[pkg-opensc-commit] [pkcs11-helper] 23/60: Support openssl decryption

Fri Jan 6 23:39:43 UTC 2017

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to tag pkcs11-helper-1.02
in repository pkcs11-helper.

commit 56df4145edaf689694054cabe74fb0d9ef21ffe5
Author: alonbl <alonbl at 485eb718-1723-0410-b8a9-88cf21a28c35>
Date:   Fri Dec 1 23:48:33 2006 +0000

    Support openssl decryption
---
 lib/pkcs11h-openssl.c | 65 +++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 58 insertions(+), 7 deletions(-)

diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c
index e1ede4e..459d550 100644
--- a/lib/pkcs11h-openssl.c
+++ b/lib/pkcs11h-openssl.c
@@ -189,6 +189,11 @@ _pkcs11h_openssl_dec (
 	IN int padding
 ) {
 #endif
+	pkcs11h_certificate_t certificate = _pkcs11h_openssl_get_pkcs11h_certificate (rsa);
+	PKCS11H_BOOL session_locked = FALSE;
+	CK_MECHANISM_TYPE mech = CKM_RSA_PKCS;
+	CK_RV rv = CKR_OK;
+
 	PKCS11H_ASSERT (from!=NULL);
 	PKCS11H_ASSERT (to!=NULL);
 	PKCS11H_ASSERT (rsa!=NULL);
@@ -203,17 +208,63 @@ _pkcs11h_openssl_dec (
 		padding
 	);
 
-	PKCS11H_LOG (
-		PKCS11H_LOG_ERROR,
-		"PKCS#11: Private key decryption is not supported"
-	);
+	switch (padding) {
+		case RSA_PKCS1_PADDING:
+			mech = CKM_RSA_PKCS;
+		break;
+		case RSA_PKCS1_OAEP_PADDING:
+			mech = CKM_RSA_PKCS_OAEP;
+		break;
+		case RSA_SSLV23_PADDING:
+			rv = CKR_MECHANISM_INVALID;
+		break;
+		case RSA_NO_PADDING:
+			rv = CKR_MECHANISM_INVALID;
+		break;
+	}
+
+	if (
+		rv == CKR_OK &&
+		(rv = pkcs11h_certificate_lockSession (certificate)) == CKR_OK
+	) {
+		session_locked = TRUE;
+	}
+
+	if (rv == CKR_OK) {
+		size_t tlen = (size_t)flen;
+
+		PKCS11H_DEBUG (
+			PKCS11H_LOG_DEBUG1,
+			"PKCS#11: Performing decryption"
+		);
+
+		if (
+			(rv = pkcs11h_certificate_decryptAny (
+				certificate,
+				mech,
+				from,
+				flen,
+				to,
+				&tlen
+			)) != CKR_OK
+		) {
+			PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform decryption %ld:'%s'", rv, pkcs11h_getMessage (rv));
+		}
+	}
+
+	if (session_locked) {
+		pkcs11h_certificate_releaseSession (certificate);
+		session_locked = FALSE;
+	}
 
 	PKCS11H_DEBUG (
 		PKCS11H_LOG_DEBUG2,
-		"PKCS#11: _pkcs11h_openssl_dec return"
+		"PKCS#11: _pkcs11h_openssl_dec - return rv=%ld-'%s'",
+		rv,
+		pkcs11h_getMessage (rv)
 	);
 
-	return -1;
+	return rv == CKR_OK ? 1 : -1; 
 }
 
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
@@ -265,7 +316,7 @@ _pkcs11h_openssl_sign (
 	);
 
 	if (rv == CKR_OK) {
-		myrsa_size=RSA_size(rsa);
+		myrsa_size=RSA_size (rsa);
 	}
 
 	if (type == NID_md5_sha1) {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git

