summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2014-09-10 09:01:20 +0200
committerStef Walter <stef@thewalter.net>2014-09-10 09:01:20 +0200
commit800f310dd3f2fcbf3852a42c67b5dd37e4ef4415 (patch)
tree04b8f35a941a6c52297af7b01a35b9c458ea7993
parenteccbcc298f59eb9518b07baf840930cec54c7655 (diff)
trust: Use term 'attached extensions' instead of 'stapled'
The term 'stapled extensions' is confusing because it overloads terminology used with OSCP stapling. Suggested by Daniel Kahn Gillmor.
-rw-r--r--trust/builder.c4
-rw-r--r--trust/enumerate.c48
-rw-r--r--trust/enumerate.h2
-rw-r--r--trust/extract-openssl.c8
-rw-r--r--trust/parser.c46
-rw-r--r--trust/test-builder.c30
-rw-r--r--trust/test-enumerate.c2
-rw-r--r--trust/test-parser.c4
8 files changed, 72 insertions, 72 deletions
diff --git a/trust/builder.c b/trust/builder.c
index 5066dc6..4c62fac 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -130,7 +130,7 @@ lookup_extension (p11_builder *builder,
if (public_key == NULL || public_key->type == CKA_INVALID)
public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO);
- /* Look for a stapled certificate extension */
+ /* Look for an attached certificate extension */
if (public_key != NULL) {
memcpy (match, public_key, sizeof (CK_ATTRIBUTE));
obj = p11_index_find (index, match, -1);
@@ -592,7 +592,7 @@ calc_certificate_category (p11_builder *builder,
/*
* If there is no basic constraints extension, and the CA version is
* v1, and is self-signed, then we assume this is a certificate authority.
- * So we add a BasicConstraints stapled certificate extension
+ * So we add a BasicConstraints attached certificate extension
*/
is_ca = 1;
diff --git a/trust/enumerate.c b/trust/enumerate.c
index d469b5c..dd3da3a 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -51,10 +51,10 @@
#include <string.h>
static bool
-load_stapled_extension (p11_dict *stapled,
- p11_dict *asn1_defs,
- const unsigned char *der,
- size_t len)
+load_attached_extension (p11_dict *attached,
+ p11_dict *asn1_defs,
+ const unsigned char *der,
+ size_t len)
{
char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
node_asn *ext;
@@ -66,7 +66,7 @@ load_stapled_extension (p11_dict *stapled,
ext = p11_asn1_decode (asn1_defs, "PKIX1.Extension", der, len, message);
if (ext == NULL) {
- p11_message ("couldn't parse stapled certificate extension: %s", message);
+ p11_message ("couldn't parse attached certificate extension: %s", message);
return false;
}
@@ -83,21 +83,21 @@ load_stapled_extension (p11_dict *stapled,
oid = memdup (der + start, length);
return_val_if_fail (oid != NULL, false);
- if (!p11_dict_set (stapled, oid, ext))
+ if (!p11_dict_set (attached, oid, ext))
return_val_if_reached (false);
return true;
}
static p11_dict *
-load_stapled_extensions (p11_enumerate *ex,
- CK_ATTRIBUTE *spki)
+load_attached_extensions (p11_enumerate *ex,
+ CK_ATTRIBUTE *spki)
{
CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION;
CK_ATTRIBUTE *attrs;
P11KitIter *iter;
CK_RV rv = CKR_OK;
- p11_dict *stapled;
+ p11_dict *attached;
CK_ATTRIBUTE match[] = {
{ CKA_CLASS, &extension, sizeof (extension) },
@@ -108,12 +108,12 @@ load_stapled_extensions (p11_enumerate *ex,
{ CKA_VALUE, },
};
- stapled = p11_dict_new (p11_oid_hash, p11_oid_equal,
+ attached = p11_dict_new (p11_oid_hash, p11_oid_equal,
free, p11_asn1_free);
/* No ID to use, just short circuit */
if (!spki->pValue || !spki->ulValueLen)
- return stapled;
+ return attached;
iter = p11_kit_iter_new (NULL, 0);
p11_kit_iter_add_filter (iter, match, 2);
@@ -126,9 +126,9 @@ load_stapled_extensions (p11_enumerate *ex,
attrs = p11_attrs_buildn (NULL, template, 1);
rv = p11_kit_iter_load_attributes (iter, attrs, 1);
if (rv == CKR_OK) {
- if (!load_stapled_extension (stapled, ex->asn1_defs,
- attrs[0].pValue,
- attrs[0].ulValueLen)) {
+ if (!load_attached_extension (attached, ex->asn1_defs,
+ attrs[0].pValue,
+ attrs[0].ulValueLen)) {
rv = CKR_GENERAL_ERROR;
}
}
@@ -137,13 +137,13 @@ load_stapled_extensions (p11_enumerate *ex,
}
if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("couldn't load stapled extensions for certificate: %s", p11_kit_strerror (rv));
- p11_dict_free (stapled);
- stapled = NULL;
+ p11_message ("couldn't load attached extensions for certificate: %s", p11_kit_strerror (rv));
+ p11_dict_free (attached);
+ attached = NULL;
}
p11_kit_iter_free (iter);
- return stapled;
+ return attached;
}
static bool
@@ -153,8 +153,8 @@ extract_purposes (p11_enumerate *ex)
unsigned char *value = NULL;
size_t length;
- if (ex->stapled) {
- ext = p11_dict_get (ex->stapled, P11_OID_EXTENDED_KEY_USAGE);
+ if (ex->attached) {
+ ext = p11_dict_get (ex->attached, P11_OID_EXTENDED_KEY_USAGE);
if (ext != NULL) {
value = p11_asn1_read (ext, "extnValue", &length);
return_val_if_fail (value != NULL, false);
@@ -314,8 +314,8 @@ extract_info (p11_enumerate *ex)
attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
if (attr) {
- ex->stapled = load_stapled_extensions (ex, attr);
- if (!ex->stapled)
+ ex->attached = load_attached_extensions (ex, attr);
+ if (!ex->attached)
return false;
}
@@ -337,8 +337,8 @@ extract_clear (p11_enumerate *ex)
ex->cert_der = NULL;
ex->cert_len = 0;
- p11_dict_free (ex->stapled);
- ex->stapled = NULL;
+ p11_dict_free (ex->attached);
+ ex->attached = NULL;
p11_array_free (ex->purposes);
ex->purposes = NULL;
diff --git a/trust/enumerate.h b/trust/enumerate.h
index 8a18b06..411820a 100644
--- a/trust/enumerate.h
+++ b/trust/enumerate.h
@@ -80,7 +80,7 @@ typedef struct {
size_t cert_len;
/* DER OID -> CK_ATTRIBUTE list */
- p11_dict *stapled;
+ p11_dict *attached;
/* Set of OID purposes as strings */
p11_array *purposes;
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c
index 912c90d..d622d7a 100644
--- a/trust/extract-openssl.c
+++ b/trust/extract-openssl.c
@@ -110,8 +110,8 @@ load_usage_ext (p11_enumerate *ex,
node_asn *ext = NULL;
size_t length;
- if (ex->stapled)
- ext = p11_dict_get (ex->stapled, ext_oid);
+ if (ex->attached)
+ ext = p11_dict_get (ex->attached, ext_oid);
if (ext == NULL) {
*oids = NULL;
return true;
@@ -230,8 +230,8 @@ write_keyid (p11_enumerate *ex,
size_t length = 0;
int ret;
- if (ex->stapled)
- ext = p11_dict_get (ex->stapled, P11_OID_SUBJECT_KEY_IDENTIFIER);
+ if (ex->attached)
+ ext = p11_dict_get (ex->attached, P11_OID_SUBJECT_KEY_IDENTIFIER);
if (ext != NULL) {
value = p11_asn1_read (ext, "extnValue", &length);
return_val_if_fail (value != NULL, false);
diff --git a/trust/parser.c b/trust/parser.c
index ff0f15f..7f523e9 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -251,13 +251,13 @@ extension_attrs (p11_parser *parser,
}
static CK_ATTRIBUTE *
-stapled_attrs (p11_parser *parser,
- CK_ATTRIBUTE *id,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- node_asn *ext)
+attached_attrs (p11_parser *parser,
+ CK_ATTRIBUTE *id,
+ CK_ATTRIBUTE *public_key_info,
+ const char *oid_str,
+ const unsigned char *oid_der,
+ bool critical,
+ node_asn *ext)
{
CK_ATTRIBUTE *attrs;
unsigned char *der;
@@ -302,13 +302,13 @@ load_seq_of_oid_str (node_asn *node,
}
static CK_ATTRIBUTE *
-stapled_eku_attrs (p11_parser *parser,
- CK_ATTRIBUTE *id,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- p11_dict *oid_strs)
+attached_eku_attrs (p11_parser *parser,
+ CK_ATTRIBUTE *id,
+ CK_ATTRIBUTE *public_key_info,
+ const char *oid_str,
+ const unsigned char *oid_der,
+ bool critical,
+ p11_dict *oid_strs)
{
CK_ATTRIBUTE *attrs;
p11_dictiter iter;
@@ -353,7 +353,7 @@ stapled_eku_attrs (p11_parser *parser,
}
- attrs = stapled_attrs (parser, id, public_key_info, oid_str, oid_der, critical, dest);
+ attrs = attached_attrs (parser, id, public_key_info, oid_str, oid_der, critical, dest);
asn1_delete_structure (&dest);
return attrs;
@@ -416,10 +416,10 @@ build_openssl_extensions (p11_parser *parser,
*/
if (trust) {
- attrs = stapled_eku_attrs (parser, id, public_key_info,
- P11_OID_EXTENDED_KEY_USAGE_STR,
- P11_OID_EXTENDED_KEY_USAGE,
- true, trust);
+ attrs = attached_eku_attrs (parser, id, public_key_info,
+ P11_OID_EXTENDED_KEY_USAGE_STR,
+ P11_OID_EXTENDED_KEY_USAGE,
+ true, trust);
return_val_if_fail (attrs != NULL, NULL);
sink_object (parser, attrs);
}
@@ -433,10 +433,10 @@ build_openssl_extensions (p11_parser *parser,
*/
if (reject && p11_dict_size (reject) > 0) {
- attrs = stapled_eku_attrs (parser, id, public_key_info,
- P11_OID_OPENSSL_REJECT_STR,
- P11_OID_OPENSSL_REJECT,
- false, reject);
+ attrs = attached_eku_attrs (parser, id, public_key_info,
+ P11_OID_OPENSSL_REJECT_STR,
+ P11_OID_OPENSSL_REJECT,
+ false, reject);
return_val_if_fail (attrs != NULL, NULL);
sink_object (parser, attrs);
}
diff --git a/trust/test-builder.c b/trust/test-builder.c
index 51d499c..bf1eed1 100644
--- a/trust/test-builder.c
+++ b/trust/test-builder.c
@@ -399,7 +399,7 @@ test_build_certificate_staple_ca (void)
{
CK_ULONG category = 2; /* CA */
- CK_ATTRIBUTE stapled[] = {
+ CK_ATTRIBUTE attached[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
{ CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
@@ -423,10 +423,10 @@ test_build_certificate_staple_ca (void)
CK_ATTRIBUTE *extra;
CK_RV rv;
- /* Adding the stapled extension *first*, and then the certificate */
+ /* Adding the attached extension *first*, and then the certificate */
- /* Add a stapled certificate */
- rv = p11_index_add (test.index, stapled, 4, NULL);
+ /* Add a attached certificate */
+ rv = p11_index_add (test.index, attached, 4, NULL);
assert_num_eq (CKR_OK, rv);
attrs = NULL;
@@ -439,7 +439,7 @@ test_build_certificate_staple_ca (void)
/*
* Even though the certificate is not a valid CA, the presence of the
- * stapled certificate extension transforms it into a CA.
+ * attached certificate extension transforms it into a CA.
*/
test_check_attrs (expected, attrs);
p11_attrs_free (attrs);
@@ -450,7 +450,7 @@ test_build_certificate_staple_ca_backwards (void)
{
CK_ULONG category = 2; /* CA */
- CK_ATTRIBUTE stapled[] = {
+ CK_ATTRIBUTE attached[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
{ CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
@@ -474,18 +474,18 @@ test_build_certificate_staple_ca_backwards (void)
CK_ATTRIBUTE *attrs;
CK_OBJECT_HANDLE handle;
- /* Adding the certificate *first*, and then the stapled extension */
+ /* Adding the certificate *first*, and then the attached extension */
rv = p11_index_add (test.index, input, 4, &handle);
assert_num_eq (CKR_OK, rv);
- /* Add a stapled certificate */
- rv = p11_index_add (test.index, stapled, 4, NULL);
+ /* Add a attached certificate */
+ rv = p11_index_add (test.index, attached, 4, NULL);
assert_num_eq (CKR_OK, rv);
/*
* Even though the certificate is not a valid CA, the presence of the
- * stapled certificate extension transforms it into a CA.
+ * attached certificate extension transforms it into a CA.
*/
attrs = p11_index_lookup (test.index, handle);
test_check_attrs (expected, attrs);
@@ -2074,7 +2074,7 @@ test_changed_staple_ca (void)
{
CK_ULONG category = 0;
- CK_ATTRIBUTE stapled[] = {
+ CK_ATTRIBUTE attached[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
{ CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 },
@@ -2108,8 +2108,8 @@ test_changed_staple_ca (void)
category = 0;
assert (p11_index_find (test.index, match, -1) == 0);
- /* Add a stapled basic constraint */
- rv = p11_index_add (test.index, stapled, 4, NULL);
+ /* Add a attached basic constraint */
+ rv = p11_index_add (test.index, attached, 4, NULL);
assert_num_eq (CKR_OK, rv);
/* Now should be a CA */
@@ -2122,7 +2122,7 @@ test_changed_staple_ca (void)
static void
test_changed_staple_ku (void)
{
- CK_ATTRIBUTE stapled_ds_and_np[] = {
+ CK_ATTRIBUTE attached_ds_and_np[] = {
{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
{ CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) },
{ CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 },
@@ -2168,7 +2168,7 @@ test_changed_staple_ku (void)
p11_index_load (test.index);
rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL);
+ rv = p11_index_take (test.index, p11_attrs_dup (attached_ds_and_np), NULL);
assert_num_eq (CKR_OK, rv);
p11_index_finish (test.index);
diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c
index 930b645..424437e 100644
--- a/trust/test-enumerate.c
+++ b/trust/test-enumerate.c
@@ -278,7 +278,7 @@ test_info_limit_purposes (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
- /* This should not match the above, with the stapled certificat ext */
+ /* This should not match the above, with the attached certificat ext */
assert_ptr_eq (NULL, test.ex.limit_to_purposes);
p11_enumerate_opt_purpose (&test.ex, "1.1.1");
assert_ptr_not_null (test.ex.limit_to_purposes);
diff --git a/trust/test-parser.c b/trust/test-parser.c
index be5e496..201ed81 100644
--- a/trust/test-parser.c
+++ b/trust/test-parser.c
@@ -233,7 +233,7 @@ test_parse_openssl_trusted (void)
/*
* Should have gotten:
* - 1 certificate
- * - 2 stapled extensions
+ * - 2 attached extensions
*/
assert_num_eq (3, test.parsed->num);
@@ -317,7 +317,7 @@ test_parse_openssl_distrusted (void)
/*
* Should have gotten:
* - 1 certificate
- * - 2 stapled extensions
+ * - 2 attached extensions
*/
assert_num_eq (3, test.parsed->num);
cert = parsed_attrs (certificate_match, -1);