc137604b48ce94612dca784e06..b79fb47ee45a5c67aeae567ae4c6da6bd037f7b0 100644 (file)
--- a/src/engine_pkcs11.c
+++ b/src/engine_pkcs11.c
#include <config.h>
#include <stdio.h>
+#include <limits.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/objects.h>
#include <openssl/engine.h>
#include <libp11.h>
#include "engine_pkcs11.h"
+#include <syslog.h>
#ifdef _WIN32
#define strncasecmp strnicmp
#endif
-#define fail(msg) { fprintf(stderr,msg); return NULL;}
+#define fail(msg) { Log(LOG_ERR,msg); return NULL;}
/** The maximum length of an internally-allocated PIN */
#define MAX_PIN_LENGTH 32
-
+#define FLAGS_LEN 64
/* Maximum size of a token object */
#define MAX_OBJECT_SIZE 5000
static char *init_args = NULL;
+static void Log(int const loglevel, char const * const format, ...)
+{
+ char tmp[256];
+ va_list args;
+
+ va_start(args, format);
+ vsnprintf(tmp, 256, format, args);
+ va_end(args);
+
+ // log it
+ syslog(loglevel, "engine_pkcs11: %s", tmp);
+ fprintf(stdout, "%s\n", tmp);
+}
+
+
int set_module(const char *modulename)
{
module = modulename ? strdup(modulename) : NULL;
if (!UI_add_input_string
(ui, "PKCS#11 token PIN: ", 0, pin, 1, MAX_PIN_LENGTH)) {
- fprintf(stderr, "UI_add_input_string failed\n");
+ Log(LOG_ERR, "UI_add_input_string failed");
UI_free(ui);
return 0;
}
if (UI_process(ui)) {
- fprintf(stderr, "UI_process failed\n");
+ Log(LOG_ERR, "UI_process failed");
UI_free(ui);
return 0;
}
int pkcs11_finish(ENGINE * engine)
{
if (verbose) {
- fprintf(stderr, "engine finish\n");
+ Log(LOG_INFO, "engine finish");
}
free_pkcs11_ctx();
int pkcs11_init(ENGINE * engine)
{
if (verbose) {
- fprintf(stderr, "initializing engine\n");
+ Log(LOG_INFO, "initializing engine");
}
ctx = PKCS11_CTX_new();
PKCS11_CTX_init_args(ctx, init_args);
if (PKCS11_CTX_load(ctx, module) < 0) {
- fprintf(stderr, "unable to load module %s\n", module);
+ Log(LOG_ERR, "unable to load module %s", module);
return 0;
}
return 1;
else if ('A' <= c && c <= 'F')
c = c - 'A' + 10;
else {
- fprintf(stderr,
- "hex_to_bin(): invalid char '%c' in hex string\n",
+ Log(LOG_ERR,
+ "hex_to_bin(): invalid char '%c' in hex string",
c);
*outlen = 0;
return 0;
if (*in == ':')
in++;
if (left <= 0) {
- fprintf(stderr, "hex_to_bin(): hex string too long\n");
+ Log(LOG_ERR, "hex_to_bin(): hex string too long");
*outlen = 0;
return 0;
}
return 1;
}
+static int str_to_dec(char const * const inPtr, int *dst) {
+ int ret = 1;
+ long val;
+
+ char *endptr;
+
+ errno = 0; /* To distinguish success/failure after call */
+ val = strtol(inPtr, &endptr, 10);
+
+ /* Check for various possible errors */
+ if ((errno == ERANGE && (val == LONG_MAX || val == LONG_MIN)) || (errno != 0 && val == 0)) {
+ Log(LOG_ERR, "String to dec conversion failed");
+ ret = 0;
+ }
+ if (endptr == inPtr) {
+ Log(LOG_ERR, "No digits were found");
+ ret = 0;
+ }
+ if(ret) {
+ *dst = (int)val;
+ }
+ return ret;
+}
+
/* parse string containing slot and id information */
static int parse_slot_id_string(const char *slot_id, int *slot,
if (strspn(slot_id, HEXDIGITS) == strlen(slot_id)) {
/* ah, easiest case: only hex. */
if ((strlen(slot_id) + 1) / 2 > *id_len) {
- fprintf(stderr, "id string too long!\n");
+ Log(LOG_ERR, "id string too long!");
return 0;
}
*slot = 0;
}
/* second: slot:id. slot is an digital int. */
- if (sscanf(slot_id, "%d", &n) == 1) {
+ if (str_to_dec(slot_id, &n) == 1) {
i = strspn(slot_id, DIGITS);
if (slot_id[i] != ':') {
- fprintf(stderr, "could not parse string!\n");
+ Log(LOG_ERR, "could not parse string!");
return 0;
}
i++;
return 1;
}
if (strspn(slot_id + i, HEXDIGITS) + i != strlen(slot_id)) {
- fprintf(stderr, "could not parse string!\n");
+ Log(LOG_ERR, "could not parse string!");
return 0;
}
/* ah, rest is hex */
if ((strlen(slot_id) - i + 1) / 2 > *id_len) {
- fprintf(stderr, "id string too long!\n");
+ Log(LOG_ERR, "id string too long!");
return 0;
}
*slot = n;
/* third: id_<id> */
if (strncmp(slot_id, "id_", 3) == 0) {
if (strspn(slot_id + 3, HEXDIGITS) + 3 != strlen(slot_id)) {
- fprintf(stderr, "could not parse string!\n");
+ Log(LOG_ERR, "could not parse string!");
return 0;
}
/* ah, rest is hex */
if ((strlen(slot_id) - 3 + 1) / 2 > *id_len) {
- fprintf(stderr, "id string too long!\n");
+ Log(LOG_ERR, "id string too long!");
return 0;
}
*slot = 0;
/* last try: it has to be slot_<slot> and then "-id_<cert>" */
if (strncmp(slot_id, "slot_", 5) != 0) {
- fprintf(stderr, "format not recognized!\n");
+ Log(LOG_ERR, "format not recognized!");
return 0;
}
/* slot is an digital int. */
- if (sscanf(slot_id + 5, "%d", &n) != 1) {
- fprintf(stderr, "slot number not deciphered!\n");
+ if (str_to_dec(slot_id + 5, &n) != 1) {
+ Log(LOG_ERR, "slot number not deciphered!");
return 0;
}
}
if (slot_id[i + 5] != '-') {
- fprintf(stderr, "could not parse string!\n");
+ Log(LOG_ERR, "could not parse string!");
return 0;
}
if (strncmp(slot_id + i, "id_", 3) == 0) {
if (strspn(slot_id + i + 3, HEXDIGITS) + 3 + i !=
strlen(slot_id)) {
- fprintf(stderr, "could not parse string!\n");
+ Log(LOG_ERR, "could not parse string!");
return 0;
}
/* ah, rest is hex */
if ((strlen(slot_id) - i - 3 + 1) / 2 > *id_len) {
- fprintf(stderr, "id string too long!\n");
+ Log(LOG_ERR, "id string too long!");
return 0;
}
*slot = n;
return (*label = strdup(slot_id + i + 6)) != NULL;
}
- fprintf(stderr, "could not parse string!\n");
+ Log(LOG_ERR, "could not parse string!");
return 0;
}
PKCS11_CERT *certs, *selected_cert = NULL;
X509 *x509 = NULL;
unsigned int slot_count, cert_count, n, m;
- char flags[64];
+ char flags[FLAGS_LEN];
int local_init = 0;
if (ctx == NULL) {
local_init = 1;
}
- if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count) < 0)
- fail("failed to enumerate slots\n");
-
+ if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count) < 0) {
+ fail("failed to enumerate slots");
+ }
if (verbose) {
- fprintf(stderr, "Found %u slot%s\n", slot_count,
+ Log(LOG_INFO, "Found %u slot%s", slot_count,
(slot_count <= 1) ? "" : "s");
}
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
- strcat(flags, "uninitialized, ");
+ strncat(flags, "uninitialized, ", (FLAGS_LEN - strlen(flags) - 1));
else if (!slot->token->userPinSet)
- strcat(flags, "no pin, ");
+ strncat(flags, "no pin, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->loginRequired)
- strcat(flags, "login, ");
+ strncat(flags, "login, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->readOnly)
- strcat(flags, "ro, ");
+ strncat(flags, "ro, ", (FLAGS_LEN - strlen(flags) - 1));
} else {
- strcpy(flags, "no token");
+ strncpy(flags, "no token", sizeof(flags));
}
if ((m = strlen(flags)) != 0) {
flags[m - 2] = '\0';
}
if (verbose) {
- fprintf(stderr, "[%lu] %-25.25s %-16s",
+ Log(LOG_INFO, "[%lu] %-25.25s %-16s",
PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
- fprintf(stderr, " (%s)",
+ Log(LOG_INFO, " (%s)",
slot->token->label[0] ?
slot->token->label : "no label");
}
- fprintf(stderr, "\n");
}
}
if (found_slot) {
slot = found_slot;
} else {
- fprintf(stderr, "Invalid slot number: %d\n", (int)slot_nr);
+ Log(LOG_ERR, "Invalid slot number: %d", (int)slot_nr);
goto err_out;
}
tok = slot->token;
if (tok == NULL) {
- fprintf(stderr, "Found empty token; \n");
+ Log(LOG_ERR, "Found empty token; ");
goto err_out;
}
if (verbose) {
- fprintf(stderr, "Found slot: %s\n", slot->description);
- fprintf(stderr, "Found token: %s\n", slot->token->label);
+ Log(LOG_INFO, "Found slot: %s", slot->description);
+ Log(LOG_INFO, "Found token: %s", slot->token->label);
}
if ((tok->loginRequired) && (do_login(slot))) {
- fprintf(stderr, "failed to login\n");
+ Log(LOG_ERR, "failed to login");
goto err_out;
}
if (PKCS11_enumerate_certs(tok, &certs, &cert_count)) {
- fprintf(stderr, "unable to enumerate certificates\n");
+ Log(LOG_ERR, "unable to enumerate certificates");
goto err_out;
}
if (verbose) {
- fprintf(stderr, "Found %u cert%s:\n", cert_count,
+ Log(LOG_INFO, "Found %u cert%s:", cert_count,
(cert_count <= 1) ? "" : "s");
}
}
if (selected_cert == NULL) {
- fprintf(stderr, "certificate not found.\n");
+ Log(LOG_ERR, "certificate not found.");
goto err_out;
}
out:
if (local_init) {
- free_pkcs11_ctx(e);
+ free_pkcs11_ctx();
}
return x509;
}
PKCS11_CERT *certs;
EVP_PKEY *pk = NULL;
unsigned int slot_count, cert_count, key_count, n, m;
- char flags[64];
+ char flags[FLAGS_LEN];
int local_init = 0;
if (ctx == NULL) {
}
if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count) < 0)
- fail("failed to enumerate slots\n");
+ fail("failed to enumerate slots");
if (verbose) {
- fprintf(stderr, "Found %u slot%s\n", slot_count,
+ Log(LOG_INFO, "Found %u slot%s", slot_count,
(slot_count <= 1) ? "" : "s");
}
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
- strcat(flags, "uninitialized, ");
+ strncat(flags, "uninitialized, ", FLAGS_LEN - strlen(flags) - 1);
else if (!slot->token->userPinSet)
- strcat(flags, "no pin, ");
+ strncat(flags, "no pin, ", FLAGS_LEN - strlen(flags) - 1);
if (slot->token->loginRequired)
- strcat(flags, "login, ");
+ strncat(flags, "login, ", FLAGS_LEN - strlen(flags) - 1);
if (slot->token->readOnly)
- strcat(flags, "ro, ");
+ strncat(flags, "ro, ", FLAGS_LEN - strlen(flags) - 1);
} else {
- strcpy(flags, "no token");
+ strncpy(flags, "no token", sizeof(flags));
}
if ((m = strlen(flags)) != 0) {
flags[m - 2] = '\0';
}
if (verbose) {
- fprintf(stderr, "[%lu] %-25.25s %-16s",
+ Log(LOG_INFO, "[%lu] %-25.25s %-16s",
PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
- fprintf(stderr, " (%s)",
+ Log(LOG_INFO, " (%s)",
slot->token->label[0] ?
slot->token->label : "no label");
}
- fprintf(stderr, "\n");
}
}
if (slot_nr == -1) {
if (!(slot = PKCS11_find_token(ctx, slot_list, slot_count)))
- fail("didn't find any tokens\n");
+ fail("didn't find any tokens");
} else if (found_slot) {
slot = found_slot;
} else {
- fprintf(stderr, "Invalid slot number: %d\n", slot_nr);
+ Log(LOG_ERR, "Invalid slot number: %d", slot_nr);
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
tok = slot->token;
if (tok == NULL) {
- fprintf(stderr, "Found empty token; \n");
+ Log(LOG_INFO, "Found empty token; ");
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
if (isPrivate && !tok->userPinSet && !tok->readOnly) {
- fprintf(stderr, "Found slot without user PIN\n");
+ Log(LOG_INFO, "Found slot without user PIN");
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
if (verbose) {
- fprintf(stderr, "Found slot: %s\n", slot->description);
- fprintf(stderr, "Found token: %s\n", slot->token->label);
+ Log(LOG_INFO, "Found slot: %s", slot->description);
+ Log(LOG_INFO, "Found token: %s", slot->token->label);
}
#ifdef DEBUG
if (PKCS11_enumerate_certs(tok, &certs, &cert_count))
- fail("unable to enumerate certificates\n");
+ fail("unable to enumerate certificates");
if (verbose) {
- fprintf(stderr, "Found %u certificate%s:\n", cert_count,
+ Log(LOG_INFO, "Found %u certificate%s:", cert_count,
(cert_count <= 1) ? "" : "s");
for (n = 0; n < cert_count; n++) {
PKCS11_CERT *c = certs + n;
char *dn = NULL;
- fprintf(stderr, " %2u %s", n + 1, c->label);
+ Log(LOG_INFO, " %2u %s", n + 1, c->label);
if (c->x509)
dn = X509_NAME_oneline(X509_get_subject_name
(c->x509), NULL, 0);
if (dn) {
- fprintf(stderr, " (%s)", dn);
+ Log(LOG_INFO, " (%s)", dn);
OPENSSL_free(dn);
}
- fprintf(stderr, "\n");
}
}
#endif
pin = NULL;
pin_length = 0;
}
- fail("Login failed\n");
+ fail("Login failed");
}
/* Login successful, PIN retained in case further logins are
required. This will occur on subsequent calls to the
/* Make sure there is at least one private key on the token */
if (PKCS11_enumerate_keys(tok, &keys, &key_count)) {
- fail("unable to enumerate keys\n");
+ fail("unable to enumerate keys");
}
if (key_count == 0) {
- fail("No keys found.\n");
+ fail("No keys found.");
}
if (verbose) {
- fprintf(stderr, "Found %u key%s:\n", key_count,
+ Log(LOG_INFO, "Found %u key%s:", key_count,
(key_count <= 1) ? "" : "s");
}
if ((key_id_len != 0) || (key_label != NULL)) {
PKCS11_KEY *k = keys + n;
if (verbose) {
- fprintf(stderr, " %2u %c%c %s\n", n + 1,
+ Log(LOG_INFO, " %2u %c%c %s", n + 1,
k->isPrivate ? 'P' : ' ',
k->needLogin ? 'L' : ' ', k->label);
}
}
if (selected_key == NULL) {
- fprintf(stderr, "key not found.\n");
+ Log(LOG_ERR, "key not found.");
goto out;
}
out:
if (local_init) {
- free_pkcs11_ctx(e);
+ free_pkcs11_ctx();
}
return pk;
n = parse_key_string(s_key_id, &slot_nr, key_id, &key_id_len,
&key_label, NULL);
if (n) {
- fprintf(stderr,
- "supported format: slot_<slot>:id_<id>:label_<label>\n");
- fprintf(stderr,
- "where <slot> is the slot number as normal integer,\n");
- fprintf(stderr,
- "and <id> is the id number as hex string.\n");
- fprintf(stderr,
- "and <label> is the textual key label string.\n");
+ Log(LOG_INFO,
+ "supported format: slot_<slot>:id_<id>:label_<label>");
+ Log(LOG_INFO,
+ "where <slot> is the slot number as normal integer,");
+ Log(LOG_INFO,
+ "and <id> is the id number as hex string.");
+ Log(LOG_INFO,
+ "and <label> is the textual key label string.");
return NULL;
}
pk = pkcs11_load_key(e, slot_nr, key_id, key_id_len, key_label,
ui_method, callback_data, 0);
if (pk == NULL)
- fprintf(stderr, "PKCS11_load_public_key returned NULL\n");
+ Log(LOG_INFO, "PKCS11_load_public_key returned NULL");
if (key_label) free(key_label);
return pk;
n = parse_key_string(s_key_id, &slot_nr, key_id, &key_id_len,
&key_label, NULL);
if (n) {
- fprintf(stderr,
- "supported format: slot_<slot>:id_<id>:label_<label>\n");
- fprintf(stderr,
- "where <slot> is the slot number as normal integer,\n");
- fprintf(stderr,
- "and <id> is the id number as hex string.\n");
- fprintf(stderr,
- "and <label> is the textual key label string.\n");
+ Log(LOG_INFO,
+ "supported format: slot_<slot>:id_<id>:label_<label>");
+ Log(LOG_INFO,
+ "where <slot> is the slot number as normal integer,");
+ Log(LOG_INFO,
+ "and <id> is the id number as hex string.");
+ Log(LOG_INFO,
+ "and <label> is the textual key label string.");
return NULL;
}
pk = pkcs11_load_key(e, slot_nr, key_id, key_id_len, key_label,
ui_method, callback_data, 1);
if (pk == NULL)
- fprintf(stderr, "PKCS11_get_private_key returned NULL\n");
+ Log(LOG_INFO, "PKCS11_get_private_key returned NULL");
if (key_label) free(key_label);
return pk;
PKCS11_CERT *certs;
PKCS11_KEY *keys;
unsigned int slot_count, cert_count, key_count, m, n, i;
- char flags[64];
+ char flags[FLAGS_LEN];
int local_init = 0;
int ret_val = 0;
if (verbose) {
- fprintf(stderr, "Displaying token objects from slot %d\n", (int)slot_nr);
+ Log(LOG_INFO, "Displaying token objects from slot %d", (int)slot_nr);
}
if (ctx == NULL) {
local_init = 1;
}
if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count)) {
- fprintf(stderr, "failed to enumerate slots\n");
+ Log(LOG_ERR, "failed to enumerate slots");
goto out;
}
if (verbose) {
- fprintf(stderr, "Found %u slots\n", slot_count);
+ Log(LOG_INFO, "Found %u slots", slot_count);
}
for (n = 0; n < slot_count; n++) {
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
- strcat(flags, "uninitialized, ");
+ strncat(flags, "uninitialized, ", (FLAGS_LEN - strlen(flags) - 1));
else if (!slot->token->userPinSet)
- strcat(flags, "no pin, ");
+ strncat(flags, "no pin, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->loginRequired)
- strcat(flags, "login, ");
+ strncat(flags, "login, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->readOnly)
- strcat(flags, "ro, ");
+ strncat(flags, "ro, ", (FLAGS_LEN - strlen(flags) - 1));
} else {
- strcpy(flags, "no token");
+ strncpy(flags, "no token", sizeof(flags));
}
if ((m = strlen(flags)) != 0) {
flags[m - 2] = '\0';
}
if (verbose) {
- fprintf(stderr, "[%lu] %-25.25s %-16s",
+ Log(LOG_INFO, "[%lu] %-25.25s %-16s",
PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
- fprintf(stderr, " (%s)",
+ Log(LOG_INFO, " (%s)",
slot->token->label[0] ?
slot->token->label : "no label");
}
- fprintf(stderr, "\n");
}
}
if (found_slot) {
slot = found_slot;
} else {
- fprintf(stderr, "Invalid slot number: %d\n", (int)slot_nr);
+ Log(LOG_ERR, "Invalid slot number: %d", (int)slot_nr);
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
tok = slot->token;
if (tok == NULL) {
- fprintf(stderr, "Found empty token; \n");
+ Log(LOG_ERR, "Found empty token; ");
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
if (verbose) {
- fprintf(stderr, "Found slot: %s\n", slot->description);
- fprintf(stderr, "Found token: %s\n", slot->token->label);
+ Log(LOG_INFO, "Found slot: %s", slot->description);
+ Log(LOG_INFO, "Found token: %s", slot->token->label);
}
if ((tok->loginRequired) && (do_login(slot))) {
- fprintf(stderr, "failed to login\n");
+ Log(LOG_ERR, "failed to login");
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
if (PKCS11_enumerate_certs(tok, &certs, &cert_count)) {
- fprintf(stderr, "unable to enumerate certificates\n");
+ Log(LOG_ERR, "unable to enumerate certificates");
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
for (n=0; n<cert_count; n++) {
+ char tmp[MAX_VALUE_LEN];
PKCS11_CERT *c = certs + n;
char *dn = NULL;
- fprintf(stderr, "Certificate Object:\n");
- fprintf(stderr, "\ttype: X.509 cert\n");
- fprintf(stderr, "\tlabel: %s\n", c->label);
- fprintf(stderr, "\tID: ");
- for (i = 0; i < c->id_len; i++)
- printf("%02x", c->id[i]);
- printf("\n");
+ Log(LOG_INFO, "Certificate Object:");
+ Log(LOG_INFO, "\ttype: X.509 cert");
+ Log(LOG_INFO, "\tlabel: %s", c->label);
+ for (i = 0; i < c->id_len; i++) {
+ snprintf(&tmp[i*2], 2, "%02x", c->id[i]);
+ }
+ Log(LOG_INFO, "\tID: %s", tmp);
if (c->x509)
dn = X509_NAME_oneline(X509_get_subject_name(c->x509),
NULL, 0);
if (dn) {
- fprintf(stderr, "\tname: %s\n", dn);
+ Log(LOG_INFO, "\tname: %s", dn);
OPENSSL_free(dn);
}
}
if (PKCS11_enumerate_keys(tok, &keys, &key_count)) {
- fprintf(stderr, "unable to enumerate keys\n");
+ Log(LOG_ERR, "unable to enumerate keys");
PKCS11_release_all_slots(ctx, slot_list, slot_count);
goto out;
}
for (n=0; n<key_count; n++) {
+ char tmp[MAX_VALUE_LEN];
+
PKCS11_KEY *k = keys + n;
if (k->isPrivate) {
- fprintf(stderr, "Private Key Object:\n");
- fprintf(stderr, "\ttype: RSA\n");
+ Log(LOG_INFO, "Private Key Object:");
+ Log(LOG_INFO, "\ttype: RSA");
} else {
- fprintf(stderr, "Public Key Object:\n");
- fprintf(stderr, "\ttype: RSA %d bits\n",
+ Log(LOG_INFO, "Public Key Object:");
+ Log(LOG_INFO, "\ttype: RSA %d bits",
(PKCS11_get_key_size(k)*8));
}
- fprintf(stderr, "\tlabel: %s\n", k->label);
- fprintf(stderr, "\tID: ");
- for (i = 0; i < k->id_len; i++)
- printf("%02x", k->id[i]);
- printf("\n");
+ Log(LOG_INFO, "\tlabel: %s", k->label);
+ for (i = 0; i < k->id_len; i++) {
+ snprintf(&tmp[i*2], 2, "%02x", k->id[i]);
+ }
+ Log(LOG_INFO, "\tID: %s", tmp);
}
ret_val = 1;
out:
if (local_init) {
- free_pkcs11_ctx(e);
+ free_pkcs11_ctx();
}
return ret_val;
PKCS11_TOKEN *tok = slot->token;
if (pin == NULL) {
- fprintf(stderr, "PIN not set\n");
+ Log(LOG_INFO, "PIN not set");
return -1;
}
pin = NULL;
pin_length = 0;
}
- fprintf(stderr, "Login failed\n");
+ Log(LOG_ERR, "Login failed");
return -1;
}
return 0;
unsigned char data[MAX_OBJECT_SIZE];
const unsigned char *pp = data;
int data_len = 0;
- FILE *f;
+ FILE *f = NULL;
X509 *x;
if (!p || !*p) {
- fprintf(stderr, "no parameter\n");
+ Log(LOG_ERR, "no parameter");
return 0;
}
n = parse_cert_store_string(p, &slot_nr, cert_id, &cert_id_len,
&cert_label, &cert_file);
if (n) {
- fprintf(stderr,
- "supported format: slot_<slot>:id_<id>:label_<label>:cert_<filename>\n");
- fprintf(stderr,
- "where <slot> is the slot number as normal integer,\n");
- fprintf(stderr,
- "and <id> is the id number as hex string.\n");
- fprintf(stderr,
- "and <label> is the textual cert label string.\n");
- fprintf(stderr,
- "and <filename> is the cert filename with full path.\n");
+ Log(LOG_INFO,
+ "supported format: slot_<slot>:id_<id>:label_<label>:cert_<filename>");
+ Log(LOG_INFO,
+ "where <slot> is the slot number as normal integer,");
+ Log(LOG_INFO,
+ "and <id> is the id number as hex string.");
+ Log(LOG_INFO,
+ "and <label> is the textual cert label string.");
+ Log(LOG_INFO,
+ "and <filename> is the cert filename with full path.");
goto store_cert_err_out;
}
f = fopen(cert_file, "rb");
if (f == NULL) {
- fprintf(stderr, "Couldn't open cert file \"%s\"\n", cert_file);
+ Log(LOG_ERR, "Couldn't open cert file \"%s\"", cert_file);
goto store_cert_err_out;
}
data_len = fread(data, 1, sizeof(data), f);
if (data_len < 0) {
- fprintf(stderr, "Couldn't read from file \"%s\"\n", cert_file);
+ Log(LOG_ERR, "Couldn't read from file \"%s\"", cert_file);
goto store_cert_err_out;
}
x = d2i_X509(NULL, &pp, data_len);
if (!x) {
- fprintf(stderr, "OpenSSL cert parse error\n");
+ Log(LOG_ERR, "OpenSSL cert parse error");
goto store_cert_err_out;
}
cert_id_len = 0;
if (verbose) {
- fprintf(stderr, "Storing cert(%s) in slot(%d) with label(%s) and id(",
- cert_file, slot_nr, cert_label);
- for (n = 0; n < cert_id_len; n++)
- fprintf(stderr, "%02x", cert_id[n]);
- fprintf(stderr, ")\n");
+ char tmp[MAX_VALUE_LEN];
+ for (n = 0; n < cert_id_len; n++) {
+ snprintf(&tmp[n*2], 2, "%02x", cert_id[n]);
+ }
+ Log(LOG_INFO, "Storing cert(%s) in slot(%d) with label(%s) and id(%s)",
+ cert_file, slot_nr, cert_label, tmp);
}
if (pkcs11_store_cert(e, slot_nr, cert_id, cert_id_len, cert_label, x))
PKCS11_TOKEN *tok;
PKCS11_CERT *certs, *ret_cert = NULL;
unsigned int slot_count, cert_count;
- char flags[64];
+ char flags[FLAGS_LEN];
int n,m;
int ret_val = -1;
int local_init = 0;
}
if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count)) {
- fprintf(stderr, "failed to enumerate slots\n");
+ Log(LOG_ERR, "failed to enumerate slots");
goto out;
}
if (verbose) {
- fprintf(stderr, "Found %u slots\n", slot_count);
+ Log(LOG_INFO, "Found %u slots", slot_count);
}
for (n = 0; n < slot_count; n++) {
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
- strcat(flags, "uninitialized, ");
+ strncat(flags, "uninitialized, ", FLAGS_LEN - strlen(flags) - 1);
else if (!slot->token->userPinSet)
- strcat(flags, "no pin, ");
+ strncat(flags, "no pin, ", FLAGS_LEN - strlen(flags) - 1);
if (slot->token->loginRequired)
- strcat(flags, "login, ");
+ strncat(flags, "login, ", FLAGS_LEN - strlen(flags) - 1);
if (slot->token->readOnly)
- strcat(flags, "ro, ");
+ strncat(flags, "ro, ", FLAGS_LEN - strlen(flags) - 1);
} else {
- strcpy(flags, "no token");
+ strncpy(flags, "no token", sizeof(flags));
}
if ((m = strlen(flags)) != 0) {
flags[m - 2] = '\0';
}
if (verbose) {
- fprintf(stderr, "[%lu] %-25.25s %-16s",
+ Log(LOG_INFO, "[%lu] %-25.25s %-16s",
PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
- fprintf(stderr, " (%s)",
+ Log(LOG_INFO, " (%s)",
slot->token->label[0] ?
slot->token->label : "no label");
}
- fprintf(stderr, "\n");
}
}
if (found_slot) {
slot = found_slot;
} else {
- fprintf(stderr, "Invalid slot number: %d\n", (int)slot_nr);
+ Log(LOG_ERR, "Invalid slot number: %d", (int)slot_nr);
goto err_out;
}
tok = slot->token;
if (tok == NULL) {
- fprintf(stderr, "Found empty token; \n");
+ Log(LOG_ERR, "Found empty token; ");
goto err_out;
}
if (verbose) {
- fprintf(stderr, "Found slot: %s\n", slot->description);
- fprintf(stderr, "Found token: %s\n", slot->token->label);
+ Log(LOG_INFO, "Found slot: %s", slot->description);
+ Log(LOG_INFO, "Found token: %s", slot->token->label);
}
if ((tok->loginRequired) && (do_login(slot))) {
- fprintf(stderr, "failed to login\n");
+ Log(LOG_ERR, "failed to login");
goto err_out;
}
/* Enumerate certs to initialize libp11 cert count */
if (PKCS11_enumerate_certs(tok, &certs, &cert_count)) {
- fprintf(stderr, "unable to enumerate certificates\n");
+ Log(LOG_ERR, "unable to enumerate certificates");
goto err_out;
}
if (PKCS11_store_certificate(tok, x, cert_label, cert_id,
cert_id_len, &ret_cert)) {
- fprintf(stderr, "failed to store cert\n");
+ Log(LOG_ERR, "failed to store cert");
goto err_out;
}
out:
if(local_init) {
- free_pkcs11_ctx(e);
+ free_pkcs11_ctx();
}
return ret_val;
/* slot identifier */
if (!strncmp(token, "slot_", 5)) {
/* slot is a decimal number */
- if (sscanf(token + 5, "%d", slot) != 1) {
- fprintf(stderr, "slot number not deciphered!\n");
+ if (str_to_dec(token + 5, slot) != 1) {
+ Log(LOG_ERR, "slot number not deciphered!");
goto err;
}
} else if (!strncmp(token, "id_", 3)) {
/* certificate ID */
/* id is hexadecimal number */
if (!hex_to_bin(token + 3, id, id_len)) {
- fprintf(stderr, "id not deciphered!\n");
+ Log(LOG_ERR, "id not deciphered!");
goto err;
}
} else if (!strncmp(token, "label_", 6)) {
/* label is string */
*label = strdup(token + 6);
if (*label == NULL) {
- fprintf(stderr, "label not deciphered!\n");
+ Log(LOG_ERR, "label not deciphered!");
goto err;
}
} else if (!strncmp(token, "cert_", 5)) {
/* cert file name */
*cert_file = strdup(token + 5);
if (*cert_file == NULL) {
- fprintf(stderr, "cert file not deciphered!\n");
+ Log(LOG_ERR, "cert file not deciphered!");
goto err;
}
}
} /* end while(token) */
if (*cert_file == NULL) {
- fprintf(stderr, "cert file name not present!\n");
+ Log(LOG_ERR, "cert file name not present!");
goto err;
}
int rv = 0;
if (!p || !*p) {
- fprintf(stderr, "no parameter\n");
+ Log(LOG_ERR, "no parameter");
return 0;
}
n = parse_key_gen_string(p, &slot_nr, &key_size, key_id, &key_id_len,
&key_label);
if (n) {
- fprintf(stderr,
- "supported format: slot_<slot>:size_<size>:id_<id>:label_<label>\n");
- fprintf(stderr,
- "where <slot> is the slot number as normal integer,\n");
- fprintf(stderr,
- "and <size> is the RSA key size in bits.\n");
- fprintf(stderr,
- "and <id> is the id number as hex string.\n");
- fprintf(stderr,
- "and <label> is the textual cert label string.\n");
+ Log(LOG_INFO,
+ "supported format: slot_<slot>:size_<size>:id_<id>:label_<label>");
+ Log(LOG_INFO,
+ "where <slot> is the slot number as normal integer,");
+ Log(LOG_INFO,
+ "and <size> is the RSA key size in bits.");
+ Log(LOG_INFO,
+ "and <id> is the id number as hex string.");
+ Log(LOG_INFO,
+ "and <label> is the textual cert label string.");
goto gen_key_err_out;
}
if (verbose) {
- fprintf(stderr, "Generating %dbits RSA key in slot(%d) with label(%s) and id(",
- key_size, slot_nr, key_label);
- for (n = 0; n < key_id_len; n++)
- fprintf(stderr, "%02x", key_id[n]);
- fprintf(stderr, ")\n");
+ char tmp[MAX_VALUE_LEN];
+ for (n = 0; n < key_id_len; n++) {
+ snprintf(&tmp[n*2], 2, "%02x", key_id[n]);
+ }
+ Log(LOG_INFO, "Generating %dbits RSA key in slot(%d) with label(%s) and id(s)",
+ key_size, slot_nr, key_label, tmp);
}
if (pkcs11_gen_key(e, slot_nr, (unsigned int)key_size, key_id, key_id_len, key_label))
/* slot identifier */
if (!strncmp(token, "slot_", 5)) {
/* slot is a decimal number */
- if (sscanf(token + 5, "%d", slot) != 1) {
- fprintf(stderr, "slot number not deciphered!\n");
+ if (str_to_dec(token + 5, slot) != 1) {
+ Log(LOG_ERR, "slot number not deciphered!");
goto err;
}
} else if (!strncmp(token, "id_", 3)) {
/* certificate ID */
/* id is hexadecimal number */
if (!hex_to_bin(token + 3, id, id_len)) {
- fprintf(stderr, "id not deciphered!\n");
+ Log(LOG_ERR, "id not deciphered!");
goto err;
}
} else if (!strncmp(token, "label_", 6)) {
/* label is string */
*label = strdup(token + 6);
if (*label == NULL) {
- fprintf(stderr, "label not deciphered!\n");
+ Log(LOG_ERR, "label not deciphered!");
goto err;
}
} else if (!strncmp(token, "size_", 5)) {
/* key size in bits */
- if (sscanf(token + 5, "%d", key_size) != 1) {
- fprintf(stderr, "key size not deciphered!\n");
+ if (str_to_dec(token + 5, key_size) != 1) {
+ Log(LOG_ERR, "key size not deciphered!");
goto err;
}
}
} /* end while(token) */
if (*key_size == -1) {
- fprintf(stderr, "key size not present!\n");
+ Log(LOG_ERR, "key size not present!");
goto err;
}
PKCS11_TOKEN *tok;
PKCS11_KEY *keys, *ret_key = NULL;
unsigned int slot_count, key_count;
- char flags[64];
+ char flags[FLAGS_LEN];
int n,m;
int ret_val = -1;
int local_init = 0;
}
if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count)) {
- fprintf(stderr, "failed to enumerate slots\n");
+ Log(LOG_ERR, "failed to enumerate slots");
goto out;
}
if (verbose) {
- fprintf(stderr, "Found %u slots\n", slot_count);
+ Log(LOG_INFO, "Found %u slots", slot_count);
}
for (n = 0; n < slot_count; n++) {
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
- strcat(flags, "uninitialized, ");
+ strncat(flags, "uninitialized, ", (FLAGS_LEN - strlen(flags) - 1));
else if (!slot->token->userPinSet)
- strcat(flags, "no pin, ");
+ strncat(flags, "no pin, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->loginRequired)
- strcat(flags, "login, ");
+ strncat(flags, "login, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->readOnly)
- strcat(flags, "ro, ");
+ strncat(flags, "ro, ", (FLAGS_LEN - strlen(flags) - 1));
} else {
- strcpy(flags, "no token");
+ strncpy(flags, "no token", sizeof(flags));
}
if ((m = strlen(flags)) != 0) {
flags[m - 2] = '\0';
}
if (verbose) {
- fprintf(stderr, "[%lu] %-25.25s %-16s",
+ Log(LOG_INFO, "[%lu] %-25.25s %-16s",
PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
- fprintf(stderr, " (%s)",
+ Log(LOG_INFO, " (%s)",
slot->token->label[0] ?
slot->token->label : "no label");
}
- fprintf(stderr, "\n");
}
}
if (found_slot) {
slot = found_slot;
} else {
- fprintf(stderr, "Invalid slot number: %d\n", (int)slot_nr);
+ Log(LOG_ERR, "Invalid slot number: %d", (int)slot_nr);
goto err_out;
}
tok = slot->token;
if (tok == NULL) {
- fprintf(stderr, "Found empty token; \n");
+ Log(LOG_ERR, "Found empty token; ");
goto err_out;
}
if (verbose) {
- fprintf(stderr, "Found slot: %s\n", slot->description);
- fprintf(stderr, "Found token: %s\n", slot->token->label);
+ Log(LOG_INFO, "Found slot: %s", slot->description);
+ Log(LOG_INFO, "Found token: %s", slot->token->label);
}
if ((tok->loginRequired) && (do_login(slot))) {
- fprintf(stderr, "failed to login\n");
+ Log(LOG_ERR, "failed to login");
goto err_out;
}
/* Enumerate keys to initialize libp11 key count */
if (PKCS11_enumerate_keys(tok, &keys, &key_count)) {
- fprintf(stderr, "unable to enumerate keys\n");
+ Log(LOG_ERR, "unable to enumerate keys");
goto err_out;
}
if (PKCS11_generate_key(tok, EVP_PKEY_RSA, key_size, key_label,
key_id, key_id_len)) {
- fprintf(stderr, "failed to generate RSA key pair\n");
+ Log(LOG_ERR, "failed to generate RSA key pair");
goto err_out;
}
PKCS11_release_all_slots(ctx, slot_list, slot_count);
out:
if (local_init) {
- free_pkcs11_ctx(e);
+ free_pkcs11_ctx();
}
return ret_val;
}
int rv = 0;
if (!p || !*p) {
- fprintf(stderr, "no parameter\n");
+ Log(LOG_ERR, "no parameter");
return 0;
}
n = parse_del_obj_string(p, &slot_nr, &type, id, &id_len, &label);
if (n) {
- fprintf(stderr,
- "supported format: slot_<slot>:type_<type>:id_<id>:label_<label>\n");
- fprintf(stderr,
- "where <slot> is the slot number as normal integer,\n");
- fprintf(stderr,
- "and <type> is the object type (privkey/pubkey/cert)\n");
- fprintf(stderr,
- "and <id> is the id number as hex string.\n");
- fprintf(stderr,
- "and <label> is the textual label string.\n");
+ Log(LOG_INFO,
+ "supported format: slot_<slot>:type_<type>:id_<id>:label_<label>");
+ Log(LOG_INFO,
+ "where <slot> is the slot number as normal integer,");
+ Log(LOG_INFO,
+ "and <type> is the object type (privkey/pubkey/cert)");
+ Log(LOG_INFO,
+ "and <id> is the id number as hex string.");
+ Log(LOG_INFO,
+ "and <label> is the textual label string.");
goto err;
}
/* No ID specified */
- if (id_len == sizeof(id))
+ if (id_len == sizeof(id)) {
id_len = 0;
+ }
if (verbose) {
- fprintf(stderr, "Deleting object type(%s) from slot(%d) with label(%s) and id(",
- type, slot_nr, label);
- for (n = 0; n < id_len; n++)
- fprintf(stderr, "%02x", id[n]);
- fprintf(stderr, ")\n");
+ char tmp[MAX_VALUE_LEN];
+ for (n = 0; n < id_len; n++) {
+ snprintf(&tmp[n*2], 2, "%02x", id[n]);
+ }
+ Log(LOG_INFO, "Deleting object type(%s) from slot(%d) with label(%s) and id(%s)",
+ type, slot_nr, label, tmp);
}
if (pkcs11_del_obj(e, slot_nr, type, id, id_len, label))
/* slot identifier */
if (!strncmp(token, "slot_", 5)) {
/* slot is a decimal number */
- if (sscanf(token + 5, "%d", slot) != 1) {
- fprintf(stderr, "slot number not deciphered!\n");
+ if (str_to_dec(token + 5, slot) != 1) {
+ Log(LOG_ERR, "slot number not deciphered!");
goto err;
}
} else if (!strncmp(token, "id_", 3)) {
/* certificate ID */
/* id is hexadecimal number */
if (!hex_to_bin(token + 3, id, id_len)) {
- fprintf(stderr, "id not deciphered!\n");
+ Log(LOG_ERR, "id not deciphered!");
goto err;
}
} else if (!strncmp(token, "label_", 6)) {
/* label is string */
*label = strdup(token + 6);
if (*label == NULL) {
- fprintf(stderr, "label not deciphered!\n");
+ Log(LOG_ERR, "label not deciphered!");
goto err;
}
} else if (!strncmp(token, "type_", 5)) {
/* Object type */
*type = strdup(token + 5);
if (*type == NULL) {
- fprintf(stderr, "type not deciphered!\n");
+ Log(LOG_ERR, "type not deciphered!");
goto err;
}
}
} /* end while(token) */
if (*type == NULL) {
- fprintf(stderr, "type not present!\n");
+ Log(LOG_ERR, "type not present!");
goto err;
}
PKCS11_TOKEN *tok;
PKCS11_KEY *keys, *ret_key = NULL;
unsigned int slot_count, key_count;
- char flags[64];
+ char flags[FLAGS_LEN];
int n,m, type, retval = -1;
int local_init = 0;
#define TYPE_PRIVKEY 1
} else if (!strcmp(type_str, "cert")) {
type = TYPE_CERT;
} else {
- fprintf(stderr, "invalid object type(%s)\n", type_str);
+ Log(LOG_ERR, "invalid object type(%s)", type_str);
goto out;
}
}
if (PKCS11_enumerate_slots(ctx, &slot_list, &slot_count)) {
- fprintf(stderr, "failed to enumerate slots\n");
+ Log(LOG_ERR, "failed to enumerate slots");
goto out;
}
if (verbose) {
- fprintf(stderr, "Found %u slots\n", slot_count);
+ Log(LOG_INFO, "Found %u slots", slot_count);
}
for (n = 0; n < slot_count; n++) {
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
- strcat(flags, "uninitialized, ");
+ strncat(flags, "uninitialized, ", (FLAGS_LEN - strlen(flags) - 1));
else if (!slot->token->userPinSet)
- strcat(flags, "no pin, ");
+ strncat(flags, "no pin, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->loginRequired)
- strcat(flags, "login, ");
+ strncat(flags, "login, ", (FLAGS_LEN - strlen(flags) - 1));
if (slot->token->readOnly)
- strcat(flags, "ro, ");
+ strncat(flags, "ro, ", (FLAGS_LEN - strlen(flags) - 1));
} else {
- strcpy(flags, "no token");
+ strncpy(flags, "no token", sizeof(flags));
}
if ((m = strlen(flags)) != 0) {
flags[m - 2] = '\0';
}
if (verbose) {
- fprintf(stderr, "[%lu] %-25.25s %-16s",
+ Log(LOG_INFO, "[%lu] %-25.25s %-16s",
PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
- fprintf(stderr, " (%s)",
+ Log(LOG_INFO, " (%s)",
slot->token->label[0] ?
slot->token->label : "no label");
}
- fprintf(stderr, "\n");
}
}
if (found_slot) {
slot = found_slot;
} else {
- fprintf(stderr, "Invalid slot number: %d\n", (int)slot_nr);
+ Log(LOG_ERR, "Invalid slot number: %d", (int)slot_nr);
goto err_out;
}
tok = slot->token;
if (tok == NULL) {
- fprintf(stderr, "Found empty token; \n");
+ Log(LOG_ERR, "Found empty token; ");
goto err_out;
}
if (verbose) {
- fprintf(stderr, "Found slot: %s\n", slot->description);
- fprintf(stderr, "Found token: %s\n", slot->token->label);
+ Log(LOG_INFO, "Found slot: %s", slot->description);
+ Log(LOG_INFO, "Found token: %s", slot->token->label);
}
if ((tok->loginRequired) && (do_login(slot))) {
- fprintf(stderr, "failed to login\n");
+ Log(LOG_ERR, "failed to login");
goto err_out;
}
switch(type) {
case TYPE_CERT:
if (PKCS11_remove_certificate(tok, label, id, id_len)) {
- fprintf(stderr, "failed to delete certificate\n");
+ Log(LOG_ERR, "failed to delete certificate");
goto err_out;
}
break;
case TYPE_PUBKEY:
if (PKCS11_remove_public_key(tok, label, id, id_len)) {
- fprintf(stderr, "failed to delete public key\n");
+ Log(LOG_ERR, "failed to delete public key");
goto err_out;
}
break;
case TYPE_PRIVKEY:
if (PKCS11_remove_private_key(tok, label, id, id_len)) {
- fprintf(stderr, "failed to delete private key\n");
+ Log(LOG_ERR, "failed to delete private key");
goto err_out;
}
break;
default:
- fprintf(stderr, "object type(%s) not supported\n", type_str);
+ Log(LOG_ERR, "object type(%s) not supported", type_str);
goto err_out;
break;
}
PKCS11_release_all_slots(ctx, slot_list, slot_count);
out:
if (local_init) {
- free_pkcs11_ctx(e);
+ free_pkcs11_ctx();
}
return retval;
}
int slot_nr = -1;
unsigned char *pp, *data = NULL;
int data_len = 0;
- FILE *f;
+ FILE *f = NULL;
EVP_PKEY *pk;
RSA *rsa;
if (!p || !*p) {
- fprintf(stderr, "no parameter\n");
+ Log(LOG_ERR, "no parameter");
return 0;
}
n = parse_key_string(p, &slot_nr, key_id, &key_id_len,
&key_label, &key_file);
if (n) {
- fprintf(stderr,
- "supported format: slot_<slot>:id_<id>:label_<label>:key_<filename>\n");
- fprintf(stderr,
- "where <slot> is the slot number as normal integer,\n");
- fprintf(stderr,
- "and <id> is the id number as hex string.\n");
- fprintf(stderr,
- "and <label> is the textual key label string.\n");
- fprintf(stderr,
- "and <filename> is the key filename with full path.\n");
+ Log(LOG_INFO,
+ "supported format: slot_<slot>:id_<id>:label_<label>:key_<filename>");
+ Log(LOG_INFO,
+ "where <slot> is the slot number as normal integer,");
+ Log(LOG_INFO,
+ "and <id> is the id number as hex string.");
+ Log(LOG_INFO,
+ "and <label> is the textual key label string.");
+ Log(LOG_INFO,
+ "and <filename> is the key filename with full path.");
goto get_pubkey_err_out;
}
f = fopen(key_file, "wb");
if (f == NULL) {
- fprintf(stderr, "Couldn't open key file \"%s\"\n", key_file);
+ Log(LOG_ERR, "Couldn't open key file \"%s\"", key_file);
goto get_pubkey_err_out;
}
key_id_len = 0;
if (verbose) {
- fprintf(stderr, "Getting public key in slot(%d) with label(%s) and id(",
- slot_nr, key_label);
- for (n = 0; n < key_id_len; n++)
- fprintf(stderr, "%02x", key_id[n]);
- fprintf(stderr, ")\n");
+ char tmp[MAX_VALUE_LEN];
+ for (n = 0; n < key_id_len; n++) {
+ snprintf(&tmp[n*2], 2, "%02x", key_id[n]);
+ }
+ Log(LOG_INFO, "Getting public key in slot(%d) with label(%s) and id(%s)",
+ slot_nr, key_label, tmp);
}
pk = pkcs11_load_key(e, slot_nr, key_id, key_id_len, key_label, NULL, NULL, 0);
if (pk == NULL) {
- fprintf(stderr, "PKCS11_load_public_key returned NULL\n");
+ Log(LOG_ERR, "PKCS11_load_public_key returned NULL");
goto get_pubkey_err_out;
}
rsa = EVP_PKEY_get1_RSA(pk);
if (rsa == NULL) {
- fprintf(stderr, "Couldn't retrieve RSA key form EVP_PKEY\n");
+ Log(LOG_ERR, "Couldn't retrieve RSA key form EVP_PKEY");
goto get_pubkey_err_out;
}
/* To store in DER format */
data_len = i2d_RSAPublicKey(rsa, NULL);
if ((data = (unsigned char *)malloc(data_len)) == NULL) {
- fprintf(stderr, "couldn't allocate memory for key\n");
+ Log(LOG_ERR, "couldn't allocate memory for key");
goto get_pubkey_err_out;
}
pp = data;
n = fwrite(data, 1, data_len, f);
if (n != data_len) {
- fprintf(stderr, "Couldn't write to file \"%s\"\n", key_file);
+ Log(LOG_ERR, "Couldn't write to file \"%s\"", key_file);
goto get_pubkey_err_out;
}
#endif
if (!PEM_write_RSA_PUBKEY(f, rsa)) {
- fprintf(stderr, "Couldn't write to file \"%s\"\n", key_file);
+ Log(LOG_ERR, "Couldn't write to file \"%s\"", key_file);
goto get_pubkey_err_out;
}
char *str, *lasts;
int rv = -1;
- if (!key_get_str)
+ if (!key_get_str) {
return -1;
-
+ }
str = strdup(key_get_str);
- if (str == NULL)
+ if (str == NULL) {
return -1;
-
+ }
/* Default values */
*slot = 0;
*label = NULL;
- if (key_file) *key_file = NULL;
-
+ if (key_file) {
+ *key_file = NULL;
+ }
token = strtok_r(str, sep, &lasts);
while (token) {
/* slot identifier */
if (!strncmp(token, "slot_", 5)) {
/* slot is a decimal number */
- if (sscanf(token + 5, "%d", slot) != 1) {
- fprintf(stderr, "slot number not deciphered!\n");
+ if (str_to_dec(token + 5, slot) != 1) {
+ Log(LOG_ERR, "slot number not deciphered!");
goto err;
}
} else if (!strncmp(token, "id_", 3)) {
/* certificate ID */
/* id is hexadecimal number */
if (!hex_to_bin(token + 3, id, id_len)) {
- fprintf(stderr, "id not deciphered!\n");
+ Log(LOG_ERR, "id not deciphered!");
goto err;
}
} else if (!strncmp(token, "label_", 6)) {
/* label is string */
*label = strdup(token + 6);
if (*label == NULL) {
- fprintf(stderr, "label not deciphered!\n");
+ Log(LOG_ERR, "label not deciphered!");
goto err;
}
} else if ((key_file) && (!strncmp(token, "key_", 4))) {
/* key file name */
*key_file = strdup(token + 4);
if (*key_file == NULL) {
- fprintf(stderr, "key file not deciphered!\n");
+ Log(LOG_ERR, "key file not deciphered!");
goto err;
}
}
} /* end while(token) */
if ((key_file) && (*key_file == NULL)) {
- fprintf(stderr, "key file name not present!\n");
+ Log(LOG_ERR, "key file name not present!");
goto err;
}