summaryrefslogtreecommitdiff
path: root/src/home/homectl-pkcs11.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/home/homectl-pkcs11.c')
-rw-r--r--src/home/homectl-pkcs11.c42
1 files changed, 2 insertions, 40 deletions
diff --git a/src/home/homectl-pkcs11.c b/src/home/homectl-pkcs11.c
index 4b7f8336aa..f4cfb94d2c 100644
--- a/src/home/homectl-pkcs11.c
+++ b/src/home/homectl-pkcs11.c
@@ -93,43 +93,6 @@ static int acquire_pkcs11_certificate(
#endif
}
-static int encrypt_bytes(
- EVP_PKEY *pkey,
- const void *decrypted_key,
- size_t decrypted_key_size,
- void **ret_encrypt_key,
- size_t *ret_encrypt_key_size) {
-
- _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
- _cleanup_free_ void *b = NULL;
- size_t l;
-
- ctx = EVP_PKEY_CTX_new(pkey, NULL);
- if (!ctx)
- return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to allocate public key context");
-
- if (EVP_PKEY_encrypt_init(ctx) <= 0)
- return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize public key context");
-
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
- return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to configure PKCS#1 padding");
-
- if (EVP_PKEY_encrypt(ctx, NULL, &l, decrypted_key, decrypted_key_size) <= 0)
- return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
-
- b = malloc(l);
- if (!b)
- return log_oom();
-
- if (EVP_PKEY_encrypt(ctx, b, &l, decrypted_key, decrypted_key_size) <= 0)
- return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
-
- *ret_encrypt_key = TAKE_PTR(b);
- *ret_encrypt_key_size = l;
-
- return 0;
-}
-
static int add_pkcs11_encrypted_key(
JsonVariant **v,
const char *uri,
@@ -267,9 +230,8 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) {
size_t decrypted_key_size, encrypted_key_size;
_cleanup_(X509_freep) X509 *cert = NULL;
EVP_PKEY *pkey;
+ int bits, r;
RSA *rsa;
- int bits;
- int r;
assert(v);
@@ -308,7 +270,7 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) {
if (r < 0)
return log_error_errno(r, "Failed to generate random key: %m");
- r = encrypt_bytes(pkey, decrypted_key, decrypted_key_size, &encrypted_key, &encrypted_key_size);
+ r = rsa_encrypt_bytes(pkey, decrypted_key, decrypted_key_size, &encrypted_key, &encrypted_key_size);
if (r < 0)
return log_error_errno(r, "Failed to encrypt key: %m");