Print this page
6862532 "cryptoadm: failed to parse configuration" error
6353443 domestic (crypt) source build leaves stuff it shouldn't
6818180 mac(1) printed "invalid key" error message when user input an invalid passphrase

Split
Expand all
Collapse all
          --- old/usr/src/cmd/cmd-crypto/digest/digest.c
          +++ new/usr/src/cmd/cmd-crypto/digest/digest.c
↓ open down ↓ 11 lines elided ↑ open up ↑
  12   12   *
  13   13   * When distributing Covered Code, include this CDDL HEADER in each
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22      - * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
       22 + * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23   23   * Use is subject to license terms.
  24   24   */
  25   25  
  26   26  /*
  27   27   * digest.c
  28   28   *
  29   29   * Implements digest(1) and mac(1) commands
  30   30   * If command name is mac, performs mac operation
  31   31   * else perform digest operation
  32   32   *
↓ open down ↓ 30 lines elided ↑ open up ↑
  63   63   * Exit Status codes
  64   64   */
  65   65  #ifndef EXIT_SUCCESS
  66   66  #define EXIT_SUCCESS    0       /* No errors */
  67   67  #define EXIT_FAILURE    1       /* All errors except usage */
  68   68  #endif /* EXIT_SUCCESS */
  69   69  
  70   70  #define EXIT_USAGE      2       /* usage/syntax error */
  71   71  
  72   72  #define MAC_NAME        "mac"           /* name of mac command */
  73      -#define MAC_OPTIONS     "lva:k:T:K:"            /* for getopt */
  74      -#define DIGEST_NAME     "digest"        /* name of mac command */
       73 +#define MAC_OPTIONS     "lva:k:T:K:"    /* for getopt */
       74 +#define DIGEST_NAME     "digest"        /* name of digest command */
  75   75  #define DIGEST_OPTIONS  "lva:"          /* for getopt */
  76   76  
       77 +/* Saved command line options */
  77   78  static boolean_t vflag = B_FALSE;       /* -v (verbose) flag, optional */
  78   79  static boolean_t aflag = B_FALSE;       /* -a <algorithm> flag, required */
  79   80  static boolean_t lflag = B_FALSE;       /* -l flag, for mac and digest */
  80      -static boolean_t kflag = B_FALSE;
  81      -static boolean_t Tflag = B_FALSE;
  82      -static boolean_t Kflag = B_FALSE;
       81 +static boolean_t kflag = B_FALSE;       /* -k keyfile */
       82 +static boolean_t Tflag = B_FALSE;       /* -T token_spec */
       83 +static boolean_t Kflag = B_FALSE;       /* -K key_label */
  83   84  
  84      -static char *keyfile = NULL;    /* name of keyfile */
  85      -static char *token_label = NULL;
  86      -static char *key_label = NULL;
       85 +static char *keyfile = NULL;     /* name of file containing key value */
       86 +static char *token_label = NULL; /* tokensSpec: tokenName[:manufId[:serial]] */
       87 +static char *key_label = NULL;   /* PKCS#11 symmetric token key label */
  87   88  
  88   89  static CK_BYTE buf[BUFFERSIZE];
  89   90  
  90   91  struct mech_alias {
  91   92          CK_MECHANISM_TYPE type;
  92   93          char *alias;
  93   94          CK_ULONG keysize_min;
  94   95          CK_ULONG keysize_max;
  95   96          int keysize_unit;
  96   97          boolean_t available;
↓ open down ↓ 22 lines elided ↑ open up ↑
 119  120          char **filelist, boolean_t mac_cmd);
 120  121  static CK_RV do_mac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pmech,
 121  122          int fd, CK_OBJECT_HANDLE key, CK_BYTE_PTR *psignature,
 122  123          CK_ULONG_PTR psignaturelen);
 123  124  static CK_RV do_digest(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pmech,
 124  125          int fd, CK_BYTE_PTR *pdigest, CK_ULONG_PTR pdigestlen);
 125  126  
 126  127  int
 127  128  main(int argc, char **argv)
 128  129  {
 129      -
 130  130          extern char *optarg;
 131  131          extern int optind;
 132  132          int errflag = 0;        /* We had an optstr parse error */
 133  133          char c;                 /* current getopts flag */
 134  134          char *algo_str;         /* mechanism/algorithm string */
 135  135          int filecount;
 136  136          boolean_t mac_cmd;      /* if TRUE, do mac, else do digest */
 137  137          char *optstr;
 138  138          char **filelist;        /* list of files */
 139  139          char *cmdname = NULL;   /* name of command */
↓ open down ↓ 283 lines elided ↑ open up ↑
 423  423                                      (void **)&pkeydata, &keylen);
 424  424                          } else {
 425  425                                  /* get the key from input */
 426  426                                  status = pkcs11_get_pass(NULL,
 427  427                                      (char **)&pkeydata, &keylen,
 428  428                                      0, B_FALSE);
 429  429                          }
 430  430  
 431  431                          if (status != 0 || keylen == 0 || pkeydata == NULL) {
 432  432                                  cryptoerror(LOG_STDERR,
 433      -                                    Kflag ? gettext("invalid passphrase.") :
      433 +                                    (Kflag || (keyfile == NULL)) ?
      434 +                                    gettext("invalid passphrase.") :
 434  435                                      gettext("invalid key."));
 435  436                                  return (EXIT_FAILURE);
 436  437                          }
 437  438                  }
 438  439          }
 439  440  
 440  441          /* Initialize, and get list of slots */
 441  442          rv = C_Initialize(NULL);
 442  443          if (rv != CKR_OK && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
 443  444                  cryptoerror(LOG_STDERR,
 444  445                      gettext("failed to initialize PKCS #11 framework: %s"),
 445  446                      pkcs11_strerror(rv));
 446  447                  return (EXIT_FAILURE);
 447  448          }
 448  449  
 449  450          /* Get slot count */
 450  451          rv = C_GetSlotList(0, NULL_PTR, &slotcount);
 451  452          if (rv != CKR_OK || slotcount == 0) {
 452  453                  cryptoerror(LOG_STDERR, gettext(
 453      -                    "failed to find any cryptographic provider,"
      454 +                    "failed to find any cryptographic provider; "
 454  455                      "please check with your system administrator: %s"),
 455  456                      pkcs11_strerror(rv));
 456  457                  exitcode = EXIT_FAILURE;
 457  458                  goto cleanup;
 458  459          }
 459  460  
 460  461          /* Found at least one slot, allocate memory for slot list */
 461  462          pSlotList = malloc(slotcount * sizeof (CK_SLOT_ID));
 462  463          if (pSlotList == NULL_PTR) {
 463  464                  int err = errno;
 464  465                  cryptoerror(LOG_STDERR, gettext("malloc: %s\n"),
 465  466                      strerror(err));
 466  467                  exitcode = EXIT_FAILURE;
 467  468                  goto cleanup;
 468  469          }
 469  470  
 470  471          /* Get the list of slots */
 471  472          if ((rv = C_GetSlotList(0, pSlotList, &slotcount)) != CKR_OK) {
 472  473                  cryptoerror(LOG_STDERR, gettext(
 473      -                    "failed to find any cryptographic provider,"
      474 +                    "failed to find any cryptographic provider; "
 474  475                      "please check with your system administrator: %s"),
 475  476                      pkcs11_strerror(rv));
 476  477                  exitcode = EXIT_FAILURE;
 477  478                  goto cleanup;
 478  479          }
 479  480  
 480  481          /*
 481  482           * Obtain list of algorithms if -l option was given
 482  483           */
 483  484          if (lflag) {
↓ open down ↓ 460 lines elided ↑ open up ↑