Reuse generic passphrase build part, not a dedicated PIN part

2 files changed, 13 insertions, 11 deletions

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index b7b6e797d..d596fcf6b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -451,8 +451,9 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 {
 #ifndef OPENSSL_NO_ENGINE
 	private_openssl_rsa_private_key_t *this;
-	char *keyid = NULL, *pin = NULL, *engine_id = NULL;
-	char keyname[64];
+	char *keyid = NULL, *engine_id = NULL;
+	char keyname[64], pin[32];;
+	chunk_t secret = chunk_empty;
 	EVP_PKEY *key;
 	ENGINE *engine;
 	int slot = -1;
@@ -464,8 +465,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 			case BUILD_PKCS11_KEYID:
 				keyid = va_arg(args, char*);
 				continue;
-			case BUILD_PKCS11_PIN:
-				pin = va_arg(args, char*);
+			case BUILD_PASSPHRASE:
+				secret = va_arg(args, chunk_t);
 				continue;
 			case BUILD_PKCS11_SLOT:
 				slot = va_arg(args, int);
@@ -480,7 +481,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 		}
 		break;
 	}
-	if (!keyid || !pin)
+	if (!keyid || !secret.len || !secret.ptr)
 	{
 		return NULL;
 	}
@@ -493,6 +494,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 	{
 		snprintf(keyname, sizeof(keyname), "%d:%s", slot, keyid);
 	}
+	snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
 
 	if (!engine_id)
 	{
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index 576e2af82..cce6afbf1 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -276,10 +276,10 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
 pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
 {
 	private_pkcs11_private_key_t *this;
-	char *keyid = NULL, *pin = NULL, *module = NULL;
+	char *keyid = NULL, *module = NULL;
 	int slot = -1;
 	CK_RV rv;
-	chunk_t chunk;
+	chunk_t chunk, pin = chunk_empty;
 
 	while (TRUE)
 	{
@@ -288,8 +288,8 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
 			case BUILD_PKCS11_KEYID:
 				keyid = va_arg(args, char*);
 				continue;
-			case BUILD_PKCS11_PIN:
-				pin = va_arg(args, char*);
+			case BUILD_PASSPHRASE:
+				pin = va_arg(args, chunk_t);
 				continue;
 			case BUILD_PKCS11_SLOT:
 				slot = va_arg(args, int);
@@ -304,7 +304,7 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
 		}
 		break;
 	}
-	if (!keyid || !pin || !module || slot == -1)
+	if (!keyid || !pin.ptr || !pin.len || !module || slot == -1)
 	{	/* we currently require all parameters, TODO: search for pubkeys */
 		return NULL;
 	}
@@ -347,7 +347,7 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
 
 	this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
 
-	rv = this->lib->f->C_Login(this->session, CKU_USER, pin, strlen(pin));
+	rv = this->lib->f->C_Login(this->session, CKU_USER, pin.ptr, pin.len);
 	if (rv != CKR_OK)
 	{
 		DBG1(DBG_CFG, "login to '%s':%d failed: %N",