[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3679 - in trunk/softHSM: . src/lib

Rickard Bellgrim rickard.bellgrim at iis.se
Mon Aug 9 13:32:33 CEST 2010


Author: rb
Date: 2010-08-09 13:32:32 +0200 (Mon, 09 Aug 2010)
New Revision: 3679

Modified:
   trunk/softHSM/NEWS
   trunk/softHSM/src/lib/SoftDatabase.cpp
   trunk/softHSM/src/lib/attribute.cpp
Log:
CKA_WRAP_WITH_TRUSTED was not handled correctly


Modified: trunk/softHSM/NEWS
===================================================================
--- trunk/softHSM/NEWS	2010-08-09 11:01:33 UTC (rev 3678)
+++ trunk/softHSM/NEWS	2010-08-09 11:32:32 UTC (rev 3679)
@@ -10,6 +10,8 @@
   To use a PKCS#11 library other than SoftHSM.
 * Ticket #163: softhsm-keyconv now support BIND format v1.3
 * Write message to stderr when the config file cannot be found
+* CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not
+  been a problem since wrapping is not supported.
 
 
 SoftHSM 1.1.4 - 2010-04-06

Modified: trunk/softHSM/src/lib/SoftDatabase.cpp
===================================================================
--- trunk/softHSM/src/lib/SoftDatabase.cpp	2010-08-09 11:01:33 UTC (rev 3678)
+++ trunk/softHSM/src/lib/SoftDatabase.cpp	2010-08-09 11:32:32 UTC (rev 3679)
@@ -1100,13 +1100,27 @@
       break;
     case CKA_ALWAYS_SENSITIVE:
     case CKA_NEVER_EXTRACTABLE:
-    case CKA_WRAP_WITH_TRUSTED:
       // We can not set this for the private key
       if(this->getObjectClass(objectRef) == CKO_PRIVATE_KEY) {
         return CKR_ATTRIBUTE_READ_ONLY;
       }
       // Invalid for other object classes
       return CKR_ATTRIBUTE_TYPE_INVALID;
+    case CKA_WRAP_WITH_TRUSTED:
+      // We can change this for the private key
+      // but invalid for other object classes
+      if(this->getObjectClass(objectRef) != CKO_PRIVATE_KEY) {
+        return CKR_ATTRIBUTE_TYPE_INVALID;
+      }
+      // Attribute cannot be changed once set to CK_TRUE.
+      if(this->getBooleanAttribute(objectRef, CKA_WRAP_WITH_TRUSTED, CK_FALSE) == CK_TRUE) {
+        return CKR_ATTRIBUTE_READ_ONLY;
+      }
+      // Check size
+      if(attTemplate->ulValueLen != sizeof(CK_BBOOL)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+      }
+      break;
     case CKA_SENSITIVE:
       // We can change this for the private key
       // but invalid for other object classes

Modified: trunk/softHSM/src/lib/attribute.cpp
===================================================================
--- trunk/softHSM/src/lib/attribute.cpp	2010-08-09 11:01:33 UTC (rev 3678)
+++ trunk/softHSM/src/lib/attribute.cpp	2010-08-09 11:32:32 UTC (rev 3679)
@@ -179,6 +179,7 @@
       case CKA_UNWRAP:
       case CKA_SENSITIVE:
       case CKA_EXTRACTABLE:
+      case CKA_WRAP_WITH_TRUSTED:
         // Check for the correct size
         if(pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
           return CKR_ATTRIBUTE_VALUE_INVALID;
@@ -200,7 +201,6 @@
       case CKA_KEY_GEN_MECHANISM:
       case CKA_ALWAYS_SENSITIVE:
       case CKA_NEVER_EXTRACTABLE:
-      case CKA_WRAP_WITH_TRUSTED:
         // Must not be specified when object is created with C_CreateObject
         return CKR_ATTRIBUTE_VALUE_INVALID;
       case CKA_PUBLIC_EXPONENT:




More information about the Opendnssec-commits mailing list