diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2013-04-15 09:40:34 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2013-04-15 09:40:34 +0200 |
| commit | fc0babb27d9021c103b05eaae0ccc6caef12137e (patch) | |
| tree | 8222313304aeee0b3b32c7c2f15ed01b359e035f | |
| parent | 64102e8cc352ffc542dca1dfcdd50f5ae776dc1f (diff) | |
| download | rsyslog-fc0babb27d9021c103b05eaae0ccc6caef12137e.tar.gz rsyslog-fc0babb27d9021c103b05eaae0ccc6caef12137e.tar.bz2 rsyslog-fc0babb27d9021c103b05eaae0ccc6caef12137e.zip | |
logenc: add key-program support to rsyslog crypto provider
| -rw-r--r-- | runtime/lmcry_gcry.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/runtime/lmcry_gcry.c b/runtime/lmcry_gcry.c index bcc001fc..2e4cfff3 100644 --- a/runtime/lmcry_gcry.c +++ b/runtime/lmcry_gcry.c @@ -46,6 +46,7 @@ DEFobjCurrIf(glbl) static struct cnfparamdescr cnfpdescr[] = { { "cry.key", eCmdHdlrGetWord, 0 }, { "cry.keyfile", eCmdHdlrGetWord, 0 }, + { "cry.keyprogram", eCmdHdlrGetWord, 0 }, { "cry.mode", eCmdHdlrGetWord, 0 }, /* CBC, ECB, etc */ { "cry.algo", eCmdHdlrGetWord, 0 } }; @@ -93,11 +94,14 @@ SetCnfParam(void *pT, struct nvlst *lst) unsigned keylen; uchar *key = NULL; uchar *keyfile = NULL; + uchar *keyprogram = NULL; uchar *algo = NULL; uchar *mode = NULL; + int nKeys; /* number of keys (actually methods) specified */ struct cnfparamvals *pvals; DEFiRet; + nKeys = 0; pvals = nvlstGetParams(lst, &pblk, NULL); if(Debug) { dbgprintf("param blk in lmcry_gcry:\n"); @@ -109,8 +113,13 @@ SetCnfParam(void *pT, struct nvlst *lst) continue; if(!strcmp(pblk.descr[i].name, "cry.key")) { key = (uchar*) es_str2cstr(pvals[i].val.d.estr, NULL); + ++nKeys; } else if(!strcmp(pblk.descr[i].name, "cry.keyfile")) { keyfile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + ++nKeys; + } else if(!strcmp(pblk.descr[i].name, "cry.keyprogram")) { + keyprogram = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + ++nKeys; } else if(!strcmp(pblk.descr[i].name, "cry.mode")) { mode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(pblk.descr[i].name, "cry.algo")) { @@ -135,9 +144,9 @@ SetCnfParam(void *pT, struct nvlst *lst) } } /* note: key must be set AFTER algo/mode is set (as it depends on them) */ - if(key != NULL && keyfile != NULL) { - errmsg.LogError(0, RS_RET_INVALID_PARAMS, "only one of the following " - "parameters can be specified: cry.key, cry.keyfile\n"); + if(nKeys != 1) { + errmsg.LogError(0, RS_RET_INVALID_PARAMS, "excactly one of the following " + "parameters can be specified: cry.key, cry.keyfile, cry.keyprogram\n"); ABORT_FINALIZE(RS_RET_INVALID_PARAMS); } if(key != NULL) { @@ -153,6 +162,14 @@ SetCnfParam(void *pT, struct nvlst *lst) ABORT_FINALIZE(RS_RET_INVALID_PARAMS); } } + if(keyprogram != NULL) { + r = gcryGetKeyFromProg((char*)keyprogram, (char**)&key, &keylen); + if(r != 0) { + errmsg.LogError(0, RS_RET_ERR, "error %d obtaining key from program %s\n", + r, keyprogram); + ABORT_FINALIZE(RS_RET_INVALID_PARAMS); + } + } /* if we reach this point, we have a valid key */ r = rsgcrySetKey(pThis->ctx, key, keylen); |