diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index bc3948f29..4ef1ab86b 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -85,6 +85,39 @@ _hx509_abort(const char *fmt, ...) abort(); } +/* + * + */ + +int +hx509_context_init(hx509_context *context) +{ + *context = calloc(1, sizeof(**context)); + if (*context == NULL) + return ENOMEM; + + _hx509_ks_mem_register(*context); + _hx509_ks_file_register(*context); + _hx509_ks_pkcs12_register(*context); + _hx509_ks_pkcs11_register(*context); + _hx509_ks_dir_register(*context); + + return 0; +} + +void +hx509_context_free(hx509_context *context) +{ + if ((*context)->ks_ops) { + free((*context)->ks_ops); + (*context)->ks_ops = NULL; + } + (*context)->ks_num_ops = 0; + free(*context); + *context = NULL; +} + + /* * */ @@ -102,7 +135,7 @@ _hx509_cert_get_version(const Certificate *t) } int -hx509_cert_init(const Certificate *c, hx509_cert *cert) +hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) { int ret; @@ -196,7 +229,7 @@ hx509_cert_ref(hx509_cert cert) } int -hx509_verify_init_ctx(hx509_verify_ctx *ctx) +hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx) { hx509_verify_ctx c; @@ -506,7 +539,9 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, } static int -certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert) +certificate_is_anchor(hx509_context context, + hx509_verify_ctx ctx, + const hx509_cert cert) { hx509_query q; hx509_cert c; @@ -517,7 +552,7 @@ certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert) q.match = HX509_QUERY_MATCH_CERTIFICATE; q.certificate = _hx509_get_cert(cert); - ret = _hx509_certs_find(ctx->trust_anchors, &q, &c); + ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c); if (ret == 0) hx509_cert_free(c); return ret == 0; @@ -530,7 +565,8 @@ certificate_is_self_signed(const Certificate *cert) } static hx509_cert -find_parent(hx509_verify_ctx ctx, +find_parent(hx509_context context, + hx509_verify_ctx ctx, hx509_path *path, hx509_certs chain, hx509_cert current) @@ -548,10 +584,10 @@ find_parent(hx509_verify_ctx ctx, q.subject = _hx509_get_cert(current); q.path = path; - ret = _hx509_certs_find(chain, &q, &c); + ret = _hx509_certs_find(context, chain, &q, &c); if (ret == 0) return c; - ret = _hx509_certs_find(ctx->trust_anchors, &q, &c); + ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c); if (ret == 0) return c; return NULL; @@ -597,7 +633,8 @@ path_free(hx509_path *path) */ static int -calculate_path(hx509_verify_ctx ctx, +calculate_path(hx509_context context, + hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain, hx509_path *path) @@ -611,9 +648,9 @@ calculate_path(hx509_verify_ctx ctx, current = hx509_cert_ref(cert); - while (!certificate_is_anchor(ctx, current)) { + while (!certificate_is_anchor(context, ctx, current)) { - parent = find_parent(ctx, path, chain, current); + parent = find_parent(context, ctx, path, chain, current); hx509_cert_free(current); if (parent == NULL) return HX509_ISSUER_NOT_FOUND; @@ -675,19 +712,19 @@ hx509_cert_cmp(hx509_cert p, hx509_cert q) } int -hx509_cert_issuer(hx509_cert p, hx509_name *name) +hx509_cert_get_issuer(hx509_cert p, hx509_name *name) { return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name); } int -hx509_cert_subject(hx509_cert p, hx509_name *name) +hx509_cert_get_subject(hx509_cert p, hx509_name *name) { return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name); } int -hx509_cert_serialnumber(hx509_cert p, heim_integer *i) +hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i) { return copy_heim_integer(&p->data->tbsCertificate.serialNumber, i); } @@ -1037,7 +1074,10 @@ free_name_constraints(hx509_name_constraints *nc) } int -hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain) +hx509_verify_path(hx509_context context, + hx509_verify_ctx ctx, + hx509_cert cert, + hx509_certs chain) { hx509_name_constraints nc; hx509_path path; @@ -1060,7 +1100,7 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain) * Calculate the path from the certificate user presented to the * to an anchor. */ - ret = calculate_path(ctx, cert, chain, &path); + ret = calculate_path(context, ctx, cert, chain, &path); if (ret) goto out; @@ -1168,7 +1208,8 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain) } int -hx509_verify_signature(const hx509_cert signer, +hx509_verify_signature(hx509_context context, + const hx509_cert signer, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig) diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index 41bcd8bc3..4cfcfe62b 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -66,7 +66,7 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id) int ret; id->element = choice_CMSIdentifier_issuerAndSerialNumber; - ret = hx509_cert_issuer(cert, &name); + ret = hx509_cert_get_issuer(cert, &name); if (ret) return ret; ret = copy_Name(&name->der_name, @@ -75,13 +75,14 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id) if (ret) return ret; - ret = hx509_cert_serialnumber(cert, + ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber); return ret; } static int -find_CMSIdentifier(CMSIdentifier *client, +find_CMSIdentifier(hx509_context context, + CMSIdentifier *client, hx509_certs certs, hx509_cert *signer_cert, int match) @@ -112,7 +113,7 @@ find_CMSIdentifier(CMSIdentifier *client, q.match |= match; - ret = _hx509_certs_find(certs, &q, &cert); + ret = _hx509_certs_find(context, certs, &q, &cert); if (ret) return ret; @@ -122,7 +123,8 @@ find_CMSIdentifier(CMSIdentifier *client, } int -hx509_cms_unenvelope(hx509_certs certs, +hx509_cms_unenvelope(hx509_context context, + hx509_certs certs, const void *data, size_t length, heim_oid *contentType, @@ -165,7 +167,7 @@ hx509_cms_unenvelope(hx509_certs certs, * ki->keyEncryptionAlgorithm.algorithm); */ - ret = find_CMSIdentifier(&ri->rid, certs, &cert, + ret = find_CMSIdentifier(context, &ri->rid, certs, &cert, HX509_QUERY_PRIVATE_KEY| HX509_QUERY_KU_ENCIPHERMENT); if (ret) { @@ -204,7 +206,7 @@ hx509_cms_unenvelope(hx509_certs certs, hx509_crypto crypto; heim_octet_string *ivec = NULL, ivec_data; - ret = hx509_crypto_init(NULL, &ai->algorithm, &crypto); + ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto); if (ret) goto out; @@ -238,7 +240,8 @@ hx509_cms_unenvelope(hx509_certs certs, } int -hx509_cms_envelope_1(hx509_cert cert, +hx509_cms_envelope_1(hx509_context context, + hx509_cert cert, const void *data, size_t length, const heim_oid *encryption_type, @@ -265,7 +268,7 @@ hx509_cms_envelope_1(hx509_cert cert, if (ret) goto out; - ret = hx509_crypto_init(NULL, encryption_type, &crypto); + ret = hx509_crypto_init(context, NULL, encryption_type, &crypto); if (ret) goto out; @@ -354,7 +357,7 @@ hx509_cms_envelope_1(hx509_cert cert, } static int -any_to_certs(const SignedData *sd, hx509_certs certs) +any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) { int ret, i; @@ -372,11 +375,11 @@ any_to_certs(const SignedData *sd, hx509_certs certs) if (ret) return ret; - ret = hx509_cert_init(&cert, &c); + ret = hx509_cert_init(context, &cert, &c); free_Certificate(&cert); if (ret) return ret; - ret = hx509_certs_add(certs, c); + ret = hx509_certs_add(context, certs, c); if (ret) { hx509_cert_free(c); return ret; @@ -397,7 +400,8 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid) } int -hx509_cms_verify_signed(hx509_verify_ctx ctx, +hx509_cms_verify_signed(hx509_context context, + hx509_verify_ctx ctx, const void *data, size_t length, hx509_certs store, @@ -430,23 +434,25 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx, goto out; } - ret = hx509_certs_init("MEMORY:cms-cert-buffer", 0, NULL, &certs); + ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer", + 0, NULL, &certs); if (ret) goto out; - ret = hx509_certs_init("MEMORY:cms-signer-certs", 0, NULL, signer_certs); + ret = hx509_certs_init(context, "MEMORY:cms-signer-certs", + 0, NULL, signer_certs); if (ret) goto out; /* XXX Check CMS version */ - ret = any_to_certs(&sd, certs); + ret = any_to_certs(context, &sd, certs); if (ret) { goto out; } if (store) { - ret = hx509_certs_merge(certs, store); + ret = hx509_certs_merge(context, certs, store); if (ret) goto out; } @@ -465,7 +471,7 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx, continue; } - ret = find_CMSIdentifier(&signer_info->sid, certs, &cert, + ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert, HX509_QUERY_KU_DIGITALSIGNATURE); if (ret) continue; @@ -558,7 +564,8 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx, free_oid(&decode_oid); if (ret == 0) - ret = hx509_verify_signature(cert, + ret = hx509_verify_signature(context, + cert, &signer_info->signatureAlgorithm, signed_data, &signer_info->signature); @@ -572,13 +579,13 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx, continue; } - ret = hx509_verify_path(ctx, cert, certs); + ret = hx509_verify_path(context, ctx, cert, certs); if (ret) { hx509_cert_free(cert); continue; } - ret = hx509_certs_add(*signer_certs, hx509_cert_ref(cert)); + ret = hx509_certs_add(context, *signer_certs, hx509_cert_ref(cert)); if (ret) { hx509_cert_free(cert); continue; @@ -683,7 +690,8 @@ add_one_attribute(Attribute **attr, int -hx509_cms_create_signed_1(const heim_oid *eContentType, +hx509_cms_create_signed_1(hx509_context context, + const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, hx509_cert cert, @@ -882,7 +890,8 @@ hx509_cms_create_signed_1(const heim_oid *eContentType, } int -hx509_cms_decrypt_encrypted(hx509_lock lock, +hx509_cms_decrypt_encrypted(hx509_context context, + hx509_lock lock, const void *data, size_t length, heim_oid *contentType, @@ -915,7 +924,8 @@ hx509_cms_decrypt_encrypted(hx509_lock lock, goto out; } - ret = _hx509_pbe_decrypt(lock, + ret = _hx509_pbe_decrypt(context, + lock, ai, ed.encryptedContentInfo.encryptedContent, &cont); diff --git a/lib/hx509/collector.c b/lib/hx509/collector.c index c8b75fb1a..16ee5f212 100644 --- a/lib/hx509/collector.c +++ b/lib/hx509/collector.c @@ -53,7 +53,7 @@ struct hx509_collector { struct hx509_collector * -_hx509_collector_alloc(hx509_lock lock) +_hx509_collector_alloc(hx509_context context, hx509_lock lock) { struct hx509_collector *c; @@ -62,10 +62,10 @@ _hx509_collector_alloc(hx509_lock lock) return NULL; c->lock = lock; - hx509_certs_init("MEMORY:dummy", 0, NULL, &c->unenvelop_certs); + hx509_certs_init(context, "MEMORY:dummy", 0, NULL, &c->unenvelop_certs); c->val.data = NULL; c->val.len = 0; - hx509_certs_init("MEMORY:collector-tmp-store", 0, NULL, &c->certs); + hx509_certs_init(context, "MEMORY:collector-tmp-store", 0, NULL, &c->certs); return c; } @@ -78,9 +78,11 @@ _hx509_collector_get_lock(struct hx509_collector *c) int -_hx509_collector_certs_add(struct hx509_collector *c, hx509_cert cert) +_hx509_collector_certs_add(hx509_context context, + struct hx509_collector *c, + hx509_cert cert) { - return hx509_certs_add(c->certs, cert); + return hx509_certs_add(context, c->certs, cert); } static void @@ -142,7 +144,9 @@ out: } static int -match_localkeyid(struct private_key *value, hx509_certs certs) +match_localkeyid(hx509_context context, + struct private_key *value, + hx509_certs certs) { hx509_cert cert; hx509_query q; @@ -153,21 +157,21 @@ match_localkeyid(struct private_key *value, hx509_certs certs) q.local_key_id = &value->localKeyId; - ret = _hx509_certs_find(certs, &q, &cert); + ret = _hx509_certs_find(context, certs, &q, &cert); if (ret == 0) { if (value->private_key) { _hx509_cert_assign_key(cert, value->private_key); value->private_key = NULL; } - hx509_certs_add(certs, cert); + hx509_certs_add(context, certs, cert); hx509_cert_free(cert); } return ret; } static int -match_keys(struct private_key *value, hx509_certs certs) +match_keys(hx509_context context, struct private_key *value, hx509_certs certs) { hx509_cursor cursor; hx509_cert c; @@ -176,13 +180,13 @@ match_keys(struct private_key *value, hx509_certs certs) if (value->private_key == NULL) return EINVAL; - ret = hx509_certs_start_seq(certs, &cursor); + ret = hx509_certs_start_seq(context, certs, &cursor); if (ret) return ret; c = NULL; while (1) { - ret = hx509_certs_next_cert(certs, cursor, &c); + ret = hx509_certs_next_cert(context, certs, cursor, &c); if (ret) break; if (c == NULL) @@ -203,34 +207,36 @@ match_keys(struct private_key *value, hx509_certs certs) hx509_cert_free(c); } - hx509_certs_end_seq(certs, cursor); + hx509_certs_end_seq(context, certs, cursor); return found; } int -_hx509_collector_collect(struct hx509_collector *c, hx509_certs *ret_certs) +_hx509_collector_collect(hx509_context context, + struct hx509_collector *c, + hx509_certs *ret_certs) { hx509_certs certs; int ret, i; *ret_certs = NULL; - ret = hx509_certs_init("MEMORY:collector-store", 0, NULL, &certs); + ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs); if (ret) return ret; - ret = hx509_certs_merge(certs, c->certs); + ret = hx509_certs_merge(context, certs, c->certs); if (ret) { hx509_certs_free(&certs); return ret; } for (i = 0; i < c->val.len; i++) { - ret = match_localkeyid(c->val.data[i], certs); + ret = match_localkeyid(context, c->val.data[i], certs); if (ret == 0) continue; - ret = match_keys(c->val.data[i], certs); + ret = match_keys(context, c->val.data[i], certs); if (ret == 0) continue; } diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index a62849347..1632b5cdd 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -101,10 +101,7 @@ struct hx509_private_key { const heim_oid *signature_alg; struct { RSA *rsa; - } private_key2; - /* supported key operations */ - /* context pointer to backend */ - /* function pointer to backend */ + } private_key; }; /* @@ -286,14 +283,14 @@ rsa_create_signature(const struct signature_alg *sig_alg, if (indata.length != size) _hx509_abort("internal ASN.1 encoder error"); - sig->length = RSA_size(signer->private_key2.rsa); + sig->length = RSA_size(signer->private_key.rsa); sig->data = malloc(sig->length); if (sig->data == NULL) return ENOMEM; ret = RSA_private_encrypt(indata.length, indata.data, sig->data, - signer->private_key2.rsa, + signer->private_key.rsa, RSA_PKCS1_PADDING); free_octet_string(&indata); if (ret <= 0) @@ -366,9 +363,9 @@ rsa_parse_private_key(const struct signature_alg *sig_alg, { const unsigned char *p = data; - private_key->private_key2.rsa = + private_key->private_key.rsa = d2i_RSAPrivateKey(NULL, &p, len); - if (private_key->private_key2.rsa == NULL) + if (private_key->private_key.rsa == NULL) return EINVAL; private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); @@ -820,17 +817,17 @@ _hx509_private_key_private_decrypt(const heim_octet_string *ciphertext, cleartext->data = NULL; cleartext->length = 0; - if (p->private_key2.rsa == NULL) + if (p->private_key.rsa == NULL) return EINVAL; - cleartext->length = RSA_size(p->private_key2.rsa); + cleartext->length = RSA_size(p->private_key.rsa); cleartext->data = malloc(cleartext->length); if (cleartext->data == NULL) return ENOMEM; ret = RSA_private_decrypt(ciphertext->length, ciphertext->data, cleartext->data, - p->private_key2.rsa, + p->private_key.rsa, RSA_PKCS1_PADDING); if (ret <= 0) { free_octet_string(cleartext); @@ -934,9 +931,9 @@ _hx509_new_private_key(hx509_private_key *key) int _hx509_free_private_key(hx509_private_key *key) { - if ((*key)->private_key2.rsa) - RSA_free((*key)->private_key2.rsa); - (*key)->private_key2.rsa = NULL; + if ((*key)->private_key.rsa) + RSA_free((*key)->private_key.rsa); + (*key)->private_key.rsa = NULL; free(*key); *key = NULL; return 0; @@ -953,9 +950,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key, OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); - if (key->private_key2.rsa) { - RSA_free(key->private_key2.rsa); - key->private_key2.rsa = NULL; + if (key->private_key.rsa) { + RSA_free(key->private_key.rsa); + key->private_key.rsa = NULL; } @@ -974,9 +971,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key, if (private_key == NULL) continue; - key->private_key2.rsa = EVP_PKEY_get1_RSA(private_key); + key->private_key.rsa = EVP_PKEY_get1_RSA(private_key); EVP_PKEY_free(private_key); - if (key->private_key2.rsa == NULL) + if (key->private_key.rsa == NULL) return EINVAL; return 0; @@ -988,9 +985,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key, void _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) { - if (key->private_key2.rsa) - RSA_free(key->private_key2.rsa); - key->private_key2.rsa = ptr; + if (key->private_key.rsa) + RSA_free(key->private_key.rsa); + key->private_key.rsa = ptr; } @@ -1025,7 +1022,8 @@ find_cipher(const heim_oid *oid) } int -hx509_crypto_init(const char *provider, +hx509_crypto_init(hx509_context context, + const char *provider, const heim_oid *enctype, hx509_crypto *crypto) { @@ -1318,14 +1316,16 @@ hx509_crypto_decrypt(hx509_crypto crypto, return ret; } -typedef int (*PBE_string2key_func)(const char *, +typedef int (*PBE_string2key_func)(hx509_context, + const char *, const heim_octet_string *, hx509_crypto *, heim_octet_string *, heim_octet_string *, const heim_oid *, const EVP_MD *); static int -PBE_string2key(const char *password, +PBE_string2key(hx509_context context, + const char *password, const heim_octet_string *parameters, hx509_crypto *crypto, heim_octet_string *key, heim_octet_string *iv, @@ -1370,7 +1370,7 @@ PBE_string2key(const char *password, goto out; } - ret = hx509_crypto_init(NULL, enc_oid, &c); + ret = hx509_crypto_init(context, NULL, enc_oid, &c); if (ret) goto out; @@ -1424,7 +1424,8 @@ find_string2key(const heim_oid *oid, int -_hx509_pbe_decrypt(hx509_lock lock, +_hx509_pbe_decrypt(hx509_context context, + hx509_lock lock, const AlgorithmIdentifier *ai, const heim_octet_string *econtent, heim_octet_string *content) @@ -1464,7 +1465,7 @@ _hx509_pbe_decrypt(hx509_lock lock, for (i = 0; i < pw->len; i++) { hx509_crypto crypto; - ret = (*s2k)(pw->val[i], ai->parameters, &crypto, + ret = (*s2k)(context, pw->val[i], ai->parameters, &crypto, &key, &iv, enc_oid, md); if (ret) { goto out; @@ -1503,10 +1504,10 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key) size_t size; int ret; - if (private_key->private_key2.rsa == NULL) + if (private_key->private_key.rsa == NULL) return 0; - rsa = private_key->private_key2.rsa; + rsa = private_key->private_key.rsa; if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL) return 0; @@ -1529,11 +1530,12 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key) free_RSAPublicKey(&pk); - rsa->d = BN_dup(private_key->private_key2.rsa->d); - rsa->p = BN_dup(private_key->private_key2.rsa->p); - rsa->q = BN_dup(private_key->private_key2.rsa->q); + rsa->d = BN_dup(private_key->private_key.rsa->d); + rsa->p = BN_dup(private_key->private_key.rsa->p); + rsa->q = BN_dup(private_key->private_key.rsa->q); - if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) { + if (rsa->n == NULL || rsa->e == NULL || + rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) { RSA_free(rsa); return 0; } diff --git a/lib/hx509/hx509.h b/lib/hx509/hx509.h index 57890ec10..b3fa86eb8 100644 --- a/lib/hx509/hx509.h +++ b/lib/hx509/hx509.h @@ -33,16 +33,17 @@ /* $Id$ */ -typedef struct hx509_verify_ctx_data *hx509_verify_ctx; -typedef struct hx509_certs_data *hx509_certs; -typedef struct hx509_cert_data *hx509_cert; typedef struct hx509_cert_attribute_data *hx509_cert_attribute; -typedef struct hx509_validate_ctx_data *hx509_validate_ctx; -typedef struct hx509_name_data *hx509_name; -typedef void * hx509_cursor; -typedef struct hx509_lock_data *hx509_lock; -typedef struct hx509_private_key *hx509_private_key; +typedef struct hx509_cert_data *hx509_cert; +typedef struct hx509_certs_data *hx509_certs; +typedef struct hx509_context_data *hx509_context; typedef struct hx509_crypto_data *hx509_crypto; +typedef struct hx509_lock_data *hx509_lock; +typedef struct hx509_name_data *hx509_name; +typedef struct hx509_private_key *hx509_private_key; +typedef struct hx509_validate_ctx_data *hx509_validate_ctx; +typedef struct hx509_verify_ctx_data *hx509_verify_ctx; +typedef void * hx509_cursor; typedef void (*hx509_vprint_func)(void *, const char *, va_list); diff --git a/lib/hx509/hx_locl.h b/lib/hx509/hx_locl.h index 471536cd3..cd5d4c1c4 100644 --- a/lib/hx509/hx_locl.h +++ b/lib/hx509/hx_locl.h @@ -121,13 +121,15 @@ struct hx509_query_data { struct hx509_keyset_ops { char *name; int flags; - int (*init)(hx509_certs, void **, int, const char *, hx509_lock); + int (*init)(hx509_context, hx509_certs, void **, + int, const char *, hx509_lock); int (*free)(hx509_certs, void *); - int (*add)(hx509_certs, void *, hx509_cert); - int (*query)(hx509_certs, void *, const hx509_query *, hx509_cert *); - int (*iter_start)(hx509_certs, void *, void **); - int (*iter)(hx509_certs, void *, void *, hx509_cert *); - int (*iter_end)(hx509_certs, void *, void *); + int (*add)(hx509_context, hx509_certs, void *, hx509_cert); + int (*query)(hx509_context, hx509_certs, void *, + const hx509_query *, hx509_cert *); + int (*iter_start)(hx509_context, hx509_certs, void *, void **); + int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *); + int (*iter_end)(hx509_context, hx509_certs, void *, void *); }; struct _hx509_password { @@ -136,3 +138,9 @@ struct _hx509_password { }; extern hx509_lock _hx509_empty_lock; + +struct hx509_context_data { + struct hx509_keyset_ops **ks_ops; + int ks_num_ops; +}; + diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index db368df6e..a0cc49ec4 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -37,6 +37,8 @@ RCSID("$Id$"); #include #include +hx509_context context; + static int version_flag; static int help_flag; @@ -81,29 +83,29 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) size_t sz; void *p; - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); ret = _hx509_map_file(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); - ret = hx509_verify_init_ctx(&ctx); + ret = hx509_verify_init_ctx(context, &ctx); - ret = hx509_certs_init("MEMORY:cms-anchors", 0, NULL, &anchors); + ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors); for (i = 0; i < opt->anchors_strings.num_strings; i++) { - ret = hx509_certs_append(anchors, lock, + ret = hx509_certs_append(context, anchors, lock, opt->anchors_strings.strings[i]); if (ret) errx(1, "hx509_certs_append: anchor: %s: %d", opt->anchors_strings.strings[i], ret); } - ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store); + ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); for (i = 0; i < opt->certificate_strings.num_strings; i++) { - ret = hx509_certs_append(store, lock, + ret = hx509_certs_append(context, store, lock, opt->certificate_strings.strings[i]); if (ret) errx(1, "hx509_certs_append: store: %s %d", @@ -136,7 +138,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) hx509_verify_attach_anchors(ctx, anchors); - ret = hx509_cms_verify_signed(ctx, co.data, co.length, + ret = hx509_cms_verify_signed(context, ctx, co.data, co.length, store, &type, &c, &signers); if (co.data != p) free_octet_string(&co); @@ -144,7 +146,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) errx(1, "hx509_cms_verify_signed: %d", ret); printf("signers:\n"); - hx509_certs_iter(signers, hx509_ci_print_names, stdout); + hx509_certs_iter(context, signers, hx509_ci_print_names, stdout); hx509_verify_destroy_ctx(ctx); @@ -181,7 +183,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) if (argc < 2) errx(1, "argc < 2"); - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); for (i = 0; i < opt->pass_strings.num_strings; i++) { @@ -191,10 +193,10 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) opt->pass_strings.strings[i], ret); } - ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store); + ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); for (i = 0; i < opt->certificate_strings.num_strings; i++) { - ret = hx509_certs_append(store, lock, + ret = hx509_certs_append(context, store, lock, opt->certificate_strings.strings[i]); if (ret) errx(1, "hx509_certs_append: store: %s: %d", @@ -210,7 +212,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) q.friendlyname = opt->signer_string; } - ret = _hx509_certs_find(store, &q, &cert); + ret = _hx509_certs_find(context, store, &q, &cert); if (ret) errx(1, "hx509_certs_find: %d", ret); @@ -218,7 +220,8 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) if (ret) err(1, "map_file: %s: %d", argv[0], ret); - ret = hx509_cms_create_signed_1(contentType, + ret = hx509_cms_create_signed_1(context, + contentType, p, sz, NULL, @@ -271,7 +274,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) int ret, i; hx509_lock lock; - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); ret = _hx509_map_file(argv[0], &p, &sz); @@ -302,19 +305,20 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) co.length = sz; } - ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs); + ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); if (ret) errx(1, "hx509_certs_init: MEMORY: %d", ret); for (i = 0; i < opt->certificate_strings.num_strings; i++) { - ret = hx509_certs_append(certs, lock, + ret = hx509_certs_append(context, certs, lock, opt->certificate_strings.strings[i]); if (ret) errx(1, "hx509_certs_append: %s: %d", opt->certificate_strings.strings[i], ret); } - ret = hx509_cms_unenvelope(certs, co.data, co.length, &contentType, &o); + ret = hx509_cms_unenvelope(context, certs, co.data, co.length, + &contentType, &o); if (co.data != p) free_octet_string(&co); if (ret) @@ -345,17 +349,17 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) void *p; hx509_lock lock; - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); ret = _hx509_map_file(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); - ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs); + ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); for (i = 0; i < opt->certificate_strings.num_strings; i++) { - ret = hx509_certs_append(certs, lock, + ret = hx509_certs_append(context, certs, lock, opt->certificate_strings.strings[i]); if (ret) errx(1, "hx509_certs_append: certs: %s: %d", @@ -364,11 +368,11 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) _hx509_query_clear(&q); q.match |= HX509_QUERY_KU_ENCIPHERMENT; - ret = _hx509_certs_find(certs, &q, &cert); + ret = _hx509_certs_find(context, certs, &q, &cert); if (ret) errx(1, "hx509_certs_find: %d", ret); - ret = hx509_cms_envelope_1(cert, p, sz, NULL, &contentType, &o); + ret = hx509_cms_envelope_1(context, cert, p, sz, NULL, &contentType, &o); if (ret) errx(1, "hx509_cms_unenvelope: %d", ret); @@ -414,7 +418,7 @@ struct print_s { }; static int -print_f(void *ctx, hx509_cert cert) +print_f(hx509_context context, void *ctx, hx509_cert cert) { struct print_s *s = ctx; hx509_name name; @@ -432,13 +436,13 @@ print_f(void *ctx, hx509_cert cert) } printf("\n"); - ret = hx509_cert_issuer(cert, &name); + ret = hx509_cert_get_issuer(cert, &name); hx509_name_to_string(name, &str); hx509_name_free(&name); printf(" issuer: \"%s\"\n", str); free(str); - ret = hx509_cert_subject(cert, &name); + ret = hx509_cert_get_subject(cert, &name); hx509_name_to_string(name, &str); hx509_name_free(&name); printf(" subject: \"%s\"\n", str); @@ -447,12 +451,12 @@ print_f(void *ctx, hx509_cert cert) if (s->verbose) { hx509_validate_ctx ctx; - hx509_validate_ctx_init(&ctx); + hx509_validate_ctx_init(context, &ctx); hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout); hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE); hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VERBOSE); - hx509_validate_cert(ctx, cert); + hx509_validate_cert(context, ctx, cert); } return 0; @@ -468,15 +472,15 @@ pcert_print(struct print_options *opt, int argc, char **argv) s.counter = 0; s.verbose = opt->content_flag; - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); while(argc--) { int ret; - ret = hx509_certs_init(argv[0], 0, lock, &certs); + ret = hx509_certs_init(context, argv[0], 0, lock, &certs); if (ret) errx(1, "hx509_certs_init: %d", ret); - hx509_certs_iter(certs, print_f, &s); + hx509_certs_iter(context, certs, print_f, &s); hx509_certs_free(&certs); argv++; } @@ -488,9 +492,9 @@ pcert_print(struct print_options *opt, int argc, char **argv) static int -validate_f(void *ctx, hx509_cert c) +validate_f(hx509_context context, void *ctx, hx509_cert c) { - hx509_validate_cert(ctx, c); + hx509_validate_cert(context, ctx, c); return 0; } @@ -501,19 +505,19 @@ pcert_validate(struct validate_options *opt, int argc, char **argv) hx509_certs certs; hx509_lock lock; - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - hx509_validate_ctx_init(&ctx); + hx509_validate_ctx_init(context, &ctx); hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout); hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE); while(argc--) { int ret; - ret = hx509_certs_init(argv[0], 0, lock, &certs); + ret = hx509_certs_init(context, argv[0], 0, lock, &certs); if (ret) errx(1, "hx509_certs_init: %d", ret); - hx509_certs_iter(certs, validate_f, ctx); + hx509_certs_iter(context, certs, validate_f, ctx); hx509_certs_free(&certs); argv++; } @@ -530,12 +534,12 @@ struct verify { }; static int -verify_f(void *ctx, hx509_cert c) +verify_f(hx509_context context, void *ctx, hx509_cert c) { struct verify *v = ctx; int ret; - ret = hx509_verify_path(v->ctx, c, v->chain); + ret = hx509_verify_path(context, v->ctx, c, v->chain); if (ret) printf("verify_path returned %d\n", ret); else @@ -552,10 +556,10 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) struct verify v; int ret; - ret = hx509_verify_init_ctx(&ctx); - ret = hx509_certs_init("MEMORY:anchors", 0, NULL, &anchors); - ret = hx509_certs_init("MEMORY:chain", 0, NULL, &chain); - ret = hx509_certs_init("MEMORY:certs", 0, NULL, &certs); + ret = hx509_verify_init_ctx(context, &ctx); + ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors); + ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain); + ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs); while(argc--) { char *s = *argv++; @@ -563,21 +567,21 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) if (strncmp(s, "chain:", 6) == 0) { s += 6; - ret = hx509_certs_append(chain, NULL, s); + ret = hx509_certs_append(context, chain, NULL, s); if (ret) errx(1, "hx509_certs_append: chain: %s: %d", s, ret); } else if (strncmp(s, "anchor:", 7) == 0) { s += 7; - ret = hx509_certs_append(anchors, NULL, s); + ret = hx509_certs_append(context, anchors, NULL, s); if (ret) errx(1, "hx509_certs_append: anchor: %s: %d", s, ret); } else if (strncmp(s, "cert:", 5) == 0) { s += 5; - ret = hx509_certs_append(certs, NULL, s); + ret = hx509_certs_append(context, certs, NULL, s); if (ret) errx(1, "hx509_certs_append: certs: %s: %d", s, ret); @@ -591,7 +595,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) v.ctx = ctx; v.chain = chain; - ret = hx509_certs_iter(certs, verify_f, &v); + ret = hx509_certs_iter(context, certs, verify_f, &v); hx509_verify_destroy_ctx(ctx); @@ -614,14 +618,14 @@ query(struct query_options *opt, int argc, char **argv) _hx509_query_clear(&q); - hx509_lock_init(&lock); + hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs); + ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); while (argc > 0) { - ret = hx509_certs_append(certs, lock, argv[0]); + ret = hx509_certs_append(context, certs, lock, argv[0]); if (ret) errx(1, "hx509_certs_append: %s: %d", argv[0], ret); @@ -638,7 +642,7 @@ query(struct query_options *opt, int argc, char **argv) q.match |= HX509_QUERY_PRIVATE_KEY; - ret = _hx509_certs_find(certs, &q, &c); + ret = _hx509_certs_find(context, certs, &q, &c); if (ret) warnx("_hx509_certs_find: %d", ret); else @@ -704,9 +708,15 @@ main(int argc, char **argv) if (argc == 0) usage(1); + ret = hx509_context_init(&context); + if (ret) + errx(1, "hx509_context_init failed with %d"); + ret = sl_command(commands, argc, argv); if(ret == -1) warnx ("unrecognized command: %s", argv[0]); + hx509_context_free(&context); + return ret; } diff --git a/lib/hx509/keyset.c b/lib/hx509/keyset.c index 440dd0341..0c649c408 100644 --- a/lib/hx509/keyset.c +++ b/lib/hx509/keyset.c @@ -34,44 +34,43 @@ #include "hx_locl.h" RCSID("$Id$"); -static struct hx509_keyset_ops **ks_ops; -static int ks_num_ops; - struct hx509_certs_data { struct hx509_keyset_ops *ops; void *ops_data; }; static struct hx509_keyset_ops * -_hx509_ks_type(const char *type) +_hx509_ks_type(hx509_context context, const char *type) { int i; - for (i = 0; i < ks_num_ops; i++) - if (strcasecmp(type, ks_ops[i]->name) == 0) - return ks_ops[i]; + for (i = 0; i < context->ks_num_ops; i++) + if (strcasecmp(type, context->ks_ops[i]->name) == 0) + return context->ks_ops[i]; return NULL; } void -_hx509_ks_register(struct hx509_keyset_ops *ops) +_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops) { struct hx509_keyset_ops **val; - if (_hx509_ks_type(ops->name)) + if (_hx509_ks_type(context, ops->name)) return; - val = realloc(ks_ops, (ks_num_ops + 1) * sizeof(ks_ops[0])); + val = realloc(context->ks_ops, + (context->ks_num_ops + 1) * sizeof(context->ks_ops[0])); if (val == NULL) return; - val[ks_num_ops] = ops; - ks_ops = val; - ks_num_ops++; + val[context->ks_num_ops] = ops; + context->ks_ops = val; + context->ks_num_ops++; } int -hx509_certs_init(const char *name, int flags, +hx509_certs_init(hx509_context context, + const char *name, int flags, hx509_lock lock, hx509_certs *certs) { struct hx509_keyset_ops *ops; @@ -82,14 +81,6 @@ hx509_certs_init(const char *name, int flags, *certs = NULL; - if (ks_ops == NULL) { - _hx509_ks_mem_register(); - _hx509_ks_file_register(); - _hx509_ks_pkcs12_register(); - _hx509_ks_pkcs11_register(); - _hx509_ks_dir_register(); - } - residue = strchr(name, ':'); if (residue) { type = strndup(name, residue - name); @@ -103,7 +94,7 @@ hx509_certs_init(const char *name, int flags, if (type == NULL) return ENOMEM; - ops = _hx509_ks_type(type); + ops = _hx509_ks_type(context, type); free(type); if (ops == NULL) return ENOENT; @@ -114,7 +105,7 @@ hx509_certs_init(const char *name, int flags, c->ops = ops; - ret = (*ops->init)(c, &c->ops_data, flags, residue, lock); + ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock); if (ret) { free(c); return ENOMEM; @@ -134,14 +125,16 @@ hx509_certs_free(hx509_certs *certs) } int -hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor) +hx509_certs_start_seq(hx509_context context, + hx509_certs certs, + hx509_cursor cursor) { int ret; if (certs->ops->iter_start == NULL) return ENOENT; - ret = (*certs->ops->iter_start)(certs, certs->ops_data, cursor); + ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor); if (ret) return ret; @@ -149,53 +142,60 @@ hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor) } int -hx509_certs_next_cert(hx509_certs certs, hx509_cursor cursor, +hx509_certs_next_cert(hx509_context context, + hx509_certs certs, + hx509_cursor cursor, hx509_cert *cert) { *cert = NULL; - return (*certs->ops->iter)(certs, certs->ops_data, cursor, cert); + return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert); } int -hx509_certs_end_seq(hx509_certs certs, hx509_cursor cursor) +hx509_certs_end_seq(hx509_context context, + hx509_certs certs, + hx509_cursor cursor) { - (*certs->ops->iter_end)(certs, certs->ops_data, cursor); + (*certs->ops->iter_end)(context, certs, certs->ops_data, cursor); return 0; } int -hx509_certs_iter(hx509_certs certs, int (*fn)(void *, hx509_cert), void *ctx) +hx509_certs_iter(hx509_context context, + hx509_certs certs, + int (*fn)(hx509_context, void *, hx509_cert), + void *ctx) { hx509_cursor cursor; hx509_cert c; int ret; - ret = hx509_certs_start_seq(certs, &cursor); + ret = hx509_certs_start_seq(context, certs, &cursor); if (ret) return ret; while (1) { - ret = hx509_certs_next_cert(certs, cursor, &c); + ret = hx509_certs_next_cert(context, certs, cursor, &c); if (ret) break; if (c == NULL) { ret = 0; break; } - ret = (*fn)(ctx, c); + ret = (*fn)(context, ctx, c); hx509_cert_free(c); if (ret) break; } - hx509_certs_end_seq(certs, cursor); + hx509_certs_end_seq(context, certs, cursor); return ret; } int -hx509_ci_print_names(void *ctx, hx509_cert c) +hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c) { Certificate *cert; hx509_name n; @@ -212,16 +212,19 @@ hx509_ci_print_names(void *ctx, hx509_cert c) } int -hx509_certs_add(hx509_certs certs, hx509_cert cert) +hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert) { if (certs->ops->add == NULL) return ENOENT; - return (*certs->ops->add)(certs, certs->ops_data, cert); + return (*certs->ops->add)(context, certs, certs->ops_data, cert); } int -_hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r) +_hx509_certs_find(hx509_context context, + hx509_certs certs, + const hx509_query *q, + hx509_cert *r) { hx509_cursor cursor; hx509_cert c; @@ -230,15 +233,15 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r) *r = NULL; if (certs->ops->query) - return (*certs->ops->query)(certs, certs->ops_data, q, r); + return (*certs->ops->query)(context, certs, certs->ops_data, q, r); - ret = hx509_certs_start_seq(certs, &cursor); + ret = hx509_certs_start_seq(context, certs, &cursor); if (ret) return ret; c = NULL; while (1) { - ret = hx509_certs_next_cert(certs, cursor, &c); + ret = hx509_certs_next_cert(context, certs, cursor, &c); if (ret) break; if (c == NULL) @@ -250,7 +253,7 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r) hx509_cert_free(c); } - hx509_certs_end_seq(certs, cursor); + hx509_certs_end_seq(context, certs, cursor); if (ret) return ret; if (c == NULL) @@ -260,27 +263,30 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r) } static int -certs_merge_func(void *ctx, hx509_cert c) +certs_merge_func(hx509_context context, void *ctx, hx509_cert c) { - return hx509_certs_add((hx509_certs)ctx, c); + return hx509_certs_add(context, (hx509_certs)ctx, c); } int -hx509_certs_merge(hx509_certs to, hx509_certs from) +hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) { - return hx509_certs_iter(from, certs_merge_func, to); + return hx509_certs_iter(context, from, certs_merge_func, to); } int -hx509_certs_append(hx509_certs to, hx509_lock lock, const char *name) +hx509_certs_append(hx509_context context, + hx509_certs to, + hx509_lock lock, + const char *name) { hx509_certs s; int ret; - ret = hx509_certs_init(name, 0, lock, &s); + ret = hx509_certs_init(context, name, 0, lock, &s); if (ret) return ret; - ret = hx509_certs_merge(to, s); + ret = hx509_certs_merge(context, to, s); hx509_certs_free(&s); return ret; } diff --git a/lib/hx509/ks_dir.c b/lib/hx509/ks_dir.c index a15de5f3f..11afa5590 100644 --- a/lib/hx509/ks_dir.c +++ b/lib/hx509/ks_dir.c @@ -36,8 +36,9 @@ RCSID("$Id$"); #include static int -dir_init(hx509_certs certs, void **data, int flags, - const char *residue, hx509_lock lock) +dir_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) { *data = NULL; @@ -70,7 +71,8 @@ dir_free(hx509_certs certs, void *data) static int -dir_iter_start(hx509_certs certs, void *data, void **cursor) +dir_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) { DIR *d; @@ -85,7 +87,8 @@ dir_iter_start(hx509_certs certs, void *data, void **cursor) } static int -dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) +dir_iter(hx509_context context, + hx509_certs certs, void *data, void *iter, hx509_cert *cert) { DIR *d = iter; int ret; @@ -103,7 +106,7 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) if (asprintf(&fn, "%s/%s", (char *)data, dir->d_name) == -1) return ENOMEM; - ret = _hx509_file_to_cert(fn, cert); + ret = _hx509_file_to_cert(context, fn, cert); free(fn); } while(ret != 0); @@ -112,9 +115,10 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) static int -dir_iter_end(hx509_certs certs, - void *data, - void *cursor) +dir_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) { DIR *d = cursor; closedir(d); @@ -135,7 +139,7 @@ static struct hx509_keyset_ops keyset_dir = { }; void -_hx509_ks_dir_register(void) +_hx509_ks_dir_register(hx509_context context) { - _hx509_ks_register(&keyset_dir); + _hx509_ks_register(context, &keyset_dir); } diff --git a/lib/hx509/ks_file.c b/lib/hx509/ks_file.c index 35fea9275..aecf05c1c 100644 --- a/lib/hx509/ks_file.c +++ b/lib/hx509/ks_file.c @@ -123,7 +123,7 @@ parse_file_der(const char *fn, Certificate *t) } int -_hx509_file_to_cert(const char *certfn, hx509_cert *cert) +_hx509_file_to_cert(hx509_context context, const char *certfn, hx509_cert *cert) { Certificate t; int ret; @@ -134,7 +134,7 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert) if (ret) return ret; - ret = hx509_cert_init(&t, cert); + ret = hx509_cert_init(context, &t, cert); free_Certificate(&t); return ret; @@ -142,7 +142,8 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert) static int -file_init(hx509_certs certs, void **data, int flags, +file_init(hx509_context context, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { char *certfn = NULL, *keyfn, *friendlyname = NULL; @@ -156,7 +157,7 @@ file_init(hx509_certs certs, void **data, int flags, if (lock == NULL) lock = _hx509_empty_lock; - c = _hx509_collector_alloc(lock); + c = _hx509_collector_alloc(context, lock); if (c == NULL) return ENOMEM; @@ -177,11 +178,11 @@ file_init(hx509_certs certs, void **data, int flags, *friendlyname++ = '\0'; } - ret = _hx509_file_to_cert(certfn, &cert); + ret = _hx509_file_to_cert(context, certfn, &cert); if (ret) goto out; - _hx509_collector_certs_add(c, cert); + _hx509_collector_certs_add(context, c, cert); if (keyfn) { ret = _hx509_cert_assign_private_key_file(cert, lock, keyfn); @@ -194,7 +195,7 @@ file_init(hx509_certs certs, void **data, int flags, goto out; } - ret = _hx509_collector_collect(c, &f->certs); + ret = _hx509_collector_collect(context, c, &f->certs); if (ret == 0) *data = f; out: @@ -223,26 +224,29 @@ file_free(hx509_certs certs, void *data) static int -file_iter_start(hx509_certs certs, void *data, void **cursor) +file_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) { struct ks_file *f = data; - return hx509_certs_start_seq(f->certs, cursor); + return hx509_certs_start_seq(context, f->certs, cursor); } static int -file_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) +file_iter(hx509_context context, + hx509_certs certs, void *data, void *iter, hx509_cert *cert) { struct ks_file *f = data; - return hx509_certs_next_cert(f->certs, iter, cert); + return hx509_certs_next_cert(context, f->certs, iter, cert); } static int -file_iter_end(hx509_certs certs, +file_iter_end(hx509_context context, + hx509_certs certs, void *data, void *cursor) { struct ks_file *f = data; - return hx509_certs_end_seq(f->certs, cursor); + return hx509_certs_end_seq(context, f->certs, cursor); } @@ -259,7 +263,7 @@ static struct hx509_keyset_ops keyset_file = { }; void -_hx509_ks_file_register(void) +_hx509_ks_file_register(hx509_context context) { - _hx509_ks_register(&keyset_file); + _hx509_ks_register(context, &keyset_file); } diff --git a/lib/hx509/ks_mem.c b/lib/hx509/ks_mem.c index a866de893..036942c48 100644 --- a/lib/hx509/ks_mem.c +++ b/lib/hx509/ks_mem.c @@ -41,7 +41,8 @@ struct mem_data { }; static int -mem_init(hx509_certs certs, void **data, int flags, +mem_init(hx509_context context, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { struct mem_data *mem; @@ -75,7 +76,7 @@ mem_free(hx509_certs certs, void *data) } static int -mem_add(hx509_certs certs, void *data, hx509_cert c) +mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) { struct mem_data *mem = data; hx509_cert *val; @@ -92,7 +93,10 @@ mem_add(hx509_certs certs, void *data, hx509_cert c) } static int -mem_iter_start(hx509_certs certs, void *data, void **cursor) +mem_iter_start(hx509_context context, + hx509_certs certs, + void *data, + void **cursor) { unsigned long *iter = malloc(sizeof(*iter)); @@ -106,7 +110,8 @@ mem_iter_start(hx509_certs certs, void *data, void **cursor) } static int -mem_iter(hx509_certs certs, +mem_iter(hx509_context contexst, + hx509_certs certs, void *data, void *cursor, hx509_cert *cert) @@ -125,7 +130,8 @@ mem_iter(hx509_certs certs, } static int -mem_iter_end(hx509_certs certs, +mem_iter_end(hx509_context context, + hx509_certs certs, void *data, void *cursor) { @@ -146,7 +152,7 @@ static struct hx509_keyset_ops keyset_mem = { }; void -_hx509_ks_mem_register(void) +_hx509_ks_mem_register(hx509_context context) { - _hx509_ks_register(&keyset_mem); + _hx509_ks_register(context, &keyset_mem); } diff --git a/lib/hx509/ks_null.c b/lib/hx509/ks_null.c index 69306abe5..0ba1956fd 100644 --- a/lib/hx509/ks_null.c +++ b/lib/hx509/ks_null.c @@ -36,7 +36,8 @@ RCSID("$Id$"); static int -null_init(hx509_certs certs, void **data, int flags, +null_init(hx509_context context, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { *data = NULL; @@ -51,21 +52,24 @@ null_free(hx509_certs certs, void *data) } static int -null_iter_start(hx509_certs certs, void *data, void **cursor) +null_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) { *cursor = NULL; return 0; } static int -null_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) +null_iter(hx509_context context, + hx509_certs certs, void *data, void *iter, hx509_cert *cert) { *cert = NULL; return ENOENT; } static int -null_iter_end(hx509_certs certs, +null_iter_end(hx509_context context, + hx509_certs certs, void *data, void *cursor) { @@ -74,8 +78,6 @@ null_iter_end(hx509_certs certs, } - - struct hx509_keyset_ops keyset_null = { "NULL", 0, diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index 1c954b06c..9c8f47da1 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -415,12 +415,17 @@ getattr_bn(struct p11_module *p, struct p11_slot *slot, return bn; } +struct p11_collector { + hx509_context context; + struct hx509_collector *c; +}; + static int collect_private_key(struct p11_module *p, struct p11_slot *slot, CK_OBJECT_HANDLE object, void *ptr, CK_ATTRIBUTE *query, int num_query) { - struct hx509_collector *c = ptr; + struct p11_collector *ctx = ptr; AlgorithmIdentifier alg; hx509_private_key key; heim_octet_string localKeyId; @@ -467,7 +472,7 @@ collect_private_key(struct p11_module *p, struct p11_slot *slot, _hx509_private_key_assign_rsa(key, rsa); - ret = _hx509_collector_private_key_add(c, + ret = _hx509_collector_private_key_add(ctx->c, &alg, key, NULL, @@ -486,7 +491,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot, void *ptr, CK_ATTRIBUTE *query, int num_query) { heim_octet_string localKeyId; - struct hx509_collector *c = ptr; + struct p11_collector *ctx = ptr; hx509_cert cert; Certificate t; int ret; @@ -499,7 +504,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot, if (ret) return 0; - ret = hx509_cert_init(&t, &cert); + ret = hx509_cert_init(ctx->context, &t, &cert); free_Certificate(&t); if (ret) return ret; @@ -508,7 +513,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot, oid_id_pkcs_9_at_localKeyId(), &localKeyId); - ret = _hx509_collector_certs_add(c, cert); + ret = _hx509_collector_certs_add(ctx->context, ctx->c, cert); if (ret) { hx509_cert_free(cert); return ret; @@ -519,11 +524,13 @@ collect_cert(struct p11_module *p, struct p11_slot *slot, static int -p11_list_keys(struct p11_module *p, +p11_list_keys(hx509_context context, + struct p11_module *p, struct p11_slot *slot, hx509_lock lock, hx509_certs *certs) { + struct p11_collector ctx; CK_OBJECT_CLASS key_class; CK_ATTRIBUTE search_data[] = { {CKA_CLASS, &key_class, sizeof(key_class)}, @@ -533,20 +540,21 @@ p11_list_keys(struct p11_module *p, {CKA_VALUE, NULL, 0} }; int ret; - struct hx509_collector *c; if (lock == NULL) lock = _hx509_empty_lock; - c = _hx509_collector_alloc(lock); - if (c == NULL) + ctx.context = context; + + ctx.c = _hx509_collector_alloc(context, lock); + if (ctx.c == NULL) return ENOMEM; key_class = CKO_PRIVATE_KEY; ret = iterate_entries(p, slot, search_data, 1, query_data, 1, - collect_private_key, c); + collect_private_key, &ctx); if (ret) goto out; @@ -554,21 +562,22 @@ p11_list_keys(struct p11_module *p, ret = iterate_entries(p, slot, search_data, 1, query_data, 2, - collect_cert, c); + collect_cert, &ctx); if (ret) goto out; - ret = _hx509_collector_collect(c, &slot->certs); + ret = _hx509_collector_collect(context, ctx.c, &slot->certs); out: - _hx509_collector_free(c); + _hx509_collector_free(ctx.c); return ret; } static int -p11_init(hx509_certs certs, void **data, int flags, +p11_init(hx509_context context, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { CK_C_GetFunctionList getFuncs; @@ -640,7 +649,7 @@ p11_init(hx509_certs certs, void **data, int flags, free(slot_ids); p11_get_session(p, &p->slot); - p11_list_keys(p, &p->slot, NULL, &p->slot.certs); + p11_list_keys(context, p, &p->slot, NULL, &p->slot.certs); p11_put_session(p, &p->slot); } @@ -676,24 +685,27 @@ p11_free(hx509_certs certs, void *data) } static int -p11_iter_start(hx509_certs certs, void *data, void **cursor) +p11_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) { struct p11_module *p = data; - return hx509_certs_start_seq(p->slot.certs, cursor); + return hx509_certs_start_seq(context, p->slot.certs, cursor); } static int -p11_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert) +p11_iter(hx509_context context, + hx509_certs certs, void *data, void *cursor, hx509_cert *cert) { struct p11_module *p = data; - return hx509_certs_next_cert(p->slot.certs, cursor, cert); + return hx509_certs_next_cert(context, p->slot.certs, cursor, cert); } static int -p11_iter_end(hx509_certs certs, void *data, void *cursor) +p11_iter_end(hx509_context context, + hx509_certs certs, void *data, void *cursor) { struct p11_module *p = data; - return hx509_certs_end_seq(p->slot.certs, cursor); + return hx509_certs_end_seq(context, p->slot.certs, cursor); } static struct hx509_keyset_ops keyset_pkcs11 = { @@ -709,7 +721,7 @@ static struct hx509_keyset_ops keyset_pkcs11 = { }; void -_hx509_ks_pkcs11_register(void) +_hx509_ks_pkcs11_register(hx509_context context) { - _hx509_ks_register(&keyset_pkcs11); + _hx509_ks_register(context, &keyset_pkcs11); } diff --git a/lib/hx509/ks_p12.c b/lib/hx509/ks_p12.c index df5c1486f..3a83606ae 100644 --- a/lib/hx509/ks_p12.c +++ b/lib/hx509/ks_p12.c @@ -38,7 +38,9 @@ struct ks_pkcs12 { hx509_certs certs; }; -typedef int (*collector_func)(struct hx509_collector *, const void *, size_t, +typedef int (*collector_func)(hx509_context, + struct hx509_collector *, + const void *, size_t, const PKCS12_Attributes *); struct type { @@ -47,7 +49,7 @@ struct type { }; static void -parse_pkcs12_type(struct hx509_collector *, const heim_oid *, +parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, const void *, size_t, const PKCS12_Attributes *); @@ -64,7 +66,8 @@ find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid) } static int -ShroudedKeyBag_parser(struct hx509_collector *c, +ShroudedKeyBag_parser(hx509_context context, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -84,7 +87,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c, if (ret) return ret; - ret = _hx509_pbe_decrypt(_hx509_collector_get_lock(c), + ret = _hx509_pbe_decrypt(context, + _hx509_collector_get_lock(c), &pk.encryptionAlgorithm, &pk.encryptedData, &content); @@ -110,7 +114,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c, } static int -certBag_parser(struct hx509_collector *c, +certBag_parser(hx509_context context, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -137,12 +142,12 @@ certBag_parser(struct hx509_collector *c, if (ret) return ret; - ret = hx509_cert_init(&t, &cert); + ret = hx509_cert_init(context, &t, &cert); free_Certificate(&t); if (ret) return ret; - ret = _hx509_collector_certs_add(c, cert); + ret = _hx509_collector_certs_add(context, c, cert); if (ret) { hx509_cert_free(cert); return ret; @@ -166,7 +171,8 @@ certBag_parser(struct hx509_collector *c, } static int -parse_safe_content(struct hx509_collector *c, +parse_safe_content(hx509_context context, + struct hx509_collector *c, const unsigned char *p, size_t len) { PKCS12_SafeContents sc; @@ -179,7 +185,8 @@ parse_safe_content(struct hx509_collector *c, return ret; for (i = 0; i < sc.len ; i++) - parse_pkcs12_type(c, + parse_pkcs12_type(context, + c, &sc.val[i].bagId, sc.val[i].bagValue.data, sc.val[i].bagValue.length, @@ -190,7 +197,8 @@ parse_safe_content(struct hx509_collector *c, } static int -safeContent_parser(struct hx509_collector *c, +safeContent_parser(hx509_context context, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -200,13 +208,14 @@ safeContent_parser(struct hx509_collector *c, ret = decode_PKCS12_OctetString(data, length, &os, NULL); if (ret) return ret; - ret = parse_safe_content(c, os.data, os.length); + ret = parse_safe_content(context, c, os.data, os.length); free_octet_string(&os); return ret; }; static int -encryptedData_parser(struct hx509_collector *c, +encryptedData_parser(hx509_context context, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -216,7 +225,8 @@ encryptedData_parser(struct hx509_collector *c, memset(&contentType, 0, sizeof(contentType)); - ret = hx509_cms_decrypt_encrypted(_hx509_collector_get_lock(c), + ret = hx509_cms_decrypt_encrypted(context, + _hx509_collector_get_lock(c), data, length, &contentType, &content); @@ -224,7 +234,7 @@ encryptedData_parser(struct hx509_collector *c, return ret; if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) - ret = parse_safe_content(c, content.data, content.length); + ret = parse_safe_content(context, c, content.data, content.length); free_octet_string(&content); free_oid(&contentType); @@ -232,7 +242,8 @@ encryptedData_parser(struct hx509_collector *c, } static int -envelopedData_parser(struct hx509_collector *c, +envelopedData_parser(hx509_context context, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -245,7 +256,8 @@ envelopedData_parser(struct hx509_collector *c, lock = _hx509_collector_get_lock(c); - ret = hx509_cms_unenvelope(_hx509_lock_unlock_certs(lock), + ret = hx509_cms_unenvelope(context, + _hx509_lock_unlock_certs(lock), data, length, &contentType, &content); @@ -253,7 +265,7 @@ envelopedData_parser(struct hx509_collector *c, return ret; if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) - ret = parse_safe_content(c, content.data, content.length); + ret = parse_safe_content(context, c, content.data, content.length); free_octet_string(&content); free_oid(&contentType); @@ -271,7 +283,9 @@ struct type bagtypes[] = { }; static void -parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid, +parse_pkcs12_type(hx509_context context, + struct hx509_collector *c, + const heim_oid *oid, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -279,11 +293,12 @@ parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid, for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) if (heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0) - (*bagtypes[i].func)(c, data, length, attrs); + (*bagtypes[i].func)(context, c, data, length, attrs); } static int -p12_init(hx509_certs certs, void **data, int flags, +p12_init(hx509_context context, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { struct ks_pkcs12 *p12; @@ -299,7 +314,7 @@ p12_init(hx509_certs certs, void **data, int flags, if (lock == NULL) lock = _hx509_empty_lock; - c = _hx509_collector_alloc(lock); + c = _hx509_collector_alloc(context, lock); if (c == NULL) return ENOMEM; @@ -350,7 +365,8 @@ p12_init(hx509_certs certs, void **data, int flags, } for (i = 0; i < as.len; i++) - parse_pkcs12_type(c, + parse_pkcs12_type(context, + c, &as.val[i].contentType, as.val[i].content->data, as.val[i].content->length, @@ -358,7 +374,7 @@ p12_init(hx509_certs certs, void **data, int flags, free_PKCS12_AuthenticatedSafe(&as); - ret = _hx509_collector_collect(c, &p12->certs); + ret = _hx509_collector_collect(context, c, &p12->certs); if (ret == 0) *data = p12; @@ -384,26 +400,34 @@ p12_free(hx509_certs certs, void *data) } static int -p12_iter_start(hx509_certs certs, void *data, void **cursor) +p12_iter_start(hx509_context context, + hx509_certs certs, + void *data, + void **cursor) { struct ks_pkcs12 *p12 = data; - return hx509_certs_start_seq(p12->certs, cursor); + return hx509_certs_start_seq(context, p12->certs, cursor); } static int -p12_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert) +p12_iter(hx509_context context, + hx509_certs certs, + void *data, + void *cursor, + hx509_cert *cert) { struct ks_pkcs12 *p12 = data; - return hx509_certs_next_cert(p12->certs, cursor, cert); + return hx509_certs_next_cert(context, p12->certs, cursor, cert); } static int -p12_iter_end(hx509_certs certs, - void *data, - void *cursor) +p12_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) { struct ks_pkcs12 *p12 = data; - return hx509_certs_end_seq(p12->certs, cursor); + return hx509_certs_end_seq(context, p12->certs, cursor); } static struct hx509_keyset_ops keyset_pkcs12 = { @@ -419,7 +443,7 @@ static struct hx509_keyset_ops keyset_pkcs12 = { }; void -_hx509_ks_pkcs12_register(void) +_hx509_ks_pkcs12_register(hx509_context context) { - _hx509_ks_register(&keyset_pkcs12); + _hx509_ks_register(context, &keyset_pkcs12); } diff --git a/lib/hx509/lock.c b/lib/hx509/lock.c index 9845e0fba..16c2a8cdc 100644 --- a/lib/hx509/lock.c +++ b/lib/hx509/lock.c @@ -53,7 +53,7 @@ hx509_lock _hx509_empty_lock = &empty_lock_data; */ int -hx509_lock_init(hx509_lock *lock) +hx509_lock_init(hx509_context context, hx509_lock *lock) { hx509_lock l; int ret; @@ -64,7 +64,11 @@ hx509_lock_init(hx509_lock *lock) if (l == NULL) return ENOMEM; - ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &l->certs); + ret = hx509_certs_init(context, + "MEMORY:locks-internal", + 0, + NULL, + &l->certs); if (ret) { free(l); return ret; @@ -122,24 +126,28 @@ hx509_lock_reset_passwords(hx509_lock lock) } int -hx509_lock_add_cert(hx509_lock lock, hx509_cert cert) +hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert) { - return hx509_certs_add(lock->certs, cert); + return hx509_certs_add(context, lock->certs, cert); } int -hx509_lock_add_certs(hx509_lock lock, hx509_certs certs) +hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs) { - return hx509_certs_merge(lock->certs, certs); + return hx509_certs_merge(context, lock->certs, certs); } void -hx509_lock_reset_certs(hx509_lock lock) +hx509_lock_reset_certs(hx509_context context, hx509_lock lock) { hx509_certs certs = lock->certs; int ret; - ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &lock->certs); + ret = hx509_certs_init(context, + "MEMORY:locks-internal", + 0, + NULL, + &lock->certs); if (ret == 0) hx509_certs_free(&certs); else diff --git a/lib/hx509/print.c b/lib/hx509/print.c index ae47a9d3e..cb80d7503 100644 --- a/lib/hx509/print.c +++ b/lib/hx509/print.c @@ -299,7 +299,7 @@ struct { }; int -hx509_validate_ctx_init(hx509_validate_ctx *ctx) +hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx) { *ctx = malloc(sizeof(**ctx)); if (*ctx == NULL) @@ -330,7 +330,9 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx) } int -hx509_validate_cert(hx509_validate_ctx ctx, hx509_cert cert) +hx509_validate_cert(hx509_context context, + hx509_validate_ctx ctx, + hx509_cert cert) { Certificate *c = _hx509_get_cert(cert); TBSCertificate *t = &c->tbsCertificate;