[pkg-opensc-commit] [opensc] 197/295: pkcs11-tool: Polish rough edges of --attr-from use case to verify and convert in all cases

Sat Jun 24 21:11:31 UTC 2017

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit 2031735fb11eebd9181192d685247208c2c106f1
Author: Jakub Jelen <jjelen at redhat.com>
Date:   Mon Mar 20 15:03:32 2017 +0100

    pkcs11-tool: Polish rough edges of --attr-from use case to verify and convert in all cases
---
 src/tools/pkcs11-tool.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 06a1f3b..c500af6 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1994,9 +1994,7 @@ static void	parse_certificate(struct x509cert_info *cert,
 	if (strstr((char *)data, "-----BEGIN CERTIFICATE-----")) {
 		BIO *mem = BIO_new_mem_buf(data, len);
 		x = PEM_read_bio_X509(mem, NULL, NULL, NULL);
-		/* Update what is written to the card to be DER encoded
-		 * If we use  --attr-from  do not check anything and write
-		 * blob to the card */
+		/* Update what is written to the card to be DER encoded */
 		if (contents != NULL) {
 			unsigned char *contents_pointer = contents;
 			*contents_len = i2d_X509(x, &contents_pointer);
@@ -2010,6 +2008,10 @@ static void	parse_certificate(struct x509cert_info *cert,
 	if (!x) {
 		util_fatal("OpenSSL error during X509 certificate parsing");
 	}
+	/* convert only (if needed) */
+	if (cert == NULL)
+		return;
+
 	/* check length first */
 	n = i2d_X509_NAME(X509_get_subject_name(x), NULL);
 	if (n < 0)
@@ -2295,14 +2297,28 @@ static int write_object(CK_SESSION_HANDLE session)
 		fclose(f);
 		need_to_parse_certdata = 1;
 	}
-	if (opt_object_class == CKO_CERTIFICATE && !opt_attr_from_file) {
-		memcpy(certdata, contents, MAX_OBJECT_SIZE);
-		certdata_len = contents_len;
-		need_to_parse_certdata = 1;
+	if (opt_object_class == CKO_CERTIFICATE) {
+		if (opt_attr_from_file) {
+			/* Convert  contents  from PEM to DER if needed
+			 * certdata  already read and will be validated later
+			 */
+#ifdef ENABLE_OPENSSL
+			parse_certificate(NULL, contents, contents_len, contents, &contents_len);
+#else
+			util_fatal("No OpenSSL support, cannot parse certificate");
+#endif
+		} else {
+			memcpy(certdata, contents, MAX_OBJECT_SIZE);
+			certdata_len = contents_len;
+			need_to_parse_certdata = 1;
+		}
 	}
 
 	if (need_to_parse_certdata) {
 #ifdef ENABLE_OPENSSL
+		/* Validate and get the certificate fields (from certdata)
+		 * and convert PEM to DER if needed
+		 */
 		parse_certificate(&cert, certdata, certdata_len,
 			(opt_attr_from_file ? NULL : contents), &contents_len);
 #else

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git

