From: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Mon, 11 Nov 2013 22:36:06 +0000 (+0200)
Subject: pkcs11: use generic evp key instead of rsa
X-Git-Tag: v2.4_alpha1~502
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6575ad483702dd53c0f683093b5f26a87518c6a8;p=thirdparty%2Fopenvpn.git

pkcs11: use generic evp key instead of rsa

Enables DSA, ECDSA key usages with newer pkcs11-helper.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Tested-By: Sanaullah <sanaullah82@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1384209366-26170-1-git-send-email-alon.barlev@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7960
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/configure.ac b/configure.ac
index b181f6d61..23e76f6ce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -725,7 +725,7 @@ esac
 
 PKG_CHECK_MODULES(
 	[PKCS11_HELPER],
-	[libpkcs11-helper-1 >= 1.02],
+	[libpkcs11-helper-1 >= 1.11],
 	[have_pkcs11_helper="yes"],
 	[]
 )
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index af843b7b9..87eb166e8 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -49,7 +49,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
   int ret = 1;
 
   X509 *x509 = NULL;
-  RSA *rsa = NULL;
+  EVP_PKEY *evp = NULL;
   pkcs11h_openssl_session_t openssl_session = NULL;
 
   if ((openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL)
@@ -63,9 +63,9 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
    */
   certificate = NULL;
 
-  if ((rsa = pkcs11h_openssl_session_getRSA (openssl_session)) == NULL)
+  if ((evp = pkcs11h_openssl_session_getEVP (openssl_session)) == NULL)
     {
-      msg (M_WARN, "PKCS#11: Unable get rsa object");
+      msg (M_WARN, "PKCS#11: Unable get evp object");
       goto cleanup;
     }
 
@@ -75,7 +75,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
       goto cleanup;
     }
 
-  if (!SSL_CTX_use_RSAPrivateKey (ssl_ctx->ctx, rsa))
+  if (!SSL_CTX_use_PrivateKey (ssl_ctx->ctx, evp))
     {
       msg (M_WARN, "PKCS#11: Cannot set private key for openssl");
       goto cleanup;
@@ -108,10 +108,10 @@ cleanup:
       x509 = NULL;
     }
 
-  if (rsa != NULL)
+  if (evp != NULL)
     {
-      RSA_free (rsa);
-      rsa = NULL;
+      EVP_PKEY_free (evp);
+      evp = NULL;
     }
 
   if (openssl_session != NULL)