From c61d6c6f2303d9bc579fb33c8617628d8ed1244b Mon Sep 17 00:00:00 2001 From: Dave Pate Date: Mon, 6 May 2019 14:46:46 -0700 Subject: [PATCH] lib: warn, but don't fail on error reading serial number or version lib: fix Windows build with OpenSSL 1.1.1 ykcs11: fix size_t/unsigned long type mismatch on Windows x64 --- lib/internal.c | 5 ++++- lib/ykpiv.c | 14 +++++++++++++- ykcs11/ykcs11.c | 8 ++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/lib/internal.c b/lib/internal.c index 496d976..688cb76 100644 --- a/lib/internal.c +++ b/lib/internal.c @@ -1,6 +1,5 @@ #ifdef _WIN32 #include -#include #ifdef _MSC_VER #define strcasecmp _stricmp #endif @@ -24,6 +23,10 @@ #include #include +#ifdef _WIN32 +#include /* must be included after openssl headers */ +#endif + #include "internal.h" /* diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 700ccc3..67d8f79 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -305,7 +305,19 @@ ykpiv_rc _ykpiv_select_application(ykpiv_state *state) { * will result in another selection of the PIV applet. */ res = _ykpiv_get_version(state, NULL); - if (res == YKPIV_OK) res = _ykpiv_get_serial(state, NULL, false); + if (res != YKPIV_OK) { + if (state->verbose) { + fprintf(stderr, "Failed to retrieve version: '%s'\n", ykpiv_strerror(res)); + } + } + + res = _ykpiv_get_serial(state, NULL, false); + if (res != YKPIV_OK) { + if (state->verbose) { + fprintf(stderr, "Failed to retrieve serial number: '%s'\n", ykpiv_strerror(res)); + } + res = YKPIV_OK; + } return res; } diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index 3ce91a9..6bbdb1a 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -1842,6 +1842,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)( { ykpiv_rc piv_rv; CK_RV rv; + size_t cbSignatureLen = 0; DIN; @@ -1934,9 +1935,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)( dump_data(op_info.buf, op_info.buf_len, stderr, CK_TRUE, format_arg_hex); #endif - *pulSignatureLen = sizeof(op_info.buf); + *pulSignatureLen = cbSignatureLen = sizeof(op_info.buf); + + piv_rv = ykpiv_sign_data(piv_state, op_info.buf, op_info.buf_len, op_info.buf, &cbSignatureLen, op_info.op.sign.algo, op_info.op.sign.key_id); + + *pulSignatureLen = cbSignatureLen; - piv_rv = ykpiv_sign_data(piv_state, op_info.buf, op_info.buf_len, op_info.buf, pulSignatureLen, op_info.op.sign.algo, op_info.op.sign.key_id); if (piv_rv != YKPIV_OK) { if (piv_rv == YKPIV_AUTHENTICATION_ERROR) { DBG("Operation requires authentication or touch");