static bool pkcs11_get_x509_cert(pkcs11h_certificate_t pkcs11_cert, mbedtls_x509_crt *cert) { unsigned char *cert_blob = NULL; size_t cert_blob_size = 0; bool ret = false; if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, NULL, &cert_blob_size) != CKR_OK) { msg(M_WARN, "PKCS#11: Cannot retrieve certificate object size"); goto cleanup; } check_malloc_return((cert_blob = calloc(1, cert_blob_size))); if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, cert_blob, &cert_blob_size) != CKR_OK) { msg(M_WARN, "PKCS#11: Cannot retrieve certificate object"); goto cleanup; } if (!mbed_ok(mbedtls_x509_crt_parse(cert, cert_blob, cert_blob_size))) { msg(M_WARN, "PKCS#11: Could not parse certificate"); goto cleanup; } ret = true; cleanup: free(cert_blob); return ret; }
int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11_cert ) { int ret = 1; unsigned char *cert_blob = NULL; size_t cert_blob_size = 0; if( cert == NULL ) { ret = 2; goto cleanup; } if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK ) { ret = 3; goto cleanup; } cert_blob = polarssl_malloc( cert_blob_size ); if( NULL == cert_blob ) { ret = 4; goto cleanup; } if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK ) { ret = 5; goto cleanup; } if( 0 != x509_crt_parse( cert, cert_blob, cert_blob_size ) ) { ret = 6; goto cleanup; } ret = 0; cleanup: if( NULL != cert_blob ) polarssl_free( cert_blob ); return( ret ); }
int vdb_mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert ) { int ret = 1; unsigned char *cert_blob = NULL; size_t cert_blob_size = 0; if( cert == NULL ) { ret = 2; goto cleanup; } if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, &cert_blob_size ) != CKR_OK ) { ret = 3; goto cleanup; } cert_blob = vdb_mbedtls_calloc( 1, cert_blob_size ); if( NULL == cert_blob ) { ret = 4; goto cleanup; } if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, &cert_blob_size ) != CKR_OK ) { ret = 5; goto cleanup; } if( 0 != vdb_mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) ) { ret = 6; goto cleanup; } ret = 0; cleanup: if( NULL != cert_blob ) vdb_mbedtls_free( cert_blob ); return( ret ); }
bool pkcs11_management_id_get( const int index, char **id, char **base64 ) { pkcs11h_certificate_id_list_t id_list = NULL; pkcs11h_certificate_id_list_t entry = NULL; #if 0 /* certificate_id seems to be unused -- JY */ pkcs11h_certificate_id_t certificate_id = NULL; #endif pkcs11h_certificate_t certificate = NULL; CK_RV rv = CKR_OK; unsigned char *certificate_blob = NULL; size_t certificate_blob_size = 0; size_t max; char *internal_id = NULL; char *internal_base64 = NULL; int count = 0; bool success = false; ASSERT(id!=NULL); ASSERT(base64!=NULL); dmsg( D_PKCS11_DEBUG, "PKCS#11: pkcs11_management_id_get - entered index=%d", index ); *id = NULL; *base64 = NULL; if ( (rv = pkcs11h_certificate_enumCertificateIds( PKCS11H_ENUM_METHOD_CACHE_EXIST, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, NULL, &id_list )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot get certificate list %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } entry = id_list; count = 0; while (entry != NULL && count != index) { count++; entry = entry->next; } if (entry == NULL) { dmsg( D_PKCS11_DEBUG, "PKCS#11: pkcs11_management_id_get - no certificate at index=%d", index ); goto cleanup; } if ( (rv = pkcs11h_certificate_serializeCertificateId( NULL, &max, entry->certificate_id )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot serialize certificate id %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } if ((internal_id = (char *)malloc(max)) == NULL) { msg(M_FATAL, "PKCS#11: Cannot allocate memory"); goto cleanup; } if ( (rv = pkcs11h_certificate_serializeCertificateId( internal_id, &max, entry->certificate_id )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot serialize certificate id %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } if ( (rv = pkcs11h_certificate_create( entry->certificate_id, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &certificate )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot get certificate %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } if ( (rv = pkcs11h_certificate_getCertificateBlob( certificate, NULL, &certificate_blob_size )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot get certificate blob %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } if ((certificate_blob = (unsigned char *)malloc(certificate_blob_size)) == NULL) { msg(M_FATAL, "PKCS#11: Cannot allocate memory"); goto cleanup; } if ( (rv = pkcs11h_certificate_getCertificateBlob( certificate, certificate_blob, &certificate_blob_size )) != CKR_OK ) { msg(M_WARN, "PKCS#11: Cannot get certificate blob %ld-'%s'", rv, pkcs11h_getMessage(rv)); goto cleanup; } if (openvpn_base64_encode(certificate_blob, certificate_blob_size, &internal_base64) == -1) { msg(M_WARN, "PKCS#11: Cannot encode certificate"); goto cleanup; } *id = internal_id; internal_id = NULL; *base64 = internal_base64; internal_base64 = NULL; success = true; cleanup: if (id_list != NULL) { pkcs11h_certificate_freeCertificateIdList(id_list); id_list = NULL; } if (internal_id != NULL) { free(internal_id); internal_id = NULL; } if (internal_base64 != NULL) { free(internal_base64); internal_base64 = NULL; } if (certificate_blob != NULL) { free(certificate_blob); certificate_blob = NULL; } dmsg( D_PKCS11_DEBUG, "PKCS#11: pkcs11_management_id_get - return success=%d, id='%s'", success ? 1 : 0, *id ); return success; }
static gpg_err_code_t get_cert_blob ( assuan_context_t ctx, pkcs11h_certificate_id_t cert_id, unsigned char **p_blob, size_t *p_blob_size ) { gpg_err_code_t error = GPG_ERR_GENERAL; pkcs11h_certificate_t cert = NULL; unsigned char *blob = NULL; size_t blob_size; *p_blob = NULL; *p_blob_size = 0; if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_create ( cert_id, ctx, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &cert ) )) != GPG_ERR_NO_ERROR || (error = common_map_pkcs11_error ( pkcs11h_certificate_getCertificateBlob ( cert, NULL, &blob_size ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } if ((blob = (unsigned char *)malloc (blob_size)) == NULL) { error = GPG_ERR_ENOMEM; goto cleanup; } if ( (error = common_map_pkcs11_error ( pkcs11h_certificate_getCertificateBlob ( cert, blob, &blob_size ) )) != GPG_ERR_NO_ERROR ) { goto cleanup; } *p_blob = blob; *p_blob_size = blob_size; blob = NULL; error = GPG_ERR_NO_ERROR; cleanup: if (cert != NULL) { pkcs11h_certificate_freeCertificate (cert); cert = NULL; } if (blob != NULL) { free (blob); blob = NULL; } return error; }
X509 * pkcs11h_openssl_getX509 ( IN const pkcs11h_certificate_t certificate ) { unsigned char *certificate_blob = NULL; size_t certificate_blob_size = 0; X509 *x509 = NULL; CK_RV rv = CKR_FUNCTION_FAILED; __pkcs11_openssl_d2i_t d2i1 = NULL; _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_getX509 - entry certificate=%p", (void *)certificate ); if ((x509 = X509_new ()) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to allocate certificate object"); rv = CKR_HOST_MEMORY; goto cleanup; } if ( (rv = pkcs11h_certificate_getCertificateBlob ( certificate, NULL, &certificate_blob_size )) != CKR_OK ) { goto cleanup; } if ((rv = _pkcs11h_mem_malloc ((void *)&certificate_blob, certificate_blob_size)) != CKR_OK) { goto cleanup; } if ( (rv = pkcs11h_certificate_getCertificateBlob ( certificate, certificate_blob, &certificate_blob_size )) != CKR_OK ) { goto cleanup; } d2i1 = (__pkcs11_openssl_d2i_t)certificate_blob; if (!d2i_X509 (&x509, &d2i1, certificate_blob_size)) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to parse X.509 certificate"); rv = CKR_FUNCTION_FAILED; goto cleanup; } rv = CKR_OK; cleanup: if (certificate_blob != NULL) { _pkcs11h_mem_free((void *)&certificate_blob); } if (rv != CKR_OK) { if (x509 != NULL) { X509_free (x509); x509 = NULL; } } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_getX509 - return rv=%ld-'%s', x509=%p", rv, pkcs11h_getMessage (rv), (void *)x509 ); return x509; }