From fc9ebe996fa60c1ad041a84619d5a3cc7ec8ccc9 Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Fri, 6 Nov 2015 10:43:49 +0100 Subject: [PATCH] YKCS11: remove some warnings. --- ykcs11/openssl_utils.c | 24 +++++++++---------- ykcs11/ykcs11.c | 54 +++++++++++++++++++++++++----------------- ykcs11/yubico_token.c | 2 -- 3 files changed, 44 insertions(+), 36 deletions(-) diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c index 9bd3883..353c29f 100644 --- a/ykcs11/openssl_utils.c +++ b/ykcs11/openssl_utils.c @@ -155,15 +155,15 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, } p = out; - if ((*out_len = i2d_X509(cert, &p)) == 0) + if ((*out_len = (CK_ULONG) i2d_X509(cert, &p)) == 0) goto create_empty_cert_cleanup; - /* TODO: REMOVE THIS */ - BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE); + /********************/ + /*BIO *STDout = BIO_new_fp(stderr, BIO_NOCLOSE); X509_print_ex(STDout, cert, 0, 0); - BIO_free(STDout); + BIO_free(STDout);*/ /********************/ rv = CKR_OK; @@ -227,9 +227,9 @@ CK_RV do_check_cert(CK_BYTE_PTR in, CK_ULONG_PTR cert_len) { len = 0; len += get_length(p + 1, &len) + 1; - *cert_len = len; + *cert_len = (CK_ULONG) len; - cert = d2i_X509(NULL, &p, *cert_len); + cert = d2i_X509(NULL, &p, (long) *cert_len); if (cert == NULL) return CKR_FUNCTION_FAILED; @@ -250,7 +250,7 @@ CK_RV do_get_raw_cert(X509 *cert, CK_BYTE_PTR out, CK_ULONG_PTR out_len) { return CKR_BUFFER_TOO_SMALL; p = out; - if ((*out_len = i2d_X509(cert, &p)) == 0) + if ((*out_len = (CK_ULONG) i2d_X509(cert, &p)) == 0) return CKR_FUNCTION_FAILED; return CKR_OK; @@ -308,7 +308,7 @@ CK_ULONG do_get_rsa_modulus_length(EVP_PKEY *key) { if (rsa == NULL) return 0; - key_len = RSA_size(rsa) * 8; // There is also RSA_bits but only in >= 1.1.0 + key_len = (CK_ULONG) (RSA_size(rsa) * 8); // There is also RSA_bits but only in >= 1.1.0 RSA_free(rsa); rsa = NULL; @@ -363,7 +363,7 @@ CK_RV do_get_public_key(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) { p = data; - if ((*len = i2d_RSAPublicKey(rsa, &p)) == 0) { + if ((*len = (CK_ULONG) i2d_RSAPublicKey(rsa, &p)) == 0) { RSA_free(rsa); rsa = NULL; return CKR_FUNCTION_FAILED; @@ -417,7 +417,7 @@ CK_RV do_encode_rsa_public_key(CK_BYTE_PTR data, CK_ULONG len, RSA **key) { if (data == NULL) return CKR_ARGUMENTS_BAD; - if ((*key = d2i_RSAPublicKey(NULL, &p, len)) == NULL) + if ((*key = d2i_RSAPublicKey(NULL, &p, (long) len)) == NULL) return CKR_FUNCTION_FAILED; return CKR_OK; @@ -435,7 +435,7 @@ CK_RV do_get_curve_parameters(EVP_PKEY *key, CK_BYTE_PTR data, CK_ULONG_PTR len) p = data; - if ((*len = i2d_ECPKParameters(ecg, &p)) == 0) { + if ((*len = (CK_ULONG) i2d_ECPKParameters(ecg, &p)) == 0) { EC_KEY_free(eck); eck = NULL; return CKR_FUNCTION_FAILED; @@ -519,7 +519,7 @@ CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid, return CKR_FUNCTION_FAILED; } - *out_len = RSA_size(key); + *out_len = (CK_ULONG) RSA_size(key); EVP_cleanup(); diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index 35b27ea..6900320 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -20,7 +20,7 @@ #define PIV_MGM_KEY_LEN 48 #define YKCS11_MAX_SLOTS 16 -#define YKCS11_MAX_SIG_BUF_LEN 1024 +//#define YKCS11_MAX_SIG_BUF_LEN 1024 #define YKCS11_SESSION_ID 5355104 @@ -49,10 +49,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)( CK_VOID_PTR pInitArgs ) { - DIN; CK_BYTE readers[2048]; CK_ULONG len = sizeof(readers); + DIN; + if (piv_state != NULL) return CKR_CRYPTOKI_ALREADY_INITIALIZED; @@ -82,9 +83,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_Finalize)( CK_VOID_PTR pReserved ) { - DIN; CK_ULONG i; + DIN; + if (pReserved != NULL_PTR) { DBG("Finalized called with pReserved != NULL"); return CKR_ARGUMENTS_BAD; @@ -111,8 +113,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)( CK_INFO_PTR pInfo ) { - DIN; CK_VERSION ver = {0, 0}; // TODO: set version number + + DIN; + pInfo->cryptokiVersion = function_list.version; memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID)); @@ -134,6 +138,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList)( ) { DIN; + if(ppFunctionList == NULL_PTR) { DBG("GetFunctionList called with ppFunctionList = NULL"); return CKR_ARGUMENTS_BAD; @@ -152,10 +157,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)( CK_ULONG_PTR pulCount ) { - DIN; CK_ULONG i; int j; + DIN; + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -286,10 +292,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)( CK_ULONG_PTR pulCount ) { - DIN; token_vendor_t token; CK_ULONG count; + DIN; + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -344,9 +351,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)( CK_MECHANISM_INFO_PTR pInfo ) { - DIN; token_vendor_t token; + DIN; + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -425,8 +433,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( CK_SESSION_HANDLE_PTR phSession ) { - DIN; // TODO: pApplication and Notify - token_vendor_t token; CK_RV rv; piv_obj_id_t *cert_ids; @@ -434,6 +440,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)( CK_BYTE cert_data[2100]; // Max cert value for ykpiv CK_ULONG cert_len = sizeof(cert_data); + DIN; // TODO: pApplication and Notify + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -615,9 +623,10 @@ CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)( CK_SLOT_ID slotID ) { - DIN; CK_RV rv; + DIN; + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -837,8 +846,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)( CK_OBJECT_HANDLE_PTR phObject ) { - DIN; - CK_ULONG i; CK_RV rv; CK_OBJECT_CLASS class; @@ -860,6 +867,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)( CK_ULONG pubk_id; piv_obj_id_t *obj_ptr; + DIN; if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); @@ -1036,8 +1044,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_DestroyObject)( CK_OBJECT_HANDLE hObject ) { - DIN; - CK_RV rv; token_vendor_t token; CK_ULONG i; @@ -1048,6 +1054,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_DestroyObject)( CK_ULONG pubk_id; piv_obj_id_t *obj_ptr; + DIN; + DBG("Deleting object %lu", hObject); if (piv_state == NULL) { @@ -1147,10 +1155,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)( CK_ULONG ulCount ) { - DIN; CK_ULONG i; CK_RV rv, rv_final; + DIN; + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -1204,12 +1213,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)( CK_ULONG ulCount ) { - DIN; CK_ULONG i; CK_ULONG j; CK_ULONG total; CK_BBOOL private; + DIN; if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); @@ -1585,8 +1594,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)( CK_OBJECT_HANDLE hKey ) { - DIN; - CK_KEY_TYPE type = 0; // TODO: replace these with sign_info's fields? + CK_KEY_TYPE type = 0; CK_ULONG key_len = 0; CK_BYTE buf[1024]; CK_ATTRIBUTE template[] = { @@ -1596,6 +1604,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)( {CKA_EC_POINT, buf, sizeof(buf)}, }; + DIN; + if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -1682,7 +1692,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)( // The buffer contains an uncompressed point of the form 04, len, 04, x, y // Where len is |x| + |y| + 1 bytes - op_info.op.sign.key_len = ((buf[1] - 1) / 2) * 8; + op_info.op.sign.key_len = (CK_ULONG) (((buf[1] - 1) / 2) * 8); if (op_info.op.sign.key_len == 256) op_info.op.sign.algo = YKPIV_ALGO_ECCP256; @@ -1727,11 +1737,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)( CK_ULONG_PTR pulSignatureLen ) { - DIN; - ykpiv_rc piv_rv; CK_RV rv; + DIN; + if (op_info.type != YKCS11_SIGN) { DBG("Signature operation not initialized"); rv = CKR_OPERATION_NOT_INITIALIZED; @@ -2062,7 +2072,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)( CK_OBJECT_HANDLE_PTR phPrivateKey ) { - DIN; CK_RV rv; token_vendor_t token; CK_ULONG i; @@ -2075,6 +2084,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)( CK_BYTE cert_data[2100]; CK_ULONG cert_len; + DIN; if (piv_state == NULL) { DBG("libykpiv is not initialized or already finalized"); diff --git a/ykcs11/yubico_token.c b/ykcs11/yubico_token.c index 4245ba7..25da01a 100644 --- a/ykcs11/yubico_token.c +++ b/ykcs11/yubico_token.c @@ -4,8 +4,6 @@ #include "debug.h" #include "objects.h" -#define YUBICO_MECHANISMS_NUM 5 - #define MIN_RSA_KEY_SIZE 1024 #define MAX_RSA_KEY_SIZE 2048 #define MIN_ECC_KEY_SIZE 256