diff options
| author | Stef Walter <stef@thewalter.net> | 2014-09-10 09:01:20 +0200 |
|---|---|---|
| committer | Stef Walter <stef@thewalter.net> | 2014-09-10 09:01:20 +0200 |
| commit | 800f310dd3f2fcbf3852a42c67b5dd37e4ef4415 (patch) | |
| tree | 04b8f35a941a6c52297af7b01a35b9c458ea7993 | |
| parent | eccbcc298f59eb9518b07baf840930cec54c7655 (diff) | |
| download | p11-kit-800f310dd3f2fcbf3852a42c67b5dd37e4ef4415.tar.gz | |
trust: Use term 'attached extensions' instead of 'stapled'
The term 'stapled extensions' is confusing because it overloads
terminology used with OSCP stapling.
Suggested by Daniel Kahn Gillmor.
| -rw-r--r-- | trust/builder.c | 4 | ||||
| -rw-r--r-- | trust/enumerate.c | 48 | ||||
| -rw-r--r-- | trust/enumerate.h | 2 | ||||
| -rw-r--r-- | trust/extract-openssl.c | 8 | ||||
| -rw-r--r-- | trust/parser.c | 46 | ||||
| -rw-r--r-- | trust/test-builder.c | 30 | ||||
| -rw-r--r-- | trust/test-enumerate.c | 2 | ||||
| -rw-r--r-- | trust/test-parser.c | 4 |
8 files changed, 72 insertions, 72 deletions
diff --git a/trust/builder.c b/trust/builder.c index 5066dc6..4c62fac 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -130,7 +130,7 @@ lookup_extension (p11_builder *builder, if (public_key == NULL || public_key->type == CKA_INVALID) public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO); - /* Look for a stapled certificate extension */ + /* Look for an attached certificate extension */ if (public_key != NULL) { memcpy (match, public_key, sizeof (CK_ATTRIBUTE)); obj = p11_index_find (index, match, -1); @@ -592,7 +592,7 @@ calc_certificate_category (p11_builder *builder, /* * If there is no basic constraints extension, and the CA version is * v1, and is self-signed, then we assume this is a certificate authority. - * So we add a BasicConstraints stapled certificate extension + * So we add a BasicConstraints attached certificate extension */ is_ca = 1; diff --git a/trust/enumerate.c b/trust/enumerate.c index d469b5c..dd3da3a 100644 --- a/trust/enumerate.c +++ b/trust/enumerate.c @@ -51,10 +51,10 @@ #include <string.h> static bool -load_stapled_extension (p11_dict *stapled, - p11_dict *asn1_defs, - const unsigned char *der, - size_t len) +load_attached_extension (p11_dict *attached, + p11_dict *asn1_defs, + const unsigned char *der, + size_t len) { char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; node_asn *ext; @@ -66,7 +66,7 @@ load_stapled_extension (p11_dict *stapled, ext = p11_asn1_decode (asn1_defs, "PKIX1.Extension", der, len, message); if (ext == NULL) { - p11_message ("couldn't parse stapled certificate extension: %s", message); + p11_message ("couldn't parse attached certificate extension: %s", message); return false; } @@ -83,21 +83,21 @@ load_stapled_extension (p11_dict *stapled, oid = memdup (der + start, length); return_val_if_fail (oid != NULL, false); - if (!p11_dict_set (stapled, oid, ext)) + if (!p11_dict_set (attached, oid, ext)) return_val_if_reached (false); return true; } static p11_dict * -load_stapled_extensions (p11_enumerate *ex, - CK_ATTRIBUTE *spki) +load_attached_extensions (p11_enumerate *ex, + CK_ATTRIBUTE *spki) { CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION; CK_ATTRIBUTE *attrs; P11KitIter *iter; CK_RV rv = CKR_OK; - p11_dict *stapled; + p11_dict *attached; CK_ATTRIBUTE match[] = { { CKA_CLASS, &extension, sizeof (extension) }, @@ -108,12 +108,12 @@ load_stapled_extensions (p11_enumerate *ex, { CKA_VALUE, }, }; - stapled = p11_dict_new (p11_oid_hash, p11_oid_equal, + attached = p11_dict_new (p11_oid_hash, p11_oid_equal, free, p11_asn1_free); /* No ID to use, just short circuit */ if (!spki->pValue || !spki->ulValueLen) - return stapled; + return attached; iter = p11_kit_iter_new (NULL, 0); p11_kit_iter_add_filter (iter, match, 2); @@ -126,9 +126,9 @@ load_stapled_extensions (p11_enumerate *ex, attrs = p11_attrs_buildn (NULL, template, 1); rv = p11_kit_iter_load_attributes (iter, attrs, 1); if (rv == CKR_OK) { - if (!load_stapled_extension (stapled, ex->asn1_defs, - attrs[0].pValue, - attrs[0].ulValueLen)) { + if (!load_attached_extension (attached, ex->asn1_defs, + attrs[0].pValue, + attrs[0].ulValueLen)) { rv = CKR_GENERAL_ERROR; } } @@ -137,13 +137,13 @@ load_stapled_extensions (p11_enumerate *ex, } if (rv != CKR_OK && rv != CKR_CANCEL) { - p11_message ("couldn't load stapled extensions for certificate: %s", p11_kit_strerror (rv)); - p11_dict_free (stapled); - stapled = NULL; + p11_message ("couldn't load attached extensions for certificate: %s", p11_kit_strerror (rv)); + p11_dict_free (attached); + attached = NULL; } p11_kit_iter_free (iter); - return stapled; + return attached; } static bool @@ -153,8 +153,8 @@ extract_purposes (p11_enumerate *ex) unsigned char *value = NULL; size_t length; - if (ex->stapled) { - ext = p11_dict_get (ex->stapled, P11_OID_EXTENDED_KEY_USAGE); + if (ex->attached) { + ext = p11_dict_get (ex->attached, P11_OID_EXTENDED_KEY_USAGE); if (ext != NULL) { value = p11_asn1_read (ext, "extnValue", &length); return_val_if_fail (value != NULL, false); @@ -314,8 +314,8 @@ extract_info (p11_enumerate *ex) attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); if (attr) { - ex->stapled = load_stapled_extensions (ex, attr); - if (!ex->stapled) + ex->attached = load_attached_extensions (ex, attr); + if (!ex->attached) return false; } @@ -337,8 +337,8 @@ extract_clear (p11_enumerate *ex) ex->cert_der = NULL; ex->cert_len = 0; - p11_dict_free (ex->stapled); - ex->stapled = NULL; + p11_dict_free (ex->attached); + ex->attached = NULL; p11_array_free (ex->purposes); ex->purposes = NULL; diff --git a/trust/enumerate.h b/trust/enumerate.h index 8a18b06..411820a 100644 --- a/trust/enumerate.h +++ b/trust/enumerate.h @@ -80,7 +80,7 @@ typedef struct { size_t cert_len; /* DER OID -> CK_ATTRIBUTE list */ - p11_dict *stapled; + p11_dict *attached; /* Set of OID purposes as strings */ p11_array *purposes; diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c index 912c90d..d622d7a 100644 --- a/trust/extract-openssl.c +++ b/trust/extract-openssl.c @@ -110,8 +110,8 @@ load_usage_ext (p11_enumerate *ex, node_asn *ext = NULL; size_t length; - if (ex->stapled) - ext = p11_dict_get (ex->stapled, ext_oid); + if (ex->attached) + ext = p11_dict_get (ex->attached, ext_oid); if (ext == NULL) { *oids = NULL; return true; @@ -230,8 +230,8 @@ write_keyid (p11_enumerate *ex, size_t length = 0; int ret; - if (ex->stapled) - ext = p11_dict_get (ex->stapled, P11_OID_SUBJECT_KEY_IDENTIFIER); + if (ex->attached) + ext = p11_dict_get (ex->attached, P11_OID_SUBJECT_KEY_IDENTIFIER); if (ext != NULL) { value = p11_asn1_read (ext, "extnValue", &length); return_val_if_fail (value != NULL, false); diff --git a/trust/parser.c b/trust/parser.c index ff0f15f..7f523e9 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -251,13 +251,13 @@ extension_attrs (p11_parser *parser, } static CK_ATTRIBUTE * -stapled_attrs (p11_parser *parser, - CK_ATTRIBUTE *id, - CK_ATTRIBUTE *public_key_info, - const char *oid_str, - const unsigned char *oid_der, - bool critical, - node_asn *ext) +attached_attrs (p11_parser *parser, + CK_ATTRIBUTE *id, + CK_ATTRIBUTE *public_key_info, + const char *oid_str, + const unsigned char *oid_der, + bool critical, + node_asn *ext) { CK_ATTRIBUTE *attrs; unsigned char *der; @@ -302,13 +302,13 @@ load_seq_of_oid_str (node_asn *node, } static CK_ATTRIBUTE * -stapled_eku_attrs (p11_parser *parser, - CK_ATTRIBUTE *id, - CK_ATTRIBUTE *public_key_info, - const char *oid_str, - const unsigned char *oid_der, - bool critical, - p11_dict *oid_strs) +attached_eku_attrs (p11_parser *parser, + CK_ATTRIBUTE *id, + CK_ATTRIBUTE *public_key_info, + const char *oid_str, + const unsigned char *oid_der, + bool critical, + p11_dict *oid_strs) { CK_ATTRIBUTE *attrs; p11_dictiter iter; @@ -353,7 +353,7 @@ stapled_eku_attrs (p11_parser *parser, } - attrs = stapled_attrs (parser, id, public_key_info, oid_str, oid_der, critical, dest); + attrs = attached_attrs (parser, id, public_key_info, oid_str, oid_der, critical, dest); asn1_delete_structure (&dest); return attrs; @@ -416,10 +416,10 @@ build_openssl_extensions (p11_parser *parser, */ if (trust) { - attrs = stapled_eku_attrs (parser, id, public_key_info, - P11_OID_EXTENDED_KEY_USAGE_STR, - P11_OID_EXTENDED_KEY_USAGE, - true, trust); + attrs = attached_eku_attrs (parser, id, public_key_info, + P11_OID_EXTENDED_KEY_USAGE_STR, + P11_OID_EXTENDED_KEY_USAGE, + true, trust); return_val_if_fail (attrs != NULL, NULL); sink_object (parser, attrs); } @@ -433,10 +433,10 @@ build_openssl_extensions (p11_parser *parser, */ if (reject && p11_dict_size (reject) > 0) { - attrs = stapled_eku_attrs (parser, id, public_key_info, - P11_OID_OPENSSL_REJECT_STR, - P11_OID_OPENSSL_REJECT, - false, reject); + attrs = attached_eku_attrs (parser, id, public_key_info, + P11_OID_OPENSSL_REJECT_STR, + P11_OID_OPENSSL_REJECT, + false, reject); return_val_if_fail (attrs != NULL, NULL); sink_object (parser, attrs); } diff --git a/trust/test-builder.c b/trust/test-builder.c index 51d499c..bf1eed1 100644 --- a/trust/test-builder.c +++ b/trust/test-builder.c @@ -399,7 +399,7 @@ test_build_certificate_staple_ca (void) { CK_ULONG category = 2; /* CA */ - CK_ATTRIBUTE stapled[] = { + CK_ATTRIBUTE attached[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, @@ -423,10 +423,10 @@ test_build_certificate_staple_ca (void) CK_ATTRIBUTE *extra; CK_RV rv; - /* Adding the stapled extension *first*, and then the certificate */ + /* Adding the attached extension *first*, and then the certificate */ - /* Add a stapled certificate */ - rv = p11_index_add (test.index, stapled, 4, NULL); + /* Add a attached certificate */ + rv = p11_index_add (test.index, attached, 4, NULL); assert_num_eq (CKR_OK, rv); attrs = NULL; @@ -439,7 +439,7 @@ test_build_certificate_staple_ca (void) /* * Even though the certificate is not a valid CA, the presence of the - * stapled certificate extension transforms it into a CA. + * attached certificate extension transforms it into a CA. */ test_check_attrs (expected, attrs); p11_attrs_free (attrs); @@ -450,7 +450,7 @@ test_build_certificate_staple_ca_backwards (void) { CK_ULONG category = 2; /* CA */ - CK_ATTRIBUTE stapled[] = { + CK_ATTRIBUTE attached[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 }, @@ -474,18 +474,18 @@ test_build_certificate_staple_ca_backwards (void) CK_ATTRIBUTE *attrs; CK_OBJECT_HANDLE handle; - /* Adding the certificate *first*, and then the stapled extension */ + /* Adding the certificate *first*, and then the attached extension */ rv = p11_index_add (test.index, input, 4, &handle); assert_num_eq (CKR_OK, rv); - /* Add a stapled certificate */ - rv = p11_index_add (test.index, stapled, 4, NULL); + /* Add a attached certificate */ + rv = p11_index_add (test.index, attached, 4, NULL); assert_num_eq (CKR_OK, rv); /* * Even though the certificate is not a valid CA, the presence of the - * stapled certificate extension transforms it into a CA. + * attached certificate extension transforms it into a CA. */ attrs = p11_index_lookup (test.index, handle); test_check_attrs (expected, attrs); @@ -2074,7 +2074,7 @@ test_changed_staple_ca (void) { CK_ULONG category = 0; - CK_ATTRIBUTE stapled[] = { + CK_ATTRIBUTE attached[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) }, { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 }, @@ -2108,8 +2108,8 @@ test_changed_staple_ca (void) category = 0; assert (p11_index_find (test.index, match, -1) == 0); - /* Add a stapled basic constraint */ - rv = p11_index_add (test.index, stapled, 4, NULL); + /* Add a attached basic constraint */ + rv = p11_index_add (test.index, attached, 4, NULL); assert_num_eq (CKR_OK, rv); /* Now should be a CA */ @@ -2122,7 +2122,7 @@ test_changed_staple_ca (void) static void test_changed_staple_ku (void) { - CK_ATTRIBUTE stapled_ds_and_np[] = { + CK_ATTRIBUTE attached_ds_and_np[] = { { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) }, { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) }, { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 }, @@ -2168,7 +2168,7 @@ test_changed_staple_ku (void) p11_index_load (test.index); rv = p11_index_take (test.index, p11_attrs_dup (input), NULL); assert_num_eq (CKR_OK, rv); - rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL); + rv = p11_index_take (test.index, p11_attrs_dup (attached_ds_and_np), NULL); assert_num_eq (CKR_OK, rv); p11_index_finish (test.index); diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c index 930b645..424437e 100644 --- a/trust/test-enumerate.c +++ b/trust/test-enumerate.c @@ -278,7 +278,7 @@ test_info_limit_purposes (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client); - /* This should not match the above, with the stapled certificat ext */ + /* This should not match the above, with the attached certificat ext */ assert_ptr_eq (NULL, test.ex.limit_to_purposes); p11_enumerate_opt_purpose (&test.ex, "1.1.1"); assert_ptr_not_null (test.ex.limit_to_purposes); diff --git a/trust/test-parser.c b/trust/test-parser.c index be5e496..201ed81 100644 --- a/trust/test-parser.c +++ b/trust/test-parser.c @@ -233,7 +233,7 @@ test_parse_openssl_trusted (void) /* * Should have gotten: * - 1 certificate - * - 2 stapled extensions + * - 2 attached extensions */ assert_num_eq (3, test.parsed->num); @@ -317,7 +317,7 @@ test_parse_openssl_distrusted (void) /* * Should have gotten: * - 1 certificate - * - 2 stapled extensions + * - 2 attached extensions */ assert_num_eq (3, test.parsed->num); cert = parsed_attrs (certificate_match, -1); |