giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11: Fix to CKA_PRIVATE handling pcks11-tool 

There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
This commit is contained in:
Nicholas Wilson 2015-08-11 14:02:52 +01:00 committed by Viktor Tarasov
parent ff2d88a724
commit 4df35b922c
1 changed files with 23 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/tools/pkcs11-tool.c
View File

@ -1923,6 +1923,7 @@ static int parse_gost_private_key(EVP_PKEY *evp_key, struct gostkey_info *gost)
static int write_object(CK_SESSION_HANDLE session)
{
CK_BBOOL _true = TRUE;
CK_BBOOL _false = FALSE;
unsigned char contents[MAX_OBJECT_SIZE + 1];
int contents_len = 0;
unsigned char certdata[MAX_OBJECT_SIZE];
@ -2026,28 +2027,24 @@ static int write_object(CK_SESSION_HANDLE session)
FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
FILL_ATTR(cert_templ[2], CKA_CLASS, &clazz, sizeof(clazz));
FILL_ATTR(cert_templ[3], CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
n_cert_attr = 4;
FILL_ATTR(cert_templ[4], CKA_PRIVATE, &_false, sizeof(_false));
n_cert_attr = 5;
if (opt_object_label != NULL) {
FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL,
opt_object_label, strlen(opt_object_label));
FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
n_cert_attr++;
}
if (opt_object_id_len != 0) {
FILL_ATTR(cert_templ[n_cert_attr], CKA_ID,
opt_object_id, opt_object_id_len);
FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, opt_object_id, opt_object_id_len);
n_cert_attr++;
}
#ifdef ENABLE_OPENSSL
/* according to PKCS #11 CKA_SUBJECT MUST be specified */
FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT,
cert.subject, cert.subject_len);
FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
n_cert_attr++;
FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER,
cert.issuer, cert.issuer_len);
FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, cert.issuer, cert.issuer_len);
n_cert_attr++;
FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER,
cert.serialnum, cert.serialnum_len);
FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, cert.serialnum, cert.serialnum_len);
n_cert_attr++;
#endif
}
@ -2150,9 +2147,12 @@ static int write_object(CK_SESSION_HANDLE session)
n_pubkey_attr = 3;
if (opt_is_private != 0) {
FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
&_true, sizeof(_true));
n_data_attr++;
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_true, sizeof(_true));
n_pubkey_attr++;
}
else {
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_false, sizeof(_false));
n_pubkey_attr++;
}
if (opt_object_label != NULL) {
@ -2180,15 +2180,12 @@ static int write_object(CK_SESSION_HANDLE session)
#ifdef ENABLE_OPENSSL
if (cert.subject_len != 0) {
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT,
cert.subject, cert.subject_len);
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
n_pubkey_attr++;
}
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS,
rsa.modulus, rsa.modulus_len);
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, rsa.modulus, rsa.modulus_len);
n_pubkey_attr++;
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT,
rsa.public_exponent, rsa.public_exponent_len);
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, rsa.public_exponent, rsa.public_exponent_len);
n_pubkey_attr++;
#endif
}
@ -2202,8 +2199,11 @@ static int write_object(CK_SESSION_HANDLE session)
n_data_attr = 3;
if (opt_is_private != 0) {
FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
&_true, sizeof(_true));
FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_true, sizeof(_true));
n_data_attr++;
}
else {
FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_false, sizeof(_false));
n_data_attr++;
}
@ -2227,8 +2227,7 @@ static int write_object(CK_SESSION_HANDLE session)
}
if (opt_object_label != NULL) {
FILL_ATTR(data_templ[n_data_attr], CKA_LABEL,
opt_object_label, strlen(opt_object_label));
FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
n_data_attr++;
}