/** Return certificate contents. Line contains the percent-plus escaped certificate ID. */ gpg_error_t cmd_readcert (assuan_context_t ctx, char *line) { gpg_err_code_t error = GPG_ERR_GENERAL; pkcs11h_certificate_id_t cert_id = NULL; pkcs11h_certificate_t cert = NULL; unsigned char *blob = NULL; size_t blob_size; if ( (error = _get_certificate_by_name ( ctx, line, 0, &cert_id, NULL )) != GPG_ERR_NO_ERROR || (error = get_cert_blob (ctx, cert_id, &blob, &blob_size)) != GPG_ERR_NO_ERROR || (error = assuan_send_data (ctx, blob, blob_size)) != GPG_ERR_NO_ERROR ) { goto cleanup; } error = GPG_ERR_NO_ERROR; cleanup: if (cert != NULL) { pkcs11h_certificate_freeCertificate (cert); cert = NULL; } if (cert_id != NULL) { pkcs11h_certificate_freeCertificateId (cert_id); cert_id = NULL; } if (blob != NULL) { free (blob); blob = NULL; } return gpg_error (error); }
int tls_ctx_use_pkcs11( struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management, const char *const pkcs11_id ) { pkcs11h_certificate_id_t certificate_id = NULL; pkcs11h_certificate_t certificate = NULL; CK_RV rv = CKR_OK; bool ok = false; ASSERT(ssl_ctx!=NULL); ASSERT(pkcs11_id_management || pkcs11_id!=NULL); dmsg( D_PKCS11_DEBUG, "PKCS#11: tls_ctx_use_pkcs11 - entered - ssl_ctx=%p, pkcs11_id_management=%d, pkcs11_id='%s'", (void *)ssl_ctx, pkcs11_id_management ? 1 : 0, pkcs11_id ); if (pkcs11_id_management) { struct user_pass id_resp; CLEAR(id_resp); id_resp.defined = false; id_resp.nocache = true; openvpn_snprintf( id_resp.username, sizeof(id_resp.username), "Please specify PKCS#11 id to use" ); if ( !get_user_pass( &id_resp, NULL, "pkcs11-id-request", GET_USER_PASS_MANAGEMENT|GET_USER_PASS_NEED_STR|GET_USER_PASS_NOFATAL ) ) { goto cleanup; } if ( (rv = pkcs11h_certificate_deserializeCertificateId( &certificate_id, id_resp.password )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot deserialize id %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } } else { if ( (rv = pkcs11h_certificate_deserializeCertificateId( &certificate_id, pkcs11_id )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot deserialize id %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } } if ( (rv = pkcs11h_certificate_create( certificate_id, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &certificate )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot get certificate %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } if ( (pkcs11_init_tls_session( certificate, ssl_ctx )) ) { /* Handled by SSL context free */ certificate = NULL; goto cleanup; } /* Handled by SSL context free */ certificate = NULL; ok = true; cleanup: if (certificate != NULL) { pkcs11h_certificate_freeCertificate(certificate); certificate = NULL; } if (certificate_id != NULL) { pkcs11h_certificate_freeCertificateId(certificate_id); certificate_id = NULL; } dmsg( D_PKCS11_DEBUG, "PKCS#11: tls_ctx_use_pkcs11 - return ok=%d, rv=%ld", ok ? 1 : 0, rv ); return ok ? 1 : 0; }
/** Sign data (set by SETDATA) with certificate id in line. */ gpg_error_t cmd_pksign (assuan_context_t ctx, char *line) { static const unsigned char rmd160_prefix[] = /* (1.3.36.3.2.1) */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 }; static const unsigned char md5_prefix[] = /* (1.2.840.113549.2.5) */ { 0x30, 0x2c, 0x30, 0x09, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 }; static const unsigned char sha1_prefix[] = /* (1.3.14.3.2.26) */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; static const unsigned char sha224_prefix[] = /* (2.16.840.1.101.3.4.2.4) */ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C }; static const unsigned char sha256_prefix[] = /* (2.16.840.1.101.3.4.2.1) */ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; static const unsigned char sha384_prefix[] = /* (2.16.840.1.101.3.4.2.2) */ { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; static const unsigned char sha512_prefix[] = /* (2.16.840.1.101.3.4.2.3) */ { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; gpg_err_code_t error = GPG_ERR_GENERAL; pkcs11h_certificate_id_t cert_id = NULL; pkcs11h_certificate_t cert = NULL; cmd_data_t *data = (cmd_data_t *)assuan_get_pointer (ctx); cmd_data_t *_data = data; int need_free__data = 0; int session_locked = 0; unsigned char *sig = NULL; size_t sig_len; char hash[100] = ""; enum { INJECT_NONE, INJECT_RMD160, INJECT_MD5, INJECT_SHA1, INJECT_SHA224, INJECT_SHA256, INJECT_SHA384, INJECT_SHA512 } inject = INJECT_NONE; if (data->data == NULL) { error = GPG_ERR_INV_DATA; goto cleanup; } while (*line != '\x0' && (isspace (*line) || *line == '-')) { if (*line == '-') { static const char *hashprm = "--hash="; char *p = line; while (*line != '\x0' && !isspace (*line)) { line++; } line++; if (!strncmp (p, hashprm, strlen (hashprm))) { p += strlen (hashprm); *(line-1) = '\0'; snprintf (hash, sizeof(hash), "%s", p); } } else { line++; } } if (*line == '\x0') { error = GPG_ERR_INV_DATA; goto cleanup; } /* * sender prefixed data with algorithm OID */ if (strcmp(hash, "")) { if (!strcmp(hash, "rmd160") && data->size == (0x14 + sizeof(rmd160_prefix)) && !memcmp (data->data, rmd160_prefix, sizeof (rmd160_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "rmd160") && data->size == 0x14) { inject = INJECT_RMD160; } else if (!strcmp(hash, "md5") && data->size == (0x10 + sizeof(md5_prefix)) && !memcmp (data->data, md5_prefix, sizeof (md5_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "md5") && data->size == 0x10) { inject = INJECT_MD5; } else if (!strcmp(hash, "sha1") && data->size == (0x14 + sizeof(sha1_prefix)) && !memcmp (data->data, sha1_prefix, sizeof (sha1_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "sha1") && data->size == 0x14) { inject = INJECT_SHA1; } else if (!strcmp(hash, "sha224") && data->size == (0x1c + sizeof(sha224_prefix)) && !memcmp (data->data, sha224_prefix, sizeof (sha224_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "sha224") && data->size == 0x1c) { inject = INJECT_SHA224; } else if (!strcmp(hash, "sha256") && data->size == (0x20 + sizeof(sha256_prefix)) && !memcmp (data->data, sha256_prefix, sizeof (sha256_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "sha256") && data->size == 0x20) { inject = INJECT_SHA256; } else if (!strcmp(hash, "sha384") && data->size == (0x30 + sizeof(sha384_prefix)) && !memcmp (data->data, sha384_prefix, sizeof (sha384_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "sha384") && data->size == 0x30) { inject = INJECT_SHA384; } else if (!strcmp(hash, "sha512") && data->size == (0x40 + sizeof(sha512_prefix)) && !memcmp (data->data, sha512_prefix, sizeof (sha512_prefix))) { inject = INJECT_NONE; } else if (!strcmp(hash, "sha512") && data->size == 0x40) { inject = INJECT_SHA512; } else { common_log (LOG_DEBUG, "unsupported hash algo (hash=%s,size=%d)", hash, data->size); error = GPG_ERR_UNSUPPORTED_ALGORITHM; goto cleanup; } } else { if ( data->size == 0x10 + sizeof (md5_prefix) || data->size == 0x14 + sizeof (sha1_prefix) || data->size == 0x14 + sizeof (rmd160_prefix) ) { if ( memcmp (data->data, md5_prefix, sizeof (md5_prefix)) && memcmp (data->data, sha1_prefix, sizeof (sha1_prefix)) && memcmp (data->data, rmd160_prefix, sizeof (rmd160_prefix)) ) { error = GPG_ERR_UNSUPPORTED_ALGORITHM; goto cleanup; } } else { /* * unknown hash algorithm; * gnupg's scdaemon forces to SHA1 */ inject = INJECT_SHA1; } } if (inject != INJECT_NONE) { const unsigned char *oid; size_t oid_size; switch (inject) { case INJECT_RMD160: oid = rmd160_prefix; oid_size = sizeof (rmd160_prefix); break; case INJECT_MD5: oid = md5_prefix; oid_size = sizeof (md5_prefix); break; case INJECT_SHA1: oid = sha1_prefix; oid_size = sizeof (sha1_prefix); break; case INJECT_SHA224: oid = sha224_prefix; oid_size = sizeof (sha224_prefix); break; case INJECT_SHA256: oid = sha256_prefix; oid_size = sizeof(sha256_prefix); break; case INJECT_SHA384: oid = sha384_prefix; oid_size = sizeof(sha384_prefix); break; case INJECT_SHA512: oid = sha512_prefix; oid_size = sizeof(sha512_prefix); break; default: error = GPG_ERR_INV_DATA; goto cleanup; } need_free__data = 1; if ((_data = (cmd_data_t *)malloc (sizeof (cmd_data_t))) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } if ((_data->data = (unsigned char *)malloc (data->size + oid_size)) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } _data->size = 0; memmove (_data->data+_data->size, oid, oid_size); _data->size += oid_size; memmove (_data->data+_data->size, data->data, data->size); _data->size += data->size; } if ( (error = _get_certificate_by_name ( ctx, line, OPENPGP_SIGN, &cert_id, NULL )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_create ( cert_id, ctx, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &cert ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_lockSession (cert) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } session_locked = 1; if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_signAny ( cert, CKM_RSA_PKCS, _data->data, _data->size, NULL, &sig_len ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ((sig = (unsigned char *)malloc (sig_len)) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_signAny ( cert, CKM_RSA_PKCS, _data->data, _data->size, sig, &sig_len ) )) != GPG_ERR_NO_ERROR || (error = assuan_send_data(ctx, sig, sig_len)) != GPG_ERR_NO_ERROR ) { goto cleanup; } error = GPG_ERR_NO_ERROR; cleanup: if (session_locked) { pkcs11h_certificate_releaseSession (cert); session_locked = 0; } if (cert != NULL) { pkcs11h_certificate_freeCertificate (cert); cert = NULL; } if (cert_id != NULL) { pkcs11h_certificate_freeCertificateId (cert_id); cert_id = NULL; } if (sig != NULL) { free (sig); sig = NULL; } if (need_free__data) { free (_data->data); _data->data = NULL; free (_data); _data = NULL; } return gpg_error (error); }
/** Read key given cert id in line. */ gpg_error_t cmd_readkey (assuan_context_t ctx, char *line) { gpg_err_code_t error = GPG_ERR_GENERAL; pkcs11h_certificate_id_t cert_id = NULL; gcry_sexp_t sexp = NULL; unsigned char *blob = NULL; size_t blob_size; if ( (error = _get_certificate_by_name ( ctx, line, 0, &cert_id, NULL )) != GPG_ERR_NO_ERROR || (error = get_cert_sexp (ctx, cert_id, &sexp)) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ((blob_size = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0)) == 0) { error = GPG_ERR_BAD_KEY; goto cleanup; } if ((blob = (unsigned char *)malloc (blob_size)) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } if (gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, blob, blob_size) == 0) { error = GPG_ERR_BAD_KEY; goto cleanup; } if ( (error = assuan_send_data( ctx, blob, gcry_sexp_canon_len (blob, 0, NULL, NULL) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } error = GPG_ERR_NO_ERROR; cleanup: if (sexp != NULL) { gcry_sexp_release(sexp); sexp = NULL; } if (cert_id != NULL) { pkcs11h_certificate_freeCertificateId (cert_id); cert_id = NULL; } if (blob != NULL) { free (blob); blob = NULL; } return gpg_error (error); }
int _get_certificate_by_name (assuan_context_t ctx, char *name, int typehint, pkcs11h_certificate_id_t *p_cert_id, char **p_key) { cmd_data_t *data = (cmd_data_t *)assuan_get_pointer (ctx); gpg_err_code_t error = GPG_ERR_BAD_KEY; pkcs11h_certificate_id_list_t user_certificates = NULL; pkcs11h_certificate_id_list_t curr_cert; pkcs11h_certificate_id_t cert_id = NULL; char *key_hexgrip = NULL; gcry_sexp_t sexp = NULL; char *key = NULL; int type; *p_cert_id = NULL; if (p_key != NULL) { *p_key = NULL; } if (name == NULL) { type = typehint; } else if ( /* gnupg-2.0 mode */ data->config->openpgp_sign != NULL || data->config->openpgp_encr != NULL || data->config->openpgp_auth != NULL ) { type = typehint; } else if (strncmp (name, OPENPGP_KEY_NAME_PREFIX, strlen (OPENPGP_KEY_NAME_PREFIX))) { return common_map_pkcs11_error ( pkcs11h_certificate_deserializeCertificateId (p_cert_id, name) ); } else { type = atoi(name + strlen (OPENPGP_KEY_NAME_PREFIX)); } switch (type) { case OPENPGP_SIGN: key = data->config->openpgp_sign; break; case OPENPGP_ENCR: key = data->config->openpgp_encr; break; case OPENPGP_AUTH: key = data->config->openpgp_auth; break; default: error = GPG_ERR_BAD_KEY; goto cleanup; } if (key == NULL) { error = GPG_ERR_BAD_KEY; goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_enumCertificateIds ( PKCS11H_ENUM_METHOD_CACHE_EXIST, ctx, PKCS11H_PROMPT_MASK_ALLOW_ALL, NULL, &user_certificates ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } for ( curr_cert = user_certificates; curr_cert != NULL && cert_id == NULL; curr_cert = curr_cert->next ) { if ((error = get_cert_sexp (ctx, curr_cert->certificate_id, &sexp)) != GPG_ERR_NO_ERROR) { goto cleanup; } if ((key_hexgrip = keyutil_get_cert_hexgrip (sexp)) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } if (!strcmp (key_hexgrip, key)) { if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_duplicateCertificateId ( &cert_id, curr_cert->certificate_id ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } } } if (cert_id == NULL) { error = GPG_ERR_BAD_KEY; goto cleanup; } *p_cert_id = cert_id; cert_id = NULL; if (p_key != NULL) { *p_key = key; } error = GPG_ERR_NO_ERROR; cleanup: if (sexp != NULL) { gcry_sexp_release(sexp); sexp = NULL; } if (key_hexgrip != NULL) { free (key_hexgrip); key_hexgrip = NULL; } if (user_certificates != NULL) { pkcs11h_certificate_freeCertificateIdList (user_certificates); user_certificates = NULL; } if (cert_id != NULL) { pkcs11h_certificate_freeCertificateId (cert_id); cert_id = NULL; } return error; }
gpg_error_t cmd_genkey (assuan_context_t ctx, char *line) { gpg_err_code_t error = GPG_ERR_GENERAL; pkcs11h_certificate_id_t cert_id = NULL; gcry_mpi_t n_mpi = NULL; gcry_mpi_t e_mpi = NULL; unsigned char *n_hex = NULL; unsigned char *e_hex = NULL; char *n_resp = strdup ("n "); char *e_resp = strdup ("e "); unsigned char *blob = NULL; char *serial = NULL; char *key = NULL; size_t blob_size; char timestamp[100] = {0}; while (*line != '\x0' && !isdigit (*line)) { if (*line == '-') { static const char *ts = "--timestamp="; char *p = line; while (*line != '\x0' && !isspace (*line)) { line++; } line++; if (!strncmp (p, ts, strlen (ts))) { p += strlen (ts); sprintf (timestamp, "%d", (int)isotime2epoch (p)); } } else { line++; } } if (*line == '\x0') { error = GPG_ERR_INV_DATA; goto cleanup; } if (strlen (timestamp) == 0) { sprintf (timestamp, "%d", (int)time (NULL)); } if ( (error = _get_certificate_by_name ( ctx, NULL, atoi(line), &cert_id, &key )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( (error = assuan_write_status ( ctx, "KEY-FPR", key )) != GPG_ERR_NO_ERROR || (error = assuan_write_status( ctx, "KEY-CREATED-AT", timestamp )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ((error = get_serial_of_tokenid(cert_id->token_id, &serial)) != GPG_ERR_NO_ERROR) { goto cleanup; } if ( (error = assuan_write_status ( ctx, "SERIALNO", serial )) != GPG_ERR_NO_ERROR || (error = get_cert_blob ( ctx, cert_id, &blob, &blob_size )) != GPG_ERR_NO_ERROR || (error = keyutil_get_cert_mpi ( blob, blob_size, &n_mpi, &e_mpi )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( gcry_mpi_aprint ( GCRYMPI_FMT_HEX, &n_hex, NULL, n_mpi ) || gcry_mpi_aprint ( GCRYMPI_FMT_HEX, &e_hex, NULL, e_mpi ) ) { error = GPG_ERR_BAD_KEY; goto cleanup; } if ( !encoding_strappend (&n_resp, (char *)n_hex) || !encoding_strappend (&e_resp, (char *)e_hex) ) { error = GPG_ERR_ENOMEM; goto cleanup; } if ( (error = assuan_write_status( ctx, "KEY-DATA", n_resp )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( (error = assuan_write_status( ctx, "KEY-DATA", e_resp )) != GPG_ERR_NO_ERROR ) { goto cleanup; } error = GPG_ERR_NO_ERROR; cleanup: if (n_mpi != NULL) { gcry_mpi_release (n_mpi); n_mpi = NULL; } if (e_mpi != NULL) { gcry_mpi_release (e_mpi); e_mpi = NULL; } if (n_hex != NULL) { gcry_free (n_hex); n_hex = NULL; } if (e_hex != NULL) { gcry_free (e_hex); e_hex = NULL; } if (n_resp != NULL) { free (n_resp); n_resp = NULL; } if (e_resp != NULL) { free (e_resp); e_resp = NULL; } if (blob != NULL) { free (blob); blob = NULL; } if (cert_id != NULL) { pkcs11h_certificate_freeCertificateId (cert_id); cert_id = NULL; } if (serial != NULL) { free(serial); serial = NULL; } return gpg_error (error); }
/** Decrypt data (set by SETDATA) with certificate id in line. */ gpg_error_t cmd_pkdecrypt (assuan_context_t ctx, char *line) { gpg_err_code_t error = GPG_ERR_GENERAL; pkcs11h_certificate_id_t cert_id = NULL; pkcs11h_certificate_t cert = NULL; unsigned char *ptext = NULL; size_t ptext_len; int session_locked = 0; cmd_data_t *data = (cmd_data_t *)assuan_get_pointer (ctx); cmd_data_t _data; if ( data == NULL || data->data == NULL ) { error = GPG_ERR_INV_DATA; goto cleanup; } /* * Guess.. taken from openpgp card implementation * and java PKCS#11 provider. */ _data.data = data->data; _data.size = data->size; if ( *_data.data == 0 && ( _data.size == 129 || _data.size == 193 || _data.size == 257 || _data.size == 385 || _data.size == 513 ) ) { _data.data++; _data.size--; } if ( (error = _get_certificate_by_name ( ctx, line, OPENPGP_ENCR, &cert_id, NULL )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_create ( cert_id, ctx, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &cert ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_lockSession (cert) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } session_locked = 1; if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_decryptAny ( cert, CKM_RSA_PKCS, _data.data, _data.size, NULL, &ptext_len ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ((ptext = (unsigned char *)malloc (ptext_len)) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_decryptAny ( cert, CKM_RSA_PKCS, _data.data, _data.size, ptext, &ptext_len ) )) != GPG_ERR_NO_ERROR || (error = assuan_write_status(ctx, "PADDING", "0")) != GPG_ERR_NO_ERROR || (error = assuan_send_data(ctx, ptext, ptext_len)) != GPG_ERR_NO_ERROR ) { goto cleanup; } error = GPG_ERR_NO_ERROR; cleanup: if (session_locked) { pkcs11h_certificate_releaseSession (cert); session_locked = 0; } if (cert != NULL) { pkcs11h_certificate_freeCertificate (cert); cert = NULL; } if (cert_id != NULL) { pkcs11h_certificate_freeCertificateId (cert_id); cert_id = NULL; } if (ptext != NULL) { free (ptext); ptext = NULL; } return gpg_error (error); }
CK_RV pkcs11h_certificate_deserializeCertificateId ( OUT pkcs11h_certificate_id_t * const p_certificate_id, IN const char * const sz ) { pkcs11h_certificate_id_t certificate_id = NULL; CK_RV rv = CKR_FUNCTION_FAILED; char *p = NULL; char *_sz = NULL; _PKCS11H_ASSERT (p_certificate_id!=NULL); _PKCS11H_ASSERT (sz!=NULL); *p_certificate_id = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'", (void *)p_certificate_id, sz ); if ( (rv = _pkcs11h_mem_strdup ( (void *)&_sz, sz )) != CKR_OK ) { goto cleanup; } p = _sz; if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) { goto cleanup; } if ((p = strrchr (_sz, '/')) == NULL) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } *p = '\x0'; p++; if ( (rv = pkcs11h_token_deserializeTokenId ( &certificate_id->token_id, _sz )) != CKR_OK ) { goto cleanup; } certificate_id->attrCKA_ID_size = strlen (p)/2; if ( (rv = _pkcs11h_mem_malloc ( (void *)&certificate_id->attrCKA_ID, certificate_id->attrCKA_ID_size) ) != CKR_OK || (rv = _pkcs11h_util_hexToBinary ( certificate_id->attrCKA_ID, p, &certificate_id->attrCKA_ID_size )) != CKR_OK ) { goto cleanup; } *p_certificate_id = certificate_id; certificate_id = NULL; rv = CKR_OK; cleanup: if (certificate_id != NULL) { pkcs11h_certificate_freeCertificateId (certificate_id); certificate_id = NULL; } if (_sz != NULL) { _pkcs11h_mem_free ((void *)&_sz); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; }