| version 1.33, 2019/01/20 23:08:24 |
version 1.34, 2019/01/20 23:10:33 |
|
|
| struct pkcs11_key { |
struct pkcs11_key { |
| struct pkcs11_provider *provider; |
struct pkcs11_provider *provider; |
| CK_ULONG slotidx; |
CK_ULONG slotidx; |
| int (*orig_finish)(RSA *rsa); |
|
| RSA_METHOD *rsa_method; |
RSA_METHOD *rsa_method; |
| EC_KEY_METHOD *ec_key_method; |
EC_KEY_METHOD *ec_key_method; |
| char *keyid; |
char *keyid; |
|
|
| } |
} |
| |
|
| #ifdef HAVE_DLOPEN |
#ifdef HAVE_DLOPEN |
| /* openssl callback for freeing an RSA key */ |
/* release a wrapped object */ |
| static int |
static void |
| pkcs11_rsa_finish(RSA *rsa) |
pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, |
| |
long argl, void *argp) |
| { |
{ |
| struct pkcs11_key *k11; |
struct pkcs11_key *k11 = ptr; |
| int rv = -1; |
|
| |
|
| if ((k11 = RSA_get_app_data(rsa)) != NULL) { |
debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx); |
| if (k11->orig_finish) |
if (k11 == NULL) |
| rv = k11->orig_finish(rsa); |
return; |
| if (k11->provider) |
if (k11->provider) |
| pkcs11_provider_unref(k11->provider); |
pkcs11_provider_unref(k11->provider); |
| RSA_meth_free(k11->rsa_method); |
free(k11->keyid); |
| free(k11->keyid); |
free(k11); |
| free(k11); |
|
| } |
|
| return (rv); |
|
| } |
} |
| |
|
| /* find a single 'obj' for given attributes */ |
/* find a single 'obj' for given attributes */ |
|
|
| } |
} |
| |
|
| static RSA_METHOD *rsa_method; |
static RSA_METHOD *rsa_method; |
| |
static int rsa_idx = 0; |
| |
|
| static int |
static int |
| pkcs11_rsa_start_wrapper(void) |
pkcs11_rsa_start_wrapper(void) |
|
|
| rsa_method = RSA_meth_dup(RSA_get_default_method()); |
rsa_method = RSA_meth_dup(RSA_get_default_method()); |
| if (rsa_method == NULL) |
if (rsa_method == NULL) |
| return (-1); |
return (-1); |
| |
rsa_idx = RSA_get_ex_new_index(0, "ssh-pkcs11-rsa", |
| |
NULL, NULL, pkcs11_k11_free); |
| |
if (rsa_idx == -1) |
| |
return (-1); |
| if (!RSA_meth_set1_name(rsa_method, "pkcs11") || |
if (!RSA_meth_set1_name(rsa_method, "pkcs11") || |
| !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || |
!RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || |
| !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt) || |
!RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) { |
| !RSA_meth_set_finish(rsa_method, pkcs11_rsa_finish)) { |
|
| error("%s: setup pkcs11 method failed", __func__); |
error("%s: setup pkcs11 method failed", __func__); |
| return (-1); |
return (-1); |
| } |
} |
|
|
| |
|
| k11->rsa_method = rsa_method; |
k11->rsa_method = rsa_method; |
| RSA_set_method(rsa, k11->rsa_method); |
RSA_set_method(rsa, k11->rsa_method); |
| RSA_set_ex_data(rsa, 0, k11); |
RSA_set_ex_data(rsa, rsa_idx, k11); |
| return (0); |
return (0); |
| } |
} |
| |
|
|
|
| |
|
| static EC_KEY_METHOD *ec_key_method; |
static EC_KEY_METHOD *ec_key_method; |
| static int ec_key_idx = 0; |
static int ec_key_idx = 0; |
| |
|
| static void |
|
| pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, |
|
| long argl, void *argp) |
|
| { |
|
| struct pkcs11_key *k11 = ptr; |
|
| |
|
| if (k11 == NULL) |
|
| return; |
|
| if (k11->provider) |
|
| pkcs11_provider_unref(k11->provider); |
|
| free(k11->keyid); |
|
| free(k11); |
|
| } |
|
| |
|
| static int |
static int |
| pkcs11_ecdsa_start_wrapper(void) |
pkcs11_ecdsa_start_wrapper(void) |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-pkcs11.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh