[pkg-opensc-commit] [pkcs11-helper] 116/253: crypto cleanup
Eric Dorland
eric at moszumanska.debian.org
Fri Jan 6 23:39:10 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pkcs11-helper.
commit 9641b6b0638191aeb25eb1efcf54d8969b5d949a
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date: Fri Jun 15 18:44:45 2007 +0000
crypto cleanup
---
INSTALL | 1 +
configure.ac | 8 +-
lib/pkcs11h-crypto.c | 711 ++++++++++++++++++++-------------------------------
3 files changed, 289 insertions(+), 431 deletions(-)
diff --git a/INSTALL b/INSTALL
index 593e10d..1966b54 100644
--- a/INSTALL
+++ b/INSTALL
@@ -39,6 +39,7 @@ Cross-MinGW32
With openssl engine:
./configure --prefix=/ --host=mingw32 \
--disable-crypto-engine-gnutls \
+ --disable-crypto-engine-nss \
PKG_CONFIG=true \
OPENSSL_CFLAGS="-I${w32root}/include" \
OPENSSL_LIBS="-L${w32root}/lib -lcrypto"
diff --git a/configure.ac b/configure.ac
index 4a0fe6c..10e846e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -258,7 +258,7 @@ fi
AC_MSG_CHECKING([Win32 crypto engine])
if test "${WIN32}" = "yes" -a "${enable_crypto_engine_win32}" = "yes"; then
AC_MSG_RESULT([yes])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_WIN32], [1], [Use win32 crypto engine])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_WIN32], [1], [Enable win32 crypto engine])
else
AC_MSG_RESULT([no])
fi
@@ -267,7 +267,7 @@ AC_MSG_CHECKING([OpenSSL crypto engine])
if test "${enable_crypto_engine_openssl}" = "yes"; then
if test "${have_openssl}" = "yes"; then
AC_MSG_RESULT([yes])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Use OpenSSL crypto engine])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Enable OpenSSL crypto engine])
# don't add this twice
if test "${enable_openssl}" != "yes"; then
@@ -285,7 +285,7 @@ AC_MSG_CHECKING([GnuTLS crypto engine])
if test "${enable_crypto_engine_gnutls}" = "yes"; then
if test "${have_gnutls}" = "yes"; then
AC_MSG_RESULT([yes])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Use GnuTLS crypto engine])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Enable GnuTLS crypto engine])
CFLAGS="${CFLAGS} ${GNUTLS_CFLAGS}"
LIBS="${LIBS} ${GNUTLS_LIBS}"
else
@@ -299,7 +299,7 @@ AC_MSG_CHECKING([NSS crypto engine])
if test "${enable_crypto_engine_nss}" = "yes"; then
if test "${have_nss}" = "yes"; then
AC_MSG_RESULT([yes])
- AC_DEFINE([ENABLE_PKCS11H_ENGINE_NSS], [1], [Use NSS crypto engine])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_NSS], [1], [Enable NSS crypto engine])
CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
LIBS="${LIBS} ${NSS_LIBS}"
else
diff --git a/lib/pkcs11h-crypto.c b/lib/pkcs11h-crypto.c
index 01ebab8..765b49c 100644
--- a/lib/pkcs11h-crypto.c
+++ b/lib/pkcs11h-crypto.c
@@ -116,141 +116,6 @@ typedef const unsigned char *__pkcs11_openssl_d2i_t;
#endif
-#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
-
-static
-int
-__pkcs11h_crypto_openssl_initialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_openssl_uninitialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_openssl_certificate_get_expiration (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT time_t * const expiration
-);
-
-static
-int
-__pkcs11h_crypto_openssl_certificate_get_dn (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT char * const dn,
- IN const size_t dn_max
-);
-
-static
-int
-__pkcs11h_crypto_openssl_certificate_is_issuer (
- IN void * const global_data,
- IN const unsigned char * const signer_blob,
- IN const size_t signer_blob_size,
- IN const unsigned char * const cert_blob,
- IN const size_t cert_blob_size
-);
-
-#endif
-
-#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
-
-static
-int
-__pkcs11h_crypto_gnutls_initialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_gnutls_uninitialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_gnutls_certificate_get_expiration (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT time_t * const expiration
-);
-
-static
-int
-__pkcs11h_crypto_gnutls_certificate_get_dn (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT char * const dn,
- IN const size_t dn_max
-);
-
-static
-int
-__pkcs11h_crypto_gnutls_certificate_is_issuer (
- IN void * const global_data,
- IN const unsigned char * const signer_blob,
- IN const size_t signer_blob_size,
- IN const unsigned char * const cert_blob,
- IN const size_t cert_blob_size
-);
-
-#endif
-
-#if defined(ENABLE_PKCS11H_ENGINE_NSS)
-
-static
-int
-__pkcs11h_crypto_nss_initialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_nss_uninitialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_nss_certificate_get_expiration (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT time_t * const expiration
-);
-
-static
-int
-__pkcs11h_crypto_nss_certificate_get_dn (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT char * const dn,
- IN const size_t dn_max
-);
-
-static
-int
-__pkcs11h_crypto_nss_certificate_is_issuer (
- IN void * const global_data,
- IN const unsigned char * const signer_blob,
- IN const size_t signer_blob_size,
- IN const unsigned char * const cert_blob,
- IN const size_t cert_blob_size
-);
-
-#endif
-
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
typedef PCCERT_CONTEXT (WINAPI *__CertCreateCertificateContext_t) (
@@ -285,189 +150,9 @@ typedef struct __crypto_win32_data_s {
__CertFreeCertificateContext_t p_CertFreeCertificateContext;
CertNameToStrW_t p_CertNameToStrW;
__CryptVerifyCertificateSignatureEx_t p_CryptVerifyCertificateSignatureEx;
-} *__crypto_win32_data_t;
-
-static
-int
-__pkcs11h_crypto_win32_initialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_win32_uninitialize (
- IN void * const global_data
-);
-
-static
-int
-__pkcs11h_crypto_win32_certificate_get_expiration (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT time_t * const expiration
-);
-
-static
-int
-__pkcs11h_crypto_win32_certificate_get_dn (
- IN void * const global_data,
- IN const unsigned char * const blob,
- IN const size_t blob_size,
- OUT char * const dn,
- IN const size_t dn_max
-);
-
-static
-int
-__pkcs11h_crypto_win32_certificate_is_issuer (
- IN void * const global_data,
- IN const unsigned char * const signer_blob,
- IN const size_t signer_blob_size,
- IN const unsigned char * const cert_blob,
- IN const size_t cert_blob_size
-);
-
-#endif
-
-#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
-static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_openssl = {
- NULL,
- __pkcs11h_crypto_openssl_initialize,
- __pkcs11h_crypto_openssl_uninitialize,
- __pkcs11h_crypto_openssl_certificate_get_expiration,
- __pkcs11h_crypto_openssl_certificate_get_dn,
- __pkcs11h_crypto_openssl_certificate_is_issuer
-};
-#endif
-#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
-static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_gnutls = {
- NULL,
- __pkcs11h_crypto_gnutls_initialize,
- __pkcs11h_crypto_gnutls_uninitialize,
- __pkcs11h_crypto_gnutls_certificate_get_expiration,
- __pkcs11h_crypto_gnutls_certificate_get_dn,
- __pkcs11h_crypto_gnutls_certificate_is_issuer
-};
-#endif
-#if defined(ENABLE_PKCS11H_ENGINE_NSS)
-static int s_nss_data = 0;
-static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_nss = {
- &s_nss_data,
- __pkcs11h_crypto_nss_initialize,
- __pkcs11h_crypto_nss_uninitialize,
- __pkcs11h_crypto_nss_certificate_get_expiration,
- __pkcs11h_crypto_nss_certificate_get_dn,
- __pkcs11h_crypto_nss_certificate_is_issuer
-};
-#endif
-#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
-static struct __crypto_win32_data_s s_win32_data = { NULL };
-static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_win32 = {
- &s_win32_data,
- __pkcs11h_crypto_win32_initialize,
- __pkcs11h_crypto_win32_uninitialize,
- __pkcs11h_crypto_win32_certificate_get_expiration,
- __pkcs11h_crypto_win32_certificate_get_dn,
- __pkcs11h_crypto_win32_certificate_is_issuer
-};
-#endif
-
-pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
-};
-
-CK_RV
-pkcs11h_engine_setCrypto (
- IN const pkcs11h_engine_crypto_t * const engine
-) {
- const pkcs11h_engine_crypto_t *_engine = NULL;
- CK_RV rv = CKR_FUNCTION_FAILED;
-
- /*_PKCS11H_ASSERT (engine!=NULL); Not required */
-
- if (engine == PKCS11H_ENGINE_CRYPTO_AUTO) {
-#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
- _engine = &_g_pkcs11h_crypto_engine_win32;
-#elif defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
- _engine = &_g_pkcs11h_crypto_engine_openssl;
-#elif defined(ENABLE_PKCS11H_ENGINE_NSS)
- _engine = &_g_pkcs11h_crypto_engine_nss;
-#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
- _engine = &_g_pkcs11h_crypto_engine_gnutls;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
- }
- else if (engine == PKCS11H_ENGINE_CRYPTO_GPL) {
-#if defined(_WIN32)
-#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
- _engine = &_g_pkcs11h_crypto_engine_win32;
-#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
- _engine = &_g_pkcs11h_crypto_engine_gnutls;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
-#else
-#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
- _engine = &_g_pkcs11h_crypto_engine_gnutls;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
-#endif
- }
- else if (engine == PKCS11H_ENGINE_CRYPTO_WIN32) {
-#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
- _engine = &_g_pkcs11h_crypto_engine_win32;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
- }
- else if (engine == PKCS11H_ENGINE_CRYPTO_OPENSSL) {
-#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
- _engine = &_g_pkcs11h_crypto_engine_openssl;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
- }
- else if (engine == PKCS11H_ENGINE_CRYPTO_GNUTLS) {
-#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
- _engine = &_g_pkcs11h_crypto_engine_gnutls;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
- }
- else if (engine == PKCS11H_ENGINE_CRYPTO_NSS) {
-#if defined(ENABLE_PKCS11H_ENGINE_NSS)
- _engine = &_g_pkcs11h_crypto_engine_nss;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
- }
- else {
- _engine = engine;
- }
-
- memmove (&_g_pkcs11h_crypto_engine, _engine, sizeof (pkcs11h_engine_crypto_t));
-
- rv = CKR_OK;
-
-cleanup:
+} *__crypto_win32_data_t;
- return rv;
-}
+#endif
#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
@@ -502,6 +187,9 @@ __pkcs11h_crypto_openssl_certificate_get_expiration (
OUT time_t * const expiration
) {
X509 *x509 = NULL;
+ __pkcs11_openssl_d2i_t d2i;
+ ASN1_TIME *notBefore;
+ ASN1_TIME *notAfter;
(void)global_data;
@@ -511,41 +199,43 @@ __pkcs11h_crypto_openssl_certificate_get_expiration (
*expiration = (time_t)0;
- x509 = X509_new ();
+ if ((x509 = X509_new ()) == NULL) {
+ goto cleanup;
+ }
- if (x509 != NULL) {
- __pkcs11_openssl_d2i_t d2i = (__pkcs11_openssl_d2i_t)blob;
-
- if (
- d2i_X509 (&x509, &d2i, blob_size)
- ) {
- ASN1_TIME *notBefore = X509_get_notBefore (x509);
- ASN1_TIME *notAfter = X509_get_notAfter (x509);
-
- if (
- notBefore != NULL &&
- notAfter != NULL &&
- X509_cmp_current_time (notBefore) <= 0 &&
- X509_cmp_current_time (notAfter) >= 0 &&
- notAfter->length >= 12
- ) {
- struct tm tm1;
- time_t now = time (NULL);
-
- memset (&tm1, 0, sizeof (tm1));
- tm1.tm_year = (notAfter->data[ 0] - '0') * 10 + (notAfter->data[ 1] - '0') + 100;
- tm1.tm_mon = (notAfter->data[ 2] - '0') * 10 + (notAfter->data[ 3] - '0') - 1;
- tm1.tm_mday = (notAfter->data[ 4] - '0') * 10 + (notAfter->data[ 5] - '0');
- tm1.tm_hour = (notAfter->data[ 6] - '0') * 10 + (notAfter->data[ 7] - '0');
- tm1.tm_min = (notAfter->data[ 8] - '0') * 10 + (notAfter->data[ 9] - '0');
- tm1.tm_sec = (notAfter->data[10] - '0') * 10 + (notAfter->data[11] - '0');
-
- tm1.tm_sec += (int)(mktime (localtime (&now)) - mktime (gmtime (&now)));
-
- *expiration = mktime (&tm1);
- }
- }
+ d2i = (__pkcs11_openssl_d2i_t)blob;
+
+ if (!d2i_X509 (&x509, &d2i, blob_size)) {
+ goto cleanup;
+ }
+
+ notBefore = X509_get_notBefore (x509);
+ notAfter = X509_get_notAfter (x509);
+
+ if (
+ notBefore != NULL &&
+ notAfter != NULL &&
+ X509_cmp_current_time (notBefore) <= 0 &&
+ X509_cmp_current_time (notAfter) >= 0 &&
+ notAfter->length >= 12
+ ) {
+ struct tm tm1;
+
+ memset (&tm1, 0, sizeof (tm1));
+ tm1.tm_year = (notAfter->data[ 0] - '0') * 10 + (notAfter->data[ 1] - '0') + 100;
+ tm1.tm_mon = (notAfter->data[ 2] - '0') * 10 + (notAfter->data[ 3] - '0') - 1;
+ tm1.tm_mday = (notAfter->data[ 4] - '0') * 10 + (notAfter->data[ 5] - '0');
+ tm1.tm_hour = (notAfter->data[ 6] - '0') * 10 + (notAfter->data[ 7] - '0');
+ tm1.tm_min = (notAfter->data[ 8] - '0') * 10 + (notAfter->data[ 9] - '0');
+ tm1.tm_sec = (notAfter->data[10] - '0') * 10 + (notAfter->data[11] - '0');
+
+ *expiration = mktime (&tm1);
+ *expiration += (int)(mktime (localtime (expiration)) - mktime (gmtime (expiration)));
+ }
+
+cleanup:
+ if (x509 != NULL) {
X509_free (x509);
x509 = NULL;
}
@@ -563,7 +253,7 @@ __pkcs11h_crypto_openssl_certificate_get_dn (
IN const size_t dn_max
) {
X509 *x509 = NULL;
- __pkcs11_openssl_d2i_t d2i1;
+ __pkcs11_openssl_d2i_t d2i;
(void)global_data;
@@ -574,20 +264,27 @@ __pkcs11h_crypto_openssl_certificate_get_dn (
dn[0] = '\x0';
- if (blob_size > 0) {
- if ((x509 = X509_new ()) != NULL) {
- d2i1 = (__pkcs11_openssl_d2i_t)blob;
- if (d2i_X509 (&x509, &d2i1, blob_size)) {
- X509_NAME_oneline (
- X509_get_subject_name (x509),
- dn,
- dn_max
- );
- }
-
- X509_free (x509);
- x509 = NULL;
- }
+ if ((x509 = X509_new ()) == NULL) {
+ goto cleanup;
+ }
+
+ d2i = (__pkcs11_openssl_d2i_t)blob;
+
+ if (!d2i_X509 (&x509, &d2i, blob_size)) {
+ goto cleanup;
+ }
+
+ X509_NAME_oneline (
+ X509_get_subject_name (x509),
+ dn,
+ dn_max
+ );
+
+cleanup:
+
+ if (x509 != NULL) {
+ X509_free (x509);
+ x509 = NULL;
}
return dn[0] != '\x0';
@@ -677,6 +374,15 @@ cleanup:
return is_issuer;
}
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_openssl = {
+ NULL,
+ __pkcs11h_crypto_openssl_initialize,
+ __pkcs11h_crypto_openssl_uninitialize,
+ __pkcs11h_crypto_openssl_certificate_get_expiration,
+ __pkcs11h_crypto_openssl_certificate_get_dn,
+ __pkcs11h_crypto_openssl_certificate_is_issuer
+};
+
/*======================================================================*
* FIXUPS
*======================================================================*/
@@ -733,6 +439,10 @@ __pkcs11h_crypto_gnutls_certificate_get_expiration (
OUT time_t * const expiration
) {
gnutls_x509_crt_t cert = NULL;
+ gnutls_datum_t datum;
+ time_t now = time (NULL);
+ time_t notBefore;
+ time_t notAfter;
(void)global_data;
@@ -742,23 +452,34 @@ __pkcs11h_crypto_gnutls_certificate_get_expiration (
*expiration = (time_t)0;
- if (gnutls_x509_crt_init (&cert) == GNUTLS_E_SUCCESS) {
- gnutls_datum_t datum = {(unsigned char *)blob, blob_size};
+ if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) {
+ /* gnutls sets output */
+ cert = NULL;
+ goto cleanup;
+ }
+
+ datum.data = (unsigned char *)blob;
+ datum.size = blob_size;
+
+ if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) {
+ goto cleanup;
+ }
+
+ notBefore = gnutls_x509_crt_get_activation_time (cert);
+ notAfter = gnutls_x509_crt_get_expiration_time (cert);
- if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) == GNUTLS_E_SUCCESS) {
+ if (
+ now >= notBefore &&
+ now <= notAfter
+ ) {
+ *expiration = notAfter;
+ }
- time_t activation_time = gnutls_x509_crt_get_activation_time (cert);
- time_t expiration_time = gnutls_x509_crt_get_expiration_time (cert);
- time_t now = time (NULL);
+cleanup:
- if (
- now >= activation_time &&
- now <= expiration_time
- ) {
- *expiration = expiration_time;
- }
- }
+ if (cert != NULL) {
gnutls_x509_crt_deinit (cert);
+ cert = NULL;
}
return *expiration != (time_t)0;
@@ -774,6 +495,8 @@ __pkcs11h_crypto_gnutls_certificate_get_dn (
IN const size_t dn_max
) {
gnutls_x509_crt_t cert = NULL;
+ gnutls_datum_t datum;
+ size_t s;
(void)global_data;
@@ -784,23 +507,37 @@ __pkcs11h_crypto_gnutls_certificate_get_dn (
dn[0] = '\x0';
- if (gnutls_x509_crt_init (&cert) == GNUTLS_E_SUCCESS) {
- gnutls_datum_t datum = {(unsigned char *)blob, blob_size};
-
- if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) == GNUTLS_E_SUCCESS) {
- size_t s = dn_max;
- if (
- gnutls_x509_crt_get_dn (
- cert,
- dn,
- &s
- ) != GNUTLS_E_SUCCESS
- ) {
- /* gnutls sets output parameters */
- dn[0] = '\x0';
- }
- }
+ if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) {
+ /* gnutls sets output */
+ cert = NULL;
+ goto cleanup;
+ }
+
+ datum.data = (unsigned char *)blob;
+ datum.size = blob_size;
+
+ if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) {
+ goto cleanup;
+ }
+
+ s = dn_max;
+ if (
+ gnutls_x509_crt_get_dn (
+ cert,
+ dn,
+ &s
+ ) != GNUTLS_E_SUCCESS
+ ) {
+ /* gnutls sets output */
+ dn[0] = '\x0';
+ goto cleanup;
+ }
+
+cleanup:
+
+ if (cert != NULL) {
gnutls_x509_crt_deinit (cert);
+ cert = NULL;
}
return dn[0] != '\x0';
@@ -892,6 +629,15 @@ cleanup:
return is_issuer;
}
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_gnutls = {
+ NULL,
+ __pkcs11h_crypto_gnutls_initialize,
+ __pkcs11h_crypto_gnutls_uninitialize,
+ __pkcs11h_crypto_gnutls_certificate_get_expiration,
+ __pkcs11h_crypto_gnutls_certificate_get_dn,
+ __pkcs11h_crypto_gnutls_certificate_is_issuer
+};
+
#endif /* ENABLE_PKCS11H_ENGINE_GNUTLS */
#if defined(ENABLE_PKCS11H_ENGINE_NSS)
@@ -944,8 +690,6 @@ __pkcs11h_crypto_nss_certificate_get_expiration (
PRTime pr_notBefore, pr_notAfter;
time_t notBefore, notAfter;
time_t now = time (NULL);
- int tm_isdst = localtime (&now)->tm_isdst;
- struct tm *tm1;
(void)global_data;
@@ -966,12 +710,10 @@ __pkcs11h_crypto_nss_certificate_get_expiration (
notBefore = pr_notBefore/1000000;
notAfter = pr_notAfter/1000000;
- tm1 = gmtime (¬Before);
- tm1->tm_isdst = tm_isdst;
- notBefore = mktime (tm1);
- tm1 = gmtime (¬After);
- tm1->tm_isdst = tm_isdst;
- notAfter = mktime (tm1);
+ notBefore = mktime (gmtime (¬Before));
+ notBefore += (int)(mktime (localtime (¬Before)) - mktime (gmtime (¬Before)));
+ notAfter = mktime (gmtime (¬After));
+ notAfter += (int)(mktime (localtime (¬After)) - mktime (gmtime (¬After)));
if (
now >= notBefore &&
@@ -1074,12 +816,41 @@ cleanup:
return is_issuer;
}
-#endif /* ENABLE_PKCS11H_ENGINE_GNUTLS */
+static int s_nss_data = 0;
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_nss = {
+ &s_nss_data,
+ __pkcs11h_crypto_nss_initialize,
+ __pkcs11h_crypto_nss_uninitialize,
+ __pkcs11h_crypto_nss_certificate_get_expiration,
+ __pkcs11h_crypto_nss_certificate_get_dn,
+ __pkcs11h_crypto_nss_certificate_is_issuer
+};
+
+#endif /* ENABLE_PKCS11H_ENGINE_NSS */
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
static
int
+__pkcs11h_crypto_win32_uninitialize (
+ IN void * const global_data
+) {
+ __crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
+
+ _PKCS11H_ASSERT (global_data!=NULL);
+
+ if (data->handle != NULL) {
+ FreeLibrary (data->handle);
+ data->handle = NULL;
+ }
+
+ memset (data, 0, sizeof (struct __crypto_win32_data_s));
+
+ return 1;
+}
+
+static
+int
__pkcs11h_crypto_win32_initialize (
IN void * const global_data
) {
@@ -1126,25 +897,6 @@ __pkcs11h_crypto_win32_initialize (
static
int
-__pkcs11h_crypto_win32_uninitialize (
- IN void * const global_data
-) {
- __crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
-
- _PKCS11H_ASSERT (global_data!=NULL);
-
- if (data->handle != NULL) {
- FreeLibrary (data->handle);
- data->handle = NULL;
- }
-
- memset (data, 0, sizeof (struct __crypto_win32_data_s));
-
- return 1;
-}
-
-static
-int
__pkcs11h_crypto_win32_certificate_get_expiration (
IN void * const global_data,
IN const unsigned char * const blob,
@@ -1154,8 +906,7 @@ __pkcs11h_crypto_win32_certificate_get_expiration (
__crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
PCCERT_CONTEXT cert = NULL;
PKCS11H_BOOL ok = FALSE;
- time_t now = time (NULL);
- SYSTEMTIME st;
+ SYSTEMTIME ust, st;
struct tm tm1;
_PKCS11H_ASSERT (global_data!=NULL);
@@ -1172,12 +923,13 @@ __pkcs11h_crypto_win32_certificate_get_expiration (
)) == NULL ||
!FileTimeToSystemTime (
&cert->pCertInfo->NotAfter,
- &st
+ &ust
)
) {
goto cleanup;
}
+ SystemTimeToTzSpecificLocalTime (NULL, &ust, &st);
memset (&tm1, 0, sizeof (tm1));
tm1.tm_year = st.wYear - 1900;
tm1.tm_mon = st.wMonth - 1;
@@ -1186,8 +938,6 @@ __pkcs11h_crypto_win32_certificate_get_expiration (
tm1.tm_min = st.wMinute;
tm1.tm_sec = st.wSecond;
- tm1.tm_sec += (int)(mktime (localtime (&now)) - mktime (gmtime (&now)));
-
*expiration = mktime (&tm1);
ok = TRUE;
@@ -1347,4 +1097,111 @@ cleanup:
return issuer != FALSE;
}
+static struct __crypto_win32_data_s s_win32_data = { NULL };
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_win32 = {
+ &s_win32_data,
+ __pkcs11h_crypto_win32_initialize,
+ __pkcs11h_crypto_win32_uninitialize,
+ __pkcs11h_crypto_win32_certificate_get_expiration,
+ __pkcs11h_crypto_win32_certificate_get_dn,
+ __pkcs11h_crypto_win32_certificate_is_issuer
+};
+
#endif /* ENABLE_PKCS11H_ENGINE_WIN32 */
+
+pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+CK_RV
+pkcs11h_engine_setCrypto (
+ IN const pkcs11h_engine_crypto_t * const engine
+) {
+ const pkcs11h_engine_crypto_t *_engine = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ /*_PKCS11H_ASSERT (engine!=NULL); Not required */
+
+ if (engine == PKCS11H_ENGINE_CRYPTO_AUTO) {
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+ _engine = &_g_pkcs11h_crypto_engine_win32;
+#elif defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
+ _engine = &_g_pkcs11h_crypto_engine_openssl;
+#elif defined(ENABLE_PKCS11H_ENGINE_NSS)
+ _engine = &_g_pkcs11h_crypto_engine_nss;
+#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+ _engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_GPL) {
+#if defined(_WIN32)
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+ _engine = &_g_pkcs11h_crypto_engine_win32;
+#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+ _engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+#else
+#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+ _engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_WIN32) {
+#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
+ _engine = &_g_pkcs11h_crypto_engine_win32;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_OPENSSL) {
+#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
+ _engine = &_g_pkcs11h_crypto_engine_openssl;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_GNUTLS) {
+#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
+ _engine = &_g_pkcs11h_crypto_engine_gnutls;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+ }
+ else if (engine == PKCS11H_ENGINE_CRYPTO_NSS) {
+#if defined(ENABLE_PKCS11H_ENGINE_NSS)
+ _engine = &_g_pkcs11h_crypto_engine_nss;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+ }
+ else {
+ _engine = engine;
+ }
+
+ memmove (&_g_pkcs11h_crypto_engine, _engine, sizeof (pkcs11h_engine_crypto_t));
+
+ rv = CKR_OK;
+
+cleanup:
+
+ return rv;
+}
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git
More information about the pkg-opensc-commit
mailing list