Attachment #1837 for bug #1736




	return (rv);
}

/* find a single 'obj' for given attributes */
static int
pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr,
    CK_ULONG nattr, CK_OBJECT_HANDLE *obj)
{
	CK_FUNCTION_LIST	*f;
	CK_SESSION_HANDLE	session;
	CK_ULONG		nfound = 0;
	CK_RV			rv;
	int			ret = -1;

	f = p->function_list;
	session = p->slotinfo[slotidx].session;
	if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) {
		error("C_FindObjectsInit failed: %lu", rv);
		return (-1);
	}
	if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK ||
	    nfound != 1)
		debug("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
	else
		ret = 0;
	if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
		error("C_FindObjectsFinal failed: %lu", rv);
	return (ret);
}

/* openssl callback doing the actual signing operation */
static int
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,

	struct pkcs11_slotinfo	*si;
	CK_FUNCTION_LIST	*f;
	CK_OBJECT_HANDLE	obj;
	CK_ULONG		tlen = 0;
	CK_RV			rv;
	CK_OBJECT_CLASS		private_key_class = CKO_PRIVATE_KEY;
	CK_BBOOL		true = CK_TRUE;

	}
	key_filter[1].pValue = k11->keyid;
	key_filter[1].ulValueLen = k11->keyid_len;
	/* try to find object w/CKA_SIGN first, retry w/o */
	if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 &&
	    pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) {
		error("cannot find private key");
	if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK ||
	    nfound != 1) {
		error("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
		error("C_SignInit failed: %lu", rv);
	} else {

		else 
			error("C_Sign failed: %lu", rv);
	}
	if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK)
		error("C_FindObjectsFinal failed: %lu", rv);
	return (rval);
}


Return to bug 1736

Lines 181-186 pkcs11_rsa_finish(RSA *rsa) Link Here

(-)ssh-pkcs11.c (-10 / +32 lines)
181	return (rv);	181	return (rv);
182	}	182	}
183		183
		184	/* find a single 'obj' for given attributes */
		185	static int
		186	pkcs11_find(struct pkcs11_provider p, CK_ULONG slotidx, CK_ATTRIBUTE attr,
		187	CK_ULONG nattr, CK_OBJECT_HANDLE *obj)
		188	{
		189	CK_FUNCTION_LIST *f;
		190	CK_SESSION_HANDLE session;
		191	CK_ULONG nfound = 0;
		192	CK_RV rv;
		193	int ret = -1;
		194
		195	f = p->function_list;
		196	session = p->slotinfo[slotidx].session;
		197	if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) {
		198	error("C_FindObjectsInit failed: %lu", rv);
		199	return (-1);
		200	}
		201	if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK \|\|
		202	nfound != 1)
		203	debug("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
		204	else
		205	ret = 0;
		206	if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
		207	error("C_FindObjectsFinal failed: %lu", rv);
		208	return (ret);
		209	}
		210
184	/* openssl callback doing the actual signing operation */	211	/* openssl callback doing the actual signing operation */
185	static int	212	static int
186	pkcs11_rsa_private_encrypt(int flen, const u_char from, u_char to, RSA *rsa,	213	pkcs11_rsa_private_encrypt(int flen, const u_char from, u_char to, RSA *rsa,
Lines 190-196 pkcs11_rsa_private_encrypt(int flen, con Link Here
190	struct pkcs11_slotinfo *si;	217	struct pkcs11_slotinfo *si;
191	CK_FUNCTION_LIST *f;	218	CK_FUNCTION_LIST *f;
192	CK_OBJECT_HANDLE obj;	219	CK_OBJECT_HANDLE obj;
193	CK_ULONG tlen = 0, nfound = 0;	220	CK_ULONG tlen = 0;
194	CK_RV rv;	221	CK_RV rv;
195	CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY;	222	CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY;
196	CK_BBOOL true = CK_TRUE;	223	CK_BBOOL true = CK_TRUE;
Lines 236-248 pkcs11_rsa_private_encrypt(int flen, con Link Here
236	}	263	}
237	key_filter[1].pValue = k11->keyid;	264	key_filter[1].pValue = k11->keyid;
238	key_filter[1].ulValueLen = k11->keyid_len;	265	key_filter[1].ulValueLen = k11->keyid_len;
239	if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) {	266	/* try to find object w/CKA_SIGN first, retry w/o */
240	error("C_FindObjectsInit failed: %lu", rv);	267	if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 &&
241	return (-1);	268	pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) {
242	}	269	error("cannot find private key");
243	if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK \|\|
244	nfound != 1) {
245	error("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
246	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {	270	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
247	error("C_SignInit failed: %lu", rv);	271	error("C_SignInit failed: %lu", rv);
248	} else {	272	} else {
Lines 254-261 pkcs11_rsa_private_encrypt(int flen, con Link Here
254	else	278	else
255	error("C_Sign failed: %lu", rv);	279	error("C_Sign failed: %lu", rv);
256	}	280	}
257	if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK)
258	error("C_FindObjectsFinal failed: %lu", rv);
259	return (rval);	281	return (rval);
260	}	282	}
261		283