75  *	cert
83  * We then verify the given cert using the publickey of a TA.
84  * If the passed in cert is a TA or it has been verified already we
89 elfcertlib_verifycert(ELFsign_t ess, ELFCert_t cert)
95 	if ((cert->c_verified == E_OK) || (cert->c_verified == E_IS_TA)) {
121 		    KMF_CERT_DATA_ATTR, &cert->c_cert.certificate,
131 				    cert, CACERT);
132 			cert->c_verified = E_OK;
140 		    KMF_CERT_DATA_ATTR, &cert->c_cert.certificate,
150 				    cert, OBJCACERT);
151 			cert->c_verified = E_OK;
159 		    KMF_CERT_DATA_ATTR, &cert->c_cert.certificate,
169 				    cert, SECACERT);
170 			cert->c_verified = E_OK;
182  *	cert_pathname	- path to cert (May be NULL)
195 	ELFCert_t	cert = NULL;
226 	if ((cert = elfcertlib_allocatecert()) == NULL) {
264 		cert->c_cert = certbuf[0];
278 		    &cert->c_cert.certificate, &cert->c_subject);
283 		    &cert->c_cert.certificate, &cert->c_issuer);
293 	cert->c_verified = E_UNCHECKED;
296 	 * If the cert we are loading is the trust anchor (ie the CA) then
297 	 * we mark it as such in cert.  This is so that we don't attempt
305 			(ess->es_certCAcallback)(ess->es_callbackctx, cert,
307 		cert->c_verified = E_IS_TA;
314 		*certp = cert;
316 		if (cert != NULL)
317 			elfcertlib_freecert(ess, cert);
332  *	cert
334  * OUT	cert
338 elfcertlib_loadprivatekey(ELFsign_t ess, ELFCert_t cert, const char *pathname)
380 	cert->c_privatekey = keybuf[0];
389  *	cert
392  * OUT	cert
396 elfcertlib_loadtokenkey(ELFsign_t ess, ELFCert_t cert,
418 	rv = kmf_get_cert_id_str(&cert->c_cert.certificate, &idstr);
421 		cryptodebug("Error getting ID from cert: %s\n",
441 	    &cert->c_privatekey, sizeof (KMF_KEY_HANDLE));
474 	    &cert->c_privatekey);
483  * elfcertlib_sign - sign the given DATA using the privatekey in cert
486  *	cert
496 elfcertlib_sign(ELFsign_t ess, ELFCert_t cert,
540 	    KMF_KEYSTORE_TYPE_ATTR, &(cert->c_privatekey.kstype),
543 	    KMF_KEY_HANDLE_ATTR, &cert->c_privatekey, sizeof (KMF_KEY_HANDLE));
568  * elfcertlib_verifysig - verify the given DATA using the public key in cert
571  *	cert
580 elfcertlib_verifysig(ELFsign_t ess, ELFCert_t cert,
618 	    (KMF_DATA *)(&cert->c_cert.certificate), sizeof (KMF_DATA));
630  * IN	cert
635 elfcertlib_getdn(ELFCert_t cert)
639 	return (cert->c_subject);
645  * IN	cert
650 elfcertlib_getissuer(ELFCert_t cert)
654 	return (cert->c_issuer);
734  * elfcertlib_releasecert - release a cert
736  * IN cert
737  * OUT cert
742 elfcertlib_releasecert(ELFsign_t ess, ELFCert_t cert)
744 	elfcertlib_freecert(ess, cert);
757 	ELFCert_t cert = NULL;
759 	cert = malloc(sizeof (struct ELFCert_s));
760 	if (cert == NULL) {
766 	(void) memset(cert, 0, sizeof (struct ELFCert_s));
767 	cert->c_verified = E_UNCHECKED;
768 	cert->c_subject = NULL;
769 	cert->c_issuer = NULL;
770 	return (cert);
774  * elfcertlib_freecert - freeup the memory of a cert
776  * IN cert
777  * OUT cert
782 elfcertlib_freecert(ELFsign_t ess, ELFCert_t cert)
784 	if (cert == NULL)
787 	free(cert->c_subject);
788 	free(cert->c_issuer);
790 	kmf_free_kmf_cert(ess->es_kmfhandle, &cert->c_cert);
791 	kmf_free_kmf_key(ess->es_kmfhandle, &cert->c_privatekey);
793 	free(cert);

Indexes created Mon Jul 01 21:43:02 MDT 2024