oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add a hx509_context where we can store configuration

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16476 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-01-04 20:33:31 +00:00
parent d5e17d6541
commit 7dcf3289bb
16 changed files with 456 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
lib/hx509/cert.c
View File

@@ -85,6 +85,39 @@ _hx509_abort(const char *fmt, ...)
abort(); abort();
} }
/*
*
*/
int
hx509_context_init(hx509_context *context)
{
*context = calloc(1, sizeof(**context));
if (*context == NULL)
return ENOMEM;
_hx509_ks_mem_register(*context);
_hx509_ks_file_register(*context);
_hx509_ks_pkcs12_register(*context);
_hx509_ks_pkcs11_register(*context);
_hx509_ks_dir_register(*context);
return 0;
}
void
hx509_context_free(hx509_context *context)
{
if ((*context)->ks_ops) {
free((*context)->ks_ops);
(*context)->ks_ops = NULL;
}
(*context)->ks_num_ops = 0;
free(*context);
*context = NULL;
}
/* /*
* *
*/ */
@@ -102,7 +135,7 @@ _hx509_cert_get_version(const Certificate *t)
} }
int int
hx509_cert_init(const Certificate *c, hx509_cert *cert) hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
{ {
int ret; int ret;
@@ -196,7 +229,7 @@ hx509_cert_ref(hx509_cert cert)
} }
int int
hx509_verify_init_ctx(hx509_verify_ctx *ctx) hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
{ {
hx509_verify_ctx c; hx509_verify_ctx c;
@@ -506,7 +539,9 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
} }
static int static int
certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert) certificate_is_anchor(hx509_context context,
hx509_verify_ctx ctx,
const hx509_cert cert)
{ {
hx509_query q; hx509_query q;
hx509_cert c; hx509_cert c;
@@ -517,7 +552,7 @@ certificate_is_anchor(hx509_verify_ctx ctx, const hx509_cert cert)
q.match = HX509_QUERY_MATCH_CERTIFICATE; q.match = HX509_QUERY_MATCH_CERTIFICATE;
q.certificate = _hx509_get_cert(cert); q.certificate = _hx509_get_cert(cert);
ret = _hx509_certs_find(ctx->trust_anchors, &q, &c); ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
if (ret == 0) if (ret == 0)
hx509_cert_free(c); hx509_cert_free(c);
return ret == 0; return ret == 0;
@@ -530,7 +565,8 @@ certificate_is_self_signed(const Certificate *cert)
} }
static hx509_cert static hx509_cert
find_parent(hx509_verify_ctx ctx, find_parent(hx509_context context,
hx509_verify_ctx ctx,
hx509_path *path, hx509_path *path,
hx509_certs chain, hx509_certs chain,
hx509_cert current) hx509_cert current)
@@ -548,10 +584,10 @@ find_parent(hx509_verify_ctx ctx,
q.subject = _hx509_get_cert(current); q.subject = _hx509_get_cert(current);
q.path = path; q.path = path;
ret = _hx509_certs_find(chain, &q, &c); ret = _hx509_certs_find(context, chain, &q, &c);
if (ret == 0) if (ret == 0)
return c; return c;
ret = _hx509_certs_find(ctx->trust_anchors, &q, &c); ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
if (ret == 0) if (ret == 0)
return c; return c;
return NULL; return NULL;
@@ -597,7 +633,8 @@ path_free(hx509_path *path)
*/ */
static int static int
calculate_path(hx509_verify_ctx ctx, calculate_path(hx509_context context,
hx509_verify_ctx ctx,
hx509_cert cert, hx509_cert cert,
hx509_certs chain, hx509_certs chain,
hx509_path *path) hx509_path *path)
@@ -611,9 +648,9 @@ calculate_path(hx509_verify_ctx ctx,
current = hx509_cert_ref(cert); current = hx509_cert_ref(cert);
while (!certificate_is_anchor(ctx, current)) { while (!certificate_is_anchor(context, ctx, current)) {
parent = find_parent(ctx, path, chain, current); parent = find_parent(context, ctx, path, chain, current);
hx509_cert_free(current); hx509_cert_free(current);
if (parent == NULL) if (parent == NULL)
return HX509_ISSUER_NOT_FOUND; return HX509_ISSUER_NOT_FOUND;
@@ -675,19 +712,19 @@ hx509_cert_cmp(hx509_cert p, hx509_cert q)
} }
int int
hx509_cert_issuer(hx509_cert p, hx509_name *name) hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
{ {
return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name); return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
} }
int int
hx509_cert_subject(hx509_cert p, hx509_name *name) hx509_cert_get_subject(hx509_cert p, hx509_name *name)
{ {
return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name); return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
} }
int int
hx509_cert_serialnumber(hx509_cert p, heim_integer *i) hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
{ {
return copy_heim_integer(&p->data->tbsCertificate.serialNumber, i); return copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
} }
@@ -1037,7 +1074,10 @@ free_name_constraints(hx509_name_constraints *nc)
} }
int int
hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain) hx509_verify_path(hx509_context context,
hx509_verify_ctx ctx,
hx509_cert cert,
hx509_certs chain)
{ {
hx509_name_constraints nc; hx509_name_constraints nc;
hx509_path path; hx509_path path;
@@ -1060,7 +1100,7 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
* Calculate the path from the certificate user presented to the * Calculate the path from the certificate user presented to the
* to an anchor. * to an anchor.
*/ */
ret = calculate_path(ctx, cert, chain, &path); ret = calculate_path(context, ctx, cert, chain, &path);
if (ret) if (ret)
goto out; goto out;
@@ -1168,7 +1208,8 @@ hx509_verify_path(hx509_verify_ctx ctx, hx509_cert cert, hx509_certs chain)
} }
int int
hx509_verify_signature(const hx509_cert signer, hx509_verify_signature(hx509_context context,
const hx509_cert signer,
const AlgorithmIdentifier *alg, const AlgorithmIdentifier *alg,
const heim_octet_string *data, const heim_octet_string *data,
const heim_octet_string *sig) const heim_octet_string *sig)

60
lib/hx509/cms.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003 - 2005 Kungliga Tekniska H<>gskolan * Copyright (c) 2003 - 2006 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -66,7 +66,7 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
int ret; int ret;
id->element = choice_CMSIdentifier_issuerAndSerialNumber; id->element = choice_CMSIdentifier_issuerAndSerialNumber;
ret = hx509_cert_issuer(cert, &name); ret = hx509_cert_get_issuer(cert, &name);
if (ret) if (ret)
return ret; return ret;
ret = copy_Name(&name->der_name, ret = copy_Name(&name->der_name,
@@ -75,13 +75,14 @@ fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id)
if (ret) if (ret)
return ret; return ret;
ret = hx509_cert_serialnumber(cert, ret = hx509_cert_get_serialnumber(cert,
&id->u.issuerAndSerialNumber.serialNumber); &id->u.issuerAndSerialNumber.serialNumber);
return ret; return ret;
} }
static int static int
find_CMSIdentifier(CMSIdentifier *client, find_CMSIdentifier(hx509_context context,
CMSIdentifier *client,
hx509_certs certs, hx509_certs certs,
hx509_cert *signer_cert, hx509_cert *signer_cert,
int match) int match)
@@ -112,7 +113,7 @@ find_CMSIdentifier(CMSIdentifier *client,
q.match |= match; q.match |= match;
ret = _hx509_certs_find(certs, &q, &cert); ret = _hx509_certs_find(context, certs, &q, &cert);
if (ret) if (ret)
return ret; return ret;
@@ -122,7 +123,8 @@ find_CMSIdentifier(CMSIdentifier *client,
} }
int int
hx509_cms_unenvelope(hx509_certs certs, hx509_cms_unenvelope(hx509_context context,
hx509_certs certs,
const void *data, const void *data,
size_t length, size_t length,
heim_oid *contentType, heim_oid *contentType,
@@ -165,7 +167,7 @@ hx509_cms_unenvelope(hx509_certs certs,
* ki->keyEncryptionAlgorithm.algorithm); * ki->keyEncryptionAlgorithm.algorithm);
*/ */
ret = find_CMSIdentifier(&ri->rid, certs, &cert, ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
HX509_QUERY_PRIVATE_KEY| HX509_QUERY_PRIVATE_KEY|
HX509_QUERY_KU_ENCIPHERMENT); HX509_QUERY_KU_ENCIPHERMENT);
if (ret) { if (ret) {
@@ -204,7 +206,7 @@ hx509_cms_unenvelope(hx509_certs certs,
hx509_crypto crypto; hx509_crypto crypto;
heim_octet_string *ivec = NULL, ivec_data; heim_octet_string *ivec = NULL, ivec_data;
ret = hx509_crypto_init(NULL, &ai->algorithm, &crypto); ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
if (ret) if (ret)
goto out; goto out;
@@ -238,7 +240,8 @@ hx509_cms_unenvelope(hx509_certs certs,
} }
int int
hx509_cms_envelope_1(hx509_cert cert, hx509_cms_envelope_1(hx509_context context,
hx509_cert cert,
const void *data, const void *data,
size_t length, size_t length,
const heim_oid *encryption_type, const heim_oid *encryption_type,
@@ -265,7 +268,7 @@ hx509_cms_envelope_1(hx509_cert cert,
if (ret) if (ret)
goto out; goto out;
ret = hx509_crypto_init(NULL, encryption_type, &crypto); ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
if (ret) if (ret)
goto out; goto out;
@@ -354,7 +357,7 @@ hx509_cms_envelope_1(hx509_cert cert,
} }
static int static int
any_to_certs(const SignedData *sd, hx509_certs certs) any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
{ {
int ret, i; int ret, i;
@@ -372,11 +375,11 @@ any_to_certs(const SignedData *sd, hx509_certs certs)
if (ret) if (ret)
return ret; return ret;
ret = hx509_cert_init(&cert, &c); ret = hx509_cert_init(context, &cert, &c);
free_Certificate(&cert); free_Certificate(&cert);
if (ret) if (ret)
return ret; return ret;
ret = hx509_certs_add(certs, c); ret = hx509_certs_add(context, certs, c);
if (ret) { if (ret) {
hx509_cert_free(c); hx509_cert_free(c);
return ret; return ret;
@@ -397,7 +400,8 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
} }
int int
hx509_cms_verify_signed(hx509_verify_ctx ctx, hx509_cms_verify_signed(hx509_context context,
hx509_verify_ctx ctx,
const void *data, const void *data,
size_t length, size_t length,
hx509_certs store, hx509_certs store,
@@ -430,23 +434,25 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
goto out; goto out;
} }
ret = hx509_certs_init("MEMORY:cms-cert-buffer", 0, NULL, &certs); ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
0, NULL, &certs);
if (ret) if (ret)
goto out; goto out;
ret = hx509_certs_init("MEMORY:cms-signer-certs", 0, NULL, signer_certs); ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
0, NULL, signer_certs);
if (ret) if (ret)
goto out; goto out;
/* XXX Check CMS version */ /* XXX Check CMS version */
ret = any_to_certs(&sd, certs); ret = any_to_certs(context, &sd, certs);
if (ret) { if (ret) {
goto out; goto out;
} }
if (store) { if (store) {
ret = hx509_certs_merge(certs, store); ret = hx509_certs_merge(context, certs, store);
if (ret) if (ret)
goto out; goto out;
} }
@@ -465,7 +471,7 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
continue; continue;
} }
ret = find_CMSIdentifier(&signer_info->sid, certs, &cert, ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
HX509_QUERY_KU_DIGITALSIGNATURE); HX509_QUERY_KU_DIGITALSIGNATURE);
if (ret) if (ret)
continue; continue;
@@ -558,7 +564,8 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
free_oid(&decode_oid); free_oid(&decode_oid);
if (ret == 0) if (ret == 0)
ret = hx509_verify_signature(cert, ret = hx509_verify_signature(context,
cert,
&signer_info->signatureAlgorithm, &signer_info->signatureAlgorithm,
signed_data, signed_data,
&signer_info->signature); &signer_info->signature);
@@ -572,13 +579,13 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx,
continue; continue;
} }
ret = hx509_verify_path(ctx, cert, certs); ret = hx509_verify_path(context, ctx, cert, certs);
if (ret) { if (ret) {
hx509_cert_free(cert); hx509_cert_free(cert);
continue; continue;
} }
ret = hx509_certs_add(*signer_certs, hx509_cert_ref(cert)); ret = hx509_certs_add(context, *signer_certs, hx509_cert_ref(cert));
if (ret) { if (ret) {
hx509_cert_free(cert); hx509_cert_free(cert);
continue; continue;
@@ -683,7 +690,8 @@ add_one_attribute(Attribute **attr,
int int
hx509_cms_create_signed_1(const heim_oid *eContentType, hx509_cms_create_signed_1(hx509_context context,
const heim_oid *eContentType,
const void *data, size_t length, const void *data, size_t length,
const AlgorithmIdentifier *digest_alg, const AlgorithmIdentifier *digest_alg,
hx509_cert cert, hx509_cert cert,
@@ -882,7 +890,8 @@ hx509_cms_create_signed_1(const heim_oid *eContentType,
} }
int int
hx509_cms_decrypt_encrypted(hx509_lock lock, hx509_cms_decrypt_encrypted(hx509_context context,
hx509_lock lock,
const void *data, const void *data,
size_t length, size_t length,
heim_oid *contentType, heim_oid *contentType,
@@ -915,7 +924,8 @@ hx509_cms_decrypt_encrypted(hx509_lock lock,
goto out; goto out;
} }
ret = _hx509_pbe_decrypt(lock, ret = _hx509_pbe_decrypt(context,
lock,
ai, ai,
ed.encryptedContentInfo.encryptedContent, ed.encryptedContentInfo.encryptedContent,
&cont); &cont);

40
lib/hx509/collector.c
View File

@@ -53,7 +53,7 @@ struct hx509_collector {
struct hx509_collector * struct hx509_collector *
_hx509_collector_alloc(hx509_lock lock) _hx509_collector_alloc(hx509_context context, hx509_lock lock)
{ {
struct hx509_collector *c; struct hx509_collector *c;
@@ -62,10 +62,10 @@ _hx509_collector_alloc(hx509_lock lock)
return NULL; return NULL;
c->lock = lock; c->lock = lock;
hx509_certs_init("MEMORY:dummy", 0, NULL, &c->unenvelop_certs); hx509_certs_init(context, "MEMORY:dummy", 0, NULL, &c->unenvelop_certs);
c->val.data = NULL; c->val.data = NULL;
c->val.len = 0; c->val.len = 0;
hx509_certs_init("MEMORY:collector-tmp-store", 0, NULL, &c->certs); hx509_certs_init(context, "MEMORY:collector-tmp-store", 0, NULL, &c->certs);
return c; return c;
} }
@@ -78,9 +78,11 @@ _hx509_collector_get_lock(struct hx509_collector *c)
int int
_hx509_collector_certs_add(struct hx509_collector *c, hx509_cert cert) _hx509_collector_certs_add(hx509_context context,
struct hx509_collector *c,
hx509_cert cert)
{ {
return hx509_certs_add(c->certs, cert); return hx509_certs_add(context, c->certs, cert);
} }
static void static void
@@ -142,7 +144,9 @@ out:
} }
static int static int
match_localkeyid(struct private_key *value, hx509_certs certs) match_localkeyid(hx509_context context,
struct private_key *value,
hx509_certs certs)
{ {
hx509_cert cert; hx509_cert cert;
hx509_query q; hx509_query q;
@@ -153,21 +157,21 @@ match_localkeyid(struct private_key *value, hx509_certs certs)
q.local_key_id = &value->localKeyId; q.local_key_id = &value->localKeyId;
ret = _hx509_certs_find(certs, &q, &cert); ret = _hx509_certs_find(context, certs, &q, &cert);
if (ret == 0) { if (ret == 0) {
if (value->private_key) { if (value->private_key) {
_hx509_cert_assign_key(cert, value->private_key); _hx509_cert_assign_key(cert, value->private_key);
value->private_key = NULL; value->private_key = NULL;
} }
hx509_certs_add(certs, cert); hx509_certs_add(context, certs, cert);
hx509_cert_free(cert); hx509_cert_free(cert);
} }
return ret; return ret;
} }
static int static int
match_keys(struct private_key *value, hx509_certs certs) match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
{ {
hx509_cursor cursor; hx509_cursor cursor;
hx509_cert c; hx509_cert c;
@@ -176,13 +180,13 @@ match_keys(struct private_key *value, hx509_certs certs)
if (value->private_key == NULL) if (value->private_key == NULL)
return EINVAL; return EINVAL;
ret = hx509_certs_start_seq(certs, &cursor); ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret) if (ret)
return ret; return ret;
c = NULL; c = NULL;
while (1) { while (1) {
ret = hx509_certs_next_cert(certs, cursor, &c); ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret) if (ret)
break; break;
if (c == NULL) if (c == NULL)
@@ -203,34 +207,36 @@ match_keys(struct private_key *value, hx509_certs certs)
hx509_cert_free(c); hx509_cert_free(c);
} }
hx509_certs_end_seq(certs, cursor); hx509_certs_end_seq(context, certs, cursor);
return found; return found;
} }
int int
_hx509_collector_collect(struct hx509_collector *c, hx509_certs *ret_certs) _hx509_collector_collect(hx509_context context,
struct hx509_collector *c,
hx509_certs *ret_certs)
{ {
hx509_certs certs; hx509_certs certs;
int ret, i; int ret, i;
*ret_certs = NULL; *ret_certs = NULL;
ret = hx509_certs_init("MEMORY:collector-store", 0, NULL, &certs); ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs);
if (ret) if (ret)
return ret; return ret;
ret = hx509_certs_merge(certs, c->certs); ret = hx509_certs_merge(context, certs, c->certs);
if (ret) { if (ret) {
hx509_certs_free(&certs); hx509_certs_free(&certs);
return ret; return ret;
} }
for (i = 0; i < c->val.len; i++) { for (i = 0; i < c->val.len; i++) {
ret = match_localkeyid(c->val.data[i], certs); ret = match_localkeyid(context, c->val.data[i], certs);
if (ret == 0) if (ret == 0)
continue; continue;
ret = match_keys(c->val.data[i], certs); ret = match_keys(context, c->val.data[i], certs);
if (ret == 0) if (ret == 0)
continue; continue;
} }

70
lib/hx509/crypto.c
View File

@@ -101,10 +101,7 @@ struct hx509_private_key {
const heim_oid *signature_alg; const heim_oid *signature_alg;
struct { struct {
RSA *rsa; RSA *rsa;
} private_key2; } private_key;
/* supported key operations */
/* context pointer to backend */
/* function pointer to backend */
}; };
/* /*
@@ -286,14 +283,14 @@ rsa_create_signature(const struct signature_alg *sig_alg,
if (indata.length != size) if (indata.length != size)
_hx509_abort("internal ASN.1 encoder error"); _hx509_abort("internal ASN.1 encoder error");
sig->length = RSA_size(signer->private_key2.rsa); sig->length = RSA_size(signer->private_key.rsa);
sig->data = malloc(sig->length); sig->data = malloc(sig->length);
if (sig->data == NULL) if (sig->data == NULL)
return ENOMEM; return ENOMEM;
ret = RSA_private_encrypt(indata.length, indata.data, ret = RSA_private_encrypt(indata.length, indata.data,
sig->data, sig->data,
signer->private_key2.rsa, signer->private_key.rsa,
RSA_PKCS1_PADDING); RSA_PKCS1_PADDING);
free_octet_string(&indata); free_octet_string(&indata);
if (ret <= 0) if (ret <= 0)
@@ -366,9 +363,9 @@ rsa_parse_private_key(const struct signature_alg *sig_alg,
{ {
const unsigned char *p = data; const unsigned char *p = data;
private_key->private_key2.rsa = private_key->private_key.rsa =
d2i_RSAPrivateKey(NULL, &p, len); d2i_RSAPrivateKey(NULL, &p, len);
if (private_key->private_key2.rsa == NULL) if (private_key->private_key.rsa == NULL)
return EINVAL; return EINVAL;
private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
@@ -820,17 +817,17 @@ _hx509_private_key_private_decrypt(const heim_octet_string *ciphertext,
cleartext->data = NULL; cleartext->data = NULL;
cleartext->length = 0; cleartext->length = 0;
if (p->private_key2.rsa == NULL) if (p->private_key.rsa == NULL)
return EINVAL; return EINVAL;
cleartext->length = RSA_size(p->private_key2.rsa); cleartext->length = RSA_size(p->private_key.rsa);
cleartext->data = malloc(cleartext->length); cleartext->data = malloc(cleartext->length);
if (cleartext->data == NULL) if (cleartext->data == NULL)
return ENOMEM; return ENOMEM;
ret = RSA_private_decrypt(ciphertext->length, ciphertext->data, ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
cleartext->data, cleartext->data,
p->private_key2.rsa, p->private_key.rsa,
RSA_PKCS1_PADDING); RSA_PKCS1_PADDING);
if (ret <= 0) { if (ret <= 0) {
free_octet_string(cleartext); free_octet_string(cleartext);
@@ -934,9 +931,9 @@ _hx509_new_private_key(hx509_private_key *key)
int int
_hx509_free_private_key(hx509_private_key *key) _hx509_free_private_key(hx509_private_key *key)
{ {
if ((*key)->private_key2.rsa) if ((*key)->private_key.rsa)
RSA_free((*key)->private_key2.rsa); RSA_free((*key)->private_key.rsa);
(*key)->private_key2.rsa = NULL; (*key)->private_key.rsa = NULL;
free(*key); free(*key);
*key = NULL; *key = NULL;
return 0; return 0;
@@ -953,9 +950,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
if (key->private_key2.rsa) { if (key->private_key.rsa) {
RSA_free(key->private_key2.rsa); RSA_free(key->private_key.rsa);
key->private_key2.rsa = NULL; key->private_key.rsa = NULL;
} }
@@ -974,9 +971,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
if (private_key == NULL) if (private_key == NULL)
continue; continue;
key->private_key2.rsa = EVP_PKEY_get1_RSA(private_key); key->private_key.rsa = EVP_PKEY_get1_RSA(private_key);
EVP_PKEY_free(private_key); EVP_PKEY_free(private_key);
if (key->private_key2.rsa == NULL) if (key->private_key.rsa == NULL)
return EINVAL; return EINVAL;
return 0; return 0;
@@ -988,9 +985,9 @@ _hx509_private_key_assign_key_file(hx509_private_key key,
void void
_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
{ {
if (key->private_key2.rsa) if (key->private_key.rsa)
RSA_free(key->private_key2.rsa); RSA_free(key->private_key.rsa);
key->private_key2.rsa = ptr; key->private_key.rsa = ptr;
} }
@@ -1025,7 +1022,8 @@ find_cipher(const heim_oid *oid)
} }
int int
hx509_crypto_init(const char *provider, hx509_crypto_init(hx509_context context,
const char *provider,
const heim_oid *enctype, const heim_oid *enctype,
hx509_crypto *crypto) hx509_crypto *crypto)
{ {
@@ -1318,14 +1316,16 @@ hx509_crypto_decrypt(hx509_crypto crypto,
return ret; return ret;
} }
typedef int (*PBE_string2key_func)(const char *, typedef int (*PBE_string2key_func)(hx509_context,
const char *,
const heim_octet_string *, const heim_octet_string *,
hx509_crypto *, heim_octet_string *, hx509_crypto *, heim_octet_string *,
heim_octet_string *, heim_octet_string *,
const heim_oid *, const EVP_MD *); const heim_oid *, const EVP_MD *);
static int static int
PBE_string2key(const char *password, PBE_string2key(hx509_context context,
const char *password,
const heim_octet_string *parameters, const heim_octet_string *parameters,
hx509_crypto *crypto, hx509_crypto *crypto,
heim_octet_string *key, heim_octet_string *iv, heim_octet_string *key, heim_octet_string *iv,
@@ -1370,7 +1370,7 @@ PBE_string2key(const char *password,
goto out; goto out;
} }
ret = hx509_crypto_init(NULL, enc_oid, &c); ret = hx509_crypto_init(context, NULL, enc_oid, &c);
if (ret) if (ret)
goto out; goto out;
@@ -1424,7 +1424,8 @@ find_string2key(const heim_oid *oid,
int int
_hx509_pbe_decrypt(hx509_lock lock, _hx509_pbe_decrypt(hx509_context context,
hx509_lock lock,
const AlgorithmIdentifier *ai, const AlgorithmIdentifier *ai,
const heim_octet_string *econtent, const heim_octet_string *econtent,
heim_octet_string *content) heim_octet_string *content)
@@ -1464,7 +1465,7 @@ _hx509_pbe_decrypt(hx509_lock lock,
for (i = 0; i < pw->len; i++) { for (i = 0; i < pw->len; i++) {
hx509_crypto crypto; hx509_crypto crypto;
ret = (*s2k)(pw->val[i], ai->parameters, &crypto, ret = (*s2k)(context, pw->val[i], ai->parameters, &crypto,
&key, &iv, enc_oid, md); &key, &iv, enc_oid, md);
if (ret) { if (ret) {
goto out; goto out;
@@ -1503,10 +1504,10 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
size_t size; size_t size;
int ret; int ret;
if (private_key->private_key2.rsa == NULL) if (private_key->private_key.rsa == NULL)
return 0; return 0;
rsa = private_key->private_key2.rsa; rsa = private_key->private_key.rsa;
if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL) if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
return 0; return 0;
@@ -1529,11 +1530,12 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
free_RSAPublicKey(&pk); free_RSAPublicKey(&pk);
rsa->d = BN_dup(private_key->private_key2.rsa->d); rsa->d = BN_dup(private_key->private_key.rsa->d);
rsa->p = BN_dup(private_key->private_key2.rsa->p); rsa->p = BN_dup(private_key->private_key.rsa->p);
rsa->q = BN_dup(private_key->private_key2.rsa->q); rsa->q = BN_dup(private_key->private_key.rsa->q);
if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) { if (rsa->n == NULL || rsa->e == NULL ||
rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) {
RSA_free(rsa); RSA_free(rsa);
return 0; return 0;
} }

17
lib/hx509/hx509.h
View File

@@ -33,16 +33,17 @@
/* $Id$ */ /* $Id$ */
typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
typedef struct hx509_certs_data *hx509_certs;
typedef struct hx509_cert_data *hx509_cert;
typedef struct hx509_cert_attribute_data *hx509_cert_attribute; typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
typedef struct hx509_validate_ctx_data *hx509_validate_ctx; typedef struct hx509_cert_data *hx509_cert;
typedef struct hx509_name_data *hx509_name; typedef struct hx509_certs_data *hx509_certs;
typedef void * hx509_cursor; typedef struct hx509_context_data *hx509_context;
typedef struct hx509_lock_data *hx509_lock;
typedef struct hx509_private_key *hx509_private_key;
typedef struct hx509_crypto_data *hx509_crypto; typedef struct hx509_crypto_data *hx509_crypto;
typedef struct hx509_lock_data *hx509_lock;
typedef struct hx509_name_data *hx509_name;
typedef struct hx509_private_key *hx509_private_key;
typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
typedef void * hx509_cursor;
typedef void (*hx509_vprint_func)(void *, const char *, va_list); typedef void (*hx509_vprint_func)(void *, const char *, va_list);

20
lib/hx509/hx_locl.h
View File

@@ -121,13 +121,15 @@ struct hx509_query_data {
struct hx509_keyset_ops { struct hx509_keyset_ops {
char *name; char *name;
int flags; int flags;
int (*init)(hx509_certs, void **, int, const char *, hx509_lock); int (*init)(hx509_context, hx509_certs, void **,
int, const char *, hx509_lock);
int (*free)(hx509_certs, void *); int (*free)(hx509_certs, void *);
int (*add)(hx509_certs, void *, hx509_cert); int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
int (*query)(hx509_certs, void *, const hx509_query *, hx509_cert *); int (*query)(hx509_context, hx509_certs, void *,
int (*iter_start)(hx509_certs, void *, void **); const hx509_query *, hx509_cert *);
int (*iter)(hx509_certs, void *, void *, hx509_cert *); int (*iter_start)(hx509_context, hx509_certs, void *, void **);
int (*iter_end)(hx509_certs, void *, void *); int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
int (*iter_end)(hx509_context, hx509_certs, void *, void *);
}; };
struct _hx509_password { struct _hx509_password {
@@ -136,3 +138,9 @@ struct _hx509_password {
}; };
extern hx509_lock _hx509_empty_lock; extern hx509_lock _hx509_empty_lock;
struct hx509_context_data {
struct hx509_keyset_ops **ks_ops;
int ks_num_ops;
};

110
lib/hx509/hxtool.c
View File

@@ -37,6 +37,8 @@ RCSID("$Id$");
#include <hxtool-commands.h> #include <hxtool-commands.h>
#include <sl.h> #include <sl.h>
hx509_context context;
static int version_flag; static int version_flag;
static int help_flag; static int help_flag;
@@ -81,29 +83,29 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
size_t sz; size_t sz;
void *p; void *p;
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
ret = _hx509_map_file(argv[0], &p, &sz); ret = _hx509_map_file(argv[0], &p, &sz);
if (ret) if (ret)
err(1, "map_file: %s: %d", argv[0], ret); err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_verify_init_ctx(&ctx); ret = hx509_verify_init_ctx(context, &ctx);
ret = hx509_certs_init("MEMORY:cms-anchors", 0, NULL, &anchors); ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
for (i = 0; i < opt->anchors_strings.num_strings; i++) { for (i = 0; i < opt->anchors_strings.num_strings; i++) {
ret = hx509_certs_append(anchors, lock, ret = hx509_certs_append(context, anchors, lock,
opt->anchors_strings.strings[i]); opt->anchors_strings.strings[i]);
if (ret) if (ret)
errx(1, "hx509_certs_append: anchor: %s: %d", errx(1, "hx509_certs_append: anchor: %s: %d",
opt->anchors_strings.strings[i], ret); opt->anchors_strings.strings[i], ret);
} }
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
for (i = 0; i < opt->certificate_strings.num_strings; i++) { for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(store, lock, ret = hx509_certs_append(context, store, lock,
opt->certificate_strings.strings[i]); opt->certificate_strings.strings[i]);
if (ret) if (ret)
errx(1, "hx509_certs_append: store: %s %d", errx(1, "hx509_certs_append: store: %s %d",
@@ -136,7 +138,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
hx509_verify_attach_anchors(ctx, anchors); hx509_verify_attach_anchors(ctx, anchors);
ret = hx509_cms_verify_signed(ctx, co.data, co.length, ret = hx509_cms_verify_signed(context, ctx, co.data, co.length,
store, &type, &c, &signers); store, &type, &c, &signers);
if (co.data != p) if (co.data != p)
free_octet_string(&co); free_octet_string(&co);
@@ -144,7 +146,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
errx(1, "hx509_cms_verify_signed: %d", ret); errx(1, "hx509_cms_verify_signed: %d", ret);
printf("signers:\n"); printf("signers:\n");
hx509_certs_iter(signers, hx509_ci_print_names, stdout); hx509_certs_iter(context, signers, hx509_ci_print_names, stdout);
hx509_verify_destroy_ctx(ctx); hx509_verify_destroy_ctx(ctx);
@@ -181,7 +183,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
if (argc < 2) if (argc < 2)
errx(1, "argc < 2"); errx(1, "argc < 2");
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
for (i = 0; i < opt->pass_strings.num_strings; i++) { for (i = 0; i < opt->pass_strings.num_strings; i++) {
@@ -191,10 +193,10 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
opt->pass_strings.strings[i], ret); opt->pass_strings.strings[i], ret);
} }
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &store); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
for (i = 0; i < opt->certificate_strings.num_strings; i++) { for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(store, lock, ret = hx509_certs_append(context, store, lock,
opt->certificate_strings.strings[i]); opt->certificate_strings.strings[i]);
if (ret) if (ret)
errx(1, "hx509_certs_append: store: %s: %d", errx(1, "hx509_certs_append: store: %s: %d",
@@ -210,7 +212,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
q.friendlyname = opt->signer_string; q.friendlyname = opt->signer_string;
} }
ret = _hx509_certs_find(store, &q, &cert); ret = _hx509_certs_find(context, store, &q, &cert);
if (ret) if (ret)
errx(1, "hx509_certs_find: %d", ret); errx(1, "hx509_certs_find: %d", ret);
@@ -218,7 +220,8 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
if (ret) if (ret)
err(1, "map_file: %s: %d", argv[0], ret); err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_cms_create_signed_1(contentType, ret = hx509_cms_create_signed_1(context,
contentType,
p, p,
sz, sz,
NULL, NULL,
@@ -271,7 +274,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
int ret, i; int ret, i;
hx509_lock lock; hx509_lock lock;
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
ret = _hx509_map_file(argv[0], &p, &sz); ret = _hx509_map_file(argv[0], &p, &sz);
@@ -302,19 +305,20 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
co.length = sz; co.length = sz;
} }
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
if (ret) if (ret)
errx(1, "hx509_certs_init: MEMORY: %d", ret); errx(1, "hx509_certs_init: MEMORY: %d", ret);
for (i = 0; i < opt->certificate_strings.num_strings; i++) { for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(certs, lock, ret = hx509_certs_append(context, certs, lock,
opt->certificate_strings.strings[i]); opt->certificate_strings.strings[i]);
if (ret) if (ret)
errx(1, "hx509_certs_append: %s: %d", errx(1, "hx509_certs_append: %s: %d",
opt->certificate_strings.strings[i], ret); opt->certificate_strings.strings[i], ret);
} }
ret = hx509_cms_unenvelope(certs, co.data, co.length, &contentType, &o); ret = hx509_cms_unenvelope(context, certs, co.data, co.length,
&contentType, &o);
if (co.data != p) if (co.data != p)
free_octet_string(&co); free_octet_string(&co);
if (ret) if (ret)
@@ -345,17 +349,17 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
void *p; void *p;
hx509_lock lock; hx509_lock lock;
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
ret = _hx509_map_file(argv[0], &p, &sz); ret = _hx509_map_file(argv[0], &p, &sz);
if (ret) if (ret)
err(1, "map_file: %s: %d", argv[0], ret); err(1, "map_file: %s: %d", argv[0], ret);
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
for (i = 0; i < opt->certificate_strings.num_strings; i++) { for (i = 0; i < opt->certificate_strings.num_strings; i++) {
ret = hx509_certs_append(certs, lock, ret = hx509_certs_append(context, certs, lock,
opt->certificate_strings.strings[i]); opt->certificate_strings.strings[i]);
if (ret) if (ret)
errx(1, "hx509_certs_append: certs: %s: %d", errx(1, "hx509_certs_append: certs: %s: %d",
@@ -364,11 +368,11 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
_hx509_query_clear(&q); _hx509_query_clear(&q);
q.match |= HX509_QUERY_KU_ENCIPHERMENT; q.match |= HX509_QUERY_KU_ENCIPHERMENT;
ret = _hx509_certs_find(certs, &q, &cert); ret = _hx509_certs_find(context, certs, &q, &cert);
if (ret) if (ret)
errx(1, "hx509_certs_find: %d", ret); errx(1, "hx509_certs_find: %d", ret);
ret = hx509_cms_envelope_1(cert, p, sz, NULL, &contentType, &o); ret = hx509_cms_envelope_1(context, cert, p, sz, NULL, &contentType, &o);
if (ret) if (ret)
errx(1, "hx509_cms_unenvelope: %d", ret); errx(1, "hx509_cms_unenvelope: %d", ret);
@@ -414,7 +418,7 @@ struct print_s {
}; };
static int static int
print_f(void *ctx, hx509_cert cert) print_f(hx509_context context, void *ctx, hx509_cert cert)
{ {
struct print_s *s = ctx; struct print_s *s = ctx;
hx509_name name; hx509_name name;
@@ -432,13 +436,13 @@ print_f(void *ctx, hx509_cert cert)
} }
printf("\n"); printf("\n");
ret = hx509_cert_issuer(cert, &name); ret = hx509_cert_get_issuer(cert, &name);
hx509_name_to_string(name, &str); hx509_name_to_string(name, &str);
hx509_name_free(&name); hx509_name_free(&name);
printf(" issuer: \"%s\"\n", str); printf(" issuer: \"%s\"\n", str);
free(str); free(str);
ret = hx509_cert_subject(cert, &name); ret = hx509_cert_get_subject(cert, &name);
hx509_name_to_string(name, &str); hx509_name_to_string(name, &str);
hx509_name_free(&name); hx509_name_free(&name);
printf(" subject: \"%s\"\n", str); printf(" subject: \"%s\"\n", str);
@@ -447,12 +451,12 @@ print_f(void *ctx, hx509_cert cert)
if (s->verbose) { if (s->verbose) {
hx509_validate_ctx ctx; hx509_validate_ctx ctx;
hx509_validate_ctx_init(&ctx); hx509_validate_ctx_init(context, &ctx);
hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout); hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE); hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VERBOSE); hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VERBOSE);
hx509_validate_cert(ctx, cert); hx509_validate_cert(context, ctx, cert);
} }
return 0; return 0;
@@ -468,15 +472,15 @@ pcert_print(struct print_options *opt, int argc, char **argv)
s.counter = 0; s.counter = 0;
s.verbose = opt->content_flag; s.verbose = opt->content_flag;
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
while(argc--) { while(argc--) {
int ret; int ret;
ret = hx509_certs_init(argv[0], 0, lock, &certs); ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
if (ret) if (ret)
errx(1, "hx509_certs_init: %d", ret); errx(1, "hx509_certs_init: %d", ret);
hx509_certs_iter(certs, print_f, &s); hx509_certs_iter(context, certs, print_f, &s);
hx509_certs_free(&certs); hx509_certs_free(&certs);
argv++; argv++;
} }
@@ -488,9 +492,9 @@ pcert_print(struct print_options *opt, int argc, char **argv)
static int static int
validate_f(void *ctx, hx509_cert c) validate_f(hx509_context context, void *ctx, hx509_cert c)
{ {
hx509_validate_cert(ctx, c); hx509_validate_cert(context, ctx, c);
return 0; return 0;
} }
@@ -501,19 +505,19 @@ pcert_validate(struct validate_options *opt, int argc, char **argv)
hx509_certs certs; hx509_certs certs;
hx509_lock lock; hx509_lock lock;
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
hx509_validate_ctx_init(&ctx); hx509_validate_ctx_init(context, &ctx);
hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout); hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE); hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
while(argc--) { while(argc--) {
int ret; int ret;
ret = hx509_certs_init(argv[0], 0, lock, &certs); ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
if (ret) if (ret)
errx(1, "hx509_certs_init: %d", ret); errx(1, "hx509_certs_init: %d", ret);
hx509_certs_iter(certs, validate_f, ctx); hx509_certs_iter(context, certs, validate_f, ctx);
hx509_certs_free(&certs); hx509_certs_free(&certs);
argv++; argv++;
} }
@@ -530,12 +534,12 @@ struct verify {
}; };
static int static int
verify_f(void *ctx, hx509_cert c) verify_f(hx509_context context, void *ctx, hx509_cert c)
{ {
struct verify *v = ctx; struct verify *v = ctx;
int ret; int ret;
ret = hx509_verify_path(v->ctx, c, v->chain); ret = hx509_verify_path(context, v->ctx, c, v->chain);
if (ret) if (ret)
printf("verify_path returned %d\n", ret); printf("verify_path returned %d\n", ret);
else else
@@ -552,10 +556,10 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
struct verify v; struct verify v;
int ret; int ret;
ret = hx509_verify_init_ctx(&ctx); ret = hx509_verify_init_ctx(context, &ctx);
ret = hx509_certs_init("MEMORY:anchors", 0, NULL, &anchors); ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors);
ret = hx509_certs_init("MEMORY:chain", 0, NULL, &chain); ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain);
ret = hx509_certs_init("MEMORY:certs", 0, NULL, &certs); ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
while(argc--) { while(argc--) {
char *s = *argv++; char *s = *argv++;
@@ -563,21 +567,21 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
if (strncmp(s, "chain:", 6) == 0) { if (strncmp(s, "chain:", 6) == 0) {
s += 6; s += 6;
ret = hx509_certs_append(chain, NULL, s); ret = hx509_certs_append(context, chain, NULL, s);
if (ret) if (ret)
errx(1, "hx509_certs_append: chain: %s: %d", s, ret); errx(1, "hx509_certs_append: chain: %s: %d", s, ret);
} else if (strncmp(s, "anchor:", 7) == 0) { } else if (strncmp(s, "anchor:", 7) == 0) {
s += 7; s += 7;
ret = hx509_certs_append(anchors, NULL, s); ret = hx509_certs_append(context, anchors, NULL, s);
if (ret) if (ret)
errx(1, "hx509_certs_append: anchor: %s: %d", s, ret); errx(1, "hx509_certs_append: anchor: %s: %d", s, ret);
} else if (strncmp(s, "cert:", 5) == 0) { } else if (strncmp(s, "cert:", 5) == 0) {
s += 5; s += 5;
ret = hx509_certs_append(certs, NULL, s); ret = hx509_certs_append(context, certs, NULL, s);
if (ret) if (ret)
errx(1, "hx509_certs_append: certs: %s: %d", s, ret); errx(1, "hx509_certs_append: certs: %s: %d", s, ret);
@@ -591,7 +595,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv)
v.ctx = ctx; v.ctx = ctx;
v.chain = chain; v.chain = chain;
ret = hx509_certs_iter(certs, verify_f, &v); ret = hx509_certs_iter(context, certs, verify_f, &v);
hx509_verify_destroy_ctx(ctx); hx509_verify_destroy_ctx(ctx);
@@ -614,14 +618,14 @@ query(struct query_options *opt, int argc, char **argv)
_hx509_query_clear(&q); _hx509_query_clear(&q);
hx509_lock_init(&lock); hx509_lock_init(context, &lock);
lock_strings(lock, &opt->pass_strings); lock_strings(lock, &opt->pass_strings);
ret = hx509_certs_init("MEMORY:cert-store", 0, NULL, &certs); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
while (argc > 0) { while (argc > 0) {
ret = hx509_certs_append(certs, lock, argv[0]); ret = hx509_certs_append(context, certs, lock, argv[0]);
if (ret) if (ret)
errx(1, "hx509_certs_append: %s: %d", argv[0], ret); errx(1, "hx509_certs_append: %s: %d", argv[0], ret);
@@ -638,7 +642,7 @@ query(struct query_options *opt, int argc, char **argv)
q.match |= HX509_QUERY_PRIVATE_KEY; q.match |= HX509_QUERY_PRIVATE_KEY;
ret = _hx509_certs_find(certs, &q, &c); ret = _hx509_certs_find(context, certs, &q, &c);
if (ret) if (ret)
warnx("_hx509_certs_find: %d", ret); warnx("_hx509_certs_find: %d", ret);
else else
@@ -704,9 +708,15 @@ main(int argc, char **argv)
if (argc == 0) if (argc == 0)
usage(1); usage(1);
ret = hx509_context_init(&context);
if (ret)
errx(1, "hx509_context_init failed with %d");
ret = sl_command(commands, argc, argv); ret = sl_command(commands, argc, argv);
if(ret == -1) if(ret == -1)
warnx ("unrecognized command: %s", argv[0]); warnx ("unrecognized command: %s", argv[0]);
hx509_context_free(&context);
return ret; return ret;
} }

106
lib/hx509/keyset.c
View File

@@ -34,44 +34,43 @@
#include "hx_locl.h" #include "hx_locl.h"
RCSID("$Id$"); RCSID("$Id$");
static struct hx509_keyset_ops **ks_ops;
static int ks_num_ops;
struct hx509_certs_data { struct hx509_certs_data {
struct hx509_keyset_ops *ops; struct hx509_keyset_ops *ops;
void *ops_data; void *ops_data;
}; };
static struct hx509_keyset_ops * static struct hx509_keyset_ops *
_hx509_ks_type(const char *type) _hx509_ks_type(hx509_context context, const char *type)
{ {
int i; int i;
for (i = 0; i < ks_num_ops; i++) for (i = 0; i < context->ks_num_ops; i++)
if (strcasecmp(type, ks_ops[i]->name) == 0) if (strcasecmp(type, context->ks_ops[i]->name) == 0)
return ks_ops[i]; return context->ks_ops[i];
return NULL; return NULL;
} }
void void
_hx509_ks_register(struct hx509_keyset_ops *ops) _hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
{ {
struct hx509_keyset_ops **val; struct hx509_keyset_ops **val;
if (_hx509_ks_type(ops->name)) if (_hx509_ks_type(context, ops->name))
return; return;
val = realloc(ks_ops, (ks_num_ops + 1) * sizeof(ks_ops[0])); val = realloc(context->ks_ops,
(context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
if (val == NULL) if (val == NULL)
return; return;
val[ks_num_ops] = ops; val[context->ks_num_ops] = ops;
ks_ops = val; context->ks_ops = val;
ks_num_ops++; context->ks_num_ops++;
} }
int int
hx509_certs_init(const char *name, int flags, hx509_certs_init(hx509_context context,
const char *name, int flags,
hx509_lock lock, hx509_certs *certs) hx509_lock lock, hx509_certs *certs)
{ {
struct hx509_keyset_ops *ops; struct hx509_keyset_ops *ops;
@@ -82,14 +81,6 @@ hx509_certs_init(const char *name, int flags,
*certs = NULL; *certs = NULL;
if (ks_ops == NULL) {
_hx509_ks_mem_register();
_hx509_ks_file_register();
_hx509_ks_pkcs12_register();
_hx509_ks_pkcs11_register();
_hx509_ks_dir_register();
}
residue = strchr(name, ':'); residue = strchr(name, ':');
if (residue) { if (residue) {
type = strndup(name, residue - name); type = strndup(name, residue - name);
@@ -103,7 +94,7 @@ hx509_certs_init(const char *name, int flags,
if (type == NULL) if (type == NULL)
return ENOMEM; return ENOMEM;
ops = _hx509_ks_type(type); ops = _hx509_ks_type(context, type);
free(type); free(type);
if (ops == NULL) if (ops == NULL)
return ENOENT; return ENOENT;
@@ -114,7 +105,7 @@ hx509_certs_init(const char *name, int flags,
c->ops = ops; c->ops = ops;
ret = (*ops->init)(c, &c->ops_data, flags, residue, lock); ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock);
if (ret) { if (ret) {
free(c); free(c);
return ENOMEM; return ENOMEM;
@@ -134,14 +125,16 @@ hx509_certs_free(hx509_certs *certs)
} }
int int
hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor) hx509_certs_start_seq(hx509_context context,
hx509_certs certs,
hx509_cursor cursor)
{ {
int ret; int ret;
if (certs->ops->iter_start == NULL) if (certs->ops->iter_start == NULL)
return ENOENT; return ENOENT;
ret = (*certs->ops->iter_start)(certs, certs->ops_data, cursor); ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor);
if (ret) if (ret)
return ret; return ret;
@@ -149,53 +142,60 @@ hx509_certs_start_seq(hx509_certs certs, hx509_cursor cursor)
} }
int int
hx509_certs_next_cert(hx509_certs certs, hx509_cursor cursor, hx509_certs_next_cert(hx509_context context,
hx509_certs certs,
hx509_cursor cursor,
hx509_cert *cert) hx509_cert *cert)
{ {
*cert = NULL; *cert = NULL;
return (*certs->ops->iter)(certs, certs->ops_data, cursor, cert); return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert);
} }
int int
hx509_certs_end_seq(hx509_certs certs, hx509_cursor cursor) hx509_certs_end_seq(hx509_context context,
hx509_certs certs,
hx509_cursor cursor)
{ {
(*certs->ops->iter_end)(certs, certs->ops_data, cursor); (*certs->ops->iter_end)(context, certs, certs->ops_data, cursor);
return 0; return 0;
} }
int int
hx509_certs_iter(hx509_certs certs, int (*fn)(void *, hx509_cert), void *ctx) hx509_certs_iter(hx509_context context,
hx509_certs certs,
int (*fn)(hx509_context, void *, hx509_cert),
void *ctx)
{ {
hx509_cursor cursor; hx509_cursor cursor;
hx509_cert c; hx509_cert c;
int ret; int ret;
ret = hx509_certs_start_seq(certs, &cursor); ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret) if (ret)
return ret; return ret;
while (1) { while (1) {
ret = hx509_certs_next_cert(certs, cursor, &c); ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret) if (ret)
break; break;
if (c == NULL) { if (c == NULL) {
ret = 0; ret = 0;
break; break;
} }
ret = (*fn)(ctx, c); ret = (*fn)(context, ctx, c);
hx509_cert_free(c); hx509_cert_free(c);
if (ret) if (ret)
break; break;
} }
hx509_certs_end_seq(certs, cursor); hx509_certs_end_seq(context, certs, cursor);
return ret; return ret;
} }
int int
hx509_ci_print_names(void *ctx, hx509_cert c) hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
{ {
Certificate *cert; Certificate *cert;
hx509_name n; hx509_name n;
@@ -212,16 +212,19 @@ hx509_ci_print_names(void *ctx, hx509_cert c)
} }
int int
hx509_certs_add(hx509_certs certs, hx509_cert cert) hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
{ {
if (certs->ops->add == NULL) if (certs->ops->add == NULL)
return ENOENT; return ENOENT;
return (*certs->ops->add)(certs, certs->ops_data, cert); return (*certs->ops->add)(context, certs, certs->ops_data, cert);
} }
int int
_hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r) _hx509_certs_find(hx509_context context,
hx509_certs certs,
const hx509_query *q,
hx509_cert *r)
{ {
hx509_cursor cursor; hx509_cursor cursor;
hx509_cert c; hx509_cert c;
@@ -230,15 +233,15 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
*r = NULL; *r = NULL;
if (certs->ops->query) if (certs->ops->query)
return (*certs->ops->query)(certs, certs->ops_data, q, r); return (*certs->ops->query)(context, certs, certs->ops_data, q, r);
ret = hx509_certs_start_seq(certs, &cursor); ret = hx509_certs_start_seq(context, certs, &cursor);
if (ret) if (ret)
return ret; return ret;
c = NULL; c = NULL;
while (1) { while (1) {
ret = hx509_certs_next_cert(certs, cursor, &c); ret = hx509_certs_next_cert(context, certs, cursor, &c);
if (ret) if (ret)
break; break;
if (c == NULL) if (c == NULL)
@@ -250,7 +253,7 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
hx509_cert_free(c); hx509_cert_free(c);
} }
hx509_certs_end_seq(certs, cursor); hx509_certs_end_seq(context, certs, cursor);
if (ret) if (ret)
return ret; return ret;
if (c == NULL) if (c == NULL)
@@ -260,27 +263,30 @@ _hx509_certs_find(hx509_certs certs, const hx509_query *q, hx509_cert *r)
} }
static int static int
certs_merge_func(void *ctx, hx509_cert c) certs_merge_func(hx509_context context, void *ctx, hx509_cert c)
{ {
return hx509_certs_add((hx509_certs)ctx, c); return hx509_certs_add(context, (hx509_certs)ctx, c);
} }
int int
hx509_certs_merge(hx509_certs to, hx509_certs from) hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
{ {
return hx509_certs_iter(from, certs_merge_func, to); return hx509_certs_iter(context, from, certs_merge_func, to);
} }
int int
hx509_certs_append(hx509_certs to, hx509_lock lock, const char *name) hx509_certs_append(hx509_context context,
hx509_certs to,
hx509_lock lock,
const char *name)
{ {
hx509_certs s; hx509_certs s;
int ret; int ret;
ret = hx509_certs_init(name, 0, lock, &s); ret = hx509_certs_init(context, name, 0, lock, &s);
if (ret) if (ret)
return ret; return ret;
ret = hx509_certs_merge(to, s); ret = hx509_certs_merge(context, to, s);
hx509_certs_free(&s); hx509_certs_free(&s);
return ret; return ret;
} }

24
lib/hx509/ks_dir.c
View File

@@ -36,8 +36,9 @@ RCSID("$Id$");
#include <dirent.h> #include <dirent.h>
static int static int
dir_init(hx509_certs certs, void **data, int flags, dir_init(hx509_context context,
const char *residue, hx509_lock lock) hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock)
{ {
*data = NULL; *data = NULL;
@@ -70,7 +71,8 @@ dir_free(hx509_certs certs, void *data)
static int static int
dir_iter_start(hx509_certs certs, void *data, void **cursor) dir_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{ {
DIR *d; DIR *d;
@@ -85,7 +87,8 @@ dir_iter_start(hx509_certs certs, void *data, void **cursor)
} }
static int static int
dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) dir_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{ {
DIR *d = iter; DIR *d = iter;
int ret; int ret;
@@ -103,7 +106,7 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
if (asprintf(&fn, "%s/%s", (char *)data, dir->d_name) == -1) if (asprintf(&fn, "%s/%s", (char *)data, dir->d_name) == -1)
return ENOMEM; return ENOMEM;
ret = _hx509_file_to_cert(fn, cert); ret = _hx509_file_to_cert(context, fn, cert);
free(fn); free(fn);
} while(ret != 0); } while(ret != 0);
@@ -112,9 +115,10 @@ dir_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert)
static int static int
dir_iter_end(hx509_certs certs, dir_iter_end(hx509_context context,
void *data, hx509_certs certs,
void *cursor) void *data,
void *cursor)
{ {
DIR *d = cursor; DIR *d = cursor;
closedir(d); closedir(d);
@@ -135,7 +139,7 @@ static struct hx509_keyset_ops keyset_dir = {
}; };
void void
_hx509_ks_dir_register(void) _hx509_ks_dir_register(hx509_context context)
{ {
_hx509_ks_register(&keyset_dir); _hx509_ks_register(context, &keyset_dir);
} }

34
lib/hx509/ks_file.c
View File

@@ -123,7 +123,7 @@ parse_file_der(const char *fn, Certificate *t)
} }
int int
_hx509_file_to_cert(const char *certfn, hx509_cert *cert) _hx509_file_to_cert(hx509_context context, const char *certfn, hx509_cert *cert)
{ {
Certificate t; Certificate t;
int ret; int ret;
@@ -134,7 +134,7 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert)
if (ret) if (ret)
return ret; return ret;
ret = hx509_cert_init(&t, cert); ret = hx509_cert_init(context, &t, cert);
free_Certificate(&t); free_Certificate(&t);
return ret; return ret;
@@ -142,7 +142,8 @@ _hx509_file_to_cert(const char *certfn, hx509_cert *cert)
static int static int
file_init(hx509_certs certs, void **data, int flags, file_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock) const char *residue, hx509_lock lock)
{ {
char *certfn = NULL, *keyfn, *friendlyname = NULL; char *certfn = NULL, *keyfn, *friendlyname = NULL;
@@ -156,7 +157,7 @@ file_init(hx509_certs certs, void **data, int flags,
if (lock == NULL) if (lock == NULL)
lock = _hx509_empty_lock; lock = _hx509_empty_lock;
c = _hx509_collector_alloc(lock); c = _hx509_collector_alloc(context, lock);
if (c == NULL) if (c == NULL)
return ENOMEM; return ENOMEM;
@@ -177,11 +178,11 @@ file_init(hx509_certs certs, void **data, int flags,
*friendlyname++ = '\0'; *friendlyname++ = '\0';
} }
ret = _hx509_file_to_cert(certfn, &cert); ret = _hx509_file_to_cert(context, certfn, &cert);
if (ret) if (ret)
goto out; goto out;
_hx509_collector_certs_add(c, cert); _hx509_collector_certs_add(context, c, cert);
if (keyfn) { if (keyfn) {
ret = _hx509_cert_assign_private_key_file(cert, lock, keyfn); ret = _hx509_cert_assign_private_key_file(cert, lock, keyfn);
@@ -194,7 +195,7 @@ file_init(hx509_certs certs, void **data, int flags,
goto out; goto out;
} }
ret = _hx509_collector_collect(c, &f->certs); ret = _hx509_collector_collect(context, c, &f->certs);
if (ret == 0) if (ret == 0)
*data = f; *data = f;
out: out:
@@ -223,26 +224,29 @@ file_free(hx509_certs certs, void *data)
static int static int
file_iter_start(hx509_certs certs, void *data, void **cursor) file_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{ {
struct ks_file *f = data; struct ks_file *f = data;
return hx509_certs_start_seq(f->certs, cursor); return hx509_certs_start_seq(context, f->certs, cursor);
} }
static int static int
file_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) file_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{ {
struct ks_file *f = data; struct ks_file *f = data;
return hx509_certs_next_cert(f->certs, iter, cert); return hx509_certs_next_cert(context, f->certs, iter, cert);
} }
static int static int
file_iter_end(hx509_certs certs, file_iter_end(hx509_context context,
hx509_certs certs,
void *data, void *data,
void *cursor) void *cursor)
{ {
struct ks_file *f = data; struct ks_file *f = data;
return hx509_certs_end_seq(f->certs, cursor); return hx509_certs_end_seq(context, f->certs, cursor);
} }
@@ -259,7 +263,7 @@ static struct hx509_keyset_ops keyset_file = {
}; };
void void
_hx509_ks_file_register(void) _hx509_ks_file_register(hx509_context context)
{ {
_hx509_ks_register(&keyset_file); _hx509_ks_register(context, &keyset_file);
} }

20
lib/hx509/ks_mem.c
View File

@@ -41,7 +41,8 @@ struct mem_data {
}; };
static int static int
mem_init(hx509_certs certs, void **data, int flags, mem_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock) const char *residue, hx509_lock lock)
{ {
struct mem_data *mem; struct mem_data *mem;
@@ -75,7 +76,7 @@ mem_free(hx509_certs certs, void *data)
} }
static int static int
mem_add(hx509_certs certs, void *data, hx509_cert c) mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
{ {
struct mem_data *mem = data; struct mem_data *mem = data;
hx509_cert *val; hx509_cert *val;
@@ -92,7 +93,10 @@ mem_add(hx509_certs certs, void *data, hx509_cert c)
} }
static int static int
mem_iter_start(hx509_certs certs, void *data, void **cursor) mem_iter_start(hx509_context context,
hx509_certs certs,
void *data,
void **cursor)
{ {
unsigned long *iter = malloc(sizeof(*iter)); unsigned long *iter = malloc(sizeof(*iter));
@@ -106,7 +110,8 @@ mem_iter_start(hx509_certs certs, void *data, void **cursor)
} }
static int static int
mem_iter(hx509_certs certs, mem_iter(hx509_context contexst,
hx509_certs certs,
void *data, void *data,
void *cursor, void *cursor,
hx509_cert *cert) hx509_cert *cert)
@@ -125,7 +130,8 @@ mem_iter(hx509_certs certs,
} }
static int static int
mem_iter_end(hx509_certs certs, mem_iter_end(hx509_context context,
hx509_certs certs,
void *data, void *data,
void *cursor) void *cursor)
{ {
@@ -146,7 +152,7 @@ static struct hx509_keyset_ops keyset_mem = {
}; };
void void
_hx509_ks_mem_register(void) _hx509_ks_mem_register(hx509_context context)
{ {
_hx509_ks_register(&keyset_mem); _hx509_ks_register(context, &keyset_mem);
} }

14
lib/hx509/ks_null.c
View File

@@ -36,7 +36,8 @@ RCSID("$Id$");
static int static int
null_init(hx509_certs certs, void **data, int flags, null_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock) const char *residue, hx509_lock lock)
{ {
*data = NULL; *data = NULL;
@@ -51,21 +52,24 @@ null_free(hx509_certs certs, void *data)
} }
static int static int
null_iter_start(hx509_certs certs, void *data, void **cursor) null_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{ {
*cursor = NULL; *cursor = NULL;
return 0; return 0;
} }
static int static int
null_iter(hx509_certs certs, void *data, void *iter, hx509_cert *cert) null_iter(hx509_context context,
hx509_certs certs, void *data, void *iter, hx509_cert *cert)
{ {
*cert = NULL; *cert = NULL;
return ENOENT; return ENOENT;
} }
static int static int
null_iter_end(hx509_certs certs, null_iter_end(hx509_context context,
hx509_certs certs,
void *data, void *data,
void *cursor) void *cursor)
{ {
@@ -74,8 +78,6 @@ null_iter_end(hx509_certs certs,
} }
struct hx509_keyset_ops keyset_null = { struct hx509_keyset_ops keyset_null = {
"NULL", "NULL",
0, 0,

58
lib/hx509/ks_p11.c
View File

@@ -415,12 +415,17 @@ getattr_bn(struct p11_module *p, struct p11_slot *slot,
return bn; return bn;
} }
struct p11_collector {
hx509_context context;
struct hx509_collector *c;
};
static int static int
collect_private_key(struct p11_module *p, struct p11_slot *slot, collect_private_key(struct p11_module *p, struct p11_slot *slot,
CK_OBJECT_HANDLE object, CK_OBJECT_HANDLE object,
void *ptr, CK_ATTRIBUTE *query, int num_query) void *ptr, CK_ATTRIBUTE *query, int num_query)
{ {
struct hx509_collector *c = ptr; struct p11_collector *ctx = ptr;
AlgorithmIdentifier alg; AlgorithmIdentifier alg;
hx509_private_key key; hx509_private_key key;
heim_octet_string localKeyId; heim_octet_string localKeyId;
@@ -467,7 +472,7 @@ collect_private_key(struct p11_module *p, struct p11_slot *slot,
_hx509_private_key_assign_rsa(key, rsa); _hx509_private_key_assign_rsa(key, rsa);
ret = _hx509_collector_private_key_add(c, ret = _hx509_collector_private_key_add(ctx->c,
&alg, &alg,
key, key,
NULL, NULL,
@@ -486,7 +491,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
void *ptr, CK_ATTRIBUTE *query, int num_query) void *ptr, CK_ATTRIBUTE *query, int num_query)
{ {
heim_octet_string localKeyId; heim_octet_string localKeyId;
struct hx509_collector *c = ptr; struct p11_collector *ctx = ptr;
hx509_cert cert; hx509_cert cert;
Certificate t; Certificate t;
int ret; int ret;
@@ -499,7 +504,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
if (ret) if (ret)
return 0; return 0;
ret = hx509_cert_init(&t, &cert); ret = hx509_cert_init(ctx->context, &t, &cert);
free_Certificate(&t); free_Certificate(&t);
if (ret) if (ret)
return ret; return ret;
@@ -508,7 +513,7 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
oid_id_pkcs_9_at_localKeyId(), oid_id_pkcs_9_at_localKeyId(),
&localKeyId); &localKeyId);
ret = _hx509_collector_certs_add(c, cert); ret = _hx509_collector_certs_add(ctx->context, ctx->c, cert);
if (ret) { if (ret) {
hx509_cert_free(cert); hx509_cert_free(cert);
return ret; return ret;
@@ -519,11 +524,13 @@ collect_cert(struct p11_module *p, struct p11_slot *slot,
static int static int
p11_list_keys(struct p11_module *p, p11_list_keys(hx509_context context,
struct p11_module *p,
struct p11_slot *slot, struct p11_slot *slot,
hx509_lock lock, hx509_lock lock,
hx509_certs *certs) hx509_certs *certs)
{ {
struct p11_collector ctx;
CK_OBJECT_CLASS key_class; CK_OBJECT_CLASS key_class;
CK_ATTRIBUTE search_data[] = { CK_ATTRIBUTE search_data[] = {
{CKA_CLASS, &key_class, sizeof(key_class)}, {CKA_CLASS, &key_class, sizeof(key_class)},
@@ -533,20 +540,21 @@ p11_list_keys(struct p11_module *p,
{CKA_VALUE, NULL, 0} {CKA_VALUE, NULL, 0}
}; };
int ret; int ret;
struct hx509_collector *c;
if (lock == NULL) if (lock == NULL)
lock = _hx509_empty_lock; lock = _hx509_empty_lock;
c = _hx509_collector_alloc(lock); ctx.context = context;
if (c == NULL)
ctx.c = _hx509_collector_alloc(context, lock);
if (ctx.c == NULL)
return ENOMEM; return ENOMEM;
key_class = CKO_PRIVATE_KEY; key_class = CKO_PRIVATE_KEY;
ret = iterate_entries(p, slot, ret = iterate_entries(p, slot,
search_data, 1, search_data, 1,
query_data, 1, query_data, 1,
collect_private_key, c); collect_private_key, &ctx);
if (ret) if (ret)
goto out; goto out;
@@ -554,21 +562,22 @@ p11_list_keys(struct p11_module *p,
ret = iterate_entries(p, slot, ret = iterate_entries(p, slot,
search_data, 1, search_data, 1,
query_data, 2, query_data, 2,
collect_cert, c); collect_cert, &ctx);
if (ret) if (ret)
goto out; goto out;
ret = _hx509_collector_collect(c, &slot->certs); ret = _hx509_collector_collect(context, ctx.c, &slot->certs);
out: out:
_hx509_collector_free(c); _hx509_collector_free(ctx.c);
return ret; return ret;
} }
static int static int
p11_init(hx509_certs certs, void **data, int flags, p11_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock) const char *residue, hx509_lock lock)
{ {
CK_C_GetFunctionList getFuncs; CK_C_GetFunctionList getFuncs;
@@ -640,7 +649,7 @@ p11_init(hx509_certs certs, void **data, int flags,
free(slot_ids); free(slot_ids);
p11_get_session(p, &p->slot); p11_get_session(p, &p->slot);
p11_list_keys(p, &p->slot, NULL, &p->slot.certs); p11_list_keys(context, p, &p->slot, NULL, &p->slot.certs);
p11_put_session(p, &p->slot); p11_put_session(p, &p->slot);
} }
@@ -676,24 +685,27 @@ p11_free(hx509_certs certs, void *data)
} }
static int static int
p11_iter_start(hx509_certs certs, void *data, void **cursor) p11_iter_start(hx509_context context,
hx509_certs certs, void *data, void **cursor)
{ {
struct p11_module *p = data; struct p11_module *p = data;
return hx509_certs_start_seq(p->slot.certs, cursor); return hx509_certs_start_seq(context, p->slot.certs, cursor);
} }
static int static int
p11_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert) p11_iter(hx509_context context,
hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
{ {
struct p11_module *p = data; struct p11_module *p = data;
return hx509_certs_next_cert(p->slot.certs, cursor, cert); return hx509_certs_next_cert(context, p->slot.certs, cursor, cert);
} }
static int static int
p11_iter_end(hx509_certs certs, void *data, void *cursor) p11_iter_end(hx509_context context,
hx509_certs certs, void *data, void *cursor)
{ {
struct p11_module *p = data; struct p11_module *p = data;
return hx509_certs_end_seq(p->slot.certs, cursor); return hx509_certs_end_seq(context, p->slot.certs, cursor);
} }
static struct hx509_keyset_ops keyset_pkcs11 = { static struct hx509_keyset_ops keyset_pkcs11 = {
@@ -709,7 +721,7 @@ static struct hx509_keyset_ops keyset_pkcs11 = {
}; };
void void
_hx509_ks_pkcs11_register(void) _hx509_ks_pkcs11_register(hx509_context context)
{ {
_hx509_ks_register(&keyset_pkcs11); _hx509_ks_register(context, &keyset_pkcs11);
} }

90
lib/hx509/ks_p12.c
View File

@@ -38,7 +38,9 @@ struct ks_pkcs12 {
hx509_certs certs; hx509_certs certs;
}; };
typedef int (*collector_func)(struct hx509_collector *, const void *, size_t, typedef int (*collector_func)(hx509_context,
struct hx509_collector *,
const void *, size_t,
const PKCS12_Attributes *); const PKCS12_Attributes *);
struct type { struct type {
@@ -47,7 +49,7 @@ struct type {
}; };
static void static void
parse_pkcs12_type(struct hx509_collector *, const heim_oid *, parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
const void *, size_t, const PKCS12_Attributes *); const void *, size_t, const PKCS12_Attributes *);
@@ -64,7 +66,8 @@ find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
} }
static int static int
ShroudedKeyBag_parser(struct hx509_collector *c, ShroudedKeyBag_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
@@ -84,7 +87,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c,
if (ret) if (ret)
return ret; return ret;
ret = _hx509_pbe_decrypt(_hx509_collector_get_lock(c), ret = _hx509_pbe_decrypt(context,
_hx509_collector_get_lock(c),
&pk.encryptionAlgorithm, &pk.encryptionAlgorithm,
&pk.encryptedData, &pk.encryptedData,
&content); &content);
@@ -110,7 +114,8 @@ ShroudedKeyBag_parser(struct hx509_collector *c,
} }
static int static int
certBag_parser(struct hx509_collector *c, certBag_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
@@ -137,12 +142,12 @@ certBag_parser(struct hx509_collector *c,
if (ret) if (ret)
return ret; return ret;
ret = hx509_cert_init(&t, &cert); ret = hx509_cert_init(context, &t, &cert);
free_Certificate(&t); free_Certificate(&t);
if (ret) if (ret)
return ret; return ret;
ret = _hx509_collector_certs_add(c, cert); ret = _hx509_collector_certs_add(context, c, cert);
if (ret) { if (ret) {
hx509_cert_free(cert); hx509_cert_free(cert);
return ret; return ret;
@@ -166,7 +171,8 @@ certBag_parser(struct hx509_collector *c,
} }
static int static int
parse_safe_content(struct hx509_collector *c, parse_safe_content(hx509_context context,
struct hx509_collector *c,
const unsigned char *p, size_t len) const unsigned char *p, size_t len)
{ {
PKCS12_SafeContents sc; PKCS12_SafeContents sc;
@@ -179,7 +185,8 @@ parse_safe_content(struct hx509_collector *c,
return ret; return ret;
for (i = 0; i < sc.len ; i++) for (i = 0; i < sc.len ; i++)
parse_pkcs12_type(c, parse_pkcs12_type(context,
c,
&sc.val[i].bagId, &sc.val[i].bagId,
sc.val[i].bagValue.data, sc.val[i].bagValue.data,
sc.val[i].bagValue.length, sc.val[i].bagValue.length,
@@ -190,7 +197,8 @@ parse_safe_content(struct hx509_collector *c,
} }
static int static int
safeContent_parser(struct hx509_collector *c, safeContent_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
@@ -200,13 +208,14 @@ safeContent_parser(struct hx509_collector *c,
ret = decode_PKCS12_OctetString(data, length, &os, NULL); ret = decode_PKCS12_OctetString(data, length, &os, NULL);
if (ret) if (ret)
return ret; return ret;
ret = parse_safe_content(c, os.data, os.length); ret = parse_safe_content(context, c, os.data, os.length);
free_octet_string(&os); free_octet_string(&os);
return ret; return ret;
}; };
static int static int
encryptedData_parser(struct hx509_collector *c, encryptedData_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
@@ -216,7 +225,8 @@ encryptedData_parser(struct hx509_collector *c,
memset(&contentType, 0, sizeof(contentType)); memset(&contentType, 0, sizeof(contentType));
ret = hx509_cms_decrypt_encrypted(_hx509_collector_get_lock(c), ret = hx509_cms_decrypt_encrypted(context,
_hx509_collector_get_lock(c),
data, length, data, length,
&contentType, &contentType,
&content); &content);
@@ -224,7 +234,7 @@ encryptedData_parser(struct hx509_collector *c,
return ret; return ret;
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
ret = parse_safe_content(c, content.data, content.length); ret = parse_safe_content(context, c, content.data, content.length);
free_octet_string(&content); free_octet_string(&content);
free_oid(&contentType); free_oid(&contentType);
@@ -232,7 +242,8 @@ encryptedData_parser(struct hx509_collector *c,
} }
static int static int
envelopedData_parser(struct hx509_collector *c, envelopedData_parser(hx509_context context,
struct hx509_collector *c,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
@@ -245,7 +256,8 @@ envelopedData_parser(struct hx509_collector *c,
lock = _hx509_collector_get_lock(c); lock = _hx509_collector_get_lock(c);
ret = hx509_cms_unenvelope(_hx509_lock_unlock_certs(lock), ret = hx509_cms_unenvelope(context,
_hx509_lock_unlock_certs(lock),
data, length, data, length,
&contentType, &contentType,
&content); &content);
@@ -253,7 +265,7 @@ envelopedData_parser(struct hx509_collector *c,
return ret; return ret;
if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
ret = parse_safe_content(c, content.data, content.length); ret = parse_safe_content(context, c, content.data, content.length);
free_octet_string(&content); free_octet_string(&content);
free_oid(&contentType); free_oid(&contentType);
@@ -271,7 +283,9 @@ struct type bagtypes[] = {
}; };
static void static void
parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid, parse_pkcs12_type(hx509_context context,
struct hx509_collector *c,
const heim_oid *oid,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
@@ -279,11 +293,12 @@ parse_pkcs12_type(struct hx509_collector *c, const heim_oid *oid,
for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
if (heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0) if (heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0)
(*bagtypes[i].func)(c, data, length, attrs); (*bagtypes[i].func)(context, c, data, length, attrs);
} }
static int static int
p12_init(hx509_certs certs, void **data, int flags, p12_init(hx509_context context,
hx509_certs certs, void **data, int flags,
const char *residue, hx509_lock lock) const char *residue, hx509_lock lock)
{ {
struct ks_pkcs12 *p12; struct ks_pkcs12 *p12;
@@ -299,7 +314,7 @@ p12_init(hx509_certs certs, void **data, int flags,
if (lock == NULL) if (lock == NULL)
lock = _hx509_empty_lock; lock = _hx509_empty_lock;
c = _hx509_collector_alloc(lock); c = _hx509_collector_alloc(context, lock);
if (c == NULL) if (c == NULL)
return ENOMEM; return ENOMEM;
@@ -350,7 +365,8 @@ p12_init(hx509_certs certs, void **data, int flags,
} }
for (i = 0; i < as.len; i++) for (i = 0; i < as.len; i++)
parse_pkcs12_type(c, parse_pkcs12_type(context,
c,
&as.val[i].contentType, &as.val[i].contentType,
as.val[i].content->data, as.val[i].content->data,
as.val[i].content->length, as.val[i].content->length,
@@ -358,7 +374,7 @@ p12_init(hx509_certs certs, void **data, int flags,
free_PKCS12_AuthenticatedSafe(&as); free_PKCS12_AuthenticatedSafe(&as);
ret = _hx509_collector_collect(c, &p12->certs); ret = _hx509_collector_collect(context, c, &p12->certs);
if (ret == 0) if (ret == 0)
*data = p12; *data = p12;
@@ -384,26 +400,34 @@ p12_free(hx509_certs certs, void *data)
} }
static int static int
p12_iter_start(hx509_certs certs, void *data, void **cursor) p12_iter_start(hx509_context context,
hx509_certs certs,
void *data,
void **cursor)
{ {
struct ks_pkcs12 *p12 = data; struct ks_pkcs12 *p12 = data;
return hx509_certs_start_seq(p12->certs, cursor); return hx509_certs_start_seq(context, p12->certs, cursor);
} }
static int static int
p12_iter(hx509_certs certs, void *data, void *cursor, hx509_cert *cert) p12_iter(hx509_context context,
hx509_certs certs,
void *data,
void *cursor,
hx509_cert *cert)
{ {
struct ks_pkcs12 *p12 = data; struct ks_pkcs12 *p12 = data;
return hx509_certs_next_cert(p12->certs, cursor, cert); return hx509_certs_next_cert(context, p12->certs, cursor, cert);
} }
static int static int
p12_iter_end(hx509_certs certs, p12_iter_end(hx509_context context,
void *data, hx509_certs certs,
void *cursor) void *data,
void *cursor)
{ {
struct ks_pkcs12 *p12 = data; struct ks_pkcs12 *p12 = data;
return hx509_certs_end_seq(p12->certs, cursor); return hx509_certs_end_seq(context, p12->certs, cursor);
} }
static struct hx509_keyset_ops keyset_pkcs12 = { static struct hx509_keyset_ops keyset_pkcs12 = {
@@ -419,7 +443,7 @@ static struct hx509_keyset_ops keyset_pkcs12 = {
}; };
void void
_hx509_ks_pkcs12_register(void) _hx509_ks_pkcs12_register(hx509_context context)
{ {
_hx509_ks_register(&keyset_pkcs12); _hx509_ks_register(context, &keyset_pkcs12);
} }

24
lib/hx509/lock.c
View File

@@ -53,7 +53,7 @@ hx509_lock _hx509_empty_lock = &empty_lock_data;
*/ */
int int
hx509_lock_init(hx509_lock *lock) hx509_lock_init(hx509_context context, hx509_lock *lock)
{ {
hx509_lock l; hx509_lock l;
int ret; int ret;
@@ -64,7 +64,11 @@ hx509_lock_init(hx509_lock *lock)
if (l == NULL) if (l == NULL)
return ENOMEM; return ENOMEM;
ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &l->certs); ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&l->certs);
if (ret) { if (ret) {
free(l); free(l);
return ret; return ret;
@@ -122,24 +126,28 @@ hx509_lock_reset_passwords(hx509_lock lock)
} }
int int
hx509_lock_add_cert(hx509_lock lock, hx509_cert cert) hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
{ {
return hx509_certs_add(lock->certs, cert); return hx509_certs_add(context, lock->certs, cert);
} }
int int
hx509_lock_add_certs(hx509_lock lock, hx509_certs certs) hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
{ {
return hx509_certs_merge(lock->certs, certs); return hx509_certs_merge(context, lock->certs, certs);
} }
void void
hx509_lock_reset_certs(hx509_lock lock) hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
{ {
hx509_certs certs = lock->certs; hx509_certs certs = lock->certs;
int ret; int ret;
ret = hx509_certs_init("MEMORY:locks-internal", 0, NULL, &lock->certs); ret = hx509_certs_init(context,
"MEMORY:locks-internal",
0,
NULL,
&lock->certs);
if (ret == 0) if (ret == 0)
hx509_certs_free(&certs); hx509_certs_free(&certs);
else else

6
lib/hx509/print.c
View File

@@ -299,7 +299,7 @@ struct {
}; };
int int
hx509_validate_ctx_init(hx509_validate_ctx *ctx) hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
{ {
*ctx = malloc(sizeof(**ctx)); *ctx = malloc(sizeof(**ctx));
if (*ctx == NULL) if (*ctx == NULL)
@@ -330,7 +330,9 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx)
} }
int int
hx509_validate_cert(hx509_validate_ctx ctx, hx509_cert cert) hx509_validate_cert(hx509_context context,
hx509_validate_ctx ctx,
hx509_cert cert)
{ {
Certificate *c = _hx509_get_cert(cert); Certificate *c = _hx509_get_cert(cert);
TBSCertificate *t = &c->tbsCertificate; TBSCertificate *t = &c->tbsCertificate;