diff options
| author | wyllys <none@none> | 2007-09-25 11:12:45 -0700 |
|---|---|---|
| committer | wyllys <none@none> | 2007-09-25 11:12:45 -0700 |
| commit | 4ba70ed0e487727de98a6297bc6d0a827001a390 (patch) | |
| tree | 7cdfe6a16bcdec7d58adbe3011c6a94099c75915 /usr/src | |
| parent | cf5b5989488984444a152faba2a8183a71dcf485 (diff) | |
| download | illumos-joyent-4ba70ed0e487727de98a6297bc6d0a827001a390.tar.gz | |
6607135 KMF incorrectly labels public keys as private
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/cmd/cmd-crypto/pktool/list.c | 1 | ||||
| -rw-r--r-- | usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c | 41 |
2 files changed, 39 insertions, 3 deletions
diff --git a/usr/src/cmd/cmd-crypto/pktool/list.c b/usr/src/cmd/cmd-crypto/pktool/list.c index 01dc537c8b..c138532b86 100644 --- a/usr/src/cmd/cmd-crypto/pktool/list.c +++ b/usr/src/cmd/cmd-crypto/pktool/list.c @@ -406,6 +406,7 @@ list_pk11_objects(KMF_HANDLE_T kmfhandle, char *token, int oclass, if (rv == KMF_OK && (oclass & PK_PUBKEY_OBJ)) { int num = numattr; + private = B_FALSE; keyclass = KMF_ASYM_PUB; kmf_set_attr_at_index(attrlist, num, KMF_KEYCLASS_ATTR, &keyclass, diff --git a/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c b/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c index 3d7cfae6d2..189412acb7 100644 --- a/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c +++ b/usr/src/lib/libkmf/plugins/kmf_pkcs11/common/pkcs11_spi.c @@ -1877,6 +1877,7 @@ getObjectKeytype(KMF_HANDLE_T handle, CK_OBJECT_HANDLE obj, return (rv); } + static CK_RV getObjectLabel(KMF_HANDLE_T handle, CK_OBJECT_HANDLE obj, char **outlabel) @@ -1901,6 +1902,33 @@ getObjectLabel(KMF_HANDLE_T handle, CK_OBJECT_HANDLE obj, return (rv); } +static CK_RV +getObjectKeyclass(KMF_HANDLE_T handle, CK_OBJECT_HANDLE obj, + KMF_KEY_CLASS *keyclass) +{ + CK_RV rv = CKR_OK; + CK_ATTRIBUTE templ; + KMF_HANDLE *kmfh = (KMF_HANDLE *)handle; + CK_OBJECT_CLASS class; + + templ.type = CKA_CLASS; + templ.pValue = &class; + templ.ulValueLen = sizeof (CK_OBJECT_CLASS); + + rv = C_GetAttributeValue(kmfh->pk11handle, obj, &templ, 1); + if (rv == CKR_OK) { + if (class == CKO_PUBLIC_KEY) { + *keyclass = KMF_ASYM_PUB; + } else if (class == CKO_PRIVATE_KEY) { + *keyclass = KMF_ASYM_PRI; + } else if (class == CKO_SECRET_KEY) { + *keyclass = KMF_SYMMETRIC; + } + } else { + *keyclass = KMF_KEYCLASS_NONE; + } + return (rv); +} KMF_RETURN KMFPK11_FindPrikeyByCert(KMF_HANDLE_T handle, int numattr, @@ -2695,7 +2723,6 @@ KMFPK11_FindKey(KMF_HANDLE_T handle, if (keys != NULL) { CK_ULONG keytype; keys[n].kstype = KMF_KEYSTORE_PK11TOKEN; - keys[n].keyclass = keyclass; keys[n].israw = FALSE; keys[n].keyp = (void *)hObj; @@ -2711,12 +2738,20 @@ KMFPK11_FindKey(KMF_HANDLE_T handle, if (ckrv != CKR_OK) goto end; + if (keyclass == KMF_KEYCLASS_NONE) { + ckrv = getObjectKeyclass(handle, + (CK_OBJECT_HANDLE) + keys[n].keyp, + &(keys[n].keyclass)); + if (ckrv != CKR_OK) + goto end; + } else { + keys[n].keyclass = keyclass; + } if (keytype == CKK_RSA) { keys[n].keyalg = KMF_RSA; - keys[n].keyclass = KMF_ASYM_PRI; } else if (keytype == CKK_DSA) { keys[n].keyalg = KMF_DSA; - keys[n].keyclass = KMF_ASYM_PRI; } else if (keytype == CKK_AES) { keys[n].keyalg = KMF_AES; keys[n].keyclass = |