99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER START
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The contents of this file are subject to the terms of the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Common Development and Distribution License (the "License").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You may not use this file except in compliance with the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * See the License for the specific language governing permissions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * and limitations under the License.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * When distributing Covered Code, include this CDDL HEADER in each
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If applicable, add the following below this CDDL HEADER, with the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * fields enclosed by brackets "[]" replaced with your own identifying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * information: Portions Copyright [yyyy] [name of copyright owner]
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * CDDL HEADER END
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_PLUGIN_NOTFOUND, "KMF_ERR_PLUGIN_NOTFOUND"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_BAD_CERT_FORMAT, "KMF_ERR_BAD_CERT_FORMAT"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_NO_TOKEN_SELECTED, "KMF_ERR_NO_TOKEN_SELECTED"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_TOKEN_NOT_PRESENT, "KMF_ERR_TOKEN_NOT_PRESENT"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_EXTENSION_NOT_FOUND, "KMF_ERR_EXTENSION_NOT_FOUND"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_POLICY_DB_FORMAT, "KMF_ERR_POLICY_DB_FORMAT"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_POLICY_NOT_FOUND, "KMF_ERR_POLICY_NOT_FOUND"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_BAD_ISSUER, "KMF_ERR_OCSP_BAD_ISSUER"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_CREATE_REQUEST, "KMF_ERR_OCSP_CREATE_REQUEST"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_MALFORMED_RESPONSE, "KMF_ERR_OCSP_MALFORMED_RESPONSE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_RESPONSE_STATUS, "KMF_ERR_OCSP_RESPONSE_STATUS"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_NO_BASIC_RESPONSE, "KMF_ERR_OCSP_NO_BASIC_RESPONSE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_BAD_SIGNER, "KMF_ERR_OCSP_BAD_SIGNER"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_RESPONSE_SIGNATURE, "KMF_ERR_OCSP_RESPONSE_SIGNATURE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_UNKNOWN_CERT, "KMF_ERR_OCSP_UNKNOWN_CERT"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_STATUS_TIME_INVALID, "KMF_ERR_OCSP_STATUS_TIME_INVALID"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_BAD_HTTP_RESPONSE, "KMF_ERR_BAD_HTTP_RESPONSE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_DUPLICATE_KEYFILE, "KMF_ERR_DUPLICATE_KEYFILE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_AMBIGUOUS_PATHNAME, "KMF_ERR_AMBIGUOUS_PATHNAME"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_FUNCTION_NOT_FOUND, "KMF_ERR_FUNCTION_NOT_FOUND"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_VALIDITY_PERIOD, "KMF_ERR_VALIDITY_PERIOD"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_CERT_MULTIPLE_FOUND, "KMF_ERR_CERT_MULTIPLE_FOUND"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_GETKEYVALUE_FAILED, "KMF_ERR_GETKEYVALUE_FAILED"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_BAD_OBJECT_TYPE, "KMF_ERR_BAD_OBJECT_TYPE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_OCSP_RESPONSE_LIFETIME, "KMF_ERR_OCSP_RESPONSE_LIFETIME"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_UNKNOWN_CSR_ATTRIBUTE, "KMF_ERR_UNKNOWN_CSR_ATTRIBUTE"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_UNINITIALIZED_TOKEN, "KMF_ERR_UNINITIALIZED_TOKEN"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_INCOMPLETE_TBS_CERT, "KMF_ERR_INCOMPLETE_TBS_CERT"},
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys {KMF_ERR_MISSING_ERRCODE, "KMF_ERR_MISSING_ERRCODE"},
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys {KMF_KEYSTORE_ALREADY_INITIALIZED, "KMF_KEYSTORE_ALREADY_INITIALIZED"},
71593db26bb6ef7b739cffe06d53bf990cac112cwyllys {KMF_ERR_UNEXTRACTABLE_KEY, "KMF_ERR_UNEXTRACTABLE_KEY"},
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec {KMF_ERR_NAME_NOT_MATCHED, "KMF_ERR_NAME_NOT_MATCHED"},
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec {KMF_ERR_MAPPER_NOT_FOUND, "KMF_ERR_MAPPER_NOT_FOUND"},
fc2613b0a10c787c0f90e9b36f170183746c63f8Wyllys Ingersoll {KMF_ERR_MAPPING_FAILED, "KMF_ERR_MAPPING_FAILED"},
fc2613b0a10c787c0f90e9b36f170183746c63f8Wyllys Ingersoll {KMF_ERR_CERT_VALIDATION, "KMF_ERR_CERT_VALIDATION"}
85b65b39e9a6fea849facdcfc7d06f5ece340e36wyllystypedef struct {
85b65b39e9a6fea849facdcfc7d06f5ece340e36wyllys {KMF_KEYSTORE_OPENSSL, KMF_PLUGIN_PATH "kmf_openssl.so.1", TRUE},
85b65b39e9a6fea849facdcfc7d06f5ece340e36wyllys {KMF_KEYSTORE_PK11TOKEN, KMF_PLUGIN_PATH "kmf_pkcs11.so.1", TRUE},
85b65b39e9a6fea849facdcfc7d06f5ece340e36wyllys {KMF_KEYSTORE_NSS, KMF_PLUGIN_PATH "kmf_nss.so.1", FALSE}
90c85bf889e3af34323084f00e344a82f120b409wyllysstatic KMF_RETURN InitializePlugin(KMF_KEYSTORE_TYPE, char *, KMF_PLUGIN **);
90c85bf889e3af34323084f00e344a82f120b409wyllysstatic KMF_RETURN AddPlugin(KMF_HANDLE_T, KMF_PLUGIN *);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysstatic void free_extensions(KMF_X509_EXTENSIONS *extns);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Private method for searching the plugin list for the correct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Plugin to use.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysFindPlugin(KMF_HANDLE_T handle, KMF_KEYSTORE_TYPE kstype)
90c85bf889e3af34323084f00e344a82f120b409wyllys /* See if the desired plugin was already initialized. */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* The plugin was not found, try to initialize it here. */
90c85bf889e3af34323084f00e344a82f120b409wyllys int numitems = sizeof (plugin_list)/sizeof (KMF_PLUGIN_ITEM);
90c85bf889e3af34323084f00e344a82f120b409wyllys for (i = 0; i < numitems; i++) {
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * Not a built-in plugin. Check if it is in the
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * extra_plugin_list. If it is, try to initialize it here.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * Get the absolute path of the module.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * - If modulepath is not a full path, then prepend it
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * with KMF_PLUGIN_PATH.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * - If modulepath is a full path and contain $ISA, then
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * subsitute the architecture dependent path.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee ret = InitializePlugin(phead->entry->kstype, realpath,
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* No matching plugins found in the built-in list */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysInitializePlugin(KMF_KEYSTORE_TYPE kstype, char *path, KMF_PLUGIN **plugin)
2225707c7e7edf7c636ed349df2592ef85329cddValerie Bubb Fenwick * Do not use RTLD_GROUP here, or this will cause a circular
2225707c7e7edf7c636ed349df2592ef85329cddValerie Bubb Fenwick * dependency when kmf_pkcs11.so.1 gets its PKCS#11 functions
2225707c7e7edf7c636ed349df2592ef85329cddValerie Bubb Fenwick * from libpkcs11.so.1 when kmf is used via libelfsign.so.1
2225707c7e7edf7c636ed349df2592ef85329cddValerie Bubb Fenwick * called from kcfd.
2225707c7e7edf7c636ed349df2592ef85329cddValerie Bubb Fenwick p->dldesc = dlopen(path, RTLD_LAZY | RTLD_PARENT);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Get the function list */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* If the head is NULL, create it */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* walk the list to find the tail */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys n->next = (KMF_PLUGIN_LIST *)malloc(sizeof (KMF_PLUGIN_LIST));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys return (0);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Close active session on a pkcs11 token */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_initialize(KMF_HANDLE_T *outhandle, char *policyfile, char *policyname)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * When this function is called the first time, get the additional
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * plugins from the config file.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * Assign the kstype number to the additional plugins here.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * The global kstore_num will be protected by the mutex lock.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * If the KMF configuration file does not exist or cannot be
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * parsed correctly, we will give a warning in syslog and
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * continue on as there is no extra plugins in the system.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee "the private KMF config file.\n");
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Initialize the handle with the policy */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys policyfile == NULL ? KMF_DEFAULT_POLICY_FILE : policyfile,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys policyname == NULL ? KMF_DEFAULT_POLICY_NAME : policyname);
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * Let's have the mapper status structure even if no cert-to-name
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * mapping is initialized. It's better not to coredump in the
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * kmf_get_mapper_lasterror function, for example, when there is no
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * mapping initialized.
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec handle->mapstate = malloc(sizeof (KMF_MAPPER_STATE));
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * Initialize the mapping scheme according to the policy. If no mapping
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * is set in the policy database we silently ignore the error.
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec (void) kmf_cert_to_name_mapping_initialize(handle, 0, NULL);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys {KMF_KEYSTORE_TYPE_ATTR, FALSE, 1, sizeof (KMF_KEYSTORE_TYPE)},
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, num_args,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (plugin != NULL && plugin->funclist->ConfigureKeystore != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (plugin->funclist->ConfigureKeystore(handle, num_args,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* return KMF_OK, if the plugin does not have an entry */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_kmf_error_str(KMF_RETURN errcode, char **errmsg)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys maxerr = sizeof (kmf_errcodes) / sizeof (kmf_error_map);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys for (i = 0; i < maxerr && errcode != kmf_errcodes[i].code; i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* empty body */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_plugin_error_str(KMF_HANDLE_T handle, char **msgstr)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (handle->lasterr.kstype == -1) { /* System error */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys ret = plugin->funclist->GetErrorString(handle, msgstr);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_read_input_file(KMF_HANDLE_T handle, char *filename, KMF_DATA *pdata)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((buf = (unsigned char *) malloc(s.st_size)) == NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Name: kmf_der_to_pem
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Description:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Function for converting DER encoded format to PEM encoded format
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Parameters:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * type(input) - CERTIFICATE or CSR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * data(input) - pointer to the DER encoded data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * len(input) - length of input data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * out(output) - contains the output buffer address to be returned
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * outlen(output) - pointer to the returned output length
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * A KMF_RETURN value indicating success or specifying a particular
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The value KMF_OK indicates success. All other values represent
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * an error condition.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_der_to_pem(KMF_OBJECT_TYPE type, unsigned char *data,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Name: kmf_pem_to_der
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Description:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Function for converting PEM encoded format to DER encoded format
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Parameters:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * in(input) - pointer to the PEM encoded data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * inlen(input) - length of input data
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * out(output) - contains the output buffer address to be returned
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * outlen(output) - pointer to the returned output length
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * A KMF_RETURN value indicating success or specifying a particular
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The value KMF_OK indicates success. All other values represent
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * an error condition.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* First determine the size of the string */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if ((uint32_t)(numshift+7) < (sizeof (uint32_t)*8)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If we get here, we've calculated the length of "n n n ... n ". Add 4
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * here for "{ " and "}\0".
d00756ccb34596a328f8a15d1965da5412d366d0wyllys /* loop to make sure this is ascii */;
d00756ccb34596a328f8a15d1965da5412d366d0wyllys if (i != 8)
9b37d29632d2cb262ba42f1d804f85fcb0aa3709wyllys /* Look for "-----BEGIN" right after a newline */
9b37d29632d2cb262ba42f1d804f85fcb0aa3709wyllys while (p != NULL) {
d00756ccb34596a328f8a15d1965da5412d366d0wyllys /* Restore the buffer */
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhyleestatic unsigned char pkcs12_version[3] = {0x02, 0x01, 0x03};
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee{0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01};
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * This function takes a BER encoded string as input and checks the version
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * and the oid in the the top-level ASN.1 structure to see if it complies to
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * the PKCS#12 Syntax.
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * The top level structure for a PKCS12 string:
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * PFX ::= SEQUENCE {
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * version INTEGER {v3(3)}(v3,...)
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * authSafe ContentInfo
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * macData MacData OPTIONAL
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * ContentInfo
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * Therefore, the BER/DER dump of a PKCS#12 file for the first 2
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * sequences up to the oid part is as following:
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * SEQUENCE {
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * INTEGER 3
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * SEQUENCE {
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * Check the first sequence and calculate the number of bytes used
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * to store the length.
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee /* Skip the length octets and check the pkcs12 version */
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee if (memcmp(buf + index, pkcs12_version, sizeof (pkcs12_version)) != 0)
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * Check the 2nd sequence and calculate the number of bytes used
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee * to store the length.
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee /* Skip the length octets and check the oid */
08ec4bd3f3c5e7a69bbb5c947fe80efe2e433c2fhylee if (memcmp(buf + index, pkcs12_oid, sizeof (pkcs12_oid)) != 0)
d00756ccb34596a328f8a15d1965da5412d366d0wyllyskmf_get_data_format(KMF_DATA *data, KMF_ENCODE_FORMAT *fmt)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys /* It is most likely a generic ASN.1 encoded file */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys /* Cannot determine this file format */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_file_format(char *filename, KMF_ENCODE_FORMAT *fmt)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (filename == NULL || !strlen(filename) || fmt == NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_hexstr_to_bytes(unsigned char *hexstr, unsigned char **bytes,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (hexstr[0] == '0' && ((hexstr[1] == 'x') || (hexstr[1] == 'X')))
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys for (i = 0; i < strlen((char *)hexstr) && isxdigit(hexstr[i]); i++)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* empty body */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If all the characters are not legitimate hex chars,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * return an error.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < stringlen; i++) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (i & 1) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_free_kmf_cert(KMF_HANDLE_T handle, KMF_X509_DER_CERT *kmf_cert)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys plugin = FindPlugin(handle, kmf_cert->kmf_private.keystore_type);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->FreeKMFCert != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *algoid)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_algoid(&tbscsr->subjectPublicKeyInfo.algorithm);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_data(&tbscsr->subjectPublicKeyInfo.subjectPublicKey);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_algoid(&csr->signature.algorithmIdentifier);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_algoid(&tbscert->subjectPublicKeyInfo.algorithm);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_data(&tbscert->subjectPublicKeyInfo.subjectPublicKey);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys kmf_free_algoid(&certptr->signature.algorithmIdentifier);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys for (i = 0; i < len; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (eptr && eptr->nEKUs > 0 && eptr->keyPurposeIdList != NULL)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_free_kmf_key(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_ATTRIBUTE attlist[2]; /* only 2 attributes for DeleteKey op */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys KMF_DESTROY_BOOL_ATTR, &token_destroy, sizeof (boolean_t));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (plugin != NULL && plugin->funclist->DeleteKey != NULL) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys (void) plugin->funclist->DeleteKey(handle, i, attlist);
02744e811b15322c5f109827a116c33bfe3438b5wyllys /* Clear it out before returning it to the pool */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function frees the space allocated for the name portion of a
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_CRL_DIST_POINT.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* For phase 1, we only need to free the fullname space. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys urldata = &(fullname->namelist[fullname->number - 1].name);
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function frees the space allocated for a KMF_CRL_DIST_POINT.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Need not to free crl_issuer space at phase 1 */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This function frees space for a KMF_X509EXT_CRLDISTPOINTS internally.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *crl_dps)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys {KMF_ISSUER_CERT_DATA_ATTR, FALSE, sizeof (KMF_DATA),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This framework function is actually implemented in the openssl
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * plugin library, so we find the function address and call it.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "OpenSSL_CreateOCSPRequest");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys {KMF_ISSUER_CERT_DATA_ATTR, FALSE, sizeof (KMF_DATA),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys {KMF_OCSP_RESPONSE_DATA_ATTR, FALSE, sizeof (KMF_DATA),
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys {KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, FALSE, sizeof (int),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This framework function is actually implemented in the openssl
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * plugin library, so we find the function address and call it.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys getCertStatusFn = (KMF_RETURN(*)())dlsym(plugin->dldesc,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys "OpenSSL_GetOCSPStatusForCert");
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (getCertStatusFn(handle, num_args, attrlist));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Skip over leading space */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The first two numbers are chewed up by the first octet.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while ((bp < &cp[len]) && (isspace(*bp) || *bp == '.'))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while ((bp < &cp[len]) && (isspace(*bp) || *bp == '.'))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys while ((bp < &cp[len]) && (isspace(*bp) || *bp == '.'))
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Have to fill in the bytes msb-first */
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * KRB5PrincipalName ::= SEQUENCE {
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * realm [0] Realm,
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * principalName [1] PrincipalName
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * KerberosString ::= GeneralString (IA5String)
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * Realm ::= KerberosString
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * PrincipalName ::= SEQUENCE {
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * name-type [0] Int32,
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * name-string [1] SEQUENCE OF KerberosString
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * Construct the "principalName" first.
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * The name may be split with a "/" to indicate a new instance.
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * This must be separated in the ASN.1
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_printf(asn1, "{Tli", 0xa0, 3, 0x01) == -1)
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_write(asn1, inst, strlen(inst), 0) != strlen(inst))
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_printf(asn1, "Tl", BER_GENERALSTRING,
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_write(asn1, name, strlen(name), 0) != strlen(name))
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll strlen(name) + 4, BER_GENERALSTRING, strlen(name)) == -1)
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_write(asn1, name, strlen(name), 0) != strlen(name))
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_flatten(asn1, &extdata) == -1) {
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll /* Next construct the KRB5PrincipalNameSeq */
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_printf(asn1, "{TlTl", 0xA0, strlen(realm) + 2,
d00756ccb34596a328f8a15d1965da5412d366d0wyllys if (kmfber_write(asn1, realm, strlen(realm), 0) != strlen(realm))
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_printf(asn1, "Tl", 0xA1, extdata->bv_len) == -1)
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_flatten(asn1, &extdata) == -1) {
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * GeneralName ::= CHOICE {
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * otherName [0] OtherName,
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * OtherName ::= SEQUENCE {
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * type-id OBJECT IDENTIFIER,
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll * value [0] EXPLICIT ANY DEFINED BY type-id
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll /* Now construct the SAN: OID + typed data. */
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_printf(asn1, "D", &KMFOID_PKINIT_san) == -1)
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll if (kmfber_printf(asn1, "Tl", 0xA0, extdata->bv_len) == -1)
56664548661c43ae04de4a32bce3510ed36aeaf9Wyllys Ingersoll extdata->bv_val = NULL; /* clear it so it is not freed later */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys if (*at == 0)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys /* The name is encoded as a KerberosString (IA5STRING) */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Parse the URI string; get the hostname and port */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (uriptr->scheme == NULL || !strlen(uriptr->scheme)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (uriptr->server == NULL || !strlen(uriptr->server)) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_GENERALNAMECHOICES nametype, KMF_DATA *encodedname)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Encode the namedata according to rules in RFC 3280 for GeneralName.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The input "namedata" is assumed to be an ASCII string representation
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * of the AltName, we need to convert it to correct ASN.1 here before
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * adding it to the cert.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* IA5String, no encoding needed */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* IA5String, no encoding needed */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* unsupported */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (kmfber_printf(asn1, "Tl", tagval, encodedname->Length) == -1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (data == NULL || contents == NULL || outlen == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Decode the sequence of general names
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Unwrap the sequence to find the size of the block
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * of GeneralName items in the set.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Peek at the tag and length ("tl"),
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * then consume them ("{").
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_scanf(exasn1, "tl{", &tag, &oldsize) == KMFBER_DEFAULT ||
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Read the entire blob of GeneralNames, we don't
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * need to interpret them now.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_read(exasn1, olddata, oldsize) != oldsize) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysadd_an_extension(KMF_X509_EXTENSIONS *exts, KMF_X509_EXTENSION *newextn)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys exts->numberOfExtensions * sizeof (KMF_X509_EXTENSION));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memcpy(&extlist[exts->numberOfExtensions], newextn,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (extensions == NULL || oid == NULL || namedata == NULL)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys (void) memset(&subjAltName, 0, sizeof (subjAltName));
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Check to see if this cert already has a subjectAltName.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Assume (!!) that the namedata given is already properly encoded.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Write the old extension data first */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Now add the new name to the list */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys if (kmfber_write(asn1, (char *)dername.Data, dername.Length, 0) == -1) {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys /* Now close the sequence */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * If we are just adding to an existing list of altNames,
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * just replace the BER data associated with the found extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys foundextn->BERvalue.Data = (uchar_t *)extdata->bv_val;
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys subjAltName.BERvalue.Data = (uchar_t *)extdata->bv_val;
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Search a list of attributes for one that matches the given type.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Return a pointer into the attribute list. This does not
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * return a copy of the value, it returns a reference into the
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * given list.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_find_attr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist, int numattrs)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys for (i = 0; i < numattrs; i++) {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (i);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys return (-1);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Verify that a given attribute is consistent with the
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * "test" attribute.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* A NULL pValue was found where one is required */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* If the given valueLen is too small, return error */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* If the given valueLen is too big, return error */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Given a set of required attribute tests and optional
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * attributes, make sure that the actual attributes
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * being tested (attrlist below) are allowed and are
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * properly specified.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllystest_attributes(int reqnum, KMF_ATTRIBUTE_TESTER *reqattrs,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * If the caller didn't supply enough attributes,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * return an error.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Make sure all required attrs are present and
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys idx = kmf_find_attr(reqattrs[i].type, attrlist, numattrs);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* If a required attr is not found, return error */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys ret = verify_attribute(&attrlist[idx], &reqattrs[i]);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Now test the optional parameters.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys idx = kmf_find_attr(optattrs[i].type, attrlist, numattrs);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* If a optional attr is not found, continue. */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys ret = verify_attribute(&attrlist[idx], &optattrs[i]);
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Given an already allocated attribute list, insert
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * the given attribute information at a specific index
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * in the list.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_set_attr_at_index(KMF_ATTRIBUTE *attlist, int index,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Find an attribute matching a particular type and set
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * the pValue and length fields to the given values.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* Assumes the attribute pValue can hold the result */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Find a particular attribute in a list and return
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * a pointer to its value.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_attr_ptr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (i == -1)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Find a particular attribute in a list and return
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * the value and length values. Value and length
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * may be NULL if the caller doesn't want their values
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * to be filled in.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_attr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if (i == -1)
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys /* This assumes that the ptr passed in is pre-allocated space */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * If the caller did not specify a length,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * assume "outValue" is big enough.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * Utility routine to find a string type attribute, allocate it
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * and return the value to the caller. This simplifies the
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * operation by doing both "kmf_get_attr" calls and avoids
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys * duplicating this block of code in lots of places.
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllyskmf_get_string_attr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attrlist,
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys if ((rv = kmf_get_attr(type, attrlist, numattrs, NULL, &len)) ==
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys rv = kmf_get_attr(type, attrlist, numattrs, (*outstr), &len);
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if ((token1 = strtok_r(buf, SEP_COLON, &lasts)) == NULL)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if ((token2 = strtok_r(NULL, SEP_SEMICOLON, &lasts)) == NULL) {
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* need to get token3 first to satisfy nested strtok invocations */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* parse token2 */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if (strncmp(token2, CONF_MODULEPATH, strlen(CONF_MODULEPATH)) != 0) {
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* parse token3, if it exists */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if ((rtn_entry->keystore = strdup(entry->keystore)) == NULL)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if ((rtn_entry->modulepath = strdup(entry->modulepath)) == NULL)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee (rtn_entry->option = strdup(entry->modulepath)) == NULL)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * This function takes a keystore_name as input and returns
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * the KMF_KEYSTORE_TYPE value assigned to it. If the "option"
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * argument is not NULL, this function also returns the option string
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * if there is an option string for the plugin module.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hyleekmf_get_plugin_info(KMF_HANDLE_T handle, char *keystore_name,
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * Although handle is not really used in the function, we will
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * check the handle to make sure that kmf_intialize() is called
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * before this function.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if (handle == NULL || keystore_name == NULL || kstype == NULL)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* Not a built-in plugin; check if it is in extra_plugin_list. */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if (strcmp(phead->entry->keystore, keystore_name) == 0)
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee /* found it */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee * Retrieve the non-default plugin list from the kmf.conf file.
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee cryptoerror(LOG_ERR, "failed to open %s.\n", _PATH_KMF_CONF);
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee continue; /* ignore comment lines */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if (buffer[len-1] == '\n') { /* get rid of trailing '\n' */
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee if ((ptmp = malloc(sizeof (conf_entrylist_t))) == NULL) {