rpms / opensc

Clone
Source Code
GIT

Files

  1.   2e3c2360422196fc099951409f59755cc1c4e328
  2.   opensc-0.15.0-cka_private.patch
Blob Blame History Raw 
commit 4df35b922c8eb7e0776a23260b65e570b33e4d42
Author: Nicholas Wilson <nicholas.wilson@realvnc.com>
Date:   Tue Aug 11 14:02:52 2015 +0100

    pkcs11: Fix to CKA_PRIVATE handling pcks11-tool
    
    There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
    is being set on the wrong variables! As well as fixing that, we should
    explicitly set CKA_PRIVATE to "false" for certificates and public keys,
    since the PKCS#11 spec doesn't specify a default and some drivers use
    "private" as the default, making it impossible to add a public key/cert
    using pkcs11-tool.

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 2781302..c3861d5 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1923,6 +1923,7 @@ static int parse_gost_private_key(EVP_PKEY *evp_key, struct gostkey_info *gost)
 static int write_object(CK_SESSION_HANDLE session)
 {
 	CK_BBOOL _true = TRUE;
+	CK_BBOOL _false = FALSE;
 	unsigned char contents[MAX_OBJECT_SIZE + 1];
 	int contents_len = 0;
 	unsigned char certdata[MAX_OBJECT_SIZE];
@@ -2026,28 +2027,24 @@ static int write_object(CK_SESSION_HANDLE session)
 		FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
 		FILL_ATTR(cert_templ[2], CKA_CLASS, &clazz, sizeof(clazz));
 		FILL_ATTR(cert_templ[3], CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
-		n_cert_attr = 4;
+		FILL_ATTR(cert_templ[4], CKA_PRIVATE, &_false, sizeof(_false));
+		n_cert_attr = 5;
 
 		if (opt_object_label != NULL) {
-			FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL,
-				opt_object_label, strlen(opt_object_label));
+			FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
 			n_cert_attr++;
 		}
 		if (opt_object_id_len != 0) {
-			FILL_ATTR(cert_templ[n_cert_attr], CKA_ID,
-				opt_object_id, opt_object_id_len);
+			FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, opt_object_id, opt_object_id_len);
 			n_cert_attr++;
 		}
 #ifdef ENABLE_OPENSSL
 		/* according to PKCS #11 CKA_SUBJECT MUST be specified */
-		FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT,
-			cert.subject, cert.subject_len);
+		FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
 		n_cert_attr++;
-		FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER,
-			cert.issuer, cert.issuer_len);
+		FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, cert.issuer, cert.issuer_len);
 		n_cert_attr++;
-		FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER,
-			cert.serialnum, cert.serialnum_len);
+		FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, cert.serialnum, cert.serialnum_len);
 		n_cert_attr++;
 #endif
 	}
@@ -2150,9 +2147,12 @@ static int write_object(CK_SESSION_HANDLE session)
 		n_pubkey_attr = 3;
 
 		if (opt_is_private != 0) {
-			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
-				&_true, sizeof(_true));
-			n_data_attr++;
+			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_true, sizeof(_true));
+			n_pubkey_attr++;
+		}
+		else {
+			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_false, sizeof(_false));
+			n_pubkey_attr++;
 		}
 
 		if (opt_object_label != NULL) {
@@ -2180,15 +2180,12 @@ static int write_object(CK_SESSION_HANDLE session)
 
 #ifdef ENABLE_OPENSSL
 		if (cert.subject_len != 0) {
-			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT,
-				cert.subject, cert.subject_len);
+			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
 			n_pubkey_attr++;
 		}
-		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS,
-			rsa.modulus, rsa.modulus_len);
+		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, rsa.modulus, rsa.modulus_len);
 		n_pubkey_attr++;
-		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT,
-			rsa.public_exponent, rsa.public_exponent_len);
+		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, rsa.public_exponent, rsa.public_exponent_len);
 		n_pubkey_attr++;
 #endif
 	}
@@ -2202,8 +2199,11 @@ static int write_object(CK_SESSION_HANDLE session)
 		n_data_attr = 3;
 
 		if (opt_is_private != 0) {
-			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
-				&_true, sizeof(_true));
+			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_true, sizeof(_true));
+			n_data_attr++;
+		}
+		else {
+			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_false, sizeof(_false));
 			n_data_attr++;
 		}
 
@@ -2227,8 +2227,7 @@ static int write_object(CK_SESSION_HANDLE session)
 		}
 
 		if (opt_object_label != NULL) {
-			FILL_ATTR(data_templ[n_data_attr], CKA_LABEL,
-				opt_object_label, strlen(opt_object_label));
+			FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
 			n_data_attr++;
 		}
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.