[pkg-opensc-commit] [pkcs11-helper] 205/253: PolarSSL crypto engine by Adriaan de Jong
Eric Dorland
eric at moszumanska.debian.org
Fri Jan 6 23:39:20 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pkcs11-helper.
commit 1a7935a704fb3692e6c5cf9375e84bb35b6a8fef
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date: Mon Oct 24 14:41:39 2011 +0000
PolarSSL crypto engine by Adriaan de Jong
---
ChangeLog | 4 +
THANKS | 3 +
configure.ac | 38 ++++++
include/pkcs11-helper-1.0/pkcs11h-core.h | 2 +
include/pkcs11-helper-1.0/pkcs11h-engines.h | 2 +
lib/pkcs11h-core.c | 3 +
lib/pkcs11h-crypto.c | 189 ++++++++++++++++++++++++++--
7 files changed, 232 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7884193..571eb23 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@ Copyright (c) 2005-2011 Alon Bar-Lev <alon.barlev at gmail.com>
$Id$
+????-??-?? - Version 1.10
+
+ * PolarSSL crypto engine by Adriaan de Jong
+
2011-08-16 - Version 1.09
* Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target.
diff --git a/THANKS b/THANKS
index 03fc5ef..074bb98 100644
--- a/THANKS
+++ b/THANKS
@@ -26,6 +26,9 @@ Eddy Nigg
Sandro Wefel
- For maintaining Debian packaging.
+PolarSSL crypto engine by Adriaan de Jong
+ - For PolarSSL support.
+
Apologies to anyone I have missed.
Alon Bar-Lev <alon.barlev at gmail.com>
diff --git a/configure.ac b/configure.ac
index e6047e6..bd212ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -201,6 +201,13 @@ AC_ARG_ENABLE(
)
AC_ARG_ENABLE(
+ [crypto-engine-polarssl],
+ [AS_HELP_STRING([--disable-crypto-engine-polarssl],[disable PolarSSL crypto engine])],
+ ,
+ [enable_crypto_engine_polarssl="yes"]
+)
+
+AC_ARG_ENABLE(
[crypto-engine-win32],
[AS_HELP_STRING([--disable-crypto-engine-win32],[disable win32 native crypto engine on win32 systems])],
,
@@ -289,6 +296,22 @@ fi
PKG_CHECK_MODULES([GNUTLS], [gnutls >= 1.4], [have_gnutls="yes"], [have_gnutls="no"])
PKG_CHECK_MODULES([NSS], [nss >= 3.11], [have_nss="yes"], [have_nss="no"])
+AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for PolarSSL])
+AC_ARG_VAR([POLARSSL_LIBS], [linker flags for PolarSSL])
+if test -z "${POLARSSL_LIBS}"; then
+ AC_CHECK_LIB(
+ [polarssl],
+ [x509parse_crt],
+ [
+ POLARSSL_LIBS="-lpolarssl"
+ have_polarssl="yes"
+ ],
+ [have_polarssl="no"]
+ )
+else
+ have_polarssl="yes"
+fi
+
# Checks for header files.
AC_HEADER_STDC
AX_CPP_VARARG_MACRO_ISO
@@ -388,6 +411,20 @@ else
AC_MSG_RESULT([no])
fi
+AC_MSG_CHECKING([PolarSSL crypto engine])
+if test "${enable_crypto_engine_polarssl}" = "yes"; then
+ if test "${have_polarssl}" = "yes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([ENABLE_PKCS11H_ENGINE_POLARSSL], [1], [Enable PolarSSL crypto engine])
+ CFLAGS="${CFLAGS} ${POLARSSL_CFLAGS}"
+ LIBS="${LIBS} ${POLARSSL_LIBS}"
+ else
+ AC_MSG_RESULT([no])
+ fi
+else
+ AC_MSG_RESULT([no])
+fi
+
if test "${enable_pedantic}" = "yes"; then
enable_strict="yes"
CFLAGS="${CFLAGS} -ansi -pedantic -D__STRICT_ANSI__ -D_ISOC99_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE"
@@ -437,6 +474,7 @@ if test \
"${enable_crypto_engine_openssl}" = "yes" -o \
"${enable_crypto_engine_gnutls}" = "yes" -o \
"${enable_crypto_engine_nss}" = "yes" -o \
+ "${enable_crypto_engine_polarssl}" = "yes" -o \
"${enable_crypto_engine_win32}" = "yes"; then
PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto"
fi
diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
index 2988d1e..28f0f2f 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-core.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
@@ -104,6 +104,8 @@ extern "C" {
#define PKCS11H_FEATURE_MASK_SLOTEVENT (1<< 8)
/** OpenSSL interface is enabled. */
#define PKCS11H_FEATURE_MASK_OPENSSL (1<< 9)
+/** Engine PolarSSL is enabled. */
+#define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_POLARSSL (1<< 10)
/** @} */
/**
diff --git a/include/pkcs11-helper-1.0/pkcs11h-engines.h b/include/pkcs11-helper-1.0/pkcs11h-engines.h
index 13d43bc..bd9ba66 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-engines.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-engines.h
@@ -208,6 +208,8 @@ typedef struct pkcs11h_crypto_engine_s {
#define PKCS11H_ENGINE_CRYPTO_WIN32 ((pkcs11h_engine_crypto_t *)3)
/** Select NSS. */
#define PKCS11H_ENGINE_CRYPTO_NSS ((pkcs11h_engine_crypto_t *)4)
+/** Select PolarSSL. */
+#define PKCS11H_ENGINE_CRYPTO_POLARSSL ((pkcs11h_engine_crypto_t *)5)
/** Auto select GPL enigne. */
#define PKCS11H_ENGINE_CRYPTO_GPL ((pkcs11h_engine_crypto_t *)10)
/** @} */
diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
index a2e6093..b139307 100644
--- a/lib/pkcs11h-core.c
+++ b/lib/pkcs11h-core.c
@@ -243,6 +243,9 @@ pkcs11h_getFeatures (void) {
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 |
#endif
+#if defined(ENABLE_PKCS11H_ENGINE_POLARSSL)
+ PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_POLARSSL |
+#endif
#if defined(ENABLE_PKCS11H_DEBUG)
PKCS11H_FEATURE_MASK_DEBUG |
#endif
diff --git a/lib/pkcs11h-crypto.c b/lib/pkcs11h-crypto.c
index 8493614..66dd223 100644
--- a/lib/pkcs11h-crypto.c
+++ b/lib/pkcs11h-crypto.c
@@ -70,6 +70,11 @@
#include <cert.h>
#endif
+#if defined(ENABLE_PKCS11H_ENGINE_POLARSSL)
+#include <polarssl/x509.h>
+#include <polarssl/version.h>
+#endif
+
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
#include <wincrypt.h>
#if !defined(CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT)
@@ -1112,6 +1117,169 @@ static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_win32 = {
#endif /* ENABLE_PKCS11H_ENGINE_WIN32 */
+#if defined(ENABLE_PKCS11H_ENGINE_POLARSSL)
+
+static
+int
+__pkcs11h_crypto_polarssl_initialize (
+ IN void * const global_data
+) {
+ (void)global_data;
+
+ return TRUE;
+}
+
+static
+int
+__pkcs11h_crypto_polarssl_uninitialize (
+ IN void * const global_data
+) {
+ (void)global_data;
+
+ return TRUE;
+}
+
+static
+int
+__pkcs11h_crypto_polarssl_certificate_get_expiration (
+ IN void * const global_data,
+ IN const unsigned char * const blob,
+ IN const size_t blob_size,
+ OUT time_t * const expiration
+) {
+ x509_cert x509;
+
+ (void)global_data;
+
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (expiration!=NULL);
+
+ *expiration = (time_t)0;
+
+ memset(&x509, 0, sizeof(x509));
+ if (0 != x509parse_crt (&x509, blob, blob_size)) {
+ goto cleanup;
+ }
+
+ if (0 == x509parse_time_expired(&x509.valid_to)) {
+ struct tm tm1;
+
+ memset (&tm1, 0, sizeof (tm1));
+ tm1.tm_year = x509.valid_to.year - 1900;
+ tm1.tm_mon = x509.valid_to.mon - 1;
+ tm1.tm_mday = x509.valid_to.day;
+ tm1.tm_hour = x509.valid_to.hour - 1;
+ tm1.tm_min = x509.valid_to.min - 1;
+ tm1.tm_sec = x509.valid_to.sec - 1;
+
+ *expiration = mktime (&tm1);
+ *expiration += (int)(mktime (localtime (expiration)) - mktime (gmtime (expiration)));
+ }
+
+cleanup:
+
+ x509_free(&x509);
+
+ return *expiration != (time_t)0;
+}
+
+static
+int
+__pkcs11h_crypto_polarssl_certificate_get_dn (
+ IN void * const global_data,
+ IN const unsigned char * const blob,
+ IN const size_t blob_size,
+ OUT char * const dn,
+ IN const size_t dn_max
+) {
+ x509_cert x509;
+ int ret = FALSE;
+
+ (void)global_data;
+
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (dn!=NULL);
+ _PKCS11H_ASSERT (dn_max>0);
+
+ dn[0] = '\x0';
+
+ memset(&x509, 0, sizeof(x509));
+ if (0 != x509parse_crt (&x509, blob, blob_size)) {
+ goto cleanup;
+ }
+
+ if (-1 == x509parse_dn_gets(dn, dn_max, &x509.subject)) {
+ goto cleanup;
+ }
+
+ ret = TRUE;
+
+cleanup:
+
+ x509_free(&x509);
+
+ return ret;
+}
+
+static
+int
+__pkcs11h_crypto_polarssl_certificate_is_issuer (
+ IN void * const global_data,
+ IN const unsigned char * const issuer_blob,
+ IN const size_t issuer_blob_size,
+ IN const unsigned char * const cert_blob,
+ IN const size_t cert_blob_size
+) {
+ x509_cert x509_issuer;
+ x509_cert x509_cert;
+ int verify_flags = 0;
+
+ PKCS11H_BOOL is_issuer = FALSE;
+
+ (void)global_data;
+
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (issuer_blob!=NULL);
+ _PKCS11H_ASSERT (cert_blob!=NULL);
+
+ memset(&x509_issuer, 0, sizeof(x509_issuer));
+ if (0 != x509parse_crt (&x509_issuer, issuer_blob, issuer_blob_size)) {
+ goto cleanup;
+ }
+
+ memset(&x509_cert, 0, sizeof(x509_cert));
+ if (0 != x509parse_crt (&x509_cert, cert_blob, cert_blob_size)) {
+ goto cleanup;
+ }
+
+#if (POLARSSL_VERSION_MAJOR == 0)
+ if ( 0 == x509parse_verify(&x509_cert, &x509_issuer, NULL, NULL,
+ &verify_flags ))
+#else
+ if ( 0 == x509parse_verify(&x509_cert, &x509_issuer, NULL, NULL,
+ &verify_flags, NULL, NULL ))
+#endif
+
+cleanup:
+ x509_free(&x509_cert);
+ x509_free(&x509_issuer);
+
+ return is_issuer;
+}
+
+static const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_polarssl = {
+ NULL,
+ __pkcs11h_crypto_polarssl_initialize,
+ __pkcs11h_crypto_polarssl_uninitialize,
+ __pkcs11h_crypto_polarssl_certificate_get_expiration,
+ __pkcs11h_crypto_polarssl_certificate_get_dn,
+ __pkcs11h_crypto_polarssl_certificate_is_issuer
+};
+
+#endif /* ENABLE_PKCS11H_ENGINE_POLARSSL */
+
pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
NULL,
NULL,
@@ -1137,6 +1305,8 @@ pkcs11h_engine_setCrypto (
_engine = &_g_pkcs11h_crypto_engine_openssl;
#elif defined(ENABLE_PKCS11H_ENGINE_NSS)
_engine = &_g_pkcs11h_crypto_engine_nss;
+#elif defined(ENABLE_PKCS11H_ENGINE_POLARSSL)
+ _engine = &_g_pkcs11h_crypto_engine_polarssl;
#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
_engine = &_g_pkcs11h_crypto_engine_gnutls;
#else
@@ -1145,23 +1315,16 @@ pkcs11h_engine_setCrypto (
#endif
}
else if (engine == PKCS11H_ENGINE_CRYPTO_GPL) {
-#if defined(_WIN32)
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
_engine = &_g_pkcs11h_crypto_engine_win32;
+#elif defined(ENABLE_PKCS11H_ENGINE_POLARSSL)
+ _engine = &_g_pkcs11h_crypto_engine_polarssl;
#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
_engine = &_g_pkcs11h_crypto_engine_gnutls;
#else
rv = CKR_ATTRIBUTE_VALUE_INVALID;
goto cleanup;
#endif
-#else
-#if defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
- _engine = &_g_pkcs11h_crypto_engine_gnutls;
-#else
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
-#endif
-#endif
}
else if (engine == PKCS11H_ENGINE_CRYPTO_WIN32) {
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
@@ -1195,6 +1358,14 @@ pkcs11h_engine_setCrypto (
goto cleanup;
#endif
}
+ else if (engine == PKCS11H_ENGINE_CRYPTO_POLARSSL) {
+#if defined(ENABLE_PKCS11H_ENGINE_POLARSSL)
+ _engine = &_g_pkcs11h_crypto_engine_polarssl;
+#else
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+#endif
+ }
else {
_engine = engine;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git
More information about the pkg-opensc-commit
mailing list