diff options
author | Martin Willi <martin@revosec.ch> | 2010-07-15 12:23:50 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-08-04 09:26:20 +0200 |
commit | 3479c2793116b18407e2e041e5bee454a8f9005d (patch) | |
tree | 7fd0578f95f318aabac1f013fad30dddcd45ae6f /src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | |
parent | 36c852a08be2b4373bd62d7cfb1862d28e818505 (diff) | |
download | strongswan-3479c2793116b18407e2e041e5bee454a8f9005d.tar.bz2 strongswan-3479c2793116b18407e2e041e5bee454a8f9005d.tar.xz |
Support module names in %smartcard specifier, streamlined smartcard building
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c')
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 5817ade9e..b7b6e797d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -451,21 +451,28 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, { #ifndef OPENSSL_NO_ENGINE private_openssl_rsa_private_key_t *this; - char *keyid = NULL, *pin = NULL; + char *keyid = NULL, *pin = NULL, *engine_id = NULL; + char keyname[64]; EVP_PKEY *key; - char *engine_id; ENGINE *engine; + int slot = -1; while (TRUE) { switch (va_arg(args, builder_part_t)) { - case BUILD_SMARTCARD_KEYID: + case BUILD_PKCS11_KEYID: keyid = va_arg(args, char*); continue; - case BUILD_SMARTCARD_PIN: + case BUILD_PKCS11_PIN: pin = va_arg(args, char*); continue; + case BUILD_PKCS11_SLOT: + slot = va_arg(args, int); + continue; + case BUILD_PKCS11_MODULE: + engine_id = va_arg(args, char*); + continue; case BUILD_END: break; default: @@ -478,8 +485,20 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, return NULL; } - engine_id = lib->settings->get_str(lib->settings, + if (slot == -1) + { + snprintf(keyname, sizeof(keyname), "%s", keyid); + } + else + { + snprintf(keyname, sizeof(keyname), "%d:%s", slot, keyid); + } + + if (!engine_id) + { + engine_id = lib->settings->get_str(lib->settings, "libstrongswan.plugins.openssl.engine_id", "pkcs11"); + } engine = ENGINE_by_id(engine_id); if (!engine) { @@ -499,11 +518,11 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, return NULL; } - key = ENGINE_load_private_key(engine, keyid, NULL, NULL); + key = ENGINE_load_private_key(engine, keyname, NULL, NULL); if (!key) { DBG1(DBG_LIB, "failed to load private key with ID '%s' from " - "engine '%s'", keyid, engine_id); + "engine '%s'", keyname, engine_id); ENGINE_free(engine); return NULL; } @@ -512,6 +531,11 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, this = create_empty(); this->rsa = EVP_PKEY_get1_RSA(key); this->engine = TRUE; + if (!this->rsa) + { + destroy(this); + return NULL; + } return &this->public; #else /* OPENSSL_NO_ENGINE */ |