diff options
| author | Martin Willi <martin@revosec.ch> | 2010-07-16 10:48:29 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-04 09:26:20 +0200 |
| commit | 0b8b66405682ef1bb1217384aa19e87f97b22b34 (patch) | |
| tree | 937932e61da47cae4607e11ee1056ba53348a640 /src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | |
| parent | 353d10d5902e5ead75ebfa701b903a8ff20660da (diff) | |
| download | strongswan-0b8b66405682ef1bb1217384aa19e87f97b22b34.tar.bz2 strongswan-0b8b66405682ef1bb1217384aa19e87f97b22b34.tar.xz | |
Pass the PKCS11 keyid as chunk, not as string
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index d596fcf6b..3bca34244 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -451,9 +451,9 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, { #ifndef OPENSSL_NO_ENGINE private_openssl_rsa_private_key_t *this; - char *keyid = NULL, *engine_id = NULL; + char *engine_id = NULL; char keyname[64], pin[32];; - chunk_t secret = chunk_empty; + chunk_t secret = chunk_empty, keyid = chunk_empty;; EVP_PKEY *key; ENGINE *engine; int slot = -1; @@ -463,7 +463,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, switch (va_arg(args, builder_part_t)) { case BUILD_PKCS11_KEYID: - keyid = va_arg(args, char*); + keyid = va_arg(args, chunk_t); continue; case BUILD_PASSPHRASE: secret = va_arg(args, chunk_t); @@ -481,19 +481,22 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, } break; } - if (!keyid || !secret.len || !secret.ptr) + if (!keyid.len || keyid.len > 40 || !secret.len) { return NULL; } - if (slot == -1) + memset(keyname, 0, sizeof(keyname)); + if (slot != -1) { - snprintf(keyname, sizeof(keyname), "%s", keyid); + snprintf(keyname, sizeof(keyname), "%d:", slot); } - else + if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1) { - snprintf(keyname, sizeof(keyname), "%d:%s", slot, keyid); + return NULL; } + chunk_to_hex(keyid, keyname + strlen(keyname), FALSE); + snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); if (!engine_id) @@ -504,7 +507,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, engine = ENGINE_by_id(engine_id); if (!engine) { - DBG1(DBG_LIB, "engine '%s' is not available", engine_id); + DBG2(DBG_LIB, "engine '%s' is not available", engine_id); return NULL; } if (!ENGINE_init(engine)) |