Use CKA_X_CERTIFICATE_VALUE for trust assertions

These don't contain the CKA_VALUE attribute for certificate data
but rather the CKA_X_CERTIFICATE_VALUE attribute.

https://bugs.freedesktop.org/show_bug.cgi?id=62896

diff --git a/trust/builder.c b/trust/builder.c
index b23d01898e228028e80e650f925431f2184de8dd..32f2d1b67dfe79b80b40801f6704f1f56f64e382 100644 (file)
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -630,7 +630,7 @@ const static builder_schema assertion_schema = {
        GENERATED_CLASS,
        { COMMON_ATTRS,
          { CKA_X_PURPOSE, REQUIRE | CREATE },
-         { CKA_VALUE, CREATE },
+         { CKA_X_CERTIFICATE_VALUE, CREATE },
          { CKA_X_ASSERTION_TYPE, REQUIRE | CREATE },
          { CKA_ISSUER, CREATE },
          { CKA_SERIAL_NUMBER, CREATE },
@@ -1181,6 +1181,7 @@ build_assertions (p11_array *array,
        CK_ATTRIBUTE autogen = { CKA_X_GENERATED, &truev, sizeof (truev) };
        CK_ATTRIBUTE purpose = { CKA_X_PURPOSE, };
        CK_ATTRIBUTE invalid = { CKA_INVALID, };
+       CK_ATTRIBUTE certificate_value = { CKA_X_CERTIFICATE_VALUE, };
 
        CK_ATTRIBUTE *issuer;
        CK_ATTRIBUTE *serial;
@@ -1191,7 +1192,7 @@ build_assertions (p11_array *array,
        int i;
 
        if (type == CKT_X_DISTRUSTED_CERTIFICATE) {
-               value = &invalid;
+               certificate_value.type = CKA_INVALID;
                issuer = p11_attrs_find_valid (cert, CKA_ISSUER);
                serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER);
 
@@ -1209,6 +1210,9 @@ build_assertions (p11_array *array,
                        p11_debug ("not building positive trust assertion for certificate without value");
                        return;
                }
+
+               certificate_value.pValue = value->pValue;
+               certificate_value.ulValueLen = value->ulValueLen;
        }
 
        label = p11_attrs_find (cert, CKA_LABEL);
@@ -1224,7 +1228,7 @@ build_assertions (p11_array *array,
 
                attrs = p11_attrs_build (NULL, &klass, &private, &modifiable,
                                         id, label, &assertion_type, &purpose,
-                                        issuer, serial, value, &autogen, NULL);
+                                        issuer, serial, &certificate_value, &autogen, NULL);
                return_if_fail (attrs != NULL);
 
                if (!p11_array_push (array, attrs))
@@ -1304,7 +1308,7 @@ replace_trust_assertions (p11_builder *builder,
        CK_RV rv;
 
        CK_ATTRIBUTE match_positive[] = {
-               { CKA_VALUE, },
+               { CKA_X_CERTIFICATE_VALUE, },
                { CKA_CLASS, &assertion, sizeof (assertion) },
                { CKA_X_GENERATED, &generated, sizeof (generated) },
                { CKA_INVALID }
@@ -1321,7 +1325,8 @@ replace_trust_assertions (p11_builder *builder,
        value = p11_attrs_find_valid (cert, CKA_VALUE);
        if (value) {
                positives = p11_array_new (NULL);
-               memcpy (match_positive, value, sizeof (CK_ATTRIBUTE));
+               match_positive[0].pValue = value->pValue;
+               match_positive[0].ulValueLen = value->ulValueLen;
        }
 
        issuer = p11_attrs_find_valid (cert, CKA_ISSUER);

diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c
index 723a251a75ff061f00b8a73d82c81a2f8dd8a12b..5ce3b2283ac2449c3273b5eae84f1a01d81a23b6 100644 (file)
--- a/trust/tests/test-builder.c
+++ b/trust/tests/test-builder.c
@@ -1150,7 +1150,7 @@ test_changed_trusted_certificate (CuTest *cu)
                { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
                { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
                { CKA_LABEL, "Custom Label", 12 },
-               { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+               { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
                { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
                { CKA_ID, "cacert3", 7 },
                { CKA_INVALID },
@@ -1160,7 +1160,7 @@ test_changed_trusted_certificate (CuTest *cu)
                { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
                { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 },
                { CKA_LABEL, "Custom Label", 12 },
-               { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+               { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
                { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
                { CKA_ID, "cacert3", 7 },
                { CKA_INVALID },
@@ -1466,7 +1466,7 @@ test_changed_dup_certificates (CuTest *cu)
        static CK_ATTRIBUTE anchor_assertion[] = {
                { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
                { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
-               { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
+               { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
                { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
                { CKA_ID, "cacert3", 7 },
                { CKA_INVALID },