Minor cleanups.

This commit is contained in:
Alessio Di Mauro
2015-09-09 13:55:50 +02:00
parent d820c314c4
commit 22d8f4f9fe
4 changed files with 16 additions and 25 deletions
+1 -2
View File
@@ -186,7 +186,6 @@ static void asn1_encode_oid(CK_CHAR_PTR oid, CK_BYTE_PTR asn1_oid, CK_ULONG_PTR
p++; p++;
} }
l = 0;
if (*p == '.') { if (*p == '.') {
*p = 0; *p = 0;
l = (CK_ULONG) atoi((char *)q); l = (CK_ULONG) atoi((char *)q);
@@ -195,7 +194,7 @@ static void asn1_encode_oid(CK_CHAR_PTR oid, CK_BYTE_PTR asn1_oid, CK_ULONG_PTR
} }
else { else {
l = (CK_ULONG) atoi((char *)q); l = (CK_ULONG) atoi((char *)q);
q = p; // q = p;
} }
/* Digit is in l. */ /* Digit is in l. */
+13 -21
View File
@@ -9,11 +9,6 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
const unsigned char *p = data; // Mandatory temp variable required by OpenSSL const unsigned char *p = data; // Mandatory temp variable required by OpenSSL
int cert_len; int cert_len;
/**cert = X509_new();
if (*cert == NULL)
return CKR_HOST_MEMORY;*/
//dump_hex(data, len, stderr, CK_TRUE);
if (*p == 0x70) { if (*p == 0x70) {
// The certificate is in "PIV" format 0x70 len 0x30 len ... // The certificate is in "PIV" format 0x70 len 0x30 len ...
p++; p++;
@@ -25,23 +20,18 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
cert_len += get_length(p + 1, &cert_len) + 1; cert_len += get_length(p + 1, &cert_len) + 1;
} }
if ((CK_ULONG)cert_len > len)
return CKR_ARGUMENTS_BAD;
*cert = d2i_X509(NULL, &p, cert_len); *cert = d2i_X509(NULL, &p, cert_len);
if (*cert == NULL) if (*cert == NULL)
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
/*
BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE);
X509_print_ex(STDout, *cert, 0, 0);
BIO_free(STDout);
*/
return CKR_OK; return CKR_OK;
} }
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_ULONG key_len, CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
CK_BYTE_PTR out, CK_ULONG_PTR out_len) { CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
X509 *cert = NULL; X509 *cert = NULL;
@@ -53,7 +43,6 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_
EC_GROUP *ecg = NULL; EC_GROUP *ecg = NULL;
EC_POINT *ecp = NULL; EC_POINT *ecp = NULL;
ASN1_TIME *tm = NULL; ASN1_TIME *tm = NULL;
time_t t;
unsigned char *data_ptr; unsigned char *data_ptr;
unsigned char *p; unsigned char *p;
@@ -160,16 +149,16 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_
if (len < 0) if (len < 0)
goto create_empty_cert_cleanup; goto create_empty_cert_cleanup;
if (len > *out_len) { if ((CK_ULONG)len > *out_len) {
rv = CKR_BUFFER_TOO_SMALL; rv = CKR_BUFFER_TOO_SMALL;
goto create_empty_cert_cleanup; goto create_empty_cert_cleanup;
} }
p = in; p = out;
if ((*out_len = i2d_X509(cert, &p)) == 0) if ((*out_len = i2d_X509(cert, &p)) == 0)
goto create_empty_cert_cleanup; goto create_empty_cert_cleanup;
/* TODO REMOVE THIS */ /* TODO: REMOVE THIS */
BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE); BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE);
X509_print_ex(STDout, cert, 0, 0); X509_print_ex(STDout, cert, 0, 0);
@@ -320,7 +309,7 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
rsa = EVP_PKEY_get1_RSA(key); rsa = EVP_PKEY_get1_RSA(key);
if (RSA_size(rsa) > *len) { if ((CK_ULONG)RSA_size(rsa) > *len) {
RSA_free(rsa); RSA_free(rsa);
rsa = NULL; rsa = NULL;
return CKR_BUFFER_TOO_SMALL; return CKR_BUFFER_TOO_SMALL;
@@ -461,13 +450,16 @@ CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
// TODO: rand must be seeded first (should be automatic) // TODO: rand must be seeded first (should be automatic)
if (*out_len < RSA_size(key)) if (*out_len < (CK_ULONG)RSA_size(key))
CKR_BUFFER_TOO_SMALL; CKR_BUFFER_TOO_SMALL;
DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key))); DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key)));
if (out != in)
memcpy(out, in, in_len);
// In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD // In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD
if (RSA_padding_add_PKCS1_PSS(key, em, in, EVP_get_digestbynid(nid), -2) == 0) { if (RSA_padding_add_PKCS1_PSS(key, em, out, EVP_get_digestbynid(nid), -2) == 0) {
EVP_cleanup(); EVP_cleanup();
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
} }
+1 -1
View File
@@ -10,7 +10,7 @@
#include "pkcs11t.h" #include "pkcs11t.h"
CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert); CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert);
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_ULONG key_len, CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
CK_BYTE_PTR out, CK_ULONG_PTR out_len); CK_BYTE_PTR out, CK_ULONG_PTR out_len);
CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len); CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len);
CK_RV free_cert(X509 *cert); CK_RV free_cert(X509 *cert);
+1 -1
View File
@@ -58,7 +58,7 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, CK_BYTE
// Create a new empty certificate for the key // Create a new empty certificate for the key
recv_len = sizeof(data); recv_len = sizeof(data);
if ((rv = do_create_empty_cert(data, recv_len, rsa, key_len, data, &recv_len)) != CKR_OK) if ((rv = do_create_empty_cert(data, recv_len, rsa, data, &recv_len)) != CKR_OK)
return rv; return rv;
if (recv_len < 0x80) if (recv_len < 0x80)