Revert "Implement PKCS11_set_pin_method()"

This reverts commit 9ca1c6a.

src/eng_back.c

@@ -3,7 +3,7 @@
  * Copyright (c) 2002 Juha Yrjölä
  * Copyright (c) 2002 Olaf Kirch
  * Copyright (c) 2003 Kevin Stefanik
- * Copyright (C) 2016-2025 Michał Trojnara <Michal.Trojnara@stunnel.org>
+ * Copyright (c) 2016-2018 Michał Trojnara <Michal.Trojnara@stunnel.org>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -91,21 +91,29 @@ void ENGINE_CTX_log(ENGINE_CTX *ctx, int level, const char *format, ...)
 
 static int ENGINE_CTX_ctrl_set_user_interface(ENGINE_CTX *ctx, UI_METHOD *ui_method)
 {
+	PKCS11_CTX *pkcs11_ctx = UTIL_CTX_get_libp11_ctx(ctx->util_ctx);
+
 	ctx->ui_method = ui_method;
+	if (pkcs11_ctx) /* libp11 is already initialized */
+		PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 	return 1;
 }
 
 static int ENGINE_CTX_ctrl_set_callback_data(ENGINE_CTX *ctx, void *callback_data)
 {
+	PKCS11_CTX *pkcs11_ctx = UTIL_CTX_get_libp11_ctx(ctx->util_ctx);
+
 	ctx->callback_data = callback_data;
+	if (pkcs11_ctx) /* libp11 is already initialized */
+		PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 	return 1;
 }
 
 /* Get the PIN via asking user interface. The supplied call-back data are
  * passed to the user interface implemented by an application. Only the
  * application knows how to interpret the call-back data.
  * A (strdup'ed) copy of the PIN code will be stored in the pin variable. */
-static char *engine_pin_callback(void *param, const char *token_label)
+static char *get_pin_callback(void *param, const char *token_label)
 {
 	ENGINE_CTX *ctx;
 	UI *ui;
@@ -155,7 +163,7 @@ ENGINE_CTX *ENGINE_CTX_new()
 	ctx = OPENSSL_zalloc(sizeof(ENGINE_CTX));
 	if (!ctx)
 		return NULL;
-	ctx->util_ctx = UTIL_CTX_new(engine_pin_callback, ctx);
+	ctx->util_ctx = UTIL_CTX_new(get_pin_callback, ctx);
 	if (!ctx->util_ctx) {
 		OPENSSL_free(ctx);
 		return NULL;
@@ -190,14 +198,17 @@ int ENGINE_CTX_destroy(ENGINE_CTX *ctx)
 
 static int ENGINE_CTX_enumerate_slots(ENGINE_CTX *ctx)
 {
+	PKCS11_CTX *pkcs11_ctx;
 	int rv;
 
 	pthread_mutex_lock(&ctx->lock);
 
-	if (!UTIL_CTX_init_libp11(ctx->util_ctx)) {
+	pkcs11_ctx = UTIL_CTX_init_libp11(ctx->util_ctx);
+	if (!pkcs11_ctx) {
 		pthread_mutex_unlock(&ctx->lock);
 		return -1;
 	}
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 
 	rv = UTIL_CTX_enumerate_slots(ctx->util_ctx);
 
@@ -233,14 +244,16 @@ int ENGINE_CTX_finish(ENGINE_CTX *ctx)
 EVP_PKEY *ENGINE_CTX_load_pubkey(ENGINE_CTX *ctx, const char *s_key_id,
 		UI_METHOD *ui_method, void *callback_data)
 {
+	PKCS11_CTX *pkcs11_ctx;
 	UI_METHOD *orig_ui_method;
 	void *orig_callback_data;
 	EVP_PKEY *evp_pkey;
 
 	pthread_mutex_lock(&ctx->lock);
 
 	/* Delayed libp11 initialization */
-	if (!UTIL_CTX_init_libp11(ctx->util_ctx)) {
+	pkcs11_ctx = UTIL_CTX_init_libp11(ctx->util_ctx);
+	if (!pkcs11_ctx) {
 		ENGerr(ENG_F_CTX_LOAD_OBJECT, ENG_R_INVALID_PARAMETER);
 		pthread_mutex_unlock(&ctx->lock);
 		return NULL;
@@ -250,11 +263,13 @@ EVP_PKEY *ENGINE_CTX_load_pubkey(ENGINE_CTX *ctx, const char *s_key_id,
 	orig_callback_data = ctx->callback_data;
 	ctx->ui_method = ui_method;
 	ctx->callback_data = callback_data;
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 
 	evp_pkey = UTIL_CTX_get_pubkey_from_uri(ctx->util_ctx, s_key_id);
 
 	ctx->ui_method = orig_ui_method;
 	ctx->callback_data = orig_callback_data;
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 
 	pthread_mutex_unlock(&ctx->lock);
 
@@ -270,14 +285,16 @@ EVP_PKEY *ENGINE_CTX_load_pubkey(ENGINE_CTX *ctx, const char *s_key_id,
 EVP_PKEY *ENGINE_CTX_load_privkey(ENGINE_CTX *ctx, const char *s_key_id,
 		UI_METHOD *ui_method, void *callback_data)
 {
+	PKCS11_CTX *pkcs11_ctx;
 	UI_METHOD *orig_ui_method;
 	void *orig_callback_data;
 	EVP_PKEY *evp_pkey;
 
 	pthread_mutex_lock(&ctx->lock);
 
 	/* Delayed libp11 initialization */
-	if (!UTIL_CTX_init_libp11(ctx->util_ctx)) {
+	pkcs11_ctx = UTIL_CTX_init_libp11(ctx->util_ctx);
+	if (!pkcs11_ctx) {
 		ENGerr(ENG_F_CTX_LOAD_OBJECT, ENG_R_INVALID_PARAMETER);
 		pthread_mutex_unlock(&ctx->lock);
 		return NULL;
@@ -287,11 +304,13 @@ EVP_PKEY *ENGINE_CTX_load_privkey(ENGINE_CTX *ctx, const char *s_key_id,
 	orig_callback_data = ctx->callback_data;
 	ctx->ui_method = ui_method;
 	ctx->callback_data = callback_data;
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 
 	evp_pkey = UTIL_CTX_get_privkey_from_uri(ctx->util_ctx, s_key_id);
 
 	ctx->ui_method = orig_ui_method;
 	ctx->callback_data = orig_callback_data;
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 
 	pthread_mutex_unlock(&ctx->lock);
 
@@ -321,6 +340,7 @@ static int ENGINE_CTX_ctrl_load_cert(ENGINE_CTX *ctx, void *p)
 		const char *s_slot_cert_id;
 		X509 *cert;
 	} *parms = p;
+	PKCS11_CTX *pkcs11_ctx;
 
 	if (!parms) {
 		ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ERR_R_PASSED_NULL_PARAMETER);
@@ -334,12 +354,15 @@ static int ENGINE_CTX_ctrl_load_cert(ENGINE_CTX *ctx, void *p)
 	pthread_mutex_lock(&ctx->lock);
 
 	/* Delayed libp11 initialization */
-	if (!UTIL_CTX_init_libp11(ctx->util_ctx)) {
+	pkcs11_ctx = UTIL_CTX_init_libp11(ctx->util_ctx);
+	if (!pkcs11_ctx) {
 		ENGerr(ENG_F_CTX_LOAD_OBJECT, ENG_R_INVALID_PARAMETER);
 		pthread_mutex_unlock(&ctx->lock);
 		return 0;
 	}
 
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
+
 	parms->cert = UTIL_CTX_get_cert_from_uri(ctx->util_ctx, parms->s_slot_cert_id);
 
 	pthread_mutex_unlock(&ctx->lock);

src/libp11-int.h

@@ -1,6 +1,6 @@
 /* libp11, a simple layer on to of PKCS#11 API
  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
- * Copyright (C) 2015-2025 Michał Trojnara <Michal.Trojnara@stunnel.org>
+ * Copyright (C) 2015-2018 Michał Trojnara <Michal.Trojnara@stunnel.org>
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -63,9 +63,7 @@ struct pkcs11_ctx_private {
 	void *ui_user_data;
 	unsigned int forkid;
 	pthread_mutex_t fork_lock;
-	void (*vlog_a)(int, const char *, va_list); /* the logging callback */
-	PKCS11_PIN_CB pin_callback; /* the PIN UI callback */
-	void *pin_param;
+	void (*vlog_a)(int, const char *, va_list); /* for the logging callback */
 };
 #define PRIVCTX(_ctx)		((PKCS11_CTX_private *) ((_ctx)->_private))
 
@@ -303,10 +301,6 @@ extern int pkcs11_remove_object(PKCS11_OBJECT_private *object);
 extern int pkcs11_set_ui_method(PKCS11_CTX_private *ctx,
 	UI_METHOD *ui_method, void *ui_user_data);
 
-/* Set PIN UI callback for retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
-extern int pkcs11_set_pin_method(PKCS11_CTX_private *ctx,
-	PKCS11_PIN_CB pin_callback, void *pin_param);
-
 /* Initialize a token */
 extern int pkcs11_init_token(PKCS11_SLOT_private *, const char *pin,
 	const char *label);

src/libp11.exports

@@ -52,4 +52,3 @@ ERR_load_PKCS11_strings
 PKCS11_set_ui_method
 ERR_get_CKR_code
 PKCS11_set_vlog_a_method
-PKCS11_set_pin_method

src/libp11.h

@@ -1,6 +1,5 @@
 /* libp11, a simple layer on to of PKCS#11 API
  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
- * Copyright (C) 2016-2025 Michał Trojnara <Michal.Trojnara@stunnel.org>
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -37,28 +36,6 @@
 extern "C" {
 #endif
 
-#if defined(_LIBP11_INT_H)
-	/* Deprecated functions will no longer be exported in libp11 0.5.0 */
-	/* They are, however, used internally in OpenSSL method definitions */
-#define P11_DEPRECATED(msg)
-#elif defined(_MSC_VER)
-#define P11_DEPRECATED(msg) __declspec(deprecated(msg))
-#elif defined(__GNUC__)
-#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= 40500
-	/* GCC >= 4.5.0 supports printing a message */
-#define P11_DEPRECATED(msg) __attribute__ ((deprecated(msg)))
-#else
-#define P11_DEPRECATED(msg) __attribute__ ((deprecated))
-#endif
-#elif defined(__clang__)
-#define P11_DEPRECATED(msg) __attribute__ ((deprecated(msg)))
-#else
-#define P11_DEPRECATED(msg)
-#endif
-
-#define P11_DEPRECATED_FUNC \
-	P11_DEPRECATED("This function will be removed removed from libp11")
-
 int ERR_load_CKR_strings(void);
 void ERR_unload_CKR_strings(void);
 void ERR_CKR_error(int function, int reason, char *file, int line);
@@ -132,9 +109,6 @@ typedef struct PKCS11_ctx_st {
 /** PKCS11 ASCII logging callback */
 typedef void (*PKCS11_VLOG_A_CB)(int, const char *, va_list);
 
-/** PKCS11 PIN UI callback */
-typedef char *(*PKCS11_PIN_CB)(void *, const char *);
-
 /**
  * Create a new libp11 context
  *
@@ -344,13 +318,9 @@ extern int PKCS11_enumerate_certs_ext(PKCS11_TOKEN *,
 extern int PKCS11_remove_certificate(PKCS11_CERT *);
 
 /* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
-P11_DEPRECATED_FUNC extern int PKCS11_set_ui_method(PKCS11_CTX *ctx,
+extern int PKCS11_set_ui_method(PKCS11_CTX *ctx,
 	UI_METHOD *ui_method, void *ui_user_data);
 
-/* Set PIN UI callback for retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
-extern int PKCS11_set_pin_method(PKCS11_CTX *ctx,
-	PKCS11_PIN_CB pin_callback, void *pin_param);
-
 /**
  * Initialize a token
  *

src/p11_front.c

@@ -1,5 +1,5 @@
 /* libp11, a simple layer on to of PKCS#11 API
- * Copyright (C) 2016-2025 Michał Trojnara <Michal.Trojnara@stunnel.org>
+ * Copyright (C) 2016-2018 Michał Trojnara <Michal.Trojnara@stunnel.org>
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -394,22 +394,11 @@ void ERR_load_PKCS11_strings(void)
 int PKCS11_set_ui_method(PKCS11_CTX *pctx, UI_METHOD *ui_method, void *ui_user_data)
 {
 	PKCS11_CTX_private *ctx = PRIVCTX(pctx);
-
 	if (check_fork(ctx) < 0)
 		return -1;
 	return pkcs11_set_ui_method(ctx, ui_method, ui_user_data);
 }
 
-int PKCS11_set_pin_method(PKCS11_CTX *pctx,
-	PKCS11_PIN_CB pin_callback, void *pin_param)
-{
-	PKCS11_CTX_private *ctx = PRIVCTX(pctx);
-
-	if (check_fork(ctx) < 0)
-		return -1;
-	return pkcs11_set_pin_method(ctx, pin_callback, pin_param);
-}
-
 /* External interface to the deprecated features */
 
 int PKCS11_generate_key(PKCS11_TOKEN *token,

src/p11_key.c

@@ -1,6 +1,6 @@
 /* libp11, a simple layer on to of PKCS#11 API
  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
- * Copyright (C) 2016-2025 Michał Trojnara <Michal.Trojnara@stunnel.org>
+ * Copyright (C) 2016-2024 Michał Trojnara <Michal.Trojnara@stunnel.org>
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -221,17 +221,6 @@ int pkcs11_set_ui_method(PKCS11_CTX_private *ctx,
 	return 0;
 }
 
-/* Set PIN UI callback for retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
-int pkcs11_set_pin_method(PKCS11_CTX_private *ctx,
-	PKCS11_PIN_CB pin_callback, void *pin_param)
-{
-	if (!ctx)
-		return -1;
-	ctx->pin_callback = pin_callback;
-	ctx->pin_param = pin_param;
-	return 0;
-}
-
 /*
  * Find private key matching a certificate
  */
@@ -555,7 +544,9 @@ int pkcs11_authenticate(PKCS11_OBJECT_private *key, CK_SESSION_HANDLE session)
 {
 	PKCS11_SLOT_private *slot = key->slot;
 	PKCS11_CTX_private *ctx = slot->ctx;
-	char *pin;
+	char pin[MAX_PIN_LENGTH+1];
+	char *prompt;
+	UI *ui;
 	int rv;
 
 	/* Handle CKF_PROTECTED_AUTHENTICATION_PATH */
@@ -565,53 +556,36 @@ int pkcs11_authenticate(PKCS11_OBJECT_private *key, CK_SESSION_HANDLE session)
 		return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
 	}
 
-	if (ctx->pin_callback) { /* Use the modern pin_method */
-		pin = ctx->pin_callback(ctx->pin_param, key->label);
-	} else { /* Fall back to the deprecated ui_method */
-		char *prompt;
-		UI *ui;
-
-		/* Call UI to ask for a PIN */
-		pin = OPENSSL_zalloc(MAX_PIN_LENGTH+1);
-		if (!pin)
-			return P11_R_UI_FAILED;
-		ui = UI_new_method(ctx->ui_method);
-		if (!ui) {
-			OPENSSL_free(pin);
-			return P11_R_UI_FAILED;
-		}
-		if (ctx->ui_user_data)
-			UI_add_user_data(ui, ctx->ui_user_data);
-		prompt = UI_construct_prompt(ui, "PKCS#11 key PIN", key->label);
-		if (!prompt) {
-			OPENSSL_free(pin);
-			return P11_R_UI_FAILED;
-		}
-		if (UI_dup_input_string(ui, prompt,
-				UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH) <= 0) {
-			OPENSSL_free(pin);
-			UI_free(ui);
-			OPENSSL_free(prompt);
-			return P11_R_UI_FAILED;
-		}
+	/* Call UI to ask for a PIN */
+	ui = UI_new_method(ctx->ui_method);
+	if (!ui)
+		return P11_R_UI_FAILED;
+	if (ctx->ui_user_data)
+		UI_add_user_data(ui, ctx->ui_user_data);
+	memset(pin, 0, MAX_PIN_LENGTH+1);
+	prompt = UI_construct_prompt(ui, "PKCS#11 key PIN", key->label);
+	if (!prompt) {
+		return P11_R_UI_FAILED;
+	}
+	if (UI_dup_input_string(ui, prompt,
+			UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH) <= 0) {
+		UI_free(ui);
 		OPENSSL_free(prompt);
+		return P11_R_UI_FAILED;
+	}
+	OPENSSL_free(prompt);
 
-		if (UI_process(ui)) {
-			OPENSSL_free(pin);
-			UI_free(ui);
-			return P11_R_UI_FAILED;
-		}
+	if (UI_process(ui)) {
 		UI_free(ui);
-	}
-	if (!pin)
 		return P11_R_UI_FAILED;
+	}
+	UI_free(ui);
 
 	/* Login with the PIN */
 	rv = CRYPTOKI_call(ctx,
 		C_Login(session, CKU_CONTEXT_SPECIFIC,
 			(CK_UTF8CHAR *)pin, (CK_ULONG)strlen(pin)));
 	OPENSSL_cleanse(pin, MAX_PIN_LENGTH+1);
-	OPENSSL_free(pin);
 	return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
 }