diff options
| author | Stef Walter <stefw@gnome.org> | 2013-03-29 09:42:37 +0100 |
|---|---|---|
| committer | Stef Walter <stefw@gnome.org> | 2013-03-29 09:42:37 +0100 |
| commit | c3c18a1ea9cd84ee35783809c059d1b9c80c5cbe (patch) | |
| tree | e33526535ca1ddbe53c04e99e2a9ca95d01fd882 | |
| parent | 4560373c254473990306c13178b959ccc5d338e4 (diff) | |
| download | p11-kit-c3c18a1ea9cd84ee35783809c059d1b9c80c5cbe.tar.gz | |
Use CKA_X_CERTIFICATE_VALUE for trust assertions
These don't contain the CKA_VALUE attribute for certificate data
but rather the CKA_X_CERTIFICATE_VALUE attribute.
https://bugs.freedesktop.org/show_bug.cgi?id=62896
| -rw-r--r-- | trust/builder.c | 15 | ||||
| -rw-r--r-- | trust/tests/test-builder.c | 6 |
2 files changed, 13 insertions, 8 deletions
diff --git a/trust/builder.c b/trust/builder.c index b23d018..32f2d1b 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -630,7 +630,7 @@ const static builder_schema assertion_schema = { GENERATED_CLASS, { COMMON_ATTRS, { CKA_X_PURPOSE, REQUIRE | CREATE }, - { CKA_VALUE, CREATE }, + { CKA_X_CERTIFICATE_VALUE, CREATE }, { CKA_X_ASSERTION_TYPE, REQUIRE | CREATE }, { CKA_ISSUER, CREATE }, { CKA_SERIAL_NUMBER, CREATE }, @@ -1181,6 +1181,7 @@ build_assertions (p11_array *array, CK_ATTRIBUTE autogen = { CKA_X_GENERATED, &truev, sizeof (truev) }; CK_ATTRIBUTE purpose = { CKA_X_PURPOSE, }; CK_ATTRIBUTE invalid = { CKA_INVALID, }; + CK_ATTRIBUTE certificate_value = { CKA_X_CERTIFICATE_VALUE, }; CK_ATTRIBUTE *issuer; CK_ATTRIBUTE *serial; @@ -1191,7 +1192,7 @@ build_assertions (p11_array *array, int i; if (type == CKT_X_DISTRUSTED_CERTIFICATE) { - value = &invalid; + certificate_value.type = CKA_INVALID; issuer = p11_attrs_find_valid (cert, CKA_ISSUER); serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER); @@ -1209,6 +1210,9 @@ build_assertions (p11_array *array, p11_debug ("not building positive trust assertion for certificate without value"); return; } + + certificate_value.pValue = value->pValue; + certificate_value.ulValueLen = value->ulValueLen; } label = p11_attrs_find (cert, CKA_LABEL); @@ -1224,7 +1228,7 @@ build_assertions (p11_array *array, attrs = p11_attrs_build (NULL, &klass, &private, &modifiable, id, label, &assertion_type, &purpose, - issuer, serial, value, &autogen, NULL); + issuer, serial, &certificate_value, &autogen, NULL); return_if_fail (attrs != NULL); if (!p11_array_push (array, attrs)) @@ -1304,7 +1308,7 @@ replace_trust_assertions (p11_builder *builder, CK_RV rv; CK_ATTRIBUTE match_positive[] = { - { CKA_VALUE, }, + { CKA_X_CERTIFICATE_VALUE, }, { CKA_CLASS, &assertion, sizeof (assertion) }, { CKA_X_GENERATED, &generated, sizeof (generated) }, { CKA_INVALID } @@ -1321,7 +1325,8 @@ replace_trust_assertions (p11_builder *builder, value = p11_attrs_find_valid (cert, CKA_VALUE); if (value) { positives = p11_array_new (NULL); - memcpy (match_positive, value, sizeof (CK_ATTRIBUTE)); + match_positive[0].pValue = value->pValue; + match_positive[0].ulValueLen = value->ulValueLen; } issuer = p11_attrs_find_valid (cert, CKA_ISSUER); diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c index 723a251..5ce3b22 100644 --- a/trust/tests/test-builder.c +++ b/trust/tests/test-builder.c @@ -1150,7 +1150,7 @@ test_changed_trusted_certificate (CuTest *cu) { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, { CKA_LABEL, "Custom Label", 12 }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, { CKA_ID, "cacert3", 7 }, { CKA_INVALID }, @@ -1160,7 +1160,7 @@ test_changed_trusted_certificate (CuTest *cu) { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 }, { CKA_LABEL, "Custom Label", 12 }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, { CKA_ID, "cacert3", 7 }, { CKA_INVALID }, @@ -1466,7 +1466,7 @@ test_changed_dup_certificates (CuTest *cu) static CK_ATTRIBUTE anchor_assertion[] = { { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) }, { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 }, - { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, + { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) }, { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) }, { CKA_ID, "cacert3", 7 }, { CKA_INVALID }, |