summaryrefslogtreecommitdiff
path: root/usr/src/lib/libkmf/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/libkmf/plugins')
-rw-r--r--usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers3
-rw-r--r--usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c53
-rw-r--r--usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c51
3 files changed, 24 insertions, 83 deletions
diff --git a/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers b/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers
index 08ad0b561f..ce6d8d9aa2 100644
--- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers
+++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
@@ -48,7 +48,6 @@ SUNWprivate_1.1 {
OpenSSL_GetSymKeyValue;
OpenSSL_ImportCRL;
OpenSSL_IsCRLFile;
- OpenSSL_IsCertFile;
OpenSSL_ListCRL;
OpenSSL_SignData;
OpenSSL_StoreCert;
diff --git a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
index 78f9af1665..fb5af181d1 100644
--- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
+++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
@@ -4716,57 +4716,6 @@ out:
return (ret);
}
-/*
- * Check a file to see if it is a certficate file with PEM or DER format.
- * If success, return its format in the pformat argument.
- */
-KMF_RETURN
-OpenSSL_IsCertFile(KMF_HANDLE_T handle, char *filename,
- KMF_ENCODE_FORMAT *pformat)
-{
- KMF_RETURN ret = KMF_OK;
- KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
- BIO *bio = NULL;
- X509 *xcert = NULL;
-
- if (filename == NULL) {
- return (KMF_ERR_BAD_PARAMETER);
- }
-
- ret = kmf_get_file_format(filename, pformat);
- if (ret != KMF_OK)
- return (ret);
-
- bio = BIO_new_file(filename, "rb");
- if (bio == NULL) {
- SET_ERROR(kmfh, ERR_get_error());
- ret = KMF_ERR_OPEN_FILE;
- goto out;
- }
-
- if ((*pformat) == KMF_FORMAT_PEM) {
- if ((xcert = PEM_read_bio_X509(bio, NULL,
- NULL, NULL)) == NULL) {
- ret = KMF_ERR_BAD_CERTFILE;
- }
- } else if ((*pformat) == KMF_FORMAT_ASN1) {
- if ((xcert = d2i_X509_bio(bio, NULL)) == NULL) {
- ret = KMF_ERR_BAD_CERTFILE;
- }
- } else {
- ret = KMF_ERR_BAD_CERTFILE;
- }
-
-out:
- if (bio != NULL)
- (void) BIO_free(bio);
-
- if (xcert != NULL)
- X509_free(xcert);
-
- return (ret);
-}
-
KMF_RETURN
OpenSSL_GetSymKeyValue(KMF_HANDLE_T handle, KMF_KEY_HANDLE *symkey,
KMF_RAW_SYM_KEY *rkey)
diff --git a/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c b/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c
index 6cf3de2517..ad4043c065 100644
--- a/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c
+++ b/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c
@@ -2630,7 +2630,7 @@ KMFPK11_FindKey(KMF_HANDLE_T handle,
boolean_t is_token = B_TRUE, is_private = B_FALSE;
KMF_KEY_HANDLE *keys;
uint32_t *numkeys;
- KMF_CREDENTIAL cred;
+ KMF_CREDENTIAL *cred = NULL;
KMF_KEY_CLASS keyclass = KMF_KEYCLASS_NONE;
char *findLabel, *idstr;
KMF_KEY_ALG keytype = KMF_KEYALG_NONE;
@@ -2733,15 +2733,11 @@ KMFPK11_FindKey(KMF_HANDLE_T handle,
* Authenticate if the object is a token object,
* a private or secred key, or if the user passed in credentials.
*/
- if ((rv = kmf_get_attr(KMF_CREDENTIAL_ATTR, attrlist, numattr,
- (void *)&cred, NULL)) == KMF_OK) {
- if (cred.credlen > 0) {
- rv = pk11_authenticate(handle, &cred);
- if (rv != KMF_OK)
- return (rv);
- }
- } else {
- rv = KMF_OK; /* cred is optional */
+ cred = kmf_get_attr_ptr(KMF_CREDENTIAL_ATTR, attrlist, numattr);
+ if (cred != NULL && (cred->credlen > 0)) {
+ rv = pk11_authenticate(handle, cred);
+ if (rv != KMF_OK)
+ return (rv);
}
keys = kmf_get_attr_ptr(KMF_KEY_HANDLE_ATTR, attrlist, numattr);
@@ -3156,7 +3152,7 @@ KMFPK11_CreateSymKey(KMF_HANDLE_T handle,
uint32_t attrkeylen = 0;
uint32_t keylen_size = sizeof (uint32_t);
char *keylabel = NULL;
- KMF_CREDENTIAL cred;
+ KMF_CREDENTIAL *cred = NULL;
uint32_t is_sensitive = B_FALSE;
uint32_t is_not_extractable = B_FALSE;
@@ -3324,12 +3320,11 @@ KMFPK11_CreateSymKey(KMF_HANDLE_T handle,
SETATTR(templ, i, CKA_VERIFY, &true, sizeof (true));
i++;
- rv = kmf_get_attr(KMF_CREDENTIAL_ATTR, attrlist, numattr,
- (void *)&cred, NULL);
- if (rv != KMF_OK)
+ cred = kmf_get_attr_ptr(KMF_CREDENTIAL_ATTR, attrlist, numattr);
+ if (cred == NULL)
return (KMF_ERR_BAD_PARAMETER);
- rv = pk11_authenticate(handle, &cred);
+ rv = pk11_authenticate(handle, cred);
if (rv != KMF_OK) {
return (rv);
}
@@ -3414,21 +3409,19 @@ KMFPK11_SetTokenPin(KMF_HANDLE_T handle,
CK_RV rv = CKR_OK;
KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
CK_SESSION_HANDLE session = NULL;
- KMF_CREDENTIAL oldcred = {NULL, 0};
- KMF_CREDENTIAL newcred = {NULL, 0};
+ KMF_CREDENTIAL *oldcred;
+ KMF_CREDENTIAL *newcred;
CK_SLOT_ID slotid;
if (handle == NULL || attrlist == NULL || numattr == 0)
return (KMF_ERR_BAD_PARAMETER);
- rv = kmf_get_attr(KMF_CREDENTIAL_ATTR, attrlist, numattr,
- (void *)&oldcred, NULL);
- if (rv != KMF_OK)
+ oldcred = kmf_get_attr_ptr(KMF_CREDENTIAL_ATTR, attrlist, numattr);
+ if (oldcred == NULL)
return (KMF_ERR_BAD_PARAMETER);
- rv = kmf_get_attr(KMF_NEWPIN_ATTR, attrlist, numattr,
- (void *)&newcred, NULL);
- if (rv != KMF_OK)
+ newcred = kmf_get_attr_ptr(KMF_NEWPIN_ATTR, attrlist, numattr);
+ if (newcred == NULL)
return (KMF_ERR_BAD_PARAMETER);
rv = kmf_get_attr(KMF_SLOT_ID_ATTR, attrlist, numattr,
@@ -3439,10 +3432,10 @@ KMFPK11_SetTokenPin(KMF_HANDLE_T handle,
* If a slot wasn't given, the user must pass
* a token label so we can find the slot here.
*/
- rv = kmf_get_string_attr(KMF_TOKEN_LABEL_ATTR, attrlist,
- numattr, &tokenlabel);
- if (rv != KMF_OK)
- return (rv);
+ tokenlabel = kmf_get_attr_ptr(KMF_TOKEN_LABEL_ATTR, attrlist,
+ numattr);
+ if (tokenlabel == NULL)
+ return (KMF_ERR_BAD_PARAMETER);
rv = kmf_pk11_token_lookup(handle, tokenlabel, &slotid);
if (rv != KMF_OK)
@@ -3458,8 +3451,8 @@ KMFPK11_SetTokenPin(KMF_HANDLE_T handle,
}
rv = C_SetPIN(session,
- (CK_BYTE *)oldcred.cred, oldcred.credlen,
- (CK_BYTE *)newcred.cred, newcred.credlen);
+ (CK_BYTE *)oldcred->cred, oldcred->credlen,
+ (CK_BYTE *)newcred->cred, newcred->credlen);
if (rv != CKR_OK) {
SET_ERROR(kmfh, rv);
generated by cgit v1.2.3 (git 2.46.0) at 2025-11-02 12:40:20 +0000