olszomal
diff --git a/‎src/libp11-int.h‎
Lines changed: 4 additions & 0 deletions b/‎src/libp11-int.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/libp11.exports‎
Lines changed: 1 addition & 0 deletions b/‎src/libp11.exports‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/libp11.h‎
Lines changed: 10 additions & 0 deletions b/‎src/libp11.h‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/p11_front.c‎
Lines changed: 9 additions & 0 deletions b/‎src/p11_front.c‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/p11_key.c‎
Lines changed: 44 additions & 0 deletions b/‎src/p11_key.c‎
Lines changed: 44 additions & 0 deletions
@@ -111,6 +111,7 @@ struct pkcs11_object_private {
 	unsigned int forkid;
 	int refcnt;
 	pthread_mutex_t lock;
+	PKCS11_KEY *public; /* our current public object */
 };
 #define PRIVKEY(_key)		((PKCS11_OBJECT_private *) (_key)->_private)
 #define PRIVCERT(_cert)		((PKCS11_OBJECT_private *) (_cert)->_private)
@@ -304,6 +305,9 @@ extern PKCS11_CERT *pkcs11_find_certificate(PKCS11_OBJECT_private *key);
 /* Find the corresponding key (if any) */
 extern PKCS11_KEY *pkcs11_find_key(PKCS11_OBJECT_private *cert);
 
+/* Returns the PKCS11_KEY handle associated with the given EVP_PKEY */
+extern PKCS11_KEY *pkcs11_get_pkcs11_key(const EVP_PKEY *pk);
+
 /* Get a list of all certificates matching with template associated with this token */
 extern int pkcs11_enumerate_certs(PKCS11_SLOT_private *,
 	const PKCS11_CERT *cert_template, PKCS11_CERT **certs, unsigned int *ncerts);
 
@@ -26,6 +26,7 @@ PKCS11_get_public_key
 PKCS11_get_slotid_from_slot
 PKCS11_find_certificate
 PKCS11_find_key
+pkcs11_get_pkcs11_key
 PKCS11_enumerate_certs
 PKCS11_enumerate_certs_ext
 PKCS11_remove_certificate
 
@@ -342,6 +342,16 @@ extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
 /* Find the corresponding key (if any) */
 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
 
+/**
+ * Returns a PKCS11_KEY object referencing the private key associated
+ * with the given EVP_PKEY.
+ *
+ * @param  pk  EVP_PKEY object referring to a PKCS#11 private key
+ * @retval !=NULL reference to the PKCS11_KEY object
+ * @retval NULL error or EVP_PKEY does not reference a private key
+ */
+extern PKCS11_KEY *PKCS11_get_pkcs11_key(const EVP_PKEY *pk);
+
 /* Get a list of all certificates associated with this token */
 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
 
 
@@ -279,6 +279,15 @@ PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *pcert)
 	return pkcs11_find_key(cert);
 }
 
+PKCS11_KEY *PKCS11_get_pkcs11_key(const EVP_PKEY *pk)
+{
+	PKCS11_KEY *pkey = pkcs11_get_pkcs11_key(pk);
+	PKCS11_OBJECT_private *key = PRIVKEY(pkey);
+	if (check_object_fork(key) < 0)
+		return NULL;
+	return pkey;
+}
+
 int PKCS11_enumerate_certs_ext(PKCS11_TOKEN *token, const PKCS11_CERT *cert_template,
 		PKCS11_CERT **certs, unsigned int *ncerts)
 {
 
@@ -44,6 +44,8 @@ static const unsigned char STR_ED448[] = {
 # endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
 #endif /* OPENSSL_NO_EC */
 
+static int pkey_ex_index = 0;
+
 static int pkcs11_find_keys(PKCS11_SLOT_private *, CK_SESSION_HANDLE, unsigned int,
 	PKCS11_TEMPLATE *);
 static int pkcs11_init_key(PKCS11_SLOT_private *, CK_SESSION_HANDLE session,
@@ -58,6 +60,35 @@ static void pkcs11_common_pubkey_attr(PKCS11_TEMPLATE *, const char *,
 static void pkcs11_common_privkey_attr(PKCS11_TEMPLATE *, const char *,
 	const unsigned char *, size_t, const PKCS11_params *);
 
+static void alloc_pkey_ex_index(void)
+{
+	if (pkey_ex_index == 0) {
+		while (pkey_ex_index == 0) /* Workaround for OpenSSL RT3710 */
+			pkey_ex_index = EVP_PKEY_get_ex_new_index(0, "libp11 EVP_PKEY",
+				NULL, NULL, NULL);
+		if (pkey_ex_index < 0)
+			pkey_ex_index = 0; /* Fallback to app_data */
+	}
+}
+
+static void free_pkey_ex_index(void)
+{
+	if (pkey_ex_index > 0) {
+		CRYPTO_free_ex_index(CRYPTO_EX_INDEX_EVP_PKEY, pkey_ex_index);
+		pkey_ex_index = 0;
+	}
+}
+
+static void pkcs11_set_ex_data_evp_pkey(EVP_PKEY *pkey, PKCS11_KEY *key)
+{
+	EVP_PKEY_set_ex_data(pkey, pkey_ex_index, key);
+}
+
+static PKCS11_KEY *pkcs11_get_ex_data_evp_pkey(const EVP_PKEY *pkey)
+{
+	return EVP_PKEY_get_ex_data(pkey, pkey_ex_index);
+}
+
 /* Helper to acquire object handle from given template */
 static CK_OBJECT_HANDLE pkcs11_handle_from_template(PKCS11_SLOT_private *slot,
 	CK_SESSION_HANDLE session, PKCS11_TEMPLATE *tmpl)
@@ -708,12 +739,21 @@ EVP_PKEY *pkcs11_get_key(PKCS11_OBJECT_private *key0, CK_OBJECT_CLASS object_cla
 	default:
 		pkcs11_log(key0->slot->ctx, LOG_DEBUG, "Unsupported key type\n");
 	}
+	alloc_pkey_ex_index();
+	pkcs11_set_ex_data_evp_pkey(ret, key->public);
+
 err:
 	if (key != key0)
 		pkcs11_object_free(key);
 	return ret;
 }
 
+/* Returns the PKCS11_KEY handle associated with the given EVP_PKEY */
+PKCS11_KEY *pkcs11_get_pkcs11_key(const EVP_PKEY *pk)
+{
+	return pkcs11_get_ex_data_evp_pkey(pk);
+}
+
 /*
  * Authenticate a private the key operation if needed
  * This function *only* handles CKU_CONTEXT_SPECIFIC logins.
@@ -912,6 +952,9 @@ static int pkcs11_init_key(PKCS11_SLOT_private *slot, CK_SESSION_HANDLE session,
 	key->label = kpriv->label;
 	key->isPrivate = (type == CKO_PRIVATE_KEY);
 
+	/* Link back */
+	kpriv->public = key;
+
 	if (ret)
 		*ret = key;
 	return 0;
@@ -981,6 +1024,7 @@ void pkcs11_destroy_keys(PKCS11_SLOT_private *slot, unsigned int type)
 		OPENSSL_free(keys->keys);
 	keys->keys = NULL;
 	keys->num = 0;
+	free_pkey_ex_index();
 }
 
 /* vim: set noexpandtab: */