Minor cleanups.
This commit is contained in:
+1
-2
@@ -186,7 +186,6 @@ static void asn1_encode_oid(CK_CHAR_PTR oid, CK_BYTE_PTR asn1_oid, CK_ULONG_PTR
|
|||||||
p++;
|
p++;
|
||||||
}
|
}
|
||||||
|
|
||||||
l = 0;
|
|
||||||
if (*p == '.') {
|
if (*p == '.') {
|
||||||
*p = 0;
|
*p = 0;
|
||||||
l = (CK_ULONG) atoi((char *)q);
|
l = (CK_ULONG) atoi((char *)q);
|
||||||
@@ -195,7 +194,7 @@ static void asn1_encode_oid(CK_CHAR_PTR oid, CK_BYTE_PTR asn1_oid, CK_ULONG_PTR
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
l = (CK_ULONG) atoi((char *)q);
|
l = (CK_ULONG) atoi((char *)q);
|
||||||
q = p;
|
// q = p;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Digit is in l. */
|
/* Digit is in l. */
|
||||||
|
|||||||
+13
-21
@@ -9,11 +9,6 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
|
|||||||
const unsigned char *p = data; // Mandatory temp variable required by OpenSSL
|
const unsigned char *p = data; // Mandatory temp variable required by OpenSSL
|
||||||
int cert_len;
|
int cert_len;
|
||||||
|
|
||||||
/**cert = X509_new();
|
|
||||||
if (*cert == NULL)
|
|
||||||
return CKR_HOST_MEMORY;*/
|
|
||||||
//dump_hex(data, len, stderr, CK_TRUE);
|
|
||||||
|
|
||||||
if (*p == 0x70) {
|
if (*p == 0x70) {
|
||||||
// The certificate is in "PIV" format 0x70 len 0x30 len ...
|
// The certificate is in "PIV" format 0x70 len 0x30 len ...
|
||||||
p++;
|
p++;
|
||||||
@@ -25,23 +20,18 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
|
|||||||
cert_len += get_length(p + 1, &cert_len) + 1;
|
cert_len += get_length(p + 1, &cert_len) + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((CK_ULONG)cert_len > len)
|
||||||
|
return CKR_ARGUMENTS_BAD;
|
||||||
|
|
||||||
*cert = d2i_X509(NULL, &p, cert_len);
|
*cert = d2i_X509(NULL, &p, cert_len);
|
||||||
if (*cert == NULL)
|
if (*cert == NULL)
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
/*
|
|
||||||
BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE);
|
|
||||||
|
|
||||||
X509_print_ex(STDout, *cert, 0, 0);
|
|
||||||
|
|
||||||
BIO_free(STDout);
|
|
||||||
*/
|
|
||||||
|
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_ULONG key_len,
|
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
|
||||||
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
||||||
|
|
||||||
X509 *cert = NULL;
|
X509 *cert = NULL;
|
||||||
@@ -53,7 +43,6 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_
|
|||||||
EC_GROUP *ecg = NULL;
|
EC_GROUP *ecg = NULL;
|
||||||
EC_POINT *ecp = NULL;
|
EC_POINT *ecp = NULL;
|
||||||
ASN1_TIME *tm = NULL;
|
ASN1_TIME *tm = NULL;
|
||||||
time_t t;
|
|
||||||
|
|
||||||
unsigned char *data_ptr;
|
unsigned char *data_ptr;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
@@ -160,16 +149,16 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_
|
|||||||
if (len < 0)
|
if (len < 0)
|
||||||
goto create_empty_cert_cleanup;
|
goto create_empty_cert_cleanup;
|
||||||
|
|
||||||
if (len > *out_len) {
|
if ((CK_ULONG)len > *out_len) {
|
||||||
rv = CKR_BUFFER_TOO_SMALL;
|
rv = CKR_BUFFER_TOO_SMALL;
|
||||||
goto create_empty_cert_cleanup;
|
goto create_empty_cert_cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
p = in;
|
p = out;
|
||||||
if ((*out_len = i2d_X509(cert, &p)) == 0)
|
if ((*out_len = i2d_X509(cert, &p)) == 0)
|
||||||
goto create_empty_cert_cleanup;
|
goto create_empty_cert_cleanup;
|
||||||
|
|
||||||
/* TODO REMOVE THIS */
|
/* TODO: REMOVE THIS */
|
||||||
BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE);
|
BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||||
|
|
||||||
X509_print_ex(STDout, cert, 0, 0);
|
X509_print_ex(STDout, cert, 0, 0);
|
||||||
@@ -320,7 +309,7 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
|||||||
|
|
||||||
rsa = EVP_PKEY_get1_RSA(key);
|
rsa = EVP_PKEY_get1_RSA(key);
|
||||||
|
|
||||||
if (RSA_size(rsa) > *len) {
|
if ((CK_ULONG)RSA_size(rsa) > *len) {
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
rsa = NULL;
|
rsa = NULL;
|
||||||
return CKR_BUFFER_TOO_SMALL;
|
return CKR_BUFFER_TOO_SMALL;
|
||||||
@@ -461,13 +450,16 @@ CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
|
|||||||
OpenSSL_add_all_digests();
|
OpenSSL_add_all_digests();
|
||||||
|
|
||||||
// TODO: rand must be seeded first (should be automatic)
|
// TODO: rand must be seeded first (should be automatic)
|
||||||
if (*out_len < RSA_size(key))
|
if (*out_len < (CK_ULONG)RSA_size(key))
|
||||||
CKR_BUFFER_TOO_SMALL;
|
CKR_BUFFER_TOO_SMALL;
|
||||||
|
|
||||||
DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key)));
|
DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key)));
|
||||||
|
|
||||||
|
if (out != in)
|
||||||
|
memcpy(out, in, in_len);
|
||||||
|
|
||||||
// In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD
|
// In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD
|
||||||
if (RSA_padding_add_PKCS1_PSS(key, em, in, EVP_get_digestbynid(nid), -2) == 0) {
|
if (RSA_padding_add_PKCS1_PSS(key, em, out, EVP_get_digestbynid(nid), -2) == 0) {
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -10,7 +10,7 @@
|
|||||||
#include "pkcs11t.h"
|
#include "pkcs11t.h"
|
||||||
|
|
||||||
CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert);
|
CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert);
|
||||||
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_ULONG key_len,
|
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
|
||||||
CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
CK_BYTE_PTR out, CK_ULONG_PTR out_len);
|
||||||
CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len);
|
CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len);
|
||||||
CK_RV free_cert(X509 *cert);
|
CK_RV free_cert(X509 *cert);
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
|
|||||||
|
|
||||||
// Create a new empty certificate for the key
|
// Create a new empty certificate for the key
|
||||||
recv_len = sizeof(data);
|
recv_len = sizeof(data);
|
||||||
if ((rv = do_create_empty_cert(data, recv_len, rsa, key_len, data, &recv_len)) != CKR_OK)
|
if ((rv = do_create_empty_cert(data, recv_len, rsa, data, &recv_len)) != CKR_OK)
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
if (recv_len < 0x80)
|
if (recv_len < 0x80)
|
||||||
|
|||||||
Reference in New Issue
Block a user