libkmf/common/csrcrlop.c

99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * or http://www.opensolaris.org/os/licensing.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys *
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Use is subject to license terms.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <stdio.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <link.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <fcntl.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ctype.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/param.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/types.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/stat.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <sys/socket.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <ber_der.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <kmfapiP.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <pem_encode.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <libgen.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#include <cryptoutil.h>
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyssetup_crl_call(KMF_HANDLE_T, int, KMF_ATTRIBUTE *, KMF_PLUGIN **);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Name: kmf_set_csr_pubkey
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Description:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   This function converts the specified plugin public key to SPKI form,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   and save it in the KMF_CSR_DATA internal structure
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Parameters:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   KMFkey(input) - pointer to the KMF_KEY_HANDLE structure containing the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *      public key generated by the plug-in CreateKeypair
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   Csr(input/output) - pointer to a KMF_CSR_DATA structure containing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *      SPKI
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Returns:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   A KMF_RETURN value indicating success or specifying a particular
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   The value KMF_OK indicates success. All other values represent
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   an error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_pubkey(KMF_HANDLE_T handle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE *KMFKey,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_CSR_DATA *Csr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_SPKI *spki_ptr;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_DATA KeyData = { 0, NULL };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (KMFKey == NULL || Csr == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /* The keystore must extract the pubkey data */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    plugin = FindPlugin(handle, KMFKey->kstype);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (plugin != NULL && plugin->funclist->EncodePubkeyData != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        ret = plugin->funclist->EncodePubkeyData(handle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            KMFKey, &KeyData);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    spki_ptr = &Csr->csr.subjectPublicKeyInfo;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = DerDecodeSPKI(&KeyData, spki_ptr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_data(&KeyData);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_version(KMF_CSR_DATA *CsrData, uint32_t version)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CsrData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * From RFC 3280:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (version != 0 && version != 1 && version != 2)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (set_integer(&CsrData->csr.version, (void *)&version,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (uint32_t)));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_subject(KMF_CSR_DATA *CsrData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_NAME *subject_name_ptr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
97732469ba455a24d7e12fc63faad3110ba70777haimay    KMF_RETURN rv = KMF_OK;
97732469ba455a24d7e12fc63faad3110ba70777haimay    KMF_X509_NAME *temp_name_ptr = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
97732469ba455a24d7e12fc63faad3110ba70777haimay    if (CsrData != NULL && subject_name_ptr != NULL) {
97732469ba455a24d7e12fc63faad3110ba70777haimay        rv = CopyRDN(subject_name_ptr, &temp_name_ptr);
97732469ba455a24d7e12fc63faad3110ba70777haimay        if (rv == KMF_OK) {
97732469ba455a24d7e12fc63faad3110ba70777haimay            CsrData->csr.subject = *temp_name_ptr;
97732469ba455a24d7e12fc63faad3110ba70777haimay        }
97732469ba455a24d7e12fc63faad3110ba70777haimay    } else {
97732469ba455a24d7e12fc63faad3110ba70777haimay        return (KMF_ERR_BAD_PARAMETER);
97732469ba455a24d7e12fc63faad3110ba70777haimay    }
97732469ba455a24d7e12fc63faad3110ba70777haimay    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_create_csr_file(KMF_DATA *csrdata, KMF_ENCODE_FORMAT format,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *csrfile)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN rv = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int fd = -1;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_DATA pemdata = { 0, NULL };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (csrdata == NULL || csrfile == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (format != KMF_FORMAT_PEM && format != KMF_FORMAT_ASN1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (format == KMF_FORMAT_PEM) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        int len;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        rv = kmf_der_to_pem(KMF_CSR,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            csrdata->Data, csrdata->Length,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &pemdata.Data, &len);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (rv != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            goto cleanup;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        pemdata.Length = (size_t)len;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if ((fd = open(csrfile, O_CREAT |O_RDWR, 0644)) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        rv = KMF_ERR_OPEN_FILE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        goto cleanup;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (format == KMF_FORMAT_PEM) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (write(fd, pemdata.Data, pemdata.Length) !=
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            pemdata.Length) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = KMF_ERR_WRITE_FILE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        if (write(fd, csrdata->Data, csrdata->Length) !=
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            csrdata->Length) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            rv = KMF_ERR_WRITE_FILE;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllyscleanup:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (fd != -1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) close(fd);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_data(&pemdata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (rv);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_extn(KMF_CSR_DATA *Csr, KMF_X509_EXTENSION *extn)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_X509_EXTENSIONS *exts;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (Csr == NULL || extn == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    exts = &Csr->csr.extensions;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = add_an_extension(exts, extn);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_sig_alg(KMF_CSR_DATA *CsrData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_ALGORITHM_INDEX sigAlg)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_OID *alg;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CsrData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    alg = x509_algid_to_algoid(sigAlg);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (alg != NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) copy_data((KMF_DATA *)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &CsrData->signature.algorithmIdentifier.algorithm,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (KMF_DATA *)alg);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        (void) copy_data(
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CsrData->signature.algorithmIdentifier.parameters,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys            &CsrData->csr.subjectPublicKeyInfo.algorithm.parameters);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    } else {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_subject_altname(KMF_CSR_DATA *Csr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    char *altname, int critical,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_GENERALNAMECHOICES alttype)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (Csr == NULL || altname == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_set_altname(&Csr->csr.extensions,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        (KMF_OID *)&KMFOID_SubjectAltName, critical, alttype,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        altname);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_csr_ku(KMF_CSR_DATA *CSRData,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    int critical, uint16_t kubits)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (CSRData == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    ret = set_key_usage_extension(
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &CSRData->csr.extensions, critical, kubits);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (ret);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllysKMF_RETURN
d00756ccb34596a328f8a15d1965da5412d366d0wyllyskmf_add_csr_eku(KMF_CSR_DATA *CSRData, KMF_OID *ekuOID,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    int critical)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys{
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_RETURN ret = KMF_OK;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_X509_EXTENSION *foundextn;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_X509_EXTENSION newextn;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    BerElement *asn1 = NULL;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    BerValue *extdata = NULL;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    char *olddata = NULL;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    size_t oldsize = 0;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_X509EXT_EKU ekudata;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (CSRData == NULL || ekuOID == NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (KMF_ERR_BAD_PARAMETER);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    (void) memset(&ekudata, 0, sizeof (KMF_X509EXT_EKU));
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    (void) memset(&newextn, 0, sizeof (newextn));
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    foundextn = FindExtn(&CSRData->csr.extensions,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        (KMF_OID *)&KMFOID_ExtendedKeyUsage);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (foundextn != NULL) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = GetSequenceContents((char *)foundextn->BERvalue.Data,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            foundextn->BERvalue.Length, &olddata, &oldsize);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        if (ret != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        /*
d00756ccb34596a328f8a15d1965da5412d366d0wyllys         * If the EKU is already in the cert, then just return OK.
d00756ccb34596a328f8a15d1965da5412d366d0wyllys         */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = parse_eku_data(&foundextn->BERvalue, &ekudata);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        if (ret == KMF_OK) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            if (is_eku_present(&ekudata, ekuOID)) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys                goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if ((asn1 = kmfder_alloc()) == NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (KMF_ERR_MEMORY);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (kmfber_printf(asn1, "{") == -1) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = KMF_ERR_ENCODING;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    /* Write the old extension data first */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (olddata != NULL && oldsize > 0) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        if (kmfber_write(asn1, olddata, oldsize, 0) == -1) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            ret = KMF_ERR_ENCODING;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    /* Append this EKU OID and close the sequence */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (kmfber_printf(asn1, "D}", ekuOID) == -1) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = KMF_ERR_ENCODING;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (kmfber_flatten(asn1, &extdata) == -1) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = KMF_ERR_ENCODING;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    /*
d00756ccb34596a328f8a15d1965da5412d366d0wyllys     * If we are just adding to an existing list of EKU OIDs,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys     * just replace the BER data associated with the found extension.
d00756ccb34596a328f8a15d1965da5412d366d0wyllys     */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (foundextn != NULL) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        free(foundextn->BERvalue.Data);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        foundextn->critical = critical;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        foundextn->BERvalue.Data = (uchar_t *)extdata->bv_val;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        foundextn->BERvalue.Length = extdata->bv_len;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    } else {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = copy_data(&newextn.extnId,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            (KMF_DATA *)&KMFOID_ExtendedKeyUsage);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        if (ret != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            goto out;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        newextn.critical = critical;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        newextn.format = KMF_X509_DATAFORMAT_ENCODED;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        newextn.BERvalue.Data = (uchar_t *)extdata->bv_val;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        newextn.BERvalue.Length = extdata->bv_len;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        ret = kmf_set_csr_extn(CSRData, &newextn);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        if (ret != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys            free(newextn.BERvalue.Data);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllysout:
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    kmf_free_eku(&ekudata);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (extdata != NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        free(extdata);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (olddata != NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        free(olddata);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (asn1 != NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        kmfber_free(asn1, 1);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (ret != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        kmf_free_data(&newextn.extnId);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    return (ret);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys}
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysstatic KMF_RETURN
d00756ccb34596a328f8a15d1965da5412d366d0wyllyssign_csr(KMF_HANDLE_T handle,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    const KMF_DATA *SubjectCsr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEY_HANDLE  *Signkey,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_X509_ALGORITHM_IDENTIFIER *algo,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_DATA    *SignedCsr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_CSR_DATA    subj_csr;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_TBS_CSR *tbs_csr = NULL;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_DATA    signed_data = { 0, NULL };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN  ret = KMF_OK;
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    KMF_ATTRIBUTE   attlist[5];
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    KMF_ALGORITHM_INDEX algid;
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    int i = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (!SignedCsr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    SignedCsr->Length = 0;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    SignedCsr->Data = NULL;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (!SubjectCsr)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (!SubjectCsr->Data || !SubjectCsr->Length)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) memset(&subj_csr, 0, sizeof (subj_csr));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    /* Estimate the signed data length generously */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    signed_data.Length = SubjectCsr->Length*2;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    signed_data.Data = calloc(1, signed_data.Length);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (!signed_data.Data) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        ret = KMF_ERR_MEMORY;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        goto cleanup;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    kmf_set_attr_at_index(attlist, i++,
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll        KMF_KEYSTORE_TYPE_ATTR, &Signkey->kstype,
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll        sizeof (Signkey->kstype));
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    kmf_set_attr_at_index(attlist, i++,
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll        KMF_KEY_HANDLE_ATTR, Signkey, sizeof (KMF_KEY_HANDLE));
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    kmf_set_attr_at_index(attlist, i++, KMF_OID_ATTR, &algo->algorithm,
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll        sizeof (KMF_OID));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    kmf_set_attr_at_index(attlist, i++, KMF_DATA_ATTR,
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll        (KMF_DATA *)SubjectCsr, sizeof (KMF_DATA));
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    kmf_set_attr_at_index(attlist, i++, KMF_OUT_DATA_ATTR,
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll        &signed_data, sizeof (KMF_DATA));
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll
9f0bc604621fbb9b9b038e6de7da8f9c46e28608Wyllys Ingersoll    ret = kmf_sign_data(handle, i, attlist);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (KMF_OK != ret)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        goto cleanup;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    /*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     * If we got here OK, decode into a structure and then re-encode
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     * the complete CSR.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys     */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = DerDecodeTbsCsr(SubjectCsr, &tbs_csr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (ret)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        goto cleanup;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    (void) memcpy(&subj_csr.csr, tbs_csr, sizeof (KMF_TBS_CSR));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = copy_algoid(&subj_csr.signature.algorithmIdentifier, algo);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (ret)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        goto cleanup;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    algid = x509_algoid_to_algid(&algo->algorithm);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    if (algid == KMF_ALGID_SHA1WithDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA256WithDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA1WithECDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA256WithECDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA384WithECDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA512WithECDSA) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        /*
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll         * For DSA and ECDSA, we must encode the
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll         * signature correctly.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll         */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        KMF_DATA signature;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        ret = DerEncodeDSASignature(&signed_data, &signature);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        kmf_free_data(&signed_data);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        if (ret != KMF_OK)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            goto cleanup;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        subj_csr.signature.encrypted = signature;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    } else {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        subj_csr.signature.encrypted = signed_data;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    /* Now, re-encode the CSR with the new signature */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = DerEncodeSignedCsr(&subj_csr, SignedCsr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (ret != KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_data(SignedCsr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        goto cleanup;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    /* Cleanup & return */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyscleanup:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    free(tbs_csr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_tbs_csr(&subj_csr.csr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_algoid(&subj_csr.signature.algorithmIdentifier);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_data(&signed_data);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Name: kmf_sign_csr
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Description:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   This function signs a CSR and returns the result as a
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   signed, encoded CSR in SignedCsr
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Parameters:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   tbsCsr(input) - pointer to a KMF_DATA structure containing a
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *      DER encoded TBS CSR data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   Signkey(input) - pointer to the KMF_KEY_HANDLE structure containing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *      the private key generated by the plug-in CreateKeypair
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   algo(input) - contains algorithm info needed for signing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   SignedCsr(output) - pointer to the KMF_DATA structure containing
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *      the signed CSR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Returns:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   A KMF_RETURN value indicating success or specifying a particular
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   The value KMF_OK indicates success. All other values represent
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *   an error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys *
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_sign_csr(KMF_HANDLE_T handle,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    const KMF_CSR_DATA *tbsCsr,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_KEY_HANDLE  *Signkey,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_DATA    *SignedCsr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN err;
6b35cb3cf158584a9408d44b9b6796564e8e1882Richard PALO    KMF_DATA csrdata = { 0, NULL };
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, err);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (err != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (err);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (tbsCsr == NULL || Signkey == NULL || SignedCsr == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    SignedCsr->Data = NULL;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    SignedCsr->Length = 0;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    err = DerEncodeTbsCsr((KMF_TBS_CSR *)&tbsCsr->csr, &csrdata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (err == KMF_OK) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        err = sign_csr(handle, &csrdata, Signkey,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            (KMF_X509_ALGORITHM_IDENTIFIER *)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            &tbsCsr->signature.algorithmIdentifier,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            SignedCsr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (err != KMF_OK) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        kmf_free_data(SignedCsr);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    kmf_free_data(&csrdata);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (err);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys/*
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * kmf_decode_csr
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * Description:
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *   This function decodes raw CSR data and fills in the KMF_CSR_DATA
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *   record.
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * Inputs:
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *  KMF_HANDLE_T handle
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *  KMF_DATA *rawcsr
d00756ccb34596a328f8a15d1965da5412d366d0wyllys *  KMF_CSR_DATA *csrdata;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys */
d00756ccb34596a328f8a15d1965da5412d366d0wyllysKMF_RETURN
d00756ccb34596a328f8a15d1965da5412d366d0wyllyskmf_decode_csr(KMF_HANDLE_T handle, KMF_DATA *rawcsr, KMF_CSR_DATA *csrdata)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys{
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_RETURN rv;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_CSR_DATA *cdata = NULL;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (handle == NULL || rawcsr == NULL || csrdata == NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (KMF_ERR_BAD_PARAMETER);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    rv = DerDecodeSignedCsr(rawcsr, &cdata);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (rv != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (rv);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    (void) memcpy(csrdata, cdata, sizeof (KMF_CSR_DATA));
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    free(cdata);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    return (rv);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys}
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllysKMF_RETURN
d00756ccb34596a328f8a15d1965da5412d366d0wyllyskmf_verify_csr(KMF_HANDLE_T handle, int numattr,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_ATTRIBUTE *attrlist)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys{
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_RETURN rv = KMF_OK;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_CSR_DATA *csrdata = NULL;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_ALGORITHM_INDEX algid;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_X509_ALGORITHM_IDENTIFIER *x509alg;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_DATA rawcsr;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    KMF_ATTRIBUTE_TESTER required_attrs[] = {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        {KMF_CSR_DATA_ATTR, FALSE, sizeof (KMF_CSR_DATA),
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        sizeof (KMF_CSR_DATA)},
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    };
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    int num_req_attrs = sizeof (required_attrs) /
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        sizeof (KMF_ATTRIBUTE_TESTER);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (handle == NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (KMF_ERR_BAD_PARAMETER);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    CLEAR_ERROR(handle, rv);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    rv = test_attributes(num_req_attrs, required_attrs,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        0, NULL, numattr, attrlist);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (rv != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (rv);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    csrdata = kmf_get_attr_ptr(KMF_CSR_DATA_ATTR, attrlist, numattr);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (csrdata == NULL)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (KMF_ERR_BAD_PARAMETER);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    rv = DerEncodeTbsCsr(&csrdata->csr, &rawcsr);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    if (rv != KMF_OK)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys        return (rv);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    x509alg = &csrdata->signature.algorithmIdentifier;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    algid = x509_algoid_to_algid(&x509alg->algorithm);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    if (algid == KMF_ALGID_SHA1WithDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA256WithDSA) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        /* Decode the DSA signature before verifying it */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        KMF_DATA signature;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        rv = DerDecodeDSASignature(&csrdata->signature.encrypted,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &signature);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        if (rv != KMF_OK)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            goto end;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        rv = PKCS_VerifyData(handle, algid,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &csrdata->csr.subjectPublicKeyInfo,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &rawcsr, &signature);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        kmf_free_data(&signature);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    } else if (algid == KMF_ALGID_SHA1WithECDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA256WithECDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA384WithECDSA ||
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        algid == KMF_ALGID_SHA512WithECDSA) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        KMF_DATA signature;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        rv = DerDecodeECDSASignature(&csrdata->signature.encrypted,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &signature);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        if (rv != KMF_OK)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            goto end;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        rv = PKCS_VerifyData(handle, algid,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &csrdata->csr.subjectPublicKeyInfo,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &rawcsr, &signature);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        kmf_free_data(&signature);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    } else {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll        rv = PKCS_VerifyData(handle, algid,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &csrdata->csr.subjectPublicKeyInfo,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &rawcsr,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll            &csrdata->signature.encrypted);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll    }
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersollend:
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    kmf_free_data(&rawcsr);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys    return (rv);
d00756ccb34596a328f8a15d1965da5412d366d0wyllys}
d00756ccb34596a328f8a15d1965da5412d366d0wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysstatic KMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyssetup_crl_call(KMF_HANDLE_T handle, int numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE *attrlist, KMF_PLUGIN **plugin)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    uint32_t len = sizeof (kstype);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE_TESTER required_attrs[] = {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        {KMF_KEYSTORE_TYPE_ATTR, FALSE, 1, sizeof (KMF_KEYSTORE_TYPE)}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int num_req_attrs = sizeof (required_attrs) /
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (KMF_ATTRIBUTE_TESTER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (handle == NULL || plugin == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = test_attributes(num_req_attrs, required_attrs,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        0, NULL, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &kstype, &len);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (ret != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    switch (kstype) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    case KMF_KEYSTORE_NSS:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        *plugin = FindPlugin(handle, kstype);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    case KMF_KEYSTORE_OPENSSL:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    case KMF_KEYSTORE_PK11TOKEN: /* PKCS#11 CRL is file-based */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        *plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    default:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (KMF_OK);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_import_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = setup_crl_call(handle, numattr, attrlist, &plugin);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (plugin == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    else if (plugin->funclist->ImportCRL != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (plugin->funclist->ImportCRL(handle, numattr, attrlist));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_delete_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = setup_crl_call(handle, numattr, attrlist, &plugin);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (plugin == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    else if (plugin->funclist->DeleteCRL != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (plugin->funclist->DeleteCRL(handle, numattr, attrlist));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_list_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = setup_crl_call(handle, numattr, attrlist, &plugin);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (plugin == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    else if (plugin->funclist->ListCRL != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (plugin->funclist->ListCRL(handle, numattr, attrlist));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_find_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_KEYSTORE_TYPE kstype;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    uint32_t len = sizeof (kstype);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_ATTRIBUTE_TESTER required_attrs[] = {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        {KMF_KEYSTORE_TYPE_ATTR, FALSE, 1,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (KMF_KEYSTORE_TYPE)},
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        {KMF_CRL_COUNT_ATTR, FALSE,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (char *), sizeof (char *)}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    };
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    int num_req_attrs = sizeof (required_attrs) /
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        sizeof (KMF_ATTRIBUTE_TESTER);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (handle == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = test_attributes(num_req_attrs, required_attrs,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        0, NULL, numattr, attrlist);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        &kstype, &len);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (ret != KMF_OK)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    switch (kstype) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    case KMF_KEYSTORE_NSS:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        plugin = FindPlugin(handle, kstype);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        break;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    case KMF_KEYSTORE_OPENSSL:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    case KMF_KEYSTORE_PK11TOKEN:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    default:
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        /*
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys         * FindCRL is only implemented for NSS. PKCS#11
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys         * and file-based keystores just store in a file
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys         * and don't need a "Find" function.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys         */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (plugin == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    else if (plugin->funclist->FindCRL != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (plugin->funclist->FindCRL(handle, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            attrlist));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_find_cert_in_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN ret;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    ret = setup_crl_call(handle, numattr, attrlist, &plugin);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (plugin == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    else if (plugin->funclist->FindCertInCRL != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (plugin->funclist->FindCertInCRL(handle, numattr,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys            attrlist));
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (KMF_ERR_FUNCTION_NOT_FOUND);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys}
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_verify_crl_file(KMF_HANDLE_T handle, char *crlfile, KMF_DATA *tacert)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys{
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_PLUGIN *plugin;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN (*verifyCRLFile)(KMF_HANDLE_T, char *, KMF_DATA *);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (handle == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (plugin == NULL || plugin->dldesc == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    verifyCRLFile = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "OpenSSL_VerifyCRLFile");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (verifyCRLFile == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (verifyCRLFile(handle, crlfile, tacert));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_check_crl_date(KMF_HANDLE_T handle, char *crlname)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN (*checkCRLDate)(void *, char *);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN ret = KMF_OK;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    if (handle == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (plugin == NULL || plugin->dldesc == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    checkCRLDate = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "OpenSSL_CheckCRLDate");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (checkCRLDate == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    return (checkCRLDate(handle, crlname));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysKMF_RETURN
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_is_crl_file(KMF_HANDLE_T handle, char *filename, KMF_ENCODE_FORMAT *pformat)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys{
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_PLUGIN *plugin;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    KMF_RETURN (*IsCRLFileFn)(void *, char *, KMF_ENCODE_FORMAT *);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys    KMF_RETURN ret = KMF_OK;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    CLEAR_ERROR(handle, ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (ret != KMF_OK)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (ret);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (filename  == NULL || pformat == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_BAD_PARAMETER);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    /*
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * This framework function is actually implemented in the openssl
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     * plugin library, so we find the function address and call it.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys     */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (plugin == NULL || plugin->dldesc == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_PLUGIN_NOTFOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    IsCRLFileFn = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        "OpenSSL_IsCRLFile");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    if (IsCRLFileFn == NULL) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys        return (KMF_ERR_FUNCTION_NOT_FOUND);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys    return (IsCRLFileFn(handle, filename, pformat));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys}