version 1.33, 2019/01/20 23:08:24 |
version 1.34, 2019/01/20 23:10:33 |
|
|
struct pkcs11_key { |
struct pkcs11_key { |
struct pkcs11_provider *provider; |
struct pkcs11_provider *provider; |
CK_ULONG slotidx; |
CK_ULONG slotidx; |
int (*orig_finish)(RSA *rsa); |
|
RSA_METHOD *rsa_method; |
RSA_METHOD *rsa_method; |
EC_KEY_METHOD *ec_key_method; |
EC_KEY_METHOD *ec_key_method; |
char *keyid; |
char *keyid; |
|
|
} |
} |
|
|
#ifdef HAVE_DLOPEN |
#ifdef HAVE_DLOPEN |
/* openssl callback for freeing an RSA key */ |
/* release a wrapped object */ |
static int |
static void |
pkcs11_rsa_finish(RSA *rsa) |
pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, |
|
long argl, void *argp) |
{ |
{ |
struct pkcs11_key *k11; |
struct pkcs11_key *k11 = ptr; |
int rv = -1; |
|
|
|
if ((k11 = RSA_get_app_data(rsa)) != NULL) { |
debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx); |
if (k11->orig_finish) |
if (k11 == NULL) |
rv = k11->orig_finish(rsa); |
return; |
if (k11->provider) |
if (k11->provider) |
pkcs11_provider_unref(k11->provider); |
pkcs11_provider_unref(k11->provider); |
RSA_meth_free(k11->rsa_method); |
free(k11->keyid); |
free(k11->keyid); |
free(k11); |
free(k11); |
|
} |
|
return (rv); |
|
} |
} |
|
|
/* find a single 'obj' for given attributes */ |
/* find a single 'obj' for given attributes */ |
|
|
} |
} |
|
|
static RSA_METHOD *rsa_method; |
static RSA_METHOD *rsa_method; |
|
static int rsa_idx = 0; |
|
|
static int |
static int |
pkcs11_rsa_start_wrapper(void) |
pkcs11_rsa_start_wrapper(void) |
|
|
rsa_method = RSA_meth_dup(RSA_get_default_method()); |
rsa_method = RSA_meth_dup(RSA_get_default_method()); |
if (rsa_method == NULL) |
if (rsa_method == NULL) |
return (-1); |
return (-1); |
|
rsa_idx = RSA_get_ex_new_index(0, "ssh-pkcs11-rsa", |
|
NULL, NULL, pkcs11_k11_free); |
|
if (rsa_idx == -1) |
|
return (-1); |
if (!RSA_meth_set1_name(rsa_method, "pkcs11") || |
if (!RSA_meth_set1_name(rsa_method, "pkcs11") || |
!RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || |
!RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || |
!RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt) || |
!RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) { |
!RSA_meth_set_finish(rsa_method, pkcs11_rsa_finish)) { |
|
error("%s: setup pkcs11 method failed", __func__); |
error("%s: setup pkcs11 method failed", __func__); |
return (-1); |
return (-1); |
} |
} |
|
|
|
|
k11->rsa_method = rsa_method; |
k11->rsa_method = rsa_method; |
RSA_set_method(rsa, k11->rsa_method); |
RSA_set_method(rsa, k11->rsa_method); |
RSA_set_ex_data(rsa, 0, k11); |
RSA_set_ex_data(rsa, rsa_idx, k11); |
return (0); |
return (0); |
} |
} |
|
|
|
|
|
|
static EC_KEY_METHOD *ec_key_method; |
static EC_KEY_METHOD *ec_key_method; |
static int ec_key_idx = 0; |
static int ec_key_idx = 0; |
|
|
static void |
|
pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, |
|
long argl, void *argp) |
|
{ |
|
struct pkcs11_key *k11 = ptr; |
|
|
|
if (k11 == NULL) |
|
return; |
|
if (k11->provider) |
|
pkcs11_provider_unref(k11->provider); |
|
free(k11->keyid); |
|
free(k11); |
|
} |
|
|
|
static int |
static int |
pkcs11_ecdsa_start_wrapper(void) |
pkcs11_ecdsa_start_wrapper(void) |