Compare commits

...

38 Commits

Author SHA1 Message Date
Alexey Lyubimov 3d9f513792 import pkcs11-helper-1.22-7.el8
8 months ago
Troy Dawson 02c1550a3e remove package.cfg per new epel-playground policy
4 years ago
Stephen Smoogen 8a6bde0ccb Merge branch 'master' into epel8
5 years ago
Gwyn Ciesla 3febee64f4 "Adding package.cfg file"
5 years ago
Fedora Release Engineering 316ded11c3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
6 years ago
Igor Gnatenko a97a7845f4 Remove obsolete Group tag
6 years ago
Igor Gnatenko 9234ff5919
Remove obsolete ldconfig scriptlets
6 years ago
Fedora Release Engineering f8ba6cc734 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
6 years ago
Igor Gnatenko 34d7f7bc2d add BuildRequires: gcc
6 years ago
Fedora Release Engineering 280c020eae - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
7 years ago
Nikos Mavrogiannopoulos 133efad4c2 Addressed issue with RFC7512 URI parsing (#1516474)
7 years ago
Fedora Release Engineering 5c12970bd6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
7 years ago
Fedora Release Engineering d9dfa4eda9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
7 years ago
Nikos Mavrogiannopoulos 3bbda1b07c updated to 1.22
8 years ago
Fedora Release Engineering 0d91c593b6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
8 years ago
Fedora Release Engineering f9a65385f4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
9 years ago
David Woodhouse 3a9fcbae1e Fix URI ID parsing (#1264645)
9 years ago
Dennis Gilmore 8fb2232df5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
10 years ago
David Woodhouse b6b4200127 Use RFC7512 URIs
10 years ago
David Woodhouse 830e8d13bf Apply upstream fix for bug #1172237 (ignore objects without CKA_ID)
10 years ago
Peter Robinson fae1e77096 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
10 years ago
Dennis Gilmore d6c7dc61af - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
11 years ago
Jon Ciesla 49fe1ad2bd 1.11.
11 years ago
Dennis Gilmore 37b5c5a77f - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
11 years ago
Kalev Lember 88283cdcf5 Update to 1.10
12 years ago
Dennis Gilmore ae00a1ceaa - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
12 years ago
Dennis Gilmore cbec3901c6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
12 years ago
Dennis Gilmore fd62305537 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
13 years ago
Kalev Lember b5722f2572 Update to 1.09
13 years ago
Kalev Lember 24ccce2c75 Clean up the spec file for modern rpmbuild
14 years ago
Kalev Lember ed87f572b1 Update to 1.08
14 years ago
Dennis Gilmore 68f5a9c412 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
14 years ago
Fedora Release Engineering a68042b5af dist-git conversion
14 years ago
Kalev Lember 4771e98a05 - use System Environment/Libraries group for main package
15 years ago
Bill Nottingham 66d24ef3f6 Fix typo that causes a failure to update the common directory. (releng
15 years ago
Tomáš Mráz 857fd4b0c0 - rebuilt with new openssl
15 years ago
Jesse Keating c74f73d320 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
16 years ago
Kalev Lember 2e809c117c Initial import.
16 years ago

6
.gitignore vendored

@ -0,0 +1,6 @@
/pkcs11-helper-1.07.tar.bz2
/pkcs11-helper-1.08.tar.bz2
/pkcs11-helper-1.09.tar.bz2
/pkcs11-helper-1.10.tar.bz2
/pkcs11-helper-1.11.tar.bz2
pkcs11-helper-1.22.tar.bz2

@ -0,0 +1 @@
0cdbc7c2227375485bc0ca0b937f9fe6a08f81cc SOURCES/pkcs11-helper-1.22.tar.bz2

@ -1,21 +0,0 @@
# Makefile for source rpm: pkcs11-helper
# $Id$
NAME := pkcs11-helper
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

@ -0,0 +1,686 @@
commit 8b614fd9554d3b372a829e4a05e21c5899f581ca
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu Apr 30 14:58:24 2015 +0100
Serialize to RFC7512-compliant PKCS#11 URIs
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
commit db7a561668614b16b3a14564b3b4f71912db8e17
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Wed Dec 10 14:00:21 2014 +0000
Accept RFC7512-compliant PKCS#11 URIs as serialized token/certificate IDs
The old format is still accepted for compatibility.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
commit 7f89de7690edc3dfbd4eb70ad457814a2489a5bc
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: Sun Dec 14 19:42:18 2014 +0000
Stop _pkcs11h_util_hexToBinary() checking for trailing NUL
We are going to want to use this for parsing %XX hex escapes in RFC7512
PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only
one existing caller at the moment, it's simple just to let the caller
have responsibility for that check.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
index ad275f8..1d077e4 100644
--- a/lib/pkcs11h-serialization.c
+++ b/lib/pkcs11h-serialization.c
@@ -61,29 +61,127 @@
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
+#define URI_SCHEME "pkcs11:"
+
+#define token_field_ofs(field) ((unsigned long)&(((struct pkcs11h_token_id_s *)0)->field))
+#define token_field_size(field) sizeof((((struct pkcs11h_token_id_s *)0)->field))
+#define token_field(name, field) { name "=", sizeof(name), \
+ token_field_ofs(field), token_field_size(field) }
+
+static struct {
+ const char const *name;
+ size_t namelen;
+ unsigned long field_ofs;
+ size_t field_size;
+} __token_fields[] = {
+ token_field ("model", model),
+ token_field ("token", label),
+ token_field ("manufacturer", manufacturerID ),
+ token_field ("serial", serialNumber ),
+ { NULL },
+};
+
+#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ "0123456789_-."
+
+static
+int
+__token_attr_escape(char *uri, char *attr, size_t attrlen)
+{
+ int len = 0, i;
+
+ for (i = 0; i < attrlen; i++) {
+ if (strchr(P11_URL_VERBATIM, attr[i])) {
+ if (uri) {
+ *(uri++) = attr[i];
+ }
+ len++;
+ } else {
+ if (uri) {
+ sprintf(uri, "%%%02x", (unsigned char)attr[i]);
+ uri += 3;
+ }
+ len += 3;
+ }
+ }
+ return len;
+}
+
+static
+CK_RV
+__generate_pkcs11_uri (
+ OUT char * const sz,
+ IN OUT size_t *max,
+ IN const pkcs11h_certificate_id_t certificate_id,
+ IN const pkcs11h_token_id_t token_id
+) {
+ size_t _max;
+ char *p = sz;
+ int i;
+
+ _PKCS11H_ASSERT (max!=NULL);
+ _PKCS11H_ASSERT (token_id!=NULL);
+
+ _max = strlen(URI_SCHEME);
+ for (i = 0; __token_fields[i].name; i++) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ _max += __token_fields[i].namelen;
+ _max += __token_attr_escape (NULL, field, strlen(field));
+ _max++; /* For a semicolon or trailing NUL */
+ }
+ if (certificate_id) {
+ _max += strlen (";id=");
+ _max += __token_attr_escape (NULL,
+ (char *)certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size);
+ }
+
+ if (!sz) {
+ *max = _max;
+ return CKR_OK;
+ }
+
+ if (sz && *max < _max)
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ p += sprintf(p, URI_SCHEME);
+ for (i = 0; __token_fields[i].name; i++) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ p += sprintf (p, "%s", __token_fields[i].name);
+ p += __token_attr_escape (p, field, strlen(field));
+ *(p++) = ';';
+ }
+ if (certificate_id) {
+ p += sprintf (p, "id=");
+ p += __token_attr_escape (p,
+ (char *)certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size);
+ } else {
+ /* Remove the unneeded trailing semicolon */
+ p--;
+ }
+ *(p++) = 0;
+
+ *max = _max;
+
+ return CKR_OK;
+}
+
CK_RV
pkcs11h_token_serializeTokenId (
OUT char * const sz,
IN OUT size_t *max,
IN const pkcs11h_token_id_t token_id
) {
- const char *sources[5];
CK_RV rv = CKR_FUNCTION_FAILED;
- size_t n;
- int e;
/*_PKCS11H_ASSERT (sz!=NULL); Not required*/
_PKCS11H_ASSERT (max!=NULL);
_PKCS11H_ASSERT (token_id!=NULL);
- { /* Must be after assert */
- sources[0] = token_id->manufacturerID;
- sources[1] = token_id->model;
- sources[2] = token_id->serialNumber;
- sources[3] = token_id->label;
- sources[4] = NULL;
- }
-
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p",
@@ -92,67 +190,161 @@ pkcs11h_token_serializeTokenId (
(void *)token_id
);
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t;
- if (
- (rv = _pkcs11h_util_escapeString (
- NULL,
- sources[e],
- &t,
- __PKCS11H_SERIALIZE_INVALID_CHARS
- )) != CKR_OK
- ) {
- goto cleanup;
+ rv = __generate_pkcs11_uri(sz, max, NULL, token_id);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'",
+ rv,
+ pkcs11h_getMessage (rv),
+ *max,
+ sz
+ );
+
+ return rv;
+}
+
+static
+CK_RV
+__parse_token_uri_attr (
+ const char *uri,
+ size_t urilen,
+ char *tokstr,
+ size_t toklen,
+ size_t *parsed_len
+) {
+ size_t orig_toklen = toklen;
+ CK_RV rv = CKR_OK;
+
+ while (urilen && toklen > 1) {
+ if (*uri == '%') {
+ size_t size = 1;
+
+ if (urilen < 3) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto done;
+ }
+
+ rv = _pkcs11h_util_hexToBinary ((unsigned char *)tokstr,
+ uri + 1, &size);
+ if (rv != CKR_OK) {
+ goto done;
+ }
+
+ uri += 2;
+ urilen -= 2;
+ } else {
+ *tokstr = *uri;
}
- n+=t;
+ tokstr++;
+ uri++;
+ toklen--;
+ urilen--;
+ tokstr[0] = 0;
}
- if (sz != NULL) {
- if (*max < n) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
+ if (urilen) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ } else if (parsed_len) {
+ *parsed_len = orig_toklen - toklen;
+ }
+
+ done:
+ return rv;
+}
+
+static
+CK_RV
+__parse_pkcs11_uri (
+ OUT pkcs11h_token_id_t token_id,
+ OUT pkcs11h_certificate_id_t certificate_id,
+ IN const char * const sz
+) {
+ const char *end, *p;
+ CK_RV rv = CKR_OK;
+
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ if (strncmp (sz, URI_SCHEME, strlen (URI_SCHEME)))
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+
+ end = sz + strlen (URI_SCHEME) - 1;
+ while (rv == CKR_OK && end[0] && end[1]) {
+ int i;
+
+ p = end + 1;
+ end = strchr (p, ';');
+ if (!end)
+ end = p + strlen(p);
+
+ for (i = 0; __token_fields[i].name; i++) {
+ /* Parse the token=, label=, manufacturer= and serial= fields */
+ if (!strncmp(p, __token_fields[i].name, __token_fields[i].namelen)) {
+ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
+
+ p += __token_fields[i].namelen;
+ rv = __parse_token_uri_attr (p, end - p, field,
+ __token_fields[i].field_size,
+ NULL);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
+ goto matched;
+ }
}
+ if (certificate_id && !strncmp(p, "id=", 3)) {
+ p += 3;
+
+ rv = _pkcs11h_mem_malloc ((void *)&certificate_id->attrCKA_ID,
+ end - p + 1);
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t = *max-n;
- if (
- (rv = _pkcs11h_util_escapeString (
- sz+n,
- sources[e],
- &t,
- __PKCS11H_SERIALIZE_INVALID_CHARS
- )) != CKR_OK
- ) {
+ rv = __parse_token_uri_attr (p, end - p,
+ (char *)certificate_id->attrCKA_ID,
+ end - p + 1,
+ &certificate_id->attrCKA_ID_size);
+ if (rv != CKR_OK) {
goto cleanup;
}
- n+=t;
- sz[n-1] = '/';
+
+ goto matched;
}
- sz[n-1] = '\x0';
- }
- *max = n;
- rv = CKR_OK;
+ /* We don't parse object= because the match code doesn't support
+ matching by label. */
+
+ /* Failed to parse PKCS#11 URI element. */
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ matched:
+ ;
+ }
cleanup:
+ /* The matching code doesn't support support partial matches; it needs
+ * *all* of manufacturer, model, serial and label attributes to be
+ * defined. So reject partial URIs early instead of letting it do the
+ * wrong thing. We can maybe improve this later. */
+ if (!token_id->model[0] || !token_id->label[0] ||
+ !token_id->manufacturerID[0] || !token_id->serialNumber[0]) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'",
- rv,
- pkcs11h_getMessage (rv),
- *max,
- sz
- );
+ /* For a certificate ID we need CKA_ID */
+ if (certificate_id && !certificate_id->attrCKA_ID_size) {
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
return rv;
}
+static
CK_RV
-pkcs11h_token_deserializeTokenId (
- OUT pkcs11h_token_id_t *p_token_id,
+__pkcs11h_token_legacy_deserializeTokenId (
+ OUT pkcs11h_token_id_t token_id,
IN const char * const sz
) {
#define __PKCS11H_TARGETS_NUMBER 4
@@ -161,24 +353,11 @@ pkcs11h_token_deserializeTokenId (
size_t s;
} targets[__PKCS11H_TARGETS_NUMBER];
- pkcs11h_token_id_t token_id = NULL;
char *p1 = NULL;
char *_sz = NULL;
int e;
CK_RV rv = CKR_FUNCTION_FAILED;
- _PKCS11H_ASSERT (p_token_id!=NULL);
- _PKCS11H_ASSERT (sz!=NULL);
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
- (void *)p_token_id,
- sz
- );
-
- *p_token_id = NULL;
-
if (
(rv = _pkcs11h_mem_strdup (
(void *)&_sz,
@@ -190,10 +369,6 @@ pkcs11h_token_deserializeTokenId (
p1 = _sz;
- if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
- goto cleanup;
- }
-
targets[0].p = token_id->manufacturerID;
targets[0].s = sizeof (token_id->manufacturerID);
targets[1].p = token_id->model;
@@ -252,6 +427,51 @@ pkcs11h_token_deserializeTokenId (
p1 = p2+1;
}
+ rv = CKR_OK;
+
+cleanup:
+
+ if (_sz != NULL) {
+ _pkcs11h_mem_free ((void *)&_sz);
+ }
+
+ return rv;
+#undef __PKCS11H_TARGETS_NUMBER
+}
+
+CK_RV
+pkcs11h_token_deserializeTokenId (
+ OUT pkcs11h_token_id_t *p_token_id,
+ IN const char * const sz
+) {
+ pkcs11h_token_id_t token_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (p_token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
+ (void *)p_token_id,
+ sz
+ );
+
+ *p_token_id = NULL;
+
+ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
+ goto cleanup;
+ }
+
+ if (!strncmp (sz, URI_SCHEME, strlen (URI_SCHEME))) {
+ rv = __parse_pkcs11_uri(token_id, NULL, sz);
+ } else {
+ rv = __pkcs11h_token_legacy_deserializeTokenId(token_id, sz);
+ }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
strncpy (
token_id->display,
token_id->label,
@@ -264,11 +484,6 @@ pkcs11h_token_deserializeTokenId (
rv = CKR_OK;
cleanup:
-
- if (_sz != NULL) {
- _pkcs11h_mem_free ((void *)&_sz);
- }
-
if (token_id != NULL) {
pkcs11h_token_freeTokenId (token_id);
}
@@ -281,7 +496,6 @@ cleanup:
);
return rv;
-#undef __PKCS11H_TARGETS_NUMBER
}
#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
@@ -295,9 +509,6 @@ pkcs11h_certificate_serializeCertificateId (
IN const pkcs11h_certificate_id_t certificate_id
) {
CK_RV rv = CKR_FUNCTION_FAILED;
- size_t saved_max = 0;
- size_t n = 0;
- size_t _max = 0;
/*_PKCS11H_ASSERT (sz!=NULL); Not required */
_PKCS11H_ASSERT (max!=NULL);
@@ -311,42 +522,7 @@ pkcs11h_certificate_serializeCertificateId (
(void *)certificate_id
);
- if (sz != NULL) {
- saved_max = n = *max;
- }
- *max = 0;
-
- if (
- (rv = pkcs11h_token_serializeTokenId (
- sz,
- &n,
- certificate_id->token_id
- )) != CKR_OK
- ) {
- goto cleanup;
- }
-
- _max = n + certificate_id->attrCKA_ID_size*2 + 1;
-
- if (sz != NULL) {
- if (saved_max < _max) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- goto cleanup;
- }
-
- sz[n-1] = '/';
- rv = _pkcs11h_util_binaryToHex (
- sz+n,
- saved_max-n,
- certificate_id->attrCKA_ID,
- certificate_id->attrCKA_ID_size
- );
- }
-
- *max = _max;
- rv = CKR_OK;
-
-cleanup:
+ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id);
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
@@ -360,27 +536,16 @@ cleanup:
return rv;
}
+static
CK_RV
-pkcs11h_certificate_deserializeCertificateId (
- OUT pkcs11h_certificate_id_t * const p_certificate_id,
+__pkcs11h_certificate_legacy_deserializeCertificateId (
+ OUT pkcs11h_certificate_id_t certificate_id,
IN const char * const sz
) {
- pkcs11h_certificate_id_t certificate_id = NULL;
CK_RV rv = CKR_FUNCTION_FAILED;
char *p = NULL;
char *_sz = NULL;
-
- _PKCS11H_ASSERT (p_certificate_id!=NULL);
- _PKCS11H_ASSERT (sz!=NULL);
-
- *p_certificate_id = NULL;
-
- _PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
- (void *)p_certificate_id,
- sz
- );
+ size_t id_hex_len;
if (
(rv = _pkcs11h_mem_strdup (
@@ -393,10 +558,6 @@ pkcs11h_certificate_deserializeCertificateId (
p = _sz;
- if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
- goto cleanup;
- }
-
if ((p = strrchr (_sz, '/')) == NULL) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
goto cleanup;
@@ -414,7 +575,12 @@ pkcs11h_certificate_deserializeCertificateId (
goto cleanup;
}
- certificate_id->attrCKA_ID_size = strlen (p)/2;
+ id_hex_len = strlen (p);
+ if (id_hex_len & 1) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+ }
+ certificate_id->attrCKA_ID_size = id_hex_len/2;
if (
(rv = _pkcs11h_mem_malloc (
@@ -430,21 +596,64 @@ pkcs11h_certificate_deserializeCertificateId (
goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
+ if (_sz != NULL) {
+ _pkcs11h_mem_free ((void *)&_sz);
+ }
+
+ return rv;
+
+}
+
+CK_RV
+pkcs11h_certificate_deserializeCertificateId (
+ OUT pkcs11h_certificate_id_t * const p_certificate_id,
+ IN const char * const sz
+) {
+ pkcs11h_certificate_id_t certificate_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _PKCS11H_ASSERT (p_certificate_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
+
+ *p_certificate_id = NULL;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
+ (void *)p_certificate_id,
+ sz
+ );
+
+ if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
+ goto cleanup;
+ }
+ if ((rv = _pkcs11h_token_newTokenId (&certificate_id->token_id)) != CKR_OK) {
+ goto cleanup;
+ }
+
+ if (!strncmp(sz, URI_SCHEME, strlen (URI_SCHEME))) {
+ rv = __parse_pkcs11_uri (certificate_id->token_id, certificate_id, sz);
+ } else {
+ rv = __pkcs11h_certificate_legacy_deserializeCertificateId (certificate_id, sz);
+ }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+
*p_certificate_id = certificate_id;
certificate_id = NULL;
rv = CKR_OK;
cleanup:
-
if (certificate_id != NULL) {
pkcs11h_certificate_freeCertificateId (certificate_id);
certificate_id = NULL;
}
- if (_sz != NULL) {
- _pkcs11h_mem_free ((void *)&_sz);
- }
-
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'",
diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c
index 0743fd1..f90e443 100644
--- a/lib/pkcs11h-util.c
+++ b/lib/pkcs11h-util.c
@@ -110,12 +110,7 @@ _pkcs11h_util_hexToBinary (
p++;
}
- if (*p != '\x0') {
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- else {
- return CKR_OK;
- }
+ return CKR_OK;
}
CK_RV

@ -0,0 +1,165 @@
Name: pkcs11-helper
Version: 1.22
Release: 7%{?dist}
Summary: A library for using PKCS#11 providers
License: GPLv2 or BSD
URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper
Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2
Patch2: pkcs11-helper-rfc7512.patch
BuildRequires: gcc
BuildRequires: doxygen graphviz
BuildRequires: openssl-devel
%description
pkcs11-helper is a library that simplifies the interaction with PKCS#11
providers for end-user applications using a simple API and optional OpenSSL
engine. The library allows using multiple PKCS#11 providers at the same time,
enumerating available token certificates, or selecting a certificate directly
by serialized id, handling card removal and card insert events, handling card
re-insert to a different slot, supporting session expiration and much more all
using a simple API.
%package devel
Summary: Development files for pkcs11-helper
Requires: %{name} = %{version}-%{release}
Requires: openssl-devel
# for /usr/share/aclocal
Requires: automake
%description devel
This package contains header files and documentation necessary for developing
programs using the pkcs11-helper library.
%prep
%setup -q
%patch2 -p1
%build
%configure --disable-static --enable-doc
make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
# Use %%doc to install documentation in a standard location
mkdir apidocdir
mv $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/api/ apidocdir/
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/
# Remove libtool .la files
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%ldconfig_scriptlets
%files
%doc AUTHORS ChangeLog COPYING* README THANKS
%{_libdir}/libpkcs11-helper.so.*
%files devel
%doc apidocdir/*
%{_includedir}/pkcs11-helper-1.0/
%{_libdir}/libpkcs11-helper.so
%{_libdir}/pkgconfig/libpkcs11-helper-1.pc
%{_datadir}/aclocal/pkcs11-helper-1.m4
%{_mandir}/man8/pkcs11-helper-1.8*
%changelog
* Wed Mar 27 2024 Alexey Lyubimov <a.lyubimov@msvsphere-os.ru> - 1.22-7
- Rebuilt for MSVSphere 8.9
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Nov 24 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.22-4
- Addressed issue with RFC7512 URI parsing (#1516474)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Feb 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.22-1
- New upstream release
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Sep 22 2015 David Woodhouse <David.Woodhouse@intel.com> - 1.11-7
- Fix ID buffer size for URI parsing (#1264645)
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Apr 29 2015 David Woodhouse <David.Woodhouse@intel.com> - 1.11-5
- Migrate ID serialisation format to RFC7512 (#1173554)
* Tue Dec 09 2014 David Woodhouse <David.Woodhouse@intel.com> - 1.11-4
- Apply upstream fix for bug #1172237 (ignore objects without CKA_ID)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher@gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 02 2013 Kalev Lember <kalevlember@gmail.com> - 1.10-1
- Update to 1.10
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 1.09-1
- Update to 1.09
* Sun Jun 19 2011 Kalev Lember <kalev@smartlink.ee> - 1.08-1
- Update to 1.08
- Clean up the spec file for modern rpmbuild
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.07-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jul 01 2010 Kalev Lember <kalev@smartlink.ee> - 1.07-5
- use System Environment/Libraries group for main package
- removed R: pkgconfig from devel subpackage
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.07-4
- rebuilt with new openssl
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.07-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jul 11 2009 Kalev Lember <kalev@smartlink.ee> - 1.07-2
- Make devel package depend on automake for /usr/share/aclocal
* Tue Jun 23 2009 Kalev Lember <kalev@smartlink.ee> - 1.07-1
- Initial RPM release.
Loading…
Cancel
Save