From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 24 Mar 2015 08:58:17 +0000 (+0100)
Subject: pkcs11: simplified export of objects
X-Git-Tag: gnutls_3_4_0~132
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a5a76922f6ededd0e2a2d0fd84dca9bd7f335161;p=thirdparty%2Fgnutls.git

pkcs11: simplified export of objects

That also allows to export public keys, even when a CKA_VALUE
with the public key is not present. For that we use the key
parameters, which we encode into a key. Issue reported by
Frank Leavis.
---

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 3c2c271173..bc149e1bde 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1081,12 +1081,7 @@ gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
 int
 gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj, gnutls_datum_t * out)
 {
-	if (obj == NULL || obj->raw.data == NULL) {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
-	return _gnutls_set_datum(out, obj->raw.data, obj->raw.size);
+	return gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_DER, out);
 }
 
 /**
@@ -1117,45 +1112,52 @@ gnutls_pkcs11_obj_export3(gnutls_pkcs11_obj_t obj,
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	if (fmt == GNUTLS_X509_FMT_DER)
-		return _gnutls_set_datum(out, obj->raw.data,
-					 obj->raw.size);
-	else if (fmt == GNUTLS_X509_FMT_PEM) {
-		switch (obj->type) {
-		case GNUTLS_PKCS11_OBJ_X509_CRT:
+
+	switch (obj->type) {
+	case GNUTLS_PKCS11_OBJ_X509_CRT:
+		if (fmt == GNUTLS_X509_FMT_PEM) {
 			return
 			    gnutls_pem_base64_encode_alloc(PEM_X509_CERT2,
 							   &obj->raw, out);
-		case GNUTLS_PKCS11_OBJ_PUBKEY:{
-				gnutls_pubkey_t pubkey;
-				/* more complex */
-				ret = gnutls_pubkey_init(&pubkey);
-				if (ret < 0)
-					return gnutls_assert_val(ret);
-
-				ret =
-				    gnutls_pubkey_import_pkcs11(pubkey,
-								obj, 0);
-				if (ret < 0) {
-					gnutls_assert();
-					goto pcleanup;
-				}
+		} else {
+			return _gnutls_set_datum(out, obj->raw.data,
+						 obj->raw.size);
+		}
+	case GNUTLS_PKCS11_OBJ_PUBKEY:{
+			/* that approach allows to return a public key even if
+			 * CKA_VALUE is not set */
+			gnutls_pubkey_t pubkey;
 
-				ret =
-				    gnutls_pubkey_export2(pubkey, fmt,
-							  out);
+			ret = gnutls_pubkey_init(&pubkey);
+			if (ret < 0)
+				return gnutls_assert_val(ret);
 
-			      pcleanup:
-				gnutls_pubkey_deinit(pubkey);
-				return ret;
+			ret =
+			    gnutls_pubkey_import_pkcs11(pubkey,
+							obj, 0);
+			if (ret < 0) {
+				gnutls_assert();
+				goto pcleanup;
 			}
-		default:
+
+			ret =
+			    gnutls_pubkey_export2(pubkey, fmt,
+						  out);
+
+		      pcleanup:
+			gnutls_pubkey_deinit(pubkey);
+			return ret;
+		}
+	default:
+		if (fmt == GNUTLS_X509_FMT_PEM) {
 			return gnutls_pem_base64_encode_alloc("DATA",
 							      &obj->raw,
 							      out);
+		} else {
+			return _gnutls_set_datum(out, obj->raw.data,
+						 obj->raw.size);
 		}
-	} else
-		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+	}
 }