Use buffer length while storing cert.
This commit is contained in:
+2
-2
@@ -1,8 +1,8 @@
|
||||
#ifndef DEBUG_H
|
||||
#define DEBUG_H
|
||||
|
||||
#define YKCS11_DBG 0 // General debug, must be either 1 or 0
|
||||
#define YKCS11_DINOUT 0 // Function in/out debug, must be either 1 or 0
|
||||
#define YKCS11_DBG 1 // General debug, must be either 1 or 0
|
||||
#define YKCS11_DINOUT 1 // Function in/out debug, must be either 1 or 0
|
||||
|
||||
#define D(x) do { \
|
||||
printf ("debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
||||
|
||||
@@ -17,7 +17,7 @@ typedef CK_RV (*get_t_mechanism_list_f)(CK_MECHANISM_TYPE_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_t_mechanism_info_f)(CK_MECHANISM_TYPE, CK_MECHANISM_INFO_PTR);
|
||||
typedef CK_RV (*get_t_objects_num_f)(ykpiv_state *, CK_ULONG_PTR, CK_ULONG_PTR);
|
||||
typedef CK_RV (*get_t_object_list_f)(ykpiv_state *, piv_obj_id_t *, CK_ULONG);
|
||||
typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG);
|
||||
typedef CK_RV (*get_t_raw_certificate_f)(ykpiv_state *, piv_obj_id_t, CK_BYTE_PTR, CK_ULONG_PTR);
|
||||
|
||||
// Common token functions below
|
||||
typedef CK_RV (*t_generate_key_f)(ykpiv_state *, CK_BBOOL, CK_BYTE, CK_ULONG);
|
||||
|
||||
+7
-6
@@ -201,7 +201,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(
|
||||
}
|
||||
|
||||
if (slotID >= n_slots) {
|
||||
DBG(("Invalid slot ID %lu, slotID"));
|
||||
DBG(("Invalid slot ID %lu", slotID));
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
}
|
||||
|
||||
@@ -227,7 +227,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(
|
||||
}
|
||||
|
||||
if (slotID >= n_slots) {
|
||||
DBG(("Invalid slot ID %lu, slotID"));
|
||||
DBG(("Invalid slot ID %lu", slotID));
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
}
|
||||
|
||||
@@ -353,7 +353,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(
|
||||
}
|
||||
|
||||
if (slotID >= n_slots) {
|
||||
DBG(("Invalid slot ID %lu, slotID"));
|
||||
DBG(("Invalid slot ID %lu", slotID));
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
}
|
||||
|
||||
@@ -440,7 +440,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
||||
}
|
||||
|
||||
if (slotID >= n_slots) {
|
||||
DBG(("Invalid slot ID %lu, slotID"));
|
||||
DBG(("Invalid slot ID %lu", slotID));
|
||||
return CKR_SLOT_ID_INVALID;
|
||||
}
|
||||
|
||||
@@ -532,7 +532,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(
|
||||
|
||||
// Get the actual certificate data from the token and store it as an X509 object
|
||||
for (i = 0; i < session.slot->token->n_certs; i++) {
|
||||
rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below)
|
||||
cert_len = sizeof(cert_data);
|
||||
rv = token.get_token_raw_certificate(piv_state, cert_ids[i], cert_data, &cert_len);
|
||||
if (rv != CKR_OK) {
|
||||
DBG(("Unable to get certificate data from token"));
|
||||
goto failure;
|
||||
@@ -1815,7 +1816,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(
|
||||
|
||||
// Write/Update the object
|
||||
cert_len = sizeof(cert_data);
|
||||
rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above
|
||||
rv = token.get_token_raw_certificate(piv_state, cert_id, cert_data, &cert_len); // TODO: double check len here (check inside, never changed but used below). One more time above
|
||||
if (rv != CKR_OK) {
|
||||
DBG(("Unable to get certificate data from token"));
|
||||
return CKR_FUNCTION_FAILED; // TODO: although key generation succeeded at this point
|
||||
|
||||
@@ -298,9 +298,9 @@ CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULO
|
||||
return get_objects(state, CK_FALSE, obj, &num, NULL);
|
||||
}
|
||||
|
||||
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG len) {
|
||||
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len) {
|
||||
|
||||
if (ykpiv_fetch_object(state, piv_2_ykpiv(obj), data, &len) != YKPIV_OK)
|
||||
if (ykpiv_fetch_object(state, piv_2_ykpiv(obj), data, len) != YKPIV_OK)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
return CKR_OK;
|
||||
|
||||
@@ -16,6 +16,6 @@ CK_RV YUBICO_get_token_mechanism_list(CK_MECHANISM_TYPE_PTR mec, CK_ULONG num);
|
||||
CK_RV YUBICO_get_token_mechanism_info(CK_MECHANISM_TYPE mec, CK_MECHANISM_INFO_PTR info);
|
||||
CK_RV YUBICO_get_token_objects_num(ykpiv_state *state, CK_ULONG_PTR num, CK_ULONG_PTR num_certs);
|
||||
CK_RV YUBICO_get_token_object_list(ykpiv_state *state, piv_obj_id_t *obj, CK_ULONG num);
|
||||
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG len);
|
||||
CK_RV YUBICO_get_token_raw_certificate(ykpiv_state *state, piv_obj_id_t obj, CK_BYTE_PTR data, CK_ULONG_PTR len);
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user