コード例 #1
0
int
pkcs11_certificate_dn (pkcs11h_certificate_t certificate, char *dn,
    size_t dn_len)
{
  X509 *x509 = NULL;
  int ret = 1;

  if ((x509 = pkcs11h_openssl_getX509 (certificate)) == NULL)
    {
      msg (M_FATAL, "PKCS#11: Cannot get X509");
      ret = 1;
      goto cleanup;
    }

  X509_NAME_oneline (X509_get_subject_name (x509), dn, dn_len);

  ret = 0;

cleanup:
  if (x509 != NULL)
    {
      X509_free (x509);
      x509 = NULL;
    }

  return ret;
}
コード例 #2
0
X509 *
pkcs11h_openssl_session_getX509 (
	IN const pkcs11h_openssl_session_t openssl_session
) {
	X509 *x509 = NULL;
	PKCS11H_BOOL ok = FALSE;

	_PKCS11H_ASSERT (openssl_session!=NULL);

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: pkcs11h_openssl_session_getX509 - entry openssl_session=%p",
		(void *)openssl_session
	);

	if (
		openssl_session->x509 == NULL &&
		(openssl_session->x509 = pkcs11h_openssl_getX509 (openssl_session->certificate)) == NULL
	) {
		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object");
		goto cleanup;
	}

	if ((x509 = X509_dup (openssl_session->x509)) == NULL) {
		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot duplicate certificate object");
		goto cleanup;
	}

	ok = TRUE;

cleanup:

	if (!ok) {
		if (x509 != NULL) {
			X509_free (x509);
			x509 = NULL;
		}
	}

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: pkcs11h_openssl_session_getX509 - return x509=%p",
		(void *)x509
	);

	return x509;
}
コード例 #3
0
ファイル: pkcs11_openssl.c プロジェクト: AlBeOn/openvpn 
int
pkcs11_certificate_serial (pkcs11h_certificate_t certificate, char *serial,
    size_t serial_len)
{
  X509 *x509 = NULL;
  BIO *bio = NULL;
  int ret = 1;
  int n;

  if ((x509 = pkcs11h_openssl_getX509 (certificate)) == NULL)
    {
      msg (M_FATAL, "PKCS#11: Cannot get X509");
      goto cleanup;
    }

  if ((bio = BIO_new (BIO_s_mem ())) == NULL)
    {
      msg (M_FATAL, "PKCS#11: Cannot create BIO");
      goto cleanup;
    }

  i2a_ASN1_INTEGER(bio, X509_get_serialNumber (x509));
  n = BIO_read (bio, serial, serial_len-1);

  if (n<0) {
    serial[0] = '\x0';
  }
  else {
    serial[n] = 0;
  }

  ret = 0;

cleanup:

  if (x509 != NULL)
    {
      X509_free (x509);
      x509 = NULL;
    }
  return ret;
}
コード例 #4
0
ファイル: pkcs11_openssl.c プロジェクト: AlBeOn/openvpn 
char *
pkcs11_certificate_dn (pkcs11h_certificate_t certificate, struct gc_arena *gc)
{
  X509 *x509 = NULL;

  char *dn = NULL;

  if ((x509 = pkcs11h_openssl_getX509 (certificate)) == NULL)
    {
      msg (M_FATAL, "PKCS#11: Cannot get X509");
      goto cleanup;
    }

  dn = x509_get_subject (x509, gc);

cleanup:
  if (x509 != NULL)
    {
      X509_free (x509);
      x509 = NULL;
    }

  return dn;
}
コード例 #5
0
ファイル: pkcs11.c プロジェクト: angelol/iOpenVPN 
int
SSL_CTX_use_pkcs11 (
	IN OUT SSL_CTX * const ssl_ctx,
	IN const char * const pkcs11_slot_type,
	IN const char * const pkcs11_slot,
	IN const char * const pkcs11_id_type,
	IN const char * const pkcs11_id
) {
	X509 *x509 = NULL;
	RSA *rsa = NULL;
	pkcs11h_certificate_id_t certificate_id = NULL;
	pkcs11h_certificate_t certificate = NULL;
	pkcs11h_openssl_session_t openssl_session = NULL;
	CK_RV rv = CKR_OK;

	bool fOK = true;

	ASSERT (ssl_ctx!=NULL);
	ASSERT (pkcs11_slot_type!=NULL);
	ASSERT (pkcs11_slot!=NULL);
	ASSERT (pkcs11_id_type!=NULL);
	ASSERT (pkcs11_id!=NULL);

	dmsg (
		D_PKCS11_DEBUG,
		"PKCS#11: SSL_CTX_use_pkcs11 - entered - ssl_ctx=%p, pkcs11_slot_type='%s', pkcs11_slot='%s', pkcs11_id_type='%s', pkcs11_id='%s'",
		(void *)ssl_ctx,
		pkcs11_slot_type,
		pkcs11_slot,
		pkcs11_id_type,
		pkcs11_id
	);

	ASSERT (ssl_ctx!=NULL);
	ASSERT (pkcs11_slot_type!=NULL);
	ASSERT (pkcs11_slot!=NULL);
	ASSERT (pkcs11_id_type!=NULL);
	ASSERT (pkcs11_id!=NULL);

	if (
		fOK &&
		(rv = pkcs11h_locate_certificate (
			pkcs11_slot_type,
			pkcs11_slot,
			pkcs11_id_type,
			pkcs11_id,
			&certificate_id
		)) != CKR_OK
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Cannot set parameters %ld-'%s'", rv, pkcs11h_getMessage (rv));
	}

	if (
		fOK &&
		(rv = pkcs11h_certificate_create (
			certificate_id,
			PKCS11H_PIN_CACHE_INFINITE,
			&certificate
		)) != CKR_OK
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Cannot get certificate %ld-'%s'", rv, pkcs11h_getMessage (rv));
	}

	if (
		fOK &&
		(openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Cannot initialize openssl session");
	}

	if (fOK) {
		/*
		 * Will be released by openssl_session
		 */
		certificate = NULL;
	}

	if (
		fOK &&
		(rsa = pkcs11h_openssl_getRSA (openssl_session)) == NULL
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Unable get rsa object");
	}

	if (
		fOK &&
		(x509 = pkcs11h_openssl_getX509 (openssl_session)) == NULL
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Unable get certificate object");
	}

	if (
		fOK &&
		!SSL_CTX_use_RSAPrivateKey (ssl_ctx, rsa)
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Cannot set private key for openssl");
	}

	if (
		fOK &&
		!SSL_CTX_use_certificate (ssl_ctx, x509)
	) {
		fOK = false;
		msg (M_WARN, "PKCS#11: Cannot set certificate for openssl");
	}

	/*
	 * openssl objects have reference
	 * count, so release them
	 */

	if (x509 != NULL) {
		X509_free (x509);
		x509 = NULL;
	}

	if (rsa != NULL) {
		RSA_free (rsa);
		rsa = NULL;
	}

	if (certificate != NULL) {
		pkcs11h_freeCertificate (certificate);
		certificate = NULL;
	}

	if (certificate_id != NULL) {
		pkcs11h_freeCertificateId (certificate_id);
		certificate_id = NULL;
	}
	
	if (openssl_session != NULL) {
		pkcs11h_openssl_freeSession (openssl_session);
		openssl_session = NULL;
	}

	dmsg (
		D_PKCS11_DEBUG,
		"PKCS#11: SSL_CTX_use_pkcs11 - return fOK=%d, rv=%ld",
		fOK ? 1 : 0,
		rv
	);

	return fOK ? 1 : 0;
}