+++ /dev/null
-diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml
-new file mode 100644
-index 0000000..b0f5113
---- /dev/null
-+++ b/.github/workflows/build-linux.yml
-@@ -0,0 +1,24 @@
-+---
-+name: build-linux
-+
-+on:
-+ pull_request:
-+ push:
-+
-+jobs:
-+ build-linux:
-+ name: build-linux
-+ runs-on: ubuntu-latest
-+
-+ steps:
-+ - uses: actions/checkout@v2
-+ - name: dependencies
-+ run: |
-+ sudo apt install autotools-dev autoconf automake libtool libssl-dev libnss3-dev libgnutls30
-+ - name: gen
-+ run: |
-+ autoreconf -ivf
-+ - name: build
-+ run: |
-+ ./configure --enable-strict --enable-pedantic
-+ make distcheck
-diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
-new file mode 100644
-index 0000000..2027966
---- /dev/null
-+++ b/.github/workflows/codespell.yml
-@@ -0,0 +1,17 @@
-+---
-+name: Codespell
-+
-+on:
-+ pull_request:
-+ push:
-+
-+jobs:
-+ codespell:
-+ name: Check for spelling errors
-+ runs-on: ubuntu-latest
-+
-+ steps:
-+ - uses: actions/checkout@v2
-+ - uses: codespell-project/actions-codespell@master
-+ with:
-+ ignore_words_file: codespell_ignore_words.txt
-diff --git a/ChangeLog b/ChangeLog
-index 02b7d18..d7f793b 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,18 +1,34 @@
- pkcs11-helper
- Copyright (c) 2005-2020 Alon Bar-Lev <alon.barlev@gmail.com>
-
-+????-??-?? - Version 1.28
-+
-+ * build: openssl: remove RSA_SSLV23_PADDING constant usage due to openssl-3
-+ compatibility, thanks to t0b3.
-+ * build: nss: use nss pkcs11.h, thanks to Fabrice Fontaine.
-+ * build: windows: checksum in PE, thanks to Simon Rozman.
-+ * build: windows: support openssl-1.1.1, thanks to Lev Stipakov.
-+ * mbed: require >=mbedtls-2, mbed dropped polarssl compatibility,
-+ thanks to Uipko Berghuis
-+ * certificate: add methods accept full mechanism, thanks to Selva Nair.
-+ * core: load provider library as private.
-+ * core: add pkcs11h_initializeProvider, pkcs11h_registerProvider,
-+ pkcs11h_setProviderProperty, pkcs11h_setProviderPropertyByName to
-+ support adding properties without breaking API thanks to Михалицын Петр.
-+ * core: add initialization arguments property, thanks for Михалицын Петр.
-+
- 2020-11-17 - Version 1.27
-
--* core: handle PIN expiration after C_Login as C_Login may take a while
--* core: return explict success when plugin&play and no threading and no
-- safefork, thanks to Tunnelblick
-+ * core: handle PIN expiration after C_Login as C_Login may take a while
-+ * core: return explicit success when plugin&play and no threading and no
-+ safefork, thanks to Tunnelblick
-
- 2020-01-21 - Version 1.26
-
--* openssl: build with openssl ec disabled
--* openssl: support RSA_NO_PADDING padding, thanks to Selva Nair
--* core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner
--* core: improve the fork fixup sequence
-+ * openssl: build with openssl ec disabled
-+ * openssl: support RSA_NO_PADDING padding, thanks to Selva Nair
-+ * core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner
-+ * core: improve the fork fixup sequence
-
- 2018-08-16 - Version 1.25.1
-
-diff --git a/codespell_ignore_words.txt b/codespell_ignore_words.txt
-new file mode 100644
-index 0000000..10a3563
---- /dev/null
-+++ b/codespell_ignore_words.txt
-@@ -0,0 +1,7 @@
-+nmake
-+parms
-+ro
-+fo
-+gost
-+standarts
-+nd
-diff --git a/config-w32-vc.h.in b/config-w32-vc.h.in
-index 6346f02..6d94841 100644
---- a/config-w32-vc.h.in
-+++ b/config-w32-vc.h.in
-@@ -10,7 +10,7 @@
- /* Enable debug support */
- #define ENABLE_PKCS11H_DEBUG 1
-
--/* Use GNUTLS cryto engine */
-+/* Use GNUTLS crypto engine */
- /* #undef ENABLE_PKCS11H_ENGINE_GNUTLS */
-
- /* Use OpenSSL crypto engine */
-@@ -185,3 +185,36 @@
- #if _MSC_VER >= 1400
- #define HAVE_CPP_VARARG_MACRO_ISO 1
- #endif
-+
-+/* Define to 1 if you have the `RSA_meth_dup' function. */
-+#define HAVE_RSA_METH_DUP 1
-+
-+/* Define to 1 if you have the `RSA_meth_free' function. */
-+#define HAVE_RSA_METH_FREE 1
-+
-+/* Define to 1 if you have the `RSA_meth_set1_name' function. */
-+#define HAVE_RSA_METH_SET1_NAME 1
-+
-+/* Define to 1 if you have the `RSA_meth_set_flags' function. */
-+#define HAVE_RSA_METH_SET_FLAGS 1
-+
-+/* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */
-+#define HAVE_RSA_METH_SET_PRIV_DEC 1
-+
-+/* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */
-+#define HAVE_RSA_METH_SET_PRIV_ENC 1
-+
-+/* Define to 1 if you have the `DSA_meth_dup' function. */
-+#define HAVE_DSA_METH_DUP 1
-+
-+/* Define to 1 if you have the `DSA_meth_free' function. */
-+#define HAVE_DSA_METH_FREE 1
-+
-+/* Define to 1 if you have the `DSA_meth_set1_name' function. */
-+#define HAVE_DSA_METH_SET1_NAME 1
-+
-+/* Define to 1 if you have the `DSA_meth_set_sign' function. */
-+#define HAVE_DSA_METH_SET_SIGN 1
-+
-+/* Define to 1 if you have the `DSA_SIG_set0' function. */
-+#define HAVE_DSA_SIG_SET0 1
-diff --git a/configure.ac b/configure.ac
-index 7b4ed71..74954ac 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -51,9 +51,9 @@
- AC_PREREQ(2.60)
-
- define([PACKAGE_VERSION_MAJOR], [1])
--define([PACKAGE_VERSION_MINOR], [27])
-+define([PACKAGE_VERSION_MINOR], [28])
- define([PACKAGE_VERSION_FIX], [0])
--define([PACKAGE_SUFFIX], [])
-+define([PACKAGE_SUFFIX], [_master])
-
- AC_INIT([pkcs11-helper],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX])
- AC_CONFIG_AUX_DIR([.])
-@@ -110,7 +110,7 @@ esac
-
- AC_ARG_ENABLE(
- [doc],
-- [AS_HELP_STRING([--enable-doc],[enable documantation])],
-+ [AS_HELP_STRING([--enable-doc],[enable documentation])],
- ,
- [enable_doc="no"]
- )
-diff --git a/include/pkcs11-helper-1.0/pkcs11.h b/include/pkcs11-helper-1.0/pkcs11.h
-index 2e6a1e3..85aa98e 100644
---- a/include/pkcs11-helper-1.0/pkcs11.h
-+++ b/include/pkcs11-helper-1.0/pkcs11.h
-@@ -63,9 +63,9 @@ extern "C" {
- version of this file, please consider deleting the revision macro
- (you may use a macro with a different name to keep track of your
- versions). */
--#define CRYPTOKI_VERSION_MAJOR 2
--#define CRYPTOKI_VERSION_MINOR 20
--#define CRYPTOKI_VERSION_REVISION 6
-+#define CRYPTOKI_VERSION_MAJOR 3
-+#define CRYPTOKI_VERSION_MINOR 0
-+#define CRYPTOKI_VERSION_REVISION 0
-
-
- /* Compatibility interface is default, unless CRYPTOKI_GNU is
-@@ -95,7 +95,6 @@ extern "C" {
-
- #endif
-
--\f
- #ifdef CRYPTOKI_COMPAT
- /* If we are in compatibility mode, switch all exposed names to the
- PKCS #11 variant. There are corresponding #undefs below. */
-@@ -154,6 +153,8 @@ extern "C" {
-
- #define ck_mechanism_type_t CK_MECHANISM_TYPE
-
-+#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE
-+
- #define ck_mechanism _CK_MECHANISM
- #define parameter pParameter
- #define parameter_len ulParameterLen
-@@ -165,7 +166,10 @@ extern "C" {
- #define ck_rv_t CK_RV
- #define ck_notify_t CK_NOTIFY
-
-+#define ck_interface CK_INTERFACE
-+
- #define ck_function_list _CK_FUNCTION_LIST
-+#define ck_function_list_3_0 _CK_FUNCTION_LIST_3_0
-
- #define ck_createmutex_t CK_CREATEMUTEX
- #define ck_destroymutex_t CK_DESTROYMUTEX
-@@ -181,7 +185,6 @@ extern "C" {
-
- #endif /* CRYPTOKI_COMPAT */
-
--\f
-
- typedef unsigned long ck_flags_t;
-
-@@ -204,7 +207,7 @@ struct ck_info
-
- typedef unsigned long ck_notification_t;
-
--#define CKN_SURRENDER (0)
-+#define CKN_SURRENDER (0UL)
-
-
- typedef unsigned long ck_slot_id_t;
-@@ -220,10 +223,10 @@ struct ck_slot_info
- };
-
-
--#define CKF_TOKEN_PRESENT (1 << 0)
--#define CKF_REMOVABLE_DEVICE (1 << 1)
--#define CKF_HW_SLOT (1 << 2)
--#define CKF_ARRAY_ATTRIBUTE (1 << 30)
-+#define CKF_TOKEN_PRESENT (1UL << 0)
-+#define CKF_REMOVABLE_DEVICE (1UL << 1)
-+#define CKF_HW_SLOT (1UL << 2)
-+#define CKF_ARRAY_ATTRIBUTE (1UL << 30)
-
-
- struct ck_token_info
-@@ -249,48 +252,48 @@ struct ck_token_info
- };
-
-
--#define CKF_RNG (1 << 0)
--#define CKF_WRITE_PROTECTED (1 << 1)
--#define CKF_LOGIN_REQUIRED (1 << 2)
--#define CKF_USER_PIN_INITIALIZED (1 << 3)
--#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5)
--#define CKF_CLOCK_ON_TOKEN (1 << 6)
--#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8)
--#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9)
--#define CKF_TOKEN_INITIALIZED (1 << 10)
--#define CKF_SECONDARY_AUTHENTICATION (1 << 11)
--#define CKF_USER_PIN_COUNT_LOW (1 << 16)
--#define CKF_USER_PIN_FINAL_TRY (1 << 17)
--#define CKF_USER_PIN_LOCKED (1 << 18)
--#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19)
--#define CKF_SO_PIN_COUNT_LOW (1 << 20)
--#define CKF_SO_PIN_FINAL_TRY (1 << 21)
--#define CKF_SO_PIN_LOCKED (1 << 22)
--#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23)
-+#define CKF_RNG (1UL << 0)
-+#define CKF_WRITE_PROTECTED (1UL << 1)
-+#define CKF_LOGIN_REQUIRED (1UL << 2)
-+#define CKF_USER_PIN_INITIALIZED (1UL << 3)
-+#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5)
-+#define CKF_CLOCK_ON_TOKEN (1UL << 6)
-+#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8)
-+#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9)
-+#define CKF_TOKEN_INITIALIZED (1UL << 10)
-+#define CKF_SECONDARY_AUTHENTICATION (1UL << 11)
-+#define CKF_USER_PIN_COUNT_LOW (1UL << 16)
-+#define CKF_USER_PIN_FINAL_TRY (1UL << 17)
-+#define CKF_USER_PIN_LOCKED (1UL << 18)
-+#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19)
-+#define CKF_SO_PIN_COUNT_LOW (1UL << 20)
-+#define CKF_SO_PIN_FINAL_TRY (1UL << 21)
-+#define CKF_SO_PIN_LOCKED (1UL << 22)
-+#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23)
-
- #define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
--#define CK_EFFECTIVELY_INFINITE (0)
-+#define CK_EFFECTIVELY_INFINITE (0UL)
-
-
- typedef unsigned long ck_session_handle_t;
-
--#define CK_INVALID_HANDLE (0)
-+#define CK_INVALID_HANDLE (0UL)
-
-
- typedef unsigned long ck_user_type_t;
-
--#define CKU_SO (0)
--#define CKU_USER (1)
--#define CKU_CONTEXT_SPECIFIC (2)
-+#define CKU_SO (0UL)
-+#define CKU_USER (1UL)
-+#define CKU_CONTEXT_SPECIFIC (2UL)
-
-
- typedef unsigned long ck_state_t;
-
--#define CKS_RO_PUBLIC_SESSION (0)
--#define CKS_RO_USER_FUNCTIONS (1)
--#define CKS_RW_PUBLIC_SESSION (2)
--#define CKS_RW_USER_FUNCTIONS (3)
--#define CKS_RW_SO_FUNCTIONS (4)
-+#define CKS_RO_PUBLIC_SESSION (0UL)
-+#define CKS_RO_USER_FUNCTIONS (1UL)
-+#define CKS_RW_PUBLIC_SESSION (2UL)
-+#define CKS_RW_USER_FUNCTIONS (3UL)
-+#define CKS_RW_SO_FUNCTIONS (4UL)
-
-
- struct ck_session_info
-@@ -301,8 +304,8 @@ struct ck_session_info
- unsigned long device_error;
- };
-
--#define CKF_RW_SESSION (1 << 1)
--#define CKF_SERIAL_SESSION (1 << 2)
-+#define CKF_RW_SESSION (1UL << 1)
-+#define CKF_SERIAL_SESSION (1UL << 2)
-
-
- typedef unsigned long ck_object_handle_t;
-@@ -310,150 +313,189 @@ typedef unsigned long ck_object_handle_t;
-
- typedef unsigned long ck_object_class_t;
-
--#define CKO_DATA (0)
--#define CKO_CERTIFICATE (1)
--#define CKO_PUBLIC_KEY (2)
--#define CKO_PRIVATE_KEY (3)
--#define CKO_SECRET_KEY (4)
--#define CKO_HW_FEATURE (5)
--#define CKO_DOMAIN_PARAMETERS (6)
--#define CKO_MECHANISM (7)
--#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
--
-+#define CKO_DATA (0UL)
-+#define CKO_CERTIFICATE (1UL)
-+#define CKO_PUBLIC_KEY (2UL)
-+#define CKO_PRIVATE_KEY (3UL)
-+#define CKO_SECRET_KEY (4UL)
-+#define CKO_HW_FEATURE (5UL)
-+#define CKO_DOMAIN_PARAMETERS (6UL)
-+#define CKO_MECHANISM (7UL)
-+#define CKO_OTP_KEY (8UL)
-+#define CKO_PROFILE (9UL)
-+#define CKO_VENDOR_DEFINED (1UL << 31)
-+
-+#define CKP_INVALID_ID (0UL)
-+#define CKP_BASELINE_PROVIDER (1UL)
-+#define CKP_EXTENDED_PROVIDER (2UL)
-+#define CKP_AUTHENTICATION_TOKEN (3UL)
-+#define CKP_PUBLIC_CERTIFICATES_TOKEN (4UL)
-+#define CKP_VENDOR_DEFINED (1UL << 31)
-
- typedef unsigned long ck_hw_feature_type_t;
-
--#define CKH_MONOTONIC_COUNTER (1)
--#define CKH_CLOCK (2)
--#define CKH_USER_INTERFACE (3)
--#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
-+#define CKH_MONOTONIC_COUNTER (1UL)
-+#define CKH_CLOCK (2UL)
-+#define CKH_USER_INTERFACE (3UL)
-+#define CKH_VENDOR_DEFINED (1UL << 31)
-
-
- typedef unsigned long ck_key_type_t;
-
--#define CKK_RSA (0)
--#define CKK_DSA (1)
--#define CKK_DH (2)
--#define CKK_ECDSA (3)
--#define CKK_EC (3)
--#define CKK_X9_42_DH (4)
--#define CKK_KEA (5)
--#define CKK_GENERIC_SECRET (0x10)
--#define CKK_RC2 (0x11)
--#define CKK_RC4 (0x12)
--#define CKK_DES (0x13)
--#define CKK_DES2 (0x14)
--#define CKK_DES3 (0x15)
--#define CKK_CAST (0x16)
--#define CKK_CAST3 (0x17)
--#define CKK_CAST128 (0x18)
--#define CKK_RC5 (0x19)
--#define CKK_IDEA (0x1a)
--#define CKK_SKIPJACK (0x1b)
--#define CKK_BATON (0x1c)
--#define CKK_JUNIPER (0x1d)
--#define CKK_CDMF (0x1e)
--#define CKK_AES (0x1f)
--#define CKK_BLOWFISH (0x20)
--#define CKK_TWOFISH (0x21)
--#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
--
-+#define CKK_RSA (0UL)
-+#define CKK_DSA (1UL)
-+#define CKK_DH (2UL)
-+#define CKK_ECDSA (3UL)
-+#define CKK_EC (3UL)
-+#define CKK_X9_42_DH (4UL)
-+#define CKK_KEA (5UL)
-+#define CKK_GENERIC_SECRET (0x10UL)
-+#define CKK_RC2 (0x11UL)
-+#define CKK_RC4 (0x12UL)
-+#define CKK_DES (0x13UL)
-+#define CKK_DES2 (0x14UL)
-+#define CKK_DES3 (0x15UL)
-+#define CKK_CAST (0x16UL)
-+#define CKK_CAST3 (0x17UL)
-+#define CKK_CAST128 (0x18UL)
-+#define CKK_RC5 (0x19UL)
-+#define CKK_IDEA (0x1aUL)
-+#define CKK_SKIPJACK (0x1bUL)
-+#define CKK_BATON (0x1cUL)
-+#define CKK_JUNIPER (0x1dUL)
-+#define CKK_CDMF (0x1eUL)
-+#define CKK_AES (0x1fUL)
-+#define CKK_BLOWFISH (0x20UL)
-+#define CKK_TWOFISH (0x21UL)
-+#define CKK_GOSTR3410 (0x30UL)
-+#define CKK_GOSTR3411 (0x31UL)
-+#define CKK_GOST28147 (0x32UL)
-+#define CKK_EC_EDWARDS (0x40UL)
-+#define CKK_EC_MONTGOMERY (0x41UL)
-+#define CKK_VENDOR_DEFINED (1UL << 31)
-+
-+/*
-+ * A mask for new GOST algorithms.
-+ * For details visit https://tc26.ru/standarts/perevody/guidelines-the-pkcs-11-extensions-for-implementing-the-gost-r-34-10-2012-and-gost-r-34-11-2012-russian-standards-.html
-+ */
-+#define NSSCK_VENDOR_PKCS11_RU_TEAM (CKK_VENDOR_DEFINED | 0x54321000)
-+#define CK_VENDOR_PKCS11_RU_TEAM_TK26 NSSCK_VENDOR_PKCS11_RU_TEAM
-+
-+#define CKK_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x003)
-
- typedef unsigned long ck_certificate_type_t;
-
--#define CKC_X_509 (0)
--#define CKC_X_509_ATTR_CERT (1)
--#define CKC_WTLS (2)
--#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
-+#define CKC_X_509 (0UL)
-+#define CKC_X_509_ATTR_CERT (1UL)
-+#define CKC_WTLS (2UL)
-+#define CKC_VENDOR_DEFINED (1UL << 31)
-
-
- typedef unsigned long ck_attribute_type_t;
-
--#define CKA_CLASS (0)
--#define CKA_TOKEN (1)
--#define CKA_PRIVATE (2)
--#define CKA_LABEL (3)
--#define CKA_APPLICATION (0x10)
--#define CKA_VALUE (0x11)
--#define CKA_OBJECT_ID (0x12)
--#define CKA_CERTIFICATE_TYPE (0x80)
--#define CKA_ISSUER (0x81)
--#define CKA_SERIAL_NUMBER (0x82)
--#define CKA_AC_ISSUER (0x83)
--#define CKA_OWNER (0x84)
--#define CKA_ATTR_TYPES (0x85)
--#define CKA_TRUSTED (0x86)
--#define CKA_CERTIFICATE_CATEGORY (0x87)
--#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88)
--#define CKA_URL (0x89)
--#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a)
--#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b)
--#define CKA_CHECK_VALUE (0x90)
--#define CKA_KEY_TYPE (0x100)
--#define CKA_SUBJECT (0x101)
--#define CKA_ID (0x102)
--#define CKA_SENSITIVE (0x103)
--#define CKA_ENCRYPT (0x104)
--#define CKA_DECRYPT (0x105)
--#define CKA_WRAP (0x106)
--#define CKA_UNWRAP (0x107)
--#define CKA_SIGN (0x108)
--#define CKA_SIGN_RECOVER (0x109)
--#define CKA_VERIFY (0x10a)
--#define CKA_VERIFY_RECOVER (0x10b)
--#define CKA_DERIVE (0x10c)
--#define CKA_START_DATE (0x110)
--#define CKA_END_DATE (0x111)
--#define CKA_MODULUS (0x120)
--#define CKA_MODULUS_BITS (0x121)
--#define CKA_PUBLIC_EXPONENT (0x122)
--#define CKA_PRIVATE_EXPONENT (0x123)
--#define CKA_PRIME_1 (0x124)
--#define CKA_PRIME_2 (0x125)
--#define CKA_EXPONENT_1 (0x126)
--#define CKA_EXPONENT_2 (0x127)
--#define CKA_COEFFICIENT (0x128)
--#define CKA_PRIME (0x130)
--#define CKA_SUBPRIME (0x131)
--#define CKA_BASE (0x132)
--#define CKA_PRIME_BITS (0x133)
--#define CKA_SUB_PRIME_BITS (0x134)
--#define CKA_VALUE_BITS (0x160)
--#define CKA_VALUE_LEN (0x161)
--#define CKA_EXTRACTABLE (0x162)
--#define CKA_LOCAL (0x163)
--#define CKA_NEVER_EXTRACTABLE (0x164)
--#define CKA_ALWAYS_SENSITIVE (0x165)
--#define CKA_KEY_GEN_MECHANISM (0x166)
--#define CKA_MODIFIABLE (0x170)
--#define CKA_ECDSA_PARAMS (0x180)
--#define CKA_EC_PARAMS (0x180)
--#define CKA_EC_POINT (0x181)
--#define CKA_SECONDARY_AUTH (0x200)
--#define CKA_AUTH_PIN_FLAGS (0x201)
--#define CKA_ALWAYS_AUTHENTICATE (0x202)
--#define CKA_WRAP_WITH_TRUSTED (0x210)
--#define CKA_HW_FEATURE_TYPE (0x300)
--#define CKA_RESET_ON_INIT (0x301)
--#define CKA_HAS_RESET (0x302)
--#define CKA_PIXEL_X (0x400)
--#define CKA_PIXEL_Y (0x401)
--#define CKA_RESOLUTION (0x402)
--#define CKA_CHAR_ROWS (0x403)
--#define CKA_CHAR_COLUMNS (0x404)
--#define CKA_COLOR (0x405)
--#define CKA_BITS_PER_PIXEL (0x406)
--#define CKA_CHAR_SETS (0x480)
--#define CKA_ENCODING_METHODS (0x481)
--#define CKA_MIME_TYPES (0x482)
--#define CKA_MECHANISM_TYPE (0x500)
--#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501)
--#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502)
--#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503)
--#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
--#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
--#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
--#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
-+#define CKA_CLASS (0UL)
-+#define CKA_TOKEN (1UL)
-+#define CKA_PRIVATE (2UL)
-+#define CKA_LABEL (3UL)
-+#define CKA_APPLICATION (0x10UL)
-+#define CKA_VALUE (0x11UL)
-+#define CKA_OBJECT_ID (0x12UL)
-+#define CKA_CERTIFICATE_TYPE (0x80UL)
-+#define CKA_ISSUER (0x81UL)
-+#define CKA_SERIAL_NUMBER (0x82UL)
-+#define CKA_AC_ISSUER (0x83UL)
-+#define CKA_OWNER (0x84UL)
-+#define CKA_ATTR_TYPES (0x85UL)
-+#define CKA_TRUSTED (0x86UL)
-+#define CKA_CERTIFICATE_CATEGORY (0x87UL)
-+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL)
-+#define CKA_URL (0x89UL)
-+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL)
-+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL)
-+#define CKA_CHECK_VALUE (0x90UL)
-+#define CKA_KEY_TYPE (0x100UL)
-+#define CKA_SUBJECT (0x101UL)
-+#define CKA_ID (0x102UL)
-+#define CKA_SENSITIVE (0x103UL)
-+#define CKA_ENCRYPT (0x104UL)
-+#define CKA_DECRYPT (0x105UL)
-+#define CKA_WRAP (0x106UL)
-+#define CKA_UNWRAP (0x107UL)
-+#define CKA_SIGN (0x108UL)
-+#define CKA_SIGN_RECOVER (0x109UL)
-+#define CKA_VERIFY (0x10aUL)
-+#define CKA_VERIFY_RECOVER (0x10bUL)
-+#define CKA_DERIVE (0x10cUL)
-+#define CKA_START_DATE (0x110UL)
-+#define CKA_END_DATE (0x111UL)
-+#define CKA_MODULUS (0x120UL)
-+#define CKA_MODULUS_BITS (0x121UL)
-+#define CKA_PUBLIC_EXPONENT (0x122UL)
-+#define CKA_PRIVATE_EXPONENT (0x123UL)
-+#define CKA_PRIME_1 (0x124UL)
-+#define CKA_PRIME_2 (0x125UL)
-+#define CKA_EXPONENT_1 (0x126UL)
-+#define CKA_EXPONENT_2 (0x127UL)
-+#define CKA_COEFFICIENT (0x128UL)
-+#define CKA_PRIME (0x130UL)
-+#define CKA_SUBPRIME (0x131UL)
-+#define CKA_BASE (0x132UL)
-+#define CKA_PRIME_BITS (0x133UL)
-+#define CKA_SUB_PRIME_BITS (0x134UL)
-+#define CKA_VALUE_BITS (0x160UL)
-+#define CKA_VALUE_LEN (0x161UL)
-+#define CKA_EXTRACTABLE (0x162UL)
-+#define CKA_LOCAL (0x163UL)
-+#define CKA_NEVER_EXTRACTABLE (0x164UL)
-+#define CKA_ALWAYS_SENSITIVE (0x165UL)
-+#define CKA_KEY_GEN_MECHANISM (0x166UL)
-+#define CKA_MODIFIABLE (0x170UL)
-+#define CKA_ECDSA_PARAMS (0x180UL)
-+#define CKA_EC_PARAMS (0x180UL)
-+#define CKA_EC_POINT (0x181UL)
-+#define CKA_SECONDARY_AUTH (0x200UL)
-+#define CKA_AUTH_PIN_FLAGS (0x201UL)
-+#define CKA_ALWAYS_AUTHENTICATE (0x202UL)
-+#define CKA_WRAP_WITH_TRUSTED (0x210UL)
-+#define CKA_GOSTR3410_PARAMS (0x250UL)
-+#define CKA_GOSTR3411_PARAMS (0x251UL)
-+#define CKA_GOST28147_PARAMS (0x252UL)
-+#define CKA_HW_FEATURE_TYPE (0x300UL)
-+#define CKA_RESET_ON_INIT (0x301UL)
-+#define CKA_HAS_RESET (0x302UL)
-+#define CKA_PIXEL_X (0x400UL)
-+#define CKA_PIXEL_Y (0x401UL)
-+#define CKA_RESOLUTION (0x402UL)
-+#define CKA_CHAR_ROWS (0x403UL)
-+#define CKA_CHAR_COLUMNS (0x404UL)
-+#define CKA_COLOR (0x405UL)
-+#define CKA_BITS_PER_PIXEL (0x406UL)
-+#define CKA_CHAR_SETS (0x480UL)
-+#define CKA_ENCODING_METHODS (0x481UL)
-+#define CKA_MIME_TYPES (0x482UL)
-+#define CKA_MECHANISM_TYPE (0x500UL)
-+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL)
-+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL)
-+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL)
-+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL)
-+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL)
-+#define CKA_OTP_FORMAT (0x220UL)
-+#define CKA_OTP_LENGTH (0x221UL)
-+#define CKA_OTP_TIME_INTERVAL (0x222UL)
-+#define CKA_OTP_USER_FRIENDLY_MODE (0x223UL)
-+#define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL)
-+#define CKA_OTP_TIME_REQUIREMENT (0x225UL)
-+#define CKA_OTP_COUNTER_REQUIREMENT (0x226UL)
-+#define CKA_OTP_PIN_REQUIREMENT (0x227UL)
-+#define CKA_OTP_USER_IDENTIFIER (0x22AUL)
-+#define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL)
-+#define CKA_OTP_SERVICE_LOGO (0x22CUL)
-+#define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL)
-+#define CKA_OTP_COUNTER (0x22EUL)
-+#define CKA_OTP_TIME (0x22FUL)
-+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL)
-+#define CKA_PROFILE_ID (0x601UL)
-+#define CKA_VENDOR_DEFINED (1UL << 31)
-
-
- struct ck_attribute
-@@ -474,205 +516,273 @@ struct ck_date
-
- typedef unsigned long ck_mechanism_type_t;
-
--#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
--#define CKM_RSA_PKCS (1)
--#define CKM_RSA_9796 (2)
--#define CKM_RSA_X_509 (3)
--#define CKM_MD2_RSA_PKCS (4)
--#define CKM_MD5_RSA_PKCS (5)
--#define CKM_SHA1_RSA_PKCS (6)
--#define CKM_RIPEMD128_RSA_PKCS (7)
--#define CKM_RIPEMD160_RSA_PKCS (8)
--#define CKM_RSA_PKCS_OAEP (9)
--#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa)
--#define CKM_RSA_X9_31 (0xb)
--#define CKM_SHA1_RSA_X9_31 (0xc)
--#define CKM_RSA_PKCS_PSS (0xd)
--#define CKM_SHA1_RSA_PKCS_PSS (0xe)
--#define CKM_DSA_KEY_PAIR_GEN (0x10)
--#define CKM_DSA (0x11)
--#define CKM_DSA_SHA1 (0x12)
--#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20)
--#define CKM_DH_PKCS_DERIVE (0x21)
--#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30)
--#define CKM_X9_42_DH_DERIVE (0x31)
--#define CKM_X9_42_DH_HYBRID_DERIVE (0x32)
--#define CKM_X9_42_MQV_DERIVE (0x33)
--#define CKM_SHA256_RSA_PKCS (0x40)
--#define CKM_SHA384_RSA_PKCS (0x41)
--#define CKM_SHA512_RSA_PKCS (0x42)
--#define CKM_SHA256_RSA_PKCS_PSS (0x43)
--#define CKM_SHA384_RSA_PKCS_PSS (0x44)
--#define CKM_SHA512_RSA_PKCS_PSS (0x45)
--#define CKM_RC2_KEY_GEN (0x100)
--#define CKM_RC2_ECB (0x101)
--#define CKM_RC2_CBC (0x102)
--#define CKM_RC2_MAC (0x103)
--#define CKM_RC2_MAC_GENERAL (0x104)
--#define CKM_RC2_CBC_PAD (0x105)
--#define CKM_RC4_KEY_GEN (0x110)
--#define CKM_RC4 (0x111)
--#define CKM_DES_KEY_GEN (0x120)
--#define CKM_DES_ECB (0x121)
--#define CKM_DES_CBC (0x122)
--#define CKM_DES_MAC (0x123)
--#define CKM_DES_MAC_GENERAL (0x124)
--#define CKM_DES_CBC_PAD (0x125)
--#define CKM_DES2_KEY_GEN (0x130)
--#define CKM_DES3_KEY_GEN (0x131)
--#define CKM_DES3_ECB (0x132)
--#define CKM_DES3_CBC (0x133)
--#define CKM_DES3_MAC (0x134)
--#define CKM_DES3_MAC_GENERAL (0x135)
--#define CKM_DES3_CBC_PAD (0x136)
--#define CKM_CDMF_KEY_GEN (0x140)
--#define CKM_CDMF_ECB (0x141)
--#define CKM_CDMF_CBC (0x142)
--#define CKM_CDMF_MAC (0x143)
--#define CKM_CDMF_MAC_GENERAL (0x144)
--#define CKM_CDMF_CBC_PAD (0x145)
--#define CKM_MD2 (0x200)
--#define CKM_MD2_HMAC (0x201)
--#define CKM_MD2_HMAC_GENERAL (0x202)
--#define CKM_MD5 (0x210)
--#define CKM_MD5_HMAC (0x211)
--#define CKM_MD5_HMAC_GENERAL (0x212)
--#define CKM_SHA_1 (0x220)
--#define CKM_SHA_1_HMAC (0x221)
--#define CKM_SHA_1_HMAC_GENERAL (0x222)
--#define CKM_RIPEMD128 (0x230)
--#define CKM_RIPEMD128_HMAC (0x231)
--#define CKM_RIPEMD128_HMAC_GENERAL (0x232)
--#define CKM_RIPEMD160 (0x240)
--#define CKM_RIPEMD160_HMAC (0x241)
--#define CKM_RIPEMD160_HMAC_GENERAL (0x242)
--#define CKM_SHA256 (0x250)
--#define CKM_SHA256_HMAC (0x251)
--#define CKM_SHA256_HMAC_GENERAL (0x252)
--#define CKM_SHA384 (0x260)
--#define CKM_SHA384_HMAC (0x261)
--#define CKM_SHA384_HMAC_GENERAL (0x262)
--#define CKM_SHA512 (0x270)
--#define CKM_SHA512_HMAC (0x271)
--#define CKM_SHA512_HMAC_GENERAL (0x272)
--#define CKM_CAST_KEY_GEN (0x300)
--#define CKM_CAST_ECB (0x301)
--#define CKM_CAST_CBC (0x302)
--#define CKM_CAST_MAC (0x303)
--#define CKM_CAST_MAC_GENERAL (0x304)
--#define CKM_CAST_CBC_PAD (0x305)
--#define CKM_CAST3_KEY_GEN (0x310)
--#define CKM_CAST3_ECB (0x311)
--#define CKM_CAST3_CBC (0x312)
--#define CKM_CAST3_MAC (0x313)
--#define CKM_CAST3_MAC_GENERAL (0x314)
--#define CKM_CAST3_CBC_PAD (0x315)
--#define CKM_CAST5_KEY_GEN (0x320)
--#define CKM_CAST128_KEY_GEN (0x320)
--#define CKM_CAST5_ECB (0x321)
--#define CKM_CAST128_ECB (0x321)
--#define CKM_CAST5_CBC (0x322)
--#define CKM_CAST128_CBC (0x322)
--#define CKM_CAST5_MAC (0x323)
--#define CKM_CAST128_MAC (0x323)
--#define CKM_CAST5_MAC_GENERAL (0x324)
--#define CKM_CAST128_MAC_GENERAL (0x324)
--#define CKM_CAST5_CBC_PAD (0x325)
--#define CKM_CAST128_CBC_PAD (0x325)
--#define CKM_RC5_KEY_GEN (0x330)
--#define CKM_RC5_ECB (0x331)
--#define CKM_RC5_CBC (0x332)
--#define CKM_RC5_MAC (0x333)
--#define CKM_RC5_MAC_GENERAL (0x334)
--#define CKM_RC5_CBC_PAD (0x335)
--#define CKM_IDEA_KEY_GEN (0x340)
--#define CKM_IDEA_ECB (0x341)
--#define CKM_IDEA_CBC (0x342)
--#define CKM_IDEA_MAC (0x343)
--#define CKM_IDEA_MAC_GENERAL (0x344)
--#define CKM_IDEA_CBC_PAD (0x345)
--#define CKM_GENERIC_SECRET_KEY_GEN (0x350)
--#define CKM_CONCATENATE_BASE_AND_KEY (0x360)
--#define CKM_CONCATENATE_BASE_AND_DATA (0x362)
--#define CKM_CONCATENATE_DATA_AND_BASE (0x363)
--#define CKM_XOR_BASE_AND_DATA (0x364)
--#define CKM_EXTRACT_KEY_FROM_KEY (0x365)
--#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370)
--#define CKM_SSL3_MASTER_KEY_DERIVE (0x371)
--#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372)
--#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373)
--#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374)
--#define CKM_TLS_MASTER_KEY_DERIVE (0x375)
--#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376)
--#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377)
--#define CKM_SSL3_MD5_MAC (0x380)
--#define CKM_SSL3_SHA1_MAC (0x381)
--#define CKM_MD5_KEY_DERIVATION (0x390)
--#define CKM_MD2_KEY_DERIVATION (0x391)
--#define CKM_SHA1_KEY_DERIVATION (0x392)
--#define CKM_PBE_MD2_DES_CBC (0x3a0)
--#define CKM_PBE_MD5_DES_CBC (0x3a1)
--#define CKM_PBE_MD5_CAST_CBC (0x3a2)
--#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
--#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
--#define CKM_PBE_MD5_CAST128_CBC (0x3a4)
--#define CKM_PBE_SHA1_CAST5_CBC (0x3a5)
--#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
--#define CKM_PBE_SHA1_RC4_128 (0x3a6)
--#define CKM_PBE_SHA1_RC4_40 (0x3a7)
--#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
--#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
--#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
--#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
--#define CKM_PKCS5_PBKD2 (0x3b0)
--#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0)
--#define CKM_KEY_WRAP_LYNKS (0x400)
--#define CKM_KEY_WRAP_SET_OAEP (0x401)
--#define CKM_SKIPJACK_KEY_GEN (0x1000)
--#define CKM_SKIPJACK_ECB64 (0x1001)
--#define CKM_SKIPJACK_CBC64 (0x1002)
--#define CKM_SKIPJACK_OFB64 (0x1003)
--#define CKM_SKIPJACK_CFB64 (0x1004)
--#define CKM_SKIPJACK_CFB32 (0x1005)
--#define CKM_SKIPJACK_CFB16 (0x1006)
--#define CKM_SKIPJACK_CFB8 (0x1007)
--#define CKM_SKIPJACK_WRAP (0x1008)
--#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009)
--#define CKM_SKIPJACK_RELAYX (0x100a)
--#define CKM_KEA_KEY_PAIR_GEN (0x1010)
--#define CKM_KEA_KEY_DERIVE (0x1011)
--#define CKM_FORTEZZA_TIMESTAMP (0x1020)
--#define CKM_BATON_KEY_GEN (0x1030)
--#define CKM_BATON_ECB128 (0x1031)
--#define CKM_BATON_ECB96 (0x1032)
--#define CKM_BATON_CBC128 (0x1033)
--#define CKM_BATON_COUNTER (0x1034)
--#define CKM_BATON_SHUFFLE (0x1035)
--#define CKM_BATON_WRAP (0x1036)
--#define CKM_ECDSA_KEY_PAIR_GEN (0x1040)
--#define CKM_EC_KEY_PAIR_GEN (0x1040)
--#define CKM_ECDSA (0x1041)
--#define CKM_ECDSA_SHA1 (0x1042)
--#define CKM_ECDH1_DERIVE (0x1050)
--#define CKM_ECDH1_COFACTOR_DERIVE (0x1051)
--#define CKM_ECMQV_DERIVE (0x1052)
--#define CKM_JUNIPER_KEY_GEN (0x1060)
--#define CKM_JUNIPER_ECB128 (0x1061)
--#define CKM_JUNIPER_CBC128 (0x1062)
--#define CKM_JUNIPER_COUNTER (0x1063)
--#define CKM_JUNIPER_SHUFFLE (0x1064)
--#define CKM_JUNIPER_WRAP (0x1065)
--#define CKM_FASTHASH (0x1070)
--#define CKM_AES_KEY_GEN (0x1080)
--#define CKM_AES_ECB (0x1081)
--#define CKM_AES_CBC (0x1082)
--#define CKM_AES_MAC (0x1083)
--#define CKM_AES_MAC_GENERAL (0x1084)
--#define CKM_AES_CBC_PAD (0x1085)
--#define CKM_DSA_PARAMETER_GEN (0x2000)
--#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
--#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
--#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
-+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL)
-+#define CKM_RSA_PKCS (1UL)
-+#define CKM_RSA_9796 (2UL)
-+#define CKM_RSA_X_509 (3UL)
-+#define CKM_MD2_RSA_PKCS (4UL)
-+#define CKM_MD5_RSA_PKCS (5UL)
-+#define CKM_SHA1_RSA_PKCS (6UL)
-+#define CKM_RIPEMD128_RSA_PKCS (7UL)
-+#define CKM_RIPEMD160_RSA_PKCS (8UL)
-+#define CKM_RSA_PKCS_OAEP (9UL)
-+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL)
-+#define CKM_RSA_X9_31 (0xbUL)
-+#define CKM_SHA1_RSA_X9_31 (0xcUL)
-+#define CKM_RSA_PKCS_PSS (0xdUL)
-+#define CKM_SHA1_RSA_PKCS_PSS (0xeUL)
-+#define CKM_DSA_KEY_PAIR_GEN (0x10UL)
-+#define CKM_DSA (0x11UL)
-+#define CKM_DSA_SHA1 (0x12UL)
-+#define CKM_DSA_SHA224 (0x13UL)
-+#define CKM_DSA_SHA256 (0x14UL)
-+#define CKM_DSA_SHA384 (0x15UL)
-+#define CKM_DSA_SHA512 (0x16UL)
-+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL)
-+#define CKM_DH_PKCS_DERIVE (0x21UL)
-+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL)
-+#define CKM_X9_42_DH_DERIVE (0x31UL)
-+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL)
-+#define CKM_X9_42_MQV_DERIVE (0x33UL)
-+#define CKM_SHA256_RSA_PKCS (0x40UL)
-+#define CKM_SHA384_RSA_PKCS (0x41UL)
-+#define CKM_SHA512_RSA_PKCS (0x42UL)
-+#define CKM_SHA256_RSA_PKCS_PSS (0x43UL)
-+#define CKM_SHA384_RSA_PKCS_PSS (0x44UL)
-+#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
-+#define CKM_SHA224_RSA_PKCS (0x46UL)
-+#define CKM_SHA224_RSA_PKCS_PSS (0x47UL)
-+#define CKM_RC2_KEY_GEN (0x100UL)
-+#define CKM_RC2_ECB (0x101UL)
-+#define CKM_RC2_CBC (0x102UL)
-+#define CKM_RC2_MAC (0x103UL)
-+#define CKM_RC2_MAC_GENERAL (0x104UL)
-+#define CKM_RC2_CBC_PAD (0x105UL)
-+#define CKM_RC4_KEY_GEN (0x110UL)
-+#define CKM_RC4 (0x111UL)
-+#define CKM_DES_KEY_GEN (0x120UL)
-+#define CKM_DES_ECB (0x121UL)
-+#define CKM_DES_CBC (0x122UL)
-+#define CKM_DES_MAC (0x123UL)
-+#define CKM_DES_MAC_GENERAL (0x124UL)
-+#define CKM_DES_CBC_PAD (0x125UL)
-+#define CKM_DES2_KEY_GEN (0x130UL)
-+#define CKM_DES3_KEY_GEN (0x131UL)
-+#define CKM_DES3_ECB (0x132UL)
-+#define CKM_DES3_CBC (0x133UL)
-+#define CKM_DES3_MAC (0x134UL)
-+#define CKM_DES3_MAC_GENERAL (0x135UL)
-+#define CKM_DES3_CBC_PAD (0x136UL)
-+#define CKM_DES3_CMAC (0x138UL)
-+#define CKM_CDMF_KEY_GEN (0x140UL)
-+#define CKM_CDMF_ECB (0x141UL)
-+#define CKM_CDMF_CBC (0x142UL)
-+#define CKM_CDMF_MAC (0x143UL)
-+#define CKM_CDMF_MAC_GENERAL (0x144UL)
-+#define CKM_CDMF_CBC_PAD (0x145UL)
-+#define CKM_MD2 (0x200UL)
-+#define CKM_MD2_HMAC (0x201UL)
-+#define CKM_MD2_HMAC_GENERAL (0x202UL)
-+#define CKM_MD5 (0x210UL)
-+#define CKM_MD5_HMAC (0x211UL)
-+#define CKM_MD5_HMAC_GENERAL (0x212UL)
-+#define CKM_SHA_1 (0x220UL)
-+#define CKM_SHA_1_HMAC (0x221UL)
-+#define CKM_SHA_1_HMAC_GENERAL (0x222UL)
-+#define CKM_RIPEMD128 (0x230UL)
-+#define CKM_RIPEMD128_HMAC (0x231UL)
-+#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL)
-+#define CKM_RIPEMD160 (0x240UL)
-+#define CKM_RIPEMD160_HMAC (0x241UL)
-+#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL)
-+#define CKM_SHA256 (0x250UL)
-+#define CKM_SHA256_HMAC (0x251UL)
-+#define CKM_SHA256_HMAC_GENERAL (0x252UL)
-+#define CKM_SHA224 (0x255UL)
-+#define CKM_SHA224_HMAC (0x256UL)
-+#define CKM_SHA224_HMAC_GENERAL (0x257UL)
-+#define CKM_SHA384 (0x260UL)
-+#define CKM_SHA384_HMAC (0x261UL)
-+#define CKM_SHA384_HMAC_GENERAL (0x262UL)
-+#define CKM_SHA512 (0x270UL)
-+#define CKM_SHA512_HMAC (0x271UL)
-+#define CKM_SHA512_HMAC_GENERAL (0x272UL)
-+#define CKM_SHA3_256 (0x2B0UL)
-+#define CKM_SHA3_256_HMAC (0x2B1UL)
-+#define CKM_SHA3_256_HMAC_GENERAL (0x2B2UL)
-+#define CKM_SHA3_224 (0x2B5UL)
-+#define CKM_SHA3_224_HMAC (0x2B6UL)
-+#define CKM_SHA3_224_HMAC_GENERAL (0x2B7UL)
-+#define CKM_SHA3_384 (0x2C0UL)
-+#define CKM_SHA3_384_HMAC (0x2C1UL)
-+#define CKM_SHA3_384_HMAC_GENERAL (0x2C2UL)
-+#define CKM_SHA3_512 (0x2D0UL)
-+#define CKM_SHA3_512_HMAC (0x2D1UL)
-+#define CKM_SHA3_512_HMAC_GENERAL (0x2D2UL)
-+#define CKM_CAST_KEY_GEN (0x300UL)
-+#define CKM_CAST_ECB (0x301UL)
-+#define CKM_CAST_CBC (0x302UL)
-+#define CKM_CAST_MAC (0x303UL)
-+#define CKM_CAST_MAC_GENERAL (0x304UL)
-+#define CKM_CAST_CBC_PAD (0x305UL)
-+#define CKM_CAST3_KEY_GEN (0x310UL)
-+#define CKM_CAST3_ECB (0x311UL)
-+#define CKM_CAST3_CBC (0x312UL)
-+#define CKM_CAST3_MAC (0x313UL)
-+#define CKM_CAST3_MAC_GENERAL (0x314UL)
-+#define CKM_CAST3_CBC_PAD (0x315UL)
-+#define CKM_CAST5_KEY_GEN (0x320UL)
-+#define CKM_CAST128_KEY_GEN (0x320UL)
-+#define CKM_CAST5_ECB (0x321UL)
-+#define CKM_CAST128_ECB (0x321UL)
-+#define CKM_CAST5_CBC (0x322UL)
-+#define CKM_CAST128_CBC (0x322UL)
-+#define CKM_CAST5_MAC (0x323UL)
-+#define CKM_CAST128_MAC (0x323UL)
-+#define CKM_CAST5_MAC_GENERAL (0x324UL)
-+#define CKM_CAST128_MAC_GENERAL (0x324UL)
-+#define CKM_CAST5_CBC_PAD (0x325UL)
-+#define CKM_CAST128_CBC_PAD (0x325UL)
-+#define CKM_RC5_KEY_GEN (0x330UL)
-+#define CKM_RC5_ECB (0x331UL)
-+#define CKM_RC5_CBC (0x332UL)
-+#define CKM_RC5_MAC (0x333UL)
-+#define CKM_RC5_MAC_GENERAL (0x334UL)
-+#define CKM_RC5_CBC_PAD (0x335UL)
-+#define CKM_IDEA_KEY_GEN (0x340UL)
-+#define CKM_IDEA_ECB (0x341UL)
-+#define CKM_IDEA_CBC (0x342UL)
-+#define CKM_IDEA_MAC (0x343UL)
-+#define CKM_IDEA_MAC_GENERAL (0x344UL)
-+#define CKM_IDEA_CBC_PAD (0x345UL)
-+#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL)
-+#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL)
-+#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL)
-+#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL)
-+#define CKM_XOR_BASE_AND_DATA (0x364UL)
-+#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL)
-+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL)
-+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL)
-+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL)
-+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL)
-+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL)
-+#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL)
-+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL)
-+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL)
-+#define CKM_SSL3_MD5_MAC (0x380UL)
-+#define CKM_SSL3_SHA1_MAC (0x381UL)
-+#define CKM_MD5_KEY_DERIVATION (0x390UL)
-+#define CKM_MD2_KEY_DERIVATION (0x391UL)
-+#define CKM_SHA1_KEY_DERIVATION (0x392UL)
-+#define CKM_PBE_MD2_DES_CBC (0x3a0UL)
-+#define CKM_PBE_MD5_DES_CBC (0x3a1UL)
-+#define CKM_PBE_MD5_CAST_CBC (0x3a2UL)
-+#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL)
-+#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL)
-+#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL)
-+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL)
-+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL)
-+#define CKM_PBE_SHA1_RC4_128 (0x3a6UL)
-+#define CKM_PBE_SHA1_RC4_40 (0x3a7UL)
-+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL)
-+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL)
-+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL)
-+#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL)
-+#define CKM_PKCS5_PBKD2 (0x3b0UL)
-+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL)
-+#define CKM_KEY_WRAP_LYNKS (0x400UL)
-+#define CKM_KEY_WRAP_SET_OAEP (0x401UL)
-+#define CKM_SKIPJACK_KEY_GEN (0x1000UL)
-+#define CKM_SKIPJACK_ECB64 (0x1001UL)
-+#define CKM_SKIPJACK_CBC64 (0x1002UL)
-+#define CKM_SKIPJACK_OFB64 (0x1003UL)
-+#define CKM_SKIPJACK_CFB64 (0x1004UL)
-+#define CKM_SKIPJACK_CFB32 (0x1005UL)
-+#define CKM_SKIPJACK_CFB16 (0x1006UL)
-+#define CKM_SKIPJACK_CFB8 (0x1007UL)
-+#define CKM_SKIPJACK_WRAP (0x1008UL)
-+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL)
-+#define CKM_SKIPJACK_RELAYX (0x100aUL)
-+#define CKM_KEA_KEY_PAIR_GEN (0x1010UL)
-+#define CKM_KEA_KEY_DERIVE (0x1011UL)
-+#define CKM_FORTEZZA_TIMESTAMP (0x1020UL)
-+#define CKM_BATON_KEY_GEN (0x1030UL)
-+#define CKM_BATON_ECB128 (0x1031UL)
-+#define CKM_BATON_ECB96 (0x1032UL)
-+#define CKM_BATON_CBC128 (0x1033UL)
-+#define CKM_BATON_COUNTER (0x1034UL)
-+#define CKM_BATON_SHUFFLE (0x1035UL)
-+#define CKM_BATON_WRAP (0x1036UL)
-+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL)
-+#define CKM_EC_KEY_PAIR_GEN (0x1040UL)
-+#define CKM_ECDSA (0x1041UL)
-+#define CKM_ECDSA_SHA1 (0x1042UL)
-+#define CKM_ECDSA_SHA224 (0x1043UL)
-+#define CKM_ECDSA_SHA256 (0x1044UL)
-+#define CKM_ECDSA_SHA384 (0x1045UL)
-+#define CKM_ECDSA_SHA512 (0x1046UL)
-+#define CKM_ECDH1_DERIVE (0x1050UL)
-+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
-+#define CKM_ECMQV_DERIVE (0x1052UL)
-+#define CKM_EC_EDWARDS_KEY_PAIR_GEN (0x1055UL)
-+#define CKM_EC_MONTGOMERY_KEY_PAIR_GEN (0x1056UL)
-+#define CKM_EDDSA (0x1057UL)
-+#define CKM_JUNIPER_KEY_GEN (0x1060UL)
-+#define CKM_JUNIPER_ECB128 (0x1061UL)
-+#define CKM_JUNIPER_CBC128 (0x1062UL)
-+#define CKM_JUNIPER_COUNTER (0x1063UL)
-+#define CKM_JUNIPER_SHUFFLE (0x1064UL)
-+#define CKM_JUNIPER_WRAP (0x1065UL)
-+#define CKM_FASTHASH (0x1070UL)
-+#define CKM_AES_KEY_GEN (0x1080UL)
-+#define CKM_AES_ECB (0x1081UL)
-+#define CKM_AES_CBC (0x1082UL)
-+#define CKM_AES_MAC (0x1083UL)
-+#define CKM_AES_MAC_GENERAL (0x1084UL)
-+#define CKM_AES_CBC_PAD (0x1085UL)
-+#define CKM_AES_CTR (0x1086UL)
-+#define CKM_AES_GCM (0x1087UL)
-+#define CKM_AES_CCM (0x1088UL)
-+#define CKM_AES_CTS (0x1089UL)
-+#define CKM_AES_CMAC (0x108AUL)
-+#define CKM_BLOWFISH_KEY_GEN (0x1090UL)
-+#define CKM_BLOWFISH_CBC (0x1091UL)
-+#define CKM_TWOFISH_KEY_GEN (0x1092UL)
-+#define CKM_TWOFISH_CBC (0x1093UL)
-+#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL)
-+#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL)
-+#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL)
-+#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL)
-+#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL)
-+#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL)
-+#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL)
-+#define CKM_GOSTR3410 (0x1201UL)
-+#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL)
-+#define CKM_GOSTR3410_KEY_WRAP (0x1203UL)
-+#define CKM_GOSTR3410_DERIVE (0x1204UL)
-+#define CKM_GOSTR3410_512_KEY_PAIR_GEN (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x005)
-+#define CKM_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x006)
-+#define CKM_GOSTR3410_12_DERIVE (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x007)
-+#define CKM_GOSTR3410_WITH_GOSTR3411_12_256 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x008)
-+#define CKM_GOSTR3410_WITH_GOSTR3411_12_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x009)
-+#define CKM_GOSTR3411 (0x1210UL)
-+#define CKM_GOSTR3411_HMAC (0x1211UL)
-+#define CKM_GOSTR3411_12_256 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x012)
-+#define CKM_GOSTR3411_12_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x013)
-+#define CKM_GOSTR3411_12_256_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x014)
-+#define CKM_GOSTR3411_12_512_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x015)
-+#define CKM_GOST28147_KEY_GEN (0x1220UL)
-+#define CKM_GOST28147_ECB (0x1221UL)
-+#define CKM_GOST28147 (0x1222UL)
-+#define CKM_GOST28147_MAC (0x1223UL)
-+#define CKM_GOST28147_KEY_WRAP (0x1224UL)
-+
-+#define CKM_DSA_PARAMETER_GEN (0x2000UL)
-+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL)
-+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL)
-+#define CKM_AES_KEY_WRAP (0x2109UL)
-+#define CKM_XEDDSA (0x4029UL)
-+#define CKM_VENDOR_DEFINED (1UL << 31)
-
-
- struct ck_mechanism
-@@ -690,25 +800,111 @@ struct ck_mechanism_info
- ck_flags_t flags;
- };
-
--#define CKF_HW (1 << 0)
--#define CKF_ENCRYPT (1 << 8)
--#define CKF_DECRYPT (1 << 9)
--#define CKF_DIGEST (1 << 10)
--#define CKF_SIGN (1 << 11)
--#define CKF_SIGN_RECOVER (1 << 12)
--#define CKF_VERIFY (1 << 13)
--#define CKF_VERIFY_RECOVER (1 << 14)
--#define CKF_GENERATE (1 << 15)
--#define CKF_GENERATE_KEY_PAIR (1 << 16)
--#define CKF_WRAP (1 << 17)
--#define CKF_UNWRAP (1 << 18)
--#define CKF_DERIVE (1 << 19)
--#define CKF_EXTENSION ((unsigned long) (1 << 31))
--
-+#define CKF_HW (1UL << 0)
-+#define CKF_ENCRYPT (1UL << 8)
-+#define CKF_DECRYPT (1UL << 9)
-+#define CKF_DIGEST (1UL << 10)
-+#define CKF_SIGN (1UL << 11)
-+#define CKF_SIGN_RECOVER (1UL << 12)
-+#define CKF_VERIFY (1UL << 13)
-+#define CKF_VERIFY_RECOVER (1UL << 14)
-+#define CKF_GENERATE (1UL << 15)
-+#define CKF_GENERATE_KEY_PAIR (1UL << 16)
-+#define CKF_WRAP (1UL << 17)
-+#define CKF_UNWRAP (1UL << 18)
-+#define CKF_DERIVE (1UL << 19)
-+#define CKF_EXTENSION (1UL << 31)
-+
-+#define CKF_EC_F_P (1UL << 20)
-+#define CKF_EC_F_2M (1UL << 21)
-+#define CKF_EC_ECPARAMETERS (1UL << 22)
-+#define CKF_EC_OID (1UL << 23)
-+#define CKF_EC_NAMEDCURVE CKF_EC_OID
-+#define CKF_EC_UNCOMPRESS (1UL << 24)
-+#define CKF_EC_COMPRESS (1UL << 25)
-+#define CKF_EC_CURVENAME (1UL << 26)
-
- /* Flags for C_WaitForSlotEvent. */
--#define CKF_DONT_BLOCK (1)
--
-+#define CKF_DONT_BLOCK (1UL)
-+
-+/* Flags for Key derivation */
-+#define CKD_NULL (0x1UL)
-+#define CKD_SHA1_KDF (0x2UL)
-+#define CKD_SHA224_KDF (0x5UL)
-+#define CKD_SHA256_KDF (0x6UL)
-+#define CKD_SHA384_KDF (0x7UL)
-+#define CKD_SHA512_KDF (0x8UL)
-+
-+typedef struct CK_ECDH1_DERIVE_PARAMS {
-+ unsigned long kdf;
-+ unsigned long ulSharedDataLen;
-+ unsigned char * pSharedData;
-+ unsigned long ulPublicDataLen;
-+ unsigned char * pPublicData;
-+} CK_ECDH1_DERIVE_PARAMS;
-+
-+typedef struct CK_ECMQV_DERIVE_PARAMS {
-+ unsigned long kdf;
-+ unsigned long ulSharedDataLen;
-+ unsigned char * pSharedData;
-+ unsigned long ulPublicDataLen;
-+ unsigned char * pPublicData;
-+ unsigned long ulPrivateDataLen;
-+ CK_OBJECT_HANDLE hPrivateData;
-+ unsigned long ulPublicDataLen2;
-+ unsigned char * pPublicData2;
-+ CK_OBJECT_HANDLE publicKey;
-+} CK_ECMQV_DERIVE_PARAMS;
-+
-+typedef unsigned long ck_rsa_pkcs_mgf_type_t;
-+typedef unsigned long CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-+
-+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-+ CK_MECHANISM_TYPE hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-+ void *pSourceData;
-+ unsigned long ulSourceDataLen;
-+} CK_RSA_PKCS_OAEP_PARAMS;
-+
-+typedef struct CK_RSA_PKCS_PSS_PARAMS {
-+ ck_mechanism_type_t hashAlg;
-+ CK_RSA_PKCS_MGF_TYPE mgf;
-+ unsigned long sLen;
-+} CK_RSA_PKCS_PSS_PARAMS;
-+
-+#define CKG_MGF1_SHA1 (0x00000001UL)
-+#define CKG_MGF1_SHA224 (0x00000005UL)
-+#define CKG_MGF1_SHA256 (0x00000002UL)
-+#define CKG_MGF1_SHA384 (0x00000003UL)
-+#define CKG_MGF1_SHA512 (0x00000004UL)
-+
-+#define CKZ_DATA_SPECIFIED (0x00000001UL)
-+
-+typedef struct CK_GCM_PARAMS {
-+ void * pIv;
-+ unsigned long ulIvLen;
-+ unsigned long ulIvBits;
-+ void * pAAD;
-+ unsigned long ulAADLen;
-+ unsigned long ulTagBits;
-+} CK_GCM_PARAMS;
-+
-+/* EDDSA */
-+typedef struct CK_EDDSA_PARAMS {
-+ unsigned char phFlag;
-+ unsigned long ulContextDataLen;
-+ unsigned char *pContextData;
-+} CK_EDDSA_PARAMS;
-+
-+typedef CK_EDDSA_PARAMS *CK_EDDSA_PARAMS_PTR;
-+
-+/* XEDDSA */
-+typedef struct CK_XEDDSA_PARAMS {
-+ unsigned long hash;
-+} CK_XEDDSA_PARAMS;
-+
-+typedef CK_XEDDSA_PARAMS *CK_XEDDSA_PARAMS_PTR;
-
- typedef unsigned long ck_rv_t;
-
-@@ -716,8 +912,17 @@ typedef unsigned long ck_rv_t;
- typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
- ck_notification_t event, void *application);
-
-+struct ck_interface {
-+ char * pInterfaceName;
-+ void * pFunctionList;
-+ ck_flags_t flags;
-+};
-+
-+#define CKF_INTERFACE_FORK_SAFE (0x00000001UL)
-+
- /* Forward reference. */
- struct ck_function_list;
-+struct ck_function_list_3_0;
-
- #define _CK_DECLARE_FUNCTION(name, args) \
- typedef ck_rv_t (*CK_ ## name) args; \
-@@ -774,7 +979,7 @@ _CK_DECLARE_FUNCTION (C_SetOperationState,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
-- ck_object_handle_t authentiation_key));
-+ ck_object_handle_t authentication_key));
- _CK_DECLARE_FUNCTION (C_Login,
- (ck_session_handle_t session, ck_user_type_t user_type,
- unsigned char *pin, unsigned long pin_len));
-@@ -999,6 +1204,147 @@ _CK_DECLARE_FUNCTION (C_GenerateRandom,
- _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
- _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
-
-+_CK_DECLARE_FUNCTION (C_GetInterfaceList,
-+ (struct ck_interface *interfaces_list,
-+ unsigned long *count));
-+_CK_DECLARE_FUNCTION (C_GetInterface,
-+ (unsigned char *interface_name,
-+ struct ck_version *version,
-+ struct ck_interface **interface,
-+ ck_flags_t flags));
-+
-+_CK_DECLARE_FUNCTION (C_LoginUser,
-+ (ck_session_handle_t session,
-+ ck_user_type_t user_type,
-+ unsigned char *pin,
-+ unsigned long pin_len,
-+ unsigned char *username,
-+ unsigned long username_len));
-+
-+_CK_DECLARE_FUNCTION (C_SessionCancel,
-+ (ck_session_handle_t session,
-+ ck_flags_t flags));
-+
-+_CK_DECLARE_FUNCTION (C_MessageEncryptInit,
-+ (ck_session_handle_t session,
-+ struct ck_mechanism *mechanism,
-+ ck_object_handle_t key));
-+_CK_DECLARE_FUNCTION (C_EncryptMessage,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *associated_data,
-+ unsigned long associated_data_len,
-+ unsigned char *plaintext,
-+ unsigned long plaintext_len,
-+ unsigned char *ciphertext,
-+ unsigned long *ciphertext_len));
-+_CK_DECLARE_FUNCTION (C_EncryptMessageBegin,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *associated_data,
-+ unsigned long associated_data_len));
-+_CK_DECLARE_FUNCTION (C_EncryptMessageNext,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *plaintext_part,
-+ unsigned long plaintext_part_len,
-+ unsigned char *ciphertext_part,
-+ unsigned long *ciphertext_part_len,
-+ ck_flags_t flags));
-+_CK_DECLARE_FUNCTION (C_MessageEncryptFinal,
-+ (ck_session_handle_t session));
-+
-+_CK_DECLARE_FUNCTION (C_MessageDecryptInit,
-+ (ck_session_handle_t session,
-+ struct ck_mechanism *mechanism,
-+ ck_object_handle_t key));
-+_CK_DECLARE_FUNCTION (C_DecryptMessage,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *associated_data,
-+ unsigned long associated_data_len,
-+ unsigned char *ciphertext,
-+ unsigned long ciphertext_len,
-+ unsigned char *plaintext,
-+ unsigned long *plaintext_len));
-+_CK_DECLARE_FUNCTION (C_DecryptMessageBegin,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *associated_data,
-+ unsigned long associated_data_len));
-+_CK_DECLARE_FUNCTION (C_DecryptMessageNext,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *ciphertext_part,
-+ unsigned long ciphertext_part_len,
-+ unsigned char *plaintext_part,
-+ unsigned long *plaintext_part_len,
-+ ck_flags_t flags));
-+_CK_DECLARE_FUNCTION (C_MessageDecryptFinal,
-+ (ck_session_handle_t session));
-+
-+_CK_DECLARE_FUNCTION (C_MessageSignInit,
-+ (ck_session_handle_t session,
-+ struct ck_mechanism *mechanism,
-+ ck_object_handle_t key));
-+_CK_DECLARE_FUNCTION (C_SignMessage,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *data,
-+ unsigned long data_len,
-+ unsigned char *signature,
-+ unsigned long *signature_len));
-+_CK_DECLARE_FUNCTION (C_SignMessageBegin,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len));
-+_CK_DECLARE_FUNCTION (C_SignMessageNext,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *data,
-+ unsigned long data_len,
-+ unsigned char *signature,
-+ unsigned long *signature_len));
-+_CK_DECLARE_FUNCTION (C_MessageSignFinal,
-+ (ck_session_handle_t session));
-+
-+_CK_DECLARE_FUNCTION (C_MessageVerifyInit,
-+ (ck_session_handle_t session,
-+ struct ck_mechanism *mechanism,
-+ ck_object_handle_t key));
-+_CK_DECLARE_FUNCTION (C_VerifyMessage,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *data,
-+ unsigned long data_len,
-+ unsigned char *signature,
-+ unsigned long signature_len));
-+_CK_DECLARE_FUNCTION (C_VerifyMessageBegin,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len));
-+_CK_DECLARE_FUNCTION (C_VerifyMessageNext,
-+ (ck_session_handle_t session,
-+ void *parameter,
-+ unsigned long parameter_len,
-+ unsigned char *data,
-+ unsigned long data_len,
-+ unsigned char *signature,
-+ unsigned long signature_len));
-+_CK_DECLARE_FUNCTION (C_MessageVerifyFinal,
-+ (ck_session_handle_t session));
-+
-+/* Flags in Message-based encryption/decryption API */
-+#define CKF_END_OF_MESSAGE (0x00000001UL)
-
- struct ck_function_list
- {
-@@ -1073,6 +1419,105 @@ struct ck_function_list
- CK_C_WaitForSlotEvent C_WaitForSlotEvent;
- };
-
-+struct ck_function_list_3_0
-+{
-+ struct ck_version version;
-+ CK_C_Initialize C_Initialize;
-+ CK_C_Finalize C_Finalize;
-+ CK_C_GetInfo C_GetInfo;
-+ CK_C_GetFunctionList C_GetFunctionList;
-+ CK_C_GetSlotList C_GetSlotList;
-+ CK_C_GetSlotInfo C_GetSlotInfo;
-+ CK_C_GetTokenInfo C_GetTokenInfo;
-+ CK_C_GetMechanismList C_GetMechanismList;
-+ CK_C_GetMechanismInfo C_GetMechanismInfo;
-+ CK_C_InitToken C_InitToken;
-+ CK_C_InitPIN C_InitPIN;
-+ CK_C_SetPIN C_SetPIN;
-+ CK_C_OpenSession C_OpenSession;
-+ CK_C_CloseSession C_CloseSession;
-+ CK_C_CloseAllSessions C_CloseAllSessions;
-+ CK_C_GetSessionInfo C_GetSessionInfo;
-+ CK_C_GetOperationState C_GetOperationState;
-+ CK_C_SetOperationState C_SetOperationState;
-+ CK_C_Login C_Login;
-+ CK_C_Logout C_Logout;
-+ CK_C_CreateObject C_CreateObject;
-+ CK_C_CopyObject C_CopyObject;
-+ CK_C_DestroyObject C_DestroyObject;
-+ CK_C_GetObjectSize C_GetObjectSize;
-+ CK_C_GetAttributeValue C_GetAttributeValue;
-+ CK_C_SetAttributeValue C_SetAttributeValue;
-+ CK_C_FindObjectsInit C_FindObjectsInit;
-+ CK_C_FindObjects C_FindObjects;
-+ CK_C_FindObjectsFinal C_FindObjectsFinal;
-+ CK_C_EncryptInit C_EncryptInit;
-+ CK_C_Encrypt C_Encrypt;
-+ CK_C_EncryptUpdate C_EncryptUpdate;
-+ CK_C_EncryptFinal C_EncryptFinal;
-+ CK_C_DecryptInit C_DecryptInit;
-+ CK_C_Decrypt C_Decrypt;
-+ CK_C_DecryptUpdate C_DecryptUpdate;
-+ CK_C_DecryptFinal C_DecryptFinal;
-+ CK_C_DigestInit C_DigestInit;
-+ CK_C_Digest C_Digest;
-+ CK_C_DigestUpdate C_DigestUpdate;
-+ CK_C_DigestKey C_DigestKey;
-+ CK_C_DigestFinal C_DigestFinal;
-+ CK_C_SignInit C_SignInit;
-+ CK_C_Sign C_Sign;
-+ CK_C_SignUpdate C_SignUpdate;
-+ CK_C_SignFinal C_SignFinal;
-+ CK_C_SignRecoverInit C_SignRecoverInit;
-+ CK_C_SignRecover C_SignRecover;
-+ CK_C_VerifyInit C_VerifyInit;
-+ CK_C_Verify C_Verify;
-+ CK_C_VerifyUpdate C_VerifyUpdate;
-+ CK_C_VerifyFinal C_VerifyFinal;
-+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
-+ CK_C_VerifyRecover C_VerifyRecover;
-+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
-+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
-+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
-+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
-+ CK_C_GenerateKey C_GenerateKey;
-+ CK_C_GenerateKeyPair C_GenerateKeyPair;
-+ CK_C_WrapKey C_WrapKey;
-+ CK_C_UnwrapKey C_UnwrapKey;
-+ CK_C_DeriveKey C_DeriveKey;
-+ CK_C_SeedRandom C_SeedRandom;
-+ CK_C_GenerateRandom C_GenerateRandom;
-+ CK_C_GetFunctionStatus C_GetFunctionStatus;
-+ CK_C_CancelFunction C_CancelFunction;
-+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
-+ /* PKCS #11 3.0 functions */
-+ CK_C_GetInterfaceList C_GetInterfaceList;
-+ CK_C_GetInterface C_GetInterface;
-+ CK_C_LoginUser C_LoginUser;
-+ CK_C_SessionCancel C_SessionCancel;
-+ CK_C_MessageEncryptInit C_MessageEncryptInit;
-+ CK_C_EncryptMessage C_EncryptMessage;
-+ CK_C_EncryptMessageBegin C_EncryptMessageBegin;
-+ CK_C_EncryptMessageNext C_EncryptMessageNext;
-+ CK_C_MessageEncryptFinal C_MessageEncryptFinal;
-+ CK_C_MessageDecryptInit C_MessageDecryptInit;
-+ CK_C_DecryptMessage C_DecryptMessage;
-+ CK_C_DecryptMessageBegin C_DecryptMessageBegin;
-+ CK_C_DecryptMessageNext C_DecryptMessageNext;
-+ CK_C_MessageDecryptFinal C_MessageDecryptFinal;
-+ CK_C_MessageSignInit C_MessageSignInit;
-+ CK_C_SignMessage C_SignMessage;
-+ CK_C_SignMessageBegin C_SignMessageBegin;
-+ CK_C_SignMessageNext C_SignMessageNext;
-+ CK_C_MessageSignFinal C_MessageSignFinal;
-+ CK_C_MessageVerifyInit C_MessageVerifyInit;
-+ CK_C_VerifyMessage C_VerifyMessage;
-+ CK_C_VerifyMessageBegin C_VerifyMessageBegin;
-+ CK_C_VerifyMessageNext C_VerifyMessageNext;
-+ CK_C_MessageVerifyFinal C_MessageVerifyFinal;
-+};
-+
-+
-
- typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
- typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
-@@ -1091,98 +1536,99 @@ struct ck_c_initialize_args
- };
-
-
--#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
--#define CKF_OS_LOCKING_OK (1 << 1)
--
--#define CKR_OK (0)
--#define CKR_CANCEL (1)
--#define CKR_HOST_MEMORY (2)
--#define CKR_SLOT_ID_INVALID (3)
--#define CKR_GENERAL_ERROR (5)
--#define CKR_FUNCTION_FAILED (6)
--#define CKR_ARGUMENTS_BAD (7)
--#define CKR_NO_EVENT (8)
--#define CKR_NEED_TO_CREATE_THREADS (9)
--#define CKR_CANT_LOCK (0xa)
--#define CKR_ATTRIBUTE_READ_ONLY (0x10)
--#define CKR_ATTRIBUTE_SENSITIVE (0x11)
--#define CKR_ATTRIBUTE_TYPE_INVALID (0x12)
--#define CKR_ATTRIBUTE_VALUE_INVALID (0x13)
--#define CKR_DATA_INVALID (0x20)
--#define CKR_DATA_LEN_RANGE (0x21)
--#define CKR_DEVICE_ERROR (0x30)
--#define CKR_DEVICE_MEMORY (0x31)
--#define CKR_DEVICE_REMOVED (0x32)
--#define CKR_ENCRYPTED_DATA_INVALID (0x40)
--#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41)
--#define CKR_FUNCTION_CANCELED (0x50)
--#define CKR_FUNCTION_NOT_PARALLEL (0x51)
--#define CKR_FUNCTION_NOT_SUPPORTED (0x54)
--#define CKR_KEY_HANDLE_INVALID (0x60)
--#define CKR_KEY_SIZE_RANGE (0x62)
--#define CKR_KEY_TYPE_INCONSISTENT (0x63)
--#define CKR_KEY_NOT_NEEDED (0x64)
--#define CKR_KEY_CHANGED (0x65)
--#define CKR_KEY_NEEDED (0x66)
--#define CKR_KEY_INDIGESTIBLE (0x67)
--#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68)
--#define CKR_KEY_NOT_WRAPPABLE (0x69)
--#define CKR_KEY_UNEXTRACTABLE (0x6a)
--#define CKR_MECHANISM_INVALID (0x70)
--#define CKR_MECHANISM_PARAM_INVALID (0x71)
--#define CKR_OBJECT_HANDLE_INVALID (0x82)
--#define CKR_OPERATION_ACTIVE (0x90)
--#define CKR_OPERATION_NOT_INITIALIZED (0x91)
--#define CKR_PIN_INCORRECT (0xa0)
--#define CKR_PIN_INVALID (0xa1)
--#define CKR_PIN_LEN_RANGE (0xa2)
--#define CKR_PIN_EXPIRED (0xa3)
--#define CKR_PIN_LOCKED (0xa4)
--#define CKR_SESSION_CLOSED (0xb0)
--#define CKR_SESSION_COUNT (0xb1)
--#define CKR_SESSION_HANDLE_INVALID (0xb3)
--#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4)
--#define CKR_SESSION_READ_ONLY (0xb5)
--#define CKR_SESSION_EXISTS (0xb6)
--#define CKR_SESSION_READ_ONLY_EXISTS (0xb7)
--#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8)
--#define CKR_SIGNATURE_INVALID (0xc0)
--#define CKR_SIGNATURE_LEN_RANGE (0xc1)
--#define CKR_TEMPLATE_INCOMPLETE (0xd0)
--#define CKR_TEMPLATE_INCONSISTENT (0xd1)
--#define CKR_TOKEN_NOT_PRESENT (0xe0)
--#define CKR_TOKEN_NOT_RECOGNIZED (0xe1)
--#define CKR_TOKEN_WRITE_PROTECTED (0xe2)
--#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0)
--#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1)
--#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2)
--#define CKR_USER_ALREADY_LOGGED_IN (0x100)
--#define CKR_USER_NOT_LOGGED_IN (0x101)
--#define CKR_USER_PIN_NOT_INITIALIZED (0x102)
--#define CKR_USER_TYPE_INVALID (0x103)
--#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104)
--#define CKR_USER_TOO_MANY_TYPES (0x105)
--#define CKR_WRAPPED_KEY_INVALID (0x110)
--#define CKR_WRAPPED_KEY_LEN_RANGE (0x112)
--#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113)
--#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114)
--#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115)
--#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120)
--#define CKR_RANDOM_NO_RNG (0x121)
--#define CKR_DOMAIN_PARAMS_INVALID (0x130)
--#define CKR_BUFFER_TOO_SMALL (0x150)
--#define CKR_SAVED_STATE_INVALID (0x160)
--#define CKR_INFORMATION_SENSITIVE (0x170)
--#define CKR_STATE_UNSAVEABLE (0x180)
--#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190)
--#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191)
--#define CKR_MUTEX_BAD (0x1a0)
--#define CKR_MUTEX_NOT_LOCKED (0x1a1)
--#define CKR_FUNCTION_REJECTED (0x200)
--#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
--
--
--\f
-+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0)
-+#define CKF_OS_LOCKING_OK (1UL << 1)
-+
-+#define CKR_OK (0UL)
-+#define CKR_CANCEL (1UL)
-+#define CKR_HOST_MEMORY (2UL)
-+#define CKR_SLOT_ID_INVALID (3UL)
-+#define CKR_GENERAL_ERROR (5UL)
-+#define CKR_FUNCTION_FAILED (6UL)
-+#define CKR_ARGUMENTS_BAD (7UL)
-+#define CKR_NO_EVENT (8UL)
-+#define CKR_NEED_TO_CREATE_THREADS (9UL)
-+#define CKR_CANT_LOCK (0xaUL)
-+#define CKR_ATTRIBUTE_READ_ONLY (0x10UL)
-+#define CKR_ATTRIBUTE_SENSITIVE (0x11UL)
-+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL)
-+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL)
-+#define CKR_ACTION_PROHIBITED (0x1BUL)
-+#define CKR_DATA_INVALID (0x20UL)
-+#define CKR_DATA_LEN_RANGE (0x21UL)
-+#define CKR_DEVICE_ERROR (0x30UL)
-+#define CKR_DEVICE_MEMORY (0x31UL)
-+#define CKR_DEVICE_REMOVED (0x32UL)
-+#define CKR_ENCRYPTED_DATA_INVALID (0x40UL)
-+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL)
-+#define CKR_FUNCTION_CANCELED (0x50UL)
-+#define CKR_FUNCTION_NOT_PARALLEL (0x51UL)
-+#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL)
-+#define CKR_KEY_HANDLE_INVALID (0x60UL)
-+#define CKR_KEY_SIZE_RANGE (0x62UL)
-+#define CKR_KEY_TYPE_INCONSISTENT (0x63UL)
-+#define CKR_KEY_NOT_NEEDED (0x64UL)
-+#define CKR_KEY_CHANGED (0x65UL)
-+#define CKR_KEY_NEEDED (0x66UL)
-+#define CKR_KEY_INDIGESTIBLE (0x67UL)
-+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL)
-+#define CKR_KEY_NOT_WRAPPABLE (0x69UL)
-+#define CKR_KEY_UNEXTRACTABLE (0x6aUL)
-+#define CKR_MECHANISM_INVALID (0x70UL)
-+#define CKR_MECHANISM_PARAM_INVALID (0x71UL)
-+#define CKR_OBJECT_HANDLE_INVALID (0x82UL)
-+#define CKR_OPERATION_ACTIVE (0x90UL)
-+#define CKR_OPERATION_NOT_INITIALIZED (0x91UL)
-+#define CKR_PIN_INCORRECT (0xa0UL)
-+#define CKR_PIN_INVALID (0xa1UL)
-+#define CKR_PIN_LEN_RANGE (0xa2UL)
-+#define CKR_PIN_EXPIRED (0xa3UL)
-+#define CKR_PIN_LOCKED (0xa4UL)
-+#define CKR_SESSION_CLOSED (0xb0UL)
-+#define CKR_SESSION_COUNT (0xb1UL)
-+#define CKR_SESSION_HANDLE_INVALID (0xb3UL)
-+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL)
-+#define CKR_SESSION_READ_ONLY (0xb5UL)
-+#define CKR_SESSION_EXISTS (0xb6UL)
-+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL)
-+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL)
-+#define CKR_SIGNATURE_INVALID (0xc0UL)
-+#define CKR_SIGNATURE_LEN_RANGE (0xc1UL)
-+#define CKR_TEMPLATE_INCOMPLETE (0xd0UL)
-+#define CKR_TEMPLATE_INCONSISTENT (0xd1UL)
-+#define CKR_TOKEN_NOT_PRESENT (0xe0UL)
-+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL)
-+#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL)
-+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL)
-+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL)
-+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL)
-+#define CKR_USER_ALREADY_LOGGED_IN (0x100UL)
-+#define CKR_USER_NOT_LOGGED_IN (0x101UL)
-+#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL)
-+#define CKR_USER_TYPE_INVALID (0x103UL)
-+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL)
-+#define CKR_USER_TOO_MANY_TYPES (0x105UL)
-+#define CKR_WRAPPED_KEY_INVALID (0x110UL)
-+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL)
-+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL)
-+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL)
-+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL)
-+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL)
-+#define CKR_RANDOM_NO_RNG (0x121UL)
-+#define CKR_DOMAIN_PARAMS_INVALID (0x130UL)
-+#define CKR_CURVE_NOT_SUPPORTED (0x140UL)
-+#define CKR_BUFFER_TOO_SMALL (0x150UL)
-+#define CKR_SAVED_STATE_INVALID (0x160UL)
-+#define CKR_INFORMATION_SENSITIVE (0x170UL)
-+#define CKR_STATE_UNSAVEABLE (0x180UL)
-+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL)
-+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL)
-+#define CKR_MUTEX_BAD (0x1a0UL)
-+#define CKR_MUTEX_NOT_LOCKED (0x1a1UL)
-+#define CKR_FUNCTION_REJECTED (0x200UL)
-+#define CKR_VENDOR_DEFINED (1UL << 31)
-+
-+
- /* Compatibility layer. */
-
- #ifdef CRYPTOKI_COMPAT
-@@ -1247,16 +1693,26 @@ typedef struct ck_date *CK_DATE_PTR;
-
- typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
-
-+typedef ck_rsa_pkcs_mgf_type_t *CK_RSA_PKCS_MGF_TYPE_PTR;
-+
- typedef struct ck_mechanism CK_MECHANISM;
- typedef struct ck_mechanism *CK_MECHANISM_PTR;
-
- typedef struct ck_mechanism_info CK_MECHANISM_INFO;
- typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
-
-+typedef struct ck_interface CK_INTERFACE;
-+typedef struct ck_interface *CK_INTERFACE_PTR;
-+typedef struct ck_interface **CK_INTERFACE_PTR_PTR;
-+
- typedef struct ck_function_list CK_FUNCTION_LIST;
- typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
- typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
-
-+typedef struct ck_function_list_3_0 CK_FUNCTION_LIST_3_0;
-+typedef struct ck_function_list_3_0 *CK_FUNCTION_LIST_3_0_PTR;
-+typedef struct ck_function_list_3_0 **CK_FUNCTION_LIST_3_0_PTR_PTR;
-+
- typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
- typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-
-@@ -1317,6 +1773,8 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-
- #undef ck_mechanism_type_t
-
-+#undef ck_rsa_pkcs_mgf_type_t
-+
- #undef ck_mechanism
- #undef parameter
- #undef parameter_len
-@@ -1328,7 +1786,10 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
- #undef ck_rv_t
- #undef ck_notify_t
-
-+#undef ck_interface
-+
- #undef ck_function_list
-+#undef ck_function_list_3_0
-
- #undef ck_createmutex_t
- #undef ck_destroymutex_t
-@@ -1344,7 +1805,6 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-
- #endif /* CRYPTOKI_COMPAT */
-
--\f
- /* System dependencies. */
- #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
- #pragma pack(pop, cryptoki)
-diff --git a/include/pkcs11-helper-1.0/pkcs11h-certificate.h b/include/pkcs11-helper-1.0/pkcs11h-certificate.h
-index 047469e..5a35e34 100644
---- a/include/pkcs11-helper-1.0/pkcs11h-certificate.h
-+++ b/include/pkcs11-helper-1.0/pkcs11h-certificate.h
-@@ -242,7 +242,7 @@ pkcs11h_certificate_setUserData (
- );
-
- /**
-- * @brief Get certifiate id object out of a certifiate.
-+ * @brief Get certificate id object out of a certificate.
- * @param certificate Certificate object.
- * @param p_certificate_id Certificate id object pointer.
- * @return CK_RV.
-@@ -288,7 +288,7 @@ pkcs11h_certificate_serializeCertificateId (
- /**
- * @brief Deserialize certificate_id out of string.
- * @param p_certificate_id id.
-- * @param sz Inut string
-+ * @param sz Input string
- * @return CK_RV.
- * @note Caller must free result.
- * @see pkcs11h_certificate_freeCertificateId().
-@@ -320,7 +320,7 @@ pkcs11h_certificate_ensureKeyAccess (
- );
-
- /**
-- * @brief Lock session for threded environment.
-+ * @brief Lock session for threaded environment.
- * @param certificate Certificate object.
- * @return CK_RV.
- * @remarks
-@@ -352,7 +352,7 @@ pkcs11h_certificate_releaseSession (
- /**
- * @brief Sign data.
- * @param certificate Certificate object.
-- * @param mech_type PKCS#11 mechanism.
-+ * @param mech_type PKCS#11 mechanism type.
- * @param source Buffer to sign.
- * @param source_size Buffer size.
- * @param target Target buffer.
-@@ -373,10 +373,34 @@ pkcs11h_certificate_sign (
- IN OUT size_t * const p_target_size
- );
-
-+/**
-+ * @brief Sign data with mechanism parameters.
-+ * @param certificate Certificate object.
-+ * @param mech PKCS#11 mechanism.
-+ * @param source Buffer to sign.
-+ * @param source_size Buffer size.
-+ * @param target Target buffer.
-+ * @param p_target_size Target buffer size.
-+ * @return CK_RV.
-+ * @note target may be NULL to get size.
-+ * @attention When using in threaded environment session must be locked.
-+ * @see pkcs11h_certificate_lockSession().
-+ * @see pkcs11h_certificate_signAny().
-+ */
-+CK_RV
-+pkcs11h_certificate_sign_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
-+);
-+
- /**
- * @brief Sign data.
- * @param certificate Certificate object.
-- * @param mech_type PKCS#11 mechanism.
-+ * @param mech_type PKCS#11 mechanism type.
- * @param source Buffer to sign.
- * @param source_size Buffer size.
- * @param target Target buffer.
-@@ -397,10 +421,34 @@ pkcs11h_certificate_signRecover (
- IN OUT size_t * const p_target_size
- );
-
-+/**
-+ * @brief Sign data with mechanism parameters.
-+ * @param certificate Certificate object.
-+ * @param mech PKCS#11 mechanism.
-+ * @param source Buffer to sign.
-+ * @param source_size Buffer size.
-+ * @param target Target buffer.
-+ * @param p_target_size Target buffer size.
-+ * @return CK_RV.
-+ * @note target may be NULL to get size.
-+ * @attention When using in threaded environment session must be locked.
-+ * @see pkcs11h_certificate_lockSession().
-+ * @see pkcs11h_certificate_signAny().
-+ */
-+CK_RV
-+pkcs11h_certificate_signRecover_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
-+);
-+
- /**
- * @brief Decrypt data.
- * @param certificate Certificate object.
-- * @param mech_type PKCS#11 mechanism.
-+ * @param mech_type PKCS#11 mechanism type.
- * @param source Buffer to sign.
- * @param source_size Buffer size.
- * @param target Target buffer.
-@@ -420,10 +468,33 @@ pkcs11h_certificate_decrypt (
- IN OUT size_t * const p_target_size
- );
-
-+/**
-+ * @brief Decrypt data with mechanism parameters.
-+ * @param certificate Certificate object.
-+ * @param mech PKCS#11 mechanism.
-+ * @param source Buffer to sign.
-+ * @param source_size Buffer size.
-+ * @param target Target buffer.
-+ * @param p_target_size Target buffer size.
-+ * @return CK_RV.
-+ * @note target may be NULL to get size.
-+ * @attention When using in threaded environment session must be locked.
-+ * @see pkcs11h_certificate_lockSession().
-+ */
-+CK_RV
-+pkcs11h_certificate_decrypt_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
-+);
-+
- /**
- * @brief Decrypt data.
- * @param certificate Certificate object.
-- * @param mech_type PKCS#11 mechanism.
-+ * @param mech_type PKCS#11 mechanism type.
- * @param source Buffer to sign.
- * @param source_size Buffer size.
- * @param target Target buffer.
-@@ -444,9 +515,32 @@ pkcs11h_certificate_unwrap (
- );
-
- /**
-- * @brief Sign data mechanism determined by key attributes.
-+ * @brief Decrypt data with mechanism parameters.
- * @param certificate Certificate object.
-- * @param mech_type PKCS#11 mechanism.
-+ * @param mech PKCS#11 mechanism type.
-+ * @param source Buffer to sign.
-+ * @param source_size Buffer size.
-+ * @param target Target buffer.
-+ * @param p_target_size Target buffer size.
-+ * @return CK_RV.
-+ * @note target may be NULL to get size.
-+ * @attention When using in threaded environment session must be locked.
-+ * @see pkcs11h_certificate_lockSession().
-+ */
-+CK_RV
-+pkcs11h_certificate_unwrap_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
-+);
-+
-+/**
-+ * @brief Sign data with method determined by key attributes.
-+ * @param certificate Certificate object.
-+ * @param mech_type PKCS#11 mechanism type.
- * @param source Buffer to sign.
- * @param source_size Buffer size.
- * @param target Target buffer.
-@@ -467,9 +561,32 @@ pkcs11h_certificate_signAny (
- );
-
- /**
-- * @brief Decrypt data mechanism determined by key attributes.
-+ * @brief Sign data with method determined by key attributes.
-+ * @param certificate Certificate object.
-+ * @param mech PKCS#11 mechanism.
-+ * @param source Buffer to sign.
-+ * @param source_size Buffer size.
-+ * @param target Target buffer.
-+ * @param p_target_size Target buffer size.
-+ * @return CK_RV.
-+ * @note target may be NULL to get size.
-+ * @attention When using in threaded environment session must be locked.
-+ * @see pkcs11h_certificate_lockSession().
-+ */
-+CK_RV
-+pkcs11h_certificate_signAny_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
-+);
-+
-+/**
-+ * @brief Decrypt data with method determined by key attributes.
- * @param certificate Certificate object.
-- * @param mech_type PKCS#11 mechanism.
-+ * @param mech_type PKCS#11 mechanism type.
- * @param source Buffer to sign.
- * @param source_size Buffer size.
- * @param target Target buffer.
-@@ -489,6 +606,29 @@ pkcs11h_certificate_decryptAny (
- IN OUT size_t * const p_target_size
- );
-
-+/**
-+ * @brief Decrypt data with method determined by key attributes.
-+ * @param certificate Certificate object.
-+ * @param mech PKCS#11 mechanism.
-+ * @param source Buffer to sign.
-+ * @param source_size Buffer size.
-+ * @param target Target buffer.
-+ * @param p_target_size Target buffer size.
-+ * @return CK_RV.
-+ * @note target may be NULL to get size.
-+ * @attention When using in threaded environment session must be locked.
-+ * @see pkcs11h_certificate_lockSession().
-+ */
-+CK_RV
-+pkcs11h_certificate_decryptAny_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
-+);
-+
- /**
- * @brief Free certificate_id list.
- * @param cert_id_list List.
-diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
-index 008c35f..d1374e4 100644
---- a/include/pkcs11-helper-1.0/pkcs11h-core.h
-+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
-@@ -199,6 +199,60 @@ extern "C" {
- #define PKCS11H_ENUM_METHOD_RELOAD 2
- /** @} */
-
-+/**
-+ * @brief Provider properties.
-+ * @addtogroup PKCS11H_ENUM_PROVIDER_PROPERTY
-+ * @{
-+ */
-+
-+/**
-+ * @brief Provider location.
-+ * Value type is char*.
-+ */
-+#define PKCS11H_PROVIDER_PROPERTY_LOCATION 0
-+/**
-+ * @brief Allow this provider to use protected authentication.
-+ * Value type is @ref PKCS11H_BOOL.
-+ * Default value is False.
-+ */
-+#define PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH 1
-+/**
-+ * @brief Provider private mode @ref PKCS11H_PRIVATEMODE_MASK override.
-+ * Value type is unsigened.
-+ * Default value is @ref PKCS11H_PRIVATEMODE_MASK_AUTO.
-+ */
-+#define PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE 2
-+/**
-+ * @brief Provider slot event @ref PKCS11H_SLOTEVENT_METHOD method.
-+ * Value type is unsigned.
-+ * Default value is @ref PKCS11H_SLOTEVENT_METHOD_AUTO.
-+ */
-+#define PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD 3
-+/**
-+ * @brief Slot event poll interval (If in polling mode).
-+ * Value type is unsigned.
-+ * Default value is 0.
-+ */
-+#define PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL 4
-+/*
-+ * @brief Provider's certificate access should be done after login.
-+ * Value type is @ref PKCS11H_BOOL.
-+ * Default value is False.
-+*/
-+#define PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE 5
-+
-+/**
-+ * @brief Provider initialize arguments.
-+ * Value type is CK_C_INITIALIZE_ARGS_PTR.
-+ * Default value is NULL.
-+ */
-+#define PKCS11H_PROVIDER_PROPERTY_INIT_ARGS 6
-+
-+/** @private */
-+#define _PKCS11H_PROVIDER_PROPERTY_LAST 7
-+
-+/** @} */
-+
- struct pkcs11h_token_id_s;
-
- /**
-@@ -342,7 +396,7 @@ pkcs11h_getLogLevel (void);
- * @attention
- * This function should be called after @ref pkcs11h_initialize()
- * @note
-- * This funciton is releavant if @ref PKCS11H_FEATURE_MASK_THREADING is set.
-+ * This function is relevant if @ref PKCS11H_FEATURE_MASK_THREADING is set.
- * If safe mode is on, the child process can use the loaded PKCS#11 providers
- * but it cannot use fork(), while it is in one of the hooks functions, since
- * locked mutexes cannot be released.
-@@ -443,7 +497,7 @@ pkcs11h_setMaxLoginRetries (
- );
-
- /**
-- * @brief Add a PKCS#11 provider.
-+ * @brief Register, configure and initialize a PKCS#11 provider.
- * @param reference Reference name for this provider.
- * @param provider_location Provider library location.
- * @param allow_protected_auth Allow this provider to use protected authentication.
-@@ -466,6 +520,58 @@ pkcs11h_addProvider (
- IN const PKCS11H_BOOL cert_is_private
- );
-
-+/**
-+ * @brief Register a PKCS#11 provider.
-+ * @param reference Reference name for this provider.
-+ * @return CK_RV.
-+ */
-+CK_RV
-+pkcs11h_registerProvider (
-+ IN const char * const reference
-+);
-+
-+/**
-+ * @brief Set PKCS#11 provider property by name.
-+ * @param reference Reference name for this provider.
-+ * @param property_str Property kind.
-+ * @param value_str Property value.
-+ */
-+CK_RV
-+pkcs11h_setProviderPropertyByName (
-+ IN const char * const reference,
-+ IN const char * const property_str,
-+ IN const char * const value_str
-+);
-+
-+/**
-+ * @brief Set PKCS#11 provider property.
-+ * @param reference Reference name for this provider.
-+ * @param property Property kind.
-+ * @param value Property value.
-+ * @param value_size size of dereferenced property value.
-+ * @return CK_RV.
-+ * @note Referenced type has to satisfy @ref PKCS11H_ENUM_PROVIDER_PROPERTY.
-+ */
-+CK_RV
-+pkcs11h_setProviderProperty (
-+ IN const char * const reference,
-+ IN const unsigned property,
-+ IN const void * value,
-+ IN const size_t value_size
-+);
-+
-+/**
-+ * @brief Initialize a PKCS#11 provider.
-+ * @param reference Reference name for this provider.
-+ * @attention This function must be called from the main thread.
-+ * @note The global allow_protected_auth must be enabled in order to allow provider specific.
-+ * @return CK_RV.
-+ */
-+CK_RV
-+pkcs11h_initializeProvider (
-+ IN const char * const reference
-+);
-+
- /**
- * @brief Delete a PKCS#11 provider.
- * @param reference Reference name for this provider.
-diff --git a/include/pkcs11-helper-1.0/pkcs11h-engines.h b/include/pkcs11-helper-1.0/pkcs11h-engines.h
-index ac0f91f..a84aff3 100644
---- a/include/pkcs11-helper-1.0/pkcs11h-engines.h
-+++ b/include/pkcs11-helper-1.0/pkcs11h-engines.h
-@@ -126,7 +126,7 @@ typedef struct pkcs11h_crypto_engine_s {
- /**
- * @brief Initialize engine.
- * @param global_data Engine data.
-- * @return None zero - Sucess.
-+ * @return None zero - Success.
- */
- int (*initialize) (
- IN void * const global_data
-@@ -135,7 +135,7 @@ typedef struct pkcs11h_crypto_engine_s {
- /**
- * @brief Uninitialize engine.
- * @param global_data Engine data.
-- * @return None zero - Sucess.
-+ * @return None zero - Success.
- */
- int (*uninitialize) (
- IN void * const global_data
-@@ -147,7 +147,7 @@ typedef struct pkcs11h_crypto_engine_s {
- * @param blob Certificate blob.
- * @param blob_size Certificate blob size.
- * @param expiration Certificate expiration time.
-- * @return None zero - Sucess.
-+ * @return None zero - Success.
- */
- int (*certificate_get_expiration) (
- IN void * const global_data,
-@@ -163,7 +163,7 @@ typedef struct pkcs11h_crypto_engine_s {
- * @param blob_size Certificate blob size.
- * @param dn dn buffer.
- * @param dn_max dn buffer size.
-- * @return None zero - Sucess.
-+ * @return None zero - Success.
- */
- int (*certificate_get_dn) (
- IN void * const global_data,
-@@ -180,7 +180,7 @@ typedef struct pkcs11h_crypto_engine_s {
- * @param issuer_blob_size Issuer's certificate blob size.
- * @param cert_blob Certificate blob.
- * @param cert_blob_size Certificate blob size.
-- * @return None zero - Sucess.
-+ * @return None zero - Success.
- */
- int (*certificate_is_issuer) (
- IN void * const global_data,
-diff --git a/lib/Makefile.w32-vc b/lib/Makefile.w32-vc
-index 0e64f42..96f1f89 100644
---- a/lib/Makefile.w32-vc
-+++ b/lib/Makefile.w32-vc
-@@ -55,15 +55,15 @@
- #OPENSSL=1
- !ifdef OPENSSL
- !ifndef OPENSSL_HOME
--OPENSSL_HOME = ..\..\openssl-0.9.8a
-+OPENSSL_HOME = ..\..\openssl
- !endif
- !endif
-
- !ifdef OPENSSL
--OPENSSL_STATIC = libeay32.lib
--#OPENSSL_STATIC = libeay32sd.lib
--OPENSSL_DYNAMIC = libeay32.lib
--#OPENSSL_DYNAMIC = libeay32d.lib
-+OPENSSL_STATIC = libcrypto.lib
-+#OPENSSL_STATIC = libcryptosd.lib
-+OPENSSL_DYNAMIC = libcrypto.lib
-+#OPENSSL_DYNAMIC = libcryptod.lib
-
- OPENSSL_INC=$(OPENSSL_HOME)\include
- OPENSSL_LIB=$(OPENSSL_HOME)\lib
-@@ -82,7 +82,7 @@ CFLAGS=$(CFLAGS) -DNDEBUG
-
- LINK32=link.exe
- LIB32=lib.exe
--LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no
-+LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no /release
- LIB32_FLAGS=/nologo
-
- HEADERS = \
-diff --git a/lib/_pkcs11h-core.h b/lib/_pkcs11h-core.h
-index ba7d6aa..3bdd370 100644
---- a/lib/_pkcs11h-core.h
-+++ b/lib/_pkcs11h-core.h
-@@ -120,12 +120,14 @@ struct _pkcs11h_provider_s {
-
- CK_FUNCTION_LIST_PTR f;
- PKCS11H_BOOL should_finalize;
-+ const char* provider_location;
- PKCS11H_BOOL allow_protected_auth;
- PKCS11H_BOOL cert_is_private;
- unsigned mask_private_mode;
- unsigned mask_decrypt_mode;
- unsigned slot_event_method;
- unsigned slot_poll_interval;
-+ CK_C_INITIALIZE_ARGS_PTR init_args;
-
- #if defined(ENABLE_PKCS11H_SLOTEVENT)
- _pkcs11h_thread_t slotevent_thread;
-diff --git a/lib/_pkcs11h-crypto-mbedtls.c b/lib/_pkcs11h-crypto-mbedtls.c
-index c4f80fe..05bcb6f 100644
---- a/lib/_pkcs11h-crypto-mbedtls.c
-+++ b/lib/_pkcs11h-crypto-mbedtls.c
-@@ -53,12 +53,7 @@
- #include "_pkcs11h-crypto.h"
-
- #if defined(ENABLE_PKCS11H_ENGINE_MBEDTLS)
--#ifdef HAVE_MBEDTLS_X509_CRT_H
--#include <mbedtls/compat-1.3.h>
- #include <mbedtls/x509_crt.h>
--#else
--#include <polarssl/x509_crt.h>
--#endif
-
- static
- int
-@@ -88,7 +83,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_expiration (
- IN const size_t blob_size,
- OUT time_t * const expiration
- ) {
-- x509_crt x509;
-+ mbedtls_x509_crt x509;
-
- (void)global_data;
-
-@@ -99,11 +94,11 @@ __pkcs11h_crypto_mbedtls_certificate_get_expiration (
- *expiration = (time_t)0;
-
- memset(&x509, 0, sizeof(x509));
-- if (0 != x509_crt_parse (&x509, blob, blob_size)) {
-+ if (0 != mbedtls_x509_crt_parse (&x509, blob, blob_size)) {
- goto cleanup;
- }
-
-- if (0 == x509_time_expired(&x509.valid_to)) {
-+ if (0 == mbedtls_x509_time_is_past(&x509.valid_to)) {
- struct tm tm1;
-
- memset (&tm1, 0, sizeof (tm1));
-@@ -120,7 +115,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_expiration (
-
- cleanup:
-
-- x509_crt_free(&x509);
-+ mbedtls_x509_crt_free(&x509);
-
- return *expiration != (time_t)0;
- }
-@@ -134,7 +129,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_dn (
- OUT char * const dn,
- IN const size_t dn_max
- ) {
-- x509_crt x509;
-+ mbedtls_x509_crt x509;
- int ret = FALSE;
-
- (void)global_data;
-@@ -147,11 +142,11 @@ __pkcs11h_crypto_mbedtls_certificate_get_dn (
- dn[0] = '\x0';
-
- memset(&x509, 0, sizeof(x509));
-- if (0 != x509_crt_parse (&x509, blob, blob_size)) {
-+ if (0 != mbedtls_x509_crt_parse (&x509, blob, blob_size)) {
- goto cleanup;
- }
-
-- if (-1 == x509_dn_gets(dn, dn_max, &x509.subject)) {
-+ if (-1 == mbedtls_x509_dn_gets(dn, dn_max, &x509.subject)) {
- goto cleanup;
- }
-
-@@ -159,7 +154,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_dn (
-
- cleanup:
-
-- x509_crt_free(&x509);
-+ mbedtls_x509_crt_free(&x509);
-
- return ret;
- }
-@@ -173,8 +168,8 @@ __pkcs11h_crypto_mbedtls_certificate_is_issuer (
- IN const unsigned char * const cert_blob,
- IN const size_t cert_blob_size
- ) {
-- x509_crt x509_issuer;
-- x509_crt x509_cert;
-+ mbedtls_x509_crt x509_issuer;
-+ mbedtls_x509_crt x509_cert;
- uint32_t verify_flags = 0;
-
- PKCS11H_BOOL is_issuer = FALSE;
-@@ -186,23 +181,23 @@ __pkcs11h_crypto_mbedtls_certificate_is_issuer (
- _PKCS11H_ASSERT (cert_blob!=NULL);
-
- memset(&x509_issuer, 0, sizeof(x509_issuer));
-- if (0 != x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
-+ if (0 != mbedtls_x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
- goto cleanup;
- }
-
- memset(&x509_cert, 0, sizeof(x509_cert));
-- if (0 != x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
-+ if (0 != mbedtls_x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
- goto cleanup;
- }
-
-- if ( 0 == x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
-+ if ( 0 == mbedtls_x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
- &verify_flags, NULL, NULL )) {
- is_issuer = TRUE;
- }
-
- cleanup:
-- x509_crt_free(&x509_cert);
-- x509_crt_free(&x509_issuer);
-+ mbedtls_x509_crt_free(&x509_cert);
-+ mbedtls_x509_crt_free(&x509_issuer);
-
- return is_issuer;
- }
-diff --git a/lib/_pkcs11h-crypto-nss.c b/lib/_pkcs11h-crypto-nss.c
-index 4b70e82..f57f9e6 100644
---- a/lib/_pkcs11h-crypto-nss.c
-+++ b/lib/_pkcs11h-crypto-nss.c
-@@ -48,15 +48,21 @@
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
--#include "common.h"
--
--#include "_pkcs11h-crypto.h"
-+#ifdef HAVE_CONFIG_H
-+#include <config.h>
-+#endif
-
- #if defined(ENABLE_PKCS11H_ENGINE_NSS)
--#define _PKCS11T_H_ /* required so no conflict with ours */
- #include <nss.h>
- #include <cert.h>
-
-+/* Use PKCS#11 of nss to avoid conflicts and make nss happy with its own extensions */
-+#define PKCS11_H 1
-+
-+#include "common.h"
-+
-+#include "_pkcs11h-crypto.h"
-+
- static
- int
- __pkcs11h_crypto_nss_initialize (
-diff --git a/lib/certificate.exports b/lib/certificate.exports
-index be09438..5f21bc7 100644
---- a/lib/certificate.exports
-+++ b/lib/certificate.exports
-@@ -1,5 +1,9 @@
- pkcs11h_certificate_create
- pkcs11h_certificate_decrypt
-+pkcs11h_certificate_decrypt
-+pkcs11h_certificate_decryptAny
-+pkcs11h_certificate_decryptAny_ex
-+pkcs11h_certificate_decrypt_ex
- pkcs11h_certificate_deserializeCertificateId
- pkcs11h_certificate_duplicateCertificateId
- pkcs11h_certificate_ensureCertificateAccess
-@@ -21,7 +25,9 @@ pkcs11h_certificate_setPromptMask
- pkcs11h_certificate_setUserData
- pkcs11h_certificate_sign
- pkcs11h_certificate_signAny
-+pkcs11h_certificate_signAny_ex
- pkcs11h_certificate_signRecover
--pkcs11h_certificate_decrypt
-+pkcs11h_certificate_signRecover_ex
-+pkcs11h_certificate_sign_ex
- pkcs11h_certificate_unwrap
--pkcs11h_certificate_decryptAny
-+pkcs11h_certificate_unwrap_ex
-diff --git a/lib/common.h b/lib/common.h
-index 61a958a..2499e9c 100644
---- a/lib/common.h
-+++ b/lib/common.h
-@@ -72,5 +72,12 @@
-
- #define _PKCS11H_ASSERT assert
-
-+#ifndef FALSE
-+#define FALSE 0
-+#endif
-+#ifndef TRUE
-+#define TRUE 1
-+#endif
-+
- #endif
-
-diff --git a/lib/core.exports b/lib/core.exports
-index 32b9d54..79a3809 100644
---- a/lib/core.exports
-+++ b/lib/core.exports
-@@ -7,15 +7,19 @@ pkcs11h_getLogLevel
- pkcs11h_getMessage
- pkcs11h_getVersion
- pkcs11h_initialize
--pkcs11h_terminate
-+pkcs11h_initializeProvider
-+pkcs11h_logout
- pkcs11h_plugAndPlay
-+pkcs11h_registerProvider
- pkcs11h_removeProvider
--pkcs11h_logout
-+pkcs11h_setForkMode
- pkcs11h_setLogHook
- pkcs11h_setLogLevel
--pkcs11h_setForkMode
- pkcs11h_setMaxLoginRetries
- pkcs11h_setPINCachePeriod
- pkcs11h_setPINPromptHook
- pkcs11h_setProtectedAuthentication
-+pkcs11h_setProviderProperty
-+pkcs11h_setProviderPropertyByName
- pkcs11h_setTokenPromptHook
-+pkcs11h_terminate
-diff --git a/lib/openssl.exports b/lib/openssl.exports
-index d2be4d0..efaaaa3 100644
---- a/lib/openssl.exports
-+++ b/lib/openssl.exports
-@@ -2,7 +2,7 @@ pkcs11h_openssl_createSession
- pkcs11h_openssl_freeSession
- pkcs11h_openssl_getCleanupHook
- pkcs11h_openssl_getX509
--pkcs11h_openssl_session_getRSA
- pkcs11h_openssl_session_getEVP
-+pkcs11h_openssl_session_getRSA
- pkcs11h_openssl_session_getX509
- pkcs11h_openssl_setCleanupHook
-diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
-index 92a3c45..a686fb4 100644
---- a/lib/pkcs11h-certificate.c
-+++ b/lib/pkcs11h-certificate.c
-@@ -73,7 +73,7 @@ CK_RV
- __pkcs11h_certificate_doPrivateOperation (
- IN const pkcs11h_certificate_t certificate,
- IN const enum __pkcs11h_private_op_e op,
-- IN const CK_MECHANISM_TYPE mech_type,
-+ IN const CK_MECHANISM * const mech,
- IN const unsigned char * const source,
- IN const size_t source_size,
- OUT unsigned char * const target,
-@@ -777,7 +777,7 @@ CK_RV
- __pkcs11h_certificate_doPrivateOperation (
- IN const pkcs11h_certificate_t certificate,
- IN const enum __pkcs11h_private_op_e op,
-- IN const CK_MECHANISM_TYPE mech_type,
-+ IN const CK_MECHANISM * const mech,
- IN const unsigned char * const source,
- IN const size_t source_size,
- OUT unsigned char * const target,
-@@ -786,9 +786,6 @@ __pkcs11h_certificate_doPrivateOperation (
- #if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
- #endif
-- CK_MECHANISM mech = {
-- mech_type, NULL, 0
-- };
-
- /* CK_BBOOL wrap_attrs_false = CK_FALSE; */
- CK_BBOOL wrap_attrs_true = CK_TRUE;
-@@ -812,6 +809,7 @@ __pkcs11h_certificate_doPrivateOperation (
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-@@ -821,7 +819,7 @@ __pkcs11h_certificate_doPrivateOperation (
- "PKCS#11: __pkcs11h_certificate_doPrivateOperation entry certificate=%p, op=%d, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
- op,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -851,28 +849,28 @@ __pkcs11h_certificate_doPrivateOperation (
- case __pkcs11h_private_op_sign:
- rv = certificate->session->provider->f->C_SignInit (
- certificate->session->session_handle,
-- &mech,
-+ (CK_MECHANISM*)mech,
- certificate->key_handle
- );
- break;
- case __pkcs11h_private_op_sign_recover:
- rv = certificate->session->provider->f->C_SignRecoverInit (
- certificate->session->session_handle,
-- &mech,
-+ (CK_MECHANISM*)mech,
- certificate->key_handle
- );
- break;
- case __pkcs11h_private_op_decrypt:
- rv = certificate->session->provider->f->C_DecryptInit (
- certificate->session->session_handle,
-- &mech,
-+ (CK_MECHANISM*)mech,
- certificate->key_handle
- );
- break;
- case __pkcs11h_private_op_unwrap:
- rv = certificate->session->provider->f->C_UnwrapKey (
- certificate->session->session_handle,
-- &mech,
-+ (CK_MECHANISM*)mech,
- certificate->key_handle,
- (CK_BYTE_PTR)source,
- source_size,
-@@ -1304,21 +1302,42 @@ pkcs11h_certificate_sign (
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-+) {
-+ CK_MECHANISM mech = {mech_type, NULL, 0};
-+ return pkcs11h_certificate_sign_ex (
-+ certificate,
-+ &mech,
-+ source,
-+ source_size,
-+ target,
-+ p_target_size
-+ );
-+}
-+
-+CK_RV
-+pkcs11h_certificate_sign_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
- ) {
- CK_RV rv = CKR_FUNCTION_FAILED;
-
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_certificate_sign entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
-+ "PKCS#11: pkcs11h_certificate_sign_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -1333,7 +1352,7 @@ pkcs11h_certificate_sign (
- (rv = __pkcs11h_certificate_doPrivateOperation (
- certificate,
- __pkcs11h_private_op_sign,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1366,21 +1385,42 @@ pkcs11h_certificate_signRecover (
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-+) {
-+ CK_MECHANISM mech = {mech_type, NULL, 0};
-+ return pkcs11h_certificate_signRecover_ex (
-+ certificate,
-+ &mech,
-+ source,
-+ source_size,
-+ target,
-+ p_target_size
-+ );
-+}
-+
-+CK_RV
-+pkcs11h_certificate_signRecover_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
- ) {
- CK_RV rv = CKR_FUNCTION_FAILED;
-
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_certificate_signRecover entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
-+ "PKCS#11: pkcs11h_certificate_signRecover_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -1395,7 +1435,7 @@ pkcs11h_certificate_signRecover (
- (rv = __pkcs11h_certificate_doPrivateOperation (
- certificate,
- __pkcs11h_private_op_sign_recover,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1428,21 +1468,42 @@ pkcs11h_certificate_decrypt (
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-+) {
-+ CK_MECHANISM mech = {mech_type, NULL, 0};
-+ return pkcs11h_certificate_decrypt_ex (
-+ certificate,
-+ &mech,
-+ source,
-+ source_size,
-+ target,
-+ p_target_size
-+ );
-+}
-+
-+CK_RV
-+pkcs11h_certificate_decrypt_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
- ) {
- CK_RV rv = CKR_FUNCTION_FAILED;
-
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_certificate_decrypt entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
-+ "PKCS#11: pkcs11h_certificate_decrypt_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -1457,7 +1518,7 @@ pkcs11h_certificate_decrypt (
- (rv = __pkcs11h_certificate_doPrivateOperation (
- certificate,
- __pkcs11h_private_op_decrypt,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1490,21 +1551,42 @@ pkcs11h_certificate_unwrap (
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-+) {
-+ CK_MECHANISM mech = {mech_type, NULL, 0};
-+ return pkcs11h_certificate_unwrap_ex (
-+ certificate,
-+ &mech,
-+ source,
-+ source_size,
-+ target,
-+ p_target_size
-+ );
-+}
-+
-+CK_RV
-+pkcs11h_certificate_unwrap_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
- ) {
- CK_RV rv = CKR_FUNCTION_FAILED;
-
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_certificate_unwrap entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
-+ "PKCS#11: pkcs11h_certificate_unwrap_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -1519,7 +1601,7 @@ pkcs11h_certificate_unwrap (
- (rv = __pkcs11h_certificate_doPrivateOperation (
- certificate,
- __pkcs11h_private_op_unwrap,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1552,6 +1634,26 @@ pkcs11h_certificate_signAny (
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-+) {
-+ CK_MECHANISM mech = {mech_type, NULL, 0};
-+ return pkcs11h_certificate_signAny_ex (
-+ certificate,
-+ &mech,
-+ source,
-+ source_size,
-+ target,
-+ p_target_size
-+ );
-+}
-+
-+CK_RV
-+pkcs11h_certificate_signAny_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM *mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
- ) {
- CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_BOOL acked = FALSE;
-@@ -1559,15 +1661,16 @@ pkcs11h_certificate_signAny (
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_certificate_signAny entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
-+ "PKCS#11: pkcs11h_certificate_signAny_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -1590,9 +1693,9 @@ pkcs11h_certificate_signAny (
- (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_SIGN) != 0
- ) {
- switch (
-- (rv = pkcs11h_certificate_sign (
-+ (rv = pkcs11h_certificate_sign_ex (
- certificate,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1617,9 +1720,9 @@ pkcs11h_certificate_signAny (
- (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_RECOVER) != 0
- ) {
- switch (
-- (rv = pkcs11h_certificate_signRecover (
-+ (rv = pkcs11h_certificate_signRecover_ex (
- certificate,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1667,6 +1770,26 @@ pkcs11h_certificate_decryptAny (
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-+) {
-+ CK_MECHANISM mech = {mech_type, NULL, 0};
-+ return pkcs11h_certificate_decryptAny_ex (
-+ certificate,
-+ &mech,
-+ source,
-+ source_size,
-+ target,
-+ p_target_size
-+ );
-+}
-+
-+CK_RV
-+pkcs11h_certificate_decryptAny_ex (
-+ IN const pkcs11h_certificate_t certificate,
-+ IN const CK_MECHANISM * const mech,
-+ IN const unsigned char * const source,
-+ IN const size_t source_size,
-+ OUT unsigned char * const target,
-+ IN OUT size_t * const p_target_size
- ) {
- CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_BOOL acked = FALSE;
-@@ -1674,15 +1797,16 @@ pkcs11h_certificate_decryptAny (
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- _PKCS11H_ASSERT (certificate!=NULL);
-+ _PKCS11H_ASSERT (mech!=NULL);
- _PKCS11H_ASSERT (source!=NULL);
- /*_PKCS11H_ASSERT (target); NOT NEEDED*/
- _PKCS11H_ASSERT (p_target_size!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_certificate_decryptAny entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
-+ "PKCS#11: pkcs11h_certificate_decryptAny_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
- (void *)certificate,
-- mech_type,
-+ mech->mechanism,
- source,
- source_size,
- target,
-@@ -1704,9 +1828,9 @@ pkcs11h_certificate_decryptAny (
- (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_DECRYPT) != 0
- ) {
- switch (
-- pkcs11h_certificate_decrypt (
-+ pkcs11h_certificate_decrypt_ex (
- certificate,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-@@ -1731,9 +1855,9 @@ pkcs11h_certificate_decryptAny (
- (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_UNWRAP) != 0
- ) {
- switch (
-- pkcs11h_certificate_unwrap (
-+ pkcs11h_certificate_unwrap_ex (
- certificate,
-- mech_type,
-+ mech,
- source,
- source_size,
- target,
-diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
-index 640fc03..f2ec527 100644
---- a/lib/pkcs11h-core.c
-+++ b/lib/pkcs11h-core.c
-@@ -117,6 +117,9 @@ CK_RV
- __pkcs11h_forkFixup ();
- #endif
-
-+static
-+_pkcs11h_provider_t
-+__pkcs11h_get_pkcs11_provider(const char * const reference);
-
- /*==========================================
- * Data
-@@ -125,6 +128,17 @@ __pkcs11h_forkFixup ();
- _pkcs11h_data_t _g_pkcs11h_data = NULL;
- unsigned int _g_pkcs11h_loglevel = PKCS11H_LOG_INFO;
-
-+static const char * __pkcs11h_provider_preperty_names[] = {
-+ "location",
-+ "allow_protected_auth",
-+ "mask_private_mode",
-+ "slot_event_method",
-+ "slot_poll_interval",
-+ "cert_is_private",
-+ "init_args",
-+ NULL
-+};
-+
- /*======================================================================*
- * PUBLIC INTERFACE
- *======================================================================*/
-@@ -288,6 +302,13 @@ pkcs11h_initialize (void) {
-
- pkcs11h_terminate ();
-
-+ _PKCS11H_ASSERT (
-+ (
-+ sizeof(__pkcs11h_provider_preperty_names) /
-+ sizeof(*__pkcs11h_provider_preperty_names)
-+ ) == _PKCS11H_PROVIDER_PROPERTY_LAST + 1
-+ );
-+
- if ((rv = _pkcs11h_mem_malloc ((void*)&data, sizeof (struct _pkcs11h_data_s))) != CKR_OK) {
- goto cleanup;
- }
-@@ -650,6 +671,373 @@ pkcs11h_addProvider (
- IN const unsigned slot_event_method,
- IN const unsigned slot_poll_interval,
- IN const PKCS11H_BOOL cert_is_private
-+) {
-+ CK_RV rv;
-+
-+ if ((rv = pkcs11h_registerProvider(reference)) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_LOCATION, provider_location, strlen(provider_location) + 1)) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, sizeof(allow_protected_auth))) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &mask_private_mode, sizeof(mask_private_mode))) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD, &slot_event_method, sizeof(slot_event_method))) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL, &slot_poll_interval, sizeof(slot_poll_interval))) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private))) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ if ((rv = pkcs11h_initializeProvider(reference)) != CKR_OK) {
-+ goto cleanup;
-+ }
-+
-+cleanup:
-+
-+ if (rv != CKR_OK) {
-+ pkcs11h_removeProvider(reference);
-+ }
-+
-+ return rv;
-+}
-+
-+CK_RV
-+pkcs11h_registerProvider (
-+ IN const char * const reference
-+) {
-+ _pkcs11h_provider_t provider = NULL;
-+ CK_RV rv = CKR_FUNCTION_FAILED;
-+
-+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
-+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG2,
-+ "PKCS#11: pkcs11h_registerProvider entry version='%s', reference='%s'",
-+ PACKAGE_VERSION,
-+ reference
-+ );
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Register provider '%s'",
-+ reference
-+ );
-+
-+ if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) {
-+ goto cleanup;
-+ }
-+
-+ if (strlen(reference) + 1 > sizeof(provider->reference)) {
-+ goto cleanup;
-+ }
-+ strcpy (
-+ provider->reference,
-+ reference
-+ );
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG2,
-+ "PKCS#11: pkcs11h_registerProvider Provider '%s'",
-+ reference
-+ );
-+
-+#if defined(ENABLE_PKCS11H_THREADING)
-+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
-+ goto cleanup;
-+ }
-+#endif
-+
-+ if (_g_pkcs11h_data->providers == NULL) {
-+ _g_pkcs11h_data->providers = provider;
-+ }
-+ else {
-+ _pkcs11h_provider_t last = NULL;
-+
-+ for (
-+ last = _g_pkcs11h_data->providers;
-+ last->next != NULL;
-+ last = last->next
-+ );
-+ last->next = provider;
-+ }
-+
-+#if defined(ENABLE_PKCS11H_THREADING)
-+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
-+#endif
-+
-+ rv = CKR_OK;
-+
-+cleanup:
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Provider '%s' registered rv=%lu-'%s'",
-+ reference,
-+ rv,
-+ pkcs11h_getMessage (rv)
-+ );
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG2,
-+ "PKCS#11: pkcs11h_registerProvider return rv=%lu-'%s'",
-+ rv,
-+ pkcs11h_getMessage (rv)
-+ );
-+
-+ return rv;
-+}
-+
-+CK_RV
-+pkcs11h_setProviderPropertyByName (
-+ IN const char * const reference,
-+ IN const char * const property_str,
-+ IN const char * const value_str
-+) {
-+ char value[1024];
-+ size_t value_size;
-+ unsigned property;
-+ CK_RV rv = CKR_FUNCTION_FAILED;
-+ const char **s;
-+
-+ property = 0;
-+ for (s = __pkcs11h_provider_preperty_names; *s != NULL && strcmp(property_str, *s); s++) {
-+ property++;
-+ }
-+ if (*s == NULL) {
-+ goto cleanup;
-+ }
-+
-+ switch(property) {
-+ default:
-+ goto cleanup;
-+ case PKCS11H_PROVIDER_PROPERTY_LOCATION:
-+ value_size = strlen(value_str) + 1;
-+ if (value_size > sizeof(value)) {
-+ goto cleanup;
-+ }
-+ strcpy(value, value_str);
-+ break;
-+ case PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD:
-+ case PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE:
-+ case PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL:
-+ *(unsigned *)value = (unsigned)strtol(value_str, 0, 0);
-+ value_size = sizeof(unsigned);
-+ break;
-+ case PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH:
-+ case PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE:
-+ *(PKCS11H_BOOL *)value = (PKCS11H_BOOL)(strtol(value_str, 0, 0) != 0 ? 1 : 0);
-+ value_size = sizeof(PKCS11H_BOOL);
-+ break;
-+ case PKCS11H_PROVIDER_PROPERTY_INIT_ARGS:
-+ rv = CKR_ATTRIBUTE_TYPE_INVALID;
-+ goto cleanup;
-+ }
-+
-+ rv = pkcs11h_setProviderProperty (
-+ reference,
-+ property,
-+ value,
-+ value_size
-+ );
-+
-+cleanup:
-+
-+ return rv;
-+}
-+
-+CK_RV
-+pkcs11h_setProviderProperty (
-+ IN const char * const reference,
-+ IN const unsigned property,
-+ IN const void * value,
-+ IN const size_t value_size
-+) {
-+ _pkcs11h_provider_t provider = NULL;
-+ CK_RV rv = CKR_OK;
-+
-+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
-+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
-+ _PKCS11H_ASSERT (value!=NULL);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG2,
-+ "PKCS#11: pkcs11h_setProviderProperty entry reference='%s', property='%d'",
-+ reference,
-+ property
-+ );
-+
-+ if ((provider = __pkcs11h_get_pkcs11_provider(reference)) == NULL) {
-+ rv = CKR_OBJECT_HANDLE_INVALID;
-+ goto cleanup;
-+ }
-+
-+ switch (property) {
-+ case PKCS11H_PROVIDER_PROPERTY_LOCATION:
-+ {
-+ const char * provider_location = (const char *)value;
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s='%s'",
-+ __pkcs11h_provider_preperty_names[property],
-+ provider_location
-+ );
-+
-+ if (provider_location == NULL) {
-+ goto cleanup;
-+ }
-+
-+ if (
-+ provider->provider_location != NULL &&
-+ (rv = _pkcs11h_mem_free((void *)&provider->provider_location)) != CKR_OK
-+ ) {
-+ break;
-+ }
-+
-+ if ((rv = _pkcs11h_mem_strdup(&provider->provider_location, provider_location)) != CKR_OK) {
-+ break;
-+ }
-+
-+ strncpy (
-+ provider->manufacturerID,
-+ (
-+ strlen (provider_location) < sizeof (provider->manufacturerID) ?
-+ provider_location :
-+ provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1
-+ ),
-+ sizeof (provider->manufacturerID)-1
-+ );
-+ provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0';
-+ }
-+ break;
-+
-+ case PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH:
-+ {
-+ PKCS11H_BOOL allow_protected_auth = *(PKCS11H_BOOL*) value;
-+ _PKCS11H_ASSERT (sizeof(allow_protected_auth) == value_size);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s=%d",
-+ __pkcs11h_provider_preperty_names[property],
-+ allow_protected_auth
-+ );
-+
-+ provider->allow_protected_auth = allow_protected_auth;
-+ }
-+ break;
-+
-+ case PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE:
-+ {
-+ unsigned mask_private_mode = *(unsigned*) value;
-+ _PKCS11H_ASSERT (sizeof(mask_private_mode) == value_size);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s=0x%08x",
-+ __pkcs11h_provider_preperty_names[property],
-+ mask_private_mode
-+ );
-+
-+ provider->mask_private_mode = mask_private_mode;
-+ }
-+ break;
-+
-+ case PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD:
-+ {
-+ unsigned slot_event_method = *(unsigned*) value;
-+ _PKCS11H_ASSERT (sizeof(slot_event_method) == value_size);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s=0x%08x'",
-+ __pkcs11h_provider_preperty_names[property],
-+ slot_event_method
-+ );
-+
-+ provider->slot_event_method = slot_event_method;
-+ }
-+ break;
-+
-+ case PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL:
-+ {
-+ unsigned slot_poll_interval = *(unsigned*) value;
-+ _PKCS11H_ASSERT (sizeof(slot_poll_interval) == value_size);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s=0x%08x",
-+ __pkcs11h_provider_preperty_names[property],
-+ slot_poll_interval
-+ );
-+
-+ provider->slot_poll_interval = slot_poll_interval;
-+ }
-+ break;
-+
-+ case PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE:
-+ {
-+ PKCS11H_BOOL cert_is_private = *(PKCS11H_BOOL*) value;
-+ _PKCS11H_ASSERT (sizeof(cert_is_private) == value_size);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s=%d",
-+ __pkcs11h_provider_preperty_names[property],
-+ cert_is_private
-+ );
-+
-+ provider->cert_is_private = cert_is_private;
-+ }
-+ break;
-+
-+ case PKCS11H_PROVIDER_PROPERTY_INIT_ARGS:
-+ {
-+ CK_C_INITIALIZE_ARGS_PTR init_args = *(CK_C_INITIALIZE_ARGS_PTR*) value;
-+ _PKCS11H_ASSERT (sizeof(init_args) <= value_size);
-+
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: Setting property %s={flags: 0x%08lx}",
-+ __pkcs11h_provider_preperty_names[property],
-+ init_args->flags
-+ );
-+
-+ provider->init_args = init_args;
-+ }
-+ break;
-+
-+ default:
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_ERROR,
-+ "PKCS#11: Trying to set unknown property '%d'",
-+ property
-+ );
-+ rv = CKR_ATTRIBUTE_TYPE_INVALID;
-+ }
-+
-+cleanup:
-+ _PKCS11H_DEBUG (
-+ PKCS11H_LOG_DEBUG1,
-+ "PKCS#11: pkcs11h_setProviderProperty return rv=%lu-'%s'",
-+ rv,
-+ pkcs11h_getMessage (rv)
-+ );
-+
-+ return rv;
-+}
-+
-+CK_RV
-+pkcs11h_initializeProvider (
-+ IN const char * const reference
- ) {
- #if defined(ENABLE_PKCS11H_DEBUG)
- #if defined(_WIN32)
-@@ -664,65 +1052,36 @@ pkcs11h_addProvider (
-
- _pkcs11h_provider_t provider = NULL;
- CK_C_GetFunctionList gfl = NULL;
-- CK_C_INITIALIZE_ARGS initargs;
-- CK_C_INITIALIZE_ARGS_PTR pinitargs = NULL;
-+ CK_C_INITIALIZE_ARGS init_args;
-+ CK_C_INITIALIZE_ARGS_PTR pinit_args = NULL;
- CK_INFO info;
- CK_RV rv = CKR_FUNCTION_FAILED;
-
- _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
- _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
-- _PKCS11H_ASSERT (provider_location!=NULL);
-- /*_PKCS11H_ASSERT (szSignMode!=NULL); NOT NEEDED*/
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_addProvider entry version='%s', pid=%d, reference='%s', provider_location='%s', allow_protected_auth=%d, mask_private_mode=%08x, cert_is_private=%d",
-- PACKAGE_VERSION,
-+ "PKCS#11: pkcs11h_initializeProvider entry pid=%d, reference='%s'",
- mypid,
-- reference,
-- provider_location,
-- allow_protected_auth ? 1 : 0,
-- mask_private_mode,
-- cert_is_private ? 1 : 0
-+ reference
- );
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
-- "PKCS#11: Adding provider '%s'-'%s'",
-- reference,
-- provider_location
-+ "PKCS#11: Initializing provider '%s'",
-+ reference
- );
-
-- if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) {
-+ if ((provider = __pkcs11h_get_pkcs11_provider(reference)) == NULL) {
-+ rv = CKR_OBJECT_HANDLE_INVALID;
- goto cleanup;
- }
-
-- strncpy (
-- provider->reference,
-- reference,
-- sizeof (provider->reference)-1
-- );
-- provider->reference[sizeof (provider->reference)-1] = '\x0';
-- strncpy (
-- provider->manufacturerID,
-- (
-- strlen (provider_location) < sizeof (provider->manufacturerID) ?
-- provider_location :
-- provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1
-- ),
-- sizeof (provider->manufacturerID)-1
-- );
-- provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0';
-- provider->allow_protected_auth = allow_protected_auth;
-- provider->mask_private_mode = mask_private_mode;
-- provider->slot_event_method = slot_event_method;
-- provider->slot_poll_interval = slot_poll_interval;
-- provider->cert_is_private = cert_is_private;
--
- #if defined(_WIN32)
-- provider->handle = LoadLibraryA (provider_location);
-+ provider->handle = LoadLibraryA (provider->provider_location);
- #else
-- provider->handle = dlopen (provider_location, RTLD_NOW);
-+ provider->handle = dlopen (provider->provider_location, RTLD_NOW | RTLD_LOCAL);
- #endif
-
- if (provider->handle == NULL) {
-@@ -758,12 +1117,17 @@ pkcs11h_addProvider (
- goto cleanup;
- }
-
-- memset(&initargs, 0, sizeof(initargs));
-- if ((initargs.pReserved = getenv("PKCS11H_INIT_ARGS_RESERVED")) != NULL) {
-- pinitargs = &initargs;
-+ if (provider->init_args != NULL) {
-+ pinit_args = provider->init_args;
-+ }
-+ else {
-+ memset(&init_args, 0, sizeof(init_args));
-+ if ((init_args.pReserved = getenv("PKCS11H_INIT_ARGS_RESERVED")) != NULL) {
-+ pinit_args = &init_args;
-+ }
- }
-
-- if ((rv = provider->f->C_Initialize (pinitargs)) != CKR_OK) {
-+ if ((rv = provider->f->C_Initialize (pinit_args)) != CKR_OK) {
- if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) {
- rv = CKR_OK;
- }
-@@ -787,44 +1151,18 @@ pkcs11h_addProvider (
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_addProvider Provider '%s' manufacturerID '%s'",
-+ "PKCS#11: pkcs11h_initializeProvider Provider '%s' manufacturerID '%s'",
- reference,
- provider->manufacturerID
- );
-
- provider->enabled = TRUE;
-
--#if defined(ENABLE_PKCS11H_THREADING)
-- if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
-- goto cleanup;
-- }
--#endif
--
-- if (_g_pkcs11h_data->providers == NULL) {
-- _g_pkcs11h_data->providers = provider;
-- }
-- else {
-- _pkcs11h_provider_t last = NULL;
--
-- for (
-- last = _g_pkcs11h_data->providers;
-- last->next != NULL;
-- last = last->next
-- );
-- last->next = provider;
-- }
--
-- provider = NULL;
--
--#if defined(ENABLE_PKCS11H_THREADING)
-- _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
--#endif
--
- rv = CKR_OK;
-
- cleanup:
-
-- if (provider != NULL) {
-+ if (provider != NULL && !provider->enabled) {
- if (provider->handle != NULL) {
- #if defined(_WIN32)
- FreeLibrary (provider->handle);
-@@ -833,26 +1171,16 @@ cleanup:
- #endif
- provider->handle = NULL;
- }
--
-- _pkcs11h_mem_free ((void *)&provider);
-- provider = NULL;
- }
-
-+
- #if defined(ENABLE_PKCS11H_SLOTEVENT)
- _pkcs11h_slotevent_notify ();
- #endif
-
-- _PKCS11H_DEBUG (
-- PKCS11H_LOG_DEBUG1,
-- "PKCS#11: Provider '%s' added rv=%lu-'%s'",
-- reference,
-- rv,
-- pkcs11h_getMessage (rv)
-- );
--
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
-- "PKCS#11: pkcs11h_addProvider return rv=%lu-'%s'",
-+ "PKCS#11: pkcs11h_initializeProvider return rv=%lu-'%s'",
- rv,
- pkcs11h_getMessage (rv)
- );
-@@ -913,15 +1241,7 @@ pkcs11h_removeProvider (
- }
- #endif
-
-- provider = _g_pkcs11h_data->providers;
-- while (
-- provider != NULL &&
-- strcmp (reference, provider->reference)
-- ) {
-- provider = provider->next;
-- }
--
-- if (provider != NULL) {
-+ if ((provider = __pkcs11h_get_pkcs11_provider(reference)) != NULL) {
- provider->enabled = FALSE;
- }
-
-@@ -966,6 +1286,10 @@ free1:
- provider->should_finalize = FALSE;
- }
-
-+ if (provider->provider_location != NULL) {
-+ _pkcs11h_mem_free((void *)&provider->provider_location);
-+ }
-+
- #if defined(ENABLE_PKCS11H_SLOTEVENT)
- _pkcs11h_slotevent_notify ();
-
-@@ -1345,3 +1669,10 @@ __pkcs11h_forkFixup () {
-
- #endif /* !WIN32 */
-
-+static
-+_pkcs11h_provider_t
-+__pkcs11h_get_pkcs11_provider(const char * const reference) {
-+ _pkcs11h_provider_t provider;
-+ for (provider = _g_pkcs11h_data->providers;provider != NULL && strcmp (reference, provider->reference); provider = provider->next);
-+ return provider;
-+}
-diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c
-index 9c9b2cd..78bb7fc 100644
---- a/lib/pkcs11h-openssl.c
-+++ b/lib/pkcs11h-openssl.c
-@@ -474,9 +474,6 @@ __pkcs11h_openssl_rsa_dec (
- case RSA_PKCS1_OAEP_PADDING:
- mech = CKM_RSA_PKCS_OAEP;
- break;
-- case RSA_SSLV23_PADDING:
-- rv = CKR_MECHANISM_INVALID;
-- break;
- case RSA_NO_PADDING:
- mech = CKM_RSA_X_509;
- break;
-@@ -713,6 +710,7 @@ __pkcs11h_openssl_dsa_do_sign(
- OUT DSA *dsa
- ) {
- pkcs11h_certificate_t certificate = __pkcs11h_openssl_dsa_get_pkcs11h_certificate (dsa);
-+ PKCS11H_BOOL session_locked = FALSE;
- unsigned char *sigbuf = NULL;
- size_t siglen;
- DSA_SIG *sig = NULL;
-@@ -733,6 +731,11 @@ __pkcs11h_openssl_dsa_do_sign(
- _PKCS11H_ASSERT (dsa!=NULL);
- _PKCS11H_ASSERT (certificate!=NULL);
-
-+ if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ session_locked = TRUE;
-+
- if (
- (rv = pkcs11h_certificate_signAny (
- certificate,
-@@ -789,6 +792,11 @@ __pkcs11h_openssl_dsa_do_sign(
-
- cleanup:
-
-+ if (session_locked) {
-+ pkcs11h_certificate_releaseSession (certificate);
-+ session_locked = FALSE;
-+ }
-+
- if (sigbuf != NULL) {
- _pkcs11h_mem_free ((void *)&sigbuf);
- }
-@@ -890,6 +898,7 @@ __pkcs11h_openssl_eckey_do_sign(
- OUT EC_KEY *ec
- ) {
- pkcs11h_certificate_t certificate = __pkcs11h_openssl_eckey_get_pkcs11h_certificate (ec);
-+ PKCS11H_BOOL session_locked = FALSE;
- unsigned char *sigbuf = NULL;
- size_t siglen;
- ECDSA_SIG *sig = NULL;
-@@ -914,6 +923,11 @@ __pkcs11h_openssl_eckey_do_sign(
- _PKCS11H_ASSERT (ec!=NULL);
- _PKCS11H_ASSERT (certificate!=NULL);
-
-+ if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) {
-+ goto cleanup;
-+ }
-+ session_locked = TRUE;
-+
- if (
- (rv = pkcs11h_certificate_signAny (
- certificate,
-@@ -974,6 +988,11 @@ __pkcs11h_openssl_eckey_do_sign(
-
- cleanup:
-
-+ if (session_locked) {
-+ pkcs11h_certificate_releaseSession (certificate);
-+ session_locked = FALSE;
-+ }
-+
- if (sigbuf != NULL) {
- _pkcs11h_mem_free ((void *)&sigbuf);
- }
-@@ -1465,7 +1484,7 @@ pkcs11h_openssl_session_getEVP (
- }
- }
- #endif
--#ifndef OPENSSL_NO_RSA
-+#ifndef OPENSSL_NO_DSA
- else if (EVP_PKEY_id (evp) == EVP_PKEY_DSA) {
- if (!__pkcs11h_openssl_session_setDSA(openssl_session, evp)) {
- goto cleanup;
-diff --git a/tests/test-basic/Makefile.am b/tests/test-basic/Makefile.am
-index 0f63c27..29494e1 100644
---- a/tests/test-basic/Makefile.am
-+++ b/tests/test-basic/Makefile.am
-@@ -50,8 +50,13 @@
-
- MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
-
--TESTS=test-basic
--noinst_PROGRAMS=test-basic
-+MY_TESTS = \
-+ test-basic \
-+ test-basic2 \
-+ $(NULL)
-+
-+TESTS=$(MY_TESTS)
-+noinst_PROGRAMS=$(MY_TESTS)
-
- AM_CPPFLAGS= \
- -I$(top_srcdir)/include \
-@@ -60,3 +65,4 @@ LDADD= \
- $(top_builddir)/lib/libpkcs11-helper.la
-
- test_basic_SOURCES=test-basic.c
-+test_basic2_SOURCES=test-basic2.c
-diff --git a/tests/test-basic/test-basic.c b/tests/test-basic/test-basic.c
-index 9eee3aa..51e79ab 100644
---- a/tests/test-basic/test-basic.c
-+++ b/tests/test-basic/test-basic.c
-@@ -47,13 +47,13 @@ int main () {
-
- if (
- (rv = pkcs11h_addProvider (
-+ "reference1",
- TEST_PROVIDER,
-- TEST_PROVIDER,
-- FALSE,
-- PKCS11H_PRIVATEMODE_MASK_AUTO,
-- PKCS11H_SLOTEVENT_METHOD_AUTO,
-- 0,
-- FALSE
-+ TRUE,
-+ PKCS11H_PRIVATEMODE_MASK_DECRYPT,
-+ PKCS11H_SLOTEVENT_METHOD_POLL,
-+ 0x55,
-+ TRUE
- )) != CKR_OK
- ) {
- fatal ("pkcs11h_addProvider failed", rv);
-diff --git a/tests/test-basic/test-basic2.c b/tests/test-basic/test-basic2.c
-new file mode 100644
-index 0000000..394c9e0
---- /dev/null
-+++ b/tests/test-basic/test-basic2.c
-@@ -0,0 +1,110 @@
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include "../../config.h"
-+#include <pkcs11-helper-1.0/pkcs11h-core.h>
-+
-+static
-+void
-+fatal (const char * const m, CK_RV rv) {
-+ fprintf (stderr, "%s - %08lu - %s\n", m, rv, pkcs11h_getMessage (rv));
-+ exit (1);
-+}
-+
-+static
-+void
-+_pkcs11h_hooks_log (
-+ IN void * const global_data,
-+ IN unsigned flags,
-+ IN const char * const format,
-+ IN va_list args
-+) {
-+ vfprintf (stdout, format, args);
-+ fprintf (stdout, "\n");
-+ fflush (stdout);
-+}
-+
-+int main () {
-+ struct {
-+ char *p;
-+ char *v;
-+ } props[] = {
-+ {"location", TEST_PROVIDER},
-+ {"allow_protected_auth", "1"},
-+ {"mask_private_mode", "2"},
-+ {"slot_event_method", "3"},
-+ {"slot_poll_interval", "0x55"},
-+ {"cert_is_private", "1"},
-+ {NULL, NULL}
-+ }, *p;
-+
-+ const char * reference = "reference1";
-+ CK_C_INITIALIZE_ARGS init_args;
-+ CK_C_INITIALIZE_ARGS_PTR init_args_ptr = &init_args;
-+ CK_RV rv;
-+
-+ printf ("Version: %08x\n", pkcs11h_getVersion ());
-+ printf ("Features: %08x\n", pkcs11h_getFeatures ());
-+
-+ printf ("Initializing pkcs11-helper\n");
-+
-+ if ((rv = pkcs11h_initialize ()) != CKR_OK) {
-+ fatal ("pkcs11h_initialize failed", rv);
-+ }
-+
-+ printf ("Registering pkcs11-helper hooks\n");
-+
-+ if ((rv = pkcs11h_setLogHook (_pkcs11h_hooks_log, NULL)) != CKR_OK) {
-+ fatal ("pkcs11h_setLogHook failed", rv);
-+ }
-+
-+ pkcs11h_setLogLevel (TEST_LOG_LEVEL);
-+
-+ printf ("Registering provider '%s'\n", TEST_PROVIDER);
-+ if ((rv = pkcs11h_registerProvider (reference)) != CKR_OK) {
-+ fatal ("pkcs11h_registerProvider failed", rv);
-+ }
-+
-+ for (p = props; p->p != NULL; p++) {
-+ printf("Setting property '%s'='%s'\n", p->p, p->v);
-+ if (
-+ (rv = pkcs11h_setProviderPropertyByName (
-+ reference,
-+ p->p,
-+ p->v
-+ )) != CKR_OK
-+ ) {
-+ fatal ("pkcs11h_setProviderPropertyByName failed", rv);
-+ }
-+ }
-+
-+ memset(&init_args, 0, sizeof(init_args));
-+ init_args.flags = CKF_OS_LOCKING_OK;
-+ if (
-+ (rv = pkcs11h_setProviderProperty (
-+ reference,
-+ PKCS11H_PROVIDER_PROPERTY_INIT_ARGS,
-+ &init_args_ptr,
-+ sizeof(init_args_ptr)
-+ )) != CKR_OK
-+ ) {
-+ fatal ("pkcs11h_setProviderProperty failed for PKCS11H_PROVIDER_PROPERTY_INIT_ARGS", rv);
-+ }
-+
-+ if ((rv = pkcs11h_initializeProvider (reference)) != CKR_OK) {
-+ fatal ("pkcs11h_initializeProvider failed", rv);
-+ }
-+
-+ if ((rv = pkcs11h_removeProvider (reference)) != CKR_OK) {
-+ fatal ("pkcs11h_initializeProvider failed", rv);
-+ }
-+
-+ printf ("Terminating pkcs11-helper\n");
-+
-+ if ((rv = pkcs11h_terminate ()) != CKR_OK) {
-+ fatal ("pkcs11h_terminate failed", rv);
-+ }
-+
-+ exit (0);
-+ return 0;
-+}
-diff --git a/tests/test-certificate/Makefile.am b/tests/test-certificate/Makefile.am
-index 2caa3de..11ee924 100644
---- a/tests/test-certificate/Makefile.am
-+++ b/tests/test-certificate/Makefile.am
-@@ -50,8 +50,12 @@
-
- MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
-
--TESTS=test-certificate
--noinst_PROGRAMS=test-certificate
-+MY_TESTS = \
-+ test-certificate \
-+ $(NULL)
-+
-+TESTS=$(MY_TESTS)
-+noinst_PROGRAMS=$(MY_TESTS)
-
- AM_CPPFLAGS= \
- -I$(top_srcdir)/include \
-diff --git a/tests/test-fork/Makefile.am b/tests/test-fork/Makefile.am
-index 48992f2..51c8707 100644
---- a/tests/test-fork/Makefile.am
-+++ b/tests/test-fork/Makefile.am
-@@ -50,8 +50,12 @@
-
- MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
-
--TESTS=test-fork
--noinst_PROGRAMS=test-fork
-+MY_TESTS = \
-+ test-fork \
-+ $(NULL)
-+
-+TESTS=$(MY_TESTS)
-+noinst_PROGRAMS=$(MY_TESTS)
-
- AM_CPPFLAGS= \
- -I$(top_srcdir)/include \
-diff --git a/tests/test-openssl/Makefile.am b/tests/test-openssl/Makefile.am
-index ef27ef3..9c2b5dd 100644
---- a/tests/test-openssl/Makefile.am
-+++ b/tests/test-openssl/Makefile.am
-@@ -50,8 +50,12 @@
-
- MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
-
--TESTS=test-openssl
--noinst_PROGRAMS=test-openssl
-+MY_TESTS = \
-+ test-openssl \
-+ $(NULL)
-+
-+TESTS=$(MY_TESTS)
-+noinst_PROGRAMS=$(MY_TESTS)
-
- AM_CPPFLAGS= \
- -I$(top_srcdir)/include \
-diff --git a/tests/test-slotevent/Makefile.am b/tests/test-slotevent/Makefile.am
-index 5cc8acb..0016cf8 100644
---- a/tests/test-slotevent/Makefile.am
-+++ b/tests/test-slotevent/Makefile.am
-@@ -50,8 +50,12 @@
-
- MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
-
--TESTS=test-slotevent
--noinst_PROGRAMS=test-slotevent
-+MY_TESTS = \
-+ test-slotevent \
-+ $(NULL)
-+
-+TESTS=$(MY_TESTS)
-+noinst_PROGRAMS=$(MY_TESTS)
-
- AM_CPPFLAGS= \
- -I$(top_srcdir)/include \
projects / packages / pkcs11-helper.git / commitdiff