summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-03-18 13:13:24 +0100
committerStef Walter <stefw@gnome.org>2013-03-18 13:13:24 +0100
commita904e98b78b55e7a6213356225e45a04fdc457e1 (patch)
treee879e446a5402e59f4be13b7711e071c858edc26 /tools
parentf71baf6adf00626e73326149d55183bc62f827ae (diff)
Refine looking up of attributes in arrays
There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
Diffstat (limited to 'tools')
-rw-r--r--tools/extract-info.c21
-rw-r--r--tools/extract-jks.c2
-rw-r--r--tools/extract-openssl.c8
-rw-r--r--tools/tests/test-extract.c7
4 files changed, 15 insertions, 23 deletions
diff --git a/tools/extract-info.c b/tools/extract-info.c
index da84bbe..1c81e07 100644
--- a/tools/extract-info.c
+++ b/tools/extract-info.c
@@ -117,19 +117,13 @@ extract_purposes (p11_extract_info *ex)
sizeof (P11_OID_EXTENDED_KEY_USAGE) };
const unsigned char *ext = NULL;
unsigned char *alloc = NULL;
- CK_ATTRIBUTE *value;
CK_ATTRIBUTE *attrs;
size_t ext_len;
if (ex->stapled) {
attrs = p11_dict_get (ex->stapled, &oid);
- if (attrs != NULL) {
- value = p11_attrs_find (attrs, CKA_VALUE);
- if (value) {
- ext = value->pValue;
- ext_len = value->ulValueLen;
- }
- }
+ if (attrs != NULL)
+ ext = p11_attrs_find_value (attrs, CKA_VALUE, &ext_len);
}
if (ext == NULL && ex->cert_asn) {
@@ -203,6 +197,7 @@ extract_certificate (P11KitIter *iter,
{
char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
CK_ATTRIBUTE *attr;
+
CK_ULONG type;
/* Don't even bother with not X.509 certificates */
@@ -280,14 +275,10 @@ extract_info (P11KitIter *iter,
return false;
}
- attr = p11_attrs_find (ex->attrs, CKA_CLASS);
-
/* No class attribute, very strange, just skip */
- if (!attr || !attr->pValue || attr->ulValueLen != sizeof (CK_OBJECT_CLASS))
+ if (!p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &ex->klass))
return false;
- ex->klass = *((CK_ULONG *)attr->pValue);
-
/* If a certificate then */
if (ex->klass != CKO_CERTIFICATE) {
p11_message ("skipping non-certificate object");
@@ -297,7 +288,7 @@ extract_info (P11KitIter *iter,
if (!extract_certificate (iter, ex))
return false;
- attr = p11_attrs_find (ex->attrs, CKA_ID);
+ attr = p11_attrs_find_valid (ex->attrs, CKA_ID);
if (attr) {
ex->stapled = load_stapled_extensions (p11_kit_iter_get_module (iter),
p11_kit_iter_get_slot (iter),
@@ -412,7 +403,7 @@ extract_label (p11_extract_info *extract)
CK_ATTRIBUTE *attr;
/* Look for a label and just use that */
- attr = p11_attrs_find (extract->attrs, CKA_LABEL);
+ attr = p11_attrs_find_valid (extract->attrs, CKA_LABEL);
if (attr && attr->pValue && attr->ulValueLen)
return strndup (attr->pValue, attr->ulValueLen);
diff --git a/tools/extract-jks.c b/tools/extract-jks.c
index 6d40da0..d75735c 100644
--- a/tools/extract-jks.c
+++ b/tools/extract-jks.c
@@ -265,7 +265,7 @@ prepare_jks_buffer (P11KitIter *iter,
add_msb_int (buffer, trusted_cert);
/* The alias */
- label = p11_attrs_find (ex->attrs, CKA_LABEL);
+ label = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
if (!add_alias (buffer, aliases, label)) {
p11_message ("could not generate a certificate alias name");
p11_dict_free (aliases);
diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c
index 13a1e05..bc7427a 100644
--- a/tools/extract-openssl.c
+++ b/tools/extract-openssl.c
@@ -107,16 +107,16 @@ load_usage_ext (p11_extract_info *ex,
{
CK_ATTRIBUTE attr = { CKA_OBJECT_ID, (void *)ext_oid,
p11_oid_length (ext_oid) };
- CK_ATTRIBUTE *value;
+ void *value;
+ size_t length;
- value = p11_attrs_find_valid (p11_dict_get (ex->stapled, &attr), CKA_VALUE);
+ value = p11_attrs_find_value (p11_dict_get (ex->stapled, &attr), CKA_VALUE, &length);
if (value == NULL) {
*oids = NULL;
return true;
}
- *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value->pValue,
- value->ulValueLen);
+ *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length);
return_val_if_fail (*oids != NULL, false);
return true;
diff --git a/tools/tests/test-extract.c b/tools/tests/test-extract.c
index c7382cd..29ee986 100644
--- a/tools/tests/test-extract.c
+++ b/tools/tests/test-extract.c
@@ -218,7 +218,8 @@ static CK_ATTRIBUTE extension_eku_invalid[] = {
static void
test_info_simple_certificate (CuTest *tc)
{
- CK_ATTRIBUTE *value;
+ void *value;
+ size_t length;
CK_RV rv;
setup (tc);
@@ -237,9 +238,9 @@ test_info_simple_certificate (CuTest *tc)
CuAssertIntEquals (tc, CKO_CERTIFICATE, test.ex.klass);
CuAssertPtrNotNull (tc, test.ex.attrs);
- value = p11_attrs_find_valid (test.ex.attrs, CKA_VALUE);
+ value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length);
CuAssertPtrNotNull (tc, value);
- CuAssertTrue (tc, memcmp (value->pValue, test_cacert3_ca_der, value->ulValueLen) == 0);
+ CuAssertTrue (tc, memcmp (value, test_cacert3_ca_der, length) == 0);
CuAssertPtrNotNull (tc, test.ex.cert_der);
CuAssertTrue (tc, memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0);
CuAssertPtrNotNull (tc, test.ex.cert_asn);