[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-106-g73ea673
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-106-g73ea673 |
Date: |
Sat, 18 Jun 2011 10:33:37 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=73ea673d5d1851dfcd3d4c159822a96e1e7ad5c9
The branch, master has been updated
via 73ea673d5d1851dfcd3d4c159822a96e1e7ad5c9 (commit)
from 750aaed6ffc8d29441f9f6d8870e2c8f4787c329 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 73ea673d5d1851dfcd3d4c159822a96e1e7ad5c9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jun 18 11:53:14 2011 +0200
Added new PKCS #11 flags to force an object being private or not.
Those are GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE.
p11tool supports now the --no-private and --private options.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 6 ++
lib/gnutls_errors.c | 2 +
lib/includes/gnutls/pkcs11.h | 2 +
lib/pkcs11.c | 2 +-
lib/pkcs11_write.c | 72 ++++++++++++++++++++-------
src/p11tool-gaa.c | 110 +++++++++++++++++++++++++----------------
src/p11tool-gaa.h | 26 +++++-----
src/p11tool.c | 2 +-
src/p11tool.gaa | 8 ++-
src/p11tool.h | 2 +-
src/pkcs11.c | 8 +++-
11 files changed, 160 insertions(+), 80 deletions(-)
diff --git a/NEWS b/NEWS
index be3e7ff..6963351 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
* Version 2.99.3 (unreleased)
+** libgnutls: Added new PKCS #11 flags to force an object being private or
+not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+
** libgnutls: Added SUITEB128 and SUITEB192 priority
strings to enable the NSA SuiteB cryptography ciphersuites.
@@ -44,6 +47,9 @@ gnutls_crypto_single_digest_register: REMOVED
gnutls_crypto_single_mac_register: REMOVED
GNUTLS_KX_ECDHE_PSK: New key exchange method
GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag.
+GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag.
+GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag.
+
* Version 2.99.2 (released 2011-05-26)
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 39bf11b..21d8297 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -332,6 +332,8 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
ERROR_ENTRY (N_("The curve is unsupported"),
GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
+ ERROR_ENTRY (N_("The requested PKCS #11 object is not available"),
+ GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
{NULL, NULL, 0, 0}
};
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index c1b7981..edcea28 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -69,6 +69,8 @@ int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as
trusted */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as
sensitive (unexportable) */
#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a
security officer in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private
(requires PIN to access) */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not
private */
/**
* gnutls_pkcs11_url_type_t:
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 41126dd..d76ed65 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -814,7 +814,7 @@ pkcs11_find_slot (struct ck_function_list ** module,
ck_slot_id_t * slot,
}
gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE;
}
int
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 3083faf..f376945 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -28,6 +28,9 @@
#include <gnutls_datum.h>
#include <pkcs11_int.h>
+static const ck_bool_t tval = 1;
+static const ck_bool_t fval = 0;
+
/**
* gnutls_pkcs11_copy_x509_crt:
* @token_url: A PKCS #11 URL specifying a token
@@ -58,8 +61,6 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
ck_object_class_t class = CKO_CERTIFICATE;
ck_certificate_type_t type = CKC_X_509;
ck_object_handle_t obj;
- ck_bool_t tval = 1;
- ck_bool_t fval = 0;
int a_val;
gnutls_datum_t subject = { NULL, 0 };
@@ -130,7 +131,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
a[2].value = der;
a[2].value_len = der_size;
a[3].type = CKA_TOKEN;
- a[3].value = &tval;
+ a[3].value = (void*)&tval;
a[3].value_len = sizeof (tval);
a[4].type = CKA_CERTIFICATE_TYPE;
a[4].value = &type;
@@ -143,7 +144,6 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
a[a_val].value_len = subject.size;
a_val++;
-
if (label)
{
a[a_val].type = CKA_LABEL;
@@ -155,15 +155,32 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
{
a[a_val].type = CKA_TRUSTED;
- a[a_val].value = &tval;
+ a[a_val].value = (void*)&tval;
a[a_val].value_len = sizeof (tval);
a_val++;
a[a_val].type = CKA_PRIVATE;
- a[a_val].value = &fval;
+ a[a_val].value = (void*)&fval;
a[a_val].value_len = sizeof(fval);
a_val++;
}
+ else
+ {
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE)
+ {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void*)&tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ }
+ else if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+ {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void*)&fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ }
+ }
rv = pkcs11_create_object (module, pks, a, a_val, &obj);
if (rv != CKR_OK)
@@ -219,7 +236,6 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
ck_object_class_t class = CKO_PRIVATE_KEY;
ck_object_handle_t obj;
ck_key_type_t type;
- ck_bool_t tval = 1;
int a_val;
gnutls_pk_algorithm_t pk;
gnutls_datum_t p, q, g, y, x;
@@ -271,14 +287,27 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
a_val++;
a[a_val].type = CKA_TOKEN;
- a[a_val].value = &tval;
+ a[a_val].value = (void*)&tval;
a[a_val].value_len = sizeof (tval);
a_val++;
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = &tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
+ /* a private key is set always as private unless
+ * requested otherwise
+ */
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+ {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void*)&fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ }
+ else
+ {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void*)&tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+ }
if (label)
{
@@ -289,14 +318,19 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
}
if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- tval = 1;
+ {
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = (void*)&tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+ }
else
- tval = 0;
-
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = &tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
+ {
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = (void*)&fval;
+ a[a_val].value_len = sizeof (fval);
+ a_val++;
+ }
pk = gnutls_x509_privkey_get_pk_algorithm (key);
switch (pk)
diff --git a/src/p11tool-gaa.c b/src/p11tool-gaa.c
index 83976f0..1816240 100644
--- a/src/p11tool-gaa.c
+++ b/src/p11tool-gaa.c
@@ -146,7 +146,9 @@ void gaa_help(void)
__gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates,
private or secret keys to a PKCS11 token.");
__gaa_helpsingle(0, "delete", "URL ", "Deletes objects matching the
URL.");
__gaa_helpsingle(0, "label", "label ", "Sets a label for the write
operation.");
- __gaa_helpsingle(0, "trusted", "", "Marks the certificate to be
imported as trusted.");
+ __gaa_helpsingle(0, "trusted", "", "Marks the certificate to be written
as trusted.");
+ __gaa_helpsingle(0, "private", "", "Marks the object to be written as
private (requires PIN).");
+ __gaa_helpsingle(0, "no-private", "", "Marks the object to be written
as not private.");
__gaa_helpsingle(0, "login", "", "Force login to token");
__gaa_helpsingle(0, "detailed-url", "", "Export detailed URLs.");
__gaa_helpsingle(0, "no-detailed-url", "", "Export less detailed
URLs.");
@@ -175,30 +177,32 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 80 "p11tool.gaa"
+#line 84 "p11tool.gaa"
int debug;
-#line 75 "p11tool.gaa"
+#line 79 "p11tool.gaa"
char *outfile;
-#line 72 "p11tool.gaa"
+#line 76 "p11tool.gaa"
int action;
-#line 71 "p11tool.gaa"
+#line 75 "p11tool.gaa"
char* pkcs11_provider;
-#line 67 "p11tool.gaa"
+#line 71 "p11tool.gaa"
int incert_format;
-#line 64 "p11tool.gaa"
+#line 68 "p11tool.gaa"
int pkcs8;
-#line 61 "p11tool.gaa"
+#line 65 "p11tool.gaa"
char *cert;
-#line 58 "p11tool.gaa"
+#line 62 "p11tool.gaa"
char *pubkey;
-#line 55 "p11tool.gaa"
+#line 59 "p11tool.gaa"
char *privkey;
-#line 52 "p11tool.gaa"
+#line 56 "p11tool.gaa"
char* secret_key;
-#line 48 "p11tool.gaa"
+#line 52 "p11tool.gaa"
int pkcs11_detailed_url;
-#line 45 "p11tool.gaa"
+#line 49 "p11tool.gaa"
int pkcs11_login;
+#line 45 "p11tool.gaa"
+ int pkcs11_private;
#line 42 "p11tool.gaa"
int pkcs11_trusted;
#line 35 "p11tool.gaa"
@@ -261,7 +265,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 27
+#define GAA_NB_OPTION 29
#define GAAOPTID_help 1
#define GAAOPTID_debug 2
#define GAAOPTID_outfile 3
@@ -276,19 +280,21 @@ static int gaa_error = 0;
#define GAAOPTID_no_detailed_url 12
#define GAAOPTID_detailed_url 13
#define GAAOPTID_login 14
-#define GAAOPTID_trusted 15
-#define GAAOPTID_label 16
-#define GAAOPTID_delete 17
-#define GAAOPTID_write 18
-#define GAAOPTID_initialize 19
-#define GAAOPTID_list_trusted 20
-#define GAAOPTID_list_privkeys 21
-#define GAAOPTID_list_certs 22
-#define GAAOPTID_list_all_certs 23
-#define GAAOPTID_list_all 24
-#define GAAOPTID_list_mechanisms 25
-#define GAAOPTID_list_tokens 26
-#define GAAOPTID_export 27
+#define GAAOPTID_no_private 15
+#define GAAOPTID_private 16
+#define GAAOPTID_trusted 17
+#define GAAOPTID_label 18
+#define GAAOPTID_delete 19
+#define GAAOPTID_write 20
+#define GAAOPTID_initialize 21
+#define GAAOPTID_list_trusted 22
+#define GAAOPTID_list_privkeys 23
+#define GAAOPTID_list_certs 24
+#define GAAOPTID_list_all_certs 25
+#define GAAOPTID_list_all 26
+#define GAAOPTID_list_mechanisms 27
+#define GAAOPTID_list_tokens 28
+#define GAAOPTID_export 29
#line 168 "gaa.skel"
@@ -604,6 +610,8 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_no_detailed_url);
GAA_CHECK1STR("", GAAOPTID_detailed_url);
GAA_CHECK1STR("", GAAOPTID_login);
+ GAA_CHECK1STR("", GAAOPTID_no_private);
+ GAA_CHECK1STR("", GAAOPTID_private);
GAA_CHECK1STR("", GAAOPTID_trusted);
GAA_CHECK1STR("", GAAOPTID_list_trusted);
GAA_CHECK1STR("", GAAOPTID_list_privkeys);
@@ -629,6 +637,8 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("no-detailed-url",
GAAOPTID_no_detailed_url);
GAA_CHECKSTR("detailed-url", GAAOPTID_detailed_url);
GAA_CHECKSTR("login", GAAOPTID_login);
+ GAA_CHECKSTR("no-private", GAAOPTID_no_private);
+ GAA_CHECKSTR("private", GAAOPTID_private);
GAA_CHECKSTR("trusted", GAAOPTID_trusted);
GAA_CHECKSTR("label", GAAOPTID_label);
GAA_CHECKSTR("delete", GAAOPTID_delete);
@@ -689,7 +699,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_help:
OK = 0;
-#line 83 "p11tool.gaa"
+#line 87 "p11tool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -699,7 +709,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 81 "p11tool.gaa"
+#line 85 "p11tool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
@@ -709,7 +719,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
gaa_index++;
-#line 76 "p11tool.gaa"
+#line 80 "p11tool.gaa"
{ gaaval->outfile = GAATMP_outfile.arg1 ;};
return GAA_OK;
@@ -719,28 +729,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_provider.arg1, gaa_getstr,
GAATMP_provider.size1);
gaa_index++;
-#line 73 "p11tool.gaa"
+#line 77 "p11tool.gaa"
{ gaaval->pkcs11_provider = GAATMP_provider.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_inraw:
OK = 0;
-#line 69 "p11tool.gaa"
+#line 73 "p11tool.gaa"
{ gaaval->incert_format=GNUTLS_X509_FMT_DER ;};
return GAA_OK;
break;
case GAAOPTID_inder:
OK = 0;
-#line 68 "p11tool.gaa"
+#line 72 "p11tool.gaa"
{ gaaval->incert_format=GNUTLS_X509_FMT_DER ;};
return GAA_OK;
break;
case GAAOPTID_pkcs8:
OK = 0;
-#line 65 "p11tool.gaa"
+#line 69 "p11tool.gaa"
{ gaaval->pkcs8=1 ;};
return GAA_OK;
@@ -750,7 +760,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr,
GAATMP_load_certificate.size1);
gaa_index++;
-#line 62 "p11tool.gaa"
+#line 66 "p11tool.gaa"
{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
return GAA_OK;
@@ -760,7 +770,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr,
GAATMP_load_pubkey.size1);
gaa_index++;
-#line 59 "p11tool.gaa"
+#line 63 "p11tool.gaa"
{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
return GAA_OK;
@@ -770,7 +780,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr,
GAATMP_load_privkey.size1);
gaa_index++;
-#line 56 "p11tool.gaa"
+#line 60 "p11tool.gaa"
{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
@@ -780,32 +790,46 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr,
GAATMP_secret_key.size1);
gaa_index++;
-#line 53 "p11tool.gaa"
+#line 57 "p11tool.gaa"
{ gaaval->secret_key = GAATMP_secret_key.arg1; ;};
return GAA_OK;
break;
case GAAOPTID_no_detailed_url:
OK = 0;
-#line 50 "p11tool.gaa"
+#line 54 "p11tool.gaa"
{ gaaval->pkcs11_detailed_url = 0; ;};
return GAA_OK;
break;
case GAAOPTID_detailed_url:
OK = 0;
-#line 49 "p11tool.gaa"
+#line 53 "p11tool.gaa"
{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
return GAA_OK;
break;
case GAAOPTID_login:
OK = 0;
-#line 46 "p11tool.gaa"
+#line 50 "p11tool.gaa"
{ gaaval->pkcs11_login = 1; ;};
return GAA_OK;
break;
+ case GAAOPTID_no_private:
+ OK = 0;
+#line 47 "p11tool.gaa"
+{ gaaval->pkcs11_private = 0; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_private:
+ OK = 0;
+#line 46 "p11tool.gaa"
+{ gaaval->pkcs11_private = 1; ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_trusted:
OK = 0;
#line 43 "p11tool.gaa"
@@ -939,12 +963,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 85 "p11tool.gaa"
+#line 89 "p11tool.gaa"
{
gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile =
NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL;
gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK;
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0;
gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB;
- gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format =
GNUTLS_X509_FMT_PEM; ;};
+ gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format =
GNUTLS_X509_FMT_PEM; gaaval->pkcs11_private = -1; ;};
}
inited = 1;
diff --git a/src/p11tool-gaa.h b/src/p11tool-gaa.h
index f581def..bc5871f 100644
--- a/src/p11tool-gaa.h
+++ b/src/p11tool-gaa.h
@@ -8,30 +8,32 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 80 "p11tool.gaa"
+#line 84 "p11tool.gaa"
int debug;
-#line 75 "p11tool.gaa"
+#line 79 "p11tool.gaa"
char *outfile;
-#line 72 "p11tool.gaa"
+#line 76 "p11tool.gaa"
int action;
-#line 71 "p11tool.gaa"
+#line 75 "p11tool.gaa"
char* pkcs11_provider;
-#line 67 "p11tool.gaa"
+#line 71 "p11tool.gaa"
int incert_format;
-#line 64 "p11tool.gaa"
+#line 68 "p11tool.gaa"
int pkcs8;
-#line 61 "p11tool.gaa"
+#line 65 "p11tool.gaa"
char *cert;
-#line 58 "p11tool.gaa"
+#line 62 "p11tool.gaa"
char *pubkey;
-#line 55 "p11tool.gaa"
+#line 59 "p11tool.gaa"
char *privkey;
-#line 52 "p11tool.gaa"
+#line 56 "p11tool.gaa"
char* secret_key;
-#line 48 "p11tool.gaa"
+#line 52 "p11tool.gaa"
int pkcs11_detailed_url;
-#line 45 "p11tool.gaa"
+#line 49 "p11tool.gaa"
int pkcs11_login;
+#line 45 "p11tool.gaa"
+ int pkcs11_private;
#line 42 "p11tool.gaa"
int pkcs11_trusted;
#line 35 "p11tool.gaa"
diff --git a/src/p11tool.c b/src/p11tool.c
index ce3bebb..ebaa6fd 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -147,7 +147,7 @@ gaa_parser (int argc, char **argv)
break;
case ACTION_PKCS11_WRITE_URL:
pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
- info.pkcs11_trusted, info.pkcs11_login, &cinfo);
+ info.pkcs11_trusted, info.pkcs11_private,
info.pkcs11_login, &cinfo);
break;
case ACTION_PKCS11_TOKEN_INIT:
pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
diff --git a/src/p11tool.gaa b/src/p11tool.gaa
index 7c2ca91..9c2e4ae 100644
--- a/src/p11tool.gaa
+++ b/src/p11tool.gaa
@@ -40,7 +40,11 @@ option (delete) STR "URL" { $action =
ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1
option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write
operation."
#int pkcs11_trusted;
-option (trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be
imported as trusted."
+option (trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be written
as trusted."
+
+#int pkcs11_private;
+option (private) { $pkcs11_private = 1; } "Marks the object to be written as
private (requires PIN)."
+option (no-private) { $pkcs11_private = 0; } "Marks the object to be written
as not private."
#int pkcs11_login;
option (login) { $pkcs11_login = 1; } "Force login to token"
@@ -86,4 +90,4 @@ init {
$action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL;
$privkey = NULL;
$pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL;
$pkcs11_label = NULL;
$pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url =
GNUTLS_PKCS11_URL_LIB;
- $secret_key = NULL; $cert = NULL; $incert_format = GNUTLS_X509_FMT_PEM;
}
+ $secret_key = NULL; $cert = NULL; $incert_format = GNUTLS_X509_FMT_PEM;
$pkcs11_private = -1; }
diff --git a/src/p11tool.h b/src/p11tool.h
index ec48c79..3682fb1 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -13,7 +13,7 @@ void pkcs11_export (FILE * outfile, const char *pkcs11_url,
void pkcs11_token_list (FILE * outfile, unsigned int detailed,
common_info_st *);
void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
- int trusted, unsigned int login, common_info_st *);
+ int trusted, int private, unsigned int login,
common_info_st *);
void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
unsigned int login, common_info_st *);
void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char *label,
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 2534106..8a74204 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -464,7 +464,8 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed,
}
void
-pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
+pkcs11_write (FILE * outfile, const char *url, const char *label,
+ int trusted, int private,
unsigned int login, common_info_st * info)
{
gnutls_x509_crt_t xcrt;
@@ -497,6 +498,11 @@ pkcs11_write (FILE * outfile, const char *url, const char
*label, int trusted,
}
}
+ if (private == 1)
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
+ else if (private == 0)
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
+
xcrt = load_cert (0, info);
if (xcrt != NULL)
{
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-106-g73ea673,
Nikos Mavrogiannopoulos <=