summaryrefslogtreecommitdiff
path: root/usr/src
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src')
-rw-r--r--usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h4
-rw-r--r--usr/src/lib/libelfsign/common/elfcertlib.c14
-rw-r--r--usr/src/lib/libkmf/include/kmfapi.h44
-rw-r--r--usr/src/lib/libkmf/include/kmftypes.h144
-rw-r--r--usr/src/lib/libkmf/libkmf/common/certop.c155
-rw-r--r--usr/src/lib/libkmf/libkmf/common/csrcrlop.c27
-rw-r--r--usr/src/lib/libkmf/libkmf/common/generalop.c143
-rw-r--r--usr/src/lib/libkmf/libkmf/common/keyop.c252
-rw-r--r--usr/src/lib/libkmf/libkmf/common/mapfile-vers27
-rw-r--r--usr/src/lib/libkmf/libkmf/common/rdn_parser.c14
10 files changed, 41 insertions, 783 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h
index 05b8923d2b..2029365f56 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h
+++ b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h
@@ -20,7 +20,7 @@
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -44,7 +44,7 @@ extern "C" {
#define MAX_CHAIN_LENGTH 12
#define REPORT_KMF_ERROR(r, t, e) { \
- (void) KMF_GetKMFErrorString(r, &e); \
+ (void) kmf_get_kmf_error_str(r, &e); \
(void) fprintf(stderr, t ": %s\n", \
(e != NULL ? e : "<unknown error>")); \
if (e) free(e); \
diff --git a/usr/src/lib/libelfsign/common/elfcertlib.c b/usr/src/lib/libelfsign/common/elfcertlib.c
index 98d71d0fd0..b4b8445117 100644
--- a/usr/src/lib/libelfsign/common/elfcertlib.c
+++ b/usr/src/lib/libelfsign/common/elfcertlib.c
@@ -20,7 +20,7 @@
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -154,9 +154,15 @@ elfcertlib_verifycert(ELFsign_t ess, ELFCert_t cert)
}
if (SECACERT != NULL) {
- rv = KMF_VerifyCertWithCert(ess->es_kmfhandle,
- (const KMF_DATA *)&cert->c_cert,
- (const KMF_DATA *)&SECACERT->c_cert.certificate);
+ numattr = 0;
+ kmf_set_attr_at_index(attrlist, numattr++,
+ KMF_CERT_DATA_ATTR, &cert->c_cert.certificate,
+ sizeof (KMF_DATA));
+ kmf_set_attr_at_index(attrlist, numattr++,
+ KMF_SIGNER_CERT_DATA_ATTR, &SECACERT->c_cert.certificate,
+ sizeof (KMF_DATA));
+
+ rv = kmf_verify_cert(ess->es_kmfhandle, numattr, attrlist);
if (rv == KMF_OK) {
if (ess->es_certCAcallback != NULL)
(ess->es_certvercallback)(ess->es_callbackctx,
diff --git a/usr/src/lib/libkmf/include/kmfapi.h b/usr/src/lib/libkmf/include/kmfapi.h
index 032e23c87f..13205ea7ed 100644
--- a/usr/src/lib/libkmf/include/kmfapi.h
+++ b/usr/src/lib/libkmf/include/kmfapi.h
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
*
@@ -340,48 +340,6 @@ KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t);
void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE,
void *, uint32_t);
-/*
- * Legacy support only - do not use these APIs - they can be removed at any
- * time.
- */
-extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *);
-extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
-extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T,
- KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
-extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *);
-extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T);
-extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *,
- KMF_X509_DER_CERT *, uint32_t *);
-extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *,
- KMF_KEY_HANDLE *, uint32_t *);
-extern void KMF_FreeData(KMF_DATA *);
-extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
-extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *);
-extern void KMF_FreeSignedCSR(KMF_CSR_DATA *);
-extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **);
-extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
-extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
-extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **);
-extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *);
-extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *);
-extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
- KMF_CSR_DATA *);
-extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *,
- KMF_ALGORITHM_INDEX);
-extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *);
-extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t);
-extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *,
- KMF_KEY_HANDLE *, KMF_DATA *);
-extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
- KMF_OID *, KMF_DATA *, KMF_DATA *);
-extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *,
- const KMF_DATA *);
-extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T,
- KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *,
- const KMF_DATA *);
-
#ifdef __cplusplus
}
#endif
diff --git a/usr/src/lib/libkmf/include/kmftypes.h b/usr/src/lib/libkmf/include/kmftypes.h
index 98d2beccc0..dbbf680537 100644
--- a/usr/src/lib/libkmf/include/kmftypes.h
+++ b/usr/src/lib/libkmf/include/kmftypes.h
@@ -2,7 +2,7 @@
* Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -128,7 +128,6 @@ typedef enum {
KMF_ALGID_SHA1WithDSA
} KMF_ALGORITHM_INDEX;
-
/*
* Generic credential structure used by other structures below
* to convey authentication information to the underlying
@@ -164,7 +163,6 @@ typedef enum {
KMF_CRL = 2
}KMF_OBJECT_TYPE;
-
typedef struct {
KMF_BIGINT mod;
KMF_BIGINT pubexp;
@@ -1212,146 +1210,6 @@ KMFOID_MS_KP_SCLogon_UPN;
#define KMF_EKU_TIMESTAMP 0x10
#define KMF_EKU_OCSPSIGNING 0x20
-
-/*
- * Legacy support only - do not use these data structures - they can be
- * removed at any time.
- */
-
-/* Keystore Configuration */
-typedef struct {
- char *configdir;
- char *certPrefix;
- char *keyPrefix;
- char *secModName;
-} KMF_NSS_CONFIG;
-
-typedef struct {
- char *label;
- boolean_t readonly;
-} KMF_PKCS11_CONFIG;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- union {
- KMF_NSS_CONFIG nss_conf;
- KMF_PKCS11_CONFIG pkcs11_conf;
- } ks_config_u;
-} KMF_CONFIG_PARAMS;
-
-#define nssconfig ks_config_u.nss_conf
-#define pkcs11config ks_config_u.pkcs11_conf
-
-
-typedef struct
-{
- char *trustflag;
- char *slotlabel; /* "internal" by default */
- int issuerId;
- int subjectId;
- char *crlfile; /* for ImportCRL */
- boolean_t crl_check; /* for ImportCRL */
-
- /*
- * The following 2 variables are for FindCertInCRL. The caller can
- * either specify certLabel or provide the entire certificate in
- * DER format as input.
- */
- char *certLabel; /* for FindCertInCRL */
- KMF_DATA *certificate; /* for FindCertInCRL */
-
- /*
- * crl_subjName and crl_issuerName are used as the CRL deletion
- * criteria. One should be non-NULL and the other one should be NULL.
- * If crl_subjName is not NULL, then delete CRL by the subject name.
- * Othewise, delete by the issuer name.
- */
- char *crl_subjName;
- char *crl_issuerName;
-} KMF_NSS_PARAMS;
-
-typedef struct {
- char *dirpath;
- char *certfile;
- char *crlfile;
- char *keyfile;
- char *outcrlfile;
- boolean_t crl_check; /* CRL import check; default is true */
- KMF_ENCODE_FORMAT format; /* output file format */
-} KMF_OPENSSL_PARAMS;
-
-typedef struct {
- boolean_t private; /* for finding CKA_PRIVATE objects */
- boolean_t sensitive;
- boolean_t not_extractable;
- boolean_t token; /* true == token object, false == session */
-} KMF_PKCS11_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- char *certLabel;
- char *issuer;
- char *subject;
- char *idstr;
- KMF_BIGINT *serial;
- KMF_CERT_VALIDITY find_cert_validity;
-
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- KMF_PKCS11_PARAMS pkcs11_opts;
- } ks_opt_u;
-} KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_CREDENTIAL cred;
- KMF_KEY_CLASS keyclass;
- KMF_KEY_ALG keytype;
- KMF_ENCODE_FORMAT format; /* for key */
- char *findLabel;
- char *idstr;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- KMF_PKCS11_PARAMS pkcs11_opts;
- } ks_opt_u;
-} KMF_FINDKEY_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_KEY_ALG keytype;
- uint32_t keylength;
- char *keylabel;
- KMF_CREDENTIAL cred;
- KMF_BIGINT rsa_exponent;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- }ks_opt_u;
-} KMF_CREATEKEYPAIR_PARAMS;
-
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_CREDENTIAL cred;
- KMF_ENCODE_FORMAT format; /* for key */
- char *certLabel;
- KMF_ALGORITHM_INDEX algid;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- }ks_opt_u;
-} KMF_CRYPTOWITHCERT_PARAMS;
-
-typedef struct {
- char *crl_name;
-} KMF_CHECKCRLDATE_PARAMS;
-
-#define nssparms ks_opt_u.nss_opts
-#define sslparms ks_opt_u.openssl_opts
-#define pkcs11parms ks_opt_u.pkcs11_opts
-
#ifdef __cplusplus
}
#endif
diff --git a/usr/src/lib/libkmf/libkmf/common/certop.c b/usr/src/lib/libkmf/libkmf/common/certop.c
index 82013e36dd..da56202051 100644
--- a/usr/src/lib/libkmf/libkmf/common/certop.c
+++ b/usr/src/lib/libkmf/libkmf/common/certop.c
@@ -17,9 +17,8 @@
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
- */
-/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -3192,153 +3191,3 @@ cleanup:
return (ret);
}
-
-/*
- * Phase 1 APIs still needed to maintain compat with elfsign.
- */
-KMF_RETURN
-KMF_VerifyDataWithCert(KMF_HANDLE_T handle,
- KMF_KEYSTORE_TYPE kstype,
- KMF_ALGORITHM_INDEX algid,
- KMF_DATA *indata,
- KMF_DATA *insig,
- const KMF_DATA *SignerCert)
-{
- KMF_ATTRIBUTE attrlist[8];
- int numattr = 0;
-
- kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR,
- &kstype, sizeof (kstype));
- numattr++;
-
- kmf_set_attr_at_index(attrlist, numattr, KMF_DATA_ATTR,
- indata, sizeof (KMF_DATA));
- numattr++;
-
- kmf_set_attr_at_index(attrlist, numattr, KMF_IN_SIGN_ATTR,
- insig, sizeof (KMF_DATA));
- numattr++;
-
- kmf_set_attr_at_index(attrlist, numattr, KMF_SIGNER_CERT_DATA_ATTR,
- (KMF_DATA *)SignerCert, sizeof (KMF_DATA));
- numattr++;
-
- kmf_set_attr_at_index(attrlist, numattr, KMF_ALGORITHM_INDEX_ATTR,
- &algid, sizeof (algid));
- numattr++;
-
- return (kmf_verify_data(handle, numattr, attrlist));
-}
-
-KMF_RETURN
-KMF_VerifyCertWithCert(KMF_HANDLE_T handle,
- const KMF_DATA *CertToBeVerified,
- const KMF_DATA *SignerCert)
-{
- if (CertToBeVerified == NULL || SignerCert == NULL)
- return (KMF_ERR_BAD_PARAMETER);
-
- return (verify_cert_with_cert(handle, CertToBeVerified,
- SignerCert));
-}
-
-KMF_RETURN
-KMF_FindCert(KMF_HANDLE_T handle, KMF_FINDCERT_PARAMS *target,
- KMF_X509_DER_CERT *kmf_cert,
- uint32_t *num_certs)
-{
- KMF_ATTRIBUTE attrlist[32];
- int i = 0;
-
- if (target == NULL || num_certs == NULL)
- return (KMF_ERR_BAD_PARAMETER); /* ILLEGAL ARGS ERROR */
-
- if ((target->find_cert_validity < KMF_ALL_CERTS) ||
- (target->find_cert_validity > KMF_EXPIRED_CERTS))
- return (KMF_ERR_BAD_PARAMETER);
-
- kmf_set_attr_at_index(attrlist, i,
- KMF_KEYSTORE_TYPE_ATTR, &target->kstype, sizeof (target->kstype));
- i++;
-
- if (kmf_cert != NULL) {
- kmf_set_attr_at_index(attrlist, i,
- KMF_X509_DER_CERT_ATTR, kmf_cert,
- sizeof (KMF_X509_DER_CERT));
- i++;
- }
-
- kmf_set_attr_at_index(attrlist, i,
- KMF_COUNT_ATTR, num_certs, sizeof (uint32_t));
- i++;
-
- /* Set the optional searching attributes for all 3 plugins. */
- if (target->issuer != NULL) {
- kmf_set_attr_at_index(attrlist, i, KMF_ISSUER_NAME_ATTR,
- target->issuer, strlen(target->issuer));
- i++;
- }
- if (target->subject != NULL) {
- kmf_set_attr_at_index(attrlist, i, KMF_SUBJECT_NAME_ATTR,
- target->subject, strlen(target->subject));
- i++;
- }
- if (target->serial != NULL) {
- kmf_set_attr_at_index(attrlist, i, KMF_BIGINT_ATTR,
- target->serial, sizeof (KMF_BIGINT));
- i++;
- }
-
- kmf_set_attr_at_index(attrlist, i, KMF_CERT_VALIDITY_ATTR,
- &target->find_cert_validity, sizeof (KMF_CERT_VALIDITY));
- i++;
-
- if (target->kstype == KMF_KEYSTORE_NSS) {
- if (target->certLabel != NULL) {
- kmf_set_attr_at_index(attrlist, i,
- KMF_CERT_LABEL_ATTR,
- target->certLabel, strlen(target->certLabel));
- i++;
- }
-
- if (target->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attrlist, i,
- KMF_TOKEN_LABEL_ATTR,
- target->nssparms.slotlabel,
- strlen(target->nssparms.slotlabel));
- i++;
- }
-
- } else if (target->kstype == KMF_KEYSTORE_OPENSSL) {
- if (target->sslparms.certfile != NULL) {
- kmf_set_attr_at_index(attrlist, i,
- KMF_CERT_FILENAME_ATTR,
- target->sslparms.certfile,
- strlen(target->sslparms.certfile));
- i++;
- }
-
- if (target->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attrlist, i,
- KMF_DIRPATH_ATTR,
- target->sslparms.dirpath,
- strlen(target->sslparms.dirpath));
- i++;
- }
-
- } else if (target->kstype == KMF_KEYSTORE_PK11TOKEN) {
- if (target->certLabel != NULL) {
- kmf_set_attr_at_index(attrlist, i,
- KMF_CERT_LABEL_ATTR,
- target->certLabel, strlen(target->certLabel));
- i++;
- }
-
- kmf_set_attr_at_index(attrlist, i, KMF_PRIVATE_BOOL_ATTR,
- &target->pkcs11parms.private,
- sizeof (target->pkcs11parms.private));
- i++;
- }
-
- return (kmf_find_cert(handle, i, attrlist));
-}
diff --git a/usr/src/lib/libkmf/libkmf/common/csrcrlop.c b/usr/src/lib/libkmf/libkmf/common/csrcrlop.c
index 2d72a57b4b..6c0f363157 100644
--- a/usr/src/lib/libkmf/libkmf/common/csrcrlop.c
+++ b/usr/src/lib/libkmf/libkmf/common/csrcrlop.c
@@ -18,12 +18,10 @@
*
* CDDL HEADER END
*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <stdio.h>
#include <link.h>
#include <fcntl.h>
@@ -366,11 +364,12 @@ sign_csr(KMF_HANDLE_T handle,
KMF_X509_ALGORITHM_IDENTIFIER *algo,
KMF_DATA *SignedCsr)
{
-
KMF_CSR_DATA subj_csr;
KMF_TBS_CSR *tbs_csr = NULL;
KMF_DATA signed_data = {0, NULL};
KMF_RETURN ret = KMF_OK;
+ KMF_ATTRIBUTE attlist[5];
+ int i = 0;
if (!SignedCsr)
return (KMF_ERR_BAD_PARAMETER);
@@ -393,13 +392,25 @@ sign_csr(KMF_HANDLE_T handle,
goto cleanup;
}
- /* Sign the data */
- ret = KMF_SignDataWithKey(handle, Signkey, &algo->algorithm,
- (KMF_DATA *)SubjectCsr, &signed_data);
+ kmf_set_attr_at_index(attlist, i++,
+ KMF_KEYSTORE_TYPE_ATTR, &Signkey->kstype,
+ sizeof (Signkey->kstype));
+
+ kmf_set_attr_at_index(attlist, i++,
+ KMF_KEY_HANDLE_ATTR, Signkey, sizeof (KMF_KEY_HANDLE));
+
+ kmf_set_attr_at_index(attlist, i++, KMF_OID_ATTR, &algo->algorithm,
+ sizeof (KMF_OID));
+ kmf_set_attr_at_index(attlist, i++, KMF_DATA_ATTR,
+ (KMF_DATA *)SubjectCsr, sizeof (KMF_DATA));
+
+ kmf_set_attr_at_index(attlist, i++, KMF_OUT_DATA_ATTR,
+ &signed_data, sizeof (KMF_DATA));
+
+ ret = kmf_sign_data(handle, i, attlist);
if (KMF_OK != ret)
goto cleanup;
-
/*
* If we got here OK, decode into a structure and then re-encode
* the complete CSR.
diff --git a/usr/src/lib/libkmf/libkmf/common/generalop.c b/usr/src/lib/libkmf/libkmf/common/generalop.c
index f2a179b026..ea387089e6 100644
--- a/usr/src/lib/libkmf/libkmf/common/generalop.c
+++ b/usr/src/lib/libkmf/libkmf/common/generalop.c
@@ -17,9 +17,8 @@
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
- */
-/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
*/
@@ -2758,141 +2757,3 @@ is_valid_keystore_type(KMF_KEYSTORE_TYPE kstype)
else
return (B_FALSE);
}
-
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-KMF_RETURN
-KMF_ConfigureKeystore(KMF_HANDLE_T handle, KMF_CONFIG_PARAMS *params)
-{
-
- KMF_ATTRIBUTE attlist[32];
- int i = 0;
-
- if (params == NULL)
- return (KMF_ERR_BAD_PARAMETER);
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
- i++;
-
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssconfig.configdir != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->nssconfig.configdir,
- strlen(params->nssconfig.configdir));
- i++;
- }
- if (params->nssconfig.certPrefix != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CERTPREFIX_ATTR,
- params->nssconfig.certPrefix,
- strlen(params->nssconfig.certPrefix));
- i++;
- }
- if (params->nssconfig.keyPrefix != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYPREFIX_ATTR,
- params->nssconfig.keyPrefix,
- strlen(params->nssconfig.keyPrefix));
- i++;
- }
- if (params->nssconfig.secModName != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_SECMODNAME_ATTR,
- params->nssconfig.secModName,
- strlen(params->nssconfig.secModName));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
- if (params->pkcs11config.label != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->pkcs11config.label,
- strlen(params->pkcs11config.label));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_READONLY_ATTR,
- &params->pkcs11config.readonly,
- sizeof (params->pkcs11config.readonly));
- i++;
- }
-
- return (kmf_configure_keystore(handle, i, attlist));
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-KMF_RETURN
-KMF_Initialize(KMF_HANDLE_T *outhandle, char *policyfile, char *policyname)
-{
- return (kmf_initialize(outhandle, policyfile, policyname));
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-KMF_RETURN
-KMF_Finalize(KMF_HANDLE_T handle)
-{
- return (kmf_finalize(handle));
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-KMF_RETURN
-KMF_GetKMFErrorString(KMF_RETURN errcode, char **errmsg)
-{
- return (kmf_get_kmf_error_str(errcode, errmsg));
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-KMF_RETURN
-KMF_ReadInputFile(KMF_HANDLE_T handle, char *filename, KMF_DATA *pdata)
-{
- return (kmf_read_input_file(handle, filename, pdata));
-}
-
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-void
-KMF_FreeKMFCert(KMF_HANDLE_T handle, KMF_X509_DER_CERT *kmf_cert)
-{
- kmf_free_kmf_cert(handle, kmf_cert);
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-void
-KMF_FreeData(KMF_DATA *datablock)
-{
- kmf_free_data(datablock);
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-void
-KMF_FreeKMFKey(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key)
-{
- kmf_free_kmf_key(handle, key);
-}
-
-/*
- * This API is used by elfsign. We must keep it in old API form.
- */
-void
-KMF_FreeSignedCSR(KMF_CSR_DATA *csr)
-{
- kmf_free_signed_csr(csr);
-}
diff --git a/usr/src/lib/libkmf/libkmf/common/keyop.c b/usr/src/lib/libkmf/libkmf/common/keyop.c
index a6eca064f2..1a1be64290 100644
--- a/usr/src/lib/libkmf/libkmf/common/keyop.c
+++ b/usr/src/lib/libkmf/libkmf/common/keyop.c
@@ -19,12 +19,10 @@
* CDDL HEADER END
*/
/*
- * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <stdio.h>
#include <link.h>
#include <fcntl.h>
@@ -309,251 +307,3 @@ kmf_store_key(KMF_HANDLE_T handle,
}
return (KMF_ERR_PLUGIN_NOTFOUND);
}
-
-/*
- * The following are Phase 1 APIs still needed to maintain compat with elfsign.
- */
-
-/*
- * Name: KMF_SignDataWithKey
- *
- * Description:
- * This function signs a block of data using the private key
- * and returns the signature in output
- *
- * Parameters:
- * handle(input) - opaque handle for KMF session
- * key(input) - contains private key handle needed for signing
- * AlgOID(input) - contains algorithm to be used for signing
- * tobesigned(input) - pointer to a KMF_DATA structure containing
- * the data to be signed
- * output(output) - pointer to the KMF_DATA structure containing the
- * signed data
- *
- * Returns:
- * A KMF_RETURN value indicating success or specifying a particular
- * error condition.
- * The value KMF_OK indicates success. All other values represent
- * an error condition.
- *
- */
-KMF_RETURN
-KMF_SignDataWithKey(KMF_HANDLE_T handle,
- KMF_KEY_HANDLE *key,
- KMF_OID *AlgOID,
- KMF_DATA *tobesigned,
- KMF_DATA *output)
-{
- KMF_ATTRIBUTE attlist[5]; /* only 5 attrs for SignData */
- int i = 0;
-
- if (key == NULL || AlgOID == NULL ||
- tobesigned == NULL || output == NULL)
- return (KMF_ERR_BAD_PARAMETER);
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, &key->kstype, sizeof (key->kstype));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_HANDLE_ATTR, key, sizeof (KMF_KEY_HANDLE));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_OID_ATTR, AlgOID, sizeof (KMF_OID));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_DATA_ATTR, tobesigned, sizeof (KMF_DATA));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_OUT_DATA_ATTR, output, sizeof (KMF_DATA));
- i++;
-
- return (kmf_sign_data(handle, i, attlist));
-}
-
-
-KMF_RETURN
-KMF_FindKey(KMF_HANDLE_T handle, KMF_FINDKEY_PARAMS *params,
- KMF_KEY_HANDLE *keys, uint32_t *numkeys)
-{
- KMF_ATTRIBUTE attlist[16]; /* Max 16 attributes used here */
- int i = 0;
-
- if (params == NULL || numkeys == NULL)
- return (KMF_ERR_BAD_PARAMETER);
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
- i++;
-
- if (keys) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_HANDLE_ATTR, keys, sizeof (KMF_KEY_HANDLE));
- i++;
- }
-
- kmf_set_attr_at_index(attlist, i,
- KMF_COUNT_ATTR, numkeys, sizeof (uint32_t));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYALG_ATTR, &params->keytype, sizeof (params->keytype));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYCLASS_ATTR, &params->keyclass, sizeof (params->keyclass));
- i++;
-
- kmf_set_attr_at_index(attlist, i,
- KMF_ENCODE_FORMAT_ATTR, &params->format, sizeof (params->format));
- i++;
-
- if (params->findLabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYLABEL_ATTR, params->findLabel,
- strlen(params->findLabel));
- i++;
- }
-
- if (params->idstr != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_IDSTR_ATTR, params->idstr,
- strlen(params->idstr));
- i++;
- }
-
- if (params->cred.credlen > 0) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CREDENTIAL_ATTR, &params->cred,
- sizeof (KMF_CREDENTIAL));
- i++;
- }
-
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- if (params->sslparms.keyfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_FILENAME_ATTR,
- params->sslparms.keyfile,
- strlen(params->sslparms.keyfile));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_ENCODE_FORMAT_ATTR,
- &params->sslparms.format,
- sizeof (params->sslparms.format));
- i++;
- } else if (params->kstype == KMF_KEYSTORE_PK11TOKEN) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_BOOL_ATTR,
- &params->pkcs11parms.token,
- sizeof (params->pkcs11parms.token));
- i++;
- kmf_set_attr_at_index(attlist, i,
- KMF_PRIVATE_BOOL_ATTR,
- &params->pkcs11parms.private,
- sizeof (params->pkcs11parms.private));
- i++;
- }
- return (kmf_find_key(handle, i, attlist));
-}
-
-KMF_RETURN
-KMF_CreateKeypair(KMF_HANDLE_T handle,
- KMF_CREATEKEYPAIR_PARAMS *params,
- KMF_KEY_HANDLE *privKey,
- KMF_KEY_HANDLE *pubKey)
-{
- KMF_ATTRIBUTE attlist[12]; /* max 12 attrs used here */
- int i = 0;
-
- if (handle == NULL || params == NULL ||
- privKey == NULL || pubKey == NULL)
- return (KMF_ERR_BAD_PARAMETER);
-
- (void) memset(privKey, 0, sizeof (KMF_KEY_HANDLE));
- (void) memset(pubKey, 0, sizeof (KMF_KEY_HANDLE));
-
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYSTORE_TYPE_ATTR, &params->kstype, sizeof (params->kstype));
- i++;
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYALG_ATTR, &params->keytype, sizeof (params->keytype));
- i++;
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYLENGTH_ATTR, &params->keylength, sizeof (params->keylength));
- i++;
- if (params->keylabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEYLABEL_ATTR, params->keylabel,
- strlen(params->keylabel));
- i++;
- }
- if (params->cred.credlen > 0) {
- kmf_set_attr_at_index(attlist, i,
- KMF_CREDENTIAL_ATTR, &params->cred,
- sizeof (KMF_CREDENTIAL));
- i++;
- }
-
- if (params->rsa_exponent.len > 0) {
- kmf_set_attr_at_index(attlist, i,
- KMF_RSAEXP_ATTR, &params->cred,
- sizeof (KMF_BIGINT));
- i++;
- }
- kmf_set_attr_at_index(attlist, i, KMF_PRIVKEY_HANDLE_ATTR, privKey,
- sizeof (KMF_KEY_HANDLE));
- i++;
- kmf_set_attr_at_index(attlist, i, KMF_PUBKEY_HANDLE_ATTR, pubKey,
- sizeof (KMF_KEY_HANDLE));
- i++;
-
- if (params->kstype == KMF_KEYSTORE_NSS) {
- if (params->nssparms.slotlabel != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_TOKEN_LABEL_ATTR,
- params->nssparms.slotlabel,
- strlen(params->nssparms.slotlabel));
- i++;
- }
- } else if (params->kstype == KMF_KEYSTORE_OPENSSL) {
- if (params->sslparms.dirpath != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_DIRPATH_ATTR,
- params->sslparms.dirpath,
- strlen(params->sslparms.dirpath));
- i++;
- }
- if (params->sslparms.keyfile != NULL) {
- kmf_set_attr_at_index(attlist, i,
- KMF_KEY_FILENAME_ATTR,
- params->sslparms.keyfile,
- strlen(params->sslparms.keyfile));
- i++;
- }
- kmf_set_attr_at_index(attlist, i,
- KMF_ENCODE_FORMAT_ATTR,
- &params->sslparms.format,
- sizeof (params->sslparms.format));
- i++;
- }
- return (kmf_create_keypair(handle, i, attlist));
-}
diff --git a/usr/src/lib/libkmf/libkmf/common/mapfile-vers b/usr/src/lib/libkmf/libkmf/common/mapfile-vers
index 7b9ebeacf1..f1d5b722df 100644
--- a/usr/src/lib/libkmf/libkmf/common/mapfile-vers
+++ b/usr/src/lib/libkmf/libkmf/common/mapfile-vers
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
@@ -317,31 +317,6 @@ SUNWprivate_1.1 {
global:
GetIDFromSPKI;
IsEqualOid;
- KMF_ConfigureKeystore;
- KMF_CreateCSRFile;
- KMF_CreateKeypair;
- KMF_DNParser;
- KMF_Finalize;
- KMF_FindCert;
- KMF_FindKey;
- KMF_FreeData;
- KMF_FreeKMFCert;
- KMF_FreeKMFKey;
- KMF_FreeSignedCSR;
- KMF_GetCertIDString;
- KMF_GetCertIssuerNameString;
- KMF_GetCertSubjectNameString;
- KMF_GetKMFErrorString;
- KMF_Initialize;
- KMF_ReadInputFile;
- KMF_SetCSRPubKey;
- KMF_SetCSRSignatureAlgorithm;
- KMF_SetCSRSubjectName;
- KMF_SetCSRVersion;
- KMF_SignCSR;
- KMF_SignDataWithKey;
- KMF_VerifyCertWithCert;
- KMF_VerifyDataWithCert;
copy_extension_data;
dup_entry;
free_entry;
diff --git a/usr/src/lib/libkmf/libkmf/common/rdn_parser.c b/usr/src/lib/libkmf/libkmf/common/rdn_parser.c
index 8c8c1c644c..5cc22146d8 100644
--- a/usr/src/lib/libkmf/libkmf/common/rdn_parser.c
+++ b/usr/src/lib/libkmf/libkmf/common/rdn_parser.c
@@ -29,17 +29,13 @@
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
- */
-/*
- * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* File: rdn_parser.c
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
-
#include <strings.h>
#include <stdlib.h>
#include <kmfapi.h>
@@ -539,9 +535,3 @@ kmf_dn_parser(char *string, KMF_X509_NAME *name)
err = ParseDistinguishedName(string, (int)strlen(string), name);
return (err);
}
-
-KMF_RETURN
-KMF_DNParser(char *string, KMF_X509_NAME *name)
-{
- return (kmf_dn_parser(string, name));
-}
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-26 18:20:20 +0000