Debug interface to libhal. With these fixes, passes minimal DNSSEC

signer test.

1 files changed, 11 insertions, 10 deletions

diff --git a/pkcs11.c b/pkcs11.c
index a2e7dfc..cb80888 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1293,20 +1293,21 @@ static int p11_object_set_rsa_private_key(const CK_OBJECT_HANDLE object_handle,
 
   uint8_t wrapbuf[hal_aes_keywrap_ciphertext_length(hal_rsa_key_to_der_len(key))];
   const char *flavor = is_token_handle(object_handle) ? "token" : "session";
+  size_t der_len, wrapbuf_len = sizeof(wrapbuf);
   sqlite3_stmt *q = NULL;
-  size_t len;
   int ok = 0;
 
   if (!sql_check_ok(sql_prepare(&q, select_kek))                                ||
       !sql_check_row(sqlite3_step(q))                                           ||
       sqlite3_column_type(q, 0) == SQLITE_NULL                                  ||
-      !hal_check(hal_rsa_key_to_der(key, wrapbuf+8, &len, sizeof(wrapbuf)-8))   ||
+      !hal_check(hal_rsa_key_to_der(key, wrapbuf+8, &der_len,
+                                    sizeof(wrapbuf)-8))                         ||
       !hal_check(hal_aes_keywrap(sqlite3_column_blob(q, 0),
                                  sqlite3_column_bytes(q, 0),
-                                 wrapbuf+8, len, wrapbuf, &len))		||
+                                 wrapbuf+8, der_len, wrapbuf, &wrapbuf_len))	||
       !sql_check_ok(sql_finalize_and_clear(&q))                                 ||
       !sql_check_ok(sql_prepare(&q, update_format, flavor, flavor, flavor))     ||
-      !sql_check_ok(sqlite3_bind_blob( q, 1, wrapbuf, len, NULL))               ||
+      !sql_check_ok(sqlite3_bind_blob( q, 1, wrapbuf, wrapbuf_len, NULL))       ||
       !sql_check_ok(sqlite3_bind_int64(q, 2, object_handle))                    ||
       !sql_check_done(sqlite3_step(q)))
     goto fail;
@@ -1363,8 +1364,8 @@ static int p11_object_get_rsa_private_key(const CK_OBJECT_HANDLE object_handle,
     const uint8_t * const pkey = sqlite3_column_blob(q, 1);
     const size_t kek_len  = sqlite3_column_bytes(q, 0);
     const size_t pkey_len = sqlite3_column_bytes(q, 1);
-    uint8_t wrapbuf[sqlite3_column_bytes(q, 1)];
-    size_t  wrapbuf_len;
+    size_t  wrapbuf_len = pkey_len;
+    uint8_t wrapbuf[pkey_len];
 
     ok = (hal_check(hal_aes_keyunwrap(kek, kek_len, pkey, pkey_len, wrapbuf, &wrapbuf_len)) &&
           hal_check(hal_rsa_key_from_der(key, keybuf, keybuf_len, wrapbuf, wrapbuf_len)));
@@ -1906,7 +1907,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
                                           pMechanism)) == CK_INVALID_HANDLE			||
       !p11_attribute_get(public_handle, CKA_PUBLIC_EXPONENT,
                          public_exponent, &public_exponent_len, sizeof(public_exponent))	||
-      !hal_check(hal_rsa_key_gen(&key, keybuf, sizeof(keybuf), keysize,
+      !hal_check(hal_rsa_key_gen(&key, keybuf, sizeof(keybuf), keysize/8,
                                  public_exponent, public_exponent_len))        			||
       !p11_object_set_rsa_private_key(private_handle, key)                                      ||
       !hal_check(hal_rsa_key_get_modulus(key, modulus, &modulus_len, sizeof(modulus)))          ||
@@ -2576,9 +2577,9 @@ CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession,
     " DELETE FROM object WHERE object_handle = ?";
 
   static const char delete_token_object[] =
-    " WITH"
-    "   t AS (SELECT token_object_id FROM object WHERE object_handle = ?)"
-    " DELETE FROM token_object WHERE token_object_id = t";
+    " DELETE FROM token_object"
+    " WHERE token_object_id = (SELECT token_object_id FROM object WHERE object_handle = ?)";
+
 
   p11_session_t *session;
   sqlite3_stmt *q = NULL;