Changeset View
Changeset View
Standalone View
Standalone View
projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c
Show First 20 Lines • Show All 207 Lines • ▼ Show 20 Lines | |||||
p11_rsa_finish(RSA *rsa) | p11_rsa_finish(RSA *rsa) | ||||
{ | { | ||||
struct p11_rsa *p11rsa = RSA_get_app_data(rsa); | struct p11_rsa *p11rsa = RSA_get_app_data(rsa); | ||||
p11_release_module(p11rsa->p); | p11_release_module(p11rsa->p); | ||||
free(p11rsa); | free(p11rsa); | ||||
return 1; | return 1; | ||||
} | } | ||||
static const RSA_METHOD p11_rsa_pkcs1_method = { | static const RSA_METHOD * | ||||
"hx509 PKCS11 PKCS#1 RSA", | get_p11_rsa_pkcs1_method(void) | ||||
p11_rsa_public_encrypt, | { | ||||
p11_rsa_public_decrypt, | static const RSA_METHOD *p11_rsa_pkcs1_method; | ||||
p11_rsa_private_encrypt, | RSA_METHOD *new_method; | ||||
p11_rsa_private_decrypt, | |||||
NULL, | |||||
NULL, | |||||
p11_rsa_init, | |||||
p11_rsa_finish, | |||||
0, | |||||
NULL, | |||||
NULL, | |||||
NULL | |||||
}; | |||||
if (p11_rsa_pkcs1_method != NULL) | |||||
return p11_rsa_pkcs1_method; | |||||
new_method = RSA_meth_new("hx509 PKCS11 PKCS#1 RSA", 0); | |||||
if (new_method == NULL) | |||||
return NULL; | |||||
if (RSA_meth_set_pub_enc(new_method, p11_rsa_public_encrypt) != 1) | |||||
goto out; | |||||
if (RSA_meth_set_pub_dec(new_method, p11_rsa_public_decrypt) != 1) | |||||
goto out; | |||||
if (RSA_meth_set_priv_enc(new_method, p11_rsa_private_encrypt) != 1) | |||||
goto out; | |||||
if (RSA_meth_set_priv_dec(new_method, p11_rsa_private_decrypt) != 1) | |||||
goto out; | |||||
if (RSA_meth_set_init(new_method, p11_rsa_init) != 1) | |||||
goto out; | |||||
if (RSA_meth_set_finish(new_method, p11_rsa_finish) != 1) | |||||
goto out; | |||||
/* | /* | ||||
* This might overwrite a previously-created method if multiple | |||||
* threads invoke this concurrently which will leak memory. | |||||
*/ | |||||
p11_rsa_pkcs1_method = new_method; | |||||
return p11_rsa_pkcs1_method; | |||||
out: | |||||
RSA_meth_free(new_method); | |||||
return NULL; | |||||
} | |||||
/* | |||||
* | * | ||||
*/ | */ | ||||
static int | static int | ||||
p11_mech_info(hx509_context context, | p11_mech_info(hx509_context context, | ||||
struct p11_module *p, | struct p11_module *p, | ||||
struct p11_slot *slot, | struct p11_slot *slot, | ||||
int num) | int num) | ||||
▲ Show 20 Lines • Show All 361 Lines • ▼ Show 20 Lines | collect_private_key(hx509_context context, | ||||
CK_SESSION_HANDLE session, | CK_SESSION_HANDLE session, | ||||
CK_OBJECT_HANDLE object, | CK_OBJECT_HANDLE object, | ||||
void *ptr, CK_ATTRIBUTE *query, int num_query) | void *ptr, CK_ATTRIBUTE *query, int num_query) | ||||
{ | { | ||||
struct hx509_collector *collector = ptr; | struct hx509_collector *collector = ptr; | ||||
hx509_private_key key; | hx509_private_key key; | ||||
heim_octet_string localKeyId; | heim_octet_string localKeyId; | ||||
int ret; | int ret; | ||||
const RSA_METHOD *meth; | |||||
BIGNUM *n, *e; | |||||
RSA *rsa; | RSA *rsa; | ||||
struct p11_rsa *p11rsa; | struct p11_rsa *p11rsa; | ||||
localKeyId.data = query[0].pValue; | localKeyId.data = query[0].pValue; | ||||
localKeyId.length = query[0].ulValueLen; | localKeyId.length = query[0].ulValueLen; | ||||
ret = hx509_private_key_init(&key, NULL, NULL); | ret = hx509_private_key_init(&key, NULL, NULL); | ||||
if (ret) | if (ret) | ||||
return ret; | return ret; | ||||
rsa = RSA_new(); | rsa = RSA_new(); | ||||
if (rsa == NULL) | if (rsa == NULL) | ||||
_hx509_abort("out of memory"); | _hx509_abort("out of memory"); | ||||
/* | /* | ||||
* The exponent and modulus should always be present according to | * The exponent and modulus should always be present according to | ||||
* the pkcs11 specification, but some smartcards leaves it out, | * the pkcs11 specification, but some smartcards leaves it out, | ||||
* let ignore any failure to fetch it. | * let ignore any failure to fetch it. | ||||
*/ | */ | ||||
rsa->n = getattr_bn(p, slot, session, object, CKA_MODULUS); | n = getattr_bn(p, slot, session, object, CKA_MODULUS); | ||||
rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT); | e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT); | ||||
if (RSA_set0_key(rsa, n, e, NULL) != 1) { | |||||
BN_free(n); | |||||
BN_free(e); | |||||
RSA_free(rsa); | |||||
hx509_private_key_free(&key); | |||||
return EINVAL; | |||||
} | |||||
p11rsa = calloc(1, sizeof(*p11rsa)); | p11rsa = calloc(1, sizeof(*p11rsa)); | ||||
if (p11rsa == NULL) | if (p11rsa == NULL) | ||||
_hx509_abort("out of memory"); | _hx509_abort("out of memory"); | ||||
p11rsa->p = p; | p11rsa->p = p; | ||||
p11rsa->slot = slot; | p11rsa->slot = slot; | ||||
p11rsa->private_key = object; | p11rsa->private_key = object; | ||||
if (p->ref == 0) | if (p->ref == 0) | ||||
_hx509_abort("pkcs11 ref == 0 on alloc"); | _hx509_abort("pkcs11 ref == 0 on alloc"); | ||||
p->ref++; | p->ref++; | ||||
if (p->ref == UINT_MAX) | if (p->ref == UINT_MAX) | ||||
_hx509_abort("pkcs11 ref == UINT_MAX on alloc"); | _hx509_abort("pkcs11 ref == UINT_MAX on alloc"); | ||||
RSA_set_method(rsa, &p11_rsa_pkcs1_method); | meth = get_p11_rsa_pkcs1_method(); | ||||
if (meth == NULL) | |||||
_hx509_abort("failed to create RSA method"); | |||||
RSA_set_method(rsa, meth); | |||||
ret = RSA_set_app_data(rsa, p11rsa); | ret = RSA_set_app_data(rsa, p11rsa); | ||||
if (ret != 1) | if (ret != 1) | ||||
_hx509_abort("RSA_set_app_data"); | _hx509_abort("RSA_set_app_data"); | ||||
hx509_private_key_assign_rsa(key, rsa); | hx509_private_key_assign_rsa(key, rsa); | ||||
ret = _hx509_collector_private_key_add(context, | ret = _hx509_collector_private_key_add(context, | ||||
collector, | collector, | ||||
▲ Show 20 Lines • Show All 536 Lines • Show Last 20 Lines |