diff --git a/ykcs11/objects.c b/ykcs11/objects.c index 9ca92c9..cef92f6 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -918,7 +918,7 @@ CK_RV store_cert(piv_obj_id_t cert_id, CK_BYTE_PTR data, CK_ULONG len) { } CK_RV check_create_cert(CK_ATTRIBUTE_PTR templ, CK_ULONG n, - CK_BYTE_PTR id,CK_BYTE_PTR *value, CK_ULONG_PTR cert_len) { + CK_BYTE_PTR id, CK_BYTE_PTR *value, CK_ULONG_PTR cert_len) { CK_ULONG i; CK_BBOOL has_id = CK_FALSE; @@ -1083,7 +1083,6 @@ CK_RV check_create_rsa_key(CK_ATTRIBUTE_PTR templ, CK_ULONG n, CK_BYTE_PTR id, case CKA_PUBLIC_EXPONENT: has_e = CK_TRUE; - if (templ[i].ulValueLen != 3 || memcmp((CK_BYTE_PTR)templ[i].pValue, F4, 3) != 0) return CKR_ATTRIBUTE_VALUE_INVALID; break; @@ -1146,7 +1145,7 @@ CK_RV check_create_rsa_key(CK_ATTRIBUTE_PTR templ, CK_ULONG n, CK_BYTE_PTR id, has_qinv == CK_FALSE) return CKR_TEMPLATE_INCOMPLETE; - if (p_len != 64 || p_len != 128) + if (p_len != 64 && p_len != 128) return CKR_ATTRIBUTE_VALUE_INVALID; *value_len = p_len; diff --git a/ykcs11/token_vendors.c b/ykcs11/token_vendors.c index 30b9883..d634f5f 100644 --- a/ykcs11/token_vendors.c +++ b/ykcs11/token_vendors.c @@ -133,7 +133,7 @@ CK_RV COMMON_token_import_private_key(ykpiv_state *state, CK_BYTE key_id, CK_BYT unsigned long recv_len = sizeof(data); int sw; - if (elem_len == 128) + if (elem_len == 128) // TODO: add a flag to check algo type ? templ[2] = YKPIV_ALGO_RSA2048; else if (elem_len == 64) templ[2] = YKPIV_ALGO_RSA1024;