diff --git a/src/Makefile.am b/src/Makefile.am index 63a3f9b1..f0a9e159 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,16 +1,23 @@ +# ========================================================== +# Makefile.am for PKCS#11 libp11 / engine / provider +# ========================================================== MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/config.h.in $(srcdir)/config.h.in~ DISTCLEANFILES = libp11.map CLEANFILES = libp11.pc EXTRA_DIST = Makefile.mak libp11.rc.in pkcs11.rc.in +# Headers noinst_HEADERS= libp11-int.h pkcs11.h p11_pthread.h util.h include_HEADERS= libp11.h p11_err.h + +# Libraries to build (static-engine optional) if ENABLE_STATIC_ENGINE lib_LTLIBRARIES = libp11.la libpkcs11.la else lib_LTLIBRARIES = libp11.la endif + enginesexec_LTLIBRARIES = pkcs11.la pkgconfig_DATA = libp11.pc @@ -21,19 +28,52 @@ endif SHARED_EXT=@SHARED_EXT@ -libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_err.c p11_ckr.c \ - p11_key.c p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_eddsa.c p11_pkey.c \ - p11_slot.c p11_front.c p11_atfork.c libp11.exports +# ---------------------------------------------------------- +# Helper libraries +# ---------------------------------------------------------- +# These helper libraries are only built (not installed) so we can +# set per-file compiler flags (e.g. -Wno-unused-parameter) for +# specific source files without affecting the rest of the project. +# ---------------------------------------------------------- +# Define all non-installed helper libraries in one assignment +noinst_LTLIBRARIES = libeng_err.la libp11_err.la + +# Helper library for p11_err.c +libp11_err_la_SOURCES = p11_err.c +libp11_err_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_CFLAGS) -Wno-unused-parameter + +# Helper library for eng_err.c +libeng_err_la_SOURCES = eng_err.c +libeng_err_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_EXTRA_CFLAGS) $(OPENSSL_CFLAGS) \ + -Wno-unused-parameter + +# ---------------------------------------------------------- +# libp11 — PKCS#11 support library +# ---------------------------------------------------------- +# p11_err.c is intentionally excluded from libp11_la_SOURCES +# because it is compiled as part of libp11_err.la (above). +# ---------------------------------------------------------- +libp11_la_SOURCES = libpkcs11.c p11_attr.c p11_cert.c p11_ckr.c \ + p11_key.c p11_load.c p11_misc.c p11_rsa.c p11_ec.c p11_eddsa.c \ + p11_pkey.c p11_slot.c p11_front.c p11_atfork.c libp11.exports + +# Compiler flags for libp11 libp11_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_CFLAGS) -libp11_la_LIBADD = $(OPENSSL_LIBS) + +# Link helper error object (libp11_err.la) and OpenSSL libraries +libp11_la_LIBADD = libp11_err.la $(OPENSSL_LIBS) + if WIN32 libp11_la_LIBADD += libp11.lo else dist_noinst_DATA = libp11.rc endif + +# libtool versioning libp11_la_LDFLAGS = $(AM_LDFLAGS) \ -version-info @LIBP11_LT_CURRENT@:@LIBP11_LT_REVISION@:@LIBP11_LT_AGE@ +# Use linker version script if available, otherwise export symbols via exports file. if HAVE_LD_VERSION_SCRIPT libp11_la_LDFLAGS += -Wl,--version-script=libp11.map if WIN32 @@ -43,21 +83,58 @@ else libp11_la_LDFLAGS += -export-symbols "$(srcdir)/libp11.exports" endif -pkcs11_la_SOURCES = eng_front.c eng_back.c eng_err.c util_uri.c \ +# ---------------------------------------------------------- +# PKCS#11 engine +# ---------------------------------------------------------- +# eng_err.c is excluded from the pkcs11_la_SOURCES because it +# is compiled in libeng_err.la (above). We add libeng_err.la +# to pkcs11_la_LIBADD so the final engine contains the code. +# ---------------------------------------------------------- +pkcs11_la_SOURCES = eng_front.c eng_back.c util_uri.c \ engine.h eng_err.h util.h pkcs11.exports + if WIN32 pkcs11_la_SOURCES += pkcs11.rc else dist_noinst_DATA += pkcs11.rc endif + +# Compiler flags for PKCS#11 engine pkcs11_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_EXTRA_CFLAGS) $(OPENSSL_CFLAGS) -pkcs11_la_LIBADD = $(libp11_la_OBJECTS) $(OPENSSL_LIBS) + +# Link the helper library (libp11_err and libeng_err) plus libp11 objects and OpenSSL +pkcs11_la_LIBADD = libp11_err.la libeng_err.la $(libp11_la_OBJECTS) $(OPENSSL_LIBS) # We intentionally not version symbols in this module because no # application links with it. It is dynamically opened. pkcs11_la_LDFLAGS = $(AM_LDFLAGS) -module -shared -shrext $(SHARED_EXT) \ -avoid-version -export-symbols "$(srcdir)/pkcs11.exports" +# ---------------------------------------------------------- +# PKCS#11 provider +# ---------------------------------------------------------- +pkcs11prov_la_SOURCES = provider.c util_uri.c pkcs11prov.exports + +if WIN32 +pkcs11prov_la_SOURCES += pkcs11prov.rc +else +dist_noinst_DATA += pkcs11prov.rc +endif + +# Compiler flags for PKCS#11 provider +pkcs11prov_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_EXTRA_CFLAGS) $(OPENSSL_CFLAGS) + +# Link helper error object (libp11_err.la) plus libp11 objects and OpenSSL +pkcs11prov_la_LIBADD = libp11_err.la $(libp11_la_OBJECTS) $(OPENSSL_LIBS) + +# We intentionally not version symbols in this module because no +# application links with it. It is dynamically opened. +pkcs11prov_la_LDFLAGS = $(AM_LDFLAGS) -module -shared -shrext $(SHARED_EXT) \ + -avoid-version -export-symbols "$(srcdir)/pkcs11prov.exports" + +# ---------------------------------------------------------- +# Optional static engine target (copy of pkcs11) +# ---------------------------------------------------------- if ENABLE_STATIC_ENGINE # Create a static version of the engine as well to allow applications # to statically link into it. @@ -76,6 +153,9 @@ if LIBP11_OSSL_PROVIDER cd '$(DESTDIR)$(providersexecdir)' && $(LN_S) -f pkcs11prov$(SHARED_EXT) libpkcs11$(SHARED_EXT) endif +# ---------------------------------------------------------- +# Windows def file target +# ---------------------------------------------------------- if WIN32 # def file required for MS users to build library mylibdir=$(libdir) @@ -83,24 +163,14 @@ mylib_DATA=.libs/@WIN_LIBPREFIX@p11-@LIBP11_LT_OLDEST@.dll.def .libs/@WIN_LIBPREFIX@p11-@LIBP11_LT_OLDEST@.dll.def: libp11.la endif +# ---------------------------------------------------------- +# Resource compiler helpers +# ---------------------------------------------------------- RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) -# openssl PKCS#11 provider -pkcs11prov_la_SOURCES = provider.c util_uri.c pkcs11prov.exports -if WIN32 -pkcs11prov_la_SOURCES += pkcs11prov.rc -else -dist_noinst_DATA += pkcs11prov.rc -endif -pkcs11prov_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_EXTRA_CFLAGS) $(OPENSSL_CFLAGS) -pkcs11prov_la_LIBADD = $(libp11_la_OBJECTS) $(OPENSSL_LIBS) - -# We intentionally not version symbols in this module because no -# application links with it. It is dynamically opened. -pkcs11prov_la_LDFLAGS = $(AM_LDFLAGS) -module -shared -shrext $(SHARED_EXT) \ - -avoid-version -export-symbols "$(srcdir)/pkcs11prov.exports" +# .rc compilation rules .rc.lo: $(LTRCCOMPILE) -i "$<" -o "$@" diff --git a/src/eng_back.c b/src/eng_back.c index 7e8f2360..91c58046 100644 --- a/src/eng_back.c +++ b/src/eng_back.c @@ -85,7 +85,7 @@ void ENGINE_CTX_log(ENGINE_CTX *ctx, int level, const char *format, ...) /* Initialization and cleanup */ /******************************************************************************/ -ENGINE_CTX *ENGINE_CTX_new() +ENGINE_CTX *ENGINE_CTX_new(void) { ENGINE_CTX *ctx; char *mod; diff --git a/src/p11_atfork.c b/src/p11_atfork.c index 604cd5d9..1a1863cd 100644 --- a/src/p11_atfork.c +++ b/src/p11_atfork.c @@ -80,7 +80,7 @@ static unsigned int _P11_update_forkid(void) #endif /* !_WIN32 */ -unsigned int get_forkid() +unsigned int get_forkid(void) { (void)_P11_update_forkid(); return P11_forkid; diff --git a/src/p11_ckr.c b/src/p11_ckr.c index 6a15971f..68440e25 100644 --- a/src/p11_ckr.c +++ b/src/p11_ckr.c @@ -197,6 +197,7 @@ void ERR_unload_CKR_strings(void) void ERR_CKR_error(int function, int reason, char *file, int line) { + (void)function; if (CKR_lib_error_code == 0) CKR_lib_error_code = ERR_get_next_error_library(); ERR_PUT_error(CKR_lib_error_code, function, reason, file, line); diff --git a/src/p11_eddsa.c b/src/p11_eddsa.c index 43c81ffc..84ea6793 100644 --- a/src/p11_eddsa.c +++ b/src/p11_eddsa.c @@ -229,7 +229,7 @@ static int pkcs11_eddsa_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2 } /* Global initialize ED25519 EVP_PKEY_METHOD */ -static int pkcs11_ed25519_method_new() +static int pkcs11_ed25519_method_new(void) { int orig_id, orig_flags; @@ -272,7 +272,7 @@ static int pkcs11_ed25519_method_new() } /* Global initialize ED448 EVP_PKEY_METHOD */ -static int pkcs11_ed448_method_new() +static int pkcs11_ed448_method_new(void) { int orig_id, orig_flags; diff --git a/src/p11_pkey.c b/src/p11_pkey.c index b113e4a3..e5a1d279 100644 --- a/src/p11_pkey.c +++ b/src/p11_pkey.c @@ -315,11 +315,11 @@ static int pkcs11_try_pkey_rsa_sign(EVP_PKEY_CTX *evp_pkey_ctx, ctx = slot->ctx; if (!ctx) return -1; - +#ifdef DEBUG pkcs11_log(ctx, LOG_DEBUG, "%s:%d pkcs11_try_pkey_rsa_sign() " "sig=%p *siglen=%lu tbs=%p tbslen=%lu\n", __FILE__, __LINE__, sig, *siglen, tbs, tbslen); - +#endif if (EVP_PKEY_CTX_get_signature_md(evp_pkey_ctx, &sig_md) <= 0) return -1; if (tbslen != (size_t)EVP_MD_size(sig_md)) @@ -329,8 +329,7 @@ static int pkcs11_try_pkey_rsa_sign(EVP_PKEY_CTX *evp_pkey_ctx, EVP_PKEY_CTX_get_rsa_padding(evp_pkey_ctx, &padding); switch (padding) { case RSA_PKCS1_PSS_PADDING: - pkcs11_log(ctx, LOG_DEBUG, "%s:%d padding=RSA_PKCS1_PSS_PADDING\n", - __FILE__, __LINE__); + pkcs11_log(ctx, LOG_DEBUG, "padding=RSA_PKCS1_PSS_PADDING\n"); if (pkcs11_params_pss(&pss_params, evp_pkey_ctx, ctx) < 0) return -1; mechanism.mechanism = CKM_RSA_PKCS_PSS; @@ -418,17 +417,16 @@ static int pkcs11_try_pkey_rsa_decrypt(EVP_PKEY_CTX *evp_pkey_ctx, ctx = slot->ctx; if (!ctx) return -1; - +#ifdef DEBUG pkcs11_log(ctx, LOG_DEBUG, "%s:%d pkcs11_try_pkey_rsa_decrypt() " "out=%p *outlen=%lu in=%p inlen=%lu\n", __FILE__, __LINE__, out, *outlen, in, inlen); - +#endif memset(&mechanism, 0, sizeof mechanism); EVP_PKEY_CTX_get_rsa_padding(evp_pkey_ctx, &padding); switch (padding) { case RSA_PKCS1_OAEP_PADDING: - pkcs11_log(ctx, LOG_DEBUG, "%s:%d padding=RSA_PKCS1_OAEP_PADDING\n", - __FILE__, __LINE__); + pkcs11_log(ctx, LOG_DEBUG, "padding=RSA_PKCS1_OAEP_PADDING\n"); if (pkcs11_params_oaep(&oaep_params, evp_pkey_ctx, ctx) < 0) return -1; mechanism.mechanism = CKM_RSA_PKCS_OAEP; @@ -436,8 +434,7 @@ static int pkcs11_try_pkey_rsa_decrypt(EVP_PKEY_CTX *evp_pkey_ctx, mechanism.ulParameterLen = sizeof oaep_params; break; case RSA_PKCS1_PADDING: - pkcs11_log(ctx, LOG_DEBUG, "%s:%d padding=RSA_PKCS1_PADDING\n", - __FILE__, __LINE__); + pkcs11_log(ctx, LOG_DEBUG, "padding=RSA_PKCS1_PADDING\n"); mechanism.mechanism = CKM_RSA_PKCS; mechanism.pParameter = NULL; mechanism.ulParameterLen = 0; @@ -559,11 +556,11 @@ static int pkcs11_try_pkey_ec_sign(EVP_PKEY_CTX *evp_pkey_ctx, ctx = slot->ctx; if (!ctx) goto error; - +#ifdef DEBUG pkcs11_log(ctx, LOG_DEBUG, "%s:%d pkcs11_try_pkey_ec_sign() " "sig=%p *siglen=%lu tbs=%p tbslen=%lu\n", __FILE__, __LINE__, sig, *siglen, tbs, tbslen); - +#endif if (EVP_PKEY_CTX_get_signature_md(evp_pkey_ctx, &sig_md) <= 0) goto error; @@ -637,10 +634,11 @@ static int pkcs11_eddsa_sign(unsigned char *sigret, unsigned int *siglen, memset(&mechanism, 0, sizeof(mechanism)); mechanism.mechanism = CKM_EDDSA; +#ifdef DEBUG pkcs11_log(ctx, LOG_DEBUG, "%s:%d pkcs11_eddsa_sign() " "sigret=%p *siglen=%u tbs=%p tbslen=%u\n", __FILE__, __LINE__, sigret, *siglen, tbs, tbslen); - +#endif if (pkcs11_get_session(slot, 0, &session)) return -1; diff --git a/src/util_uri.c b/src/util_uri.c index aec004b3..541dfc12 100644 --- a/src/util_uri.c +++ b/src/util_uri.c @@ -81,7 +81,7 @@ static int g_shutdown_mode = 0; /* Initialization */ /******************************************************************************/ -UTIL_CTX *UTIL_CTX_new() +UTIL_CTX *UTIL_CTX_new(void) { UTIL_CTX *ctx = OPENSSL_malloc(sizeof(UTIL_CTX)); diff --git a/tests/evp-sign-prov.c b/tests/evp-sign-prov.c index 48c45e6c..0ffa9461 100644 --- a/tests/evp-sign-prov.c +++ b/tests/evp-sign-prov.c @@ -48,7 +48,7 @@ static int ui_open_fail(UI *ui) /* method that's to be used for prompting with a default */ static UI_METHOD *ui_console_with_default = NULL; -static int setup_ui() +static int setup_ui(void) { UI_METHOD *default_method = UI_OpenSSL(); diff --git a/tests/evp-sign.c b/tests/evp-sign.c index 13517725..b4e983f4 100644 --- a/tests/evp-sign.c +++ b/tests/evp-sign.c @@ -105,7 +105,7 @@ static int ui_write(UI *ui, UI_STRING *uis) return UI_method_get_writer(UI_OpenSSL())(ui, uis); } -static void setup_ui() +static void setup_ui(void) { UI_METHOD *default_method = UI_OpenSSL(); diff --git a/tests/fork-test.c b/tests/fork-test.c index 1b2a972d..1c2b9356 100644 --- a/tests/fork-test.c +++ b/tests/fork-test.c @@ -52,7 +52,7 @@ #define RANDOM_SIZE 20 #define MAX_SIGSIZE 1024 -static void do_fork(); +static void do_fork(void); static void error_queue(const char *name); int main(int argc, char *argv[]) @@ -288,7 +288,7 @@ int main(int argc, char *argv[]) return 1; } -static void do_fork() +static void do_fork(void) { int status = 0; pid_t pid = fork(); diff --git a/tests/openssl_version.c b/tests/openssl_version.c index 1ea100a9..9326f14f 100644 --- a/tests/openssl_version.c +++ b/tests/openssl_version.c @@ -34,7 +34,7 @@ #include #include -int main() +int main(void) { puts(OPENSSL_VERSION_TEXT); return 0;