[pkg-opensc-commit] [pkcs11-helper] 229/253: openssl: add dsa support
Eric Dorland
eric at moszumanska.debian.org
Fri Jan 6 23:39:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pkcs11-helper.
commit 374252981ff3177b10a5c4380a5e0e0b9d71c5c9
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date: Tue Sep 17 00:17:26 2013 +0300
openssl: add dsa support
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
ChangeLog | 1 +
lib/pkcs11h-openssl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 186 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 5895d92..8e1da42 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ $Id$
????-??-?? - Version 1.11
* openssl: support generic pkey.
+ * openssl: add dsa support.
2012-02-29 - Version 1.10
diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c
index 272f8d7..4f4978f 100644
--- a/lib/pkcs11h-openssl.c
+++ b/lib/pkcs11h-openssl.c
@@ -85,6 +85,10 @@ static struct {
RSA_METHOD rsa;
int rsa_index;
#endif
+#ifndef OPENSSL_NO_DSA
+ DSA_METHOD dsa;
+ int dsa_index;
+#endif
} __openssl_methods;
static
@@ -419,6 +423,168 @@ cleanup:
#endif
+#ifndef OPENSSL_NO_DSA
+
+static
+pkcs11h_certificate_t
+__pkcs11h_openssl_dsa_get_pkcs11h_certificate (
+ IN DSA *dsa
+) {
+ pkcs11h_openssl_session_t session = NULL;
+
+ _PKCS11H_ASSERT (dsa!=NULL);
+
+ session = (pkcs11h_openssl_session_t)DSA_get_ex_data (dsa, __openssl_methods.dsa_index);
+
+ _PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (session->certificate!=NULL);
+
+ return session->certificate;
+}
+
+static
+DSA_SIG *
+__pkcs11h_openssl_dsa_do_sign(
+ IN const unsigned char *dgst,
+ IN int dlen,
+ OUT DSA *dsa
+) {
+ pkcs11h_certificate_t certificate = __pkcs11h_openssl_dsa_get_pkcs11h_certificate (dsa);
+ unsigned char *sigbuf = NULL;
+ size_t siglen;
+ DSA_SIG *sig = NULL;
+ DSA_SIG *ret = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: __pkcs11h_openssl_dsa_do_sign - entered dgst=%p, dlen=%d, dsa=%p",
+ (void *)dgst,
+ dlen,
+ (void *)dsa
+ );
+
+ _PKCS11H_ASSERT (dgst!=NULL);
+ _PKCS11H_ASSERT (dsa!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
+
+ if (
+ (rv = pkcs11h_certificate_signAny (
+ certificate,
+ CKM_DSA,
+ dgst,
+ (size_t)dlen,
+ NULL,
+ &siglen
+ )) != CKR_OK
+ ) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv));
+ goto cleanup;
+ }
+
+ if ((rv = _pkcs11h_mem_malloc ((void *)&sigbuf, siglen)) != CKR_OK) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot cannot allocate signature buffer");
+ goto cleanup;
+ }
+
+ if (
+ (rv = pkcs11h_certificate_signAny (
+ certificate,
+ CKM_DSA,
+ dgst,
+ (size_t)dlen,
+ sigbuf,
+ &siglen
+ )) != CKR_OK
+ ) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv));
+ goto cleanup;
+ }
+
+ if ((sig = DSA_SIG_new ()) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate DSA_SIG");
+ goto cleanup;
+ }
+
+ if (BN_bin2bn (&sigbuf[0], siglen/2, sig->r) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert dsa r");
+ goto cleanup;
+ }
+
+ if (BN_bin2bn (&sigbuf[siglen/2], siglen/2, sig->s) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert dsa s");
+ goto cleanup;
+ }
+
+ ret = sig;
+ sig = NULL;
+
+cleanup:
+
+ if (sigbuf != NULL) {
+ _pkcs11h_mem_free ((void *)&sigbuf);
+ }
+
+ if (sig != NULL) {
+ DSA_SIG_free (sig);
+ sig = NULL;
+ }
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: __pkcs11h_openssl_dsa_do_sign - return sig=%p",
+ (void *)sig
+ );
+
+ return ret;
+}
+
+static
+PKCS11H_BOOL
+__pkcs11h_openssl_session_setDSA(
+ IN const pkcs11h_openssl_session_t openssl_session,
+ IN EVP_PKEY * evp
+) {
+ PKCS11H_BOOL ret = FALSE;
+ DSA *dsa = NULL;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: __pkcs11h_openssl_session_setDSA - entered openssl_session=%p, evp=%p",
+ (void *)openssl_session,
+ (void *)evp
+ );
+
+ if (
+ (dsa = EVP_PKEY_get1_DSA (evp)) == NULL
+ ) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get DSA key");
+ goto cleanup;
+ }
+
+ DSA_set_method (dsa, &__openssl_methods.dsa);
+ DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session);
+
+ ret = TRUE;
+
+cleanup:
+
+ if (dsa != NULL) {
+ DSA_free (dsa);
+ dsa = NULL;
+ }
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: __pkcs11h_openssl_session_setDSA - return ret=%d",
+ ret
+ );
+
+ return ret;
+}
+
+#endif
+
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {
_PKCS11H_DEBUG (
@@ -439,6 +605,18 @@ _pkcs11h_openssl_initialize (void) {
__pkcs11h_openssl_ex_data_free
);
#endif
+#ifndef OPENSSL_NO_DSA
+ memmove (&__openssl_methods.dsa, DSA_get_default_method (), sizeof(DSA_METHOD));
+ __openssl_methods.dsa.name = "pkcs11h";
+ __openssl_methods.dsa.dsa_do_sign = __pkcs11h_openssl_dsa_do_sign;
+ __openssl_methods.dsa_index = DSA_get_ex_new_index (
+ 0,
+ "pkcs11h",
+ NULL,
+ __pkcs11h_openssl_ex_data_dup,
+ __pkcs11h_openssl_ex_data_free
+ );
+#endif
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - return"
@@ -761,6 +939,13 @@ pkcs11h_openssl_session_getEVP (
}
}
#endif
+#ifndef OPENSSL_NO_RSA
+ else if (evp->type == EVP_PKEY_DSA) {
+ if (!__pkcs11h_openssl_session_setDSA(openssl_session, evp)) {
+ goto cleanup;
+ }
+ }
+#endif
else {
_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Invalid public key algorithm %d", evp->type);
goto cleanup;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git
More information about the pkg-opensc-commit
mailing list