add a hx509_context where we can store configuration
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16476 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -85,6 +85,39 @@ _hx509_abort(const char *fmt, ...)
|
||||
abort();
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
int
|
||||
hx509_context_init(hx509_context *context)
|
||||
{
|
||||
*context = calloc(1, sizeof(**context));
|
||||
if (*context == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
_hx509_ks_mem_register(*context);
|
||||
_hx509_ks_file_register(*context);
|
||||
_hx509_ks_pkcs12_register(*context);
|
||||
_hx509_ks_pkcs11_register(*context);
|
||||
_hx509_ks_dir_register(*context);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
hx509_context_free(hx509_context *context)
|
||||
{
|
||||
if ((*context)->ks_ops) {
|
||||
free((*context)->ks_ops);
|
||||
(*context)->ks_ops = NULL;
|
||||
}
|
||||
(*context)->ks_num_ops = 0;
|
||||
free(*context);
|
||||
*context = NULL;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
@@ -102,7 +135,7 @@ _hx509_cert_get_version(const Certificate *t)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cert_init(const Certificate *c, hx509_cert *cert)
|
||||
hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@@ -196,7 +229,7 @@ hx509_cert_ref(hx509_cert cert)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_verify_init_ctx(hx509_verify_ctx *ctx)
|
||||
hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
|
||||
{
|
||||
hx509_verify_ctx c;
|
||||
|
||||
@@ -506,7 +539,9 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
|
||||
}
|
||||
|
||||
static int
|
||||
certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert)
|
||||
certificate_is_anchor(hx509_context context,
|
||||
hx509_verify_ctx ctx,
|
||||
const hx509_cert cert)
|
||||
{
|
||||
hx509_query q;
|
||||
hx509_cert c;
|
||||
@@ -517,7 +552,7 @@ certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert)
|
||||
q.match = HX509_QUERY_MATCH_CERTIFICATE;
|
||||
q.certificate = _hx509_get_cert(cert);
|
||||
|
||||
ret = _hx509_certs_find(ctx->trust_anchors, &q, &c);
|
||||
ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
|
||||
if (ret == 0)
|
||||
hx509_cert_free(c);
|
||||
return ret == 0;
|
||||
@@ -530,7 +565,8 @@ certificate_is_self_signed(const Certificate *cert)
|
||||
}
|
||||
|
||||
static hx509_cert
|
||||
find_parent(hx509_verify_ctx ctx,
|
||||
find_parent(hx509_context context,
|
||||
hx509_verify_ctx ctx,
|
||||
hx509_path *path,
|
||||
hx509_certs chain,
|
||||
hx509_cert current)
|
||||
@@ -548,10 +584,10 @@ find_parent(hx509_verify_ctx ctx,
|
||||
q.subject = _hx509_get_cert(current);
|
||||
q.path = path;
|
||||
|
||||
ret = _hx509_certs_find(chain, &q, &c);
|
||||
ret = _hx509_certs_find(context, chain, &q, &c);
|
||||
if (ret == 0)
|
||||
return c;
|
||||
ret = _hx509_certs_find(ctx->trust_anchors, &q, &c);
|
||||
ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
|
||||
if (ret == 0)
|
||||
return c;
|
||||
return NULL;
|
||||
@@ -597,7 +633,8 @@ path_free(hx509_path *path)
|
||||
*/
|
||||
|
||||
static int
|
||||
calculate_path(hx509_verify_ctx ctx,
|
||||
calculate_path(hx509_context context,
|
||||
hx509_verify_ctx ctx,
|
||||
hx509_cert cert,
|
||||
hx509_certs chain,
|
||||
hx509_path *path)
|
||||
@@ -611,9 +648,9 @@ calculate_path(hx509_verify_ctx ctx,
|
||||
|
||||
current = hx509_cert_ref(cert);
|
||||
|
||||
while (!certificate_is_anchor(ctx, current)) {
|
||||
while (!certificate_is_anchor(context, ctx, current)) {
|
||||
|
||||
parent = find_parent(ctx, path, chain, current);
|
||||
parent = find_parent(context, ctx, path, chain, current);
|
||||
hx509_cert_free(current);
|
||||
if (parent == NULL)
|
||||
return HX509_ISSUER_NOT_FOUND;
|
||||
@@ -675,19 +712,19 @@ hx509_cert_cmp(hx509_cert p, hx509_cert q)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cert_issuer(hx509_cert p, hx509_name *name)
|
||||
hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
|
||||
{
|
||||
return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cert_subject(hx509_cert p, hx509_name *name)
|
||||
hx509_cert_get_subject(hx509_cert p, hx509_name *name)
|
||||
{
|
||||
return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cert_serialnumber(hx509_cert p, heim_integer *i)
|
||||
hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
|
||||
{
|
||||
return copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
|
||||
}
|
||||
@@ -1037,7 +1074,10 @@ free_name_constraints(hx509_name_constraints *nc)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
|
||||
hx509_verify_path(hx509_context context,
|
||||
hx509_verify_ctx ctx,
|
||||
hx509_cert cert,
|
||||
hx509_certs chain)
|
||||
{
|
||||
hx509_name_constraints nc;
|
||||
hx509_path path;
|
||||
@@ -1060,7 +1100,7 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
|
||||
* Calculate the path from the certificate user presented to the
|
||||
* to an anchor.
|
||||
*/
|
||||
ret = calculate_path(ctx, cert, chain, &path);
|
||||
ret = calculate_path(context, ctx, cert, chain, &path);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@@ -1168,7 +1208,8 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_verify_signature(const hx509_cert signer,
|
||||
hx509_verify_signature(hx509_context context,
|
||||
const hx509_cert signer,
|
||||
const AlgorithmIdentifier *alg,
|
||||
const heim_octet_string *data,
|
||||
const heim_octet_string *sig)
|
||||
|
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003 - 2005 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 2003 - 2006 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -66,7 +66,7 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
|
||||
int ret;
|
||||
|
||||
id->element = choice_CMSIdentifier_issuerAndSerialNumber;
|
||||
ret = hx509_cert_issuer(cert, &name);
|
||||
ret = hx509_cert_get_issuer(cert, &name);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = copy_Name(&name->der_name,
|
||||
@@ -75,13 +75,14 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = hx509_cert_serialnumber(cert,
|
||||
ret = hx509_cert_get_serialnumber(cert,
|
||||
&id->u.issuerAndSerialNumber.serialNumber);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
find_CMSIdentifier(CMSIdentifier *client,
|
||||
find_CMSIdentifier(hx509_context context,
|
||||
CMSIdentifier *client,
|
||||
hx509_certs certs,
|
||||
hx509_cert *signer_cert,
|
||||
int match)
|
||||
@@ -112,7 +113,7 @@ find_CMSIdentifier(CMSIdentifier *client,
|
||||
|
||||
q.match |= match;
|
||||
|
||||
ret = _hx509_certs_find(certs, &q, &cert);
|
||||
ret = _hx509_certs_find(context, certs, &q, &cert);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
@@ -122,7 +123,8 @@ find_CMSIdentifier(CMSIdentifier *client,
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cms_unenvelope(hx509_certs certs,
|
||||
hx509_cms_unenvelope(hx509_context context,
|
||||
hx509_certs certs,
|
||||
const void *data,
|
||||
size_t length,
|
||||
heim_oid *contentType,
|
||||
@@ -165,7 +167,7 @@ hx509_cms_unenvelope(hx509_certs certs,
|
||||
* ki->keyEncryptionAlgorithm.algorithm);
|
||||
*/
|
||||
|
||||
ret = find_CMSIdentifier(&ri->rid, certs, &cert,
|
||||
ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
|
||||
HX509_QUERY_PRIVATE_KEY|
|
||||
HX509_QUERY_KU_ENCIPHERMENT);
|
||||
if (ret) {
|
||||
@@ -204,7 +206,7 @@ hx509_cms_unenvelope(hx509_certs certs,
|
||||
hx509_crypto crypto;
|
||||
heim_octet_string *ivec = NULL, ivec_data;
|
||||
|
||||
ret = hx509_crypto_init(NULL, &ai->algorithm, &crypto);
|
||||
ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@@ -238,7 +240,8 @@ hx509_cms_unenvelope(hx509_certs certs,
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cms_envelope_1(hx509_cert cert,
|
||||
hx509_cms_envelope_1(hx509_context context,
|
||||
hx509_cert cert,
|
||||
const void *data,
|
||||
size_t length,
|
||||
const heim_oid *encryption_type,
|
||||
@@ -265,7 +268,7 @@ hx509_cms_envelope_1(hx509_cert cert,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = hx509_crypto_init(NULL, encryption_type, &crypto);
|
||||
ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@@ -354,7 +357,7 @@ hx509_cms_envelope_1(hx509_cert cert,
|
||||
}
|
||||
|
||||
static int
|
||||
any_to_certs(const SignedData *sd, hx509_certs certs)
|
||||
any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
|
||||
{
|
||||
int ret, i;
|
||||
|
||||
@@ -372,11 +375,11 @@ any_to_certs(const SignedData *sd, hx509_certs certs)
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = hx509_cert_init(&cert, &c);
|
||||
ret = hx509_cert_init(context, &cert, &c);
|
||||
free_Certificate(&cert);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = hx509_certs_add(certs, c);
|
||||
ret = hx509_certs_add(context, certs, c);
|
||||
if (ret) {
|
||||
hx509_cert_free(c);
|
||||
return ret;
|
||||
@@ -397,7 +400,8 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cms_verify_signed(hx509_verify_ctx ctx,
|
||||
hx509_cms_verify_signed(hx509_context context,
|
||||
hx509_verify_ctx ctx,
|
||||
const void *data,
|
||||
size_t length,
|
||||
hx509_certs store,
|
||||
@@ -430,23 +434,25 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cms-cert-buffer", 0, NULL, &certs);
|
||||
ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
|
||||
0, NULL, &certs);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cms-signer-certs", 0, NULL, signer_certs);
|
||||
ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
|
||||
0, NULL, signer_certs);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
/* XXX Check CMS version */
|
||||
|
||||
ret = any_to_certs(&sd, certs);
|
||||
ret = any_to_certs(context, &sd, certs);
|
||||
if (ret) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (store) {
|
||||
ret = hx509_certs_merge(certs, store);
|
||||
ret = hx509_certs_merge(context, certs, store);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
@@ -465,7 +471,7 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
|
||||
continue;
|
||||
}
|
||||
|
||||
ret = find_CMSIdentifier(&signer_info->sid, certs, &cert,
|
||||
ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
|
||||
HX509_QUERY_KU_DIGITALSIGNATURE);
|
||||
if (ret)
|
||||
continue;
|
||||
@@ -558,7 +564,8 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
|
||||
free_oid(&decode_oid);
|
||||
|
||||
if (ret == 0)
|
||||
ret = hx509_verify_signature(cert,
|
||||
ret = hx509_verify_signature(context,
|
||||
cert,
|
||||
&signer_info->signatureAlgorithm,
|
||||
signed_data,
|
||||
&signer_info->signature);
|
||||
@@ -572,13 +579,13 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
|
||||
continue;
|
||||
}
|
||||
|
||||
ret = hx509_verify_path(ctx, cert, certs);
|
||||
ret = hx509_verify_path(context, ctx, cert, certs);
|
||||
if (ret) {
|
||||
hx509_cert_free(cert);
|
||||
continue;
|
||||
}
|
||||
|
||||
ret = hx509_certs_add(*signer_certs, hx509_cert_ref(cert));
|
||||
ret = hx509_certs_add(context, *signer_certs, hx509_cert_ref(cert));
|
||||
if (ret) {
|
||||
hx509_cert_free(cert);
|
||||
continue;
|
||||
@@ -683,7 +690,8 @@ add_one_attribute(Attribute **attr,
|
||||
|
||||
|
||||
int
|
||||
hx509_cms_create_signed_1(const heim_oid *eContentType,
|
||||
hx509_cms_create_signed_1(hx509_context context,
|
||||
const heim_oid *eContentType,
|
||||
const void *data, size_t length,
|
||||
const AlgorithmIdentifier *digest_alg,
|
||||
hx509_cert cert,
|
||||
@@ -882,7 +890,8 @@ hx509_cms_create_signed_1(const heim_oid *eContentType,
|
||||
}
|
||||
|
||||
int
|
||||
hx509_cms_decrypt_encrypted(hx509_lock lock,
|
||||
hx509_cms_decrypt_encrypted(hx509_context context,
|
||||
hx509_lock lock,
|
||||
const void *data,
|
||||
size_t length,
|
||||
heim_oid *contentType,
|
||||
@@ -915,7 +924,8 @@ hx509_cms_decrypt_encrypted(hx509_lock lock,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = _hx509_pbe_decrypt(lock,
|
||||
ret = _hx509_pbe_decrypt(context,
|
||||
lock,
|
||||
ai,
|
||||
ed.encryptedContentInfo.encryptedContent,
|
||||
&cont);
|
||||
|
@@ -53,7 +53,7 @@ struct hx509_collector {
|
||||
|
||||
|
||||
struct hx509_collector *
|
||||
_hx509_collector_alloc(hx509_lock lock)
|
||||
_hx509_collector_alloc(hx509_context context, hx509_lock lock)
|
||||
{
|
||||
struct hx509_collector *c;
|
||||
|
||||
@@ -62,10 +62,10 @@ _hx509_collector_alloc(hx509_lock lock)
|
||||
return NULL;
|
||||
c->lock = lock;
|
||||
|
||||
hx509_certs_init("MEMORY:dummy", 0, NULL, &c->unenvelop_certs);
|
||||
hx509_certs_init(context, "MEMORY:dummy", 0, NULL, &c->unenvelop_certs);
|
||||
c->val.data = NULL;
|
||||
c->val.len = 0;
|
||||
hx509_certs_init("MEMORY:collector-tmp-store", 0, NULL, &c->certs);
|
||||
hx509_certs_init(context, "MEMORY:collector-tmp-store", 0, NULL, &c->certs);
|
||||
|
||||
return c;
|
||||
}
|
||||
@@ -78,9 +78,11 @@ _hx509_collector_get_lock(struct hx509_collector *c)
|
||||
|
||||
|
||||
int
|
||||
_hx509_collector_certs_add(struct hx509_collector *c, hx509_cert cert)
|
||||
_hx509_collector_certs_add(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
hx509_cert cert)
|
||||
{
|
||||
return hx509_certs_add(c->certs, cert);
|
||||
return hx509_certs_add(context, c->certs, cert);
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -142,7 +144,9 @@ out:
|
||||
}
|
||||
|
||||
static int
|
||||
match_localkeyid(struct private_key *value, hx509_certs certs)
|
||||
match_localkeyid(hx509_context context,
|
||||
struct private_key *value,
|
||||
hx509_certs certs)
|
||||
{
|
||||
hx509_cert cert;
|
||||
hx509_query q;
|
||||
@@ -153,21 +157,21 @@ match_localkeyid(struct private_key *value, hx509_certs certs)
|
||||
|
||||
q.local_key_id = &value->localKeyId;
|
||||
|
||||
ret = _hx509_certs_find(certs, &q, &cert);
|
||||
ret = _hx509_certs_find(context, certs, &q, &cert);
|
||||
if (ret == 0) {
|
||||
|
||||
if (value->private_key) {
|
||||
_hx509_cert_assign_key(cert, value->private_key);
|
||||
value->private_key = NULL;
|
||||
}
|
||||
hx509_certs_add(certs, cert);
|
||||
hx509_certs_add(context, certs, cert);
|
||||
hx509_cert_free(cert);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
match_keys(struct private_key *value, hx509_certs certs)
|
||||
match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
|
||||
{
|
||||
hx509_cursor cursor;
|
||||
hx509_cert c;
|
||||
@@ -176,13 +180,13 @@ match_keys(struct private_key *value, hx509_certs certs)
|
||||
if (value->private_key == NULL)
|
||||
return EINVAL;
|
||||
|
||||
ret = hx509_certs_start_seq(certs, &cursor);
|
||||
ret = hx509_certs_start_seq(context, certs, &cursor);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
c = NULL;
|
||||
while (1) {
|
||||
ret = hx509_certs_next_cert(certs, cursor, &c);
|
||||
ret = hx509_certs_next_cert(context, certs, cursor, &c);
|
||||
if (ret)
|
||||
break;
|
||||
if (c == NULL)
|
||||
@@ -203,34 +207,36 @@ match_keys(struct private_key *value, hx509_certs certs)
|
||||
hx509_cert_free(c);
|
||||
}
|
||||
|
||||
hx509_certs_end_seq(certs, cursor);
|
||||
hx509_certs_end_seq(context, certs, cursor);
|
||||
|
||||
return found;
|
||||
}
|
||||
|
||||
int
|
||||
_hx509_collector_collect(struct hx509_collector *c, hx509_certs *ret_certs)
|
||||
_hx509_collector_collect(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
hx509_certs *ret_certs)
|
||||
{
|
||||
hx509_certs certs;
|
||||
int ret, i;
|
||||
|
||||
*ret_certs = NULL;
|
||||
|
||||
ret = hx509_certs_init("MEMORY:collector-store", 0, NULL, &certs);
|
||||
ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = hx509_certs_merge(certs, c->certs);
|
||||
ret = hx509_certs_merge(context, certs, c->certs);
|
||||
if (ret) {
|
||||
hx509_certs_free(&certs);
|
||||
return ret;
|
||||
}
|
||||
|
||||
for (i = 0; i < c->val.len; i++) {
|
||||
ret = match_localkeyid(c->val.data[i], certs);
|
||||
ret = match_localkeyid(context, c->val.data[i], certs);
|
||||
if (ret == 0)
|
||||
continue;
|
||||
ret = match_keys(c->val.data[i], certs);
|
||||
ret = match_keys(context, c->val.data[i], certs);
|
||||
if (ret == 0)
|
||||
continue;
|
||||
}
|
||||
|
@@ -101,10 +101,7 @@ struct hx509_private_key {
|
||||
const heim_oid *signature_alg;
|
||||
struct {
|
||||
RSA *rsa;
|
||||
} private_key2;
|
||||
/* supported key operations */
|
||||
/* context pointer to backend */
|
||||
/* function pointer to backend */
|
||||
} private_key;
|
||||
};
|
||||
|
||||
/*
|
||||
@@ -286,14 +283,14 @@ rsa_create_signature(const struct signature_alg *sig_alg,
|
||||
if (indata.length != size)
|
||||
_hx509_abort("internal ASN.1 encoder error");
|
||||
|
||||
sig->length = RSA_size(signer->private_key2.rsa);
|
||||
sig->length = RSA_size(signer->private_key.rsa);
|
||||
sig->data = malloc(sig->length);
|
||||
if (sig->data == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
ret = RSA_private_encrypt(indata.length, indata.data,
|
||||
sig->data,
|
||||
signer->private_key2.rsa,
|
||||
signer->private_key.rsa,
|
||||
RSA_PKCS1_PADDING);
|
||||
free_octet_string(&indata);
|
||||
if (ret <= 0)
|
||||
@@ -366,9 +363,9 @@ rsa_parse_private_key(const struct signature_alg *sig_alg,
|
||||
{
|
||||
const unsigned char *p = data;
|
||||
|
||||
private_key->private_key2.rsa =
|
||||
private_key->private_key.rsa =
|
||||
d2i_RSAPrivateKey(NULL, &p, len);
|
||||
if (private_key->private_key2.rsa == NULL)
|
||||
if (private_key->private_key.rsa == NULL)
|
||||
return EINVAL;
|
||||
private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
|
||||
|
||||
@@ -820,17 +817,17 @@ _hx509_private_key_private_decrypt(const heim_octet_string *ciphertext,
|
||||
cleartext->data = NULL;
|
||||
cleartext->length = 0;
|
||||
|
||||
if (p->private_key2.rsa == NULL)
|
||||
if (p->private_key.rsa == NULL)
|
||||
return EINVAL;
|
||||
|
||||
cleartext->length = RSA_size(p->private_key2.rsa);
|
||||
cleartext->length = RSA_size(p->private_key.rsa);
|
||||
cleartext->data = malloc(cleartext->length);
|
||||
if (cleartext->data == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
|
||||
cleartext->data,
|
||||
p->private_key2.rsa,
|
||||
p->private_key.rsa,
|
||||
RSA_PKCS1_PADDING);
|
||||
if (ret <= 0) {
|
||||
free_octet_string(cleartext);
|
||||
@@ -934,9 +931,9 @@ _hx509_new_private_key(hx509_private_key *key)
|
||||
int
|
||||
_hx509_free_private_key(hx509_private_key *key)
|
||||
{
|
||||
if ((*key)->private_key2.rsa)
|
||||
RSA_free((*key)->private_key2.rsa);
|
||||
(*key)->private_key2.rsa = NULL;
|
||||
if ((*key)->private_key.rsa)
|
||||
RSA_free((*key)->private_key.rsa);
|
||||
(*key)->private_key.rsa = NULL;
|
||||
free(*key);
|
||||
*key = NULL;
|
||||
return 0;
|
||||
@@ -953,9 +950,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
|
||||
OpenSSL_add_all_algorithms();
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
if (key->private_key2.rsa) {
|
||||
RSA_free(key->private_key2.rsa);
|
||||
key->private_key2.rsa = NULL;
|
||||
if (key->private_key.rsa) {
|
||||
RSA_free(key->private_key.rsa);
|
||||
key->private_key.rsa = NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -974,9 +971,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
|
||||
if (private_key == NULL)
|
||||
continue;
|
||||
|
||||
key->private_key2.rsa = EVP_PKEY_get1_RSA(private_key);
|
||||
key->private_key.rsa = EVP_PKEY_get1_RSA(private_key);
|
||||
EVP_PKEY_free(private_key);
|
||||
if (key->private_key2.rsa == NULL)
|
||||
if (key->private_key.rsa == NULL)
|
||||
return EINVAL;
|
||||
|
||||
return 0;
|
||||
@@ -988,9 +985,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
|
||||
void
|
||||
_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
|
||||
{
|
||||
if (key->private_key2.rsa)
|
||||
RSA_free(key->private_key2.rsa);
|
||||
key->private_key2.rsa = ptr;
|
||||
if (key->private_key.rsa)
|
||||
RSA_free(key->private_key.rsa);
|
||||
key->private_key.rsa = ptr;
|
||||
}
|
||||
|
||||
|
||||
@@ -1025,7 +1022,8 @@ find_cipher(const heim_oid *oid)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_crypto_init(const char *provider,
|
||||
hx509_crypto_init(hx509_context context,
|
||||
const char *provider,
|
||||
const heim_oid *enctype,
|
||||
hx509_crypto *crypto)
|
||||
{
|
||||
@@ -1318,14 +1316,16 @@ hx509_crypto_decrypt(hx509_crypto crypto,
|
||||
return ret;
|
||||
}
|
||||
|
||||
typedef int (*PBE_string2key_func)(const char *,
|
||||
typedef int (*PBE_string2key_func)(hx509_context,
|
||||
const char *,
|
||||
const heim_octet_string *,
|
||||
hx509_crypto *, heim_octet_string *,
|
||||
heim_octet_string *,
|
||||
const heim_oid *, const EVP_MD *);
|
||||
|
||||
static int
|
||||
PBE_string2key(const char *password,
|
||||
PBE_string2key(hx509_context context,
|
||||
const char *password,
|
||||
const heim_octet_string *parameters,
|
||||
hx509_crypto *crypto,
|
||||
heim_octet_string *key, heim_octet_string *iv,
|
||||
@@ -1370,7 +1370,7 @@ PBE_string2key(const char *password,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = hx509_crypto_init(NULL, enc_oid, &c);
|
||||
ret = hx509_crypto_init(context, NULL, enc_oid, &c);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@@ -1424,7 +1424,8 @@ find_string2key(const heim_oid *oid,
|
||||
|
||||
|
||||
int
|
||||
_hx509_pbe_decrypt(hx509_lock lock,
|
||||
_hx509_pbe_decrypt(hx509_context context,
|
||||
hx509_lock lock,
|
||||
const AlgorithmIdentifier *ai,
|
||||
const heim_octet_string *econtent,
|
||||
heim_octet_string *content)
|
||||
@@ -1464,7 +1465,7 @@ _hx509_pbe_decrypt(hx509_lock lock,
|
||||
for (i = 0; i < pw->len; i++) {
|
||||
hx509_crypto crypto;
|
||||
|
||||
ret = (*s2k)(pw->val[i], ai->parameters, &crypto,
|
||||
ret = (*s2k)(context, pw->val[i], ai->parameters, &crypto,
|
||||
&key, &iv, enc_oid, md);
|
||||
if (ret) {
|
||||
goto out;
|
||||
@@ -1503,10 +1504,10 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
|
||||
size_t size;
|
||||
int ret;
|
||||
|
||||
if (private_key->private_key2.rsa == NULL)
|
||||
if (private_key->private_key.rsa == NULL)
|
||||
return 0;
|
||||
|
||||
rsa = private_key->private_key2.rsa;
|
||||
rsa = private_key->private_key.rsa;
|
||||
if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
|
||||
return 0;
|
||||
|
||||
@@ -1529,11 +1530,12 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
|
||||
|
||||
free_RSAPublicKey(&pk);
|
||||
|
||||
rsa->d = BN_dup(private_key->private_key2.rsa->d);
|
||||
rsa->p = BN_dup(private_key->private_key2.rsa->p);
|
||||
rsa->q = BN_dup(private_key->private_key2.rsa->q);
|
||||
rsa->d = BN_dup(private_key->private_key.rsa->d);
|
||||
rsa->p = BN_dup(private_key->private_key.rsa->p);
|
||||
rsa->q = BN_dup(private_key->private_key.rsa->q);
|
||||
|
||||
if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) {
|
||||
if (rsa->n == NULL || rsa->e == NULL ||
|
||||
rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) {
|
||||
RSA_free(rsa);
|
||||
return 0;
|
||||
}
|
||||
|
@@ -33,16 +33,17 @@
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
|
||||
typedef struct hx509_certs_data *hx509_certs;
|
||||
typedef struct hx509_cert_data *hx509_cert;
|
||||
typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
|
||||
typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
|
||||
typedef struct hx509_name_data *hx509_name;
|
||||
typedef void * hx509_cursor;
|
||||
typedef struct hx509_lock_data *hx509_lock;
|
||||
typedef struct hx509_private_key *hx509_private_key;
|
||||
typedef struct hx509_cert_data *hx509_cert;
|
||||
typedef struct hx509_certs_data *hx509_certs;
|
||||
typedef struct hx509_context_data *hx509_context;
|
||||
typedef struct hx509_crypto_data *hx509_crypto;
|
||||
typedef struct hx509_lock_data *hx509_lock;
|
||||
typedef struct hx509_name_data *hx509_name;
|
||||
typedef struct hx509_private_key *hx509_private_key;
|
||||
typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
|
||||
typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
|
||||
typedef void * hx509_cursor;
|
||||
|
||||
typedef void (*hx509_vprint_func)(void *, const char *, va_list);
|
||||
|
||||
|
@@ -121,13 +121,15 @@ struct hx509_query_data {
|
||||
struct hx509_keyset_ops {
|
||||
char *name;
|
||||
int flags;
|
||||
int (*init)(hx509_certs, void **, int, const char *, hx509_lock);
|
||||
int (*init)(hx509_context, hx509_certs, void **,
|
||||
int, const char *, hx509_lock);
|
||||
int (*free)(hx509_certs, void *);
|
||||
int (*add)(hx509_certs, void *, hx509_cert);
|
||||
int (*query)(hx509_certs, void *, const hx509_query *, hx509_cert *);
|
||||
int (*iter_start)(hx509_certs, void *, void **);
|
||||
int (*iter)(hx509_certs, void *, void *, hx509_cert *);
|
||||
int (*iter_end)(hx509_certs, void *, void *);
|
||||
int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
|
||||
int (*query)(hx509_context, hx509_certs, void *,
|
||||
const hx509_query *, hx509_cert *);
|
||||
int (*iter_start)(hx509_context, hx509_certs, void *, void **);
|
||||
int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
|
||||
int (*iter_end)(hx509_context, hx509_certs, void *, void *);
|
||||
};
|
||||
|
||||
struct _hx509_password {
|
||||
@@ -136,3 +138,9 @@ struct _hx509_password {
|
||||
};
|
||||
|
||||
extern hx509_lock _hx509_empty_lock;
|
||||
|
||||
struct hx509_context_data {
|
||||
struct hx509_keyset_ops **ks_ops;
|
||||
int ks_num_ops;
|
||||
};
|
||||
|
||||
|
@@ -37,6 +37,8 @@ RCSID("$Id$");
|
||||
#include <hxtool-commands.h>
|
||||
#include <sl.h>
|
||||
|
||||
hx509_context context;
|
||||
|
||||
static int version_flag;
|
||||
static int help_flag;
|
||||
|
||||
@@ -81,29 +83,29 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
||||
size_t sz;
|
||||
void *p;
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
ret = _hx509_map_file(argv[0], &p, &sz);
|
||||
if (ret)
|
||||
err(1, "map_file: %s: %d", argv[0], ret);
|
||||
|
||||
ret = hx509_verify_init_ctx(&ctx);
|
||||
ret = hx509_verify_init_ctx(context, &ctx);
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cms-anchors", 0, NULL, &anchors);
|
||||
ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
|
||||
|
||||
for (i = 0; i < opt->anchors_strings.num_strings; i++) {
|
||||
ret = hx509_certs_append(anchors, lock,
|
||||
ret = hx509_certs_append(context, anchors, lock,
|
||||
opt->anchors_strings.strings[i]);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: anchor: %s: %d",
|
||||
opt->anchors_strings.strings[i], ret);
|
||||
}
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store);
|
||||
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
|
||||
|
||||
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
|
||||
ret = hx509_certs_append(store, lock,
|
||||
ret = hx509_certs_append(context, store, lock,
|
||||
opt->certificate_strings.strings[i]);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: store: %s %d",
|
||||
@@ -136,7 +138,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
||||
|
||||
hx509_verify_attach_anchors(ctx, anchors);
|
||||
|
||||
ret = hx509_cms_verify_signed(ctx, co.data, co.length,
|
||||
ret = hx509_cms_verify_signed(context, ctx, co.data, co.length,
|
||||
store, &type, &c, &signers);
|
||||
if (co.data != p)
|
||||
free_octet_string(&co);
|
||||
@@ -144,7 +146,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
||||
errx(1, "hx509_cms_verify_signed: %d", ret);
|
||||
|
||||
printf("signers:\n");
|
||||
hx509_certs_iter(signers, hx509_ci_print_names, stdout);
|
||||
hx509_certs_iter(context, signers, hx509_ci_print_names, stdout);
|
||||
|
||||
hx509_verify_destroy_ctx(ctx);
|
||||
|
||||
@@ -181,7 +183,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
||||
if (argc < 2)
|
||||
errx(1, "argc < 2");
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
for (i = 0; i < opt->pass_strings.num_strings; i++) {
|
||||
@@ -191,10 +193,10 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
||||
opt->pass_strings.strings[i], ret);
|
||||
}
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store);
|
||||
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
|
||||
|
||||
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
|
||||
ret = hx509_certs_append(store, lock,
|
||||
ret = hx509_certs_append(context, store, lock,
|
||||
opt->certificate_strings.strings[i]);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: store: %s: %d",
|
||||
@@ -210,7 +212,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
||||
q.friendlyname = opt->signer_string;
|
||||
}
|
||||
|
||||
ret = _hx509_certs_find(store, &q, &cert);
|
||||
ret = _hx509_certs_find(context, store, &q, &cert);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_find: %d", ret);
|
||||
|
||||
@@ -218,7 +220,8 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
||||
if (ret)
|
||||
err(1, "map_file: %s: %d", argv[0], ret);
|
||||
|
||||
ret = hx509_cms_create_signed_1(contentType,
|
||||
ret = hx509_cms_create_signed_1(context,
|
||||
contentType,
|
||||
p,
|
||||
sz,
|
||||
NULL,
|
||||
@@ -271,7 +274,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
|
||||
int ret, i;
|
||||
hx509_lock lock;
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
ret = _hx509_map_file(argv[0], &p, &sz);
|
||||
@@ -302,19 +305,20 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
|
||||
co.length = sz;
|
||||
}
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
|
||||
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_init: MEMORY: %d", ret);
|
||||
|
||||
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
|
||||
ret = hx509_certs_append(certs, lock,
|
||||
ret = hx509_certs_append(context, certs, lock,
|
||||
opt->certificate_strings.strings[i]);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: %s: %d",
|
||||
opt->certificate_strings.strings[i], ret);
|
||||
}
|
||||
|
||||
ret = hx509_cms_unenvelope(certs, co.data, co.length, &contentType, &o);
|
||||
ret = hx509_cms_unenvelope(context, certs, co.data, co.length,
|
||||
&contentType, &o);
|
||||
if (co.data != p)
|
||||
free_octet_string(&co);
|
||||
if (ret)
|
||||
@@ -345,17 +349,17 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
|
||||
void *p;
|
||||
hx509_lock lock;
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
ret = _hx509_map_file(argv[0], &p, &sz);
|
||||
if (ret)
|
||||
err(1, "map_file: %s: %d", argv[0], ret);
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
|
||||
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
|
||||
|
||||
for (i = 0; i < opt->certificate_strings.num_strings; i++) {
|
||||
ret = hx509_certs_append(certs, lock,
|
||||
ret = hx509_certs_append(context, certs, lock,
|
||||
opt->certificate_strings.strings[i]);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: certs: %s: %d",
|
||||
@@ -364,11 +368,11 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
|
||||
|
||||
_hx509_query_clear(&q);
|
||||
q.match |= HX509_QUERY_KU_ENCIPHERMENT;
|
||||
ret = _hx509_certs_find(certs, &q, &cert);
|
||||
ret = _hx509_certs_find(context, certs, &q, &cert);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_find: %d", ret);
|
||||
|
||||
ret = hx509_cms_envelope_1(cert, p, sz, NULL, &contentType, &o);
|
||||
ret = hx509_cms_envelope_1(context, cert, p, sz, NULL, &contentType, &o);
|
||||
if (ret)
|
||||
errx(1, "hx509_cms_unenvelope: %d", ret);
|
||||
|
||||
@@ -414,7 +418,7 @@ struct print_s {
|
||||
};
|
||||
|
||||
static int
|
||||
print_f(void *ctx, hx509_cert cert)
|
||||
print_f(hx509_context context, void *ctx, hx509_cert cert)
|
||||
{
|
||||
struct print_s *s = ctx;
|
||||
hx509_name name;
|
||||
@@ -432,13 +436,13 @@ print_f(void *ctx, hx509_cert cert)
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
ret = hx509_cert_issuer(cert, &name);
|
||||
ret = hx509_cert_get_issuer(cert, &name);
|
||||
hx509_name_to_string(name, &str);
|
||||
hx509_name_free(&name);
|
||||
printf(" issuer: \"%s\"\n", str);
|
||||
free(str);
|
||||
|
||||
ret = hx509_cert_subject(cert, &name);
|
||||
ret = hx509_cert_get_subject(cert, &name);
|
||||
hx509_name_to_string(name, &str);
|
||||
hx509_name_free(&name);
|
||||
printf(" subject: \"%s\"\n", str);
|
||||
@@ -447,12 +451,12 @@ print_f(void *ctx, hx509_cert cert)
|
||||
if (s->verbose) {
|
||||
hx509_validate_ctx ctx;
|
||||
|
||||
hx509_validate_ctx_init(&ctx);
|
||||
hx509_validate_ctx_init(context, &ctx);
|
||||
hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
|
||||
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
|
||||
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VERBOSE);
|
||||
|
||||
hx509_validate_cert(ctx, cert);
|
||||
hx509_validate_cert(context, ctx, cert);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -468,15 +472,15 @@ pcert_print(struct print_options *opt, int argc, char **argv)
|
||||
s.counter = 0;
|
||||
s.verbose = opt->content_flag;
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
while(argc--) {
|
||||
int ret;
|
||||
ret = hx509_certs_init(argv[0], 0, lock, &certs);
|
||||
ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_init: %d", ret);
|
||||
hx509_certs_iter(certs, print_f, &s);
|
||||
hx509_certs_iter(context, certs, print_f, &s);
|
||||
hx509_certs_free(&certs);
|
||||
argv++;
|
||||
}
|
||||
@@ -488,9 +492,9 @@ pcert_print(struct print_options *opt, int argc, char **argv)
|
||||
|
||||
|
||||
static int
|
||||
validate_f(void *ctx, hx509_cert c)
|
||||
validate_f(hx509_context context, void *ctx, hx509_cert c)
|
||||
{
|
||||
hx509_validate_cert(ctx, c);
|
||||
hx509_validate_cert(context, ctx, c);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -501,19 +505,19 @@ pcert_validate(struct validate_options *opt, int argc, char **argv)
|
||||
hx509_certs certs;
|
||||
hx509_lock lock;
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
hx509_validate_ctx_init(&ctx);
|
||||
hx509_validate_ctx_init(context, &ctx);
|
||||
hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
|
||||
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
|
||||
|
||||
while(argc--) {
|
||||
int ret;
|
||||
ret = hx509_certs_init(argv[0], 0, lock, &certs);
|
||||
ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_init: %d", ret);
|
||||
hx509_certs_iter(certs, validate_f, ctx);
|
||||
hx509_certs_iter(context, certs, validate_f, ctx);
|
||||
hx509_certs_free(&certs);
|
||||
argv++;
|
||||
}
|
||||
@@ -530,12 +534,12 @@ struct verify {
|
||||
};
|
||||
|
||||
static int
|
||||
verify_f(void *ctx, hx509_cert c)
|
||||
verify_f(hx509_context context, void *ctx, hx509_cert c)
|
||||
{
|
||||
struct verify *v = ctx;
|
||||
int ret;
|
||||
|
||||
ret = hx509_verify_path(v->ctx, c, v->chain);
|
||||
ret = hx509_verify_path(context, v->ctx, c, v->chain);
|
||||
if (ret)
|
||||
printf("verify_path returned %d\n", ret);
|
||||
else
|
||||
@@ -552,10 +556,10 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
|
||||
struct verify v;
|
||||
int ret;
|
||||
|
||||
ret = hx509_verify_init_ctx(&ctx);
|
||||
ret = hx509_certs_init("MEMORY:anchors", 0, NULL, &anchors);
|
||||
ret = hx509_certs_init("MEMORY:chain", 0, NULL, &chain);
|
||||
ret = hx509_certs_init("MEMORY:certs", 0, NULL, &certs);
|
||||
ret = hx509_verify_init_ctx(context, &ctx);
|
||||
ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors);
|
||||
ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain);
|
||||
ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
|
||||
|
||||
while(argc--) {
|
||||
char *s = *argv++;
|
||||
@@ -563,21 +567,21 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
|
||||
if (strncmp(s, "chain:", 6) == 0) {
|
||||
s += 6;
|
||||
|
||||
ret = hx509_certs_append(chain, NULL, s);
|
||||
ret = hx509_certs_append(context, chain, NULL, s);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: chain: %s: %d", s, ret);
|
||||
|
||||
} else if (strncmp(s, "anchor:", 7) == 0) {
|
||||
s += 7;
|
||||
|
||||
ret = hx509_certs_append(anchors, NULL, s);
|
||||
ret = hx509_certs_append(context, anchors, NULL, s);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: anchor: %s: %d", s, ret);
|
||||
|
||||
} else if (strncmp(s, "cert:", 5) == 0) {
|
||||
s += 5;
|
||||
|
||||
ret = hx509_certs_append(certs, NULL, s);
|
||||
ret = hx509_certs_append(context, certs, NULL, s);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: certs: %s: %d", s, ret);
|
||||
|
||||
@@ -591,7 +595,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
|
||||
v.ctx = ctx;
|
||||
v.chain = chain;
|
||||
|
||||
ret = hx509_certs_iter(certs, verify_f, &v);
|
||||
ret = hx509_certs_iter(context, certs, verify_f, &v);
|
||||
|
||||
hx509_verify_destroy_ctx(ctx);
|
||||
|
||||
@@ -614,14 +618,14 @@ query(struct query_options *opt, int argc, char **argv)
|
||||
|
||||
_hx509_query_clear(&q);
|
||||
|
||||
hx509_lock_init(&lock);
|
||||
hx509_lock_init(context, &lock);
|
||||
lock_strings(lock, &opt->pass_strings);
|
||||
|
||||
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs);
|
||||
ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
|
||||
|
||||
while (argc > 0) {
|
||||
|
||||
ret = hx509_certs_append(certs, lock, argv[0]);
|
||||
ret = hx509_certs_append(context, certs, lock, argv[0]);
|
||||
if (ret)
|
||||
errx(1, "hx509_certs_append: %s: %d", argv[0], ret);
|
||||
|
||||
@@ -638,7 +642,7 @@ query(struct query_options *opt, int argc, char **argv)
|
||||
q.match |= HX509_QUERY_PRIVATE_KEY;
|
||||
|
||||
|
||||
ret = _hx509_certs_find(certs, &q, &c);
|
||||
ret = _hx509_certs_find(context, certs, &q, &c);
|
||||
if (ret)
|
||||
warnx("_hx509_certs_find: %d", ret);
|
||||
else
|
||||
@@ -704,9 +708,15 @@ main(int argc, char **argv)
|
||||
if (argc == 0)
|
||||
usage(1);
|
||||
|
||||
ret = hx509_context_init(&context);
|
||||
if (ret)
|
||||
errx(1, "hx509_context_init failed with %d");
|
||||
|
||||
ret = sl_command(commands, argc, argv);
|
||||
if(ret == -1)
|
||||
warnx ("unrecognized command: %s", argv[0]);
|
||||
|
||||
hx509_context_free(&context);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@@ -34,44 +34,43 @@
|
||||
#include "hx_locl.h"
|
||||
RCSID("$Id$");
|
||||
|
||||
static struct hx509_keyset_ops **ks_ops;
|
||||
static int ks_num_ops;
|
||||
|
||||
struct hx509_certs_data {
|
||||
struct hx509_keyset_ops *ops;
|
||||
void *ops_data;
|
||||
};
|
||||
|
||||
static struct hx509_keyset_ops *
|
||||
_hx509_ks_type(const char *type)
|
||||
_hx509_ks_type(hx509_context context, const char *type)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < ks_num_ops; i++)
|
||||
if (strcasecmp(type, ks_ops[i]->name) == 0)
|
||||
return ks_ops[i];
|
||||
for (i = 0; i < context->ks_num_ops; i++)
|
||||
if (strcasecmp(type, context->ks_ops[i]->name) == 0)
|
||||
return context->ks_ops[i];
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void
|
||||
_hx509_ks_register(struct hx509_keyset_ops *ops)
|
||||
_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
|
||||
{
|
||||
struct hx509_keyset_ops **val;
|
||||
|
||||
if (_hx509_ks_type(ops->name))
|
||||
if (_hx509_ks_type(context, ops->name))
|
||||
return;
|
||||
|
||||
val = realloc(ks_ops, (ks_num_ops + 1) * sizeof(ks_ops[0]));
|
||||
val = realloc(context->ks_ops,
|
||||
(context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
|
||||
if (val == NULL)
|
||||
return;
|
||||
val[ks_num_ops] = ops;
|
||||
ks_ops = val;
|
||||
ks_num_ops++;
|
||||
val[context->ks_num_ops] = ops;
|
||||
context->ks_ops = val;
|
||||
context->ks_num_ops++;
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_init(const char *name, int flags,
|
||||
hx509_certs_init(hx509_context context,
|
||||
const char *name, int flags,
|
||||
hx509_lock lock, hx509_certs *certs)
|
||||
{
|
||||
struct hx509_keyset_ops *ops;
|
||||
@@ -82,14 +81,6 @@ hx509_certs_init(const char *name, int flags,
|
||||
|
||||
*certs = NULL;
|
||||
|
||||
if (ks_ops == NULL) {
|
||||
_hx509_ks_mem_register();
|
||||
_hx509_ks_file_register();
|
||||
_hx509_ks_pkcs12_register();
|
||||
_hx509_ks_pkcs11_register();
|
||||
_hx509_ks_dir_register();
|
||||
}
|
||||
|
||||
residue = strchr(name, ':');
|
||||
if (residue) {
|
||||
type = strndup(name, residue - name);
|
||||
@@ -103,7 +94,7 @@ hx509_certs_init(const char *name, int flags,
|
||||
if (type == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
ops = _hx509_ks_type(type);
|
||||
ops = _hx509_ks_type(context, type);
|
||||
free(type);
|
||||
if (ops == NULL)
|
||||
return ENOENT;
|
||||
@@ -114,7 +105,7 @@ hx509_certs_init(const char *name, int flags,
|
||||
|
||||
c->ops = ops;
|
||||
|
||||
ret = (*ops->init)(c, &c->ops_data, flags, residue, lock);
|
||||
ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock);
|
||||
if (ret) {
|
||||
free(c);
|
||||
return ENOMEM;
|
||||
@@ -134,14 +125,16 @@ hx509_certs_free(hx509_certs *certs)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor)
|
||||
hx509_certs_start_seq(hx509_context context,
|
||||
hx509_certs certs,
|
||||
hx509_cursor cursor)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (certs->ops->iter_start == NULL)
|
||||
return ENOENT;
|
||||
|
||||
ret = (*certs->ops->iter_start)(certs, certs->ops_data, cursor);
|
||||
ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
@@ -149,53 +142,60 @@ hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_next_cert(hx509_certs certs, hx509_cursor cursor,
|
||||
hx509_certs_next_cert(hx509_context context,
|
||||
hx509_certs certs,
|
||||
hx509_cursor cursor,
|
||||
hx509_cert *cert)
|
||||
{
|
||||
*cert = NULL;
|
||||
return (*certs->ops->iter)(certs, certs->ops_data, cursor, cert);
|
||||
return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_end_seq(hx509_certs certs, hx509_cursor cursor)
|
||||
hx509_certs_end_seq(hx509_context context,
|
||||
hx509_certs certs,
|
||||
hx509_cursor cursor)
|
||||
{
|
||||
(*certs->ops->iter_end)(certs, certs->ops_data, cursor);
|
||||
(*certs->ops->iter_end)(context, certs, certs->ops_data, cursor);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
hx509_certs_iter(hx509_certs certs, int (*fn)(void *, hx509_cert), void *ctx)
|
||||
hx509_certs_iter(hx509_context context,
|
||||
hx509_certs certs,
|
||||
int (*fn)(hx509_context, void *, hx509_cert),
|
||||
void *ctx)
|
||||
{
|
||||
hx509_cursor cursor;
|
||||
hx509_cert c;
|
||||
int ret;
|
||||
|
||||
ret = hx509_certs_start_seq(certs, &cursor);
|
||||
ret = hx509_certs_start_seq(context, certs, &cursor);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
while (1) {
|
||||
ret = hx509_certs_next_cert(certs, cursor, &c);
|
||||
ret = hx509_certs_next_cert(context, certs, cursor, &c);
|
||||
if (ret)
|
||||
break;
|
||||
if (c == NULL) {
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
ret = (*fn)(ctx, c);
|
||||
ret = (*fn)(context, ctx, c);
|
||||
hx509_cert_free(c);
|
||||
if (ret)
|
||||
break;
|
||||
}
|
||||
|
||||
hx509_certs_end_seq(certs, cursor);
|
||||
hx509_certs_end_seq(context, certs, cursor);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
hx509_ci_print_names(void *ctx, hx509_cert c)
|
||||
hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
|
||||
{
|
||||
Certificate *cert;
|
||||
hx509_name n;
|
||||
@@ -212,16 +212,19 @@ hx509_ci_print_names(void *ctx, hx509_cert c)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_add(hx509_certs certs, hx509_cert cert)
|
||||
hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
|
||||
{
|
||||
if (certs->ops->add == NULL)
|
||||
return ENOENT;
|
||||
|
||||
return (*certs->ops->add)(certs, certs->ops_data, cert);
|
||||
return (*certs->ops->add)(context, certs, certs->ops_data, cert);
|
||||
}
|
||||
|
||||
int
|
||||
_hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
|
||||
_hx509_certs_find(hx509_context context,
|
||||
hx509_certs certs,
|
||||
const hx509_query *q,
|
||||
hx509_cert *r)
|
||||
{
|
||||
hx509_cursor cursor;
|
||||
hx509_cert c;
|
||||
@@ -230,15 +233,15 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
|
||||
*r = NULL;
|
||||
|
||||
if (certs->ops->query)
|
||||
return (*certs->ops->query)(certs, certs->ops_data, q, r);
|
||||
return (*certs->ops->query)(context, certs, certs->ops_data, q, r);
|
||||
|
||||
ret = hx509_certs_start_seq(certs, &cursor);
|
||||
ret = hx509_certs_start_seq(context, certs, &cursor);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
c = NULL;
|
||||
while (1) {
|
||||
ret = hx509_certs_next_cert(certs, cursor, &c);
|
||||
ret = hx509_certs_next_cert(context, certs, cursor, &c);
|
||||
if (ret)
|
||||
break;
|
||||
if (c == NULL)
|
||||
@@ -250,7 +253,7 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
|
||||
hx509_cert_free(c);
|
||||
}
|
||||
|
||||
hx509_certs_end_seq(certs, cursor);
|
||||
hx509_certs_end_seq(context, certs, cursor);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (c == NULL)
|
||||
@@ -260,27 +263,30 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
|
||||
}
|
||||
|
||||
static int
|
||||
certs_merge_func(void *ctx, hx509_cert c)
|
||||
certs_merge_func(hx509_context context, void *ctx, hx509_cert c)
|
||||
{
|
||||
return hx509_certs_add((hx509_certs)ctx, c);
|
||||
return hx509_certs_add(context, (hx509_certs)ctx, c);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_merge(hx509_certs to, hx509_certs from)
|
||||
hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
|
||||
{
|
||||
return hx509_certs_iter(from, certs_merge_func, to);
|
||||
return hx509_certs_iter(context, from, certs_merge_func, to);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_certs_append(hx509_certs to, hx509_lock lock, const char *name)
|
||||
hx509_certs_append(hx509_context context,
|
||||
hx509_certs to,
|
||||
hx509_lock lock,
|
||||
const char *name)
|
||||
{
|
||||
hx509_certs s;
|
||||
int ret;
|
||||
|
||||
ret = hx509_certs_init(name, 0, lock, &s);
|
||||
ret = hx509_certs_init(context, name, 0, lock, &s);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = hx509_certs_merge(to, s);
|
||||
ret = hx509_certs_merge(context, to, s);
|
||||
hx509_certs_free(&s);
|
||||
return ret;
|
||||
}
|
||||
|
@@ -36,8 +36,9 @@ RCSID("$Id$");
|
||||
#include <dirent.h>
|
||||
|
||||
static int
|
||||
dir_init(hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
dir_init(hx509_context context,
|
||||
hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
{
|
||||
*data = NULL;
|
||||
|
||||
@@ -70,7 +71,8 @@ dir_free(hx509_certs certs, void *data)
|
||||
|
||||
|
||||
static int
|
||||
dir_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
dir_iter_start(hx509_context context,
|
||||
hx509_certs certs, void *data, void **cursor)
|
||||
{
|
||||
DIR *d;
|
||||
|
||||
@@ -85,7 +87,8 @@ dir_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
}
|
||||
|
||||
static int
|
||||
dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
dir_iter(hx509_context context,
|
||||
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
{
|
||||
DIR *d = iter;
|
||||
int ret;
|
||||
@@ -103,7 +106,7 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
if (asprintf(&fn, "%s/%s", (char *)data, dir->d_name) == -1)
|
||||
return ENOMEM;
|
||||
|
||||
ret = _hx509_file_to_cert(fn, cert);
|
||||
ret = _hx509_file_to_cert(context, fn, cert);
|
||||
free(fn);
|
||||
} while(ret != 0);
|
||||
|
||||
@@ -112,9 +115,10 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
|
||||
|
||||
static int
|
||||
dir_iter_end(hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
dir_iter_end(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
{
|
||||
DIR *d = cursor;
|
||||
closedir(d);
|
||||
@@ -135,7 +139,7 @@ static struct hx509_keyset_ops keyset_dir = {
|
||||
};
|
||||
|
||||
void
|
||||
_hx509_ks_dir_register(void)
|
||||
_hx509_ks_dir_register(hx509_context context)
|
||||
{
|
||||
_hx509_ks_register(&keyset_dir);
|
||||
_hx509_ks_register(context, &keyset_dir);
|
||||
}
|
||||
|
@@ -123,7 +123,7 @@ parse_file_der(const char *fn, Certificate *t)
|
||||
}
|
||||
|
||||
int
|
||||
_hx509_file_to_cert(const char *certfn, hx509_cert *cert)
|
||||
_hx509_file_to_cert(hx509_context context, const char *certfn, hx509_cert *cert)
|
||||
{
|
||||
Certificate t;
|
||||
int ret;
|
||||
@@ -134,7 +134,7 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert)
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = hx509_cert_init(&t, cert);
|
||||
ret = hx509_cert_init(context, &t, cert);
|
||||
free_Certificate(&t);
|
||||
|
||||
return ret;
|
||||
@@ -142,7 +142,8 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert)
|
||||
|
||||
|
||||
static int
|
||||
file_init(hx509_certs certs, void **data, int flags,
|
||||
file_init(hx509_context context,
|
||||
hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
{
|
||||
char *certfn = NULL, *keyfn, *friendlyname = NULL;
|
||||
@@ -156,7 +157,7 @@ file_init(hx509_certs certs, void **data, int flags,
|
||||
if (lock == NULL)
|
||||
lock = _hx509_empty_lock;
|
||||
|
||||
c = _hx509_collector_alloc(lock);
|
||||
c = _hx509_collector_alloc(context, lock);
|
||||
if (c == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
@@ -177,11 +178,11 @@ file_init(hx509_certs certs, void **data, int flags,
|
||||
*friendlyname++ = '\0';
|
||||
}
|
||||
|
||||
ret = _hx509_file_to_cert(certfn, &cert);
|
||||
ret = _hx509_file_to_cert(context, certfn, &cert);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
_hx509_collector_certs_add(c, cert);
|
||||
_hx509_collector_certs_add(context, c, cert);
|
||||
|
||||
if (keyfn) {
|
||||
ret = _hx509_cert_assign_private_key_file(cert, lock, keyfn);
|
||||
@@ -194,7 +195,7 @@ file_init(hx509_certs certs, void **data, int flags,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = _hx509_collector_collect(c, &f->certs);
|
||||
ret = _hx509_collector_collect(context, c, &f->certs);
|
||||
if (ret == 0)
|
||||
*data = f;
|
||||
out:
|
||||
@@ -223,26 +224,29 @@ file_free(hx509_certs certs, void *data)
|
||||
|
||||
|
||||
static int
|
||||
file_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
file_iter_start(hx509_context context,
|
||||
hx509_certs certs, void *data, void **cursor)
|
||||
{
|
||||
struct ks_file *f = data;
|
||||
return hx509_certs_start_seq(f->certs, cursor);
|
||||
return hx509_certs_start_seq(context, f->certs, cursor);
|
||||
}
|
||||
|
||||
static int
|
||||
file_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
file_iter(hx509_context context,
|
||||
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
{
|
||||
struct ks_file *f = data;
|
||||
return hx509_certs_next_cert(f->certs, iter, cert);
|
||||
return hx509_certs_next_cert(context, f->certs, iter, cert);
|
||||
}
|
||||
|
||||
static int
|
||||
file_iter_end(hx509_certs certs,
|
||||
file_iter_end(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
{
|
||||
struct ks_file *f = data;
|
||||
return hx509_certs_end_seq(f->certs, cursor);
|
||||
return hx509_certs_end_seq(context, f->certs, cursor);
|
||||
}
|
||||
|
||||
|
||||
@@ -259,7 +263,7 @@ static struct hx509_keyset_ops keyset_file = {
|
||||
};
|
||||
|
||||
void
|
||||
_hx509_ks_file_register(void)
|
||||
_hx509_ks_file_register(hx509_context context)
|
||||
{
|
||||
_hx509_ks_register(&keyset_file);
|
||||
_hx509_ks_register(context, &keyset_file);
|
||||
}
|
||||
|
@@ -41,7 +41,8 @@ struct mem_data {
|
||||
};
|
||||
|
||||
static int
|
||||
mem_init(hx509_certs certs, void **data, int flags,
|
||||
mem_init(hx509_context context,
|
||||
hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
{
|
||||
struct mem_data *mem;
|
||||
@@ -75,7 +76,7 @@ mem_free(hx509_certs certs, void *data)
|
||||
}
|
||||
|
||||
static int
|
||||
mem_add(hx509_certs certs, void *data, hx509_cert c)
|
||||
mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
|
||||
{
|
||||
struct mem_data *mem = data;
|
||||
hx509_cert *val;
|
||||
@@ -92,7 +93,10 @@ mem_add(hx509_certs certs, void *data, hx509_cert c)
|
||||
}
|
||||
|
||||
static int
|
||||
mem_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
mem_iter_start(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void **cursor)
|
||||
{
|
||||
unsigned long *iter = malloc(sizeof(*iter));
|
||||
|
||||
@@ -106,7 +110,8 @@ mem_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
}
|
||||
|
||||
static int
|
||||
mem_iter(hx509_certs certs,
|
||||
mem_iter(hx509_context contexst,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor,
|
||||
hx509_cert *cert)
|
||||
@@ -125,7 +130,8 @@ mem_iter(hx509_certs certs,
|
||||
}
|
||||
|
||||
static int
|
||||
mem_iter_end(hx509_certs certs,
|
||||
mem_iter_end(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
{
|
||||
@@ -146,7 +152,7 @@ static struct hx509_keyset_ops keyset_mem = {
|
||||
};
|
||||
|
||||
void
|
||||
_hx509_ks_mem_register(void)
|
||||
_hx509_ks_mem_register(hx509_context context)
|
||||
{
|
||||
_hx509_ks_register(&keyset_mem);
|
||||
_hx509_ks_register(context, &keyset_mem);
|
||||
}
|
||||
|
@@ -36,7 +36,8 @@ RCSID("$Id$");
|
||||
|
||||
|
||||
static int
|
||||
null_init(hx509_certs certs, void **data, int flags,
|
||||
null_init(hx509_context context,
|
||||
hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
{
|
||||
*data = NULL;
|
||||
@@ -51,21 +52,24 @@ null_free(hx509_certs certs, void *data)
|
||||
}
|
||||
|
||||
static int
|
||||
null_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
null_iter_start(hx509_context context,
|
||||
hx509_certs certs, void *data, void **cursor)
|
||||
{
|
||||
*cursor = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
null_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
null_iter(hx509_context context,
|
||||
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
|
||||
{
|
||||
*cert = NULL;
|
||||
return ENOENT;
|
||||
}
|
||||
|
||||
static int
|
||||
null_iter_end(hx509_certs certs,
|
||||
null_iter_end(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
{
|
||||
@@ -74,8 +78,6 @@ null_iter_end(hx509_certs certs,
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
struct hx509_keyset_ops keyset_null = {
|
||||
"NULL",
|
||||
0,
|
||||
|
@@ -415,12 +415,17 @@ getattr_bn(struct p11_module *p, struct p11_slot *slot,
|
||||
return bn;
|
||||
}
|
||||
|
||||
struct p11_collector {
|
||||
hx509_context context;
|
||||
struct hx509_collector *c;
|
||||
};
|
||||
|
||||
static int
|
||||
collect_private_key(struct p11_module *p, struct p11_slot *slot,
|
||||
CK_OBJECT_HANDLE object,
|
||||
void *ptr, CK_ATTRIBUTE *query, int num_query)
|
||||
{
|
||||
struct hx509_collector *c = ptr;
|
||||
struct p11_collector *ctx = ptr;
|
||||
AlgorithmIdentifier alg;
|
||||
hx509_private_key key;
|
||||
heim_octet_string localKeyId;
|
||||
@@ -467,7 +472,7 @@ collect_private_key(struct p11_module *p, struct p11_slot *slot,
|
||||
|
||||
_hx509_private_key_assign_rsa(key, rsa);
|
||||
|
||||
ret = _hx509_collector_private_key_add(c,
|
||||
ret = _hx509_collector_private_key_add(ctx->c,
|
||||
&alg,
|
||||
key,
|
||||
NULL,
|
||||
@@ -486,7 +491,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
|
||||
void *ptr, CK_ATTRIBUTE *query, int num_query)
|
||||
{
|
||||
heim_octet_string localKeyId;
|
||||
struct hx509_collector *c = ptr;
|
||||
struct p11_collector *ctx = ptr;
|
||||
hx509_cert cert;
|
||||
Certificate t;
|
||||
int ret;
|
||||
@@ -499,7 +504,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
|
||||
if (ret)
|
||||
return 0;
|
||||
|
||||
ret = hx509_cert_init(&t, &cert);
|
||||
ret = hx509_cert_init(ctx->context, &t, &cert);
|
||||
free_Certificate(&t);
|
||||
if (ret)
|
||||
return ret;
|
||||
@@ -508,7 +513,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
|
||||
oid_id_pkcs_9_at_localKeyId(),
|
||||
&localKeyId);
|
||||
|
||||
ret = _hx509_collector_certs_add(c, cert);
|
||||
ret = _hx509_collector_certs_add(ctx->context, ctx->c, cert);
|
||||
if (ret) {
|
||||
hx509_cert_free(cert);
|
||||
return ret;
|
||||
@@ -519,11 +524,13 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
|
||||
|
||||
|
||||
static int
|
||||
p11_list_keys(struct p11_module *p,
|
||||
p11_list_keys(hx509_context context,
|
||||
struct p11_module *p,
|
||||
struct p11_slot *slot,
|
||||
hx509_lock lock,
|
||||
hx509_certs *certs)
|
||||
{
|
||||
struct p11_collector ctx;
|
||||
CK_OBJECT_CLASS key_class;
|
||||
CK_ATTRIBUTE search_data[] = {
|
||||
{CKA_CLASS, &key_class, sizeof(key_class)},
|
||||
@@ -533,20 +540,21 @@ p11_list_keys(struct p11_module *p,
|
||||
{CKA_VALUE, NULL, 0}
|
||||
};
|
||||
int ret;
|
||||
struct hx509_collector *c;
|
||||
|
||||
if (lock == NULL)
|
||||
lock = _hx509_empty_lock;
|
||||
|
||||
c = _hx509_collector_alloc(lock);
|
||||
if (c == NULL)
|
||||
ctx.context = context;
|
||||
|
||||
ctx.c = _hx509_collector_alloc(context, lock);
|
||||
if (ctx.c == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
key_class = CKO_PRIVATE_KEY;
|
||||
ret = iterate_entries(p, slot,
|
||||
search_data, 1,
|
||||
query_data, 1,
|
||||
collect_private_key, c);
|
||||
collect_private_key, &ctx);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@@ -554,21 +562,22 @@ p11_list_keys(struct p11_module *p,
|
||||
ret = iterate_entries(p, slot,
|
||||
search_data, 1,
|
||||
query_data, 2,
|
||||
collect_cert, c);
|
||||
collect_cert, &ctx);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = _hx509_collector_collect(c, &slot->certs);
|
||||
ret = _hx509_collector_collect(context, ctx.c, &slot->certs);
|
||||
|
||||
out:
|
||||
_hx509_collector_free(c);
|
||||
_hx509_collector_free(ctx.c);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
p11_init(hx509_certs certs, void **data, int flags,
|
||||
p11_init(hx509_context context,
|
||||
hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
{
|
||||
CK_C_GetFunctionList getFuncs;
|
||||
@@ -640,7 +649,7 @@ p11_init(hx509_certs certs, void **data, int flags,
|
||||
free(slot_ids);
|
||||
|
||||
p11_get_session(p, &p->slot);
|
||||
p11_list_keys(p, &p->slot, NULL, &p->slot.certs);
|
||||
p11_list_keys(context, p, &p->slot, NULL, &p->slot.certs);
|
||||
p11_put_session(p, &p->slot);
|
||||
}
|
||||
|
||||
@@ -676,24 +685,27 @@ p11_free(hx509_certs certs, void *data)
|
||||
}
|
||||
|
||||
static int
|
||||
p11_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
p11_iter_start(hx509_context context,
|
||||
hx509_certs certs, void *data, void **cursor)
|
||||
{
|
||||
struct p11_module *p = data;
|
||||
return hx509_certs_start_seq(p->slot.certs, cursor);
|
||||
return hx509_certs_start_seq(context, p->slot.certs, cursor);
|
||||
}
|
||||
|
||||
static int
|
||||
p11_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
|
||||
p11_iter(hx509_context context,
|
||||
hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
|
||||
{
|
||||
struct p11_module *p = data;
|
||||
return hx509_certs_next_cert(p->slot.certs, cursor, cert);
|
||||
return hx509_certs_next_cert(context, p->slot.certs, cursor, cert);
|
||||
}
|
||||
|
||||
static int
|
||||
p11_iter_end(hx509_certs certs, void *data, void *cursor)
|
||||
p11_iter_end(hx509_context context,
|
||||
hx509_certs certs, void *data, void *cursor)
|
||||
{
|
||||
struct p11_module *p = data;
|
||||
return hx509_certs_end_seq(p->slot.certs, cursor);
|
||||
return hx509_certs_end_seq(context, p->slot.certs, cursor);
|
||||
}
|
||||
|
||||
static struct hx509_keyset_ops keyset_pkcs11 = {
|
||||
@@ -709,7 +721,7 @@ static struct hx509_keyset_ops keyset_pkcs11 = {
|
||||
};
|
||||
|
||||
void
|
||||
_hx509_ks_pkcs11_register(void)
|
||||
_hx509_ks_pkcs11_register(hx509_context context)
|
||||
{
|
||||
_hx509_ks_register(&keyset_pkcs11);
|
||||
_hx509_ks_register(context, &keyset_pkcs11);
|
||||
}
|
||||
|
@@ -38,7 +38,9 @@ struct ks_pkcs12 {
|
||||
hx509_certs certs;
|
||||
};
|
||||
|
||||
typedef int (*collector_func)(struct hx509_collector *, const void *, size_t,
|
||||
typedef int (*collector_func)(hx509_context,
|
||||
struct hx509_collector *,
|
||||
const void *, size_t,
|
||||
const PKCS12_Attributes *);
|
||||
|
||||
struct type {
|
||||
@@ -47,7 +49,7 @@ struct type {
|
||||
};
|
||||
|
||||
static void
|
||||
parse_pkcs12_type(struct hx509_collector *, const heim_oid *,
|
||||
parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
|
||||
const void *, size_t, const PKCS12_Attributes *);
|
||||
|
||||
|
||||
@@ -64,7 +66,8 @@ find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
|
||||
}
|
||||
|
||||
static int
|
||||
ShroudedKeyBag_parser(struct hx509_collector *c,
|
||||
ShroudedKeyBag_parser(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const void *data, size_t length,
|
||||
const PKCS12_Attributes *attrs)
|
||||
{
|
||||
@@ -84,7 +87,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c,
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = _hx509_pbe_decrypt(_hx509_collector_get_lock(c),
|
||||
ret = _hx509_pbe_decrypt(context,
|
||||
_hx509_collector_get_lock(c),
|
||||
&pk.encryptionAlgorithm,
|
||||
&pk.encryptedData,
|
||||
&content);
|
||||
@@ -110,7 +114,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c,
|
||||
}
|
||||
|
||||
static int
|
||||
certBag_parser(struct hx509_collector *c,
|
||||
certBag_parser(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const void *data, size_t length,
|
||||
const PKCS12_Attributes *attrs)
|
||||
{
|
||||
@@ -137,12 +142,12 @@ certBag_parser(struct hx509_collector *c,
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = hx509_cert_init(&t, &cert);
|
||||
ret = hx509_cert_init(context, &t, &cert);
|
||||
free_Certificate(&t);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = _hx509_collector_certs_add(c, cert);
|
||||
ret = _hx509_collector_certs_add(context, c, cert);
|
||||
if (ret) {
|
||||
hx509_cert_free(cert);
|
||||
return ret;
|
||||
@@ -166,7 +171,8 @@ certBag_parser(struct hx509_collector *c,
|
||||
}
|
||||
|
||||
static int
|
||||
parse_safe_content(struct hx509_collector *c,
|
||||
parse_safe_content(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const unsigned char *p, size_t len)
|
||||
{
|
||||
PKCS12_SafeContents sc;
|
||||
@@ -179,7 +185,8 @@ parse_safe_content(struct hx509_collector *c,
|
||||
return ret;
|
||||
|
||||
for (i = 0; i < sc.len ; i++)
|
||||
parse_pkcs12_type(c,
|
||||
parse_pkcs12_type(context,
|
||||
c,
|
||||
&sc.val[i].bagId,
|
||||
sc.val[i].bagValue.data,
|
||||
sc.val[i].bagValue.length,
|
||||
@@ -190,7 +197,8 @@ parse_safe_content(struct hx509_collector *c,
|
||||
}
|
||||
|
||||
static int
|
||||
safeContent_parser(struct hx509_collector *c,
|
||||
safeContent_parser(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const void *data, size_t length,
|
||||
const PKCS12_Attributes *attrs)
|
||||
{
|
||||
@@ -200,13 +208,14 @@ safeContent_parser(struct hx509_collector *c,
|
||||
ret = decode_PKCS12_OctetString(data, length, &os, NULL);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = parse_safe_content(c, os.data, os.length);
|
||||
ret = parse_safe_content(context, c, os.data, os.length);
|
||||
free_octet_string(&os);
|
||||
return ret;
|
||||
};
|
||||
|
||||
static int
|
||||
encryptedData_parser(struct hx509_collector *c,
|
||||
encryptedData_parser(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const void *data, size_t length,
|
||||
const PKCS12_Attributes *attrs)
|
||||
{
|
||||
@@ -216,7 +225,8 @@ encryptedData_parser(struct hx509_collector *c,
|
||||
|
||||
memset(&contentType, 0, sizeof(contentType));
|
||||
|
||||
ret = hx509_cms_decrypt_encrypted(_hx509_collector_get_lock(c),
|
||||
ret = hx509_cms_decrypt_encrypted(context,
|
||||
_hx509_collector_get_lock(c),
|
||||
data, length,
|
||||
&contentType,
|
||||
&content);
|
||||
@@ -224,7 +234,7 @@ encryptedData_parser(struct hx509_collector *c,
|
||||
return ret;
|
||||
|
||||
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
|
||||
ret = parse_safe_content(c, content.data, content.length);
|
||||
ret = parse_safe_content(context, c, content.data, content.length);
|
||||
|
||||
free_octet_string(&content);
|
||||
free_oid(&contentType);
|
||||
@@ -232,7 +242,8 @@ encryptedData_parser(struct hx509_collector *c,
|
||||
}
|
||||
|
||||
static int
|
||||
envelopedData_parser(struct hx509_collector *c,
|
||||
envelopedData_parser(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const void *data, size_t length,
|
||||
const PKCS12_Attributes *attrs)
|
||||
{
|
||||
@@ -245,7 +256,8 @@ envelopedData_parser(struct hx509_collector *c,
|
||||
|
||||
lock = _hx509_collector_get_lock(c);
|
||||
|
||||
ret = hx509_cms_unenvelope(_hx509_lock_unlock_certs(lock),
|
||||
ret = hx509_cms_unenvelope(context,
|
||||
_hx509_lock_unlock_certs(lock),
|
||||
data, length,
|
||||
&contentType,
|
||||
&content);
|
||||
@@ -253,7 +265,7 @@ envelopedData_parser(struct hx509_collector *c,
|
||||
return ret;
|
||||
|
||||
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
|
||||
ret = parse_safe_content(c, content.data, content.length);
|
||||
ret = parse_safe_content(context, c, content.data, content.length);
|
||||
|
||||
free_octet_string(&content);
|
||||
free_oid(&contentType);
|
||||
@@ -271,7 +283,9 @@ struct type bagtypes[] = {
|
||||
};
|
||||
|
||||
static void
|
||||
parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid,
|
||||
parse_pkcs12_type(hx509_context context,
|
||||
struct hx509_collector *c,
|
||||
const heim_oid *oid,
|
||||
const void *data, size_t length,
|
||||
const PKCS12_Attributes *attrs)
|
||||
{
|
||||
@@ -279,11 +293,12 @@ parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid,
|
||||
|
||||
for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
|
||||
if (heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0)
|
||||
(*bagtypes[i].func)(c, data, length, attrs);
|
||||
(*bagtypes[i].func)(context, c, data, length, attrs);
|
||||
}
|
||||
|
||||
static int
|
||||
p12_init(hx509_certs certs, void **data, int flags,
|
||||
p12_init(hx509_context context,
|
||||
hx509_certs certs, void **data, int flags,
|
||||
const char *residue, hx509_lock lock)
|
||||
{
|
||||
struct ks_pkcs12 *p12;
|
||||
@@ -299,7 +314,7 @@ p12_init(hx509_certs certs, void **data, int flags,
|
||||
if (lock == NULL)
|
||||
lock = _hx509_empty_lock;
|
||||
|
||||
c = _hx509_collector_alloc(lock);
|
||||
c = _hx509_collector_alloc(context, lock);
|
||||
if (c == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
@@ -350,7 +365,8 @@ p12_init(hx509_certs certs, void **data, int flags,
|
||||
}
|
||||
|
||||
for (i = 0; i < as.len; i++)
|
||||
parse_pkcs12_type(c,
|
||||
parse_pkcs12_type(context,
|
||||
c,
|
||||
&as.val[i].contentType,
|
||||
as.val[i].content->data,
|
||||
as.val[i].content->length,
|
||||
@@ -358,7 +374,7 @@ p12_init(hx509_certs certs, void **data, int flags,
|
||||
|
||||
free_PKCS12_AuthenticatedSafe(&as);
|
||||
|
||||
ret = _hx509_collector_collect(c, &p12->certs);
|
||||
ret = _hx509_collector_collect(context, c, &p12->certs);
|
||||
if (ret == 0)
|
||||
*data = p12;
|
||||
|
||||
@@ -384,26 +400,34 @@ p12_free(hx509_certs certs, void *data)
|
||||
}
|
||||
|
||||
static int
|
||||
p12_iter_start(hx509_certs certs, void *data, void **cursor)
|
||||
p12_iter_start(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void **cursor)
|
||||
{
|
||||
struct ks_pkcs12 *p12 = data;
|
||||
return hx509_certs_start_seq(p12->certs, cursor);
|
||||
return hx509_certs_start_seq(context, p12->certs, cursor);
|
||||
}
|
||||
|
||||
static int
|
||||
p12_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
|
||||
p12_iter(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor,
|
||||
hx509_cert *cert)
|
||||
{
|
||||
struct ks_pkcs12 *p12 = data;
|
||||
return hx509_certs_next_cert(p12->certs, cursor, cert);
|
||||
return hx509_certs_next_cert(context, p12->certs, cursor, cert);
|
||||
}
|
||||
|
||||
static int
|
||||
p12_iter_end(hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
p12_iter_end(hx509_context context,
|
||||
hx509_certs certs,
|
||||
void *data,
|
||||
void *cursor)
|
||||
{
|
||||
struct ks_pkcs12 *p12 = data;
|
||||
return hx509_certs_end_seq(p12->certs, cursor);
|
||||
return hx509_certs_end_seq(context, p12->certs, cursor);
|
||||
}
|
||||
|
||||
static struct hx509_keyset_ops keyset_pkcs12 = {
|
||||
@@ -419,7 +443,7 @@ static struct hx509_keyset_ops keyset_pkcs12 = {
|
||||
};
|
||||
|
||||
void
|
||||
_hx509_ks_pkcs12_register(void)
|
||||
_hx509_ks_pkcs12_register(hx509_context context)
|
||||
{
|
||||
_hx509_ks_register(&keyset_pkcs12);
|
||||
_hx509_ks_register(context, &keyset_pkcs12);
|
||||
}
|
||||
|
@@ -53,7 +53,7 @@ hx509_lock _hx509_empty_lock = &empty_lock_data;
|
||||
*/
|
||||
|
||||
int
|
||||
hx509_lock_init(hx509_lock *lock)
|
||||
hx509_lock_init(hx509_context context, hx509_lock *lock)
|
||||
{
|
||||
hx509_lock l;
|
||||
int ret;
|
||||
@@ -64,7 +64,11 @@ hx509_lock_init(hx509_lock *lock)
|
||||
if (l == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &l->certs);
|
||||
ret = hx509_certs_init(context,
|
||||
"MEMORY:locks-internal",
|
||||
0,
|
||||
NULL,
|
||||
&l->certs);
|
||||
if (ret) {
|
||||
free(l);
|
||||
return ret;
|
||||
@@ -122,24 +126,28 @@ hx509_lock_reset_passwords(hx509_lock lock)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_lock_add_cert(hx509_lock lock, hx509_cert cert)
|
||||
hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
|
||||
{
|
||||
return hx509_certs_add(lock->certs, cert);
|
||||
return hx509_certs_add(context, lock->certs, cert);
|
||||
}
|
||||
|
||||
int
|
||||
hx509_lock_add_certs(hx509_lock lock, hx509_certs certs)
|
||||
hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
|
||||
{
|
||||
return hx509_certs_merge(lock->certs, certs);
|
||||
return hx509_certs_merge(context, lock->certs, certs);
|
||||
}
|
||||
|
||||
void
|
||||
hx509_lock_reset_certs(hx509_lock lock)
|
||||
hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
|
||||
{
|
||||
hx509_certs certs = lock->certs;
|
||||
int ret;
|
||||
|
||||
ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &lock->certs);
|
||||
ret = hx509_certs_init(context,
|
||||
"MEMORY:locks-internal",
|
||||
0,
|
||||
NULL,
|
||||
&lock->certs);
|
||||
if (ret == 0)
|
||||
hx509_certs_free(&certs);
|
||||
else
|
||||
|
@@ -299,7 +299,7 @@ struct {
|
||||
};
|
||||
|
||||
int
|
||||
hx509_validate_ctx_init(hx509_validate_ctx *ctx)
|
||||
hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
|
||||
{
|
||||
*ctx = malloc(sizeof(**ctx));
|
||||
if (*ctx == NULL)
|
||||
@@ -330,7 +330,9 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx)
|
||||
}
|
||||
|
||||
int
|
||||
hx509_validate_cert(hx509_validate_ctx ctx, hx509_cert cert)
|
||||
hx509_validate_cert(hx509_context context,
|
||||
hx509_validate_ctx ctx,
|
||||
hx509_cert cert)
|
||||
{
|
||||
Certificate *c = _hx509_get_cert(cert);
|
||||
TBSCertificate *t = &c->tbsCertificate;
|
||||
|
Reference in New Issue
Block a user