*/
#include "hx_locl.h"
-RCSID("$Id: ks_p11.c,v 1.45 2007/01/09 19:43:35 lha Exp $");
+RCSID("$Id: ks_p11.c 22071 2007-11-14 20:04:50Z lha $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
return 1;
}
-static const RSA_METHOD rsa_pkcs1_method = {
+static const RSA_METHOD p11_rsa_pkcs1_method = {
"hx509 PKCS11 PKCS#1 RSA",
p11_rsa_public_encrypt,
p11_rsa_public_decrypt,
* prompter or known to work pin code.
*
* This code is very conversative and only uses the prompter in
- * the hx509_lock, the reason is that its bad to try many
+ * the hx509_lock, the reason is that it's bad to try many
* passwords on a pkcs11 token, it might lock up and have to be
* unlocked by a administrator.
*
if (p->refcount == 0)
_hx509_abort("pkcs11 refcount to high");
- RSA_set_method(rsa, &rsa_pkcs1_method);
+ RSA_set_method(rsa, &p11_rsa_pkcs1_method);
ret = RSA_set_app_data(rsa, p11rsa);
if (ret != 1)
_hx509_abort("RSA_set_app_data");
{
struct hx509_collector *collector = ptr;
hx509_cert cert;
- Certificate t;
int ret;
if ((CK_LONG)query[0].ulValueLen == -1 ||
return 0;
}
-
- ret = decode_Certificate(query[1].pValue, query[1].ulValueLen,
- &t, NULL);
- if (ret) {
- hx509_clear_error_string(context);
- return 0;
- }
-
- ret = hx509_cert_init(context, &t, &cert);
- free_Certificate(&t);
+ ret = hx509_cert_init_data(context, query[1].pValue,
+ query[1].ulValueLen, &cert);
if (ret)
return ret;
if (lock == NULL)
lock = _hx509_empty_lock;
- collector = _hx509_collector_alloc(context, lock);
- if (collector == NULL) {
- hx509_set_error_string(context, 0, ENOMEM, "out of memory");
- return ENOMEM;
- }
+ ret = _hx509_collector_alloc(context, lock, &collector);
+ if (ret)
+ return ret;
key_class = CKO_PRIVATE_KEY;
ret = iterate_entries(context, p, slot, session,
p11_printinfo(hx509_context context,
hx509_certs certs,
void *data,
- int (*func)(void *, char *),
+ int (*func)(void *, const char *),
void *ctx)
{
struct p11_module *p = data;
MECHNAME(CKM_RSA_X_509, "rsa-x-509");
MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
+ MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
+ MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
+ MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
+ MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
+ MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
+ MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
+ MECHNAME(CKM_SHA512, "sha512");
+ MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
+ MECHNAME(CKM_SHA384, "sha384");
+ MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
+ MECHNAME(CKM_SHA256, "sha256");
+ MECHNAME(CKM_SHA_1, "sha1");
+ MECHNAME(CKM_MD5, "md5");
+ MECHNAME(CKM_MD2, "md2");
+ MECHNAME(CKM_RIPEMD160, "ripemd-160");
+ MECHNAME(CKM_DES_ECB, "des-ecb");
+ MECHNAME(CKM_DES_CBC, "des-cbc");
+ MECHNAME(CKM_AES_ECB, "aes-ecb");
+ MECHNAME(CKM_AES_CBC, "aes-cbc");
+ MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen");
default:
snprintf(unknownname, sizeof(unknownname),
"unknown-mech-%lu",