[Cryptech-Commits] [sw/pkcs11] 07/20: Debug interface to libhal. With these fixes, passes minimal DNSSEC signer test.
git at cryptech.is
git at cryptech.is
Tue Jul 7 18:26:37 UTC 2015
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.
commit 543db94040b86589ee517baa2af2ca033fefb273
Author: Rob Austein <sra at hactrn.net>
Date: Tue Jun 23 00:35:19 2015 -0400
Debug interface to libhal. With these fixes, passes minimal DNSSEC
signer test.
---
pkcs11.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index a2e7dfc..cb80888 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1293,20 +1293,21 @@ static int p11_object_set_rsa_private_key(const CK_OBJECT_HANDLE object_handle,
uint8_t wrapbuf[hal_aes_keywrap_ciphertext_length(hal_rsa_key_to_der_len(key))];
const char *flavor = is_token_handle(object_handle) ? "token" : "session";
+ size_t der_len, wrapbuf_len = sizeof(wrapbuf);
sqlite3_stmt *q = NULL;
- size_t len;
int ok = 0;
if (!sql_check_ok(sql_prepare(&q, select_kek)) ||
!sql_check_row(sqlite3_step(q)) ||
sqlite3_column_type(q, 0) == SQLITE_NULL ||
- !hal_check(hal_rsa_key_to_der(key, wrapbuf+8, &len, sizeof(wrapbuf)-8)) ||
+ !hal_check(hal_rsa_key_to_der(key, wrapbuf+8, &der_len,
+ sizeof(wrapbuf)-8)) ||
!hal_check(hal_aes_keywrap(sqlite3_column_blob(q, 0),
sqlite3_column_bytes(q, 0),
- wrapbuf+8, len, wrapbuf, &len)) ||
+ wrapbuf+8, der_len, wrapbuf, &wrapbuf_len)) ||
!sql_check_ok(sql_finalize_and_clear(&q)) ||
!sql_check_ok(sql_prepare(&q, update_format, flavor, flavor, flavor)) ||
- !sql_check_ok(sqlite3_bind_blob( q, 1, wrapbuf, len, NULL)) ||
+ !sql_check_ok(sqlite3_bind_blob( q, 1, wrapbuf, wrapbuf_len, NULL)) ||
!sql_check_ok(sqlite3_bind_int64(q, 2, object_handle)) ||
!sql_check_done(sqlite3_step(q)))
goto fail;
@@ -1363,8 +1364,8 @@ static int p11_object_get_rsa_private_key(const CK_OBJECT_HANDLE object_handle,
const uint8_t * const pkey = sqlite3_column_blob(q, 1);
const size_t kek_len = sqlite3_column_bytes(q, 0);
const size_t pkey_len = sqlite3_column_bytes(q, 1);
- uint8_t wrapbuf[sqlite3_column_bytes(q, 1)];
- size_t wrapbuf_len;
+ size_t wrapbuf_len = pkey_len;
+ uint8_t wrapbuf[pkey_len];
ok = (hal_check(hal_aes_keyunwrap(kek, kek_len, pkey, pkey_len, wrapbuf, &wrapbuf_len)) &&
hal_check(hal_rsa_key_from_der(key, keybuf, keybuf_len, wrapbuf, wrapbuf_len)));
@@ -1906,7 +1907,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
pMechanism)) == CK_INVALID_HANDLE ||
!p11_attribute_get(public_handle, CKA_PUBLIC_EXPONENT,
public_exponent, &public_exponent_len, sizeof(public_exponent)) ||
- !hal_check(hal_rsa_key_gen(&key, keybuf, sizeof(keybuf), keysize,
+ !hal_check(hal_rsa_key_gen(&key, keybuf, sizeof(keybuf), keysize/8,
public_exponent, public_exponent_len)) ||
!p11_object_set_rsa_private_key(private_handle, key) ||
!hal_check(hal_rsa_key_get_modulus(key, modulus, &modulus_len, sizeof(modulus))) ||
@@ -2576,9 +2577,9 @@ CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession,
" DELETE FROM object WHERE object_handle = ?";
static const char delete_token_object[] =
- " WITH"
- " t AS (SELECT token_object_id FROM object WHERE object_handle = ?)"
- " DELETE FROM token_object WHERE token_object_id = t";
+ " DELETE FROM token_object"
+ " WHERE token_object_id = (SELECT token_object_id FROM object WHERE object_handle = ?)";
+
p11_session_t *session;
sqlite3_stmt *q = NULL;
More information about the Commits
mailing list