diff options
| -rw-r--r-- | configure.ac | 3 | ||||
| -rw-r--r-- | module/Makefile.am | 10 | ||||
| -rw-r--r-- | module/conf.c | 240 | ||||
| -rw-r--r-- | module/conf.h | 51 | ||||
| -rw-r--r-- | module/hash.c | 512 | ||||
| -rw-r--r-- | module/hash.h | 110 | ||||
| -rw-r--r-- | module/p11-kit-lib.c | 810 | ||||
| -rw-r--r-- | module/p11-kit-private.h | 51 | ||||
| -rw-r--r-- | module/p11-kit-proxy.c (renamed from module/p11-kit.c) | 696 | ||||
| -rw-r--r-- | module/p11-kit.h | 12 |
10 files changed, 1558 insertions, 937 deletions
diff --git a/configure.ac b/configure.ac index 52bc606..29b50be 100644 --- a/configure.ac +++ b/configure.ac @@ -3,11 +3,12 @@ AC_CONFIG_MACRO_DIR([m4]) AC_INIT([p11-kit],[0.1],[http://bugzilla.example.com]) -AC_CONFIG_SRCDIR([module/p11-kit.c]) +AC_CONFIG_SRCDIR([module/p11-kit-lib.c]) AC_CONFIG_HEADERS([config.h]) dnl Other initialization AM_INIT_AUTOMAKE +AM_SANITY_CHECK AM_MAINTAINER_MODE m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])],) LT_INIT diff --git a/module/Makefile.am b/module/Makefile.am index 3be73f4..c3fcad2 100644 --- a/module/Makefile.am +++ b/module/Makefile.am @@ -1,10 +1,14 @@ INCLUDES = \ - -DPKCS11_MODULE_PATH=\"$(PKCS11_MODULE_PATH)\" + -DPKCS11_CONFIG_FILE=\"$(sysconfdir)/pkcs11.conf\" \ + -DPKCS11_CONFIG_LIBS=\"$(sysconfdir)/pkcs11/libs\" MODULE_SRCS = \ - p11-kit.c \ - hash.c hash.h + conf.c conf.h \ + hash.c hash.h \ + p11-kit-lib.c \ + p11-kit-proxy.c \ + p11-kit-private.h p11-kit.h lib_LTLIBRARIES = p11-kit.la diff --git a/module/conf.c b/module/conf.c new file mode 100644 index 0000000..a0a3917 --- /dev/null +++ b/module/conf.c @@ -0,0 +1,240 @@ +/* + * Copyright (c) 2005, Stefan Walter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter <stef@memberwebs.com> + */ + +#include "config.h" + +#include "conf.h" + +#include <sys/param.h> +#include <sys/stat.h> +#include <sys/types.h> + +#include <assert.h> +#include <ctype.h> +#include <dirent.h> +#include <errno.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +static void +errmsg (const char *filename, const char* msg, ...) +{ + #define MAX_MSGLEN 1024 + char buf[MAX_MSGLEN]; + va_list ap; + + va_start (ap, msg); + vsnprintf (buf, MAX_MSGLEN, msg, ap); + buf[MAX_MSGLEN - 1] = 0; + conf_error (filename, buf); + va_end (ap); +} + +static void +strcln (char* data, char ch) +{ + char* p; + for (p = data; *data; data++, p++) { + while (*data == ch) + data++; + *p = *data; + } + + /* Renull terminate */ + *p = 0; +} + +static char* +strbtrim (const char* data) +{ + while (*data && isspace (*data)) + ++data; + return (char*)data; +} + +static void +stretrim (char* data) +{ + char* t = data + strlen (data); + while (t > data && isspace (*(t - 1))) { + t--; + *t = 0; + } +} + +static char* +strtrim (char* data) +{ + data = (char*)strbtrim (data); + stretrim (data); + return data; +} + +/* ----------------------------------------------------------------------------- + * CONFIG PARSER + */ + +static char* +read_config_file (const char* filename, int flags) +{ + char* config = NULL; + FILE* f = NULL; + long len; + + assert (filename); + + f = fopen (filename, "r"); + if (f == NULL) { + if ((flags & CONF_IGNORE_MISSING) && + (errno == ENOENT || errno == ENOTDIR)) { + config = strdup ("\n"); + if (!config) + errno = ENOMEM; + return config; + } + errmsg (filename, "couldn't open config file: %s", filename); + return NULL; + } + + /* Figure out size */ + if (fseek (f, 0, SEEK_END) == -1 || + (len = ftell (f)) == -1 || + fseek (f, 0, SEEK_SET) == -1) { + errmsg (filename, "couldn't seek config file: %s", filename); + return NULL; + } + + if ((config = (char*)malloc (len + 2)) == NULL) { + errmsg (filename, "out of memory"); + errno = ENOMEM; + return NULL; + } + + /* And read in one block */ + if (fread (config, 1, len, f) != len) { + errmsg (filename, "couldn't read config file: %s", filename); + return NULL; + } + + fclose (f); + + /* Null terminate the data */ + config[len] = '\n'; + config[len + 1] = 0; + + /* Remove nasty dos line endings */ + strcln (config, '\r'); + + return config; +} + +hash_t* +conf_parse_file (const char* filename, int flags) +{ + char *name; + char *value; + hash_t *ht = NULL; + char *config; + char *next; + char *end; + + assert (filename); + + /* Adds an extra newline to end of file */ + config = read_config_file (filename, flags); + if (!config) + return NULL; + + ht = hash_create (hash_string_hash, hash_string_equal, free, free); + next = config; + + /* Go through lines and process them */ + while ((end = strchr (next, '\n')) != NULL) { + *end = 0; + name = strbtrim (next); + next = end + 1; + + /* Empty lines / comments at start */ + if (!*name || *name == '#') + continue; + + /* Look for the break between name = value on the same line */ + value = name + strcspn (name, ":="); + if (!*value) { + errmsg (filename, "%s: invalid config line: %s", filename, name); + errno = EINVAL; + break; + } + + /* Null terminate and split value part */ + *value = 0; + value++; + + name = strtrim (name); + value = strtrim (value); + + name = strdup (name); + if (!name) { + errno = ENOMEM; + break; + } + value = strdup (value); + if (!value) { + free (name); + errno = ENOMEM; + break; + } + if (!hash_set (ht, name, value)) { + free (name); + free (value); + errno = ENOMEM; + break; + } + } + + /* Unsuccessful? */ + if (end != NULL) { + hash_free (ht); + ht = NULL; + } + + free (config); + return ht; +} diff --git a/module/conf.h b/module/conf.h new file mode 100644 index 0000000..2a9e2f3 --- /dev/null +++ b/module/conf.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2005, Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@collabora.co.uk> + */ + +#ifndef __CONF_H__ +#define __CONF_H__ + +#include "hash.h" + +enum { + CONF_IGNORE_MISSING = 0x01, +}; + +extern void conf_error (const char *filename, + const char *message); + +hash_t* conf_parse_file (const char *filename, + int flags); + +#endif /* __CONF_H__ */ diff --git a/module/hash.c b/module/hash.c index 512a914..84d57a2 100644 --- a/module/hash.c +++ b/module/hash.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2004, Stefan Walter - * All rights reserved. + * Copyright (c) 2011, Collabora Ltd. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,11 +52,12 @@ */ #include <sys/types.h> + +#include <assert.h> #include <stdlib.h> #include <string.h> -#include "hash.h" -#define KEY_DATA(he) ((he)->key) +#include "hash.h" /* * The internal form of a hash table. @@ -67,30 +68,14 @@ * isn't too bad given that pools have a low allocation overhead. */ -typedef struct hsh_entry_t hsh_entry_t; +typedef struct hash_entry hash_entry_t; -struct hsh_entry_t -{ - hsh_entry_t* next; - unsigned int hash; - const void* key; - size_t klen; - const void* val; -}; - -/* - * Data structure for iterating through a hash table. - * - * We keep a pointer to the next hash entry here to allow the current - * hash entry to be freed or otherwise mangled between calls to - * hsh_next(). - */ -struct hsh_index_t +struct hash_entry { - hsh_t* ht; - hsh_entry_t* ths; - hsh_entry_t* next; - unsigned int index; + hash_entry_t* next; + unsigned int hash; + void* key; + void* val; }; /* @@ -100,15 +85,16 @@ struct hsh_index_t * The count of hash entries may be greater depending on the chosen * collision rate. */ -struct hsh_t -{ - hsh_entry_t** array; - hsh_index_t iterator; /* For hsh_first(...) */ - unsigned int count; - unsigned int max; +struct hash { + hash_entry_t** array; + unsigned int count; + unsigned int max; + hash_hash_func hash_func; + hash_equal_func equal_func; + hash_destroy_func key_destroy_func; + hash_destroy_func value_destroy_func; }; - #define INITIAL_MAX 15 /* tunable == 2^n - 1 */ #define int_malloc malloc #define int_calloc calloc @@ -118,109 +104,121 @@ struct hsh_t * Hash creation functions. */ -static hsh_entry_t** alloc_array(hsh_t* ht, unsigned int max) +static hash_entry_t** +alloc_array(hash_t* ht, unsigned int max) { - return (hsh_entry_t**)int_calloc(sizeof(*(ht->array)), (max + 1)); + return (hash_entry_t**)int_calloc (sizeof (*(ht->array)), (max + 1)); } -hsh_t* hsh_create() +hash_t* +hash_create (hash_hash_func hash_func, + hash_equal_func equal_func, + hash_destroy_func key_destroy_func, + hash_destroy_func value_destroy_func) { - hsh_t* ht = int_malloc(sizeof(hsh_t)); - if(ht) - { - ht->count = 0; - ht->max = INITIAL_MAX; - ht->array = alloc_array(ht, ht->max); - if(!ht->array) - { - int_free(ht); - return NULL; - } - } - return ht; + hash_t* ht; + + assert (hash_func); + assert (equal_func); + + ht = int_malloc (sizeof (hash_t)); + if (ht) { + ht->count = 0; + ht->max = INITIAL_MAX; + ht->hash_func = hash_func; + ht->equal_func = equal_func; + ht->key_destroy_func = key_destroy_func; + ht->value_destroy_func = value_destroy_func; + ht->array = alloc_array (ht, ht->max); + if (!ht->array) { + int_free (ht); + return NULL; + } + } + return ht; } -void hsh_free(hsh_t* ht) +void +hash_free (hash_t* ht) { - hsh_index_t* hi; + hash_iter_t hi; + + if (!ht) + return; - for(hi = hsh_first(ht); hi; hi = hsh_next(hi)) - int_free(hi->ths); + hash_iterate (ht, &hi); + while (hash_next (&hi, NULL, NULL)) { + if (ht->key_destroy_func) + ht->key_destroy_func (hi.ths->key); + if (ht->value_destroy_func) + ht->value_destroy_func (hi.ths->val); + } - if(ht->array) - int_free(ht->array); + if (ht->array) + int_free (ht->array); - int_free(ht); + int_free (ht); } /* * Hash iteration functions. */ - -hsh_index_t* hsh_next(hsh_index_t* hi) +int +hash_next (hash_iter_t* hi, void **key, void **value) { - hi->ths = hi->next; - while(!hi->ths) - { - if(hi->index > hi->ht->max) - return NULL; - - hi->ths = hi->ht->array[hi->index++]; - } - hi->next = hi->ths->next; - return hi; -} - -hsh_index_t* hsh_first(hsh_t* ht) -{ - hsh_index_t* hi = &ht->iterator; - - hi->ht = ht; - hi->index = 0; - hi->ths = NULL; - hi->next = NULL; - return hsh_next(hi); + hi->ths = hi->next; + while (!hi->ths) { + if (hi->index > hi->ht->max) + return 0; + hi->ths = hi->ht->array[hi->index++]; + } + hi->next = hi->ths->next; + if (key) + *key = hi->ths->key; + if (value) + *value = hi->ths->val; + return 1; } -void* hsh_this(hsh_index_t* hi, const void** key, size_t* klen) +void +hash_iterate (hash_t* ht, hash_iter_t *hi) { - if(key) - *key = KEY_DATA(hi->ths); - if(klen) - *klen = hi->ths->klen; - return (void*)hi->ths->val; + hi->ht = ht; + hi->index = 0; + hi->ths = NULL; + hi->next = NULL; } - /* * Expanding a hash table */ -static int expand_array(hsh_t* ht) +static int +expand_array (hash_t* ht) { - hsh_index_t* hi; - hsh_entry_t** new_array; - unsigned int new_max; + hash_iter_t hi; + hash_entry_t** new_array; + unsigned int new_max; - new_max = ht->max * 2 + 1; - new_array = alloc_array(ht, new_max); + new_max = ht->max * 2 + 1; + new_array = alloc_array (ht, new_max); - if(!new_array) - return 0; + if(!new_array) + return 0; - for(hi = hsh_first(ht); hi; hi = hsh_next(hi)) - { - unsigned int i = hi->ths->hash & new_max; - hi->ths->next = new_array[i]; - new_array[i] = hi->ths; - } + hash_iterate (ht, &hi); + while (hash_next (&hi, NULL, NULL)) { + unsigned int i = hi.ths->hash & new_max; + hi.ths->next = new_array[i]; + new_array[i] = hi.ths; + } - if(ht->array) - free(ht->array); + if(ht->array) + int_free (ht->array); - ht->array = new_array; - ht->max = new_max; - return 1; + ht->array = new_array; + ht->max = new_max; + return 1; } /* @@ -232,151 +230,96 @@ static int expand_array(hsh_t* ht) * that hash entries can be removed. */ -static hsh_entry_t** find_entry(hsh_t* ht, const void* key, size_t klen, const void* val) +static hash_entry_t** +find_entry (hash_t* ht, const void* key, void* val) { - hsh_entry_t** hep; - hsh_entry_t* he; - const unsigned char* p; - unsigned int hash; - size_t i; - - /* - * This is the popular `times 33' hash algorithm which is used by - * perl and also appears in Berkeley DB. This is one of the best - * known hash functions for strings because it is both computed - * very fast and distributes very well. - * - * The originator may be Dan Bernstein but the code in Berkeley DB - * cites Chris Torek as the source. The best citation I have found - * is "Chris Torek, Hash function for text in C, Usenet message - * <27038@mimsy.umd.edu> in comp.lang.c , October, 1990." in Rich - * Salz's USENIX 1992 paper about INN which can be found at - * <http://citeseer.nj.nec.com/salz92internetnews.html>. - * - * The magic of number 33, i.e. why it works better than many other - * constants, prime or not, has never been adequately explained by - * anyone. So I try an explanation: if one experimentally tests all - * multipliers between 1 and 256 (as I did while writing a low-level - * data structure library some time ago) one detects that even - * numbers are not useable at all. The remaining 128 odd numbers - * (except for the number 1) work more or less all equally well. - * They all distribute in an acceptable way and this way fill a hash - * table with an average percent of approx. 86%. - * - * If one compares the chi^2 values of the variants (see - * Bob Jenkins ``Hashing Frequently Asked Questions'' at - * http://burtleburtle.net/bob/hash/hashfaq.html for a description - * of chi^2), the number 33 not even has the best value. But the - * number 33 and a few other equally good numbers like 17, 31, 63, - * 127 and 129 have nevertheless a great advantage to the remaining - * numbers in the large set of possible multipliers: their multiply - * operation can be replaced by a faster operation based on just one - * shift plus either a single addition or subtraction operation. And - * because a hash function has to both distribute good _and_ has to - * be very fast to compute, those few numbers should be preferred. - * - * -- Ralf S. Engelschall <rse@engelschall.com> - */ - hash = 0; - - if(klen == HSH_KEY_STRING) - { - for(p = key; *p; p++) - hash = hash * 33 + *p; - - klen = p - (const unsigned char *)key; - } - else - { - for(p = key, i = klen; i; i--, p++) - hash = hash * 33 + *p; - } - - /* scan linked list */ - for(hep = &ht->array[hash & ht->max], he = *hep; - he; hep = &he->next, he = *hep) - { - if(he->hash == hash && - he->klen == klen && - memcmp(KEY_DATA(he), key, klen) == 0) - break; - } - - if(he || !val) - return hep; - - /* add a new entry for non-NULL val */ - he = int_malloc(sizeof(*he)); - - if(he) - { - /* Key points to external data */ - he->key = key; - he->klen = klen; - - he->next = NULL; - he->hash = hash; - he->val = val; - - *hep = he; - ht->count++; - } - - return hep; -} + hash_entry_t** hep; + hash_entry_t* he; + unsigned int hash; + + /* Perform the hashing */ + hash = ht->hash_func (key); + + /* scan linked list */ + for (hep = &ht->array[hash & ht->max], he = *hep; + he; hep = &he->next, he = *hep) { + if(he->hash == hash && ht->equal_func (he->key, key)) + break; + } -void* hsh_get(hsh_t* ht, const void *key, size_t klen) -{ - hsh_entry_t** he = find_entry(ht, key, klen, NULL); + if(he || !val) + return hep; + + /* add a new entry for non-NULL val */ + he = int_malloc (sizeof (*he)); + + if(he) { + he->key = (void*)key; + he->next = NULL; + he->hash = hash; + he->val = val; - if(he && *he) - return (void*)((*he)->val); - else - return NULL; + *hep = he; + ht->count++; + } + + return hep; } -int hsh_set(hsh_t* ht, const void* key, size_t klen, void* val) +void* +hash_get (hash_t* ht, const void *key) { - hsh_entry_t** hep = find_entry(ht, key, klen, val); - - if(hep && *hep) - { - /* replace entry */ - (*hep)->val = val; + hash_entry_t** he = find_entry (ht, key, NULL); + if (he && *he) + return (void*)((*he)->val); + else + return NULL; +} - /* check that the collision rate isn't too high */ - if(ht->count > ht->max) - { - if(!expand_array(ht)) - return 0; - } +int +hash_set (hash_t* ht, void* key, void* val) +{ + hash_entry_t** hep = find_entry (ht, key, val); + if(hep && *hep) { + /* replace entry */ + (*hep)->val = val; + + /* check that the collision rate isn't too high */ + if (ht->count > ht->max) { + if (!expand_array (ht)) + return 0; + } - return 1; - } + return 1; + } - return 0; + return 0; } -void* hsh_rem(hsh_t* ht, const void* key, size_t klen) +int +hash_remove (hash_t* ht, const void* key) { - hsh_entry_t** hep = find_entry(ht, key, klen, NULL); - void* val = NULL; - - if(hep && *hep) - { - hsh_entry_t* old = *hep; - *hep = (*hep)->next; - --ht->count; - val = (void*)old->val; - free(old); - } - - return val; + hash_entry_t** hep = find_entry (ht, key, NULL); + + if (hep && *hep) { + hash_entry_t* old = *hep; + *hep = (*hep)->next; + --ht->count; + if (ht->key_destroy_func) + ht->key_destroy_func (old->key); + if (ht->value_destroy_func) + ht->value_destroy_func (old->val); + free (old); + return 1; + } + + return 0; } -void hsh_clear(hsh_t* ht) +void +hash_clear (hash_t* ht) { - hsh_entry_t *he, *next; + hash_entry_t *he, *next; int i; /* Free all entries in the array */ @@ -384,17 +327,112 @@ void hsh_clear(hsh_t* ht) he = ht->array[i]; while (he) { next = he->next; + if (ht->key_destroy_func) + ht->key_destroy_func (he->key); + if (ht->value_destroy_func) + ht->value_destroy_func (he->val); free (he); he = next; } } - memset (ht->array, 0, ht->max * sizeof (hsh_entry_t*)); + memset (ht->array, 0, ht->max * sizeof (hash_entry_t*)); ht->count = 0; } -unsigned int hsh_count(hsh_t* ht) +unsigned int +hash_count (hash_t* ht) +{ + return ht->count; +} + +unsigned int +hash_string_hash (const void *string) +{ + unsigned int hash; + const unsigned char *p; + + assert (string); + + /* + * This is the popular `times 33' hash algorithm which is used by + * perl and also appears in Berkeley DB. This is one of the best + * known hash functions for strings because it is both computed + * very fast and distributes very well. + * + * The originator may be Dan Bernstein but the code in Berkeley DB + * cites Chris Torek as the source. The best citation I have found + * is "Chris Torek, Hash function for text in C, Usenet message + * <27038@mimsy.umd.edu> in comp.lang.c , October, 1990." in Rich + * Salz's USENIX 1992 paper about INN which can be found at + * <http://citeseer.nj.nec.com/salz92internetnews.html>. + * + * The magic of number 33, i.e. why it works better than many other + * constants, prime or not, has never been adequately explained by + * anyone. So I try an explanation: if one experimentally tests all + * multipliers between 1 and 256 (as I did while writing a low-level + * data structure library some time ago) one detects that even + * numbers are not useable at all. The remaining 128 odd numbers + * (except for the number 1) work more or less all equally well. + * They all distribute in an acceptable way and this way fill a hash + * table with an average percent of approx. 86%. + * + * If one compares the chi^2 values of the variants (see + * Bob Jenkins ``Hashing Frequently Asked Questions'' at + * http://burtleburtle.net/bob/hash/hashfaq.html for a description + * of chi^2), the number 33 not even has the best value. But the + * number 33 and a few other equally good numbers like 17, 31, 63, + * 127 and 129 have nevertheless a great advantage to the remaining + * numbers in the large set of possible multipliers: their multiply + * operation can be replaced by a faster operation based on just one + * shift plus either a single addition or subtraction operation. And + * because a hash function has to both distribute good _and_ has to + * be very fast to compute, those few numbers should be preferred. + * + * -- Ralf S. Engelschall <rse@engelschall.com> + */ + + hash = 0; + + for(p = string; *p; p++) + hash = hash * 33 + *p; + + return hash; +} + +int +hash_string_equal (const void *string_one, const void *string_two) +{ + assert (string_one); + assert (string_two); + + return strcmp (string_one, string_two) == 0; +} + +unsigned int +hash_ulongptr_hash (const void *to_ulong) +{ + assert (to_ulong); + return (unsigned int)*((unsigned long*)to_ulong); +} + +int +hash_ulongptr_equal (const void *ulong_one, const void *ulong_two) +{ + assert (ulong_one); + assert (ulong_two); + return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two); +} + +unsigned int +hash_direct_hash (const void *ptr) +{ + return (unsigned int)ptr; +} + +int +hash_direct_equal (const void *ptr_one, const void *ptr_two) { - return ht->count; + return ptr_one == ptr_two; } diff --git a/module/hash.h b/module/hash.h index a02b8e3..8649ed5 100644 --- a/module/hash.h +++ b/module/hash.h @@ -1,6 +1,6 @@ /* * Copyright (c) 2004, Stefan Walter - * All rights reserved. + * Copyright (c) 2011, Collabora Ltd. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -29,6 +29,8 @@ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. + * + * Author: Stef Waler <stefw@collabora.co.uk> */ /* @@ -57,15 +59,6 @@ #include <sys/types.h> /* - * OPTIONAL FEATURES - * - * Features to define. You need to build both this file and - * the corresponding hash.c file with whatever options you set here. - * These affect the method signatures, so see the sections below - * for the actual options - */ - -/* * ARGUMENT DOCUMENTATION * * ht: The hashtable @@ -82,77 +75,108 @@ */ /* Abstract type for hash tables. */ -typedef struct hsh_t hsh_t; +typedef struct hash hash_t; -/* Abstract type for scanning hash tables. */ -typedef struct hsh_index_t hsh_index_t; +/* Type for scanning hash tables. */ +typedef struct hash_iter +{ + hash_t* ht; + struct hash_entry* ths; + struct hash_entry* next; + unsigned int index; +} hash_iter_t; + +typedef unsigned int (*hash_hash_func) (const void *data); + +typedef int (*hash_equal_func) (const void *one, + const void *two); + +typedef void (*hash_destroy_func) (void *data); /* ----------------------------------------------------------------------------- * MAIN */ /* - * hsh_create : Create a hash table + * hash_create : Create a hash table * - returns an allocated hashtable */ -hsh_t* hsh_create(void); +hash_t* hash_create (hash_hash_func hash_func, + hash_equal_func equal_func, + hash_destroy_func key_destroy_func, + hash_destroy_func value_destroy_func); /* - * hsh_free : Free a hash table + * hash_free : Free a hash table */ -void hsh_free(hsh_t* ht); +void hash_free (hash_t* ht); /* - * hsh_count: Number of values in hash table + * hash_count: Number of values in hash table * - returns the number of entries in hash table */ -unsigned int hsh_count(hsh_t* ht); +unsigned int hash_count (hash_t* ht); /* - * hsh_get: Retrieves a value from the hash table + * hash_get: Retrieves a value from the hash table * - returns the value of the entry */ -void* hsh_get(hsh_t* ht, const void* key, size_t klen); +void* hash_get (hash_t* ht, + const void *key); /* - * hsh_set: Set a value in the hash table + * hash_set: Set a value in the hash table * - returns 1 if the entry was added properly */ -int hsh_set(hsh_t* ht, const void* key, size_t klen, void* val); +int hash_set (hash_t* ht, + void *key, + void *value); /* - * hsh_rem: Remove a value from the hash table - * - returns the value of the removed entry + * hash_remove: Remove a value from the hash table + * - returns 1 if the entry was found */ -void* hsh_rem(hsh_t* ht, const void* key, size_t klen); +int hash_remove (hash_t* ht, + const void* key); /* - * hsh_first: Start enumerating through the hash table + * hash_first: Start enumerating through the hash table * - returns a hash iterator */ -hsh_index_t* hsh_first(hsh_t* ht); +void hash_iterate (hash_t* ht, + hash_iter_t *hi); /* - * hsh_next: Enumerate through hash table - * - returns the hash iterator or null when no more entries + * hash_next: Enumerate through hash table + * - sets key and value to key and/or value + * - returns whether there was another entry */ -hsh_index_t* hsh_next(hsh_index_t* hi); +int hash_next (hash_iter_t* hi, + void **key, + void **value); /* - * hsh_this: While enumerating get current value - * - returns the value that the iterator currently points to + * hash_clear: Clear all values from has htable. */ -void* hsh_this(hsh_index_t* hi, const void** key, size_t* klen); +void hash_clear (hash_t* ht); -/* - * hsh_clear: Clear all values from has htable. +/* ----------------------------------------------------------------------------- + * HASH FUNCTIONS */ -void hsh_clear(hsh_t* ht); -/* - * This can be passed as 'klen' in any of the above functions to indicate - * a string-valued key, and have hash compute the length automatically. - */ -#define HSH_KEY_STRING (-1) +unsigned int hash_string_hash (const void *string); + +int hash_string_equal (const void *string_one, + const void *string_two); + +unsigned int hash_ulongptr_hash (const void *to_ulong); + +int hash_ulongptr_equal (const void *ulong_one, + const void *ulong_two); + +unsigned int hash_direct_hash (const void *ptr); + +int hash_direct_equal (const void *ptr_one, + const void *ptr_two); -#endif /* __HSH_H__ */ +#endif /* __HASH_H__ */ diff --git a/module/p11-kit-lib.c b/module/p11-kit-lib.c new file mode 100644 index 0000000..60662d1 --- /dev/null +++ b/module/p11-kit-lib.c @@ -0,0 +1,810 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2008 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@collabora.co.uk> + */ + +#include "config.h" + +#include "conf.h" +#include "hash.h" +#include "pkcs11.h" +#include "p11-kit.h" +#include "p11-kit-private.h" + +#include <sys/types.h> + +#include <assert.h> +#include <dirent.h> +#include <dlfcn.h> +#include <errno.h> +#include <pthread.h> +#include <pwd.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +typedef struct _Module { + char *name; + hash_t *config; + void *dl_module; + CK_FUNCTION_LIST_PTR funcs; + int ref_count; + int initialize_count; +} Module; + +/* + * This is the mutex that protects the global data of this library + * and the pkcs11 proxy module. Note that we *never* call into our + * underlying pkcs11 modules while holding this mutex. Therefore it + * doesn't have to be recursive and we can keep things simple. + */ +pthread_mutex_t _p11_mutex = PTHREAD_MUTEX_INITIALIZER; + +/* + * Shared data between threads, protected by the mutex, a structure so + * we can audit thread safety easier. + */ +static struct _Shared { + hash_t *modules; + hash_t *config; +} gl = { NULL, NULL }; + +/* ----------------------------------------------------------------------------- + * UTILITIES + */ + +static void +warning (const char* msg, ...) +{ + char buffer[512]; + va_list va; + + va_start (va, msg); + + vsnprintf(buffer, sizeof (buffer) - 1, msg, va); + buffer[sizeof (buffer) - 1] = 0; + fprintf (stderr, "p11-kit: %s\n", buffer); + + va_end (va); +} + +void +conf_error (const char *filename, const char *buffer) +{ + /* called from conf.c */ + fprintf (stderr, "p11-kit: %s\n", buffer); +} + +static char* +strconcat (const char *first, ...) +{ + size_t length = 0; + const char *arg; + char *result, *at; + va_list va; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) + length += strlen (arg); + + va_end (va); + + at = result = malloc (length); + if (!result) + return NULL; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) { + length = strlen (arg); + memcpy (at, arg, length); + at += length; + } + + va_end (va); + + *at = 0; + return result; +} + +static int +strequal (const char *one, const char *two) +{ + return strcmp (one, two) == 0; +} + +/* ----------------------------------------------------------------------------- + * P11-KIT FUNCTIONALITY + */ + +static void +free_module_unlocked (void *data) +{ + Module *module = data; + + assert (module); + + /* Module must be finalized */ + assert (module->initialize_count == 0); + + /* Module must have no outstanding references */ + assert (module->ref_count == 0); + + dlclose (module->dl_module); + hash_free (module->config); + free (module->name); + free (module); +} + +static CK_RV +load_module_from_config_unlocked (const char *configfile, const char *name) +{ + Module *module, *prev; + const char *path; + CK_C_GetFunctionList gfl; + CK_RV rv; + + assert (configfile); + + module = calloc (sizeof (Module), 1); + if (!module) + return CKR_HOST_MEMORY; + + module->config = conf_parse_file (configfile, 0); + if (!module->config) { + free_module_unlocked (module); + if (errno == ENOMEM) + return CKR_HOST_MEMORY; + return CKR_GENERAL_ERROR; + } + + module->name = strdup (name); + if (!module->name) { + free_module_unlocked (module); + return CKR_HOST_MEMORY; + } + + path = hash_get (module->config, "module"); + if (path == NULL) { + free_module_unlocked (module); + warning ("no module path specified in config: %s", configfile); + return CKR_GENERAL_ERROR; + } + + module->dl_module = dlopen (path, RTLD_LOCAL | RTLD_NOW); + if (module->dl_module == NULL) { + warning ("couldn't load module: %s: %s", path, dlerror ()); + free_module_unlocked (module); + return CKR_GENERAL_ERROR; + } + + gfl = dlsym (module->dl_module, "C_GetFunctionList"); + if (!gfl) { + warning ("couldn't find C_GetFunctionList entry point in module: %s: %s", + path, dlerror ()); + free_module_unlocked (module); + return CKR_GENERAL_ERROR; + } + + rv = gfl (&module->funcs); + if (rv != CKR_OK) { + warning ("call to C_GetFunctiontList failed in module: %s: %lu", + path, (unsigned long)rv); + free_module_unlocked (module); + return rv; + } + + prev = hash_get (gl.modules, module->funcs); + + /* Replace previous module that was loaded explicitly? */ + if (prev && !prev->name) { + module->ref_count = prev->ref_count; + module->initialize_count = prev->initialize_count; + prev->ref_count = 0; + prev->initialize_count = 0; + hash_set (gl.modules, module->funcs, module); + prev = NULL; /* freed by hash above */ + } + + /* Refuse to load duplicate module */ + if (prev) { + warning ("duplicate configured module: %s: %s", + module->name, path); + free_module_unlocked (module); + return CKR_GENERAL_ERROR; + } + + return CKR_OK; +} + +static CK_RV +load_modules_from_config_unlocked (const char *directory) +{ + struct dirent *dp; + CK_RV rv = CKR_OK; + DIR *dir; + char *path; + + /* First we load all the modules */ + dir = opendir (directory); + if (!dir) { + if (errno == ENOENT || errno == ENOTDIR) + warning ("couldn't list directory: %s", directory); + return CKR_GENERAL_ERROR; + } + + /* We're within a global mutex, so readdir is safe */ + while ((dp = readdir(dir)) != NULL) { + path = strconcat (directory, "/", dp->d_name); + if (!path) { + rv = CKR_HOST_MEMORY; + break; + } + + rv = load_module_from_config_unlocked (path, dp->d_name); + free (path); + + if (rv != CKR_OK) + break; + } + + closedir (dir); + + return rv; +} + +static CK_RV +load_config_modules_unlocked (hash_t *config) +{ + const char *user_config; + struct passwd *pwd; + char *path; + CK_RV rv; + + /* Whether we should use or override from user directory */ + user_config = hash_get (config, "user-config"); + if (user_config == NULL) + user_config = "none"; + + /* Load each module from the main list */ + if (strequal (user_config, "none") || strequal (user_config, "merge")) { + rv = load_modules_from_config_unlocked (PKCS11_CONFIG_LIBS); + if (rv != CKR_OK); + return rv; + } + if (strequal (user_config, "override") || strequal (user_config, "merge")) { + pwd = getpwuid (getuid ()); + if (!pwd) + rv = CKR_GENERAL_ERROR; + else { + path = strconcat (pwd->pw_dir, "/.pkcs11/libs"); + if (path == NULL) + rv = CKR_HOST_MEMORY; + else + rv = load_modules_from_config_unlocked (path); + free (path); + } + if (rv != CKR_OK); + return rv; + } + + return CKR_OK; +} + +static CK_RV +load_registered_modules_unlocked (void) +{ + hash_t *config; + CK_RV rv; + + /* Should only be called after everything has been unloaded */ + assert (!gl.config); + + /* Load the main configuration */ + config = conf_parse_file (PKCS11_CONFIG_FILE, CONF_IGNORE_MISSING); + if (!config) { + if (errno == ENOMEM) + return CKR_HOST_MEMORY; + return CKR_GENERAL_ERROR; + } + + rv = load_config_modules_unlocked (config); + if (rv != CKR_OK) { + hash_free (config); + return rv; + } + + gl.config = config; + return CKR_OK; +} + +static CK_RV +create_mutex (CK_VOID_PTR_PTR mut) +{ + pthread_mutex_t *pmutex; + int err; + + pmutex = malloc (sizeof (pthread_mutex_t)); + if (!pmutex) + return CKR_HOST_MEMORY; + err = pthread_mutex_init (pmutex, NULL); + if (err == ENOMEM) + return CKR_HOST_MEMORY; + else if (err != 0) + return CKR_GENERAL_ERROR; + *mut = pmutex; + return CKR_OK; +} + +static CK_RV +destroy_mutex (CK_VOID_PTR mut) +{ + pthread_mutex_t *pmutex = mut; + int err; + + err = pthread_mutex_destroy (pmutex); + if (err == EINVAL) + return CKR_MUTEX_BAD; + else if (err != 0) + return CKR_GENERAL_ERROR; + free (pmutex); + return CKR_OK; +} + +static CK_RV +lock_mutex (CK_VOID_PTR mut) +{ + pthread_mutex_t *pmutex = mut; + int err; + + err = pthread_mutex_lock (pmutex); + if (err == EINVAL) + return CKR_MUTEX_BAD; + else if (err != 0) + return CKR_GENERAL_ERROR; + return CKR_OK; +} + +static CK_RV +unlock_mutex (CK_VOID_PTR mut) +{ + pthread_mutex_t *pmutex = mut; + int err; + + err = pthread_mutex_unlock (pmutex); + if (err == EINVAL) + return CKR_MUTEX_BAD; + else if (err == EPERM) + return CKR_MUTEX_NOT_LOCKED; + else if (err != 0) + return CKR_GENERAL_ERROR; + return CKR_OK; +} + +static CK_RV +initialize_module_unlocked_reentrant (Module *module, CK_C_INITIALIZE_ARGS_PTR args) +{ + CK_RV rv = CKR_OK; + + assert (module); + + /* + * Initialize first, so module doesn't get freed out from + * underneath us when the mutex is unlocked below. + */ + ++module->ref_count; + + if (!module->initialize_count) { + + _p11_unlock (); + + assert (module->funcs); + rv = module->funcs->C_Initialize (args); + + _p11_lock (); + + /* + * Because we have the mutex unlocked above, two initializes could + * race. Therefore we need to take CKR_CRYPTOKI_ALREADY_INITIALIZED + * into account. + * + * We also need to take into account where in a race both calls return + * CKR_OK (which is not according to the spec but may happen, I mean we + * do it in this module, so it's not unimaginable). + */ + + if (rv == CKR_OK) + ++module->initialize_count; + else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) + rv = CKR_OK; + else + --module->ref_count; + } + + return rv; +} + +static CK_RV +init_modules_unlocked (void) +{ + if (!gl.modules) + gl.modules = hash_create (hash_direct_hash, hash_direct_equal, + NULL, free_module_unlocked); + if (!gl.modules) + return CKR_HOST_MEMORY; + return CKR_OK; +} + +static void +free_modules_when_no_refs_unlocked (void) +{ + Module *module; + hash_iter_t it; + + /* Check if any modules have a ref count */ + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + if (module->ref_count) + return; + } + + hash_free (gl.modules); + gl.modules = NULL; + hash_free (gl.config); + gl.config = NULL; +} + +static CK_RV +finalize_module_unlocked_reentrant (Module *module, CK_VOID_PTR args) +{ + assert (module); + + /* + * We leave module info around until all are finalized + * so we can encounter these zombie Module structures. + */ + if (module->ref_count == 0) + return CKR_ARGUMENTS_BAD; + + if (--module->ref_count > 0) + return CKR_OK; + + /* + * Becuase of the mutex unlock below, we temporarily increase + * the ref count. This prevents module from being freed out + * from ounder us. + */ + ++module->ref_count; + + while (module->initialize_count > 0) { + + _p11_unlock (); + + assert (module->funcs); + module->funcs->C_Finalize (args); + + _p11_lock (); + + if (module->initialize_count > 0) + --module->initialize_count; + } + + /* Match the increment above */ + --module->ref_count; + + free_modules_when_no_refs_unlocked (); + return CKR_OK; +} + +static Module* +find_module_for_name_unlocked (const char *name) +{ + Module *module; + hash_iter_t it; + + assert (name); + + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) + if (module->ref_count && module->name && strcmp (name, module->name)) + return module; + return NULL; +} + +CK_RV +_p11_kit_initialize_registered_unlocked_reentrant (CK_C_INITIALIZE_ARGS_PTR args) +{ + Module *module; + hash_iter_t it; + CK_RV rv; + + rv = load_registered_modules_unlocked (); + if (rv == CKR_OK) { + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + + /* Skip all modules that aren't registered */ + if (!module->name) + continue; + + rv = initialize_module_unlocked_reentrant (module, args); + + if (rv != CKR_OK) + break; + } + } + + return rv; +} + +CK_RV +p11_kit_initialize_registered (void) +{ + CK_C_INITIALIZE_ARGS args; + CK_RV rv; + + /* WARNING: This function must be reentrant */ + + memset (&args, 0, sizeof (args)); + args.CreateMutex = create_mutex; + args.DestroyMutex = destroy_mutex; + args.LockMutex = lock_mutex; + args.UnlockMutex = unlock_mutex; + args.flags = CKF_OS_LOCKING_OK; + + _p11_lock (); + + /* WARNING: Reentrancy can occur here */ + rv = _p11_kit_initialize_registered_unlocked_reentrant (&args); + + _p11_unlock (); + + /* Cleanup any partial initialization */ + if (rv != CKR_OK) + p11_kit_finalize_registered (); + + return rv; +} + +CK_RV +_p11_kit_finalize_registered_unlocked_reentrant (CK_VOID_PTR args) +{ + Module *module; + hash_iter_t it; + Module **to_finalize; + int i, count; + + if (!gl.modules) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + /* WARNING: This function must be reentrant */ + + to_finalize = calloc (hash_count (gl.modules), sizeof (Module*)); + if (!to_finalize) + return CKR_HOST_MEMORY; + + count = 0; + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + + /* Skip all modules that aren't registered */ + if (module->name) + to_finalize[count++] = module; + } + + for (i = 0; i < count; ++i) { + + /* WARNING: Reentrant calls can occur here */ + finalize_module_unlocked_reentrant (to_finalize[i], args); + } + + free (to_finalize); + return CKR_OK; +} + +CK_RV +p11_kit_finalize_registered (void) +{ + CK_RV rv; + + /* WARNING: This function must be reentrant */ + + _p11_lock (); + + /* WARNING: Reentrant calls can occur here */ + rv = _p11_kit_finalize_registered_unlocked_reentrant (NULL); + + _p11_unlock (); + + return rv; +} + +CK_FUNCTION_LIST_PTR_PTR +_p11_kit_registered_modules_unlocked (void) +{ + CK_FUNCTION_LIST_PTR_PTR result; + Module *module; + hash_iter_t it; + int i = 0; + + result = calloc (hash_count (gl.modules) + 1, sizeof (CK_FUNCTION_LIST_PTR)); + if (result) { + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + if (module->ref_count && module->name) + result[i++] = module->funcs; + } + } + + return result; +} + +CK_FUNCTION_LIST_PTR_PTR +p11_kit_registered_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR result; + + _p11_lock (); + + result = _p11_kit_registered_modules_unlocked (); + + _p11_unlock (); + + return result; +} + +char* +p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs) +{ + Module *module; + char *name = NULL; + + if (!funcs) + return NULL; + + _p11_lock (); + + module = gl.modules ? hash_get (gl.modules, funcs) : NULL; + if (module && module->name) + name = strdup (module->name); + + _p11_unlock (); + + return name; +} + +CK_FUNCTION_LIST_PTR +p11_kit_registered_name_to_module (const char *name) +{ + CK_FUNCTION_LIST_PTR funcs = NULL; + Module *module; + + _p11_lock (); + + if (gl.modules) { + module = find_module_for_name_unlocked (name); + if (module) + funcs = module->funcs; + } + + _p11_unlock (); + + return funcs; +} + +char* +p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, const char *field) +{ + Module *module; + char *option = NULL; + + if (!funcs || !field) + return NULL; + + _p11_lock (); + + module = gl.modules ? hash_get (gl.modules, funcs) : NULL; + if (module && module->config) { + option = hash_get (module->config, field); + if (option) + option = strdup (option); + } + + _p11_unlock (); + + return option; +} + +CK_RV +p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs, CK_C_INITIALIZE_ARGS_PTR init_args) +{ + Module *module; + Module *allocated = NULL; + CK_RV rv = CKR_OK; + + /* WARNING: This function must be reentrant for the same arguments */ + + _p11_lock (); + + rv = init_modules_unlocked (); + if (rv == CKR_OK) { + + module = hash_get (gl.modules, funcs); + if (module == NULL) { + allocated = module = calloc (1, sizeof (Module)); + module->funcs = funcs; + } + + /* WARNING: Reentrancy can occur here */ + rv = initialize_module_unlocked_reentrant (module, init_args); + + /* If this was newly allocated, add it to the list */ + if (rv == CKR_OK && allocated) { + hash_set (gl.modules, allocated->funcs, allocated); + allocated = NULL; + } + + free (allocated); + } + + _p11_unlock (); + + return rv; +} + +CK_RV +p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs, CK_VOID_PTR reserved) +{ + Module *module; + CK_RV rv = CKR_OK; + + /* WARNING: This function must be reentrant for the same arguments */ + + _p11_lock (); + + module = gl.modules ? hash_get (gl.modules, funcs) : NULL; + if (module == NULL) { + rv = CKR_ARGUMENTS_BAD; + } else { + /* WARNING: Rentrancy can occur here */ + rv = finalize_module_unlocked_reentrant (module, reserved); + } + + _p11_unlock (); + + return rv; +} diff --git a/module/p11-kit-private.h b/module/p11-kit-private.h new file mode 100644 index 0000000..d5498f8 --- /dev/null +++ b/module/p11-kit-private.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@collabora.co.uk> + */ + +#ifndef __P11_KIT_PRIVATE_H__ +#define __P11_KIT_PRIVATE_H__ + +extern pthread_mutex_t _p11_mutex; + +#define _p11_lock() pthread_mutex_lock (&_p11_mutex); + +#define _p11_unlock() pthread_mutex_unlock (&_p11_mutex); + +CK_FUNCTION_LIST_PTR_PTR _p11_kit_registered_modules_unlocked (void); + +CK_RV _p11_kit_initialize_registered_unlocked_reentrant (CK_C_INITIALIZE_ARGS_PTR args); + +CK_RV _p11_kit_finalize_registered_unlocked_reentrant (CK_VOID_PTR args); + + +#endif /* __P11_KIT_PRIVATE_H__ */ diff --git a/module/p11-kit.c b/module/p11-kit-proxy.c index ddce209..b02722b 100644 --- a/module/p11-kit.c +++ b/module/p11-kit-proxy.c @@ -38,11 +38,10 @@ #include "hash.h" #include "pkcs11.h" #include "p11-kit.h" +#include "p11-kit-private.h" #include <sys/types.h> #include <assert.h> -#include <dirent.h> -#include <dlfcn.h> #include <errno.h> #include <pthread.h> #include <stdarg.h> @@ -67,39 +66,20 @@ typedef struct _Session { CK_SLOT_ID wrap_slot; } Session; -typedef struct _Module { - char *name; - char *path; - void *dl_module; - CK_FUNCTION_LIST_PTR funcs; - int ref_count; - int initialize_count; - struct _Module *next; -} Module; - /* Forward declaration */ static CK_FUNCTION_LIST proxy_function_list; /* - * This is the mutex that protects the global data of this library - * and the pkcs11 proxy module. Note that we *never* call into our - * underlying pkcs11 modules while holding this mutex. Therefore it - * doesn't have to be recursive and we can keep things simple. - */ -static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - -/* * Shared data between threads, protected by the mutex, a structure so * we can audit thread safety easier. */ static struct _Shared { Mapping *mappings; unsigned int n_mappings; - hsh_t *sessions; - Module *modules; + int mappings_refs; + hash_t *sessions; CK_ULONG last_handle; - int registered_loaded; -} gl = { NULL, 0, NULL, NULL, FIRST_HANDLE, 0 }; +} gl = { NULL, 0, 0, NULL, FIRST_HANDLE }; #define MANUFACTURER_ID "PKCS#11 Kit " #define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " @@ -110,71 +90,6 @@ static struct _Shared { * UTILITIES */ -static void -warning (const char* msg, ...) -{ - char buffer[512]; - va_list va; - - va_start (va, msg); - - vsnprintf(buffer, sizeof (buffer) - 1, msg, va); - buffer[sizeof (buffer) - 1] = 0; - fprintf (stderr, "p11-kit: %s\n", buffer); - - va_end (va); -} - -static char* -strconcat (const char *first, ...) -{ - size_t length = 0; - const char *arg; - char *result, *at; - va_list va; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) - length += strlen (arg); - - va_end (va); - - at = result = malloc (length); - if (!result) - return NULL; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) { - length = strlen (arg); - memcpy (at, arg, length); - at += length; - } - - va_end (va); - - *at = 0; - return result; -} - -static int -ends_with (const char *haystack, const char *needle) -{ - size_t haystack_len, needle_len; - - assert (haystack); - assert (needle); - - haystack_len = strlen (haystack); - needle_len = strlen (needle); - - if (needle_len > haystack_len) - return 0; - return memcmp (haystack + (haystack_len - needle_len), - needle, needle_len) == 0; -} - static void* xrealloc (void * memory, size_t length) { @@ -185,516 +100,6 @@ xrealloc (void * memory, size_t length) } /* ----------------------------------------------------------------------------- - * P11-KIT FUNCTIONALITY - */ - -static CK_RV -load_module_unlocked (const char *name, Module *module) -{ - CK_C_GetFunctionList gfl; - CK_RV rv; - - /* - * TODO: This function will change significantly once we're loading - * from a config, see below. - */ - assert (name); - assert (module); - - module->name = strdup (name); - if (!module->name) - return CKR_HOST_MEMORY; - - module->path = strconcat (PKCS11_MODULE_PATH, "/", name, NULL); - if (!module->path) - return CKR_HOST_MEMORY; - - module->dl_module = dlopen (module->path, RTLD_LOCAL | RTLD_NOW); - if (module->dl_module == NULL) { - warning ("couldn't load module: %s: %s", - module->path, dlerror ()); - return CKR_GENERAL_ERROR; - } - - gfl = dlsym (module->dl_module, "C_GetFunctionList"); - if (!gfl) { - warning ("couldn't find C_GetFunctionList entry point in module: %s: %s", - module->path, dlerror ()); - return CKR_GENERAL_ERROR; - } - - rv = gfl (&module->funcs); - if (rv != CKR_OK) { - warning ("call to C_GetFunctiontList failed in module: %s: %lu", - module->path, (unsigned long)rv); - return rv; - } - - return CKR_OK; -} - -static void -unload_module_unlocked (Module *module) -{ - assert (module); - - /* Should have been finalized before this */ - assert (!module->initialize_count); - - if (module->dl_module) { - dlclose (module->dl_module); - module->dl_module = NULL; - } - - free (module->path); - module->path = NULL; - - free (module->name); - module->name = NULL; - - module->funcs = NULL; -} - -static CK_RV -load_registered_modules_unlocked (void) -{ - struct dirent *dp; - Module *module; - DIR *dir; - CK_RV rv; - - /* First we load all the modules */ - dir = opendir (PKCS11_MODULE_PATH); - - /* We're within a global mutex, so readdir is safe */ - while ((dp = readdir(dir)) != NULL) { - if ((dp->d_type == DT_LNK || dp->d_type == DT_REG) && - !ends_with (dp->d_name, ".la")) { - - module = calloc (sizeof (Module), 1); - if (!module) - rv = CKR_HOST_MEMORY; - else - rv = load_module_unlocked (dp->d_name, module); - - /* Cleanup for failures happens at caller */ - module->next = gl.modules; - gl.modules = module; - - if (rv != CKR_OK) - break; - } - } - - closedir (dir); - - return rv; -} - -static CK_RV -create_mutex (CK_VOID_PTR_PTR mut) -{ - pthread_mutex_t *pmutex; - int err; - - pmutex = malloc (sizeof (pthread_mutex_t)); - if (!pmutex) - return CKR_HOST_MEMORY; - err = pthread_mutex_init (pmutex, NULL); - if (err == ENOMEM) - return CKR_HOST_MEMORY; - else if (err != 0) - return CKR_GENERAL_ERROR; - *mut = pmutex; - return CKR_OK; -} - -static CK_RV -destroy_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_destroy (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err != 0) - return CKR_GENERAL_ERROR; - free (pmutex); - return CKR_OK; -} - -static CK_RV -lock_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_lock (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err != 0) - return CKR_GENERAL_ERROR; - return CKR_OK; -} - -static CK_RV -unlock_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_unlock (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err == EPERM) - return CKR_MUTEX_NOT_LOCKED; - else if (err != 0) - return CKR_GENERAL_ERROR; - return CKR_OK; -} - -static CK_RV -initialize_module_unlocked_reentrant (Module *module, CK_C_INITIALIZE_ARGS_PTR args) -{ - CK_RV rv = CKR_OK; - - assert (module); - - /* - * Initialize first, so module doesn't get freed out from - * underneath us when the mutex is unlocked below. - */ - ++module->ref_count; - - if (!module->initialize_count) { - - pthread_mutex_unlock (&mutex); - - assert (module->funcs); - rv = module->funcs->C_Initialize (args); - - pthread_mutex_lock (&mutex); - - /* - * Because we have the mutex unlocked above, two initializes could - * race. Therefore we need to take CKR_CRYPTOKI_ALREADY_INITIALIZED - * into account. - * - * We also need to take into account where in a race both calls return - * CKR_OK (which is not according to the spec but may happen, I mean we - * do it in this module, so it's not unimaginable). - */ - - if (rv == CKR_OK) - ++module->initialize_count; - else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) - rv = CKR_OK; - else - --module->ref_count; - } - - return rv; -} - -static CK_RV -finalize_module_unlocked_reentrant (Module *module, CK_VOID_PTR args) -{ - Module *mod, *next; - - assert (module); - - /* - * We leave module info around until all are finalized - * so we can encounter these zombie Module structures. - */ - if (module->ref_count == 0) - return CKR_ARGUMENTS_BAD; - - if (--module->ref_count > 0) - return CKR_OK; - - /* - * Becuase of the mutex unlock below, we temporarily increase - * the ref count. This prevents module from being freed out - * from ounder us. - */ - ++module->ref_count; - - while (module->initialize_count > 0) { - - pthread_mutex_unlock (&mutex); - - assert (module->funcs); - module->funcs->C_Finalize (args); - - pthread_mutex_lock (&mutex); - - if (module->initialize_count > 0) - --module->initialize_count; - } - - /* Match the increment above */ - --module->ref_count; - - /* Check if any modules have a ref count */ - for (mod = gl.modules; mod; mod = mod->next) { - if (mod->ref_count) - break; - } - - /* No modules had a refcount? unload and free all info */ - if (mod == NULL) { - for (mod = gl.modules; mod; mod = next) { - next = mod->next; - unload_module_unlocked (mod); - free (mod); - } - gl.modules = NULL; - gl.registered_loaded = 0; - } - - return CKR_OK; -} - -static Module* -find_module_for_funcs_unlocked (CK_FUNCTION_LIST_PTR funcs) -{ - Module *module; - - assert (funcs); - - for (module = gl.modules; module; module = module->next) - if (module->ref_count && module->funcs == funcs) - return module; - return NULL; -} - -static Module* -find_module_for_name_unlocked (const char *name) -{ - Module *module; - - assert (name); - - for (module = gl.modules; module; module = module->next) - if (module->ref_count && module->name && strcmp (name, module->name)) - return module; - return NULL; -} - -static CK_RV -initialize_registered_unlocked_reentrant (CK_C_INITIALIZE_ARGS_PTR args) -{ - Module *module; - CK_RV rv; - - rv = load_registered_modules_unlocked (); - if (rv == CKR_OK) { - for (module = gl.modules; module; module = module->next) { - - /* Skip all modules that aren't registered */ - if (!module->name) - continue; - - rv = initialize_module_unlocked_reentrant (module, args); - - if (rv != CKR_OK) - break; - } - } - - return rv; -} - -CK_RV -p11_kit_initialize_registered (void) -{ - CK_C_INITIALIZE_ARGS args; - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - memset (&args, 0, sizeof (args)); - args.CreateMutex = create_mutex; - args.DestroyMutex = destroy_mutex; - args.LockMutex = lock_mutex; - args.UnlockMutex = unlock_mutex; - args.flags = CKF_OS_LOCKING_OK; - - pthread_mutex_lock (&mutex); - - /* WARNING: Reentrancy can occur here */ - rv = initialize_registered_unlocked_reentrant (&args); - - pthread_mutex_unlock (&mutex); - - /* Cleanup any partial initialization */ - if (rv != CKR_OK) - p11_kit_finalize_registered (); - - return rv; -} - -static CK_RV -finalize_registered_unlocked_reentrant (CK_VOID_PTR args) -{ - Module *module; - - /* WARNING: This function must be reentrant */ - - for (module = gl.modules; module; module = module->next) { - - /* Skip all modules that aren't registered */ - if (!module->name) - continue; - - /* WARNING: Reentrant calls can occur here */ - finalize_module_unlocked_reentrant (module, args); - } - - return CKR_OK; -} -CK_RV -p11_kit_finalize_registered (void) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - pthread_mutex_lock (&mutex); - - /* WARNING: Reentrant calls can occur here */ - rv = finalize_registered_unlocked_reentrant (NULL); - - pthread_mutex_unlock (&mutex); - - return rv; -} - -char** -p11_kit_registered_names (void) -{ - Module *module; - char **result; - int count, i; - - pthread_mutex_lock (&mutex); - - for (module = gl.modules, count = 0; - module; module = module->next) - ++count; - result = calloc (count + 1, sizeof (char*)); - if (result) { - for (module = gl.modules, i = 0; - module; module = module->next, ++i) - result[i] = strdup (module->name); - } - - pthread_mutex_unlock (&mutex); - - return result; -} - -CK_FUNCTION_LIST_PTR -p11_kit_registered_module (const char *module_name) -{ - CK_FUNCTION_LIST_PTR result; - Module *module; - - if (!module_name) - return NULL; - - pthread_mutex_lock (&mutex); - - module = find_module_for_name_unlocked (module_name); - if (module) { - assert (module); - result = module->funcs; - } - - pthread_mutex_unlock (&mutex); - - return result; -} - -void -p11_kit_free_names (char **module_names) -{ - char **name; - for (name = module_names; *name; ++name) - free (name); -} - -char* -p11_kit_registered_option (const char *module_name, const char *field) -{ - /* TODO: Need to implement */ - assert (0); - return NULL; -} - -CK_RV -p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs, CK_C_INITIALIZE_ARGS_PTR init_args) -{ - Module *module; - Module *allocated = NULL; - CK_RV rv = CKR_OK; - - /* WARNING: This function must be reentrant for the same arguments */ - - pthread_mutex_lock (&mutex); - - module = find_module_for_funcs_unlocked (funcs); - if (module == NULL) { - allocated = module = calloc (1, sizeof (Module)); - module->name = NULL; - module->dl_module = NULL; - module->path = NULL; - module->funcs = funcs; - } - - /* WARNING: Reentrancy can occur here */ - rv = initialize_module_unlocked_reentrant (module, init_args); - - /* If this was newly allocated, add it to the list */ - if (rv == CKR_OK && allocated) { - allocated->next = gl.modules; - gl.modules = allocated; - allocated = NULL; - } - - free (allocated); - - pthread_mutex_unlock (&mutex); - - return rv; -} - -CK_RV -p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs, CK_VOID_PTR reserved) -{ - Module *module; - CK_RV rv = CKR_OK; - - /* WARNING: This function must be reentrant for the same arguments */ - - pthread_mutex_lock (&mutex); - - module = find_module_for_funcs_unlocked (funcs); - if (module == NULL) { - rv = CKR_ARGUMENTS_BAD; - } else { - /* WARNING: Rentrancy can occur here */ - rv = finalize_module_unlocked_reentrant (module, reserved); - } - - pthread_mutex_unlock (&mutex); - - return rv; -} - -/* ----------------------------------------------------------------------------- * PKCS#11 PROXY MODULE */ @@ -723,7 +128,7 @@ map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping) assert (mapping); - pthread_mutex_lock (&mutex); + _p11_lock (); if (!gl.mappings) rv = CKR_CRYPTOKI_NOT_INITIALIZED; @@ -732,7 +137,7 @@ map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping) if (rv == CKR_OK) *slot = mapping->real_slot; - pthread_mutex_unlock (&mutex); + _p11_unlock (); return rv; } @@ -746,13 +151,13 @@ map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *se assert (handle); assert (mapping); - pthread_mutex_lock (&mutex); + _p11_lock (); if (!gl.sessions) { rv = CKR_CRYPTOKI_NOT_INITIALIZED; } else { assert (gl.sessions); - sess = hsh_get (gl.sessions, handle, sizeof (handle)); + sess = hash_get (gl.sessions, &handle); if (sess != NULL) { *handle = sess->real_session; rv = map_slot_unlocked (sess->wrap_slot, mapping); @@ -763,7 +168,7 @@ map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *se } } - pthread_mutex_unlock (&mutex); + _p11_unlock (); return rv; } @@ -771,7 +176,10 @@ map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *se static void finalize_mappings_unlocked (void) { - hsh_index_t *iter; + assert (gl.mappings_refs); + + if (--gl.mappings_refs) + return; /* No more mappings */ free (gl.mappings); @@ -779,12 +187,8 @@ finalize_mappings_unlocked (void) gl.n_mappings = 0; /* no more sessions */ - if (gl.sessions) { - for (iter = hsh_first (gl.sessions); iter; iter = hsh_next (iter)) - free (hsh_this (iter, NULL, NULL)); - hsh_free (gl.sessions); - gl.sessions = NULL; - } + hash_free (gl.sessions); + gl.sessions = NULL; } static CK_RV @@ -797,19 +201,19 @@ proxy_C_Finalize (CK_VOID_PTR reserved) if (reserved) return CKR_ARGUMENTS_BAD; - pthread_mutex_lock (&mutex); + _p11_lock (); /* WARNING: Reentrancy can occur here */ - rv = finalize_registered_unlocked_reentrant (reserved); + rv = _p11_kit_finalize_registered_unlocked_reentrant (reserved); /* * If modules are all gone, then this was the last * finalize, so cleanup our mappings */ - if (gl.modules == NULL) + if (gl.mappings_refs) finalize_mappings_unlocked (); - pthread_mutex_unlock (&mutex); + _p11_unlock (); return rv; } @@ -817,27 +221,24 @@ proxy_C_Finalize (CK_VOID_PTR reserved) static CK_RV initialize_mappings_unlocked_reentrant (void) { + CK_FUNCTION_LIST_PTR *funcss, *f; CK_FUNCTION_LIST_PTR funcs; Mapping *mappings = NULL; int n_mappings = 0; CK_SLOT_ID_PTR slots; CK_ULONG i, count; - Module *module; CK_RV rv; assert (!gl.mappings); - for (module = gl.modules; module; module = module->next) { + funcss = _p11_kit_registered_modules_unlocked (); + for (f = funcss; *f; ++f) { + funcs = *f; - /* Only do registered modules */ - if (module->ref_count && !module->name) - continue; - - funcs = module->funcs; assert (funcs); slots = NULL; - pthread_mutex_unlock (&mutex); + _p11_unlock (); /* Ask module for its slots */ rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); @@ -849,7 +250,7 @@ initialize_mappings_unlocked_reentrant (void) rv = (funcs->C_GetSlotList) (FALSE, slots, &count); } - pthread_mutex_lock (&mutex); + _p11_lock (); if (rv != CKR_OK) { free (slots); @@ -881,7 +282,8 @@ initialize_mappings_unlocked_reentrant (void) } assert (!gl.sessions); - gl.sessions = hsh_create (); + gl.sessions = hash_create (hash_ulongptr_hash, hash_ulongptr_equal, NULL, free); + ++gl.mappings_refs; /* Any cleanup necessary for failure will happen at caller */ return rv; @@ -894,16 +296,16 @@ proxy_C_Initialize (CK_VOID_PTR init_args) /* WARNING: This function must be reentrant */ - pthread_mutex_lock (&mutex); + _p11_lock (); /* WARNING: Reentrancy can occur here */ - rv = initialize_registered_unlocked_reentrant (init_args); + rv = _p11_kit_initialize_registered_unlocked_reentrant (init_args); /* WARNING: Reentrancy can occur here */ - if (rv == CKR_OK && !gl.mappings) + if (rv == CKR_OK && !gl.mappings_refs == 0) rv = initialize_mappings_unlocked_reentrant (); - pthread_mutex_unlock (&mutex); + _p11_unlock (); if (rv != CKR_OK) proxy_C_Finalize (NULL); @@ -919,12 +321,12 @@ proxy_C_GetInfo (CK_INFO_PTR info) if (info == NULL) return CKR_ARGUMENTS_BAD; - pthread_mutex_lock (&mutex); + _p11_lock (); if (!gl.mappings) rv = CKR_CRYPTOKI_NOT_INITIALIZED; - pthread_mutex_unlock (&mutex); + _p11_unlock (); if (rv != CKR_OK) return rv; @@ -963,7 +365,7 @@ proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, if (!count) return CKR_ARGUMENTS_BAD; - pthread_mutex_lock (&mutex); + _p11_lock (); if (!gl.mappings) { rv = CKR_CRYPTOKI_NOT_INITIALIZED; @@ -996,7 +398,7 @@ proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, *count = index; } - pthread_mutex_unlock (&mutex); + _p11_unlock (); return rv; } @@ -1087,7 +489,7 @@ proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); if (rv == CKR_OK) { - pthread_mutex_lock (&mutex); + _p11_lock (); if (!gl.sessions) { /* @@ -1103,11 +505,11 @@ proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, sess->wrap_slot = map.wrap_slot; sess->real_session = *handle; sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */ - hsh_set (gl.sessions, &sess->wrap_session, sizeof (sess->wrap_session), sess); + hash_set (gl.sessions, &sess->wrap_session, sess); *handle = sess->wrap_session; } - pthread_mutex_unlock (&mutex); + _p11_unlock (); } return rv; @@ -1127,12 +529,12 @@ proxy_C_CloseSession (CK_SESSION_HANDLE handle) rv = (map.funcs->C_CloseSession) (handle); if (rv == CKR_OK) { - pthread_mutex_lock (&mutex); + _p11_lock (); if (gl.sessions) - hsh_rem (gl.sessions, &key, sizeof (key)); + hash_remove (gl.sessions, &key); - pthread_mutex_unlock (&mutex); + _p11_unlock (); } return rv; @@ -1144,28 +546,28 @@ proxy_C_CloseAllSessions (CK_SLOT_ID id) CK_SESSION_HANDLE_PTR to_close; CK_RV rv = CKR_OK; Session *sess; - CK_ULONG i, count; - hsh_index_t *iter; + CK_ULONG i, count = 0; + hash_iter_t iter; - pthread_mutex_lock (&mutex); + _p11_lock (); if (!gl.sessions) { rv = CKR_CRYPTOKI_NOT_INITIALIZED; } else { - to_close = calloc (sizeof (CK_SESSION_HANDLE), hsh_count (gl.sessions)); + to_close = calloc (sizeof (CK_SESSION_HANDLE), hash_count (gl.sessions)); if (!to_close) { rv = CKR_HOST_MEMORY; } else { - for (iter = hsh_first (gl.sessions), count = 0; - iter; iter = hsh_next (iter)) { - sess = hsh_this (iter, NULL, NULL); + hash_iterate (gl.sessions, &iter); + count = 0; + while (hash_next (&iter, NULL, (void**)&sess)) { if (sess->wrap_slot == id && to_close) to_close[count++] = sess->wrap_session; } } } - pthread_mutex_unlock (&mutex); + _p11_unlock (); if (rv != CKR_OK) return rv; diff --git a/module/p11-kit.h b/module/p11-kit.h index 88b0b8a..919d6b8 100644 --- a/module/p11-kit.h +++ b/module/p11-kit.h @@ -39,19 +39,19 @@ CK_RV p11_kit_initialize_registered (void); CK_RV p11_kit_finalize_registered (void); -char** p11_kit_registered_names (void); +CK_FUNCTION_LIST_PTR* p11_kit_registered_modules (void); -CK_FUNCTION_LIST_PTR p11_kit_registered_module (const char *module_name); +char* p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs); -void p11_kit_free_names (char **module_names); +CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name); -char* p11_kit_registered_option (const char *module_name, +char* p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, const char *field); -CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module, +CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs, CK_C_INITIALIZE_ARGS_PTR init_args); -CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module, +CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs, CK_VOID_PTR reserved); #endif /* __P11_KIT_H__ */ |