diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 27813022..c3861d56 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -1923,6 +1923,7 @@ static int parse_gost_private_key(EVP_PKEY *evp_key, struct gostkey_info *gost) static int write_object(CK_SESSION_HANDLE session) { CK_BBOOL _true = TRUE; + CK_BBOOL _false = FALSE; unsigned char contents[MAX_OBJECT_SIZE + 1]; int contents_len = 0; unsigned char certdata[MAX_OBJECT_SIZE]; @@ -2026,28 +2027,24 @@ static int write_object(CK_SESSION_HANDLE session) FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len); FILL_ATTR(cert_templ[2], CKA_CLASS, &clazz, sizeof(clazz)); FILL_ATTR(cert_templ[3], CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)); - n_cert_attr = 4; + FILL_ATTR(cert_templ[4], CKA_PRIVATE, &_false, sizeof(_false)); + n_cert_attr = 5; if (opt_object_label != NULL) { - FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, - opt_object_label, strlen(opt_object_label)); + FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label)); n_cert_attr++; } if (opt_object_id_len != 0) { - FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, - opt_object_id, opt_object_id_len); + FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, opt_object_id, opt_object_id_len); n_cert_attr++; } #ifdef ENABLE_OPENSSL /* according to PKCS #11 CKA_SUBJECT MUST be specified */ - FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, - cert.subject, cert.subject_len); + FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, cert.subject, cert.subject_len); n_cert_attr++; - FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, - cert.issuer, cert.issuer_len); + FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, cert.issuer, cert.issuer_len); n_cert_attr++; - FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, - cert.serialnum, cert.serialnum_len); + FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, cert.serialnum, cert.serialnum_len); n_cert_attr++; #endif } @@ -2150,9 +2147,12 @@ static int write_object(CK_SESSION_HANDLE session) n_pubkey_attr = 3; if (opt_is_private != 0) { - FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, - &_true, sizeof(_true)); - n_data_attr++; + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_true, sizeof(_true)); + n_pubkey_attr++; + } + else { + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_false, sizeof(_false)); + n_pubkey_attr++; } if (opt_object_label != NULL) { @@ -2180,15 +2180,12 @@ static int write_object(CK_SESSION_HANDLE session) #ifdef ENABLE_OPENSSL if (cert.subject_len != 0) { - FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, - cert.subject, cert.subject_len); + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, cert.subject, cert.subject_len); n_pubkey_attr++; } - FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, - rsa.modulus, rsa.modulus_len); + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, rsa.modulus, rsa.modulus_len); n_pubkey_attr++; - FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, - rsa.public_exponent, rsa.public_exponent_len); + FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, rsa.public_exponent, rsa.public_exponent_len); n_pubkey_attr++; #endif } @@ -2202,8 +2199,11 @@ static int write_object(CK_SESSION_HANDLE session) n_data_attr = 3; if (opt_is_private != 0) { - FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, - &_true, sizeof(_true)); + FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_true, sizeof(_true)); + n_data_attr++; + } + else { + FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_false, sizeof(_false)); n_data_attr++; } @@ -2227,8 +2227,7 @@ static int write_object(CK_SESSION_HANDLE session) } if (opt_object_label != NULL) { - FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, - opt_object_label, strlen(opt_object_label)); + FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label)); n_data_attr++; }