diff options
Diffstat (limited to 'src/openvpn/pkcs11_openssl.c')
| -rw-r--r-- | src/openvpn/pkcs11_openssl.c | 173 |
1 files changed, 88 insertions, 85 deletions
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 87eb166..6244cc7 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2010-2017 Fox Crypto B.V. <openvpn@fox-it.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -44,149 +44,152 @@ int pkcs11_init_tls_session(pkcs11h_certificate_t certificate, - struct tls_root_ctx * const ssl_ctx) + struct tls_root_ctx *const ssl_ctx) { - int ret = 1; + int ret = 1; - X509 *x509 = NULL; - EVP_PKEY *evp = NULL; - pkcs11h_openssl_session_t openssl_session = NULL; + X509 *x509 = NULL; + EVP_PKEY *evp = NULL; + pkcs11h_openssl_session_t openssl_session = NULL; - if ((openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL) + if ((openssl_session = pkcs11h_openssl_createSession(certificate)) == NULL) { - msg (M_WARN, "PKCS#11: Cannot initialize openssl session"); - goto cleanup; + msg(M_WARN, "PKCS#11: Cannot initialize openssl session"); + goto cleanup; } - /* - * Will be released by openssl_session - */ - certificate = NULL; + /* + * Will be released by openssl_session + */ + certificate = NULL; - if ((evp = pkcs11h_openssl_session_getEVP (openssl_session)) == NULL) + if ((evp = pkcs11h_openssl_session_getEVP(openssl_session)) == NULL) { - msg (M_WARN, "PKCS#11: Unable get evp object"); - goto cleanup; + msg(M_WARN, "PKCS#11: Unable get evp object"); + goto cleanup; } - if ((x509 = pkcs11h_openssl_session_getX509 (openssl_session)) == NULL) + if ((x509 = pkcs11h_openssl_session_getX509(openssl_session)) == NULL) { - msg (M_WARN, "PKCS#11: Unable get certificate object"); - goto cleanup; + msg(M_WARN, "PKCS#11: Unable get certificate object"); + goto cleanup; } - if (!SSL_CTX_use_PrivateKey (ssl_ctx->ctx, evp)) + if (!SSL_CTX_use_PrivateKey(ssl_ctx->ctx, evp)) { - msg (M_WARN, "PKCS#11: Cannot set private key for openssl"); - goto cleanup; + msg(M_WARN, "PKCS#11: Cannot set private key for openssl"); + goto cleanup; } - if (!SSL_CTX_use_certificate (ssl_ctx->ctx, x509)) + if (!SSL_CTX_use_certificate(ssl_ctx->ctx, x509)) { - msg (M_WARN, "PKCS#11: Cannot set certificate for openssl"); - goto cleanup; + msg(M_WARN, "PKCS#11: Cannot set certificate for openssl"); + goto cleanup; } - ret = 0; + ret = 0; cleanup: - /* - * Certificate freeing is usually handled by openssl_session. - * If something went wrong, creating the session we have to do it manually. - */ - if (certificate != NULL) { - pkcs11h_certificate_freeCertificate (certificate); - certificate = NULL; - } + /* + * Certificate freeing is usually handled by openssl_session. + * If something went wrong, creating the session we have to do it manually. + */ + if (certificate != NULL) + { + pkcs11h_certificate_freeCertificate(certificate); + certificate = NULL; + } - /* - * openssl objects have reference - * count, so release them - */ - if (x509 != NULL) + /* + * openssl objects have reference + * count, so release them + */ + if (x509 != NULL) { - X509_free (x509); - x509 = NULL; + X509_free(x509); + x509 = NULL; } - if (evp != NULL) + if (evp != NULL) { - EVP_PKEY_free (evp); - evp = NULL; + EVP_PKEY_free(evp); + evp = NULL; } - if (openssl_session != NULL) + if (openssl_session != NULL) { - pkcs11h_openssl_freeSession (openssl_session); - openssl_session = NULL; + pkcs11h_openssl_freeSession(openssl_session); + openssl_session = NULL; } - return ret; + return ret; } char * -pkcs11_certificate_dn (pkcs11h_certificate_t certificate, struct gc_arena *gc) +pkcs11_certificate_dn(pkcs11h_certificate_t certificate, struct gc_arena *gc) { - X509 *x509 = NULL; + X509 *x509 = NULL; - char *dn = NULL; + char *dn = NULL; - if ((x509 = pkcs11h_openssl_getX509 (certificate)) == NULL) + if ((x509 = pkcs11h_openssl_getX509(certificate)) == NULL) { - msg (M_FATAL, "PKCS#11: Cannot get X509"); - goto cleanup; + msg(M_FATAL, "PKCS#11: Cannot get X509"); + goto cleanup; } - dn = x509_get_subject (x509, gc); + dn = x509_get_subject(x509, gc); cleanup: - if (x509 != NULL) + if (x509 != NULL) { - X509_free (x509); - x509 = NULL; + X509_free(x509); + x509 = NULL; } - return dn; + return dn; } int -pkcs11_certificate_serial (pkcs11h_certificate_t certificate, char *serial, - size_t serial_len) +pkcs11_certificate_serial(pkcs11h_certificate_t certificate, char *serial, + size_t serial_len) { - X509 *x509 = NULL; - BIO *bio = NULL; - int ret = 1; - int n; + X509 *x509 = NULL; + BIO *bio = NULL; + int ret = 1; + int n; - if ((x509 = pkcs11h_openssl_getX509 (certificate)) == NULL) + if ((x509 = pkcs11h_openssl_getX509(certificate)) == NULL) { - msg (M_FATAL, "PKCS#11: Cannot get X509"); - goto cleanup; + msg(M_FATAL, "PKCS#11: Cannot get X509"); + goto cleanup; } - if ((bio = BIO_new (BIO_s_mem ())) == NULL) + if ((bio = BIO_new(BIO_s_mem())) == NULL) { - msg (M_FATAL, "PKCS#11: Cannot create BIO"); - goto cleanup; + msg(M_FATAL, "PKCS#11: Cannot create BIO"); + goto cleanup; } - i2a_ASN1_INTEGER(bio, X509_get_serialNumber (x509)); - n = BIO_read (bio, serial, serial_len-1); + i2a_ASN1_INTEGER(bio, X509_get_serialNumber(x509)); + n = BIO_read(bio, serial, serial_len-1); - if (n<0) { - serial[0] = '\x0'; - } - else { - serial[n] = 0; - } + if (n<0) + { + serial[0] = '\x0'; + } + else + { + serial[n] = 0; + } - ret = 0; + ret = 0; cleanup: - if (x509 != NULL) + if (x509 != NULL) { - X509_free (x509); - x509 = NULL; + X509_free(x509); + x509 = NULL; } - return ret; + return ret; } #endif /* defined(ENABLE_PKCS11) && defined(ENABLE_OPENSSL) */ |