static void __pkcs11h_openssl_ex_data_free ( void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp ) { pkcs11h_openssl_session_t openssl_session = (pkcs11h_openssl_session_t)ptr; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=%p, ptr=%p, ad=%p, idx=%d, argl=%ld, argp=%p", parent, ptr, (void *)ad, idx, argl, argp ); if (openssl_session != NULL) { pkcs11h_openssl_freeSession (openssl_session); } }
int pkcs11_init_tls_session(pkcs11h_certificate_t certificate, struct tls_root_ctx * const ssl_ctx) { int ret = 1; X509 *x509 = NULL; RSA *rsa = NULL; pkcs11h_openssl_session_t openssl_session = NULL; if ((openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL) { msg (M_WARN, "PKCS#11: Cannot initialize openssl session"); goto cleanup; } /* * Will be released by openssl_session */ certificate = NULL; if ((rsa = pkcs11h_openssl_session_getRSA (openssl_session)) == NULL) { msg (M_WARN, "PKCS#11: Unable get rsa object"); goto cleanup; } if ((x509 = pkcs11h_openssl_session_getX509 (openssl_session)) == NULL) { msg (M_WARN, "PKCS#11: Unable get certificate object"); goto cleanup; } if (!SSL_CTX_use_RSAPrivateKey (ssl_ctx->ctx, rsa)) { msg (M_WARN, "PKCS#11: Cannot set private key for openssl"); goto cleanup; } if (!SSL_CTX_use_certificate (ssl_ctx->ctx, x509)) { msg (M_WARN, "PKCS#11: Cannot set certificate for openssl"); goto cleanup; } ret = 0; cleanup: /* * Certificate freeing is usually handled by openssl_session. * If something went wrong, creating the session we have to do it manually. */ if (certificate != NULL) { pkcs11h_certificate_freeCertificate (certificate); certificate = NULL; } /* * openssl objects have reference * count, so release them */ if (x509 != NULL) { X509_free (x509); x509 = NULL; } if (rsa != NULL) { RSA_free (rsa); rsa = NULL; } if (openssl_session != NULL) { pkcs11h_openssl_freeSession (openssl_session); openssl_session = NULL; } return ret; }
int SSL_CTX_use_pkcs11 ( IN OUT SSL_CTX * const ssl_ctx, IN const char * const pkcs11_slot_type, IN const char * const pkcs11_slot, IN const char * const pkcs11_id_type, IN const char * const pkcs11_id ) { X509 *x509 = NULL; RSA *rsa = NULL; pkcs11h_certificate_id_t certificate_id = NULL; pkcs11h_certificate_t certificate = NULL; pkcs11h_openssl_session_t openssl_session = NULL; CK_RV rv = CKR_OK; bool fOK = true; ASSERT (ssl_ctx!=NULL); ASSERT (pkcs11_slot_type!=NULL); ASSERT (pkcs11_slot!=NULL); ASSERT (pkcs11_id_type!=NULL); ASSERT (pkcs11_id!=NULL); dmsg ( D_PKCS11_DEBUG, "PKCS#11: SSL_CTX_use_pkcs11 - entered - ssl_ctx=%p, pkcs11_slot_type='%s', pkcs11_slot='%s', pkcs11_id_type='%s', pkcs11_id='%s'", (void *)ssl_ctx, pkcs11_slot_type, pkcs11_slot, pkcs11_id_type, pkcs11_id ); ASSERT (ssl_ctx!=NULL); ASSERT (pkcs11_slot_type!=NULL); ASSERT (pkcs11_slot!=NULL); ASSERT (pkcs11_id_type!=NULL); ASSERT (pkcs11_id!=NULL); if ( fOK && (rv = pkcs11h_locate_certificate ( pkcs11_slot_type, pkcs11_slot, pkcs11_id_type, pkcs11_id, &certificate_id )) != CKR_OK ) { fOK = false; msg (M_WARN, "PKCS#11: Cannot set parameters %ld-'%s'", rv, pkcs11h_getMessage (rv)); } if ( fOK && (rv = pkcs11h_certificate_create ( certificate_id, PKCS11H_PIN_CACHE_INFINITE, &certificate )) != CKR_OK ) { fOK = false; msg (M_WARN, "PKCS#11: Cannot get certificate %ld-'%s'", rv, pkcs11h_getMessage (rv)); } if ( fOK && (openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL ) { fOK = false; msg (M_WARN, "PKCS#11: Cannot initialize openssl session"); } if (fOK) { /* * Will be released by openssl_session */ certificate = NULL; } if ( fOK && (rsa = pkcs11h_openssl_getRSA (openssl_session)) == NULL ) { fOK = false; msg (M_WARN, "PKCS#11: Unable get rsa object"); } if ( fOK && (x509 = pkcs11h_openssl_getX509 (openssl_session)) == NULL ) { fOK = false; msg (M_WARN, "PKCS#11: Unable get certificate object"); } if ( fOK && !SSL_CTX_use_RSAPrivateKey (ssl_ctx, rsa) ) { fOK = false; msg (M_WARN, "PKCS#11: Cannot set private key for openssl"); } if ( fOK && !SSL_CTX_use_certificate (ssl_ctx, x509) ) { fOK = false; msg (M_WARN, "PKCS#11: Cannot set certificate for openssl"); } /* * openssl objects have reference * count, so release them */ if (x509 != NULL) { X509_free (x509); x509 = NULL; } if (rsa != NULL) { RSA_free (rsa); rsa = NULL; } if (certificate != NULL) { pkcs11h_freeCertificate (certificate); certificate = NULL; } if (certificate_id != NULL) { pkcs11h_freeCertificateId (certificate_id); certificate_id = NULL; } if (openssl_session != NULL) { pkcs11h_openssl_freeSession (openssl_session); openssl_session = NULL; } dmsg ( D_PKCS11_DEBUG, "PKCS#11: SSL_CTX_use_pkcs11 - return fOK=%d, rv=%ld", fOK ? 1 : 0, rv ); return fOK ? 1 : 0; }