unsigned
pkcs11h_getLogLevel (void) {
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
return _g_pkcs11h_loglevel;
}
CK_RV
_pkcs11h_mem_duplicate (
OUT const void * * const dest,
OUT size_t * const p_dest_size,
IN const void * const src,
IN const size_t mem_size
) {
CK_RV rv = CKR_FUNCTION_FAILED;
_PKCS11H_ASSERT (dest!=NULL);
/*_PKCS11H_ASSERT (dest_size!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (!(mem_size!=0&&src==NULL));
*dest = NULL;
if (p_dest_size != NULL) {
*p_dest_size = 0;
}
if (src != NULL) {
if ((rv = _pkcs11h_mem_malloc (dest, mem_size)) != CKR_OK) {
goto cleanup;
}
if (p_dest_size != NULL) {
*p_dest_size = mem_size;
}
memmove ((void*)*dest, src, mem_size);
}
rv = CKR_OK;
cleanup:
return rv;
}
CK_RV
_pkcs11h_mem_malloc (
OUT const void * * const p,
IN const size_t s
) {
CK_RV rv = CKR_OK;
_PKCS11H_ASSERT (p!=NULL);
_PKCS11H_ASSERT (s!=0);
*p = NULL;
if (s > 0) {
if (
(*p = (void *)_g_pkcs11h_sys_engine.malloc (s)) == NULL
) {
rv = CKR_HOST_MEMORY;
}
else {
memset ((void *)*p, 0, s);
}
}
return rv;
}
CK_RV
pkcs11h_token_freeTokenIdList (
IN const pkcs11h_token_id_list_t token_id_list
) {
pkcs11h_token_id_list_t _id = token_id_list;
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
/*_PKCS11H_ASSERT (token_id_list!=NULL); NOT NEEDED*/
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeTokenIdList entry token_id_list=%p",
(void *)token_id_list
);
while (_id != NULL) {
pkcs11h_token_id_list_t x = _id;
_id = _id->next;
if (x->token_id != NULL) {
pkcs11h_token_freeTokenId (x->token_id);
}
x->next = NULL;
_pkcs11h_mem_free ((void *)&x);
}
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeTokenIdList return"
);
return CKR_OK;
}
static
int
__pkcs11h_crypto_gnutls_certificate_get_dn (
IN void * const global_data,
IN const unsigned char * const blob,
IN const size_t blob_size,
OUT char * const dn,
IN const size_t dn_max
) {
gnutls_x509_crt_t cert = NULL;
gnutls_datum_t datum;
size_t s;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (blob!=NULL);
_PKCS11H_ASSERT (dn!=NULL);
_PKCS11H_ASSERT (dn_max>0);
dn[0] = '\x0';
if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) {
/* gnutls sets output */
cert = NULL;
goto cleanup;
}
datum.data = (unsigned char *)blob;
datum.size = blob_size;
if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) {
goto cleanup;
}
s = dn_max;
if (
gnutls_x509_crt_get_dn (
cert,
dn,
&s
) != GNUTLS_E_SUCCESS
) {
/* gnutls sets output */
dn[0] = '\x0';
goto cleanup;
}
cleanup:
if (cert != NULL) {
gnutls_x509_crt_deinit (cert);
cert = NULL;
}
return dn[0] != '\x0';
}
static
int
__pkcs11h_crypto_win32_certificate_get_expiration (
IN void * const global_data,
IN const unsigned char * const blob,
IN const size_t blob_size,
OUT time_t * const expiration
) {
__crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
PCCERT_CONTEXT cert = NULL;
PKCS11H_BOOL ok = FALSE;
SYSTEMTIME ust, st;
struct tm tm1;
_PKCS11H_ASSERT (global_data!=NULL);
_PKCS11H_ASSERT (blob!=NULL);
_PKCS11H_ASSERT (expiration!=NULL);
*expiration = (time_t)0;
if (
(cert = data->p_CertCreateCertificateContext (
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
blob,
blob_size
)) == NULL ||
!FileTimeToSystemTime (
&cert->pCertInfo->NotAfter,
&ust
)
) {
goto cleanup;
}
SystemTimeToTzSpecificLocalTime (NULL, &ust, &st);
memset (&tm1, 0, sizeof (tm1));
tm1.tm_year = st.wYear - 1900;
tm1.tm_mon = st.wMonth - 1;
tm1.tm_mday = st.wDay;
tm1.tm_hour = st.wHour;
tm1.tm_min = st.wMinute;
tm1.tm_sec = st.wSecond;
*expiration = mktime (&tm1);
ok = TRUE;
cleanup:
if (cert != NULL) {
data->p_CertFreeCertificateContext (cert);
cert = NULL;
}
return ok != FALSE;
}
void
pkcs11h_openssl_freeSession (
IN const pkcs11h_openssl_session_t openssl_session
) {
CK_RV rv;
_PKCS11H_ASSERT (openssl_session!=NULL);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_freeSession - entry openssl_session=%p, count=%d",
(void *)openssl_session,
openssl_session->reference_count
);
#if defined(ENABLE_PKCS11H_THREADING)
if ((rv = _pkcs11h_threading_mutexLock(&openssl_session->reference_count_lock)) != CKR_OK) {
_PKCS11H_LOG (PKCS11H_LOG_ERROR, "PKCS#11: Cannot lock mutex %ld:'%s'", rv, pkcs11h_getMessage (rv));
goto cleanup;
}
#endif
openssl_session->reference_count--;
#if defined(ENABLE_PKCS11H_THREADING)
_pkcs11h_threading_mutexRelease(&openssl_session->reference_count_lock);
#endif
_PKCS11H_ASSERT (openssl_session->reference_count>=0);
if (openssl_session->reference_count == 0) {
#if defined(ENABLE_PKCS11H_THREADING)
_pkcs11h_threading_mutexFree(&openssl_session->reference_count_lock);
#endif
if (openssl_session->cleanup_hook != NULL) {
openssl_session->cleanup_hook (openssl_session->certificate);
}
if (openssl_session->x509 != NULL) {
X509_free (openssl_session->x509);
openssl_session->x509 = NULL;
}
if (openssl_session->certificate != NULL) {
pkcs11h_certificate_freeCertificate (openssl_session->certificate);
openssl_session->certificate = NULL;
}
_pkcs11h_mem_free ((void *)&openssl_session);
}
cleanup:
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_freeSession - return"
);
}
CK_RV
pkcs11h_setPINCachePeriod (
IN const int pin_cache_period
) {
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_g_pkcs11h_data->pin_cache_period = pin_cache_period;
return CKR_OK;
}
CK_RV
pkcs11h_setMaxLoginRetries (
IN const unsigned max_retries
) {
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_g_pkcs11h_data->max_retries = max_retries;
return CKR_OK;
}
CK_RV
pkcs11h_setProtectedAuthentication (
IN const PKCS11H_BOOL allow_protected_auth
) {
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_g_pkcs11h_data->allow_protected_auth = allow_protected_auth;
return CKR_OK;
}
static
int
__pkcs11h_crypto_gnutls_certificate_get_expiration (
IN void * const global_data,
IN const unsigned char * const blob,
IN const size_t blob_size,
OUT time_t * const expiration
) {
gnutls_x509_crt_t cert = NULL;
gnutls_datum_t datum;
time_t now = time (NULL);
time_t notBefore;
time_t notAfter;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (blob!=NULL);
_PKCS11H_ASSERT (expiration!=NULL);
*expiration = (time_t)0;
if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) {
/* gnutls sets output */
cert = NULL;
goto cleanup;
}
datum.data = (unsigned char *)blob;
datum.size = blob_size;
if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) {
goto cleanup;
}
notBefore = gnutls_x509_crt_get_activation_time (cert);
notAfter = gnutls_x509_crt_get_expiration_time (cert);
if (
now >= notBefore &&
now <= notAfter
) {
*expiration = notAfter;
}
cleanup:
if (cert != NULL) {
gnutls_x509_crt_deinit (cert);
cert = NULL;
}
return *expiration != (time_t)0;
}
CK_RV
pkcs11h_setForkMode (
IN const PKCS11H_BOOL safe
) {
#if defined(ENABLE_PKCS11H_THREADING) && !defined(_WIN32)
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_g_pkcs11h_data->safefork = safe;
#endif
return CKR_OK;
}
static
int
__pkcs11h_crypto_nss_certificate_get_expiration (
IN void * const global_data,
IN const unsigned char * const blob,
IN const size_t blob_size,
OUT time_t * const expiration
) {
CERTCertificate *cert = NULL;
PRTime pr_notBefore, pr_notAfter;
time_t notBefore, notAfter;
time_t now = time (NULL);
(void)global_data;
*expiration = (time_t)0;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (blob!=NULL);
_PKCS11H_ASSERT (expiration!=NULL);
if ((cert = CERT_DecodeCertFromPackage ((char *)blob, blob_size)) == NULL) {
goto cleanup;
}
if (CERT_GetCertTimes (cert, &pr_notBefore, &pr_notAfter) != SECSuccess) {
goto cleanup;
}
notBefore = pr_notBefore/1000000;
notAfter = pr_notAfter/1000000;
notBefore = mktime (gmtime (¬Before));
notBefore += (int)(mktime (localtime (¬Before)) - mktime (gmtime (¬Before)));
notAfter = mktime (gmtime (¬After));
notAfter += (int)(mktime (localtime (¬After)) - mktime (gmtime (¬After)));
if (
now >= notBefore &&
now <= notAfter
) {
*expiration = notAfter;
}
cleanup:
if (cert != NULL) {
CERT_DestroyCertificate (cert);
}
return *expiration != (time_t)0;
}
CK_RV
_pkcs11h_session_release (
IN const _pkcs11h_session_t session
) {
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = TRUE;
#endif
CK_RV rv = CKR_FUNCTION_FAILED;
_PKCS11H_ASSERT (session!=NULL);
_PKCS11H_ASSERT (session->reference_count>=0);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_release entry session=%p",
(void *)session
);
#if defined(ENABLE_PKCS11H_THREADING)
if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
goto cleanup;
}
mutex_locked = TRUE;
#endif
/*
* Never logout for now
*/
if (session->reference_count > 0) {
session->reference_count--;
}
rv = CKR_OK;
#if defined(ENABLE_PKCS11H_THREADING)
cleanup:
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
mutex_locked = FALSE;
}
#endif
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_release return rv=%lu-'%s'",
rv,
pkcs11h_getMessage (rv)
);
return rv;
}
CK_RV
pkcs11h_setTokenPromptHook (
IN const pkcs11h_hook_token_prompt_t hook,
IN void * const global_data
) {
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_PKCS11H_ASSERT (hook!=NULL);
_g_pkcs11h_data->hooks.token_prompt = hook;
_g_pkcs11h_data->hooks.token_prompt_data = global_data;
return CKR_OK;
}
CK_RV
pkcs11h_setLogHook (
IN const pkcs11h_hook_log_t hook,
IN void * const global_data
) {
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_PKCS11H_ASSERT (hook!=NULL);
_g_pkcs11h_data->hooks.log = hook;
_g_pkcs11h_data->hooks.log_data = global_data;
return CKR_OK;
}
PKCS11H_BOOL
pkcs11h_token_sameTokenId (
IN const pkcs11h_token_id_t a,
IN const pkcs11h_token_id_t b
) {
_PKCS11H_ASSERT (a!=NULL);
_PKCS11H_ASSERT (b!=NULL);
return (
!strcmp (a->manufacturerID, b->manufacturerID) &&
!strcmp (a->model, b->model) &&
!strcmp (a->serialNumber, b->serialNumber) &&
!strcmp (a->label, b->label)
);
}
static
PKCS11H_BOOL
__pkcs11h_hooks_default_pin_prompt (
IN void * const global_data,
IN void * const user_data,
IN const pkcs11h_token_id_t token,
IN const unsigned retry,
OUT char * const pin,
IN const size_t pin_max
) {
/*_PKCS11H_ASSERT (global_data) NOT NEEDED */
/*_PKCS11H_ASSERT (user_data) NOT NEEDED */
_PKCS11H_ASSERT (token!=NULL);
(void)global_data;
(void)user_data;
(void)retry;
(void)pin;
(void)pin_max;
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_hooks_default_pin_prompt global_data=%p, user_data=%p, display='%s'",
global_data,
user_data,
token->display
);
return FALSE;
}
CK_RV
_pkcs11h_session_freeObjectAttributes (
IN OUT const CK_ATTRIBUTE_PTR attrs,
IN const unsigned count
) {
unsigned i;
_PKCS11H_ASSERT (attrs!=NULL);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_freeObjectAttributes entry attrs=%p, count=%u",
(void *)attrs,
count
);
for (i=0;i<count;i++) {
if (attrs[i].pValue != NULL) {
_pkcs11h_mem_free ((void *)&attrs[i].pValue);
attrs[i].pValue = NULL;
}
}
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_freeObjectAttributes return"
);
return CKR_OK;
}
static
pkcs11h_certificate_t
__pkcs11h_openssl_ecdsa_get_pkcs11h_certificate (
IN EC_KEY *ec
) {
pkcs11h_openssl_session_t session = NULL;
_PKCS11H_ASSERT (ec!=NULL);
session = (pkcs11h_openssl_session_t)ECDSA_get_ex_data (ec, __openssl_methods.ecdsa_index);
_PKCS11H_ASSERT (session!=NULL);
_PKCS11H_ASSERT (session->certificate!=NULL);
return session->certificate;
}
static
pkcs11h_certificate_t
__pkcs11h_openssl_dsa_get_pkcs11h_certificate (
IN DSA *dsa
) {
pkcs11h_openssl_session_t session = NULL;
_PKCS11H_ASSERT (dsa!=NULL);
session = (pkcs11h_openssl_session_t)DSA_get_ex_data (dsa, __openssl_methods.dsa_index);
_PKCS11H_ASSERT (session!=NULL);
_PKCS11H_ASSERT (session->certificate!=NULL);
return session->certificate;
}
CK_RV
_pkcs11h_token_newTokenId (
OUT pkcs11h_token_id_t * const p_token_id
) {
CK_RV rv = CKR_FUNCTION_FAILED;
pkcs11h_token_id_t token_id = NULL;
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_PKCS11H_ASSERT (p_token_id!=NULL);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=%p",
(void *)p_token_id
);
*p_token_id = NULL;
if ((rv = _pkcs11h_mem_malloc ((void *)&token_id, sizeof (struct pkcs11h_token_id_s))) != CKR_OK) {
goto cleanup;
}
*p_token_id = token_id;
token_id = NULL;
rv = CKR_OK;
cleanup:
if (token_id != NULL) {
_pkcs11h_mem_free ((void *)&token_id);
token_id = NULL;
}
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_token_newTokenId return rv=%lu-'%s', *p_token_id=%p",
rv,
pkcs11h_getMessage (rv),
(void *)*p_token_id
);
return rv;
}
pkcs11h_hook_openssl_cleanup_t
pkcs11h_openssl_getCleanupHook (
IN const pkcs11h_openssl_session_t openssl_session
) {
_PKCS11H_ASSERT (openssl_session!=NULL);
return openssl_session->cleanup_hook;
}
static
int
__pkcs11h_crypto_openssl_certificate_get_dn (
IN void * const global_data,
IN const unsigned char * const blob,
IN const size_t blob_size,
OUT char * const dn,
IN const size_t dn_max
) {
X509 *x509 = NULL;
__pkcs11_openssl_d2i_t d2i;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (blob!=NULL);
_PKCS11H_ASSERT (dn!=NULL);
_PKCS11H_ASSERT (dn_max>0);
dn[0] = '\x0';
if ((x509 = X509_new ()) == NULL) {
goto cleanup;
}
d2i = (__pkcs11_openssl_d2i_t)blob;
if (!d2i_X509 (&x509, &d2i, blob_size)) {
goto cleanup;
}
X509_NAME_oneline (
X509_get_subject_name (x509),
dn,
dn_max
);
cleanup:
if (x509 != NULL) {
X509_free (x509);
x509 = NULL;
}
return dn[0] != '\x0';
}
CK_RV
pkcs11h_token_duplicateTokenId (
OUT pkcs11h_token_id_t * const to,
IN const pkcs11h_token_id_t from
) {
CK_RV rv = CKR_FUNCTION_FAILED;
_PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
_PKCS11H_ASSERT (to!=NULL);
_PKCS11H_ASSERT (from!=NULL);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_duplicateTokenId entry to=%p form=%p",
(void *)to,
(void *)from
);
*to = NULL;
if (
(rv = _pkcs11h_mem_duplicate (
(void*)to,
NULL,
from,
sizeof (struct pkcs11h_token_id_s)
)) != CKR_OK
) {
goto cleanup;
}
rv = CKR_OK;
cleanup:
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_duplicateTokenId return rv=%lu-'%s', *to=%p",
rv,
pkcs11h_getMessage (rv),
(void *)*to
);
return rv;
}
static
int
__pkcs11h_crypto_nss_certificate_is_issuer (
IN void * const global_data,
IN const unsigned char * const issuer_blob,
IN const size_t issuer_blob_size,
IN const unsigned char * const cert_blob,
IN const size_t cert_blob_size
) {
PKCS11H_BOOL is_issuer = FALSE;
CERTCertificate *cert = NULL;
CERTCertificate *issuer = NULL;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (issuer_blob!=NULL);
_PKCS11H_ASSERT (cert_blob!=NULL);
if ((issuer = CERT_DecodeCertFromPackage ((char *)issuer_blob, issuer_blob_size)) == NULL) {
goto cleanup;
}
if ((cert = CERT_DecodeCertFromPackage ((char *)cert_blob, cert_blob_size)) == NULL) {
goto cleanup;
}
is_issuer = CERT_VerifySignedDataWithPublicKeyInfo (
&cert->signatureWrap,
&issuer->subjectPublicKeyInfo,
NULL
) == SECSuccess;
cleanup:
if (cert != NULL) {
CERT_DestroyCertificate (cert);
}
if (issuer != NULL) {
CERT_DestroyCertificate (issuer);
}
return is_issuer;
}
void
pkcs11h_openssl_setCleanupHook (
IN const pkcs11h_openssl_session_t openssl_session,
IN const pkcs11h_hook_openssl_cleanup_t cleanup
) {
_PKCS11H_ASSERT (openssl_session!=NULL);
openssl_session->cleanup_hook = cleanup;
}
static
int
__pkcs11h_crypto_mbedtls_certificate_get_expiration (
IN void * const global_data,
IN const unsigned char * const blob,
IN const size_t blob_size,
OUT time_t * const expiration
) {
x509_crt x509;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (blob!=NULL);
_PKCS11H_ASSERT (expiration!=NULL);
*expiration = (time_t)0;
memset(&x509, 0, sizeof(x509));
if (0 != x509_crt_parse (&x509, blob, blob_size)) {
goto cleanup;
}
if (0 == x509_time_expired(&x509.valid_to)) {
struct tm tm1;
memset (&tm1, 0, sizeof (tm1));
tm1.tm_year = x509.valid_to.year - 1900;
tm1.tm_mon = x509.valid_to.mon - 1;
tm1.tm_mday = x509.valid_to.day;
tm1.tm_hour = x509.valid_to.hour - 1;
tm1.tm_min = x509.valid_to.min - 1;
tm1.tm_sec = x509.valid_to.sec - 1;
*expiration = mktime (&tm1);
*expiration += (int)(mktime (localtime (expiration)) - mktime (gmtime (expiration)));
}
cleanup:
x509_crt_free(&x509);
return *expiration != (time_t)0;
}
CK_RV
pkcs11h_engine_setSystem (
IN const pkcs11h_engine_system_t * const engine
) {
_PKCS11H_ASSERT (engine!=NULL);
memmove (&_g_pkcs11h_sys_engine, engine, sizeof (pkcs11h_engine_system_t));
return CKR_OK;
}
static
int
__pkcs11h_crypto_mbedtls_certificate_is_issuer (
IN void * const global_data,
IN const unsigned char * const issuer_blob,
IN const size_t issuer_blob_size,
IN const unsigned char * const cert_blob,
IN const size_t cert_blob_size
) {
x509_crt x509_issuer;
x509_crt x509_cert;
uint32_t verify_flags = 0;
PKCS11H_BOOL is_issuer = FALSE;
(void)global_data;
/*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
_PKCS11H_ASSERT (issuer_blob!=NULL);
_PKCS11H_ASSERT (cert_blob!=NULL);
memset(&x509_issuer, 0, sizeof(x509_issuer));
if (0 != x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) {
goto cleanup;
}
memset(&x509_cert, 0, sizeof(x509_cert));
if (0 != x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) {
goto cleanup;
}
if ( 0 == x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL,
&verify_flags, NULL, NULL )) {
is_issuer = TRUE;
}
cleanup:
x509_crt_free(&x509_cert);
x509_crt_free(&x509_issuer);
return is_issuer;
}
