161  * lists of asymmetric key handles which are active (referenced by at least one
168  * Create all secret key objects in a global session so that they are available
170  * without losing the secret key objects.
277 static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
288 	const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp);
289 static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
1854 	 * object. The key load functions set it to persistent if that is so.
1863  * public components 'n'/'e' are the key components we use to check for the
1865  * a public or a private key, we always free what we can.
1884 /* Destroy RSA public key from single session. */
1901 /* Destroy RSA private key from single session. */
1919  * Destroy RSA key object wrapper. If session is NULL, try to destroy all
1939 	 * go through the list of sessions and delete key objects
1967 /* Destroy DSA public key from single session. */
1987 /* Destroy DSA private key from single session. */
2008  * Destroy DSA key object wrapper. If session is NULL, try to destroy all
2028 	 * go through the list of sessions and delete key objects
2056 /* Destroy DH key from single session. */
2077  * Destroy DH key object wrapper.
2182  * Init context for encryption or decryption using a symmetric key.
2242 pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2262 	 * ciphers table. The key length must be in the allowed interval. From
2264 	 * key length to be in some range, all other NIDs have a precise key
2289 	/* The key object is destroyed here if it is not the current key. */
2290 	(void) check_new_cipher_key(sp, key, ctx->key_len);
2293 	 * If the key is the same and the encryption is also the same, then
2309 	 * Check if the key has been invalidated. If so, a new key object
2314 		    ctx, key, p_ciph_table_row->key_type, sp);
2333 	/* now initialize the context with a new key */
2346  * When reusing the same key in an encryption/decryption session for a
2348  * and recreate a new one. Note that the key is in the global session so
2596 /* Create a secret key object in a PKCS#11 session */
2598 	const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp)
2615 	 * Create secret key object in global_session. All other sessions
2616 	 * can use the key handles. Here is why:
2617 	 * OpenSSL will call EncryptInit and EncryptUpdate using a secret key.
2618 	 * It may then call DecryptInit and DecryptUpdate using the same key.
2619 	 * To use the same key object, we need to call EncryptFinal with
2622 	 * then create a new session to use the same key object. When a session
2623 	 * is closed, all the object handles will be invalid. Thus, create key
2630 	a_key_template[5].pValue = (void *) key;
2642 	 * Save the key information used in this session.
2647 	(void) memcpy(sp->opdata_key, key, sp->opdata_key_len);
2860  * Check if the new key is the same as the key object in the session. If the key
2861  * is the same, no need to create a new key object. Otherwise, the old key
2863  * cache hit, 0 for cache miss. Note that we must check the key length first
2864  * otherwise we could end up reusing a different, longer key with the same
2868 check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key,
2872 	    memcmp(sp->opdata_key, key, key_len) != 0) {
2879 /* Destroy one or more secret key objects. */
2899 			 * The secret key object is created in the
2921  * Public key mechanisms optionally supported
2928  * public key slot.
2954  * variables carry information about which slot was chosen for (a) public key
3124 	 * Check if this slot is capable of DH key generataion and
3225 			DEBUG_SLOT_SEL(" engine key size range <%i-%i> does not"

Indexes created Tue Jul 24 14:28:13 CEST 2018