[Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch

[John Magne]

Subject: [PATCH] Allow cert and key indexes > 9.

Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers

This patch contains the following:

1. Fixes in TPS to allow the server to set and read muscle object ID's that are greater than 9.

The id is stored as a single ASCII byte in the object id. Previous libcoolkey patches exist to now support numbers
larger than 9, by the following:

0-9 is represented by the ascii chars for 0 through 9,.
10 - 35 represented by the ascii chars for 'A' through 'Z'.
36 - 61 represented by the ascii chars for 'a' through 'z'.

Once coolkey is updated it will be able to read these id's.

TPS with this patch will be able to both read number 0 - 62 and to set them when creating pkcs#11 objects to be stored on the token.

When the proper libcoolkey is installed, the coolkey driver will be able to read certs and keys with id's > 9. Thus, for instance a cert with an id of C6, with keys of k12, and k13, will be supported and viewable in the Firefox cert viewer. Also the certs will be usable for operations.

2. A fix to the routine that finds a free id number to assign to a soon to be recovered cert will now have the ability to find unused slots instead of just inrementing one over the highest currently used index.

3. Made a couple of minor cleanup fixes to externalReg functionality discovered during testing of this feature.

Tested up to 7 certs on the token. Also did some re-tests of cfu's cert retention feature and those checked.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0062-Allow-cert-and-key-indexes-9.patch
Type: text/x-patch
Size: 45919 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160202/a238ab77/attachment.bin>