--- /dev/null
+diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml
+new file mode 100644
+index 0000000..b0f5113
+--- /dev/null
++++ b/.github/workflows/build-linux.yml
+@@ -0,0 +1,24 @@
++---
++name: build-linux
++
++on:
++ pull_request:
++ push:
++
++jobs:
++ build-linux:
++ name: build-linux
++ runs-on: ubuntu-latest
++
++ steps:
++ - uses: actions/checkout@v2
++ - name: dependencies
++ run: |
++ sudo apt install autotools-dev autoconf automake libtool libssl-dev libnss3-dev libgnutls30
++ - name: gen
++ run: |
++ autoreconf -ivf
++ - name: build
++ run: |
++ ./configure --enable-strict --enable-pedantic
++ make distcheck
+diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
+new file mode 100644
+index 0000000..2027966
+--- /dev/null
++++ b/.github/workflows/codespell.yml
+@@ -0,0 +1,17 @@
++---
++name: Codespell
++
++on:
++ pull_request:
++ push:
++
++jobs:
++ codespell:
++ name: Check for spelling errors
++ runs-on: ubuntu-latest
++
++ steps:
++ - uses: actions/checkout@v2
++ - uses: codespell-project/actions-codespell@master
++ with:
++ ignore_words_file: codespell_ignore_words.txt
+diff --git a/ChangeLog b/ChangeLog
+index 02b7d18..d7f793b 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,18 +1,34 @@
+ pkcs11-helper
+ Copyright (c) 2005-2020 Alon Bar-Lev <alon.barlev@gmail.com>
+
++????-??-?? - Version 1.28
++
++ * build: openssl: remove RSA_SSLV23_PADDING constant usage due to openssl-3
++ compatibility, thanks to t0b3.
++ * build: nss: use nss pkcs11.h, thanks to Fabrice Fontaine.
++ * build: windows: checksum in PE, thanks to Simon Rozman.
++ * build: windows: support openssl-1.1.1, thanks to Lev Stipakov.
++ * mbed: require >=mbedtls-2, mbed dropped polarssl compatibility,
++ thanks to Uipko Berghuis
++ * certificate: add methods accept full mechanism, thanks to Selva Nair.
++ * core: load provider library as private.
++ * core: add pkcs11h_initializeProvider, pkcs11h_registerProvider,
++ pkcs11h_setProviderProperty, pkcs11h_setProviderPropertyByName to
++ support adding properties without breaking API thanks to Михалицын Петр.
++ * core: add initialization arguments property, thanks for Михалицын Петр.
++
+ 2020-11-17 - Version 1.27
+
+-* core: handle PIN expiration after C_Login as C_Login may take a while
+-* core: return explict success when plugin&play and no threading and no
+- safefork, thanks to Tunnelblick
++ * core: handle PIN expiration after C_Login as C_Login may take a while
++ * core: return explicit success when plugin&play and no threading and no
++ safefork, thanks to Tunnelblick
+
+ 2020-01-21 - Version 1.26
+
+-* openssl: build with openssl ec disabled
+-* openssl: support RSA_NO_PADDING padding, thanks to Selva Nair
+-* core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner
+-* core: improve the fork fixup sequence
++ * openssl: build with openssl ec disabled
++ * openssl: support RSA_NO_PADDING padding, thanks to Selva Nair
++ * core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner
++ * core: improve the fork fixup sequence
+
+ 2018-08-16 - Version 1.25.1
+
+diff --git a/codespell_ignore_words.txt b/codespell_ignore_words.txt
+new file mode 100644
+index 0000000..10a3563
+--- /dev/null
++++ b/codespell_ignore_words.txt
+@@ -0,0 +1,7 @@
++nmake
++parms
++ro
++fo
++gost
++standarts
++nd
+diff --git a/config-w32-vc.h.in b/config-w32-vc.h.in
+index 6346f02..6d94841 100644
+--- a/config-w32-vc.h.in
++++ b/config-w32-vc.h.in
+@@ -10,7 +10,7 @@
+ /* Enable debug support */
+ #define ENABLE_PKCS11H_DEBUG 1
+
+-/* Use GNUTLS cryto engine */
++/* Use GNUTLS crypto engine */
+ /* #undef ENABLE_PKCS11H_ENGINE_GNUTLS */
+
+ /* Use OpenSSL crypto engine */
+@@ -185,3 +185,36 @@
+ #if _MSC_VER >= 1400
+ #define HAVE_CPP_VARARG_MACRO_ISO 1
+ #endif
++
++/* Define to 1 if you have the `RSA_meth_dup' function. */
++#define HAVE_RSA_METH_DUP 1
++
++/* Define to 1 if you have the `RSA_meth_free' function. */
++#define HAVE_RSA_METH_FREE 1
++
++/* Define to 1 if you have the `RSA_meth_set1_name' function. */
++#define HAVE_RSA_METH_SET1_NAME 1
++
++/* Define to 1 if you have the `RSA_meth_set_flags' function. */
++#define HAVE_RSA_METH_SET_FLAGS 1
++
++/* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */
++#define HAVE_RSA_METH_SET_PRIV_DEC 1
++
++/* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */
++#define HAVE_RSA_METH_SET_PRIV_ENC 1
++
++/* Define to 1 if you have the `DSA_meth_dup' function. */
++#define HAVE_DSA_METH_DUP 1
++
++/* Define to 1 if you have the `DSA_meth_free' function. */
++#define HAVE_DSA_METH_FREE 1
++
++/* Define to 1 if you have the `DSA_meth_set1_name' function. */
++#define HAVE_DSA_METH_SET1_NAME 1
++
++/* Define to 1 if you have the `DSA_meth_set_sign' function. */
++#define HAVE_DSA_METH_SET_SIGN 1
++
++/* Define to 1 if you have the `DSA_SIG_set0' function. */
++#define HAVE_DSA_SIG_SET0 1
+diff --git a/configure.ac b/configure.ac
+index 7b4ed71..74954ac 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -51,9 +51,9 @@
+ AC_PREREQ(2.60)
+
+ define([PACKAGE_VERSION_MAJOR], [1])
+-define([PACKAGE_VERSION_MINOR], [27])
++define([PACKAGE_VERSION_MINOR], [28])
+ define([PACKAGE_VERSION_FIX], [0])
+-define([PACKAGE_SUFFIX], [])
++define([PACKAGE_SUFFIX], [_master])
+
+ AC_INIT([pkcs11-helper],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX])
+ AC_CONFIG_AUX_DIR([.])
+@@ -110,7 +110,7 @@ esac
+
+ AC_ARG_ENABLE(
+ [doc],
+- [AS_HELP_STRING([--enable-doc],[enable documantation])],
++ [AS_HELP_STRING([--enable-doc],[enable documentation])],
+ ,
+ [enable_doc="no"]
+ )
+diff --git a/include/pkcs11-helper-1.0/pkcs11.h b/include/pkcs11-helper-1.0/pkcs11.h
+index 2e6a1e3..85aa98e 100644
+--- a/include/pkcs11-helper-1.0/pkcs11.h
++++ b/include/pkcs11-helper-1.0/pkcs11.h
+@@ -63,9 +63,9 @@ extern "C" {
+ version of this file, please consider deleting the revision macro
+ (you may use a macro with a different name to keep track of your
+ versions). */
+-#define CRYPTOKI_VERSION_MAJOR 2
+-#define CRYPTOKI_VERSION_MINOR 20
+-#define CRYPTOKI_VERSION_REVISION 6
++#define CRYPTOKI_VERSION_MAJOR 3
++#define CRYPTOKI_VERSION_MINOR 0
++#define CRYPTOKI_VERSION_REVISION 0
+
+
+ /* Compatibility interface is default, unless CRYPTOKI_GNU is
+@@ -95,7 +95,6 @@ extern "C" {
+
+ #endif
+
+-\f
+ #ifdef CRYPTOKI_COMPAT
+ /* If we are in compatibility mode, switch all exposed names to the
+ PKCS #11 variant. There are corresponding #undefs below. */
+@@ -154,6 +153,8 @@ extern "C" {
+
+ #define ck_mechanism_type_t CK_MECHANISM_TYPE
+
++#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE
++
+ #define ck_mechanism _CK_MECHANISM
+ #define parameter pParameter
+ #define parameter_len ulParameterLen
+@@ -165,7 +166,10 @@ extern "C" {
+ #define ck_rv_t CK_RV
+ #define ck_notify_t CK_NOTIFY
+
++#define ck_interface CK_INTERFACE
++
+ #define ck_function_list _CK_FUNCTION_LIST
++#define ck_function_list_3_0 _CK_FUNCTION_LIST_3_0
+
+ #define ck_createmutex_t CK_CREATEMUTEX
+ #define ck_destroymutex_t CK_DESTROYMUTEX
+@@ -181,7 +185,6 @@ extern "C" {
+
+ #endif /* CRYPTOKI_COMPAT */
+
+-\f
+
+ typedef unsigned long ck_flags_t;
+
+@@ -204,7 +207,7 @@ struct ck_info
+
+ typedef unsigned long ck_notification_t;
+
+-#define CKN_SURRENDER (0)
++#define CKN_SURRENDER (0UL)
+
+
+ typedef unsigned long ck_slot_id_t;
+@@ -220,10 +223,10 @@ struct ck_slot_info
+ };
+
+
+-#define CKF_TOKEN_PRESENT (1 << 0)
+-#define CKF_REMOVABLE_DEVICE (1 << 1)
+-#define CKF_HW_SLOT (1 << 2)
+-#define CKF_ARRAY_ATTRIBUTE (1 << 30)
++#define CKF_TOKEN_PRESENT (1UL << 0)
++#define CKF_REMOVABLE_DEVICE (1UL << 1)
++#define CKF_HW_SLOT (1UL << 2)
++#define CKF_ARRAY_ATTRIBUTE (1UL << 30)
+
+
+ struct ck_token_info
+@@ -249,48 +252,48 @@ struct ck_token_info
+ };
+
+
+-#define CKF_RNG (1 << 0)
+-#define CKF_WRITE_PROTECTED (1 << 1)
+-#define CKF_LOGIN_REQUIRED (1 << 2)
+-#define CKF_USER_PIN_INITIALIZED (1 << 3)
+-#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5)
+-#define CKF_CLOCK_ON_TOKEN (1 << 6)
+-#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8)
+-#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9)
+-#define CKF_TOKEN_INITIALIZED (1 << 10)
+-#define CKF_SECONDARY_AUTHENTICATION (1 << 11)
+-#define CKF_USER_PIN_COUNT_LOW (1 << 16)
+-#define CKF_USER_PIN_FINAL_TRY (1 << 17)
+-#define CKF_USER_PIN_LOCKED (1 << 18)
+-#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19)
+-#define CKF_SO_PIN_COUNT_LOW (1 << 20)
+-#define CKF_SO_PIN_FINAL_TRY (1 << 21)
+-#define CKF_SO_PIN_LOCKED (1 << 22)
+-#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23)
++#define CKF_RNG (1UL << 0)
++#define CKF_WRITE_PROTECTED (1UL << 1)
++#define CKF_LOGIN_REQUIRED (1UL << 2)
++#define CKF_USER_PIN_INITIALIZED (1UL << 3)
++#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5)
++#define CKF_CLOCK_ON_TOKEN (1UL << 6)
++#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8)
++#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9)
++#define CKF_TOKEN_INITIALIZED (1UL << 10)
++#define CKF_SECONDARY_AUTHENTICATION (1UL << 11)
++#define CKF_USER_PIN_COUNT_LOW (1UL << 16)
++#define CKF_USER_PIN_FINAL_TRY (1UL << 17)
++#define CKF_USER_PIN_LOCKED (1UL << 18)
++#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19)
++#define CKF_SO_PIN_COUNT_LOW (1UL << 20)
++#define CKF_SO_PIN_FINAL_TRY (1UL << 21)
++#define CKF_SO_PIN_LOCKED (1UL << 22)
++#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23)
+
+ #define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
+-#define CK_EFFECTIVELY_INFINITE (0)
++#define CK_EFFECTIVELY_INFINITE (0UL)
+
+
+ typedef unsigned long ck_session_handle_t;
+
+-#define CK_INVALID_HANDLE (0)
++#define CK_INVALID_HANDLE (0UL)
+
+
+ typedef unsigned long ck_user_type_t;
+
+-#define CKU_SO (0)
+-#define CKU_USER (1)
+-#define CKU_CONTEXT_SPECIFIC (2)
++#define CKU_SO (0UL)
++#define CKU_USER (1UL)
++#define CKU_CONTEXT_SPECIFIC (2UL)
+
+
+ typedef unsigned long ck_state_t;
+
+-#define CKS_RO_PUBLIC_SESSION (0)
+-#define CKS_RO_USER_FUNCTIONS (1)
+-#define CKS_RW_PUBLIC_SESSION (2)
+-#define CKS_RW_USER_FUNCTIONS (3)
+-#define CKS_RW_SO_FUNCTIONS (4)
++#define CKS_RO_PUBLIC_SESSION (0UL)
++#define CKS_RO_USER_FUNCTIONS (1UL)
++#define CKS_RW_PUBLIC_SESSION (2UL)
++#define CKS_RW_USER_FUNCTIONS (3UL)
++#define CKS_RW_SO_FUNCTIONS (4UL)
+
+
+ struct ck_session_info
+@@ -301,8 +304,8 @@ struct ck_session_info
+ unsigned long device_error;
+ };
+
+-#define CKF_RW_SESSION (1 << 1)
+-#define CKF_SERIAL_SESSION (1 << 2)
++#define CKF_RW_SESSION (1UL << 1)
++#define CKF_SERIAL_SESSION (1UL << 2)
+
+
+ typedef unsigned long ck_object_handle_t;
+@@ -310,150 +313,189 @@ typedef unsigned long ck_object_handle_t;
+
+ typedef unsigned long ck_object_class_t;
+
+-#define CKO_DATA (0)
+-#define CKO_CERTIFICATE (1)
+-#define CKO_PUBLIC_KEY (2)
+-#define CKO_PRIVATE_KEY (3)
+-#define CKO_SECRET_KEY (4)
+-#define CKO_HW_FEATURE (5)
+-#define CKO_DOMAIN_PARAMETERS (6)
+-#define CKO_MECHANISM (7)
+-#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+-
++#define CKO_DATA (0UL)
++#define CKO_CERTIFICATE (1UL)
++#define CKO_PUBLIC_KEY (2UL)
++#define CKO_PRIVATE_KEY (3UL)
++#define CKO_SECRET_KEY (4UL)
++#define CKO_HW_FEATURE (5UL)
++#define CKO_DOMAIN_PARAMETERS (6UL)
++#define CKO_MECHANISM (7UL)
++#define CKO_OTP_KEY (8UL)
++#define CKO_PROFILE (9UL)
++#define CKO_VENDOR_DEFINED (1UL << 31)
++
++#define CKP_INVALID_ID (0UL)
++#define CKP_BASELINE_PROVIDER (1UL)
++#define CKP_EXTENDED_PROVIDER (2UL)
++#define CKP_AUTHENTICATION_TOKEN (3UL)
++#define CKP_PUBLIC_CERTIFICATES_TOKEN (4UL)
++#define CKP_VENDOR_DEFINED (1UL << 31)
+
+ typedef unsigned long ck_hw_feature_type_t;
+
+-#define CKH_MONOTONIC_COUNTER (1)
+-#define CKH_CLOCK (2)
+-#define CKH_USER_INTERFACE (3)
+-#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
++#define CKH_MONOTONIC_COUNTER (1UL)
++#define CKH_CLOCK (2UL)
++#define CKH_USER_INTERFACE (3UL)
++#define CKH_VENDOR_DEFINED (1UL << 31)
+
+
+ typedef unsigned long ck_key_type_t;
+
+-#define CKK_RSA (0)
+-#define CKK_DSA (1)
+-#define CKK_DH (2)
+-#define CKK_ECDSA (3)
+-#define CKK_EC (3)
+-#define CKK_X9_42_DH (4)
+-#define CKK_KEA (5)
+-#define CKK_GENERIC_SECRET (0x10)
+-#define CKK_RC2 (0x11)
+-#define CKK_RC4 (0x12)
+-#define CKK_DES (0x13)
+-#define CKK_DES2 (0x14)
+-#define CKK_DES3 (0x15)
+-#define CKK_CAST (0x16)
+-#define CKK_CAST3 (0x17)
+-#define CKK_CAST128 (0x18)
+-#define CKK_RC5 (0x19)
+-#define CKK_IDEA (0x1a)
+-#define CKK_SKIPJACK (0x1b)
+-#define CKK_BATON (0x1c)
+-#define CKK_JUNIPER (0x1d)
+-#define CKK_CDMF (0x1e)
+-#define CKK_AES (0x1f)
+-#define CKK_BLOWFISH (0x20)
+-#define CKK_TWOFISH (0x21)
+-#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+-
++#define CKK_RSA (0UL)
++#define CKK_DSA (1UL)
++#define CKK_DH (2UL)
++#define CKK_ECDSA (3UL)
++#define CKK_EC (3UL)
++#define CKK_X9_42_DH (4UL)
++#define CKK_KEA (5UL)
++#define CKK_GENERIC_SECRET (0x10UL)
++#define CKK_RC2 (0x11UL)
++#define CKK_RC4 (0x12UL)
++#define CKK_DES (0x13UL)
++#define CKK_DES2 (0x14UL)
++#define CKK_DES3 (0x15UL)
++#define CKK_CAST (0x16UL)
++#define CKK_CAST3 (0x17UL)
++#define CKK_CAST128 (0x18UL)
++#define CKK_RC5 (0x19UL)
++#define CKK_IDEA (0x1aUL)
++#define CKK_SKIPJACK (0x1bUL)
++#define CKK_BATON (0x1cUL)
++#define CKK_JUNIPER (0x1dUL)
++#define CKK_CDMF (0x1eUL)
++#define CKK_AES (0x1fUL)
++#define CKK_BLOWFISH (0x20UL)
++#define CKK_TWOFISH (0x21UL)
++#define CKK_GOSTR3410 (0x30UL)
++#define CKK_GOSTR3411 (0x31UL)
++#define CKK_GOST28147 (0x32UL)
++#define CKK_EC_EDWARDS (0x40UL)
++#define CKK_EC_MONTGOMERY (0x41UL)
++#define CKK_VENDOR_DEFINED (1UL << 31)
++
++/*
++ * A mask for new GOST algorithms.
++ * For details visit https://tc26.ru/standarts/perevody/guidelines-the-pkcs-11-extensions-for-implementing-the-gost-r-34-10-2012-and-gost-r-34-11-2012-russian-standards-.html
++ */
++#define NSSCK_VENDOR_PKCS11_RU_TEAM (CKK_VENDOR_DEFINED | 0x54321000)
++#define CK_VENDOR_PKCS11_RU_TEAM_TK26 NSSCK_VENDOR_PKCS11_RU_TEAM
++
++#define CKK_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x003)
+
+ typedef unsigned long ck_certificate_type_t;
+
+-#define CKC_X_509 (0)
+-#define CKC_X_509_ATTR_CERT (1)
+-#define CKC_WTLS (2)
+-#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
++#define CKC_X_509 (0UL)
++#define CKC_X_509_ATTR_CERT (1UL)
++#define CKC_WTLS (2UL)
++#define CKC_VENDOR_DEFINED (1UL << 31)
+
+
+ typedef unsigned long ck_attribute_type_t;
+
+-#define CKA_CLASS (0)
+-#define CKA_TOKEN (1)
+-#define CKA_PRIVATE (2)
+-#define CKA_LABEL (3)
+-#define CKA_APPLICATION (0x10)
+-#define CKA_VALUE (0x11)
+-#define CKA_OBJECT_ID (0x12)
+-#define CKA_CERTIFICATE_TYPE (0x80)
+-#define CKA_ISSUER (0x81)
+-#define CKA_SERIAL_NUMBER (0x82)
+-#define CKA_AC_ISSUER (0x83)
+-#define CKA_OWNER (0x84)
+-#define CKA_ATTR_TYPES (0x85)
+-#define CKA_TRUSTED (0x86)
+-#define CKA_CERTIFICATE_CATEGORY (0x87)
+-#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88)
+-#define CKA_URL (0x89)
+-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a)
+-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b)
+-#define CKA_CHECK_VALUE (0x90)
+-#define CKA_KEY_TYPE (0x100)
+-#define CKA_SUBJECT (0x101)
+-#define CKA_ID (0x102)
+-#define CKA_SENSITIVE (0x103)
+-#define CKA_ENCRYPT (0x104)
+-#define CKA_DECRYPT (0x105)
+-#define CKA_WRAP (0x106)
+-#define CKA_UNWRAP (0x107)
+-#define CKA_SIGN (0x108)
+-#define CKA_SIGN_RECOVER (0x109)
+-#define CKA_VERIFY (0x10a)
+-#define CKA_VERIFY_RECOVER (0x10b)
+-#define CKA_DERIVE (0x10c)
+-#define CKA_START_DATE (0x110)
+-#define CKA_END_DATE (0x111)
+-#define CKA_MODULUS (0x120)
+-#define CKA_MODULUS_BITS (0x121)
+-#define CKA_PUBLIC_EXPONENT (0x122)
+-#define CKA_PRIVATE_EXPONENT (0x123)
+-#define CKA_PRIME_1 (0x124)
+-#define CKA_PRIME_2 (0x125)
+-#define CKA_EXPONENT_1 (0x126)
+-#define CKA_EXPONENT_2 (0x127)
+-#define CKA_COEFFICIENT (0x128)
+-#define CKA_PRIME (0x130)
+-#define CKA_SUBPRIME (0x131)
+-#define CKA_BASE (0x132)
+-#define CKA_PRIME_BITS (0x133)
+-#define CKA_SUB_PRIME_BITS (0x134)
+-#define CKA_VALUE_BITS (0x160)
+-#define CKA_VALUE_LEN (0x161)
+-#define CKA_EXTRACTABLE (0x162)
+-#define CKA_LOCAL (0x163)
+-#define CKA_NEVER_EXTRACTABLE (0x164)
+-#define CKA_ALWAYS_SENSITIVE (0x165)
+-#define CKA_KEY_GEN_MECHANISM (0x166)
+-#define CKA_MODIFIABLE (0x170)
+-#define CKA_ECDSA_PARAMS (0x180)
+-#define CKA_EC_PARAMS (0x180)
+-#define CKA_EC_POINT (0x181)
+-#define CKA_SECONDARY_AUTH (0x200)
+-#define CKA_AUTH_PIN_FLAGS (0x201)
+-#define CKA_ALWAYS_AUTHENTICATE (0x202)
+-#define CKA_WRAP_WITH_TRUSTED (0x210)
+-#define CKA_HW_FEATURE_TYPE (0x300)
+-#define CKA_RESET_ON_INIT (0x301)
+-#define CKA_HAS_RESET (0x302)
+-#define CKA_PIXEL_X (0x400)
+-#define CKA_PIXEL_Y (0x401)
+-#define CKA_RESOLUTION (0x402)
+-#define CKA_CHAR_ROWS (0x403)
+-#define CKA_CHAR_COLUMNS (0x404)
+-#define CKA_COLOR (0x405)
+-#define CKA_BITS_PER_PIXEL (0x406)
+-#define CKA_CHAR_SETS (0x480)
+-#define CKA_ENCODING_METHODS (0x481)
+-#define CKA_MIME_TYPES (0x482)
+-#define CKA_MECHANISM_TYPE (0x500)
+-#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501)
+-#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502)
+-#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503)
+-#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
+-#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
+-#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
+-#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
++#define CKA_CLASS (0UL)
++#define CKA_TOKEN (1UL)
++#define CKA_PRIVATE (2UL)
++#define CKA_LABEL (3UL)
++#define CKA_APPLICATION (0x10UL)
++#define CKA_VALUE (0x11UL)
++#define CKA_OBJECT_ID (0x12UL)
++#define CKA_CERTIFICATE_TYPE (0x80UL)
++#define CKA_ISSUER (0x81UL)
++#define CKA_SERIAL_NUMBER (0x82UL)
++#define CKA_AC_ISSUER (0x83UL)
++#define CKA_OWNER (0x84UL)
++#define CKA_ATTR_TYPES (0x85UL)
++#define CKA_TRUSTED (0x86UL)
++#define CKA_CERTIFICATE_CATEGORY (0x87UL)
++#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL)
++#define CKA_URL (0x89UL)
++#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL)
++#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL)
++#define CKA_CHECK_VALUE (0x90UL)
++#define CKA_KEY_TYPE (0x100UL)
++#define CKA_SUBJECT (0x101UL)
++#define CKA_ID (0x102UL)
++#define CKA_SENSITIVE (0x103UL)
++#define CKA_ENCRYPT (0x104UL)
++#define CKA_DECRYPT (0x105UL)
++#define CKA_WRAP (0x106UL)
++#define CKA_UNWRAP (0x107UL)
++#define CKA_SIGN (0x108UL)
++#define CKA_SIGN_RECOVER (0x109UL)
++#define CKA_VERIFY (0x10aUL)
++#define CKA_VERIFY_RECOVER (0x10bUL)
++#define CKA_DERIVE (0x10cUL)
++#define CKA_START_DATE (0x110UL)
++#define CKA_END_DATE (0x111UL)
++#define CKA_MODULUS (0x120UL)
++#define CKA_MODULUS_BITS (0x121UL)
++#define CKA_PUBLIC_EXPONENT (0x122UL)
++#define CKA_PRIVATE_EXPONENT (0x123UL)
++#define CKA_PRIME_1 (0x124UL)
++#define CKA_PRIME_2 (0x125UL)
++#define CKA_EXPONENT_1 (0x126UL)
++#define CKA_EXPONENT_2 (0x127UL)
++#define CKA_COEFFICIENT (0x128UL)
++#define CKA_PRIME (0x130UL)
++#define CKA_SUBPRIME (0x131UL)
++#define CKA_BASE (0x132UL)
++#define CKA_PRIME_BITS (0x133UL)
++#define CKA_SUB_PRIME_BITS (0x134UL)
++#define CKA_VALUE_BITS (0x160UL)
++#define CKA_VALUE_LEN (0x161UL)
++#define CKA_EXTRACTABLE (0x162UL)
++#define CKA_LOCAL (0x163UL)
++#define CKA_NEVER_EXTRACTABLE (0x164UL)
++#define CKA_ALWAYS_SENSITIVE (0x165UL)
++#define CKA_KEY_GEN_MECHANISM (0x166UL)
++#define CKA_MODIFIABLE (0x170UL)
++#define CKA_ECDSA_PARAMS (0x180UL)
++#define CKA_EC_PARAMS (0x180UL)
++#define CKA_EC_POINT (0x181UL)
++#define CKA_SECONDARY_AUTH (0x200UL)
++#define CKA_AUTH_PIN_FLAGS (0x201UL)
++#define CKA_ALWAYS_AUTHENTICATE (0x202UL)
++#define CKA_WRAP_WITH_TRUSTED (0x210UL)
++#define CKA_GOSTR3410_PARAMS (0x250UL)
++#define CKA_GOSTR3411_PARAMS (0x251UL)
++#define CKA_GOST28147_PARAMS (0x252UL)
++#define CKA_HW_FEATURE_TYPE (0x300UL)
++#define CKA_RESET_ON_INIT (0x301UL)
++#define CKA_HAS_RESET (0x302UL)
++#define CKA_PIXEL_X (0x400UL)
++#define CKA_PIXEL_Y (0x401UL)
++#define CKA_RESOLUTION (0x402UL)
++#define CKA_CHAR_ROWS (0x403UL)
++#define CKA_CHAR_COLUMNS (0x404UL)
++#define CKA_COLOR (0x405UL)
++#define CKA_BITS_PER_PIXEL (0x406UL)
++#define CKA_CHAR_SETS (0x480UL)
++#define CKA_ENCODING_METHODS (0x481UL)
++#define CKA_MIME_TYPES (0x482UL)
++#define CKA_MECHANISM_TYPE (0x500UL)
++#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL)
++#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL)
++#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL)
++#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL)
++#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL)
++#define CKA_OTP_FORMAT (0x220UL)
++#define CKA_OTP_LENGTH (0x221UL)
++#define CKA_OTP_TIME_INTERVAL (0x222UL)
++#define CKA_OTP_USER_FRIENDLY_MODE (0x223UL)
++#define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL)
++#define CKA_OTP_TIME_REQUIREMENT (0x225UL)
++#define CKA_OTP_COUNTER_REQUIREMENT (0x226UL)
++#define CKA_OTP_PIN_REQUIREMENT (0x227UL)
++#define CKA_OTP_USER_IDENTIFIER (0x22AUL)
++#define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL)
++#define CKA_OTP_SERVICE_LOGO (0x22CUL)
++#define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL)
++#define CKA_OTP_COUNTER (0x22EUL)
++#define CKA_OTP_TIME (0x22FUL)
++#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL)
++#define CKA_PROFILE_ID (0x601UL)
++#define CKA_VENDOR_DEFINED (1UL << 31)
+
+
+ struct ck_attribute
+@@ -474,205 +516,273 @@ struct ck_date
+
+ typedef unsigned long ck_mechanism_type_t;
+
+-#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
+-#define CKM_RSA_PKCS (1)
+-#define CKM_RSA_9796 (2)
+-#define CKM_RSA_X_509 (3)
+-#define CKM_MD2_RSA_PKCS (4)
+-#define CKM_MD5_RSA_PKCS (5)
+-#define CKM_SHA1_RSA_PKCS (6)
+-#define CKM_RIPEMD128_RSA_PKCS (7)
+-#define CKM_RIPEMD160_RSA_PKCS (8)
+-#define CKM_RSA_PKCS_OAEP (9)
+-#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa)
+-#define CKM_RSA_X9_31 (0xb)
+-#define CKM_SHA1_RSA_X9_31 (0xc)
+-#define CKM_RSA_PKCS_PSS (0xd)
+-#define CKM_SHA1_RSA_PKCS_PSS (0xe)
+-#define CKM_DSA_KEY_PAIR_GEN (0x10)
+-#define CKM_DSA (0x11)
+-#define CKM_DSA_SHA1 (0x12)
+-#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20)
+-#define CKM_DH_PKCS_DERIVE (0x21)
+-#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30)
+-#define CKM_X9_42_DH_DERIVE (0x31)
+-#define CKM_X9_42_DH_HYBRID_DERIVE (0x32)
+-#define CKM_X9_42_MQV_DERIVE (0x33)
+-#define CKM_SHA256_RSA_PKCS (0x40)
+-#define CKM_SHA384_RSA_PKCS (0x41)
+-#define CKM_SHA512_RSA_PKCS (0x42)
+-#define CKM_SHA256_RSA_PKCS_PSS (0x43)
+-#define CKM_SHA384_RSA_PKCS_PSS (0x44)
+-#define CKM_SHA512_RSA_PKCS_PSS (0x45)
+-#define CKM_RC2_KEY_GEN (0x100)
+-#define CKM_RC2_ECB (0x101)
+-#define CKM_RC2_CBC (0x102)
+-#define CKM_RC2_MAC (0x103)
+-#define CKM_RC2_MAC_GENERAL (0x104)
+-#define CKM_RC2_CBC_PAD (0x105)
+-#define CKM_RC4_KEY_GEN (0x110)
+-#define CKM_RC4 (0x111)
+-#define CKM_DES_KEY_GEN (0x120)
+-#define CKM_DES_ECB (0x121)
+-#define CKM_DES_CBC (0x122)
+-#define CKM_DES_MAC (0x123)
+-#define CKM_DES_MAC_GENERAL (0x124)
+-#define CKM_DES_CBC_PAD (0x125)
+-#define CKM_DES2_KEY_GEN (0x130)
+-#define CKM_DES3_KEY_GEN (0x131)
+-#define CKM_DES3_ECB (0x132)
+-#define CKM_DES3_CBC (0x133)
+-#define CKM_DES3_MAC (0x134)
+-#define CKM_DES3_MAC_GENERAL (0x135)
+-#define CKM_DES3_CBC_PAD (0x136)
+-#define CKM_CDMF_KEY_GEN (0x140)
+-#define CKM_CDMF_ECB (0x141)
+-#define CKM_CDMF_CBC (0x142)
+-#define CKM_CDMF_MAC (0x143)
+-#define CKM_CDMF_MAC_GENERAL (0x144)
+-#define CKM_CDMF_CBC_PAD (0x145)
+-#define CKM_MD2 (0x200)
+-#define CKM_MD2_HMAC (0x201)
+-#define CKM_MD2_HMAC_GENERAL (0x202)
+-#define CKM_MD5 (0x210)
+-#define CKM_MD5_HMAC (0x211)
+-#define CKM_MD5_HMAC_GENERAL (0x212)
+-#define CKM_SHA_1 (0x220)
+-#define CKM_SHA_1_HMAC (0x221)
+-#define CKM_SHA_1_HMAC_GENERAL (0x222)
+-#define CKM_RIPEMD128 (0x230)
+-#define CKM_RIPEMD128_HMAC (0x231)
+-#define CKM_RIPEMD128_HMAC_GENERAL (0x232)
+-#define CKM_RIPEMD160 (0x240)
+-#define CKM_RIPEMD160_HMAC (0x241)
+-#define CKM_RIPEMD160_HMAC_GENERAL (0x242)
+-#define CKM_SHA256 (0x250)
+-#define CKM_SHA256_HMAC (0x251)
+-#define CKM_SHA256_HMAC_GENERAL (0x252)
+-#define CKM_SHA384 (0x260)
+-#define CKM_SHA384_HMAC (0x261)
+-#define CKM_SHA384_HMAC_GENERAL (0x262)
+-#define CKM_SHA512 (0x270)
+-#define CKM_SHA512_HMAC (0x271)
+-#define CKM_SHA512_HMAC_GENERAL (0x272)
+-#define CKM_CAST_KEY_GEN (0x300)
+-#define CKM_CAST_ECB (0x301)
+-#define CKM_CAST_CBC (0x302)
+-#define CKM_CAST_MAC (0x303)
+-#define CKM_CAST_MAC_GENERAL (0x304)
+-#define CKM_CAST_CBC_PAD (0x305)
+-#define CKM_CAST3_KEY_GEN (0x310)
+-#define CKM_CAST3_ECB (0x311)
+-#define CKM_CAST3_CBC (0x312)
+-#define CKM_CAST3_MAC (0x313)
+-#define CKM_CAST3_MAC_GENERAL (0x314)
+-#define CKM_CAST3_CBC_PAD (0x315)
+-#define CKM_CAST5_KEY_GEN (0x320)
+-#define CKM_CAST128_KEY_GEN (0x320)
+-#define CKM_CAST5_ECB (0x321)
+-#define CKM_CAST128_ECB (0x321)
+-#define CKM_CAST5_CBC (0x322)
+-#define CKM_CAST128_CBC (0x322)
+-#define CKM_CAST5_MAC (0x323)
+-#define CKM_CAST128_MAC (0x323)
+-#define CKM_CAST5_MAC_GENERAL (0x324)
+-#define CKM_CAST128_MAC_GENERAL (0x324)
+-#define CKM_CAST5_CBC_PAD (0x325)
+-#define CKM_CAST128_CBC_PAD (0x325)
+-#define CKM_RC5_KEY_GEN (0x330)
+-#define CKM_RC5_ECB (0x331)
+-#define CKM_RC5_CBC (0x332)
+-#define CKM_RC5_MAC (0x333)
+-#define CKM_RC5_MAC_GENERAL (0x334)
+-#define CKM_RC5_CBC_PAD (0x335)
+-#define CKM_IDEA_KEY_GEN (0x340)
+-#define CKM_IDEA_ECB (0x341)
+-#define CKM_IDEA_CBC (0x342)
+-#define CKM_IDEA_MAC (0x343)
+-#define CKM_IDEA_MAC_GENERAL (0x344)
+-#define CKM_IDEA_CBC_PAD (0x345)
+-#define CKM_GENERIC_SECRET_KEY_GEN (0x350)
+-#define CKM_CONCATENATE_BASE_AND_KEY (0x360)
+-#define CKM_CONCATENATE_BASE_AND_DATA (0x362)
+-#define CKM_CONCATENATE_DATA_AND_BASE (0x363)
+-#define CKM_XOR_BASE_AND_DATA (0x364)
+-#define CKM_EXTRACT_KEY_FROM_KEY (0x365)
+-#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370)
+-#define CKM_SSL3_MASTER_KEY_DERIVE (0x371)
+-#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372)
+-#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373)
+-#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374)
+-#define CKM_TLS_MASTER_KEY_DERIVE (0x375)
+-#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376)
+-#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377)
+-#define CKM_SSL3_MD5_MAC (0x380)
+-#define CKM_SSL3_SHA1_MAC (0x381)
+-#define CKM_MD5_KEY_DERIVATION (0x390)
+-#define CKM_MD2_KEY_DERIVATION (0x391)
+-#define CKM_SHA1_KEY_DERIVATION (0x392)
+-#define CKM_PBE_MD2_DES_CBC (0x3a0)
+-#define CKM_PBE_MD5_DES_CBC (0x3a1)
+-#define CKM_PBE_MD5_CAST_CBC (0x3a2)
+-#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
+-#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
+-#define CKM_PBE_MD5_CAST128_CBC (0x3a4)
+-#define CKM_PBE_SHA1_CAST5_CBC (0x3a5)
+-#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
+-#define CKM_PBE_SHA1_RC4_128 (0x3a6)
+-#define CKM_PBE_SHA1_RC4_40 (0x3a7)
+-#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
+-#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
+-#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
+-#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
+-#define CKM_PKCS5_PBKD2 (0x3b0)
+-#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0)
+-#define CKM_KEY_WRAP_LYNKS (0x400)
+-#define CKM_KEY_WRAP_SET_OAEP (0x401)
+-#define CKM_SKIPJACK_KEY_GEN (0x1000)
+-#define CKM_SKIPJACK_ECB64 (0x1001)
+-#define CKM_SKIPJACK_CBC64 (0x1002)
+-#define CKM_SKIPJACK_OFB64 (0x1003)
+-#define CKM_SKIPJACK_CFB64 (0x1004)
+-#define CKM_SKIPJACK_CFB32 (0x1005)
+-#define CKM_SKIPJACK_CFB16 (0x1006)
+-#define CKM_SKIPJACK_CFB8 (0x1007)
+-#define CKM_SKIPJACK_WRAP (0x1008)
+-#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009)
+-#define CKM_SKIPJACK_RELAYX (0x100a)
+-#define CKM_KEA_KEY_PAIR_GEN (0x1010)
+-#define CKM_KEA_KEY_DERIVE (0x1011)
+-#define CKM_FORTEZZA_TIMESTAMP (0x1020)
+-#define CKM_BATON_KEY_GEN (0x1030)
+-#define CKM_BATON_ECB128 (0x1031)
+-#define CKM_BATON_ECB96 (0x1032)
+-#define CKM_BATON_CBC128 (0x1033)
+-#define CKM_BATON_COUNTER (0x1034)
+-#define CKM_BATON_SHUFFLE (0x1035)
+-#define CKM_BATON_WRAP (0x1036)
+-#define CKM_ECDSA_KEY_PAIR_GEN (0x1040)
+-#define CKM_EC_KEY_PAIR_GEN (0x1040)
+-#define CKM_ECDSA (0x1041)
+-#define CKM_ECDSA_SHA1 (0x1042)
+-#define CKM_ECDH1_DERIVE (0x1050)
+-#define CKM_ECDH1_COFACTOR_DERIVE (0x1051)
+-#define CKM_ECMQV_DERIVE (0x1052)
+-#define CKM_JUNIPER_KEY_GEN (0x1060)
+-#define CKM_JUNIPER_ECB128 (0x1061)
+-#define CKM_JUNIPER_CBC128 (0x1062)
+-#define CKM_JUNIPER_COUNTER (0x1063)
+-#define CKM_JUNIPER_SHUFFLE (0x1064)
+-#define CKM_JUNIPER_WRAP (0x1065)
+-#define CKM_FASTHASH (0x1070)
+-#define CKM_AES_KEY_GEN (0x1080)
+-#define CKM_AES_ECB (0x1081)
+-#define CKM_AES_CBC (0x1082)
+-#define CKM_AES_MAC (0x1083)
+-#define CKM_AES_MAC_GENERAL (0x1084)
+-#define CKM_AES_CBC_PAD (0x1085)
+-#define CKM_DSA_PARAMETER_GEN (0x2000)
+-#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
+-#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
+-#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
++#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL)
++#define CKM_RSA_PKCS (1UL)
++#define CKM_RSA_9796 (2UL)
++#define CKM_RSA_X_509 (3UL)
++#define CKM_MD2_RSA_PKCS (4UL)
++#define CKM_MD5_RSA_PKCS (5UL)
++#define CKM_SHA1_RSA_PKCS (6UL)
++#define CKM_RIPEMD128_RSA_PKCS (7UL)
++#define CKM_RIPEMD160_RSA_PKCS (8UL)
++#define CKM_RSA_PKCS_OAEP (9UL)
++#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL)
++#define CKM_RSA_X9_31 (0xbUL)
++#define CKM_SHA1_RSA_X9_31 (0xcUL)
++#define CKM_RSA_PKCS_PSS (0xdUL)
++#define CKM_SHA1_RSA_PKCS_PSS (0xeUL)
++#define CKM_DSA_KEY_PAIR_GEN (0x10UL)
++#define CKM_DSA (0x11UL)
++#define CKM_DSA_SHA1 (0x12UL)
++#define CKM_DSA_SHA224 (0x13UL)
++#define CKM_DSA_SHA256 (0x14UL)
++#define CKM_DSA_SHA384 (0x15UL)
++#define CKM_DSA_SHA512 (0x16UL)
++#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL)
++#define CKM_DH_PKCS_DERIVE (0x21UL)
++#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL)
++#define CKM_X9_42_DH_DERIVE (0x31UL)
++#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL)
++#define CKM_X9_42_MQV_DERIVE (0x33UL)
++#define CKM_SHA256_RSA_PKCS (0x40UL)
++#define CKM_SHA384_RSA_PKCS (0x41UL)
++#define CKM_SHA512_RSA_PKCS (0x42UL)
++#define CKM_SHA256_RSA_PKCS_PSS (0x43UL)
++#define CKM_SHA384_RSA_PKCS_PSS (0x44UL)
++#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
++#define CKM_SHA224_RSA_PKCS (0x46UL)
++#define CKM_SHA224_RSA_PKCS_PSS (0x47UL)
++#define CKM_RC2_KEY_GEN (0x100UL)
++#define CKM_RC2_ECB (0x101UL)
++#define CKM_RC2_CBC (0x102UL)
++#define CKM_RC2_MAC (0x103UL)
++#define CKM_RC2_MAC_GENERAL (0x104UL)
++#define CKM_RC2_CBC_PAD (0x105UL)
++#define CKM_RC4_KEY_GEN (0x110UL)
++#define CKM_RC4 (0x111UL)
++#define CKM_DES_KEY_GEN (0x120UL)
++#define CKM_DES_ECB (0x121UL)
++#define CKM_DES_CBC (0x122UL)
++#define CKM_DES_MAC (0x123UL)
++#define CKM_DES_MAC_GENERAL (0x124UL)
++#define CKM_DES_CBC_PAD (0x125UL)
++#define CKM_DES2_KEY_GEN (0x130UL)
++#define CKM_DES3_KEY_GEN (0x131UL)
++#define CKM_DES3_ECB (0x132UL)
++#define CKM_DES3_CBC (0x133UL)
++#define CKM_DES3_MAC (0x134UL)
++#define CKM_DES3_MAC_GENERAL (0x135UL)
++#define CKM_DES3_CBC_PAD (0x136UL)
++#define CKM_DES3_CMAC (0x138UL)
++#define CKM_CDMF_KEY_GEN (0x140UL)
++#define CKM_CDMF_ECB (0x141UL)
++#define CKM_CDMF_CBC (0x142UL)
++#define CKM_CDMF_MAC (0x143UL)
++#define CKM_CDMF_MAC_GENERAL (0x144UL)
++#define CKM_CDMF_CBC_PAD (0x145UL)
++#define CKM_MD2 (0x200UL)
++#define CKM_MD2_HMAC (0x201UL)
++#define CKM_MD2_HMAC_GENERAL (0x202UL)
++#define CKM_MD5 (0x210UL)
++#define CKM_MD5_HMAC (0x211UL)
++#define CKM_MD5_HMAC_GENERAL (0x212UL)
++#define CKM_SHA_1 (0x220UL)
++#define CKM_SHA_1_HMAC (0x221UL)
++#define CKM_SHA_1_HMAC_GENERAL (0x222UL)
++#define CKM_RIPEMD128 (0x230UL)
++#define CKM_RIPEMD128_HMAC (0x231UL)
++#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL)
++#define CKM_RIPEMD160 (0x240UL)
++#define CKM_RIPEMD160_HMAC (0x241UL)
++#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL)
++#define CKM_SHA256 (0x250UL)
++#define CKM_SHA256_HMAC (0x251UL)
++#define CKM_SHA256_HMAC_GENERAL (0x252UL)
++#define CKM_SHA224 (0x255UL)
++#define CKM_SHA224_HMAC (0x256UL)
++#define CKM_SHA224_HMAC_GENERAL (0x257UL)
++#define CKM_SHA384 (0x260UL)
++#define CKM_SHA384_HMAC (0x261UL)
++#define CKM_SHA384_HMAC_GENERAL (0x262UL)
++#define CKM_SHA512 (0x270UL)
++#define CKM_SHA512_HMAC (0x271UL)
++#define CKM_SHA512_HMAC_GENERAL (0x272UL)
++#define CKM_SHA3_256 (0x2B0UL)
++#define CKM_SHA3_256_HMAC (0x2B1UL)
++#define CKM_SHA3_256_HMAC_GENERAL (0x2B2UL)
++#define CKM_SHA3_224 (0x2B5UL)
++#define CKM_SHA3_224_HMAC (0x2B6UL)
++#define CKM_SHA3_224_HMAC_GENERAL (0x2B7UL)
++#define CKM_SHA3_384 (0x2C0UL)
++#define CKM_SHA3_384_HMAC (0x2C1UL)
++#define CKM_SHA3_384_HMAC_GENERAL (0x2C2UL)
++#define CKM_SHA3_512 (0x2D0UL)
++#define CKM_SHA3_512_HMAC (0x2D1UL)
++#define CKM_SHA3_512_HMAC_GENERAL (0x2D2UL)
++#define CKM_CAST_KEY_GEN (0x300UL)
++#define CKM_CAST_ECB (0x301UL)
++#define CKM_CAST_CBC (0x302UL)
++#define CKM_CAST_MAC (0x303UL)
++#define CKM_CAST_MAC_GENERAL (0x304UL)
++#define CKM_CAST_CBC_PAD (0x305UL)
++#define CKM_CAST3_KEY_GEN (0x310UL)
++#define CKM_CAST3_ECB (0x311UL)
++#define CKM_CAST3_CBC (0x312UL)
++#define CKM_CAST3_MAC (0x313UL)
++#define CKM_CAST3_MAC_GENERAL (0x314UL)
++#define CKM_CAST3_CBC_PAD (0x315UL)
++#define CKM_CAST5_KEY_GEN (0x320UL)
++#define CKM_CAST128_KEY_GEN (0x320UL)
++#define CKM_CAST5_ECB (0x321UL)
++#define CKM_CAST128_ECB (0x321UL)
++#define CKM_CAST5_CBC (0x322UL)
++#define CKM_CAST128_CBC (0x322UL)
++#define CKM_CAST5_MAC (0x323UL)
++#define CKM_CAST128_MAC (0x323UL)
++#define CKM_CAST5_MAC_GENERAL (0x324UL)
++#define CKM_CAST128_MAC_GENERAL (0x324UL)
++#define CKM_CAST5_CBC_PAD (0x325UL)
++#define CKM_CAST128_CBC_PAD (0x325UL)
++#define CKM_RC5_KEY_GEN (0x330UL)
++#define CKM_RC5_ECB (0x331UL)
++#define CKM_RC5_CBC (0x332UL)
++#define CKM_RC5_MAC (0x333UL)
++#define CKM_RC5_MAC_GENERAL (0x334UL)
++#define CKM_RC5_CBC_PAD (0x335UL)
++#define CKM_IDEA_KEY_GEN (0x340UL)
++#define CKM_IDEA_ECB (0x341UL)
++#define CKM_IDEA_CBC (0x342UL)
++#define CKM_IDEA_MAC (0x343UL)
++#define CKM_IDEA_MAC_GENERAL (0x344UL)
++#define CKM_IDEA_CBC_PAD (0x345UL)
++#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL)
++#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL)
++#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL)
++#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL)
++#define CKM_XOR_BASE_AND_DATA (0x364UL)
++#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL)
++#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL)
++#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL)
++#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL)
++#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL)
++#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL)
++#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL)
++#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL)
++#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL)
++#define CKM_SSL3_MD5_MAC (0x380UL)
++#define CKM_SSL3_SHA1_MAC (0x381UL)
++#define CKM_MD5_KEY_DERIVATION (0x390UL)
++#define CKM_MD2_KEY_DERIVATION (0x391UL)
++#define CKM_SHA1_KEY_DERIVATION (0x392UL)
++#define CKM_PBE_MD2_DES_CBC (0x3a0UL)
++#define CKM_PBE_MD5_DES_CBC (0x3a1UL)
++#define CKM_PBE_MD5_CAST_CBC (0x3a2UL)
++#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL)
++#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL)
++#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL)
++#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL)
++#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL)
++#define CKM_PBE_SHA1_RC4_128 (0x3a6UL)
++#define CKM_PBE_SHA1_RC4_40 (0x3a7UL)
++#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL)
++#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL)
++#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL)
++#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL)
++#define CKM_PKCS5_PBKD2 (0x3b0UL)
++#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL)
++#define CKM_KEY_WRAP_LYNKS (0x400UL)
++#define CKM_KEY_WRAP_SET_OAEP (0x401UL)
++#define CKM_SKIPJACK_KEY_GEN (0x1000UL)
++#define CKM_SKIPJACK_ECB64 (0x1001UL)
++#define CKM_SKIPJACK_CBC64 (0x1002UL)
++#define CKM_SKIPJACK_OFB64 (0x1003UL)
++#define CKM_SKIPJACK_CFB64 (0x1004UL)
++#define CKM_SKIPJACK_CFB32 (0x1005UL)
++#define CKM_SKIPJACK_CFB16 (0x1006UL)
++#define CKM_SKIPJACK_CFB8 (0x1007UL)
++#define CKM_SKIPJACK_WRAP (0x1008UL)
++#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL)
++#define CKM_SKIPJACK_RELAYX (0x100aUL)
++#define CKM_KEA_KEY_PAIR_GEN (0x1010UL)
++#define CKM_KEA_KEY_DERIVE (0x1011UL)
++#define CKM_FORTEZZA_TIMESTAMP (0x1020UL)
++#define CKM_BATON_KEY_GEN (0x1030UL)
++#define CKM_BATON_ECB128 (0x1031UL)
++#define CKM_BATON_ECB96 (0x1032UL)
++#define CKM_BATON_CBC128 (0x1033UL)
++#define CKM_BATON_COUNTER (0x1034UL)
++#define CKM_BATON_SHUFFLE (0x1035UL)
++#define CKM_BATON_WRAP (0x1036UL)
++#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL)
++#define CKM_EC_KEY_PAIR_GEN (0x1040UL)
++#define CKM_ECDSA (0x1041UL)
++#define CKM_ECDSA_SHA1 (0x1042UL)
++#define CKM_ECDSA_SHA224 (0x1043UL)
++#define CKM_ECDSA_SHA256 (0x1044UL)
++#define CKM_ECDSA_SHA384 (0x1045UL)
++#define CKM_ECDSA_SHA512 (0x1046UL)
++#define CKM_ECDH1_DERIVE (0x1050UL)
++#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
++#define CKM_ECMQV_DERIVE (0x1052UL)
++#define CKM_EC_EDWARDS_KEY_PAIR_GEN (0x1055UL)
++#define CKM_EC_MONTGOMERY_KEY_PAIR_GEN (0x1056UL)
++#define CKM_EDDSA (0x1057UL)
++#define CKM_JUNIPER_KEY_GEN (0x1060UL)
++#define CKM_JUNIPER_ECB128 (0x1061UL)
++#define CKM_JUNIPER_CBC128 (0x1062UL)
++#define CKM_JUNIPER_COUNTER (0x1063UL)
++#define CKM_JUNIPER_SHUFFLE (0x1064UL)
++#define CKM_JUNIPER_WRAP (0x1065UL)
++#define CKM_FASTHASH (0x1070UL)
++#define CKM_AES_KEY_GEN (0x1080UL)
++#define CKM_AES_ECB (0x1081UL)
++#define CKM_AES_CBC (0x1082UL)
++#define CKM_AES_MAC (0x1083UL)
++#define CKM_AES_MAC_GENERAL (0x1084UL)
++#define CKM_AES_CBC_PAD (0x1085UL)
++#define CKM_AES_CTR (0x1086UL)
++#define CKM_AES_GCM (0x1087UL)
++#define CKM_AES_CCM (0x1088UL)
++#define CKM_AES_CTS (0x1089UL)
++#define CKM_AES_CMAC (0x108AUL)
++#define CKM_BLOWFISH_KEY_GEN (0x1090UL)
++#define CKM_BLOWFISH_CBC (0x1091UL)
++#define CKM_TWOFISH_KEY_GEN (0x1092UL)
++#define CKM_TWOFISH_CBC (0x1093UL)
++#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL)
++#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL)
++#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL)
++#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL)
++#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL)
++#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL)
++#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL)
++#define CKM_GOSTR3410 (0x1201UL)
++#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL)
++#define CKM_GOSTR3410_KEY_WRAP (0x1203UL)
++#define CKM_GOSTR3410_DERIVE (0x1204UL)
++#define CKM_GOSTR3410_512_KEY_PAIR_GEN (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x005)
++#define CKM_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x006)
++#define CKM_GOSTR3410_12_DERIVE (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x007)
++#define CKM_GOSTR3410_WITH_GOSTR3411_12_256 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x008)
++#define CKM_GOSTR3410_WITH_GOSTR3411_12_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x009)
++#define CKM_GOSTR3411 (0x1210UL)
++#define CKM_GOSTR3411_HMAC (0x1211UL)
++#define CKM_GOSTR3411_12_256 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x012)
++#define CKM_GOSTR3411_12_512 (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x013)
++#define CKM_GOSTR3411_12_256_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x014)
++#define CKM_GOSTR3411_12_512_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TK26 | 0x015)
++#define CKM_GOST28147_KEY_GEN (0x1220UL)
++#define CKM_GOST28147_ECB (0x1221UL)
++#define CKM_GOST28147 (0x1222UL)
++#define CKM_GOST28147_MAC (0x1223UL)
++#define CKM_GOST28147_KEY_WRAP (0x1224UL)
++
++#define CKM_DSA_PARAMETER_GEN (0x2000UL)
++#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL)
++#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL)
++#define CKM_AES_KEY_WRAP (0x2109UL)
++#define CKM_XEDDSA (0x4029UL)
++#define CKM_VENDOR_DEFINED (1UL << 31)
+
+
+ struct ck_mechanism
+@@ -690,25 +800,111 @@ struct ck_mechanism_info
+ ck_flags_t flags;
+ };
+
+-#define CKF_HW (1 << 0)
+-#define CKF_ENCRYPT (1 << 8)
+-#define CKF_DECRYPT (1 << 9)
+-#define CKF_DIGEST (1 << 10)
+-#define CKF_SIGN (1 << 11)
+-#define CKF_SIGN_RECOVER (1 << 12)
+-#define CKF_VERIFY (1 << 13)
+-#define CKF_VERIFY_RECOVER (1 << 14)
+-#define CKF_GENERATE (1 << 15)
+-#define CKF_GENERATE_KEY_PAIR (1 << 16)
+-#define CKF_WRAP (1 << 17)
+-#define CKF_UNWRAP (1 << 18)
+-#define CKF_DERIVE (1 << 19)
+-#define CKF_EXTENSION ((unsigned long) (1 << 31))
+-
++#define CKF_HW (1UL << 0)
++#define CKF_ENCRYPT (1UL << 8)
++#define CKF_DECRYPT (1UL << 9)
++#define CKF_DIGEST (1UL << 10)
++#define CKF_SIGN (1UL << 11)
++#define CKF_SIGN_RECOVER (1UL << 12)
++#define CKF_VERIFY (1UL << 13)
++#define CKF_VERIFY_RECOVER (1UL << 14)
++#define CKF_GENERATE (1UL << 15)
++#define CKF_GENERATE_KEY_PAIR (1UL << 16)
++#define CKF_WRAP (1UL << 17)
++#define CKF_UNWRAP (1UL << 18)
++#define CKF_DERIVE (1UL << 19)
++#define CKF_EXTENSION (1UL << 31)
++
++#define CKF_EC_F_P (1UL << 20)
++#define CKF_EC_F_2M (1UL << 21)
++#define CKF_EC_ECPARAMETERS (1UL << 22)
++#define CKF_EC_OID (1UL << 23)
++#define CKF_EC_NAMEDCURVE CKF_EC_OID
++#define CKF_EC_UNCOMPRESS (1UL << 24)
++#define CKF_EC_COMPRESS (1UL << 25)
++#define CKF_EC_CURVENAME (1UL << 26)
+
+ /* Flags for C_WaitForSlotEvent. */
+-#define CKF_DONT_BLOCK (1)
+-
++#define CKF_DONT_BLOCK (1UL)
++
++/* Flags for Key derivation */
++#define CKD_NULL (0x1UL)
++#define CKD_SHA1_KDF (0x2UL)
++#define CKD_SHA224_KDF (0x5UL)
++#define CKD_SHA256_KDF (0x6UL)
++#define CKD_SHA384_KDF (0x7UL)
++#define CKD_SHA512_KDF (0x8UL)
++
++typedef struct CK_ECDH1_DERIVE_PARAMS {
++ unsigned long kdf;
++ unsigned long ulSharedDataLen;
++ unsigned char * pSharedData;
++ unsigned long ulPublicDataLen;
++ unsigned char * pPublicData;
++} CK_ECDH1_DERIVE_PARAMS;
++
++typedef struct CK_ECMQV_DERIVE_PARAMS {
++ unsigned long kdf;
++ unsigned long ulSharedDataLen;
++ unsigned char * pSharedData;
++ unsigned long ulPublicDataLen;
++ unsigned char * pPublicData;
++ unsigned long ulPrivateDataLen;
++ CK_OBJECT_HANDLE hPrivateData;
++ unsigned long ulPublicDataLen2;
++ unsigned char * pPublicData2;
++ CK_OBJECT_HANDLE publicKey;
++} CK_ECMQV_DERIVE_PARAMS;
++
++typedef unsigned long ck_rsa_pkcs_mgf_type_t;
++typedef unsigned long CK_RSA_PKCS_OAEP_SOURCE_TYPE;
++
++typedef struct CK_RSA_PKCS_OAEP_PARAMS {
++ CK_MECHANISM_TYPE hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
++ void *pSourceData;
++ unsigned long ulSourceDataLen;
++} CK_RSA_PKCS_OAEP_PARAMS;
++
++typedef struct CK_RSA_PKCS_PSS_PARAMS {
++ ck_mechanism_type_t hashAlg;
++ CK_RSA_PKCS_MGF_TYPE mgf;
++ unsigned long sLen;
++} CK_RSA_PKCS_PSS_PARAMS;
++
++#define CKG_MGF1_SHA1 (0x00000001UL)
++#define CKG_MGF1_SHA224 (0x00000005UL)
++#define CKG_MGF1_SHA256 (0x00000002UL)
++#define CKG_MGF1_SHA384 (0x00000003UL)
++#define CKG_MGF1_SHA512 (0x00000004UL)
++
++#define CKZ_DATA_SPECIFIED (0x00000001UL)
++
++typedef struct CK_GCM_PARAMS {
++ void * pIv;
++ unsigned long ulIvLen;
++ unsigned long ulIvBits;
++ void * pAAD;
++ unsigned long ulAADLen;
++ unsigned long ulTagBits;
++} CK_GCM_PARAMS;
++
++/* EDDSA */
++typedef struct CK_EDDSA_PARAMS {
++ unsigned char phFlag;
++ unsigned long ulContextDataLen;
++ unsigned char *pContextData;
++} CK_EDDSA_PARAMS;
++
++typedef CK_EDDSA_PARAMS *CK_EDDSA_PARAMS_PTR;
++
++/* XEDDSA */
++typedef struct CK_XEDDSA_PARAMS {
++ unsigned long hash;
++} CK_XEDDSA_PARAMS;
++
++typedef CK_XEDDSA_PARAMS *CK_XEDDSA_PARAMS_PTR;
+
+ typedef unsigned long ck_rv_t;
+
+@@ -716,8 +912,17 @@ typedef unsigned long ck_rv_t;
+ typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
+
++struct ck_interface {
++ char * pInterfaceName;
++ void * pFunctionList;
++ ck_flags_t flags;
++};
++
++#define CKF_INTERFACE_FORK_SAFE (0x00000001UL)
++
+ /* Forward reference. */
+ struct ck_function_list;
++struct ck_function_list_3_0;
+
+ #define _CK_DECLARE_FUNCTION(name, args) \
+ typedef ck_rv_t (*CK_ ## name) args; \
+@@ -774,7 +979,7 @@ _CK_DECLARE_FUNCTION (C_SetOperationState,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+- ck_object_handle_t authentiation_key));
++ ck_object_handle_t authentication_key));
+ _CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len));
+@@ -999,6 +1204,147 @@ _CK_DECLARE_FUNCTION (C_GenerateRandom,
+ _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+ _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
++_CK_DECLARE_FUNCTION (C_GetInterfaceList,
++ (struct ck_interface *interfaces_list,
++ unsigned long *count));
++_CK_DECLARE_FUNCTION (C_GetInterface,
++ (unsigned char *interface_name,
++ struct ck_version *version,
++ struct ck_interface **interface,
++ ck_flags_t flags));
++
++_CK_DECLARE_FUNCTION (C_LoginUser,
++ (ck_session_handle_t session,
++ ck_user_type_t user_type,
++ unsigned char *pin,
++ unsigned long pin_len,
++ unsigned char *username,
++ unsigned long username_len));
++
++_CK_DECLARE_FUNCTION (C_SessionCancel,
++ (ck_session_handle_t session,
++ ck_flags_t flags));
++
++_CK_DECLARE_FUNCTION (C_MessageEncryptInit,
++ (ck_session_handle_t session,
++ struct ck_mechanism *mechanism,
++ ck_object_handle_t key));
++_CK_DECLARE_FUNCTION (C_EncryptMessage,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *associated_data,
++ unsigned long associated_data_len,
++ unsigned char *plaintext,
++ unsigned long plaintext_len,
++ unsigned char *ciphertext,
++ unsigned long *ciphertext_len));
++_CK_DECLARE_FUNCTION (C_EncryptMessageBegin,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *associated_data,
++ unsigned long associated_data_len));
++_CK_DECLARE_FUNCTION (C_EncryptMessageNext,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *plaintext_part,
++ unsigned long plaintext_part_len,
++ unsigned char *ciphertext_part,
++ unsigned long *ciphertext_part_len,
++ ck_flags_t flags));
++_CK_DECLARE_FUNCTION (C_MessageEncryptFinal,
++ (ck_session_handle_t session));
++
++_CK_DECLARE_FUNCTION (C_MessageDecryptInit,
++ (ck_session_handle_t session,
++ struct ck_mechanism *mechanism,
++ ck_object_handle_t key));
++_CK_DECLARE_FUNCTION (C_DecryptMessage,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *associated_data,
++ unsigned long associated_data_len,
++ unsigned char *ciphertext,
++ unsigned long ciphertext_len,
++ unsigned char *plaintext,
++ unsigned long *plaintext_len));
++_CK_DECLARE_FUNCTION (C_DecryptMessageBegin,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *associated_data,
++ unsigned long associated_data_len));
++_CK_DECLARE_FUNCTION (C_DecryptMessageNext,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *ciphertext_part,
++ unsigned long ciphertext_part_len,
++ unsigned char *plaintext_part,
++ unsigned long *plaintext_part_len,
++ ck_flags_t flags));
++_CK_DECLARE_FUNCTION (C_MessageDecryptFinal,
++ (ck_session_handle_t session));
++
++_CK_DECLARE_FUNCTION (C_MessageSignInit,
++ (ck_session_handle_t session,
++ struct ck_mechanism *mechanism,
++ ck_object_handle_t key));
++_CK_DECLARE_FUNCTION (C_SignMessage,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *data,
++ unsigned long data_len,
++ unsigned char *signature,
++ unsigned long *signature_len));
++_CK_DECLARE_FUNCTION (C_SignMessageBegin,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len));
++_CK_DECLARE_FUNCTION (C_SignMessageNext,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *data,
++ unsigned long data_len,
++ unsigned char *signature,
++ unsigned long *signature_len));
++_CK_DECLARE_FUNCTION (C_MessageSignFinal,
++ (ck_session_handle_t session));
++
++_CK_DECLARE_FUNCTION (C_MessageVerifyInit,
++ (ck_session_handle_t session,
++ struct ck_mechanism *mechanism,
++ ck_object_handle_t key));
++_CK_DECLARE_FUNCTION (C_VerifyMessage,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *data,
++ unsigned long data_len,
++ unsigned char *signature,
++ unsigned long signature_len));
++_CK_DECLARE_FUNCTION (C_VerifyMessageBegin,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len));
++_CK_DECLARE_FUNCTION (C_VerifyMessageNext,
++ (ck_session_handle_t session,
++ void *parameter,
++ unsigned long parameter_len,
++ unsigned char *data,
++ unsigned long data_len,
++ unsigned char *signature,
++ unsigned long signature_len));
++_CK_DECLARE_FUNCTION (C_MessageVerifyFinal,
++ (ck_session_handle_t session));
++
++/* Flags in Message-based encryption/decryption API */
++#define CKF_END_OF_MESSAGE (0x00000001UL)
+
+ struct ck_function_list
+ {
+@@ -1073,6 +1419,105 @@ struct ck_function_list
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+ };
+
++struct ck_function_list_3_0
++{
++ struct ck_version version;
++ CK_C_Initialize C_Initialize;
++ CK_C_Finalize C_Finalize;
++ CK_C_GetInfo C_GetInfo;
++ CK_C_GetFunctionList C_GetFunctionList;
++ CK_C_GetSlotList C_GetSlotList;
++ CK_C_GetSlotInfo C_GetSlotInfo;
++ CK_C_GetTokenInfo C_GetTokenInfo;
++ CK_C_GetMechanismList C_GetMechanismList;
++ CK_C_GetMechanismInfo C_GetMechanismInfo;
++ CK_C_InitToken C_InitToken;
++ CK_C_InitPIN C_InitPIN;
++ CK_C_SetPIN C_SetPIN;
++ CK_C_OpenSession C_OpenSession;
++ CK_C_CloseSession C_CloseSession;
++ CK_C_CloseAllSessions C_CloseAllSessions;
++ CK_C_GetSessionInfo C_GetSessionInfo;
++ CK_C_GetOperationState C_GetOperationState;
++ CK_C_SetOperationState C_SetOperationState;
++ CK_C_Login C_Login;
++ CK_C_Logout C_Logout;
++ CK_C_CreateObject C_CreateObject;
++ CK_C_CopyObject C_CopyObject;
++ CK_C_DestroyObject C_DestroyObject;
++ CK_C_GetObjectSize C_GetObjectSize;
++ CK_C_GetAttributeValue C_GetAttributeValue;
++ CK_C_SetAttributeValue C_SetAttributeValue;
++ CK_C_FindObjectsInit C_FindObjectsInit;
++ CK_C_FindObjects C_FindObjects;
++ CK_C_FindObjectsFinal C_FindObjectsFinal;
++ CK_C_EncryptInit C_EncryptInit;
++ CK_C_Encrypt C_Encrypt;
++ CK_C_EncryptUpdate C_EncryptUpdate;
++ CK_C_EncryptFinal C_EncryptFinal;
++ CK_C_DecryptInit C_DecryptInit;
++ CK_C_Decrypt C_Decrypt;
++ CK_C_DecryptUpdate C_DecryptUpdate;
++ CK_C_DecryptFinal C_DecryptFinal;
++ CK_C_DigestInit C_DigestInit;
++ CK_C_Digest C_Digest;
++ CK_C_DigestUpdate C_DigestUpdate;
++ CK_C_DigestKey C_DigestKey;
++ CK_C_DigestFinal C_DigestFinal;
++ CK_C_SignInit C_SignInit;
++ CK_C_Sign C_Sign;
++ CK_C_SignUpdate C_SignUpdate;
++ CK_C_SignFinal C_SignFinal;
++ CK_C_SignRecoverInit C_SignRecoverInit;
++ CK_C_SignRecover C_SignRecover;
++ CK_C_VerifyInit C_VerifyInit;
++ CK_C_Verify C_Verify;
++ CK_C_VerifyUpdate C_VerifyUpdate;
++ CK_C_VerifyFinal C_VerifyFinal;
++ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
++ CK_C_VerifyRecover C_VerifyRecover;
++ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
++ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
++ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
++ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
++ CK_C_GenerateKey C_GenerateKey;
++ CK_C_GenerateKeyPair C_GenerateKeyPair;
++ CK_C_WrapKey C_WrapKey;
++ CK_C_UnwrapKey C_UnwrapKey;
++ CK_C_DeriveKey C_DeriveKey;
++ CK_C_SeedRandom C_SeedRandom;
++ CK_C_GenerateRandom C_GenerateRandom;
++ CK_C_GetFunctionStatus C_GetFunctionStatus;
++ CK_C_CancelFunction C_CancelFunction;
++ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
++ /* PKCS #11 3.0 functions */
++ CK_C_GetInterfaceList C_GetInterfaceList;
++ CK_C_GetInterface C_GetInterface;
++ CK_C_LoginUser C_LoginUser;
++ CK_C_SessionCancel C_SessionCancel;
++ CK_C_MessageEncryptInit C_MessageEncryptInit;
++ CK_C_EncryptMessage C_EncryptMessage;
++ CK_C_EncryptMessageBegin C_EncryptMessageBegin;
++ CK_C_EncryptMessageNext C_EncryptMessageNext;
++ CK_C_MessageEncryptFinal C_MessageEncryptFinal;
++ CK_C_MessageDecryptInit C_MessageDecryptInit;
++ CK_C_DecryptMessage C_DecryptMessage;
++ CK_C_DecryptMessageBegin C_DecryptMessageBegin;
++ CK_C_DecryptMessageNext C_DecryptMessageNext;
++ CK_C_MessageDecryptFinal C_MessageDecryptFinal;
++ CK_C_MessageSignInit C_MessageSignInit;
++ CK_C_SignMessage C_SignMessage;
++ CK_C_SignMessageBegin C_SignMessageBegin;
++ CK_C_SignMessageNext C_SignMessageNext;
++ CK_C_MessageSignFinal C_MessageSignFinal;
++ CK_C_MessageVerifyInit C_MessageVerifyInit;
++ CK_C_VerifyMessage C_VerifyMessage;
++ CK_C_VerifyMessageBegin C_VerifyMessageBegin;
++ CK_C_VerifyMessageNext C_VerifyMessageNext;
++ CK_C_MessageVerifyFinal C_MessageVerifyFinal;
++};
++
++
+
+ typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+ typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+@@ -1091,98 +1536,99 @@ struct ck_c_initialize_args
+ };
+
+
+-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
+-#define CKF_OS_LOCKING_OK (1 << 1)
+-
+-#define CKR_OK (0)
+-#define CKR_CANCEL (1)
+-#define CKR_HOST_MEMORY (2)
+-#define CKR_SLOT_ID_INVALID (3)
+-#define CKR_GENERAL_ERROR (5)
+-#define CKR_FUNCTION_FAILED (6)
+-#define CKR_ARGUMENTS_BAD (7)
+-#define CKR_NO_EVENT (8)
+-#define CKR_NEED_TO_CREATE_THREADS (9)
+-#define CKR_CANT_LOCK (0xa)
+-#define CKR_ATTRIBUTE_READ_ONLY (0x10)
+-#define CKR_ATTRIBUTE_SENSITIVE (0x11)
+-#define CKR_ATTRIBUTE_TYPE_INVALID (0x12)
+-#define CKR_ATTRIBUTE_VALUE_INVALID (0x13)
+-#define CKR_DATA_INVALID (0x20)
+-#define CKR_DATA_LEN_RANGE (0x21)
+-#define CKR_DEVICE_ERROR (0x30)
+-#define CKR_DEVICE_MEMORY (0x31)
+-#define CKR_DEVICE_REMOVED (0x32)
+-#define CKR_ENCRYPTED_DATA_INVALID (0x40)
+-#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41)
+-#define CKR_FUNCTION_CANCELED (0x50)
+-#define CKR_FUNCTION_NOT_PARALLEL (0x51)
+-#define CKR_FUNCTION_NOT_SUPPORTED (0x54)
+-#define CKR_KEY_HANDLE_INVALID (0x60)
+-#define CKR_KEY_SIZE_RANGE (0x62)
+-#define CKR_KEY_TYPE_INCONSISTENT (0x63)
+-#define CKR_KEY_NOT_NEEDED (0x64)
+-#define CKR_KEY_CHANGED (0x65)
+-#define CKR_KEY_NEEDED (0x66)
+-#define CKR_KEY_INDIGESTIBLE (0x67)
+-#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68)
+-#define CKR_KEY_NOT_WRAPPABLE (0x69)
+-#define CKR_KEY_UNEXTRACTABLE (0x6a)
+-#define CKR_MECHANISM_INVALID (0x70)
+-#define CKR_MECHANISM_PARAM_INVALID (0x71)
+-#define CKR_OBJECT_HANDLE_INVALID (0x82)
+-#define CKR_OPERATION_ACTIVE (0x90)
+-#define CKR_OPERATION_NOT_INITIALIZED (0x91)
+-#define CKR_PIN_INCORRECT (0xa0)
+-#define CKR_PIN_INVALID (0xa1)
+-#define CKR_PIN_LEN_RANGE (0xa2)
+-#define CKR_PIN_EXPIRED (0xa3)
+-#define CKR_PIN_LOCKED (0xa4)
+-#define CKR_SESSION_CLOSED (0xb0)
+-#define CKR_SESSION_COUNT (0xb1)
+-#define CKR_SESSION_HANDLE_INVALID (0xb3)
+-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4)
+-#define CKR_SESSION_READ_ONLY (0xb5)
+-#define CKR_SESSION_EXISTS (0xb6)
+-#define CKR_SESSION_READ_ONLY_EXISTS (0xb7)
+-#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8)
+-#define CKR_SIGNATURE_INVALID (0xc0)
+-#define CKR_SIGNATURE_LEN_RANGE (0xc1)
+-#define CKR_TEMPLATE_INCOMPLETE (0xd0)
+-#define CKR_TEMPLATE_INCONSISTENT (0xd1)
+-#define CKR_TOKEN_NOT_PRESENT (0xe0)
+-#define CKR_TOKEN_NOT_RECOGNIZED (0xe1)
+-#define CKR_TOKEN_WRITE_PROTECTED (0xe2)
+-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0)
+-#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1)
+-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2)
+-#define CKR_USER_ALREADY_LOGGED_IN (0x100)
+-#define CKR_USER_NOT_LOGGED_IN (0x101)
+-#define CKR_USER_PIN_NOT_INITIALIZED (0x102)
+-#define CKR_USER_TYPE_INVALID (0x103)
+-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104)
+-#define CKR_USER_TOO_MANY_TYPES (0x105)
+-#define CKR_WRAPPED_KEY_INVALID (0x110)
+-#define CKR_WRAPPED_KEY_LEN_RANGE (0x112)
+-#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113)
+-#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114)
+-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115)
+-#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120)
+-#define CKR_RANDOM_NO_RNG (0x121)
+-#define CKR_DOMAIN_PARAMS_INVALID (0x130)
+-#define CKR_BUFFER_TOO_SMALL (0x150)
+-#define CKR_SAVED_STATE_INVALID (0x160)
+-#define CKR_INFORMATION_SENSITIVE (0x170)
+-#define CKR_STATE_UNSAVEABLE (0x180)
+-#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190)
+-#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191)
+-#define CKR_MUTEX_BAD (0x1a0)
+-#define CKR_MUTEX_NOT_LOCKED (0x1a1)
+-#define CKR_FUNCTION_REJECTED (0x200)
+-#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+-
+-
+-\f
++#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0)
++#define CKF_OS_LOCKING_OK (1UL << 1)
++
++#define CKR_OK (0UL)
++#define CKR_CANCEL (1UL)
++#define CKR_HOST_MEMORY (2UL)
++#define CKR_SLOT_ID_INVALID (3UL)
++#define CKR_GENERAL_ERROR (5UL)
++#define CKR_FUNCTION_FAILED (6UL)
++#define CKR_ARGUMENTS_BAD (7UL)
++#define CKR_NO_EVENT (8UL)
++#define CKR_NEED_TO_CREATE_THREADS (9UL)
++#define CKR_CANT_LOCK (0xaUL)
++#define CKR_ATTRIBUTE_READ_ONLY (0x10UL)
++#define CKR_ATTRIBUTE_SENSITIVE (0x11UL)
++#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL)
++#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL)
++#define CKR_ACTION_PROHIBITED (0x1BUL)
++#define CKR_DATA_INVALID (0x20UL)
++#define CKR_DATA_LEN_RANGE (0x21UL)
++#define CKR_DEVICE_ERROR (0x30UL)
++#define CKR_DEVICE_MEMORY (0x31UL)
++#define CKR_DEVICE_REMOVED (0x32UL)
++#define CKR_ENCRYPTED_DATA_INVALID (0x40UL)
++#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL)
++#define CKR_FUNCTION_CANCELED (0x50UL)
++#define CKR_FUNCTION_NOT_PARALLEL (0x51UL)
++#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL)
++#define CKR_KEY_HANDLE_INVALID (0x60UL)
++#define CKR_KEY_SIZE_RANGE (0x62UL)
++#define CKR_KEY_TYPE_INCONSISTENT (0x63UL)
++#define CKR_KEY_NOT_NEEDED (0x64UL)
++#define CKR_KEY_CHANGED (0x65UL)
++#define CKR_KEY_NEEDED (0x66UL)
++#define CKR_KEY_INDIGESTIBLE (0x67UL)
++#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL)
++#define CKR_KEY_NOT_WRAPPABLE (0x69UL)
++#define CKR_KEY_UNEXTRACTABLE (0x6aUL)
++#define CKR_MECHANISM_INVALID (0x70UL)
++#define CKR_MECHANISM_PARAM_INVALID (0x71UL)
++#define CKR_OBJECT_HANDLE_INVALID (0x82UL)
++#define CKR_OPERATION_ACTIVE (0x90UL)
++#define CKR_OPERATION_NOT_INITIALIZED (0x91UL)
++#define CKR_PIN_INCORRECT (0xa0UL)
++#define CKR_PIN_INVALID (0xa1UL)
++#define CKR_PIN_LEN_RANGE (0xa2UL)
++#define CKR_PIN_EXPIRED (0xa3UL)
++#define CKR_PIN_LOCKED (0xa4UL)
++#define CKR_SESSION_CLOSED (0xb0UL)
++#define CKR_SESSION_COUNT (0xb1UL)
++#define CKR_SESSION_HANDLE_INVALID (0xb3UL)
++#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL)
++#define CKR_SESSION_READ_ONLY (0xb5UL)
++#define CKR_SESSION_EXISTS (0xb6UL)
++#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL)
++#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL)
++#define CKR_SIGNATURE_INVALID (0xc0UL)
++#define CKR_SIGNATURE_LEN_RANGE (0xc1UL)
++#define CKR_TEMPLATE_INCOMPLETE (0xd0UL)
++#define CKR_TEMPLATE_INCONSISTENT (0xd1UL)
++#define CKR_TOKEN_NOT_PRESENT (0xe0UL)
++#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL)
++#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL)
++#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL)
++#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL)
++#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL)
++#define CKR_USER_ALREADY_LOGGED_IN (0x100UL)
++#define CKR_USER_NOT_LOGGED_IN (0x101UL)
++#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL)
++#define CKR_USER_TYPE_INVALID (0x103UL)
++#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL)
++#define CKR_USER_TOO_MANY_TYPES (0x105UL)
++#define CKR_WRAPPED_KEY_INVALID (0x110UL)
++#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL)
++#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL)
++#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL)
++#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL)
++#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL)
++#define CKR_RANDOM_NO_RNG (0x121UL)
++#define CKR_DOMAIN_PARAMS_INVALID (0x130UL)
++#define CKR_CURVE_NOT_SUPPORTED (0x140UL)
++#define CKR_BUFFER_TOO_SMALL (0x150UL)
++#define CKR_SAVED_STATE_INVALID (0x160UL)
++#define CKR_INFORMATION_SENSITIVE (0x170UL)
++#define CKR_STATE_UNSAVEABLE (0x180UL)
++#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL)
++#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL)
++#define CKR_MUTEX_BAD (0x1a0UL)
++#define CKR_MUTEX_NOT_LOCKED (0x1a1UL)
++#define CKR_FUNCTION_REJECTED (0x200UL)
++#define CKR_VENDOR_DEFINED (1UL << 31)
++
++
+ /* Compatibility layer. */
+
+ #ifdef CRYPTOKI_COMPAT
+@@ -1247,16 +1693,26 @@ typedef struct ck_date *CK_DATE_PTR;
+
+ typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
++typedef ck_rsa_pkcs_mgf_type_t *CK_RSA_PKCS_MGF_TYPE_PTR;
++
+ typedef struct ck_mechanism CK_MECHANISM;
+ typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+ typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+ typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
++typedef struct ck_interface CK_INTERFACE;
++typedef struct ck_interface *CK_INTERFACE_PTR;
++typedef struct ck_interface **CK_INTERFACE_PTR_PTR;
++
+ typedef struct ck_function_list CK_FUNCTION_LIST;
+ typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
++typedef struct ck_function_list_3_0 CK_FUNCTION_LIST_3_0;
++typedef struct ck_function_list_3_0 *CK_FUNCTION_LIST_3_0_PTR;
++typedef struct ck_function_list_3_0 **CK_FUNCTION_LIST_3_0_PTR_PTR;
++
+ typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+@@ -1317,6 +1773,8 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+ #undef ck_mechanism_type_t
+
++#undef ck_rsa_pkcs_mgf_type_t
++
+ #undef ck_mechanism
+ #undef parameter
+ #undef parameter_len
+@@ -1328,7 +1786,10 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+ #undef ck_rv_t
+ #undef ck_notify_t
+
++#undef ck_interface
++
+ #undef ck_function_list
++#undef ck_function_list_3_0
+
+ #undef ck_createmutex_t
+ #undef ck_destroymutex_t
+@@ -1344,7 +1805,6 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+ #endif /* CRYPTOKI_COMPAT */
+
+-\f
+ /* System dependencies. */
+ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+ #pragma pack(pop, cryptoki)
+diff --git a/include/pkcs11-helper-1.0/pkcs11h-certificate.h b/include/pkcs11-helper-1.0/pkcs11h-certificate.h
+index 047469e..5a35e34 100644
+--- a/include/pkcs11-helper-1.0/pkcs11h-certificate.h
++++ b/include/pkcs11-helper-1.0/pkcs11h-certificate.h
+@@ -242,7 +242,7 @@ pkcs11h_certificate_setUserData (
+ );
+
+ /**
+- * @brief Get certifiate id object out of a certifiate.
++ * @brief Get certificate id object out of a certificate.
+ * @param certificate Certificate object.
+ * @param p_certificate_id Certificate id object pointer.
+ * @return CK_RV.
+@@ -288,7 +288,7 @@ pkcs11h_certificate_serializeCertificateId (
+ /**
+ * @brief Deserialize certificate_id out of string.
+ * @param p_certificate_id id.
+- * @param sz Inut string
++ * @param sz Input string
+ * @return CK_RV.
+ * @note Caller must free result.
+ * @see pkcs11h_certificate_freeCertificateId().
+@@ -320,7 +320,7 @@ pkcs11h_certificate_ensureKeyAccess (
+ );
+
+ /**
+- * @brief Lock session for threded environment.
++ * @brief Lock session for threaded environment.
+ * @param certificate Certificate object.
+ * @return CK_RV.
+ * @remarks
+@@ -352,7 +352,7 @@ pkcs11h_certificate_releaseSession (
+ /**
+ * @brief Sign data.
+ * @param certificate Certificate object.
+- * @param mech_type PKCS#11 mechanism.
++ * @param mech_type PKCS#11 mechanism type.
+ * @param source Buffer to sign.
+ * @param source_size Buffer size.
+ * @param target Target buffer.
+@@ -373,10 +373,34 @@ pkcs11h_certificate_sign (
+ IN OUT size_t * const p_target_size
+ );
+
++/**
++ * @brief Sign data with mechanism parameters.
++ * @param certificate Certificate object.
++ * @param mech PKCS#11 mechanism.
++ * @param source Buffer to sign.
++ * @param source_size Buffer size.
++ * @param target Target buffer.
++ * @param p_target_size Target buffer size.
++ * @return CK_RV.
++ * @note target may be NULL to get size.
++ * @attention When using in threaded environment session must be locked.
++ * @see pkcs11h_certificate_lockSession().
++ * @see pkcs11h_certificate_signAny().
++ */
++CK_RV
++pkcs11h_certificate_sign_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
++);
++
+ /**
+ * @brief Sign data.
+ * @param certificate Certificate object.
+- * @param mech_type PKCS#11 mechanism.
++ * @param mech_type PKCS#11 mechanism type.
+ * @param source Buffer to sign.
+ * @param source_size Buffer size.
+ * @param target Target buffer.
+@@ -397,10 +421,34 @@ pkcs11h_certificate_signRecover (
+ IN OUT size_t * const p_target_size
+ );
+
++/**
++ * @brief Sign data with mechanism parameters.
++ * @param certificate Certificate object.
++ * @param mech PKCS#11 mechanism.
++ * @param source Buffer to sign.
++ * @param source_size Buffer size.
++ * @param target Target buffer.
++ * @param p_target_size Target buffer size.
++ * @return CK_RV.
++ * @note target may be NULL to get size.
++ * @attention When using in threaded environment session must be locked.
++ * @see pkcs11h_certificate_lockSession().
++ * @see pkcs11h_certificate_signAny().
++ */
++CK_RV
++pkcs11h_certificate_signRecover_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
++);
++
+ /**
+ * @brief Decrypt data.
+ * @param certificate Certificate object.
+- * @param mech_type PKCS#11 mechanism.
++ * @param mech_type PKCS#11 mechanism type.
+ * @param source Buffer to sign.
+ * @param source_size Buffer size.
+ * @param target Target buffer.
+@@ -420,10 +468,33 @@ pkcs11h_certificate_decrypt (
+ IN OUT size_t * const p_target_size
+ );
+
++/**
++ * @brief Decrypt data with mechanism parameters.
++ * @param certificate Certificate object.
++ * @param mech PKCS#11 mechanism.
++ * @param source Buffer to sign.
++ * @param source_size Buffer size.
++ * @param target Target buffer.
++ * @param p_target_size Target buffer size.
++ * @return CK_RV.
++ * @note target may be NULL to get size.
++ * @attention When using in threaded environment session must be locked.
++ * @see pkcs11h_certificate_lockSession().
++ */
++CK_RV
++pkcs11h_certificate_decrypt_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
++);
++
+ /**
+ * @brief Decrypt data.
+ * @param certificate Certificate object.
+- * @param mech_type PKCS#11 mechanism.
++ * @param mech_type PKCS#11 mechanism type.
+ * @param source Buffer to sign.
+ * @param source_size Buffer size.
+ * @param target Target buffer.
+@@ -444,9 +515,32 @@ pkcs11h_certificate_unwrap (
+ );
+
+ /**
+- * @brief Sign data mechanism determined by key attributes.
++ * @brief Decrypt data with mechanism parameters.
+ * @param certificate Certificate object.
+- * @param mech_type PKCS#11 mechanism.
++ * @param mech PKCS#11 mechanism type.
++ * @param source Buffer to sign.
++ * @param source_size Buffer size.
++ * @param target Target buffer.
++ * @param p_target_size Target buffer size.
++ * @return CK_RV.
++ * @note target may be NULL to get size.
++ * @attention When using in threaded environment session must be locked.
++ * @see pkcs11h_certificate_lockSession().
++ */
++CK_RV
++pkcs11h_certificate_unwrap_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
++);
++
++/**
++ * @brief Sign data with method determined by key attributes.
++ * @param certificate Certificate object.
++ * @param mech_type PKCS#11 mechanism type.
+ * @param source Buffer to sign.
+ * @param source_size Buffer size.
+ * @param target Target buffer.
+@@ -467,9 +561,32 @@ pkcs11h_certificate_signAny (
+ );
+
+ /**
+- * @brief Decrypt data mechanism determined by key attributes.
++ * @brief Sign data with method determined by key attributes.
++ * @param certificate Certificate object.
++ * @param mech PKCS#11 mechanism.
++ * @param source Buffer to sign.
++ * @param source_size Buffer size.
++ * @param target Target buffer.
++ * @param p_target_size Target buffer size.
++ * @return CK_RV.
++ * @note target may be NULL to get size.
++ * @attention When using in threaded environment session must be locked.
++ * @see pkcs11h_certificate_lockSession().
++ */
++CK_RV
++pkcs11h_certificate_signAny_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
++);
++
++/**
++ * @brief Decrypt data with method determined by key attributes.
+ * @param certificate Certificate object.
+- * @param mech_type PKCS#11 mechanism.
++ * @param mech_type PKCS#11 mechanism type.
+ * @param source Buffer to sign.
+ * @param source_size Buffer size.
+ * @param target Target buffer.
+@@ -489,6 +606,29 @@ pkcs11h_certificate_decryptAny (
+ IN OUT size_t * const p_target_size
+ );
+
++/**
++ * @brief Decrypt data with method determined by key attributes.
++ * @param certificate Certificate object.
++ * @param mech PKCS#11 mechanism.
++ * @param source Buffer to sign.
++ * @param source_size Buffer size.
++ * @param target Target buffer.
++ * @param p_target_size Target buffer size.
++ * @return CK_RV.
++ * @note target may be NULL to get size.
++ * @attention When using in threaded environment session must be locked.
++ * @see pkcs11h_certificate_lockSession().
++ */
++CK_RV
++pkcs11h_certificate_decryptAny_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
++);
++
+ /**
+ * @brief Free certificate_id list.
+ * @param cert_id_list List.
+diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
+index 008c35f..d1374e4 100644
+--- a/include/pkcs11-helper-1.0/pkcs11h-core.h
++++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
+@@ -199,6 +199,60 @@ extern "C" {
+ #define PKCS11H_ENUM_METHOD_RELOAD 2
+ /** @} */
+
++/**
++ * @brief Provider properties.
++ * @addtogroup PKCS11H_ENUM_PROVIDER_PROPERTY
++ * @{
++ */
++
++/**
++ * @brief Provider location.
++ * Value type is char*.
++ */
++#define PKCS11H_PROVIDER_PROPERTY_LOCATION 0
++/**
++ * @brief Allow this provider to use protected authentication.
++ * Value type is @ref PKCS11H_BOOL.
++ * Default value is False.
++ */
++#define PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH 1
++/**
++ * @brief Provider private mode @ref PKCS11H_PRIVATEMODE_MASK override.
++ * Value type is unsigened.
++ * Default value is @ref PKCS11H_PRIVATEMODE_MASK_AUTO.
++ */
++#define PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE 2
++/**
++ * @brief Provider slot event @ref PKCS11H_SLOTEVENT_METHOD method.
++ * Value type is unsigned.
++ * Default value is @ref PKCS11H_SLOTEVENT_METHOD_AUTO.
++ */
++#define PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD 3
++/**
++ * @brief Slot event poll interval (If in polling mode).
++ * Value type is unsigned.
++ * Default value is 0.
++ */
++#define PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL 4
++/*
++ * @brief Provider's certificate access should be done after login.
++ * Value type is @ref PKCS11H_BOOL.
++ * Default value is False.
++*/
++#define PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE 5
++
++/**
++ * @brief Provider initialize arguments.
++ * Value type is CK_C_INITIALIZE_ARGS_PTR.
++ * Default value is NULL.
++ */
++#define PKCS11H_PROVIDER_PROPERTY_INIT_ARGS 6
++
++/** @private */
++#define _PKCS11H_PROVIDER_PROPERTY_LAST 7
++
++/** @} */
++
+ struct pkcs11h_token_id_s;
+
+ /**
+@@ -342,7 +396,7 @@ pkcs11h_getLogLevel (void);
+ * @attention
+ * This function should be called after @ref pkcs11h_initialize()
+ * @note
+- * This funciton is releavant if @ref PKCS11H_FEATURE_MASK_THREADING is set.
++ * This function is relevant if @ref PKCS11H_FEATURE_MASK_THREADING is set.
+ * If safe mode is on, the child process can use the loaded PKCS#11 providers
+ * but it cannot use fork(), while it is in one of the hooks functions, since
+ * locked mutexes cannot be released.
+@@ -443,7 +497,7 @@ pkcs11h_setMaxLoginRetries (
+ );
+
+ /**
+- * @brief Add a PKCS#11 provider.
++ * @brief Register, configure and initialize a PKCS#11 provider.
+ * @param reference Reference name for this provider.
+ * @param provider_location Provider library location.
+ * @param allow_protected_auth Allow this provider to use protected authentication.
+@@ -466,6 +520,58 @@ pkcs11h_addProvider (
+ IN const PKCS11H_BOOL cert_is_private
+ );
+
++/**
++ * @brief Register a PKCS#11 provider.
++ * @param reference Reference name for this provider.
++ * @return CK_RV.
++ */
++CK_RV
++pkcs11h_registerProvider (
++ IN const char * const reference
++);
++
++/**
++ * @brief Set PKCS#11 provider property by name.
++ * @param reference Reference name for this provider.
++ * @param property_str Property kind.
++ * @param value_str Property value.
++ */
++CK_RV
++pkcs11h_setProviderPropertyByName (
++ IN const char * const reference,
++ IN const char * const property_str,
++ IN const char * const value_str
++);
++
++/**
++ * @brief Set PKCS#11 provider property.
++ * @param reference Reference name for this provider.
++ * @param property Property kind.
++ * @param value Property value.
++ * @param value_size size of dereferenced property value.
++ * @return CK_RV.
++ * @note Referenced type has to satisfy @ref PKCS11H_ENUM_PROVIDER_PROPERTY.
++ */
++CK_RV
++pkcs11h_setProviderProperty (
++ IN const char * const reference,
++ IN const unsigned property,
++ IN const void * value,
++ IN const size_t value_size
++);
++
++/**
++ * @brief Initialize a PKCS#11 provider.
++ * @param reference Reference name for this provider.
++ * @attention This function must be called from the main thread.
++ * @note The global allow_protected_auth must be enabled in order to allow provider specific.
++ * @return CK_RV.
++ */
++CK_RV
++pkcs11h_initializeProvider (
++ IN const char * const reference
++);
++
+ /**
+ * @brief Delete a PKCS#11 provider.
+ * @param reference Reference name for this provider.
+diff --git a/include/pkcs11-helper-1.0/pkcs11h-engines.h b/include/pkcs11-helper-1.0/pkcs11h-engines.h
+index ac0f91f..a84aff3 100644
+--- a/include/pkcs11-helper-1.0/pkcs11h-engines.h
++++ b/include/pkcs11-helper-1.0/pkcs11h-engines.h
+@@ -126,7 +126,7 @@ typedef struct pkcs11h_crypto_engine_s {
+ /**
+ * @brief Initialize engine.
+ * @param global_data Engine data.
+- * @return None zero - Sucess.
++ * @return None zero - Success.
+ */
+ int (*initialize) (
+ IN void * const global_data
+@@ -135,7 +135,7 @@ typedef struct pkcs11h_crypto_engine_s {
+ /**
+ * @brief Uninitialize engine.
+ * @param global_data Engine data.
+- * @return None zero - Sucess.
++ * @return None zero - Success.
+ */
+ int (*uninitialize) (
+ IN void * const global_data
+@@ -147,7 +147,7 @@ typedef struct pkcs11h_crypto_engine_s {
+ * @param blob Certificate blob.
+ * @param blob_size Certificate blob size.
+ * @param expiration Certificate expiration time.
+- * @return None zero - Sucess.
++ * @return None zero - Success.
+ */
+ int (*certificate_get_expiration) (
+ IN void * const global_data,
+@@ -163,7 +163,7 @@ typedef struct pkcs11h_crypto_engine_s {
+ * @param blob_size Certificate blob size.
+ * @param dn dn buffer.
+ * @param dn_max dn buffer size.
+- * @return None zero - Sucess.
++ * @return None zero - Success.
+ */
+ int (*certificate_get_dn) (
+ IN void * const global_data,
+@@ -180,7 +180,7 @@ typedef struct pkcs11h_crypto_engine_s {
+ * @param issuer_blob_size Issuer's certificate blob size.
+ * @param cert_blob Certificate blob.
+ * @param cert_blob_size Certificate blob size.
+- * @return None zero - Sucess.
++ * @return None zero - Success.
+ */
+ int (*certificate_is_issuer) (
+ IN void * const global_data,
+diff --git a/lib/Makefile.w32-vc b/lib/Makefile.w32-vc
+index 0e64f42..96f1f89 100644
+--- a/lib/Makefile.w32-vc
++++ b/lib/Makefile.w32-vc
+@@ -55,15 +55,15 @@
+ #OPENSSL=1
+ !ifdef OPENSSL
+ !ifndef OPENSSL_HOME
+-OPENSSL_HOME = ..\..\openssl-0.9.8a
++OPENSSL_HOME = ..\..\openssl
+ !endif
+ !endif
+
+ !ifdef OPENSSL
+-OPENSSL_STATIC = libeay32.lib
+-#OPENSSL_STATIC = libeay32sd.lib
+-OPENSSL_DYNAMIC = libeay32.lib
+-#OPENSSL_DYNAMIC = libeay32d.lib
++OPENSSL_STATIC = libcrypto.lib
++#OPENSSL_STATIC = libcryptosd.lib
++OPENSSL_DYNAMIC = libcrypto.lib
++#OPENSSL_DYNAMIC = libcryptod.lib
+
+ OPENSSL_INC=$(OPENSSL_HOME)\include
+ OPENSSL_LIB=$(OPENSSL_HOME)\lib
+@@ -82,7 +82,7 @@ CFLAGS=$(CFLAGS) -DNDEBUG
+
+ LINK32=link.exe
+ LIB32=lib.exe
+-LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no
++LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no /release
+ LIB32_FLAGS=/nologo
+
+ HEADERS = \
+diff --git a/lib/_pkcs11h-core.h b/lib/_pkcs11h-core.h
+index ba7d6aa..3bdd370 100644
+--- a/lib/_pkcs11h-core.h
++++ b/lib/_pkcs11h-core.h
+@@ -120,12 +120,14 @@ struct _pkcs11h_provider_s {
+
+ CK_FUNCTION_LIST_PTR f;
+ PKCS11H_BOOL should_finalize;
++ const char* provider_location;
+ PKCS11H_BOOL allow_protected_auth;
+ PKCS11H_BOOL cert_is_private;
+ unsigned mask_private_mode;
+ unsigned mask_decrypt_mode;
+ unsigned slot_event_method;
+ unsigned slot_poll_interval;
++ CK_C_INITIALIZE_ARGS_PTR init_args;
+
+ #if defined(ENABLE_PKCS11H_SLOTEVENT)
+ _pkcs11h_thread_t slotevent_thread;
+diff --git a/lib/_pkcs11h-crypto-mbedtls.c b/lib/_pkcs11h-crypto-mbedtls.c
+index c4f80fe..05bcb6f 100644
+--- a/lib/_pkcs11h-crypto-mbedtls.c
++++ b/lib/_pkcs11h-crypto-mbedtls.c
+@@ -53,12 +53,7 @@
+ #include "_pkcs11h-crypto.h"
+
+ #if defined(ENABLE_PKCS11H_ENGINE_MBEDTLS)
+-#ifdef HAVE_MBEDTLS_X509_CRT_H
+-#include <mbedtls/compat-1.3.h>
+ #include <mbedtls/x509_crt.h>
+-#else
+-#include <polarssl/x509_crt.h>
+-#endif
+
+ static
+ int
+@@ -88,7 +83,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_expiration (
+ IN const size_t blob_size,
+ OUT time_t * const expiration
+ ) {
+- x509_crt x509;
++ mbedtls_x509_crt x509;
+
+ (void)global_data;
+
+@@ -99,11 +94,11 @@ __pkcs11h_crypto_mbedtls_certificate_get_expiration (
+ *expiration = (time_t)0;
+
+ memset(&x509, 0, sizeof(x509));
+- if (0 != x509_crt_parse (&x509, blob, blob_size)) {
++ if (0 != mbedtls_x509_crt_parse (&x509, blob, blob_size)) {
+ goto cleanup;
+ }
+
+- if (0 == x509_time_expired(&x509.valid_to)) {
++ if (0 == mbedtls_x509_time_is_past(&x509.valid_to)) {
+ struct tm tm1;
+
+ memset (&tm1, 0, sizeof (tm1));
+@@ -120,7 +115,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_expiration (
+
+ cleanup:
+
+- x509_crt_free(&x509);
++ mbedtls_x509_crt_free(&x509);
+
+ return *expiration != (time_t)0;
+ }
+@@ -134,7 +129,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_dn (
+ OUT char * const dn,
+ IN const size_t dn_max
+ ) {
+- x509_crt x509;
++ mbedtls_x509_crt x509;
+ int ret = FALSE;
+
+ (void)global_data;
+@@ -147,11 +142,11 @@ __pkcs11h_crypto_mbedtls_certificate_get_dn (
+ dn[0] = '\x0';
+
+ memset(&x509, 0, sizeof(x509));
+- if (0 != x509_crt_parse (&x509, blob, blob_size)) {
++ if (0 != mbedtls_x509_crt_parse (&x509, blob, blob_size)) {
+ goto cleanup;
+ }
+
+- if (-1 == x509_dn_gets(dn, dn_max, &x509.subject)) {
++ if (-1 == mbedtls_x509_dn_gets(dn, dn_max, &x509.subject)) {
+ goto cleanup;
+ }
+
+@@ -159,7 +154,7 @@ __pkcs11h_crypto_mbedtls_certificate_get_dn (
+
+ cleanup:
+
+- x509_crt_free(&x509);
++ mbedtls_x509_crt_free(&x509);
+
+ return ret;
+ }
+@@ -173,8 +168,8 @@ __pkcs11h_crypto_mbedtls_certificate_is_issuer (
+ IN const unsigned char * const cert_blob,
+ IN const size_t cert_blob_size
+ ) {
+- x509_crt x509_issuer;
+- x509_crt x509_cert;
++ mbedtls_x509_crt x509_issuer;
++ mbedtls_x509_crt x509_cert;
+ uint32_t verify_flags = 0;
+
+ PKCS11H_BOOL is_issuer = FALSE;
+@@ -186,23 +181,23 @@ __pkcs11h_crypto_mbedtls_certificate_is_issuer (
+ _PKCS11H_ASSERT (cert_blob!=NULL);
+
+ memset(&x509_issuer, 0, sizeof(x509_issuer));
+- if (0 != x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
++ if (0 != mbedtls_x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
+ goto cleanup;
+ }
+
+ memset(&x509_cert, 0, sizeof(x509_cert));
+- if (0 != x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
++ if (0 != mbedtls_x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
+ goto cleanup;
+ }
+
+- if ( 0 == x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
++ if ( 0 == mbedtls_x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
+ &verify_flags, NULL, NULL )) {
+ is_issuer = TRUE;
+ }
+
+ cleanup:
+- x509_crt_free(&x509_cert);
+- x509_crt_free(&x509_issuer);
++ mbedtls_x509_crt_free(&x509_cert);
++ mbedtls_x509_crt_free(&x509_issuer);
+
+ return is_issuer;
+ }
+diff --git a/lib/_pkcs11h-crypto-nss.c b/lib/_pkcs11h-crypto-nss.c
+index 4b70e82..f57f9e6 100644
+--- a/lib/_pkcs11h-crypto-nss.c
++++ b/lib/_pkcs11h-crypto-nss.c
+@@ -48,15 +48,21 @@
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+-#include "common.h"
+-
+-#include "_pkcs11h-crypto.h"
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
+
+ #if defined(ENABLE_PKCS11H_ENGINE_NSS)
+-#define _PKCS11T_H_ /* required so no conflict with ours */
+ #include <nss.h>
+ #include <cert.h>
+
++/* Use PKCS#11 of nss to avoid conflicts and make nss happy with its own extensions */
++#define PKCS11_H 1
++
++#include "common.h"
++
++#include "_pkcs11h-crypto.h"
++
+ static
+ int
+ __pkcs11h_crypto_nss_initialize (
+diff --git a/lib/certificate.exports b/lib/certificate.exports
+index be09438..5f21bc7 100644
+--- a/lib/certificate.exports
++++ b/lib/certificate.exports
+@@ -1,5 +1,9 @@
+ pkcs11h_certificate_create
+ pkcs11h_certificate_decrypt
++pkcs11h_certificate_decrypt
++pkcs11h_certificate_decryptAny
++pkcs11h_certificate_decryptAny_ex
++pkcs11h_certificate_decrypt_ex
+ pkcs11h_certificate_deserializeCertificateId
+ pkcs11h_certificate_duplicateCertificateId
+ pkcs11h_certificate_ensureCertificateAccess
+@@ -21,7 +25,9 @@ pkcs11h_certificate_setPromptMask
+ pkcs11h_certificate_setUserData
+ pkcs11h_certificate_sign
+ pkcs11h_certificate_signAny
++pkcs11h_certificate_signAny_ex
+ pkcs11h_certificate_signRecover
+-pkcs11h_certificate_decrypt
++pkcs11h_certificate_signRecover_ex
++pkcs11h_certificate_sign_ex
+ pkcs11h_certificate_unwrap
+-pkcs11h_certificate_decryptAny
++pkcs11h_certificate_unwrap_ex
+diff --git a/lib/common.h b/lib/common.h
+index 61a958a..2499e9c 100644
+--- a/lib/common.h
++++ b/lib/common.h
+@@ -72,5 +72,12 @@
+
+ #define _PKCS11H_ASSERT assert
+
++#ifndef FALSE
++#define FALSE 0
++#endif
++#ifndef TRUE
++#define TRUE 1
++#endif
++
+ #endif
+
+diff --git a/lib/core.exports b/lib/core.exports
+index 32b9d54..79a3809 100644
+--- a/lib/core.exports
++++ b/lib/core.exports
+@@ -7,15 +7,19 @@ pkcs11h_getLogLevel
+ pkcs11h_getMessage
+ pkcs11h_getVersion
+ pkcs11h_initialize
+-pkcs11h_terminate
++pkcs11h_initializeProvider
++pkcs11h_logout
+ pkcs11h_plugAndPlay
++pkcs11h_registerProvider
+ pkcs11h_removeProvider
+-pkcs11h_logout
++pkcs11h_setForkMode
+ pkcs11h_setLogHook
+ pkcs11h_setLogLevel
+-pkcs11h_setForkMode
+ pkcs11h_setMaxLoginRetries
+ pkcs11h_setPINCachePeriod
+ pkcs11h_setPINPromptHook
+ pkcs11h_setProtectedAuthentication
++pkcs11h_setProviderProperty
++pkcs11h_setProviderPropertyByName
+ pkcs11h_setTokenPromptHook
++pkcs11h_terminate
+diff --git a/lib/openssl.exports b/lib/openssl.exports
+index d2be4d0..efaaaa3 100644
+--- a/lib/openssl.exports
++++ b/lib/openssl.exports
+@@ -2,7 +2,7 @@ pkcs11h_openssl_createSession
+ pkcs11h_openssl_freeSession
+ pkcs11h_openssl_getCleanupHook
+ pkcs11h_openssl_getX509
+-pkcs11h_openssl_session_getRSA
+ pkcs11h_openssl_session_getEVP
++pkcs11h_openssl_session_getRSA
+ pkcs11h_openssl_session_getX509
+ pkcs11h_openssl_setCleanupHook
+diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
+index 92a3c45..a686fb4 100644
+--- a/lib/pkcs11h-certificate.c
++++ b/lib/pkcs11h-certificate.c
+@@ -73,7 +73,7 @@ CK_RV
+ __pkcs11h_certificate_doPrivateOperation (
+ IN const pkcs11h_certificate_t certificate,
+ IN const enum __pkcs11h_private_op_e op,
+- IN const CK_MECHANISM_TYPE mech_type,
++ IN const CK_MECHANISM * const mech,
+ IN const unsigned char * const source,
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+@@ -777,7 +777,7 @@ CK_RV
+ __pkcs11h_certificate_doPrivateOperation (
+ IN const pkcs11h_certificate_t certificate,
+ IN const enum __pkcs11h_private_op_e op,
+- IN const CK_MECHANISM_TYPE mech_type,
++ IN const CK_MECHANISM * const mech,
+ IN const unsigned char * const source,
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+@@ -786,9 +786,6 @@ __pkcs11h_certificate_doPrivateOperation (
+ #if defined(ENABLE_PKCS11H_THREADING)
+ PKCS11H_BOOL mutex_locked = FALSE;
+ #endif
+- CK_MECHANISM mech = {
+- mech_type, NULL, 0
+- };
+
+ /* CK_BBOOL wrap_attrs_false = CK_FALSE; */
+ CK_BBOOL wrap_attrs_true = CK_TRUE;
+@@ -812,6 +809,7 @@ __pkcs11h_certificate_doPrivateOperation (
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+@@ -821,7 +819,7 @@ __pkcs11h_certificate_doPrivateOperation (
+ "PKCS#11: __pkcs11h_certificate_doPrivateOperation entry certificate=%p, op=%d, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+ op,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -851,28 +849,28 @@ __pkcs11h_certificate_doPrivateOperation (
+ case __pkcs11h_private_op_sign:
+ rv = certificate->session->provider->f->C_SignInit (
+ certificate->session->session_handle,
+- &mech,
++ (CK_MECHANISM*)mech,
+ certificate->key_handle
+ );
+ break;
+ case __pkcs11h_private_op_sign_recover:
+ rv = certificate->session->provider->f->C_SignRecoverInit (
+ certificate->session->session_handle,
+- &mech,
++ (CK_MECHANISM*)mech,
+ certificate->key_handle
+ );
+ break;
+ case __pkcs11h_private_op_decrypt:
+ rv = certificate->session->provider->f->C_DecryptInit (
+ certificate->session->session_handle,
+- &mech,
++ (CK_MECHANISM*)mech,
+ certificate->key_handle
+ );
+ break;
+ case __pkcs11h_private_op_unwrap:
+ rv = certificate->session->provider->f->C_UnwrapKey (
+ certificate->session->session_handle,
+- &mech,
++ (CK_MECHANISM*)mech,
+ certificate->key_handle,
+ (CK_BYTE_PTR)source,
+ source_size,
+@@ -1304,21 +1302,42 @@ pkcs11h_certificate_sign (
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const p_target_size
++) {
++ CK_MECHANISM mech = {mech_type, NULL, 0};
++ return pkcs11h_certificate_sign_ex (
++ certificate,
++ &mech,
++ source,
++ source_size,
++ target,
++ p_target_size
++ );
++}
++
++CK_RV
++pkcs11h_certificate_sign_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_sign entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
++ "PKCS#11: pkcs11h_certificate_sign_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -1333,7 +1352,7 @@ pkcs11h_certificate_sign (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
+ certificate,
+ __pkcs11h_private_op_sign,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1366,21 +1385,42 @@ pkcs11h_certificate_signRecover (
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const p_target_size
++) {
++ CK_MECHANISM mech = {mech_type, NULL, 0};
++ return pkcs11h_certificate_signRecover_ex (
++ certificate,
++ &mech,
++ source,
++ source_size,
++ target,
++ p_target_size
++ );
++}
++
++CK_RV
++pkcs11h_certificate_signRecover_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_signRecover entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
++ "PKCS#11: pkcs11h_certificate_signRecover_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -1395,7 +1435,7 @@ pkcs11h_certificate_signRecover (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
+ certificate,
+ __pkcs11h_private_op_sign_recover,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1428,21 +1468,42 @@ pkcs11h_certificate_decrypt (
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const p_target_size
++) {
++ CK_MECHANISM mech = {mech_type, NULL, 0};
++ return pkcs11h_certificate_decrypt_ex (
++ certificate,
++ &mech,
++ source,
++ source_size,
++ target,
++ p_target_size
++ );
++}
++
++CK_RV
++pkcs11h_certificate_decrypt_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_decrypt entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
++ "PKCS#11: pkcs11h_certificate_decrypt_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -1457,7 +1518,7 @@ pkcs11h_certificate_decrypt (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
+ certificate,
+ __pkcs11h_private_op_decrypt,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1490,21 +1551,42 @@ pkcs11h_certificate_unwrap (
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const p_target_size
++) {
++ CK_MECHANISM mech = {mech_type, NULL, 0};
++ return pkcs11h_certificate_unwrap_ex (
++ certificate,
++ &mech,
++ source,
++ source_size,
++ target,
++ p_target_size
++ );
++}
++
++CK_RV
++pkcs11h_certificate_unwrap_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_unwrap entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
++ "PKCS#11: pkcs11h_certificate_unwrap_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -1519,7 +1601,7 @@ pkcs11h_certificate_unwrap (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
+ certificate,
+ __pkcs11h_private_op_unwrap,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1552,6 +1634,26 @@ pkcs11h_certificate_signAny (
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const p_target_size
++) {
++ CK_MECHANISM mech = {mech_type, NULL, 0};
++ return pkcs11h_certificate_signAny_ex (
++ certificate,
++ &mech,
++ source,
++ source_size,
++ target,
++ p_target_size
++ );
++}
++
++CK_RV
++pkcs11h_certificate_signAny_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM *mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ PKCS11H_BOOL acked = FALSE;
+@@ -1559,15 +1661,16 @@ pkcs11h_certificate_signAny (
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_signAny entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
++ "PKCS#11: pkcs11h_certificate_signAny_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -1590,9 +1693,9 @@ pkcs11h_certificate_signAny (
+ (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_SIGN) != 0
+ ) {
+ switch (
+- (rv = pkcs11h_certificate_sign (
++ (rv = pkcs11h_certificate_sign_ex (
+ certificate,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1617,9 +1720,9 @@ pkcs11h_certificate_signAny (
+ (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_RECOVER) != 0
+ ) {
+ switch (
+- (rv = pkcs11h_certificate_signRecover (
++ (rv = pkcs11h_certificate_signRecover_ex (
+ certificate,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1667,6 +1770,26 @@ pkcs11h_certificate_decryptAny (
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const p_target_size
++) {
++ CK_MECHANISM mech = {mech_type, NULL, 0};
++ return pkcs11h_certificate_decryptAny_ex (
++ certificate,
++ &mech,
++ source,
++ source_size,
++ target,
++ p_target_size
++ );
++}
++
++CK_RV
++pkcs11h_certificate_decryptAny_ex (
++ IN const pkcs11h_certificate_t certificate,
++ IN const CK_MECHANISM * const mech,
++ IN const unsigned char * const source,
++ IN const size_t source_size,
++ OUT unsigned char * const target,
++ IN OUT size_t * const p_target_size
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ PKCS11H_BOOL acked = FALSE;
+@@ -1674,15 +1797,16 @@ pkcs11h_certificate_decryptAny (
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
++ _PKCS11H_ASSERT (mech!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_decryptAny entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
++ "PKCS#11: pkcs11h_certificate_decryptAny_ex entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"",
+ (void *)certificate,
+- mech_type,
++ mech->mechanism,
+ source,
+ source_size,
+ target,
+@@ -1704,9 +1828,9 @@ pkcs11h_certificate_decryptAny (
+ (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_DECRYPT) != 0
+ ) {
+ switch (
+- pkcs11h_certificate_decrypt (
++ pkcs11h_certificate_decrypt_ex (
+ certificate,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+@@ -1731,9 +1855,9 @@ pkcs11h_certificate_decryptAny (
+ (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_UNWRAP) != 0
+ ) {
+ switch (
+- pkcs11h_certificate_unwrap (
++ pkcs11h_certificate_unwrap_ex (
+ certificate,
+- mech_type,
++ mech,
+ source,
+ source_size,
+ target,
+diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
+index 640fc03..f2ec527 100644
+--- a/lib/pkcs11h-core.c
++++ b/lib/pkcs11h-core.c
+@@ -117,6 +117,9 @@ CK_RV
+ __pkcs11h_forkFixup ();
+ #endif
+
++static
++_pkcs11h_provider_t
++__pkcs11h_get_pkcs11_provider(const char * const reference);
+
+ /*==========================================
+ * Data
+@@ -125,6 +128,17 @@ __pkcs11h_forkFixup ();
+ _pkcs11h_data_t _g_pkcs11h_data = NULL;
+ unsigned int _g_pkcs11h_loglevel = PKCS11H_LOG_INFO;
+
++static const char * __pkcs11h_provider_preperty_names[] = {
++ "location",
++ "allow_protected_auth",
++ "mask_private_mode",
++ "slot_event_method",
++ "slot_poll_interval",
++ "cert_is_private",
++ "init_args",
++ NULL
++};
++
+ /*======================================================================*
+ * PUBLIC INTERFACE
+ *======================================================================*/
+@@ -288,6 +302,13 @@ pkcs11h_initialize (void) {
+
+ pkcs11h_terminate ();
+
++ _PKCS11H_ASSERT (
++ (
++ sizeof(__pkcs11h_provider_preperty_names) /
++ sizeof(*__pkcs11h_provider_preperty_names)
++ ) == _PKCS11H_PROVIDER_PROPERTY_LAST + 1
++ );
++
+ if ((rv = _pkcs11h_mem_malloc ((void*)&data, sizeof (struct _pkcs11h_data_s))) != CKR_OK) {
+ goto cleanup;
+ }
+@@ -650,6 +671,373 @@ pkcs11h_addProvider (
+ IN const unsigned slot_event_method,
+ IN const unsigned slot_poll_interval,
+ IN const PKCS11H_BOOL cert_is_private
++) {
++ CK_RV rv;
++
++ if ((rv = pkcs11h_registerProvider(reference)) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_LOCATION, provider_location, strlen(provider_location) + 1)) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, sizeof(allow_protected_auth))) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &mask_private_mode, sizeof(mask_private_mode))) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD, &slot_event_method, sizeof(slot_event_method))) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL, &slot_poll_interval, sizeof(slot_poll_interval))) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_setProviderProperty(reference, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private))) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = pkcs11h_initializeProvider(reference)) != CKR_OK) {
++ goto cleanup;
++ }
++
++cleanup:
++
++ if (rv != CKR_OK) {
++ pkcs11h_removeProvider(reference);
++ }
++
++ return rv;
++}
++
++CK_RV
++pkcs11h_registerProvider (
++ IN const char * const reference
++) {
++ _pkcs11h_provider_t provider = NULL;
++ CK_RV rv = CKR_FUNCTION_FAILED;
++
++ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
++ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_registerProvider entry version='%s', reference='%s'",
++ PACKAGE_VERSION,
++ reference
++ );
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Register provider '%s'",
++ reference
++ );
++
++ if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) {
++ goto cleanup;
++ }
++
++ if (strlen(reference) + 1 > sizeof(provider->reference)) {
++ goto cleanup;
++ }
++ strcpy (
++ provider->reference,
++ reference
++ );
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_registerProvider Provider '%s'",
++ reference
++ );
++
++#if defined(ENABLE_PKCS11H_THREADING)
++ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
++ goto cleanup;
++ }
++#endif
++
++ if (_g_pkcs11h_data->providers == NULL) {
++ _g_pkcs11h_data->providers = provider;
++ }
++ else {
++ _pkcs11h_provider_t last = NULL;
++
++ for (
++ last = _g_pkcs11h_data->providers;
++ last->next != NULL;
++ last = last->next
++ );
++ last->next = provider;
++ }
++
++#if defined(ENABLE_PKCS11H_THREADING)
++ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
++#endif
++
++ rv = CKR_OK;
++
++cleanup:
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Provider '%s' registered rv=%lu-'%s'",
++ reference,
++ rv,
++ pkcs11h_getMessage (rv)
++ );
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_registerProvider return rv=%lu-'%s'",
++ rv,
++ pkcs11h_getMessage (rv)
++ );
++
++ return rv;
++}
++
++CK_RV
++pkcs11h_setProviderPropertyByName (
++ IN const char * const reference,
++ IN const char * const property_str,
++ IN const char * const value_str
++) {
++ char value[1024];
++ size_t value_size;
++ unsigned property;
++ CK_RV rv = CKR_FUNCTION_FAILED;
++ const char **s;
++
++ property = 0;
++ for (s = __pkcs11h_provider_preperty_names; *s != NULL && strcmp(property_str, *s); s++) {
++ property++;
++ }
++ if (*s == NULL) {
++ goto cleanup;
++ }
++
++ switch(property) {
++ default:
++ goto cleanup;
++ case PKCS11H_PROVIDER_PROPERTY_LOCATION:
++ value_size = strlen(value_str) + 1;
++ if (value_size > sizeof(value)) {
++ goto cleanup;
++ }
++ strcpy(value, value_str);
++ break;
++ case PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD:
++ case PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE:
++ case PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL:
++ *(unsigned *)value = (unsigned)strtol(value_str, 0, 0);
++ value_size = sizeof(unsigned);
++ break;
++ case PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH:
++ case PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE:
++ *(PKCS11H_BOOL *)value = (PKCS11H_BOOL)(strtol(value_str, 0, 0) != 0 ? 1 : 0);
++ value_size = sizeof(PKCS11H_BOOL);
++ break;
++ case PKCS11H_PROVIDER_PROPERTY_INIT_ARGS:
++ rv = CKR_ATTRIBUTE_TYPE_INVALID;
++ goto cleanup;
++ }
++
++ rv = pkcs11h_setProviderProperty (
++ reference,
++ property,
++ value,
++ value_size
++ );
++
++cleanup:
++
++ return rv;
++}
++
++CK_RV
++pkcs11h_setProviderProperty (
++ IN const char * const reference,
++ IN const unsigned property,
++ IN const void * value,
++ IN const size_t value_size
++) {
++ _pkcs11h_provider_t provider = NULL;
++ CK_RV rv = CKR_OK;
++
++ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
++ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
++ _PKCS11H_ASSERT (value!=NULL);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_setProviderProperty entry reference='%s', property='%d'",
++ reference,
++ property
++ );
++
++ if ((provider = __pkcs11h_get_pkcs11_provider(reference)) == NULL) {
++ rv = CKR_OBJECT_HANDLE_INVALID;
++ goto cleanup;
++ }
++
++ switch (property) {
++ case PKCS11H_PROVIDER_PROPERTY_LOCATION:
++ {
++ const char * provider_location = (const char *)value;
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s='%s'",
++ __pkcs11h_provider_preperty_names[property],
++ provider_location
++ );
++
++ if (provider_location == NULL) {
++ goto cleanup;
++ }
++
++ if (
++ provider->provider_location != NULL &&
++ (rv = _pkcs11h_mem_free((void *)&provider->provider_location)) != CKR_OK
++ ) {
++ break;
++ }
++
++ if ((rv = _pkcs11h_mem_strdup(&provider->provider_location, provider_location)) != CKR_OK) {
++ break;
++ }
++
++ strncpy (
++ provider->manufacturerID,
++ (
++ strlen (provider_location) < sizeof (provider->manufacturerID) ?
++ provider_location :
++ provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1
++ ),
++ sizeof (provider->manufacturerID)-1
++ );
++ provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0';
++ }
++ break;
++
++ case PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH:
++ {
++ PKCS11H_BOOL allow_protected_auth = *(PKCS11H_BOOL*) value;
++ _PKCS11H_ASSERT (sizeof(allow_protected_auth) == value_size);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s=%d",
++ __pkcs11h_provider_preperty_names[property],
++ allow_protected_auth
++ );
++
++ provider->allow_protected_auth = allow_protected_auth;
++ }
++ break;
++
++ case PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE:
++ {
++ unsigned mask_private_mode = *(unsigned*) value;
++ _PKCS11H_ASSERT (sizeof(mask_private_mode) == value_size);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s=0x%08x",
++ __pkcs11h_provider_preperty_names[property],
++ mask_private_mode
++ );
++
++ provider->mask_private_mode = mask_private_mode;
++ }
++ break;
++
++ case PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD:
++ {
++ unsigned slot_event_method = *(unsigned*) value;
++ _PKCS11H_ASSERT (sizeof(slot_event_method) == value_size);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s=0x%08x'",
++ __pkcs11h_provider_preperty_names[property],
++ slot_event_method
++ );
++
++ provider->slot_event_method = slot_event_method;
++ }
++ break;
++
++ case PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL:
++ {
++ unsigned slot_poll_interval = *(unsigned*) value;
++ _PKCS11H_ASSERT (sizeof(slot_poll_interval) == value_size);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s=0x%08x",
++ __pkcs11h_provider_preperty_names[property],
++ slot_poll_interval
++ );
++
++ provider->slot_poll_interval = slot_poll_interval;
++ }
++ break;
++
++ case PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE:
++ {
++ PKCS11H_BOOL cert_is_private = *(PKCS11H_BOOL*) value;
++ _PKCS11H_ASSERT (sizeof(cert_is_private) == value_size);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s=%d",
++ __pkcs11h_provider_preperty_names[property],
++ cert_is_private
++ );
++
++ provider->cert_is_private = cert_is_private;
++ }
++ break;
++
++ case PKCS11H_PROVIDER_PROPERTY_INIT_ARGS:
++ {
++ CK_C_INITIALIZE_ARGS_PTR init_args = *(CK_C_INITIALIZE_ARGS_PTR*) value;
++ _PKCS11H_ASSERT (sizeof(init_args) <= value_size);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: Setting property %s={flags: 0x%08lx}",
++ __pkcs11h_provider_preperty_names[property],
++ init_args->flags
++ );
++
++ provider->init_args = init_args;
++ }
++ break;
++
++ default:
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_ERROR,
++ "PKCS#11: Trying to set unknown property '%d'",
++ property
++ );
++ rv = CKR_ATTRIBUTE_TYPE_INVALID;
++ }
++
++cleanup:
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG1,
++ "PKCS#11: pkcs11h_setProviderProperty return rv=%lu-'%s'",
++ rv,
++ pkcs11h_getMessage (rv)
++ );
++
++ return rv;
++}
++
++CK_RV
++pkcs11h_initializeProvider (
++ IN const char * const reference
+ ) {
+ #if defined(ENABLE_PKCS11H_DEBUG)
+ #if defined(_WIN32)
+@@ -664,65 +1052,36 @@ pkcs11h_addProvider (
+
+ _pkcs11h_provider_t provider = NULL;
+ CK_C_GetFunctionList gfl = NULL;
+- CK_C_INITIALIZE_ARGS initargs;
+- CK_C_INITIALIZE_ARGS_PTR pinitargs = NULL;
++ CK_C_INITIALIZE_ARGS init_args;
++ CK_C_INITIALIZE_ARGS_PTR pinit_args = NULL;
+ CK_INFO info;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+- _PKCS11H_ASSERT (provider_location!=NULL);
+- /*_PKCS11H_ASSERT (szSignMode!=NULL); NOT NEEDED*/
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_addProvider entry version='%s', pid=%d, reference='%s', provider_location='%s', allow_protected_auth=%d, mask_private_mode=%08x, cert_is_private=%d",
+- PACKAGE_VERSION,
++ "PKCS#11: pkcs11h_initializeProvider entry pid=%d, reference='%s'",
+ mypid,
+- reference,
+- provider_location,
+- allow_protected_auth ? 1 : 0,
+- mask_private_mode,
+- cert_is_private ? 1 : 0
++ reference
+ );
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+- "PKCS#11: Adding provider '%s'-'%s'",
+- reference,
+- provider_location
++ "PKCS#11: Initializing provider '%s'",
++ reference
+ );
+
+- if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) {
++ if ((provider = __pkcs11h_get_pkcs11_provider(reference)) == NULL) {
++ rv = CKR_OBJECT_HANDLE_INVALID;
+ goto cleanup;
+ }
+
+- strncpy (
+- provider->reference,
+- reference,
+- sizeof (provider->reference)-1
+- );
+- provider->reference[sizeof (provider->reference)-1] = '\x0';
+- strncpy (
+- provider->manufacturerID,
+- (
+- strlen (provider_location) < sizeof (provider->manufacturerID) ?
+- provider_location :
+- provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1
+- ),
+- sizeof (provider->manufacturerID)-1
+- );
+- provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0';
+- provider->allow_protected_auth = allow_protected_auth;
+- provider->mask_private_mode = mask_private_mode;
+- provider->slot_event_method = slot_event_method;
+- provider->slot_poll_interval = slot_poll_interval;
+- provider->cert_is_private = cert_is_private;
+-
+ #if defined(_WIN32)
+- provider->handle = LoadLibraryA (provider_location);
++ provider->handle = LoadLibraryA (provider->provider_location);
+ #else
+- provider->handle = dlopen (provider_location, RTLD_NOW);
++ provider->handle = dlopen (provider->provider_location, RTLD_NOW | RTLD_LOCAL);
+ #endif
+
+ if (provider->handle == NULL) {
+@@ -758,12 +1117,17 @@ pkcs11h_addProvider (
+ goto cleanup;
+ }
+
+- memset(&initargs, 0, sizeof(initargs));
+- if ((initargs.pReserved = getenv("PKCS11H_INIT_ARGS_RESERVED")) != NULL) {
+- pinitargs = &initargs;
++ if (provider->init_args != NULL) {
++ pinit_args = provider->init_args;
++ }
++ else {
++ memset(&init_args, 0, sizeof(init_args));
++ if ((init_args.pReserved = getenv("PKCS11H_INIT_ARGS_RESERVED")) != NULL) {
++ pinit_args = &init_args;
++ }
+ }
+
+- if ((rv = provider->f->C_Initialize (pinitargs)) != CKR_OK) {
++ if ((rv = provider->f->C_Initialize (pinit_args)) != CKR_OK) {
+ if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) {
+ rv = CKR_OK;
+ }
+@@ -787,44 +1151,18 @@ pkcs11h_addProvider (
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_addProvider Provider '%s' manufacturerID '%s'",
++ "PKCS#11: pkcs11h_initializeProvider Provider '%s' manufacturerID '%s'",
+ reference,
+ provider->manufacturerID
+ );
+
+ provider->enabled = TRUE;
+
+-#if defined(ENABLE_PKCS11H_THREADING)
+- if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
+- goto cleanup;
+- }
+-#endif
+-
+- if (_g_pkcs11h_data->providers == NULL) {
+- _g_pkcs11h_data->providers = provider;
+- }
+- else {
+- _pkcs11h_provider_t last = NULL;
+-
+- for (
+- last = _g_pkcs11h_data->providers;
+- last->next != NULL;
+- last = last->next
+- );
+- last->next = provider;
+- }
+-
+- provider = NULL;
+-
+-#if defined(ENABLE_PKCS11H_THREADING)
+- _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
+-#endif
+-
+ rv = CKR_OK;
+
+ cleanup:
+
+- if (provider != NULL) {
++ if (provider != NULL && !provider->enabled) {
+ if (provider->handle != NULL) {
+ #if defined(_WIN32)
+ FreeLibrary (provider->handle);
+@@ -833,26 +1171,16 @@ cleanup:
+ #endif
+ provider->handle = NULL;
+ }
+-
+- _pkcs11h_mem_free ((void *)&provider);
+- provider = NULL;
+ }
+
++
+ #if defined(ENABLE_PKCS11H_SLOTEVENT)
+ _pkcs11h_slotevent_notify ();
+ #endif
+
+- _PKCS11H_DEBUG (
+- PKCS11H_LOG_DEBUG1,
+- "PKCS#11: Provider '%s' added rv=%lu-'%s'",
+- reference,
+- rv,
+- pkcs11h_getMessage (rv)
+- );
+-
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_addProvider return rv=%lu-'%s'",
++ "PKCS#11: pkcs11h_initializeProvider return rv=%lu-'%s'",
+ rv,
+ pkcs11h_getMessage (rv)
+ );
+@@ -913,15 +1241,7 @@ pkcs11h_removeProvider (
+ }
+ #endif
+
+- provider = _g_pkcs11h_data->providers;
+- while (
+- provider != NULL &&
+- strcmp (reference, provider->reference)
+- ) {
+- provider = provider->next;
+- }
+-
+- if (provider != NULL) {
++ if ((provider = __pkcs11h_get_pkcs11_provider(reference)) != NULL) {
+ provider->enabled = FALSE;
+ }
+
+@@ -966,6 +1286,10 @@ free1:
+ provider->should_finalize = FALSE;
+ }
+
++ if (provider->provider_location != NULL) {
++ _pkcs11h_mem_free((void *)&provider->provider_location);
++ }
++
+ #if defined(ENABLE_PKCS11H_SLOTEVENT)
+ _pkcs11h_slotevent_notify ();
+
+@@ -1345,3 +1669,10 @@ __pkcs11h_forkFixup () {
+
+ #endif /* !WIN32 */
+
++static
++_pkcs11h_provider_t
++__pkcs11h_get_pkcs11_provider(const char * const reference) {
++ _pkcs11h_provider_t provider;
++ for (provider = _g_pkcs11h_data->providers;provider != NULL && strcmp (reference, provider->reference); provider = provider->next);
++ return provider;
++}
+diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c
+index 9c9b2cd..78bb7fc 100644
+--- a/lib/pkcs11h-openssl.c
++++ b/lib/pkcs11h-openssl.c
+@@ -474,9 +474,6 @@ __pkcs11h_openssl_rsa_dec (
+ case RSA_PKCS1_OAEP_PADDING:
+ mech = CKM_RSA_PKCS_OAEP;
+ break;
+- case RSA_SSLV23_PADDING:
+- rv = CKR_MECHANISM_INVALID;
+- break;
+ case RSA_NO_PADDING:
+ mech = CKM_RSA_X_509;
+ break;
+@@ -713,6 +710,7 @@ __pkcs11h_openssl_dsa_do_sign(
+ OUT DSA *dsa
+ ) {
+ pkcs11h_certificate_t certificate = __pkcs11h_openssl_dsa_get_pkcs11h_certificate (dsa);
++ PKCS11H_BOOL session_locked = FALSE;
+ unsigned char *sigbuf = NULL;
+ size_t siglen;
+ DSA_SIG *sig = NULL;
+@@ -733,6 +731,11 @@ __pkcs11h_openssl_dsa_do_sign(
+ _PKCS11H_ASSERT (dsa!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
+
++ if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) {
++ goto cleanup;
++ }
++ session_locked = TRUE;
++
+ if (
+ (rv = pkcs11h_certificate_signAny (
+ certificate,
+@@ -789,6 +792,11 @@ __pkcs11h_openssl_dsa_do_sign(
+
+ cleanup:
+
++ if (session_locked) {
++ pkcs11h_certificate_releaseSession (certificate);
++ session_locked = FALSE;
++ }
++
+ if (sigbuf != NULL) {
+ _pkcs11h_mem_free ((void *)&sigbuf);
+ }
+@@ -890,6 +898,7 @@ __pkcs11h_openssl_eckey_do_sign(
+ OUT EC_KEY *ec
+ ) {
+ pkcs11h_certificate_t certificate = __pkcs11h_openssl_eckey_get_pkcs11h_certificate (ec);
++ PKCS11H_BOOL session_locked = FALSE;
+ unsigned char *sigbuf = NULL;
+ size_t siglen;
+ ECDSA_SIG *sig = NULL;
+@@ -914,6 +923,11 @@ __pkcs11h_openssl_eckey_do_sign(
+ _PKCS11H_ASSERT (ec!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
+
++ if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) {
++ goto cleanup;
++ }
++ session_locked = TRUE;
++
+ if (
+ (rv = pkcs11h_certificate_signAny (
+ certificate,
+@@ -974,6 +988,11 @@ __pkcs11h_openssl_eckey_do_sign(
+
+ cleanup:
+
++ if (session_locked) {
++ pkcs11h_certificate_releaseSession (certificate);
++ session_locked = FALSE;
++ }
++
+ if (sigbuf != NULL) {
+ _pkcs11h_mem_free ((void *)&sigbuf);
+ }
+@@ -1465,7 +1484,7 @@ pkcs11h_openssl_session_getEVP (
+ }
+ }
+ #endif
+-#ifndef OPENSSL_NO_RSA
++#ifndef OPENSSL_NO_DSA
+ else if (EVP_PKEY_id (evp) == EVP_PKEY_DSA) {
+ if (!__pkcs11h_openssl_session_setDSA(openssl_session, evp)) {
+ goto cleanup;
+diff --git a/tests/test-basic/Makefile.am b/tests/test-basic/Makefile.am
+index 0f63c27..29494e1 100644
+--- a/tests/test-basic/Makefile.am
++++ b/tests/test-basic/Makefile.am
+@@ -50,8 +50,13 @@
+
+ MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
+
+-TESTS=test-basic
+-noinst_PROGRAMS=test-basic
++MY_TESTS = \
++ test-basic \
++ test-basic2 \
++ $(NULL)
++
++TESTS=$(MY_TESTS)
++noinst_PROGRAMS=$(MY_TESTS)
+
+ AM_CPPFLAGS= \
+ -I$(top_srcdir)/include \
+@@ -60,3 +65,4 @@ LDADD= \
+ $(top_builddir)/lib/libpkcs11-helper.la
+
+ test_basic_SOURCES=test-basic.c
++test_basic2_SOURCES=test-basic2.c
+diff --git a/tests/test-basic/test-basic.c b/tests/test-basic/test-basic.c
+index 9eee3aa..51e79ab 100644
+--- a/tests/test-basic/test-basic.c
++++ b/tests/test-basic/test-basic.c
+@@ -47,13 +47,13 @@ int main () {
+
+ if (
+ (rv = pkcs11h_addProvider (
++ "reference1",
+ TEST_PROVIDER,
+- TEST_PROVIDER,
+- FALSE,
+- PKCS11H_PRIVATEMODE_MASK_AUTO,
+- PKCS11H_SLOTEVENT_METHOD_AUTO,
+- 0,
+- FALSE
++ TRUE,
++ PKCS11H_PRIVATEMODE_MASK_DECRYPT,
++ PKCS11H_SLOTEVENT_METHOD_POLL,
++ 0x55,
++ TRUE
+ )) != CKR_OK
+ ) {
+ fatal ("pkcs11h_addProvider failed", rv);
+diff --git a/tests/test-basic/test-basic2.c b/tests/test-basic/test-basic2.c
+new file mode 100644
+index 0000000..394c9e0
+--- /dev/null
++++ b/tests/test-basic/test-basic2.c
+@@ -0,0 +1,110 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include "../../config.h"
++#include <pkcs11-helper-1.0/pkcs11h-core.h>
++
++static
++void
++fatal (const char * const m, CK_RV rv) {
++ fprintf (stderr, "%s - %08lu - %s\n", m, rv, pkcs11h_getMessage (rv));
++ exit (1);
++}
++
++static
++void
++_pkcs11h_hooks_log (
++ IN void * const global_data,
++ IN unsigned flags,
++ IN const char * const format,
++ IN va_list args
++) {
++ vfprintf (stdout, format, args);
++ fprintf (stdout, "\n");
++ fflush (stdout);
++}
++
++int main () {
++ struct {
++ char *p;
++ char *v;
++ } props[] = {
++ {"location", TEST_PROVIDER},
++ {"allow_protected_auth", "1"},
++ {"mask_private_mode", "2"},
++ {"slot_event_method", "3"},
++ {"slot_poll_interval", "0x55"},
++ {"cert_is_private", "1"},
++ {NULL, NULL}
++ }, *p;
++
++ const char * reference = "reference1";
++ CK_C_INITIALIZE_ARGS init_args;
++ CK_C_INITIALIZE_ARGS_PTR init_args_ptr = &init_args;
++ CK_RV rv;
++
++ printf ("Version: %08x\n", pkcs11h_getVersion ());
++ printf ("Features: %08x\n", pkcs11h_getFeatures ());
++
++ printf ("Initializing pkcs11-helper\n");
++
++ if ((rv = pkcs11h_initialize ()) != CKR_OK) {
++ fatal ("pkcs11h_initialize failed", rv);
++ }
++
++ printf ("Registering pkcs11-helper hooks\n");
++
++ if ((rv = pkcs11h_setLogHook (_pkcs11h_hooks_log, NULL)) != CKR_OK) {
++ fatal ("pkcs11h_setLogHook failed", rv);
++ }
++
++ pkcs11h_setLogLevel (TEST_LOG_LEVEL);
++
++ printf ("Registering provider '%s'\n", TEST_PROVIDER);
++ if ((rv = pkcs11h_registerProvider (reference)) != CKR_OK) {
++ fatal ("pkcs11h_registerProvider failed", rv);
++ }
++
++ for (p = props; p->p != NULL; p++) {
++ printf("Setting property '%s'='%s'\n", p->p, p->v);
++ if (
++ (rv = pkcs11h_setProviderPropertyByName (
++ reference,
++ p->p,
++ p->v
++ )) != CKR_OK
++ ) {
++ fatal ("pkcs11h_setProviderPropertyByName failed", rv);
++ }
++ }
++
++ memset(&init_args, 0, sizeof(init_args));
++ init_args.flags = CKF_OS_LOCKING_OK;
++ if (
++ (rv = pkcs11h_setProviderProperty (
++ reference,
++ PKCS11H_PROVIDER_PROPERTY_INIT_ARGS,
++ &init_args_ptr,
++ sizeof(init_args_ptr)
++ )) != CKR_OK
++ ) {
++ fatal ("pkcs11h_setProviderProperty failed for PKCS11H_PROVIDER_PROPERTY_INIT_ARGS", rv);
++ }
++
++ if ((rv = pkcs11h_initializeProvider (reference)) != CKR_OK) {
++ fatal ("pkcs11h_initializeProvider failed", rv);
++ }
++
++ if ((rv = pkcs11h_removeProvider (reference)) != CKR_OK) {
++ fatal ("pkcs11h_initializeProvider failed", rv);
++ }
++
++ printf ("Terminating pkcs11-helper\n");
++
++ if ((rv = pkcs11h_terminate ()) != CKR_OK) {
++ fatal ("pkcs11h_terminate failed", rv);
++ }
++
++ exit (0);
++ return 0;
++}
+diff --git a/tests/test-certificate/Makefile.am b/tests/test-certificate/Makefile.am
+index 2caa3de..11ee924 100644
+--- a/tests/test-certificate/Makefile.am
++++ b/tests/test-certificate/Makefile.am
+@@ -50,8 +50,12 @@
+
+ MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
+
+-TESTS=test-certificate
+-noinst_PROGRAMS=test-certificate
++MY_TESTS = \
++ test-certificate \
++ $(NULL)
++
++TESTS=$(MY_TESTS)
++noinst_PROGRAMS=$(MY_TESTS)
+
+ AM_CPPFLAGS= \
+ -I$(top_srcdir)/include \
+diff --git a/tests/test-fork/Makefile.am b/tests/test-fork/Makefile.am
+index 48992f2..51c8707 100644
+--- a/tests/test-fork/Makefile.am
++++ b/tests/test-fork/Makefile.am
+@@ -50,8 +50,12 @@
+
+ MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
+
+-TESTS=test-fork
+-noinst_PROGRAMS=test-fork
++MY_TESTS = \
++ test-fork \
++ $(NULL)
++
++TESTS=$(MY_TESTS)
++noinst_PROGRAMS=$(MY_TESTS)
+
+ AM_CPPFLAGS= \
+ -I$(top_srcdir)/include \
+diff --git a/tests/test-openssl/Makefile.am b/tests/test-openssl/Makefile.am
+index ef27ef3..9c2b5dd 100644
+--- a/tests/test-openssl/Makefile.am
++++ b/tests/test-openssl/Makefile.am
+@@ -50,8 +50,12 @@
+
+ MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
+
+-TESTS=test-openssl
+-noinst_PROGRAMS=test-openssl
++MY_TESTS = \
++ test-openssl \
++ $(NULL)
++
++TESTS=$(MY_TESTS)
++noinst_PROGRAMS=$(MY_TESTS)
+
+ AM_CPPFLAGS= \
+ -I$(top_srcdir)/include \
+diff --git a/tests/test-slotevent/Makefile.am b/tests/test-slotevent/Makefile.am
+index 5cc8acb..0016cf8 100644
+--- a/tests/test-slotevent/Makefile.am
++++ b/tests/test-slotevent/Makefile.am
+@@ -50,8 +50,12 @@
+
+ MAINTAINERCLEANFILES=$(srcdir)/Makefile.in
+
+-TESTS=test-slotevent
+-noinst_PROGRAMS=test-slotevent
++MY_TESTS = \
++ test-slotevent \
++ $(NULL)
++
++TESTS=$(MY_TESTS)
++noinst_PROGRAMS=$(MY_TESTS)
+
+ AM_CPPFLAGS= \
+ -I$(top_srcdir)/include \
projects / packages / pkcs11-helper.git / commitdiff