+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (c) 2004-2006, Stockholms universitet
* (Stockholm University, Stockholm Sweden)
* POSSIBILITY OF SUCH DAMAGE.
*/
-#include "locl.h"
+#include "k5-platform.h"
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+#include <ctype.h>
+#include <pwd.h>
+
+#include <pkcs11.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
+#define RSA_get0_key compat_rsa_get0_key
+static void
+compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e,
+ const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = rsa->n;
+ if (e != NULL)
+ *e = rsa->e;
+ if (d != NULL)
+ *d = rsa->d;
+}
+#endif
+
+#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
+ { \
+ unsigned char *p; \
+ (BL) = i2d_##T((S), NULL); \
+ if ((BL) <= 0) { \
+ (R) = EINVAL; \
+ } else { \
+ (B) = malloc((BL)); \
+ if ((B) == NULL) { \
+ (R) = ENOMEM; \
+ } else { \
+ p = (B); \
+ (R) = 0; \
+ (BL) = i2d_##T((S), &p); \
+ if ((BL) <= 0) { \
+ free((B)); \
+ (R) = EINVAL; \
+ } \
+ } \
+ } \
+ }
/* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */
}
static void
-snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
+snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...)
{
int len;
va_list ap;
#endif
#define VERIFY_SESSION_HANDLE(s, state) \
-{ \
- CK_RV ret; \
- ret = verify_session_handle(s, state); \
- if (ret != CKR_OK) { \
- /* return CKR_OK */; \
- } \
-}
+ { \
+ CK_RV vshret; \
+ vshret = verify_session_handle(s, state); \
+ if (vshret != CKR_OK) { \
+ /* return CKR_OK */; \
+ } \
+ }
static CK_RV
verify_session_handle(CK_SESSION_HANDLE hSession,
struct session_state **state)
{
- int i;
+ size_t i;
for (i = 0; i < MAX_NUM_SESSION; i++){
if (soft_token.state[i].session_handle == hSession)
CK_ULONG modulus_bits = 0;
CK_BYTE *exponent = NULL;
size_t exponent_len = 0;
+ RSA *rsa;
+ const BIGNUM *n, *e;
- modulus_bits = BN_num_bits(key->pkey.rsa->n);
+ rsa = EVP_PKEY_get0_RSA(key);
+ RSA_get0_key(rsa, &n, &e, NULL);
+ modulus_bits = BN_num_bits(n);
- modulus_len = BN_num_bytes(key->pkey.rsa->n);
+ modulus_len = BN_num_bytes(n);
modulus = malloc(modulus_len);
- BN_bn2bin(key->pkey.rsa->n, modulus);
+ BN_bn2bin(n, modulus);
- exponent_len = BN_num_bytes(key->pkey.rsa->e);
+ exponent_len = BN_num_bytes(e);
exponent = malloc(exponent_len);
- BN_bn2bin(key->pkey.rsa->e, exponent);
+ BN_bn2bin(e, exponent);
add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
add_object_attribute(o, 0, CKA_MODULUS_BITS,
add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
exponent, exponent_len);
- RSA_set_method(key->pkey.rsa, RSA_PKCS1_SSLeay());
+ RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
free(modulus);
free(exponent);
o->u.cert = cert;
public_key = X509_get_pubkey(o->u.cert);
- switch (EVP_PKEY_type(public_key->type)) {
+ switch (EVP_PKEY_base_id(public_key)) {
case EVP_PKEY_RSA:
key_type = CKK_RSA;
break;
/* XXX verify keytype */
if (key_type == CKK_RSA)
- RSA_set_method(o->u.private_key.key->pkey.rsa,
- RSA_PKCS1_SSLeay());
+ RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
+ RSA_PKCS1_OpenSSL());
if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
EVP_PKEY_free(o->u.private_key.key);
C_Initialize(CK_VOID_PTR a)
{
CK_C_INITIALIZE_ARGS_PTR args = a;
+ size_t i;
+
st_logf("Initialize\n");
- int i;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
CK_RV
C_Finalize(CK_VOID_PTR args)
{
- int i;
+ size_t i;
st_logf("Finalize\n");
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession)
{
- int i;
+ size_t i;
st_logf("OpenSession: slot: %d\n", (int)slotID);
CK_RV
C_CloseAllSessions(CK_SLOT_ID slotID)
{
- int i;
+ size_t i;
st_logf("CloseAllSessions\n");
}
/* XXX check keytype */
- RSA_set_method(o->u.private_key.key->pkey.rsa, RSA_PKCS1_SSLeay());
+ RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
+ RSA_PKCS1_OpenSSL());
if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) {
EVP_PKEY_free(o->u.private_key.key);
}
if (ulCount) {
CK_ULONG i;
- size_t len;
print_attributes(pTemplate, ulCount);
return CKR_ARGUMENTS_BAD;
}
- rsa = o->u.public_key->pkey.rsa;
+ rsa = EVP_PKEY_get0_RSA(o->u.public_key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
goto out;
}
- if (buffer_len + padding_len < ulDataLen) {
+ if ((CK_ULONG)buffer_len + padding_len < ulDataLen) {
ret = CKR_ARGUMENTS_BAD;
goto out;
}
return CKR_ARGUMENTS_BAD;
}
- rsa = o->u.private_key.key->pkey.rsa;
+ rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
goto out;
}
- if (buffer_len + padding_len < ulEncryptedDataLen) {
+ if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) {
ret = CKR_ARGUMENTS_BAD;
goto out;
}
return CKR_ARGUMENTS_BAD;
}
- rsa = o->u.private_key.key->pkey.rsa;
+ rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
goto out;
}
- if (buffer_len < ulDataLen + padding_len) {
+ if ((CK_ULONG)buffer_len < ulDataLen + padding_len) {
ret = CKR_ARGUMENTS_BAD;
goto out;
}
return CKR_ARGUMENTS_BAD;
}
- rsa = o->u.public_key->pkey.rsa;
+ rsa = EVP_PKEY_get0_RSA(o->u.public_key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
goto out;
}
- if (buffer_len < ulDataLen) {
+ if ((CK_ULONG)buffer_len < ulDataLen) {
ret = CKR_ARGUMENTS_BAD;
goto out;
}
if (len > buffer_len)
abort();
- if (len != ulSignatureLen) {
+ if ((CK_ULONG)len != ulSignatureLen) {
ret = CKR_GENERAL_ERROR;
goto out;
}
if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')):
skip_rest('PKINIT tests', 'PKINIT module not built')
-# Check if soft-pkcs11.so is available.
-try:
- import ctypes
- lib = ctypes.LibraryLoader(ctypes.CDLL).LoadLibrary('soft-pkcs11.so')
- del lib
- have_soft_pkcs11 = True
-except:
- have_soft_pkcs11 = False
+soft_pkcs11 = os.path.join(buildtop, 'tests', 'softpkcs11', 'softpkcs11.so')
# Construct a krb5.conf fragment configuring pkinit.
certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs')
p12_upn3_identity = 'PKCS12:%s' % user_upn3_p12
p12_generic_identity = 'PKCS12:%s' % generic_p12
p12_enc_identity = 'PKCS12:%s' % user_enc_p12
-p11_identity = 'PKCS11:soft-pkcs11.so'
-p11_token_identity = ('PKCS11:module_name=soft-pkcs11.so:'
- 'slotid=1:token=SoftToken (token)')
+p11_identity = 'PKCS11:' + soft_pkcs11
+p11_token_identity = ('PKCS11:module_name=' + soft_pkcs11 +
+ ':slotid=1:token=SoftToken (token)')
# Start a realm with the test kdb module for the following UPN SAN tests.
realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=alias_kdc_conf,
realm.kinit(realm.user_princ, flags=['-X', 'X509_user_identity=,'],
expected_code=1, expected_msg='Preauthentication failed while')
-if not have_soft_pkcs11:
- skip_rest('PKINIT PKCS11 tests', 'soft-pkcs11.so not found')
-
softpkcs11rc = os.path.join(os.getcwd(), 'testdir', 'soft-pkcs11.rc')
realm.env['SOFTPKCS11RC'] = softpkcs11rc
projects / thirdparty / krb5.git / commitdiff
