diff --git a/ykcs11/debug.h b/ykcs11/debug.h index 5debc5d..1fbe740 100644 --- a/ykcs11/debug.h +++ b/ykcs11/debug.h @@ -1,8 +1,8 @@ #ifndef DEBUG_H #define DEBUG_H -#define YKCS11_DBG 0 // General debug, must be either 1 or 0 -#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0 +#define YKCS11_DBG 1 // General debug, must be either 1 or 0 +#define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0 #define D(x) do { \ printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \ diff --git a/ykcs11/token_vendors.h b/ykcs11/token_vendors.h index b143ca8..041e2a0 100644 --- a/ykcs11/token_vendors.h +++ b/ykcs11/token_vendors.h @@ -17,7 +17,7 @@ typedef CK_RV (*get_t_mechanism_list_f)(CK_MECHANISM_TYPE_PTR, CK_ULONG); typedef CK_RV (*get_t_mechanism_info_f)(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR); typedef CK_RV (*get_t_objects_num_f)(ykpiv_state *, CK_ULONG_PTR, CK_ULONG_PTR); typedef CK_RV (*get_t_object_list_f)(ykpiv_state *, piv_obj_id_t *, CK_ULONG); -typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG); +typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG_PTR); // Common token functions below typedef CK_RV (*t_generate_key_f)(ykpiv_state *, CK_BBOOL, CK_BYTE, CK_ULONG); diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index 5d359d7..e80f422 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -201,7 +201,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)( } if (slotID >= n_slots) { - DBG(("Invalid slot ID %lu, slotID")); + DBG(("Invalid slot ID %lu", slotID)); return CKR_SLOT_ID_INVALID; } @@ -227,7 +227,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( } if (slotID >= n_slots) { - DBG(("Invalid slot ID %lu, slotID")); + DBG(("Invalid slot ID %lu", slotID)); return CKR_SLOT_ID_INVALID; } @@ -353,7 +353,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)( } if (slotID >= n_slots) { - DBG(("Invalid slot ID %lu, slotID")); + DBG(("Invalid slot ID %lu", slotID)); return CKR_SLOT_ID_INVALID; } @@ -440,7 +440,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( } if (slotID >= n_slots) { - DBG(("Invalid slot ID %lu, slotID")); + DBG(("Invalid slot ID %lu", slotID)); return CKR_SLOT_ID_INVALID; } @@ -532,7 +532,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( // Get the actual certificate data from the token and store it as an X509 object for (i = 0; i < session.slot->token->n_certs; i++) { - rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below) + cert_len = sizeof(cert_data); + rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, &cert_len); if (rv != CKR_OK) { DBG(("Unable to get certificate data from token")); goto failure; @@ -1815,7 +1816,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)( // Write/Update the object cert_len = sizeof(cert_data); - rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above + rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, &cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above if (rv != CKR_OK) { DBG(("Unable to get certificate data from token")); return CKR_FUNCTION_FAILED; // TODO: although key generation succeeded at this point diff --git a/ykcs11/yubico_token.c b/ykcs11/yubico_token.c index 93671e0..5915780 100644 --- a/ykcs11/yubico_token.c +++ b/ykcs11/yubico_token.c @@ -298,9 +298,9 @@ CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULO return get_objects(state, CK_FALSE, obj, &num, NULL); } -CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG len) { +CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len) { - if (ykpiv_fetch_object(state, piv_2_ykpiv(obj), data, &len) != YKPIV_OK) + if (ykpiv_fetch_object(state, piv_2_ykpiv(obj), data, len) != YKPIV_OK) return CKR_FUNCTION_FAILED; return CKR_OK; diff --git a/ykcs11/yubico_token.h b/ykcs11/yubico_token.h index c39a7d3..09e57ea 100644 --- a/ykcs11/yubico_token.h +++ b/ykcs11/yubico_token.h @@ -16,6 +16,6 @@ CK_RV YUBICO_get_token_mechanism_list(CK_MECHANISM_TYPE_PTR mec, CK_ULONG num); CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_PTR info); CK_RV YUBICO_get_token_objects_num(ykpiv_state *state, CK_ULONG_PTR num, CK_ULONG_PTR num_certs); CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULONG num); -CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG len); +CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len); #endif