Use buffer length while storing cert.
This commit is contained in:
+2
-2
@@ -1,8 +1,8 @@
|
|||||||
#ifndef DEBUG_H
|
#ifndef DEBUG_H
|
||||||
#define DEBUG_H
|
#define DEBUG_H
|
||||||
|
|
||||||
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
#define YKCS11_DBG 1 // General debug, must be either 1 or 0
|
||||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
#define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0
|
||||||
|
|
||||||
#define D(x) do { \
|
#define D(x) do { \
|
||||||
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ typedef CK_RV (*get_t_mechanism_list_f)(CK_MECHANISM_TYPE_PTR, CK_ULONG);
|
|||||||
typedef CK_RV (*get_t_mechanism_info_f)(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR);
|
typedef CK_RV (*get_t_mechanism_info_f)(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR);
|
||||||
typedef CK_RV (*get_t_objects_num_f)(ykpiv_state *, CK_ULONG_PTR, CK_ULONG_PTR);
|
typedef CK_RV (*get_t_objects_num_f)(ykpiv_state *, CK_ULONG_PTR, CK_ULONG_PTR);
|
||||||
typedef CK_RV (*get_t_object_list_f)(ykpiv_state *, piv_obj_id_t *, CK_ULONG);
|
typedef CK_RV (*get_t_object_list_f)(ykpiv_state *, piv_obj_id_t *, CK_ULONG);
|
||||||
typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG);
|
typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG_PTR);
|
||||||
|
|
||||||
// Common token functions below
|
// Common token functions below
|
||||||
typedef CK_RV (*t_generate_key_f)(ykpiv_state *, CK_BBOOL, CK_BYTE, CK_ULONG);
|
typedef CK_RV (*t_generate_key_f)(ykpiv_state *, CK_BBOOL, CK_BYTE, CK_ULONG);
|
||||||
|
|||||||
+7
-6
@@ -201,7 +201,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (slotID >= n_slots) {
|
if (slotID >= n_slots) {
|
||||||
DBG(("Invalid slot ID %lu, slotID"));
|
DBG(("Invalid slot ID %lu", slotID));
|
||||||
return CKR_SLOT_ID_INVALID;
|
return CKR_SLOT_ID_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -227,7 +227,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (slotID >= n_slots) {
|
if (slotID >= n_slots) {
|
||||||
DBG(("Invalid slot ID %lu, slotID"));
|
DBG(("Invalid slot ID %lu", slotID));
|
||||||
return CKR_SLOT_ID_INVALID;
|
return CKR_SLOT_ID_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -353,7 +353,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (slotID >= n_slots) {
|
if (slotID >= n_slots) {
|
||||||
DBG(("Invalid slot ID %lu, slotID"));
|
DBG(("Invalid slot ID %lu", slotID));
|
||||||
return CKR_SLOT_ID_INVALID;
|
return CKR_SLOT_ID_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -440,7 +440,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (slotID >= n_slots) {
|
if (slotID >= n_slots) {
|
||||||
DBG(("Invalid slot ID %lu, slotID"));
|
DBG(("Invalid slot ID %lu", slotID));
|
||||||
return CKR_SLOT_ID_INVALID;
|
return CKR_SLOT_ID_INVALID;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -532,7 +532,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
|||||||
|
|
||||||
// Get the actual certificate data from the token and store it as an X509 object
|
// Get the actual certificate data from the token and store it as an X509 object
|
||||||
for (i = 0; i < session.slot->token->n_certs; i++) {
|
for (i = 0; i < session.slot->token->n_certs; i++) {
|
||||||
rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below)
|
cert_len = sizeof(cert_data);
|
||||||
|
rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, &cert_len);
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
DBG(("Unable to get certificate data from token"));
|
DBG(("Unable to get certificate data from token"));
|
||||||
goto failure;
|
goto failure;
|
||||||
@@ -1815,7 +1816,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
|||||||
|
|
||||||
// Write/Update the object
|
// Write/Update the object
|
||||||
cert_len = sizeof(cert_data);
|
cert_len = sizeof(cert_data);
|
||||||
rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above
|
rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, &cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
DBG(("Unable to get certificate data from token"));
|
DBG(("Unable to get certificate data from token"));
|
||||||
return CKR_FUNCTION_FAILED; // TODO: although key generation succeeded at this point
|
return CKR_FUNCTION_FAILED; // TODO: although key generation succeeded at this point
|
||||||
|
|||||||
@@ -298,9 +298,9 @@ CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULO
|
|||||||
return get_objects(state, CK_FALSE, obj, &num, NULL);
|
return get_objects(state, CK_FALSE, obj, &num, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG len) {
|
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
||||||
|
|
||||||
if (ykpiv_fetch_object(state, piv_2_ykpiv(obj), data, &len) != YKPIV_OK)
|
if (ykpiv_fetch_object(state, piv_2_ykpiv(obj), data, len) != YKPIV_OK)
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|||||||
@@ -16,6 +16,6 @@ CK_RV YUBICO_get_token_mechanism_list(CK_MECHANISM_TYPE_PTR mec, CK_ULONG num);
|
|||||||
CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_PTR info);
|
CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_PTR info);
|
||||||
CK_RV YUBICO_get_token_objects_num(ykpiv_state *state, CK_ULONG_PTR num, CK_ULONG_PTR num_certs);
|
CK_RV YUBICO_get_token_objects_num(ykpiv_state *state, CK_ULONG_PTR num, CK_ULONG_PTR num_certs);
|
||||||
CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULONG num);
|
CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULONG num);
|
||||||
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG len);
|
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user