Fixed invalid type of argument for HSM_PKCS11_set_attr_int()

src/drivers/pkcs11/pkcs11_hsm_obj.c

@@ -843,7 +843,7 @@ PKI_X509_STACK *HSM_PKCS11_STACK_get_url( PKI_DATATYPE type, URL *url,
 	}
 
 	idx = 0;
-	HSM_PKCS11_set_attr_int(CKA_CLASS,(int) objClass,&templ[idx++]);
+	HSM_PKCS11_set_attr_int(CKA_CLASS, objClass, &templ[idx++]);
 	HSM_PKCS11_set_attr_sn(CKA_LABEL, myLabel, strlen(myLabel), 
 							&templ[idx++]);	
 	HSM_PKCS11_set_attr_sn(CKA_APPLICATION, myLabel, strlen(myLabel), 

src/drivers/pkcs11/pkcs11_hsm_pkey.c

@@ -172,7 +172,7 @@ PKI_RSA_KEY * _pki_pkcs11_rsakey_new( PKI_KEYPARAMS *kp, URL *url,
 	n = 0;
 	//HSM_PKCS11_set_attr_int( CKA_CLASS, CKO_PUBLIC_KEY, &pubTemp[n++]);
 	//HSM_PKCS11_set_attr_int( CKA_KEY_TYPE, CKK_RSA, &pubTemp[n++]);
-	HSM_PKCS11_set_attr_int( CKA_MODULUS_BITS, bits, &pubTemp[n++]);
+	HSM_PKCS11_set_attr_int( CKA_MODULUS_BITS, (CK_ULONG)bits, &pubTemp[n++]);
 
 	HSM_PKCS11_set_attr_bool( CKA_TOKEN, CK_TRUE, &pubTemp[n++]);
 	HSM_PKCS11_set_attr_bool( CKA_ENCRYPT, CK_TRUE, &pubTemp[n++]);

src/drivers/pkcs11/utils/pkcs11_init.c

@@ -852,12 +852,12 @@ int HSM_PKCS11_set_attr_bool (CK_ATTRIBUTE_TYPE type,
 }
 
 int HSM_PKCS11_set_attr_int ( CK_ATTRIBUTE_TYPE type,
-				int value, CK_ATTRIBUTE *attribute ) {
+				CK_ULONG value, CK_ATTRIBUTE *attribute ) {
 
 	if ( !attribute ) return ( PKI_ERR );
 
 	attribute->type = type;
-	attribute->pValue = (void *) PKI_Malloc ( sizeof(int));
+	attribute->pValue = (void *) PKI_Malloc ( sizeof(CK_ULONG));
 	memcpy(attribute->pValue, &value, sizeof(value));
 	attribute->ulValueLen = sizeof( value );
 

src/libpki/drivers/pkcs11/pkcs11_utils.h

@@ -57,7 +57,7 @@ int HSM_PKCS11_set_attribute (CK_OBJECT_HANDLE *hObj,
 int HSM_PKCS11_set_attr_bool (CK_ATTRIBUTE_TYPE type,
 				CK_BBOOL value, CK_ATTRIBUTE *attribute );
 int HSM_PKCS11_set_attr_int ( CK_ATTRIBUTE_TYPE type,
-				int value, CK_ATTRIBUTE *attribute );
+				CK_ULONG value, CK_ATTRIBUTE *attribute );
 int HSM_PKCS11_set_attr_sn ( CK_ATTRIBUTE_TYPE type, char *value, 
 					size_t len,CK_ATTRIBUTE *attribute);
 int HSM_PKCS11_set_attr_bn ( CK_ATTRIBUTE_TYPE type, BIGNUM *bn, 

src/libpki/errors.h

@@ -111,6 +111,21 @@ typedef enum {
 	/* Signatures Related Errors */
 	PKI_ERR_SIGN_,
 	PKI_ERR_SIGN_VERIFY,
+	/* Network Related Errors */
+	PKI_ERR_NET_OPEN,
+	PKI_ERR_NET_,
+	/* SSL/TLS Related Errors */
+	PKI_ERR_NET_SSL_NOT_SUPPORTED,
+	PKI_ERR_NET_SSL_NO_CIPHER,
+	PKI_ERR_NET_SSL_VERIFY,
+	PKI_ERR_NET_SSL_SET_SOCKET,
+	PKI_ERR_NET_SSL_SET_CIPHER,
+	PKI_ERR_NET_SSL_SET_FLAGS,
+	PKI_ERR_NET_SSL_INIT,
+	PKI_ERR_NET_SSL_START,
+	PKI_ERR_NET_SSL_CONNECT,
+	PKI_ERR_NET_SSL_PEER_CERTIFICATE,
+	PKI_ERR_NET_SSL_,
 } PKI_ERR_CODE;
 
 typedef struct pki_err_st {
@@ -227,6 +242,23 @@ const PKI_ERR_ST __libpki_errors_st[] = {
 	/* Signatures Related Errors */
 	{ PKI_ERR_SIGN_, "" },
 	{ PKI_ERR_SIGN_VERIFY, "" },
+	/* Network Related Errors */
+	{ PKI_ERR_NET_OPEN, "Can not open socket connection" },
+	{ PKI_ERR_NET_, "" },
+  /* SSL/TLS Related Errors */
+	{ PKI_ERR_NET_SSL_NOT_SUPPORTED , "Not supported by SSL/TLS" },
+	{ PKI_ERR_NET_SSL_NO_CIPHER , "No valid cipher (algorithm)" },
+	{ PKI_ERR_NET_SSL_VERIFY , "TLS/SSL certificate verify error" },
+	{ PKI_ERR_NET_SSL_SET_SOCKET , "Can not set the socket FD for SSL/TLS" },
+	{ PKI_ERR_NET_SSL_SET_CIPHER , "Can not set the selected ciphers list" },
+	{ PKI_ERR_NET_SSL_SET_FLAGS , "Can not set the selected flags for SSL/TLS" },
+	{ PKI_ERR_NET_SSL_INIT , "Can not init the SSL/TLS protocol" },
+	{ PKI_ERR_NET_SSL_START , "Can not start the SSL/TLS protocol" },
+	{ PKI_ERR_NET_SSL_CONNECT , "Can not connect via SSL/TLS protocol" },
+	{ PKI_ERR_NET_SSL_PEER_CERTIFICATE , "Can not process peer certificate" },
+	{ PKI_ERR_NET_SSL_ , "" },
+	/* List Boundary */
+	{ 0, 0 }
 };
 
 static const int __libpki_err_size = sizeof ( __libpki_errors_st ) / sizeof ( PKI_ERR_ST );

src/libpki/net/ssl.h

@@ -20,26 +20,128 @@
 #include <openssl/ssl.h>
 
 /*! \brief Algorithms for PKI_SSL connections */
-#define PKI_SSL_ALGOR			SSL_METHOD
+typedef SSL_METHOD PKI_SSL_ALGOR;
 
 /* Client Algorithms */
+#define PKI_SSL_CLIENT_ALGOR_UNKNOWN 0
+
+#ifdef SSL2_VERSION
 #define PKI_SSL_CLIENT_ALGOR_SSL2	SSLv2_client_method()
+#else
+#define PKI_SSL_CLIENT_ALGOR_SSL2	PKI_SSL_CLIENT_ALGOR_UNKNOWN
+#endif
+
+#ifdef SSL3_VERSION
 #define PKI_SSL_CLIENT_ALGOR_SSL3	SSLv3_client_method()
+#else
+#define PKI_SSL_CLIENT_ALGOR_SSL3	PKI_SSL_CLIENT_ALGOR_UNKNOWN
+#endif
+
+#ifdef TLS1_VERSION
 #define PKI_SSL_CLIENT_ALGOR_TLS1	TLSv1_client_method()
+#else
+#define PKI_SSL_CLIENT_ALGOR_TLS1	PKI_SSL_CLIENT_ALGOR_UNKNOWN
+#endif
+
+#ifdef TLS1_1_VERSION
+#define PKI_SSL_CLIENT_ALGOR_TLS1_1 TLSv1_1_client_method()
+#else
+#define PKI_SSL_CLIENT_ALGOR_TLS1_1 PKI_SSL_CLIENT_ALGOR_UNKNOWN
+#endif
+
+#ifdef TLS1_2_VERSION
+#define PKI_SSL_CLIENT_ALGOR_TLS1_2 TLSv1_2_client_method()
+#else
+#define PKI_SSL_CLIENT_ALGOR_TLS1_2 PKI_SSL_CLIENT_ALGOR_UNKNOWN
+#endif
+
+#ifdef DTLSv1_client_method
 #define PKI_SSL_CLIENT_ALGOR_DTLS1	DTLSv1_client_method()
+#else
+#define PKI_SSL_CLIENT_ALGOR_DTLS1  PKI_SSL_CLIENT_ALGOR_UNKNOWN
+#endif
+
+/* Generic method that implements all SSLv2, SSLv3, TLSv1.0,
+ * TLSv1.1, and TLSv1.2 */
+#define PKI_SSL_CLIENT_ALGOR_ALL SSLv23_client_method()
+
+/* Default Client Method */
+#define PKI_SSL_CLIENT_ALGOR_DEFAULT PKI_SSL_CLIENT_ALGOR_ALL
 
 /* Server Algorithms */
+#define PKI_SSL_SERVER_ALGOR_UNKNOWN 0
+
+#ifdef SSL2_VERSION
 #define PKI_SSL_SERVER_ALGOR_SSL2	SSLv2_server_method()
+#else
+#define PKI_SSL_SERVER_ALGOR_SSL2	PKI_SSL_SERVER_ALGOR_UNKNOWN
+#endif
+
+#ifdef SSL3_VERSION
 #define PKI_SSL_SERVER_ALGOR_SSL3	SSLv3_server_method()
+#else
+#define PKI_SSL_SERVER_ALGOR_SSL3	PKI_SSL_SERVER_ALGOR_UNKNOWN
+#endif
+
+#ifdef TLS1_VERSION
 #define PKI_SSL_SERVER_ALGOR_TLS1	TLSv1_server_method()
+#else
+#define PKI_SSL_SERVER_ALGOR_TLS1 PKI_SSL_SERVER_ALGOR_UNKNOWN
+#endif
+
+#ifdef TLS1_1_VERSION
+#define PKI_SSL_SERVER_ALGOR_TLS1_1	TLSv1_1_server_method()
+#else
+#define PKI_SSL_SERVER_ALGOR_TLS1_1	PKI_SSL_SERVER_ALGOR_UNKNOWN
+#endif
+
+#ifdef TLS1_2_VERSION
+#define PKI_SSL_SERVER_ALGOR_TLS1_2	TLSv1_2_server_method()
+#else
+#define PKI_SSL_SERVER_ALGOR_TLS1_2	PKI_SSL_SERVER_ALGOR_UNKNOWN
+#endif
+
+#ifdef DTLSv1_server_method
 #define PKI_SSL_SERVER_ALGOR_DTLS1	DTLSv1_server_method()
+#else
+#define PKI_SSL_SERVER_ALGOR_DTLS1	PKI_SSL_SERVER_ALGOR_UNKNOWN
+#endif
+
+/* Generic method that implements all SSLv2, SSLv3, TLSv1.0,
+ * TLSv1.1, and TLSv1.2 */
+#define PKI_SSL_SERVER_ALGOR_ALL	SSLv23_server_method()
+
+/* Default Server Method */
+#define PKI_SSL_SERVER_ALGOR_DEFAULT PKI_SSL_SERVER_ALGOR_TLS1_2
 
 /*! \brief Flags for algorithm exclusion in PKI_SSL connections */
 
 typedef enum {
+#ifdef SSL_OP_NO_SSLv2
 	PKI_SSL_FLAGS_NO_SSL2		= SSL_OP_NO_SSLv2,
+#else
+	PKI_SSL_FLAGS_NO_SSL2		= 0,
+#endif
+#ifdef SSL_OP_NO_SSLv3
 	PKI_SSL_FLAGS_NO_SSL3		= SSL_OP_NO_SSLv3,
+#else
+	PKI_SSL_FLAGS_NO_SSL3		= 0,
+#endif
+#ifdef SSL_OP_NO_TLSv1
 	PKI_SSL_FLAGS_NO_TLS1		= SSL_OP_NO_TLSv1,
+#else
+	PKI_SSL_FLAGS_NO_TLS1		= 0,
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+	PKI_SSL_FLAGS_NO_TLS1_1	= SSL_OP_NO_TLSv1_1,
+#else
+	PKI_SSL_FLAGS_NO_TLS1_1	= 0,
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+	PKI_SSL_FLAGS_NO_TLS1_2	= SSL_OP_NO_TLSv1_2,
+#else
+	PKI_SSL_FLAGS_NO_TLS1_2	= 0,
+#endif
 #ifdef SSL_OP_NO_DTLSv1
 	PKI_SSL_FLAGS_NO_DTLS1		= SSL_OP_NO_DTLSv1,
 #else
@@ -48,18 +150,21 @@ typedef enum {
 
 } PKI_SSL_FLAGS;
 
+#define PKI_SSL_FLAGS_DEFAULT \
+ (PKI_SSL_FLAGS_NO_SSL2 | PKI_SSL_FLAGS_NO_SSL3)
+
 /*! \brief Flags for Verify Behavior: PRQP, CRL, OCSP */
 
 typedef enum {
-	PKI_SSL_VERIFY_NONE			= 0,
-	PKI_SSL_VERIFY_PEER			= 1,
-	PKI_SSL_VERIFY_PEER_REQUIRE		= 2,
-	PKI_SSL_VERIFY_CRL			= 4,
-	PKI_SSL_VERIFY_CRL_REQUIRE		= 8,
-	PKI_SSL_VERIFY_OCSP			= 16,
-	PKI_SSL_VERIFY_OCSP_REQUIRE		= 32,
-	PKI_SSL_VERIFY_NO_SELFSIGNED		= 64,
-	PKI_SSL_VERIFY_ENABLE_PRQP		= 128,
+	PKI_SSL_VERIFY_NONE           = 0,
+	PKI_SSL_VERIFY_PEER           = 1,
+	PKI_SSL_VERIFY_PEER_REQUIRE   = 2,
+	PKI_SSL_VERIFY_CRL            = 4,
+	PKI_SSL_VERIFY_CRL_REQUIRE    = 8,
+	PKI_SSL_VERIFY_OCSP           = 16,
+	PKI_SSL_VERIFY_OCSP_REQUIRE   = 32,
+	PKI_SSL_VERIFY_NO_SELFSIGNED  = 64,
+	PKI_SSL_VERIFY_ENABLE_PRQP    = 128,
 } PKI_SSL_VERIFY;
 
 #define PKI_SSL_VERIFY_NORMAL \
@@ -72,6 +177,52 @@ typedef enum {
 		PKI_SSL_VERIFY_OCSP_REQUIRE | \
 		PKI_SSL_VERIFY_ENABLE_PRQP
 
+/* Ciphers for the different protocols */
+#define PKI_SSL_CIPHERS_SSL3 \
+	"HIGH:MEDIUM:!NULL"
+
+#define PKI_SSL_CIPHERS_TLS1 \
+	"ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA" \
+	":DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA"        \
+	":ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA"    \
+	":ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA"  \
+	":DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA"        \
+	":PSK-AES128-CBC-SHA"
+
+#define PKI_SSL_CIPHERS_TLS1_1 \
+	":TLS_RSA_WITH_IDEA_CBC_SHA:TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:" \
+	":TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:"                          \
+	":ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA"               \
+	":DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA"                       \
+	":ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA"                   \
+	":ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA"                 \
+	":DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA"                       \
+	":PSK-AES128-CBC-SHA"
+
+#define PKI_SSL_CIPHERS_TLS1_2 \
+	"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"  \
+  ":ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384"         \
+	":DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256"           \
+  ":ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384"   \
+	":ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384"           \
+	":ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256" \
+	":ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256"         \
+	":DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256"           \
+	":ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256"   \
+	":ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256"					 \
+	":AES256-GCM-SHA384:AES256-SHA256"                           \
+	":AES128-GCM-SHA256:AES128-SHA256"
+
+#define PKI_SSL_CIPHERS_ALL \
+	PKI_SSL_CIPHERS_TLS1_2    \
+	PKI_SSL_CIPHERS_TLS1_1    \
+	PKI_SSL_CIPHERS_TLS1      \
+	PKI_SSL_CIPHERS_SSL3
+
+/* Default SSL/TLS Ciphers */
+#define PKI_SSL_CIPHERS_DEFAULT \
+	PKI_SSL_CIPHERS_TLS1_2
+
 /*! \brief PKI_SSL data structure for SSL/TLS */
 
 typedef struct  pki_ssl_t {
@@ -86,7 +237,7 @@ typedef struct  pki_ssl_t {
 	SSL *ssl;
 	SSL_CTX *ssl_ctx;
 	char *cipher;
-	PKI_SSL_ALGOR *algor;
+	const PKI_SSL_ALGOR *algor;
 
 	/* Pointer to the PKI_TOKEN to be used for the communication */
 	struct pki_token_st *tk;
@@ -117,7 +268,7 @@ typedef struct  pki_ssl_t {
 #include <libpki/net/url.h>
 
 /* SSL helper functions */
-PKI_SSL * PKI_SSL_new ( PKI_SSL_ALGOR *algor );
+PKI_SSL * PKI_SSL_new ( const PKI_SSL_ALGOR *algor );
 PKI_SSL *PKI_SSL_dup ( PKI_SSL *ssl );
 void PKI_SSL_free ( PKI_SSL *ssl );