diff options
Diffstat (limited to 'usr/src/cmd')
| -rw-r--r-- | usr/src/cmd/cmd-crypto/pktool/import.c | 113 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h | 8 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm_create.c | 87 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c | 36 |
4 files changed, 143 insertions, 101 deletions
diff --git a/usr/src/cmd/cmd-crypto/pktool/import.c b/usr/src/cmd/cmd-crypto/pktool/import.c index 3354d0a8f6..edcb62332f 100644 --- a/usr/src/cmd/cmd-crypto/pktool/import.c +++ b/usr/src/cmd/cmd-crypto/pktool/import.c @@ -45,19 +45,29 @@ #include <kmfapi.h> +#define NEW_ATTRLIST(a, n) \ +{ \ + a = (KMF_ATTRIBUTE *)malloc(n * sizeof (KMF_ATTRIBUTE)); \ + if (a == NULL) { \ + rv = KMF_ERR_MEMORY; \ + goto end; \ + } \ + (void) memset(a, 0, n * sizeof (KMF_ATTRIBUTE)); \ +} + static KMF_RETURN pk_import_pk12_files(KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *cred, char *outfile, char *certfile, char *keyfile, char *dir, char *keydir, KMF_ENCODE_FORMAT outformat) { KMF_RETURN rv = KMF_OK; - KMF_DATA *certs = NULL; + KMF_X509_DER_CERT *certs = NULL; KMF_RAW_KEY_DATA *keys = NULL; int ncerts = 0; int nkeys = 0; int i; KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL; - KMF_ATTRIBUTE attrlist[16]; + KMF_ATTRIBUTE *attrlist = NULL; int numattr = 0; rv = kmf_import_objects(kmfhandle, outfile, cred, @@ -71,6 +81,8 @@ pk_import_pk12_files(KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *cred, if (rv == KMF_OK && ncerts > 0) { char newcertfile[MAXPATHLEN]; + NEW_ATTRLIST(attrlist, (3 + (3 * ncerts))); + kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype)); numattr++; @@ -108,16 +120,25 @@ pk_import_pk12_files(KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *cred, num++; } + if (certs[i].kmf_private.label != NULL) { + kmf_set_attr_at_index(attrlist, num, + KMF_CERT_LABEL_ATTR, + certs[i].kmf_private.label, + strlen(certs[i].kmf_private.label)); + num++; + } kmf_set_attr_at_index(attrlist, num, - KMF_CERT_DATA_ATTR, &certs[i], sizeof (KMF_DATA)); + KMF_CERT_DATA_ATTR, &certs[i].certificate, + sizeof (KMF_DATA)); num++; rv = kmf_store_cert(kmfhandle, num, attrlist); } + free(attrlist); } if (rv == KMF_OK && nkeys > 0) { char newkeyfile[MAXPATHLEN]; - numattr = 0; + NEW_ATTRLIST(attrlist, (4 + (4 * nkeys))); kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, @@ -162,10 +183,12 @@ pk_import_pk12_files(KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *cred, num++; } - kmf_set_attr_at_index(attrlist, num, - KMF_CERT_DATA_ATTR, &certs[i], - sizeof (KMF_DATA)); - num++; + if (i < ncerts) { + kmf_set_attr_at_index(attrlist, num, + KMF_CERT_DATA_ATTR, &certs[i], + sizeof (KMF_CERT_DATA_ATTR)); + num++; + } kmf_set_attr_at_index(attrlist, num, KMF_RAW_KEY_ATTR, &keys[i], @@ -174,13 +197,15 @@ pk_import_pk12_files(KMF_HANDLE_T kmfhandle, KMF_CREDENTIAL *cred, rv = kmf_store_key(kmfhandle, num, attrlist); } + free(attrlist); } +end: /* * Cleanup memory. */ if (certs) { for (i = 0; i < ncerts; i++) - kmf_free_data(&certs[i]); + kmf_free_kmf_cert(kmfhandle, &certs[i]); free(certs); } if (keys) { @@ -202,13 +227,13 @@ pk_import_pk12_nss( char *nickname, char *trustflags, char *filename) { KMF_RETURN rv = KMF_OK; - KMF_DATA *certs = NULL; + KMF_X509_DER_CERT *certs = NULL; KMF_RAW_KEY_DATA *keys = NULL; int ncerts = 0; int nkeys = 0; int i; KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS; - KMF_ATTRIBUTE attrlist[16]; + KMF_ATTRIBUTE *attrlist = NULL; int numattr = 0; rv = configure_nss(kmfhandle, dir, prefix); @@ -223,6 +248,8 @@ pk_import_pk12_nss( "key(s) in %s\n"), ncerts, nkeys, filename); if (rv == KMF_OK) { + NEW_ATTRLIST(attrlist, (3 + (2 * ncerts))); + kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype)); numattr++; @@ -244,7 +271,13 @@ pk_import_pk12_nss( for (i = 0; rv == KMF_OK && i < ncerts; i++) { int num = numattr; - if (i == 0 && nickname != NULL) { + if (certs[i].kmf_private.label != NULL) { + kmf_set_attr_at_index(attrlist, num, + KMF_CERT_LABEL_ATTR, + certs[i].kmf_private.label, + strlen(certs[i].kmf_private.label)); + num++; + } else if (i == 0 && nickname != NULL) { kmf_set_attr_at_index(attrlist, num, KMF_CERT_LABEL_ATTR, nickname, strlen(nickname)); @@ -252,10 +285,13 @@ pk_import_pk12_nss( } kmf_set_attr_at_index(attrlist, num, - KMF_CERT_DATA_ATTR, &certs[i], sizeof (KMF_DATA)); + KMF_CERT_DATA_ATTR, + &certs[i].certificate, sizeof (KMF_DATA)); num++; rv = kmf_store_cert(kmfhandle, num, attrlist); } + free(attrlist); + attrlist = NULL; if (rv != KMF_OK) { display_error(kmfhandle, rv, gettext("Error storing certificate in NSS token")); @@ -264,6 +300,7 @@ pk_import_pk12_nss( if (rv == KMF_OK) { numattr = 0; + NEW_ATTRLIST(attrlist, (4 + (2 * nkeys))); kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, @@ -295,10 +332,12 @@ pk_import_pk12_nss( for (i = 0; i < nkeys; i++) { int num = numattr; - kmf_set_attr_at_index(attrlist, num, - KMF_CERT_DATA_ATTR, &certs[i], - sizeof (KMF_DATA)); - num++; + if (i < ncerts) { + kmf_set_attr_at_index(attrlist, num, + KMF_CERT_DATA_ATTR, &certs[i], + sizeof (KMF_DATA)); + num++; + } kmf_set_attr_at_index(attrlist, num, KMF_RAW_KEY_ATTR, &keys[i], @@ -307,14 +346,16 @@ pk_import_pk12_nss( rv = kmf_store_key(kmfhandle, num, attrlist); } + free(attrlist); } +end: /* * Cleanup memory. */ if (certs) { for (i = 0; i < ncerts; i++) - kmf_free_data(&certs[i]); + kmf_free_kmf_cert(kmfhandle, &certs[i]); free(certs); } if (keys) { @@ -455,13 +496,13 @@ pk_import_pk12_pk11( char *filename) { KMF_RETURN rv = KMF_OK; - KMF_DATA *certs = NULL; + KMF_X509_DER_CERT *certs = NULL; KMF_RAW_KEY_DATA *keys = NULL; int ncerts = 0; int nkeys = 0; int i; KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN; - KMF_ATTRIBUTE attrlist[16]; + KMF_ATTRIBUTE *attrlist = NULL; int numattr = 0; rv = select_token(kmfhandle, token_spec, FALSE); @@ -474,6 +515,7 @@ pk_import_pk12_pk11( &certs, &ncerts, &keys, &nkeys); if (rv == KMF_OK) { + NEW_ATTRLIST(attrlist, (3 + (2 * nkeys))); kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, @@ -498,10 +540,12 @@ pk_import_pk12_pk11( for (i = 0; i < nkeys; i++) { int num = numattr; - kmf_set_attr_at_index(attrlist, num, - KMF_CERT_DATA_ATTR, &certs[i], - sizeof (KMF_DATA)); - num++; + if (i < ncerts) { + kmf_set_attr_at_index(attrlist, num, + KMF_CERT_DATA_ATTR, &certs[i].certificate, + sizeof (KMF_DATA)); + num++; + } kmf_set_attr_at_index(attrlist, num, KMF_RAW_KEY_ATTR, &keys[i], @@ -511,40 +555,51 @@ pk_import_pk12_pk11( rv = kmf_store_key(kmfhandle, num, attrlist); } + free(attrlist); } if (rv == KMF_OK) { + numattr = 0; + NEW_ATTRLIST(attrlist, (1 + (2 * ncerts))); (void) printf(gettext("Found %d certificate(s) and %d " "key(s) in %s\n"), ncerts, nkeys, filename); - numattr = 0; + kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (kstype)); numattr++; for (i = 0; rv == KMF_OK && i < ncerts; i++) { int num = numattr; - - if (i == 0 && label != NULL) { + if (certs[i].kmf_private.label != NULL) { + kmf_set_attr_at_index(attrlist, num, + KMF_CERT_LABEL_ATTR, + certs[i].kmf_private.label, + strlen(certs[i].kmf_private.label)); + num++; + } else if (i == 0 && label != NULL) { kmf_set_attr_at_index(attrlist, num, KMF_CERT_LABEL_ATTR, label, strlen(label)); num++; } kmf_set_attr_at_index(attrlist, num, - KMF_CERT_DATA_ATTR, &certs[i], sizeof (KMF_DATA)); + KMF_CERT_DATA_ATTR, &certs[i].certificate, + sizeof (KMF_DATA)); num++; rv = kmf_store_cert(kmfhandle, num, attrlist); } + free(attrlist); } +end: /* * Cleanup memory. */ if (certs) { for (i = 0; i < ncerts; i++) - kmf_free_data(&certs[i]); + kmf_free_kmf_cert(kmfhandle, &certs[i]); free(certs); } if (keys) { diff --git a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h index a5fc30e1b3..a9f4ef22ac 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h +++ b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm.h @@ -61,11 +61,11 @@ extern int do_delete(int argc, char *argv[]); extern void usage_create(boolean_t do_print); extern void usage_delete(boolean_t do_print); -extern int PEM_get_rsa_key_certs(const char *, - char *, KMF_RAW_KEY_DATA **, KMF_DATA **); +extern int PEM_get_rsa_key_certs(KMF_HANDLE_T, const char *, + char *, KMF_RAW_KEY_DATA **, KMF_X509_DER_CERT **); -extern int PKCS12_get_rsa_key_certs(const char *, - const char *, KMF_RAW_KEY_DATA **, KMF_DATA **); +extern int PKCS12_get_rsa_key_certs(KMF_HANDLE_T, const char *, + const char *, KMF_RAW_KEY_DATA **, KMF_X509_DER_CERT **); extern int get_passphrase(const char *password_file, char *buf, int buf_size); extern int kssl_send_command(char *buf, int cmd); diff --git a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm_create.c b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm_create.c index 670fea791c..bf1de6fadc 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm_create.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm_create.c @@ -89,7 +89,8 @@ usage_create(boolean_t do_print) */ static kssl_params_t * kmf_to_kssl(int nxkey, KMF_RAW_KEY_DATA *rsa, int ncerts, - KMF_DATA *certs, int *paramsize, char *token_label, KMF_DATA *idstr, + KMF_X509_DER_CERT *certs, int *paramsize, + char *token_label, KMF_DATA *idstr, KMF_CREDENTIAL *creds) { int i, tcsize; @@ -128,7 +129,7 @@ kmf_to_kssl(int nxkey, KMF_RAW_KEY_DATA *rsa, int ncerts, } tcsize = 0; for (i = 0; i < ncerts; i++) - tcsize += certs[i].Length; + tcsize += certs[i].certificate.Length; bufsize = sizeof (kssl_params_t); bufsize += (tcsize + (MAX_CHAIN_LENGTH * sizeof (uint32_t))); @@ -271,7 +272,7 @@ kmf_to_kssl(int nxkey, KMF_RAW_KEY_DATA *rsa, int ncerts, /* First, an array of certificate sizes */ for (i = 0; i < ncerts; i++) { - uint32_t certsz = (uint32_t)certs[i].Length; + uint32_t certsz = (uint32_t)certs[i].certificate.Length; char *p = buf + (i * sizeof (uint32_t)); bcopy(&certsz, p, sizeof (uint32_t)); } @@ -283,8 +284,9 @@ kmf_to_kssl(int nxkey, KMF_RAW_KEY_DATA *rsa, int ncerts, /* Now add the certificate data (ASN.1 DER encoded) */ for (i = 0; i < ncerts; i++) { - bcopy(certs[i].Data, buf, certs[i].Length); - buf += certs[i].Length; + bcopy(certs[i].certificate.Data, buf, + certs[i].certificate.Length); + buf += certs[i].certificate.Length; } *paramsize = bufsize; @@ -571,11 +573,11 @@ out: } static kssl_params_t * -load_from_pkcs11(const char *token_label, const char *password_file, +load_from_pkcs11(KMF_HANDLE_T kmfh, + const char *token_label, const char *password_file, const char *certname, int *bufsize) { KMF_RETURN rv; - KMF_HANDLE_T kmfh; KMF_X509_DER_CERT cert; KMF_KEY_HANDLE key, rawkey; KMF_CREDENTIAL creds; @@ -593,11 +595,6 @@ load_from_pkcs11(const char *token_label, const char *password_file, boolean_t false = B_FALSE; boolean_t true = B_TRUE; - rv = kmf_initialize(&kmfh, NULL, NULL); - if (rv != KMF_OK) { - REPORT_KMF_ERROR(rv, "Error initializing KMF", err); - return (0); - } if (get_passphrase(password_file, password_buf, sizeof (password_buf)) <= 0) { perror("Unable to read passphrase"); @@ -745,8 +742,7 @@ load_from_pkcs11(const char *token_label, const char *password_file, if (rv == KMF_OK) kssl_params = kmf_to_kssl(nxkey, (KMF_RAW_KEY_DATA *)key.keyp, - 1, &cert.certificate, bufsize, - (char *)token_label, &iddata, &creds); + 1, &cert, bufsize, (char *)token_label, &iddata, &creds); done: if (ncerts != 0) kmf_free_kmf_cert(kmfh, &cert); @@ -755,9 +751,6 @@ done: if (idstr) free(idstr); - if (kmfh != NULL) - (void) kmf_finalize(kmfh); - return (kssl_params); } @@ -767,7 +760,8 @@ done: * Load a chain of certificates from a PEM file. */ static kssl_params_t * -add_cacerts(kssl_params_t *old_params, const char *cacert_chain_file) +add_cacerts(KMF_HANDLE_T kmfh, + kssl_params_t *old_params, const char *cacert_chain_file) { int i, newlen; uint32_t certlen = 0, ncerts; @@ -775,7 +769,6 @@ add_cacerts(kssl_params_t *old_params, const char *cacert_chain_file) KMF_RETURN rv; KMF_X509_DER_CERT *certs = NULL; kssl_params_t *kssl_params; - KMF_HANDLE_T kmfh; char *err = NULL; int numattr = 0; KMF_ATTRIBUTE attrlist[16]; @@ -783,11 +776,6 @@ add_cacerts(kssl_params_t *old_params, const char *cacert_chain_file) kstype = KMF_KEYSTORE_OPENSSL; - rv = kmf_initialize(&kmfh, NULL, NULL); - if (rv != KMF_OK) { - REPORT_KMF_ERROR(rv, "Error initializing KMF", err); - return (0); - } ncerts = 0; kmf_set_attr_at_index(attrlist, numattr, KMF_KEYSTORE_TYPE_ATTR, &kstype, sizeof (KMF_KEYSTORE_TYPE)); @@ -804,14 +792,12 @@ add_cacerts(kssl_params_t *old_params, const char *cacert_chain_file) rv = kmf_find_cert(kmfh, numattr, attrlist); if (rv != KMF_OK) { REPORT_KMF_ERROR(rv, "Error finding CA certificates", err); - (void) KMF_Finalize(kmfh); return (0); } certs = (KMF_X509_DER_CERT *)malloc(ncerts * sizeof (KMF_X509_DER_CERT)); if (certs == NULL) { (void) fprintf(stderr, "memory allocation error.\n"); - (void) KMF_Finalize(kmfh); return (NULL); } bzero(certs, ncerts * sizeof (KMF_X509_DER_CERT)); @@ -822,8 +808,6 @@ add_cacerts(kssl_params_t *old_params, const char *cacert_chain_file) numattr++; rv = kmf_find_cert(kmfh, numattr, attrlist); - (void) kmf_finalize(kmfh); - if (rv != KMF_OK || ncerts == 0) { bzero(old_params, old_params->kssl_params_size); free(old_params); @@ -881,15 +865,16 @@ add_cacerts(kssl_params_t *old_params, const char *cacert_chain_file) * Find a key and certificate(s) from a single PEM file. */ static kssl_params_t * -load_from_pem(const char *filename, const char *password_file, int *paramsize) +load_from_pem(KMF_HANDLE_T kmfh, const char *filename, + const char *password_file, int *paramsize) { int ncerts = 0, i; kssl_params_t *kssl_params; KMF_RAW_KEY_DATA *rsa = NULL; - KMF_DATA *certs = NULL; + KMF_X509_DER_CERT *certs = NULL; - ncerts = PEM_get_rsa_key_certs(filename, (char *)password_file, - &rsa, &certs); + ncerts = PEM_get_rsa_key_certs(kmfh, + filename, (char *)password_file, &rsa, &certs); if (rsa == NULL || certs == NULL || ncerts == 0) { return (NULL); } @@ -901,7 +886,7 @@ load_from_pem(const char *filename, const char *password_file, int *paramsize) NULL, NULL); for (i = 0; i < ncerts; i++) - kmf_free_data(&certs[i]); + kmf_free_kmf_cert(kmfh, &certs[i]); free(certs); kmf_free_raw_key(rsa); @@ -912,15 +897,15 @@ load_from_pem(const char *filename, const char *password_file, int *paramsize) * Load a raw key and certificate(s) from a PKCS#12 file. */ static kssl_params_t * -load_from_pkcs12(const char *filename, const char *password_file, - int *paramsize) +load_from_pkcs12(KMF_HANDLE_T kmfh, const char *filename, + const char *password_file, int *paramsize) { KMF_RAW_KEY_DATA *rsa = NULL; kssl_params_t *kssl_params; - KMF_DATA *certs = NULL; + KMF_X509_DER_CERT *certs = NULL; int ncerts = 0, i; - ncerts = PKCS12_get_rsa_key_certs(filename, + ncerts = PKCS12_get_rsa_key_certs(kmfh, filename, password_file, &rsa, &certs); if (certs == NULL || ncerts == 0) { @@ -936,7 +921,7 @@ load_from_pkcs12(const char *filename, const char *password_file, NULL, NULL); for (i = 0; i < ncerts; i++) - kmf_free_data(&certs[i]); + kmf_free_kmf_cert(kmfh, &certs[i]); free(certs); kmf_free_raw_key(rsa); @@ -1057,6 +1042,9 @@ do_create(int argc, char *argv[]) int pcnt; kssl_params_t *kssl_params; int bufsize; + KMF_HANDLE_T kmfh = NULL; + KMF_RETURN rv = KMF_OK; + char *err = NULL; argc -= 1; argv += 1; @@ -1135,6 +1123,12 @@ do_create(int argc, char *argv[]) goto err; } + rv = kmf_initialize(&kmfh, NULL, NULL); + if (rv != KMF_OK) { + REPORT_KMF_ERROR(rv, "Error initializing KMF", err); + return (0); + } + if (strcmp(format, "pkcs11") == 0) { if (token_label == NULL || certname == NULL) { goto err; @@ -1147,19 +1141,19 @@ do_create(int argc, char *argv[]) getenv("SOFTTOKEN_DIR")); } } - kssl_params = load_from_pkcs11( + kssl_params = load_from_pkcs11(kmfh, token_label, password_file, certname, &bufsize); } else if (strcmp(format, "pkcs12") == 0) { if (cert_key_file == NULL) { goto err; } - kssl_params = load_from_pkcs12( + kssl_params = load_from_pkcs12(kmfh, cert_key_file, password_file, &bufsize); } else if (strcmp(format, "pem") == 0) { if (cert_key_file == NULL) { goto err; } - kssl_params = load_from_pem( + kssl_params = load_from_pem(kmfh, cert_key_file, password_file, &bufsize); } else { (void) fprintf(stderr, "Unsupported cert format: %s\n", format); @@ -1167,6 +1161,7 @@ do_create(int argc, char *argv[]) } if (kssl_params == NULL) { + (void) kmf_finalize(kmfh); return (FAILURE); } @@ -1182,8 +1177,11 @@ do_create(int argc, char *argv[]) kssl_params->kssl_session_cache_size = scache_size; if (cacert_chain_file != NULL) { - kssl_params = add_cacerts(kssl_params, cacert_chain_file); + kssl_params = add_cacerts(kmfh, kssl_params, cacert_chain_file); if (kssl_params == NULL) { + bzero(kssl_params, bufsize); + free(kssl_params); + (void) kmf_finalize(kmfh); return (FAILURE); } } @@ -1195,6 +1193,9 @@ do_create(int argc, char *argv[]) err = kssl_params->kssl_token.ck_rv; (void) fprintf(stderr, "Error loading cert and key: 0x%x\n", err); + bzero(kssl_params, bufsize); + free(kssl_params); + (void) kmf_finalize(kmfh); return (FAILURE); } @@ -1203,9 +1204,11 @@ do_create(int argc, char *argv[]) bzero(kssl_params, bufsize); free(kssl_params); + (void) kmf_finalize(kmfh); return (SUCCESS); err: usage_create(B_TRUE); + (void) kmf_finalize(kmfh); return (SMF_EXIT_ERR_CONFIG); } diff --git a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c index 42fca362e3..dae4d83a2e 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c @@ -39,24 +39,18 @@ * in plaintext in the given "password_file" parameter. */ int -PKCS12_get_rsa_key_certs(const char *filename, const char *password_file, - KMF_RAW_KEY_DATA **rsa, KMF_DATA **certs) +PKCS12_get_rsa_key_certs(KMF_HANDLE_T kmfh, + const char *filename, const char *password_file, + KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs) { char password_buf[1024]; - KMF_HANDLE_T kmfh; KMF_RETURN rv = KMF_OK; KMF_CREDENTIAL pk12cred; - KMF_DATA *tcerts; + KMF_X509_DER_CERT *tcerts; KMF_RAW_KEY_DATA *keys; int ncerts, nkeys; char *err = NULL; - rv = kmf_initialize(&kmfh, NULL, NULL); - if (rv != KMF_OK) { - REPORT_KMF_ERROR(rv, "Error initializing KMF", err); - return (0); - } - tcerts = NULL; keys = NULL; ncerts = 0; @@ -81,7 +75,7 @@ done: int i; if (tcerts != NULL) { for (i = 0; i < ncerts; i++) - kmf_free_data(&tcerts[i]); + kmf_free_kmf_cert(kmfh, &tcerts[i]); free(tcerts); } tcerts = NULL; @@ -96,8 +90,6 @@ done: *certs = tcerts; *rsa = keys; - (void) kmf_finalize(kmfh); - return (ncerts); } @@ -107,24 +99,18 @@ done: * be present in the file. */ int -PEM_get_rsa_key_certs(const char *filename, char *password_file, - KMF_RAW_KEY_DATA **rsa, KMF_DATA **certs) +PEM_get_rsa_key_certs(KMF_HANDLE_T kmfh, + const char *filename, char *password_file, + KMF_RAW_KEY_DATA **rsa, KMF_X509_DER_CERT **certs) { - KMF_HANDLE_T kmfh; KMF_RETURN rv = KMF_OK; KMF_CREDENTIAL creds; - KMF_DATA *tcerts; + KMF_X509_DER_CERT *tcerts; KMF_RAW_KEY_DATA *keys; int ncerts, nkeys; char *err = NULL; char password_buf[1024]; - rv = kmf_initialize(&kmfh, NULL, NULL); - if (rv != KMF_OK) { - REPORT_KMF_ERROR(rv, "Error initializing KMF", err); - return (0); - } - tcerts = NULL; keys = NULL; ncerts = 0; @@ -149,7 +135,7 @@ done: int i; if (tcerts != NULL) { for (i = 0; i < ncerts; i++) - kmf_free_data(&tcerts[i]); + kmf_free_kmf_cert(kmfh, &tcerts[i]); free(tcerts); } tcerts = NULL; @@ -166,7 +152,5 @@ done: if (rsa != NULL) *rsa = keys; - (void) kmf_finalize(kmfh); - return (ncerts); } |