From a904e98b78b55e7a6213356225e45a04fdc457e1 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 18 Mar 2013 13:13:24 +0100 Subject: Refine looking up of attributes in arrays There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity --- tools/extract-info.c | 21 ++++++--------------- tools/extract-jks.c | 2 +- tools/extract-openssl.c | 8 ++++---- tools/tests/test-extract.c | 7 ++++--- 4 files changed, 15 insertions(+), 23 deletions(-) (limited to 'tools') diff --git a/tools/extract-info.c b/tools/extract-info.c index da84bbe..1c81e07 100644 --- a/tools/extract-info.c +++ b/tools/extract-info.c @@ -117,19 +117,13 @@ extract_purposes (p11_extract_info *ex) sizeof (P11_OID_EXTENDED_KEY_USAGE) }; const unsigned char *ext = NULL; unsigned char *alloc = NULL; - CK_ATTRIBUTE *value; CK_ATTRIBUTE *attrs; size_t ext_len; if (ex->stapled) { attrs = p11_dict_get (ex->stapled, &oid); - if (attrs != NULL) { - value = p11_attrs_find (attrs, CKA_VALUE); - if (value) { - ext = value->pValue; - ext_len = value->ulValueLen; - } - } + if (attrs != NULL) + ext = p11_attrs_find_value (attrs, CKA_VALUE, &ext_len); } if (ext == NULL && ex->cert_asn) { @@ -203,6 +197,7 @@ extract_certificate (P11KitIter *iter, { char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; CK_ATTRIBUTE *attr; + CK_ULONG type; /* Don't even bother with not X.509 certificates */ @@ -280,14 +275,10 @@ extract_info (P11KitIter *iter, return false; } - attr = p11_attrs_find (ex->attrs, CKA_CLASS); - /* No class attribute, very strange, just skip */ - if (!attr || !attr->pValue || attr->ulValueLen != sizeof (CK_OBJECT_CLASS)) + if (!p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &ex->klass)) return false; - ex->klass = *((CK_ULONG *)attr->pValue); - /* If a certificate then */ if (ex->klass != CKO_CERTIFICATE) { p11_message ("skipping non-certificate object"); @@ -297,7 +288,7 @@ extract_info (P11KitIter *iter, if (!extract_certificate (iter, ex)) return false; - attr = p11_attrs_find (ex->attrs, CKA_ID); + attr = p11_attrs_find_valid (ex->attrs, CKA_ID); if (attr) { ex->stapled = load_stapled_extensions (p11_kit_iter_get_module (iter), p11_kit_iter_get_slot (iter), @@ -412,7 +403,7 @@ extract_label (p11_extract_info *extract) CK_ATTRIBUTE *attr; /* Look for a label and just use that */ - attr = p11_attrs_find (extract->attrs, CKA_LABEL); + attr = p11_attrs_find_valid (extract->attrs, CKA_LABEL); if (attr && attr->pValue && attr->ulValueLen) return strndup (attr->pValue, attr->ulValueLen); diff --git a/tools/extract-jks.c b/tools/extract-jks.c index 6d40da0..d75735c 100644 --- a/tools/extract-jks.c +++ b/tools/extract-jks.c @@ -265,7 +265,7 @@ prepare_jks_buffer (P11KitIter *iter, add_msb_int (buffer, trusted_cert); /* The alias */ - label = p11_attrs_find (ex->attrs, CKA_LABEL); + label = p11_attrs_find_valid (ex->attrs, CKA_LABEL); if (!add_alias (buffer, aliases, label)) { p11_message ("could not generate a certificate alias name"); p11_dict_free (aliases); diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c index 13a1e05..bc7427a 100644 --- a/tools/extract-openssl.c +++ b/tools/extract-openssl.c @@ -107,16 +107,16 @@ load_usage_ext (p11_extract_info *ex, { CK_ATTRIBUTE attr = { CKA_OBJECT_ID, (void *)ext_oid, p11_oid_length (ext_oid) }; - CK_ATTRIBUTE *value; + void *value; + size_t length; - value = p11_attrs_find_valid (p11_dict_get (ex->stapled, &attr), CKA_VALUE); + value = p11_attrs_find_value (p11_dict_get (ex->stapled, &attr), CKA_VALUE, &length); if (value == NULL) { *oids = NULL; return true; } - *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value->pValue, - value->ulValueLen); + *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length); return_val_if_fail (*oids != NULL, false); return true; diff --git a/tools/tests/test-extract.c b/tools/tests/test-extract.c index c7382cd..29ee986 100644 --- a/tools/tests/test-extract.c +++ b/tools/tests/test-extract.c @@ -218,7 +218,8 @@ static CK_ATTRIBUTE extension_eku_invalid[] = { static void test_info_simple_certificate (CuTest *tc) { - CK_ATTRIBUTE *value; + void *value; + size_t length; CK_RV rv; setup (tc); @@ -237,9 +238,9 @@ test_info_simple_certificate (CuTest *tc) CuAssertIntEquals (tc, CKO_CERTIFICATE, test.ex.klass); CuAssertPtrNotNull (tc, test.ex.attrs); - value = p11_attrs_find_valid (test.ex.attrs, CKA_VALUE); + value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length); CuAssertPtrNotNull (tc, value); - CuAssertTrue (tc, memcmp (value->pValue, test_cacert3_ca_der, value->ulValueLen) == 0); + CuAssertTrue (tc, memcmp (value, test_cacert3_ca_der, length) == 0); CuAssertPtrNotNull (tc, test.ex.cert_der); CuAssertTrue (tc, memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0); CuAssertPtrNotNull (tc, test.ex.cert_asn); -- cgit v1.1