1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 22 * Use is subject to license terms. 23 */ 24 25 #pragma ident "%Z%%M% %I% %E% SMI" 26 27 #include <stdio.h> 28 #include <link.h> 29 #include <fcntl.h> 30 #include <ctype.h> 31 #include <sys/param.h> 32 #include <sys/types.h> 33 #include <sys/stat.h> 34 #include <sys/socket.h> 35 36 #include <ber_der.h> 37 #include <kmfapiP.h> 38 39 #include <pem_encode.h> 40 #include <libgen.h> 41 #include <cryptoutil.h> 42 43 static KMF_RETURN 44 setup_crl_call(KMF_HANDLE_T, int, KMF_ATTRIBUTE *, KMF_PLUGIN **); 45 46 /* 47 * 48 * Name: kmf_set_csr_pubkey 49 * 50 * Description: 51 * This function converts the specified plugin public key to SPKI form, 52 * and save it in the KMF_CSR_DATA internal structure 53 * 54 * Parameters: 55 * KMFkey(input) - pointer to the KMF_KEY_HANDLE structure containing the 56 * public key generated by the plug-in CreateKeypair 57 * Csr(input/output) - pointer to a KMF_CSR_DATA structure containing 58 * SPKI 59 * 60 * Returns: 61 * A KMF_RETURN value indicating success or specifying a particular 62 * error condition. 63 * The value KMF_OK indicates success. All other values represent 64 * an error condition. 65 * 66 */ 67 KMF_RETURN 68 kmf_set_csr_pubkey(KMF_HANDLE_T handle, 69 KMF_KEY_HANDLE *KMFKey, 70 KMF_CSR_DATA *Csr) 71 { 72 KMF_RETURN ret; 73 KMF_X509_SPKI *spki_ptr; 74 KMF_PLUGIN *plugin; 75 KMF_DATA KeyData = {NULL, 0}; 76 77 CLEAR_ERROR(handle, ret); 78 if (ret != KMF_OK) 79 return (ret); 80 81 if (KMFKey == NULL || Csr == NULL) { 82 return (KMF_ERR_BAD_PARAMETER); 83 } 84 85 /* The keystore must extract the pubkey data */ 86 plugin = FindPlugin(handle, KMFKey->kstype); 87 if (plugin != NULL && plugin->funclist->EncodePubkeyData != NULL) { 88 ret = plugin->funclist->EncodePubkeyData(handle, 89 KMFKey, &KeyData); 90 } else { 91 return (KMF_ERR_PLUGIN_NOTFOUND); 92 } 93 94 spki_ptr = &Csr->csr.subjectPublicKeyInfo; 95 96 ret = DerDecodeSPKI(&KeyData, spki_ptr); 97 98 kmf_free_data(&KeyData); 99 100 return (ret); 101 } 102 103 KMF_RETURN 104 kmf_set_csr_version(KMF_CSR_DATA *CsrData, uint32_t version) 105 { 106 if (CsrData == NULL) 107 return (KMF_ERR_BAD_PARAMETER); 108 109 /* 110 * From RFC 3280: 111 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 112 */ 113 if (version != 0 && version != 1 && version != 2) 114 return (KMF_ERR_BAD_PARAMETER); 115 return (set_integer(&CsrData->csr.version, (void *)&version, 116 sizeof (uint32_t))); 117 } 118 119 KMF_RETURN 120 kmf_set_csr_subject(KMF_CSR_DATA *CsrData, 121 KMF_X509_NAME *subject_name_ptr) 122 { 123 KMF_RETURN rv = KMF_OK; 124 KMF_X509_NAME *temp_name_ptr = NULL; 125 126 if (CsrData != NULL && subject_name_ptr != NULL) { 127 rv = CopyRDN(subject_name_ptr, &temp_name_ptr); 128 if (rv == KMF_OK) { 129 CsrData->csr.subject = *temp_name_ptr; 130 } 131 } else { 132 return (KMF_ERR_BAD_PARAMETER); 133 } 134 return (rv); 135 } 136 KMF_RETURN 137 kmf_create_csr_file(KMF_DATA *csrdata, KMF_ENCODE_FORMAT format, 138 char *csrfile) 139 { 140 KMF_RETURN rv = KMF_OK; 141 int fd = -1; 142 KMF_DATA pemdata = {NULL, 0}; 143 144 if (csrdata == NULL || csrfile == NULL) 145 return (KMF_ERR_BAD_PARAMETER); 146 147 if (format != KMF_FORMAT_PEM && format != KMF_FORMAT_ASN1) 148 return (KMF_ERR_BAD_PARAMETER); 149 150 if (format == KMF_FORMAT_PEM) { 151 int len; 152 rv = kmf_der_to_pem(KMF_CSR, 153 csrdata->Data, csrdata->Length, 154 &pemdata.Data, &len); 155 if (rv != KMF_OK) 156 goto cleanup; 157 pemdata.Length = (size_t)len; 158 } 159 160 if ((fd = open(csrfile, O_CREAT |O_RDWR, 0644)) == -1) { 161 rv = KMF_ERR_OPEN_FILE; 162 goto cleanup; 163 } 164 165 if (format == KMF_FORMAT_PEM) { 166 if (write(fd, pemdata.Data, pemdata.Length) != 167 pemdata.Length) { 168 rv = KMF_ERR_WRITE_FILE; 169 } 170 } else { 171 if (write(fd, csrdata->Data, csrdata->Length) != 172 csrdata->Length) { 173 rv = KMF_ERR_WRITE_FILE; 174 } 175 } 176 177 cleanup: 178 if (fd != -1) 179 (void) close(fd); 180 181 kmf_free_data(&pemdata); 182 183 return (rv); 184 } 185 186 KMF_RETURN 187 kmf_set_csr_extn(KMF_CSR_DATA *Csr, KMF_X509_EXTENSION *extn) 188 { 189 KMF_RETURN ret = KMF_OK; 190 KMF_X509_EXTENSIONS *exts; 191 192 if (Csr == NULL || extn == NULL) 193 return (KMF_ERR_BAD_PARAMETER); 194 195 exts = &Csr->csr.extensions; 196 197 ret = add_an_extension(exts, extn); 198 199 return (ret); 200 } 201 202 KMF_RETURN 203 kmf_set_csr_sig_alg(KMF_CSR_DATA *CsrData, 204 KMF_ALGORITHM_INDEX sigAlg) 205 { 206 KMF_OID *alg; 207 208 if (CsrData == NULL) 209 return (KMF_ERR_BAD_PARAMETER); 210 211 alg = x509_algid_to_algoid(sigAlg); 212 213 if (alg != NULL) { 214 (void) copy_data((KMF_DATA *) 215 &CsrData->signature.algorithmIdentifier.algorithm, 216 (KMF_DATA *)alg); 217 (void) copy_data( 218 &CsrData->signature.algorithmIdentifier.parameters, 219 &CsrData->csr.subjectPublicKeyInfo.algorithm.parameters); 220 } else { 221 return (KMF_ERR_BAD_PARAMETER); 222 } 223 return (KMF_OK); 224 } 225 226 KMF_RETURN 227 kmf_set_csr_subject_altname(KMF_CSR_DATA *Csr, 228 char *altname, int critical, 229 KMF_GENERALNAMECHOICES alttype) 230 { 231 KMF_RETURN ret = KMF_OK; 232 233 if (Csr == NULL || altname == NULL) 234 return (KMF_ERR_BAD_PARAMETER); 235 236 ret = kmf_set_altname(&Csr->csr.extensions, 237 (KMF_OID *)&KMFOID_SubjectAltName, critical, alttype, 238 altname); 239 240 return (ret); 241 } 242 243 KMF_RETURN 244 kmf_set_csr_ku(KMF_CSR_DATA *CSRData, 245 int critical, uint16_t kubits) 246 { 247 KMF_RETURN ret = KMF_OK; 248 249 if (CSRData == NULL) 250 return (KMF_ERR_BAD_PARAMETER); 251 252 ret = set_key_usage_extension( 253 &CSRData->csr.extensions, critical, kubits); 254 255 return (ret); 256 } 257 258 static KMF_RETURN 259 SignCsr(KMF_HANDLE_T handle, 260 const KMF_DATA *SubjectCsr, 261 KMF_KEY_HANDLE *Signkey, 262 KMF_X509_ALGORITHM_IDENTIFIER *algo, 263 KMF_DATA *SignedCsr) 264 { 265 266 KMF_CSR_DATA subj_csr; 267 KMF_TBS_CSR *tbs_csr = NULL; 268 KMF_DATA signed_data = {0, NULL}; 269 KMF_RETURN ret = KMF_OK; 270 271 if (!SignedCsr) 272 return (KMF_ERR_BAD_PARAMETER); 273 274 SignedCsr->Length = 0; 275 SignedCsr->Data = NULL; 276 277 if (!SubjectCsr) 278 return (KMF_ERR_BAD_PARAMETER); 279 280 if (!SubjectCsr->Data || !SubjectCsr->Length) 281 return (KMF_ERR_BAD_PARAMETER); 282 283 (void) memset(&subj_csr, 0, sizeof (subj_csr)); 284 /* Estimate the signed data length generously */ 285 signed_data.Length = SubjectCsr->Length*2; 286 signed_data.Data = calloc(1, signed_data.Length); 287 if (!signed_data.Data) { 288 ret = KMF_ERR_MEMORY; 289 goto cleanup; 290 } 291 292 /* Sign the data */ 293 ret = KMF_SignDataWithKey(handle, Signkey, &algo->algorithm, 294 (KMF_DATA *)SubjectCsr, &signed_data); 295 296 if (KMF_OK != ret) 297 goto cleanup; 298 299 /* 300 * If we got here OK, decode into a structure and then re-encode 301 * the complete CSR. 302 */ 303 ret = DerDecodeTbsCsr(SubjectCsr, &tbs_csr); 304 if (ret) 305 goto cleanup; 306 307 (void) memcpy(&subj_csr.csr, tbs_csr, sizeof (KMF_TBS_CSR)); 308 309 ret = copy_algoid(&subj_csr.signature.algorithmIdentifier, algo); 310 if (ret) 311 goto cleanup; 312 313 subj_csr.signature.encrypted = signed_data; 314 315 /* Now, re-encode the CSR with the new signature */ 316 ret = DerEncodeSignedCsr(&subj_csr, SignedCsr); 317 if (ret != KMF_OK) { 318 kmf_free_data(SignedCsr); 319 goto cleanup; 320 } 321 322 /* Cleanup & return */ 323 cleanup: 324 free(tbs_csr); 325 326 kmf_free_tbs_csr(&subj_csr.csr); 327 328 kmf_free_algoid(&subj_csr.signature.algorithmIdentifier); 329 kmf_free_data(&signed_data); 330 331 return (ret); 332 } 333 334 /* 335 * 336 * Name: kmf_sign_csr 337 * 338 * Description: 339 * This function signs a CSR and returns the result as a 340 * signed, encoded CSR in SignedCsr 341 * 342 * Parameters: 343 * tbsCsr(input) - pointer to a KMF_DATA structure containing a 344 * DER encoded TBS CSR data 345 * Signkey(input) - pointer to the KMF_KEY_HANDLE structure containing 346 * the private key generated by the plug-in CreateKeypair 347 * algo(input) - contains algorithm info needed for signing 348 * SignedCsr(output) - pointer to the KMF_DATA structure containing 349 * the signed CSR 350 * 351 * Returns: 352 * A KMF_RETURN value indicating success or specifying a particular 353 * error condition. 354 * The value KMF_OK indicates success. All other values represent 355 * an error condition. 356 * 357 */ 358 KMF_RETURN 359 kmf_sign_csr(KMF_HANDLE_T handle, 360 const KMF_CSR_DATA *tbsCsr, 361 KMF_KEY_HANDLE *Signkey, 362 KMF_DATA *SignedCsr) 363 { 364 KMF_RETURN err; 365 KMF_DATA csrdata = { NULL, 0 }; 366 367 CLEAR_ERROR(handle, err); 368 if (err != KMF_OK) 369 return (err); 370 371 if (tbsCsr == NULL || Signkey == NULL || SignedCsr == NULL) 372 return (KMF_ERR_BAD_PARAMETER); 373 374 SignedCsr->Data = NULL; 375 SignedCsr->Length = 0; 376 377 err = DerEncodeTbsCsr((KMF_TBS_CSR *)&tbsCsr->csr, &csrdata); 378 if (err == KMF_OK) { 379 err = SignCsr(handle, &csrdata, Signkey, 380 (KMF_X509_ALGORITHM_IDENTIFIER *) 381 &tbsCsr->signature.algorithmIdentifier, 382 SignedCsr); 383 } 384 385 if (err != KMF_OK) { 386 kmf_free_data(SignedCsr); 387 } 388 kmf_free_data(&csrdata); 389 return (err); 390 } 391 392 static KMF_RETURN 393 setup_crl_call(KMF_HANDLE_T handle, int numattr, 394 KMF_ATTRIBUTE *attrlist, KMF_PLUGIN **plugin) 395 { 396 KMF_RETURN ret; 397 KMF_KEYSTORE_TYPE kstype; 398 uint32_t len = sizeof (kstype); 399 400 KMF_ATTRIBUTE_TESTER required_attrs[] = { 401 {KMF_KEYSTORE_TYPE_ATTR, FALSE, 1, sizeof (KMF_KEYSTORE_TYPE)} 402 }; 403 404 int num_req_attrs = sizeof (required_attrs) / 405 sizeof (KMF_ATTRIBUTE_TESTER); 406 407 if (handle == NULL || plugin == NULL) 408 return (KMF_ERR_BAD_PARAMETER); 409 410 CLEAR_ERROR(handle, ret); 411 412 ret = test_attributes(num_req_attrs, required_attrs, 413 0, NULL, numattr, attrlist); 414 if (ret != KMF_OK) 415 return (ret); 416 417 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr, 418 &kstype, &len); 419 if (ret != KMF_OK) 420 return (ret); 421 422 switch (kstype) { 423 case KMF_KEYSTORE_NSS: 424 *plugin = FindPlugin(handle, kstype); 425 break; 426 427 case KMF_KEYSTORE_OPENSSL: 428 case KMF_KEYSTORE_PK11TOKEN: /* PKCS#11 CRL is file-based */ 429 *plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL); 430 break; 431 default: 432 return (KMF_ERR_PLUGIN_NOTFOUND); 433 } 434 return (KMF_OK); 435 } 436 437 KMF_RETURN 438 kmf_import_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist) 439 { 440 KMF_RETURN ret; 441 KMF_PLUGIN *plugin; 442 443 ret = setup_crl_call(handle, numattr, attrlist, &plugin); 444 if (ret != KMF_OK) 445 return (ret); 446 447 if (plugin == NULL) 448 return (KMF_ERR_PLUGIN_NOTFOUND); 449 else if (plugin->funclist->ImportCRL != NULL) 450 return (plugin->funclist->ImportCRL(handle, numattr, attrlist)); 451 452 return (KMF_ERR_FUNCTION_NOT_FOUND); 453 } 454 455 KMF_RETURN 456 kmf_delete_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist) 457 { 458 KMF_RETURN ret; 459 KMF_PLUGIN *plugin; 460 461 ret = setup_crl_call(handle, numattr, attrlist, &plugin); 462 if (ret != KMF_OK) 463 return (ret); 464 465 if (plugin == NULL) 466 return (KMF_ERR_PLUGIN_NOTFOUND); 467 else if (plugin->funclist->DeleteCRL != NULL) 468 return (plugin->funclist->DeleteCRL(handle, numattr, attrlist)); 469 470 return (KMF_ERR_FUNCTION_NOT_FOUND); 471 } 472 473 KMF_RETURN 474 kmf_list_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist) 475 { 476 KMF_PLUGIN *plugin; 477 KMF_RETURN ret; 478 479 ret = setup_crl_call(handle, numattr, attrlist, &plugin); 480 if (ret != KMF_OK) 481 return (ret); 482 483 if (plugin == NULL) 484 return (KMF_ERR_PLUGIN_NOTFOUND); 485 else if (plugin->funclist->ListCRL != NULL) 486 return (plugin->funclist->ListCRL(handle, numattr, attrlist)); 487 return (KMF_ERR_FUNCTION_NOT_FOUND); 488 } 489 490 KMF_RETURN 491 kmf_find_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist) 492 { 493 KMF_PLUGIN *plugin; 494 KMF_RETURN ret; 495 KMF_KEYSTORE_TYPE kstype; 496 uint32_t len = sizeof (kstype); 497 498 KMF_ATTRIBUTE_TESTER required_attrs[] = { 499 {KMF_KEYSTORE_TYPE_ATTR, FALSE, 1, 500 sizeof (KMF_KEYSTORE_TYPE)}, 501 {KMF_CRL_COUNT_ATTR, FALSE, 502 sizeof (char *), sizeof (char *)} 503 }; 504 505 int num_req_attrs = sizeof (required_attrs) / 506 sizeof (KMF_ATTRIBUTE_TESTER); 507 if (handle == NULL) 508 return (KMF_ERR_BAD_PARAMETER); 509 510 CLEAR_ERROR(handle, ret); 511 512 ret = test_attributes(num_req_attrs, required_attrs, 513 0, NULL, numattr, attrlist); 514 if (ret != KMF_OK) 515 return (ret); 516 517 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr, 518 &kstype, &len); 519 if (ret != KMF_OK) 520 return (ret); 521 522 switch (kstype) { 523 case KMF_KEYSTORE_NSS: 524 plugin = FindPlugin(handle, kstype); 525 break; 526 case KMF_KEYSTORE_OPENSSL: 527 case KMF_KEYSTORE_PK11TOKEN: 528 return (KMF_ERR_FUNCTION_NOT_FOUND); 529 default: 530 /* 531 * FindCRL is only implemented for NSS. PKCS#11 532 * and file-based keystores just store in a file 533 * and don't need a "Find" function. 534 */ 535 return (KMF_ERR_PLUGIN_NOTFOUND); 536 } 537 538 if (plugin == NULL) 539 return (KMF_ERR_PLUGIN_NOTFOUND); 540 else if (plugin->funclist->FindCRL != NULL) { 541 return (plugin->funclist->FindCRL(handle, numattr, 542 attrlist)); 543 } 544 return (KMF_ERR_FUNCTION_NOT_FOUND); 545 } 546 547 KMF_RETURN 548 kmf_find_cert_in_crl(KMF_HANDLE_T handle, int numattr, KMF_ATTRIBUTE *attrlist) 549 { 550 KMF_RETURN ret; 551 KMF_PLUGIN *plugin; 552 553 ret = setup_crl_call(handle, numattr, attrlist, &plugin); 554 if (ret != KMF_OK) 555 return (ret); 556 557 if (plugin == NULL) 558 return (KMF_ERR_PLUGIN_NOTFOUND); 559 else if (plugin->funclist->FindCertInCRL != NULL) 560 return (plugin->funclist->FindCertInCRL(handle, numattr, 561 attrlist)); 562 563 return (KMF_ERR_FUNCTION_NOT_FOUND); 564 } 565 566 KMF_RETURN 567 kmf_verify_crl_file(KMF_HANDLE_T handle, char *crlfile, KMF_DATA *tacert) 568 { 569 KMF_PLUGIN *plugin; 570 KMF_RETURN (*verifyCRLFile)(KMF_HANDLE_T, char *, KMF_DATA *); 571 572 if (handle == NULL) 573 return (KMF_ERR_BAD_PARAMETER); 574 575 plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL); 576 if (plugin == NULL || plugin->dldesc == NULL) { 577 return (KMF_ERR_PLUGIN_NOTFOUND); 578 } 579 580 verifyCRLFile = (KMF_RETURN(*)())dlsym(plugin->dldesc, 581 "OpenSSL_VerifyCRLFile"); 582 583 if (verifyCRLFile == NULL) { 584 return (KMF_ERR_FUNCTION_NOT_FOUND); 585 } 586 587 return (verifyCRLFile(handle, crlfile, tacert)); 588 } 589 590 KMF_RETURN 591 kmf_check_crl_date(KMF_HANDLE_T handle, char *crlname) 592 { 593 KMF_PLUGIN *plugin; 594 KMF_RETURN (*checkCRLDate)(void *, char *); 595 KMF_RETURN ret = KMF_OK; 596 597 if (handle == NULL) 598 return (KMF_ERR_BAD_PARAMETER); 599 600 CLEAR_ERROR(handle, ret); 601 if (ret != KMF_OK) 602 return (ret); 603 604 plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL); 605 if (plugin == NULL || plugin->dldesc == NULL) { 606 return (KMF_ERR_PLUGIN_NOTFOUND); 607 } 608 609 checkCRLDate = (KMF_RETURN(*)())dlsym(plugin->dldesc, 610 "OpenSSL_CheckCRLDate"); 611 612 if (checkCRLDate == NULL) { 613 return (KMF_ERR_FUNCTION_NOT_FOUND); 614 } 615 616 return (checkCRLDate(handle, crlname)); 617 } 618 619 KMF_RETURN 620 kmf_is_crl_file(KMF_HANDLE_T handle, char *filename, KMF_ENCODE_FORMAT *pformat) 621 { 622 KMF_PLUGIN *plugin; 623 KMF_RETURN (*IsCRLFileFn)(void *, char *, KMF_ENCODE_FORMAT *); 624 KMF_RETURN ret = KMF_OK; 625 626 CLEAR_ERROR(handle, ret); 627 if (ret != KMF_OK) 628 return (ret); 629 630 if (filename == NULL || pformat == NULL) { 631 return (KMF_ERR_BAD_PARAMETER); 632 } 633 634 /* 635 * This framework function is actually implemented in the openssl 636 * plugin library, so we find the function address and call it. 637 */ 638 plugin = FindPlugin(handle, KMF_KEYSTORE_OPENSSL); 639 if (plugin == NULL || plugin->dldesc == NULL) { 640 return (KMF_ERR_PLUGIN_NOTFOUND); 641 } 642 643 IsCRLFileFn = (KMF_RETURN(*)())dlsym(plugin->dldesc, 644 "OpenSSL_IsCRLFile"); 645 if (IsCRLFileFn == NULL) { 646 return (KMF_ERR_FUNCTION_NOT_FOUND); 647 } 648 649 return (IsCRLFileFn(handle, filename, pformat)); 650 } 651 652 /* 653 * Phase 1 APIs still needed to maintain compat with elfsign. 654 */ 655 KMF_RETURN 656 KMF_CreateCSRFile(KMF_DATA *csrdata, KMF_ENCODE_FORMAT format, 657 char *csrfile) 658 { 659 return (kmf_create_csr_file(csrdata, format, csrfile)); 660 } 661 662 KMF_RETURN 663 KMF_SetCSRPubKey(KMF_HANDLE_T handle, 664 KMF_KEY_HANDLE *KMFKey, 665 KMF_CSR_DATA *Csr) 666 { 667 return (kmf_set_csr_pubkey(handle, KMFKey, Csr)); 668 } 669 670 KMF_RETURN 671 KMF_SetCSRVersion(KMF_CSR_DATA *CsrData, uint32_t version) 672 { 673 return (kmf_set_csr_version(CsrData, version)); 674 } 675 676 KMF_RETURN 677 KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *CsrData, 678 KMF_ALGORITHM_INDEX sigAlg) 679 { 680 return (kmf_set_csr_sig_alg(CsrData, sigAlg)); 681 } 682 683 KMF_RETURN 684 KMF_SignCSR(KMF_HANDLE_T handle, 685 const KMF_CSR_DATA *tbsCsr, 686 KMF_KEY_HANDLE *Signkey, 687 KMF_DATA *SignedCsr) 688 { 689 return (kmf_sign_csr(handle, tbsCsr, Signkey, SignedCsr)); 690 } 691 692 KMF_RETURN 693 KMF_SetCSRSubjectName(KMF_CSR_DATA *CsrData, 694 KMF_X509_NAME *subject_name_ptr) 695 { 696 return (kmf_set_csr_subject(CsrData, subject_name_ptr)); 697 } 698