[pkg-opensc-commit] [opensc] 197/295: pkcs11-tool: Polish rough edges of --attr-from use case to verify and convert in all cases
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 2031735fb11eebd9181192d685247208c2c106f1
Author: Jakub Jelen <jjelen at redhat.com>
Date: Mon Mar 20 15:03:32 2017 +0100
pkcs11-tool: Polish rough edges of --attr-from use case to verify and convert in all cases
---
src/tools/pkcs11-tool.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 06a1f3b..c500af6 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1994,9 +1994,7 @@ static void parse_certificate(struct x509cert_info *cert,
if (strstr((char *)data, "-----BEGIN CERTIFICATE-----")) {
BIO *mem = BIO_new_mem_buf(data, len);
x = PEM_read_bio_X509(mem, NULL, NULL, NULL);
- /* Update what is written to the card to be DER encoded
- * If we use --attr-from do not check anything and write
- * blob to the card */
+ /* Update what is written to the card to be DER encoded */
if (contents != NULL) {
unsigned char *contents_pointer = contents;
*contents_len = i2d_X509(x, &contents_pointer);
@@ -2010,6 +2008,10 @@ static void parse_certificate(struct x509cert_info *cert,
if (!x) {
util_fatal("OpenSSL error during X509 certificate parsing");
}
+ /* convert only (if needed) */
+ if (cert == NULL)
+ return;
+
/* check length first */
n = i2d_X509_NAME(X509_get_subject_name(x), NULL);
if (n < 0)
@@ -2295,14 +2297,28 @@ static int write_object(CK_SESSION_HANDLE session)
fclose(f);
need_to_parse_certdata = 1;
}
- if (opt_object_class == CKO_CERTIFICATE && !opt_attr_from_file) {
- memcpy(certdata, contents, MAX_OBJECT_SIZE);
- certdata_len = contents_len;
- need_to_parse_certdata = 1;
+ if (opt_object_class == CKO_CERTIFICATE) {
+ if (opt_attr_from_file) {
+ /* Convert contents from PEM to DER if needed
+ * certdata already read and will be validated later
+ */
+#ifdef ENABLE_OPENSSL
+ parse_certificate(NULL, contents, contents_len, contents, &contents_len);
+#else
+ util_fatal("No OpenSSL support, cannot parse certificate");
+#endif
+ } else {
+ memcpy(certdata, contents, MAX_OBJECT_SIZE);
+ certdata_len = contents_len;
+ need_to_parse_certdata = 1;
+ }
}
if (need_to_parse_certdata) {
#ifdef ENABLE_OPENSSL
+ /* Validate and get the certificate fields (from certdata)
+ * and convert PEM to DER if needed
+ */
parse_certificate(&cert, certdata, certdata_len,
(opt_attr_from_file ? NULL : contents), &contents_len);
#else
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list