From 5c7b7bb0b1baea28020a55af95710371d571865c Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Wed, 31 Oct 2018 12:59:00 +0100 Subject: [PATCH 1/4] fixed minor XCode documentation warnings --- src/common/simclist.h | 2 +- src/libopensc/internal.h | 2 +- src/libopensc/log.h | 2 +- src/libopensc/opensc.h | 10 +++++----- src/libopensc/sm.h | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/common/simclist.h b/src/common/simclist.h index b6ef9f9d..1b8782bb 100644 --- a/src/common/simclist.h +++ b/src/common/simclist.h @@ -163,7 +163,7 @@ typedef list_hash_t (*element_hash_computer)(const void *el); * @param serialize_buffer reference to fill with the length of the buffer * @return reference to the buffer with the serialized data */ -typedef void *(*element_serializer)(const void *simclist_restrict el, uint32_t *simclist_restrict serializ_len); +typedef void *(*element_serializer)(const void *simclist_restrict el, uint32_t *simclist_restrict serialize_buffer); /** * a function for un-serializing an element. diff --git a/src/libopensc/internal.h b/src/libopensc/internal.h index 08d590f2..dd079aac 100644 --- a/src/libopensc/internal.h +++ b/src/libopensc/internal.h @@ -155,7 +155,7 @@ int sc_pkcs1_strip_digest_info_prefix(unsigned int *algorithm, * @param inlen IN length of the input * @param out OUT output buffer (in == out is allowed) * @param outlen OUT length of the output buffer - * @param modlen IN length of the modulus in bytes + * @param mod_bits IN length of the modulus in bits * @return SC_SUCCESS on success and an error code otherwise */ int sc_pkcs1_encode(sc_context_t *ctx, unsigned long flags, diff --git a/src/libopensc/log.h b/src/libopensc/log.h index a91d8646..ef98a076 100644 --- a/src/libopensc/log.h +++ b/src/libopensc/log.h @@ -93,7 +93,7 @@ void _sc_log(struct sc_context *ctx, const char *format, ...); * @brief Log binary data * * @param[in] ctx Context for logging - * @param[in] type Debug level + * @param[in] level Debug level * @param[in] file File name to be prepended * @param[in] line Line to be prepended * @param[in] func Function to be prepended diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h index 0abbf6a9..18489a8a 100644 --- a/src/libopensc/opensc.h +++ b/src/libopensc/opensc.h @@ -767,7 +767,7 @@ typedef struct sc_context { * @param apdu sc_apdu_t object of the APDU to be send * @return SC_SUCCESS on success and an error code otherwise */ -int sc_transmit_apdu(struct sc_card *, struct sc_apdu *); +int sc_transmit_apdu(struct sc_card *card, struct sc_apdu *apdu); void sc_format_apdu(struct sc_card *, struct sc_apdu *, int, int, int, int); @@ -1040,7 +1040,7 @@ size_t sc_get_max_recv_size(const sc_card_t *card); * Takes card limitations into account such as extended length support as well * as the reader's limitation for data transfer. * - * @param card + * @param card card * * @return maximum Nc */ @@ -1449,7 +1449,7 @@ extern sc_card_driver_t *sc_get_iso7816_driver(void); /** * @brief Read a complete EF by short file identifier. * - * @param[in] card + * @param[in] card card * @param[in] sfid Short file identifier * @param[in,out] ef Where to safe the file. the buffer will be allocated * using \c realloc() and should be set to NULL, if @@ -1464,7 +1464,7 @@ int iso7816_read_binary_sfid(sc_card_t *card, unsigned char sfid, /** * @brief Write a complete EF by short file identifier. * - * @param[in] card + * @param[in] card card * @param[in] sfid Short file identifier * @param[in] ef Date to write * @param[in] ef_len Length of \a ef @@ -1477,7 +1477,7 @@ int iso7816_write_binary_sfid(sc_card_t *card, unsigned char sfid, /** * @brief Set verification status of a specific PIN to “not verified” * - * @param[in] card + * @param[in] card card * @param[in] pin_reference PIN reference written to P2 * * @note The appropriate directory must be selected before calling this function. diff --git a/src/libopensc/sm.h b/src/libopensc/sm.h index 7e4250c6..b3b1ae48 100644 --- a/src/libopensc/sm.h +++ b/src/libopensc/sm.h @@ -362,7 +362,7 @@ int sc_sm_single_transmit(struct sc_card *, struct sc_apdu *); * Calls \a card->sm_ctx.ops.close() if available and \c card->sm_ctx.sm_mode * is \c SM_MODE_TRANSMIT * - * @param[in] card + * @param[in] card card * * @return \c SC_SUCCESS or error code if an error occurred */ From 54cb1099a0df41ddd1c858929342067c599628ba Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Wed, 31 Oct 2018 13:10:12 +0100 Subject: [PATCH 2/4] fixed warnings about precision loss --- src/pkcs11/framework-pkcs15.c | 96 +++++++++++++++++-------------- src/pkcs11/framework-pkcs15init.c | 5 +- src/pkcs11/mechanism.c | 83 +++++++++++++------------- src/pkcs11/misc.c | 2 +- src/pkcs11/openssl.c | 24 ++++---- src/pkcs11/pkcs11-object.c | 23 ++++---- src/pkcs11/pkcs11-session.c | 2 +- src/pkcs11/pkcs11-spy.c | 2 +- src/pkcs11/sc-pkcs11.h | 12 ++-- src/pkcs11/slot.c | 5 +- 10 files changed, 133 insertions(+), 121 deletions(-) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 85e12df6..0fcb1576 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -424,10 +424,13 @@ pkcs15_init_token_info(struct sc_pkcs15_card *p15card, CK_TOKEN_INFO_PTR pToken) * will assure that the serial within each type of card will be * unique in pkcs11 (at least for the first 8^16 cards :-) */ if (p15card->tokeninfo->serial_number != NULL) { - int sn_start = strlen(p15card->tokeninfo->serial_number) - 16; + size_t sn_start = strlen(p15card->tokeninfo->serial_number); - if (sn_start < 0) + if (sn_start <= 16) sn_start = 0; + else + sn_start -= 16; + strcpy_bp(pToken->serialNumber, p15card->tokeninfo->serial_number + sn_start, 16); } @@ -450,7 +453,7 @@ static char * set_cka_label(CK_ATTRIBUTE_PTR attr, char *label) { char *l = (char *)attr->pValue; - int len = attr->ulValueLen; + unsigned long len = attr->ulValueLen; if (len >= SC_PKCS15_MAX_LABEL_SIZE) len = SC_PKCS15_MAX_LABEL_SIZE-1; @@ -1122,7 +1125,7 @@ pkcs15_create_slot(struct sc_pkcs11_card *p11card, struct pkcs15_fw_data *fw_dat struct sc_pkcs11_slot **out) { struct sc_pkcs11_slot *slot = NULL; - int rv; + CK_RV rv; sc_log(context, "Create slot (p11card %p, fw_data %p, auth %p, app_info %p)", p11card, fw_data, auth, app_info); rv = slot_allocate(&slot, p11card); @@ -1401,7 +1404,8 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf struct sc_pkcs15_object *auth_user_pin = NULL, *auth_sign_pin = NULL; struct sc_pkcs11_slot *slot = NULL, *sign_slot = NULL; unsigned int cs_flags = sc_pkcs11_conf.create_slots_flags; - int i, rv, idx; + CK_RV rv; + int rc, i, idx; sc_log(context, "create PKCS#15 tokens; fws:%p,%p,%p", p11card->fws_data[0], p11card->fws_data[1], p11card->fws_data[2]); sc_log(context, "create slots flags 0x%X", cs_flags); @@ -1422,9 +1426,9 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf sc_log(context, "Flags:0x%X; Auth User/Sign PINs %p/%p", cs_flags, auth_user_pin, auth_sign_pin); /* Add PKCS#15 objects of the known types to the framework data */ - rv = _pkcs15_create_typed_objects(fw_data); - if (rv < 0) - return sc_to_cryptoki_error(rv, NULL); + rc = _pkcs15_create_typed_objects(fw_data); + if (rc < 0) + return sc_to_cryptoki_error(rc, NULL); sc_log(context, "Found %d FW objects objects", fw_data->num_objects); /* Create slots for all non-unblock, non-so PINs if: @@ -1437,10 +1441,10 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf memset(auths, 0, sizeof(auths)); /* Get authentication PKCS#15 objects present in the associated on-card application */ - rv = sc_pkcs15_get_objects(fw_data->p15_card, SC_PKCS15_TYPE_AUTH_PIN, auths, SC_PKCS15_MAX_PINS); - if (rv < 0) - return sc_to_cryptoki_error(rv, NULL); - auth_count = rv; + rc = sc_pkcs15_get_objects(fw_data->p15_card, SC_PKCS15_TYPE_AUTH_PIN, auths, SC_PKCS15_MAX_PINS); + if (rc < 0) + return sc_to_cryptoki_error(rc, NULL); + auth_count = rc; sc_log(context, "Found %d authentication objects", auth_count); for (i = 0; i < auth_count; i++) { @@ -1556,7 +1560,7 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, if (sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) { if (ulPinLen && ulPinLen < sizeof(fw_data->user_puk)) { memcpy(fw_data->user_puk, pPin, ulPinLen); - fw_data->user_puk_len = ulPinLen; + fw_data->user_puk_len = (unsigned int) ulPinLen; } } @@ -2054,7 +2058,8 @@ pkcs15_create_private_key(struct sc_pkcs11_slot *slot, struct sc_profile *profil CK_KEY_TYPE key_type; struct sc_pkcs15_prkey_rsa *rsa = NULL; struct sc_pkcs15_prkey_gostr3410 *gost = NULL; - int rc, rv; + int rc; + CK_RV rv; char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -2207,7 +2212,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile struct sc_pkcs15_skey_info *skey_info; CK_KEY_TYPE key_type; CK_BBOOL _token = FALSE; - int rv; + CK_RV rv; char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -2309,7 +2314,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile goto out; } key_obj->data = skey_info; - skey_info->usage = args.usage; + skey_info->usage = (unsigned int) args.usage; skey_info->native = 0; /* card can not use this */ skey_info->access_flags = 0; /* looks like not needed */ skey_info->key_type = key_type; /* PKCS#11 CKK_* */ @@ -2358,7 +2363,8 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile struct sc_pkcs15_auth_info *pin = NULL; CK_KEY_TYPE key_type; struct sc_pkcs15_pubkey_rsa *rsa = NULL; - int rc, rv; + int rc; + CK_RV rv; char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -2463,7 +2469,8 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *cert_obj = NULL; CK_CERTIFICATE_TYPE cert_type; CK_BBOOL bValue; - int rc, rv; + int rc; + CK_RV rv; char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -2544,7 +2551,8 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct sc_profile *profile, struct sc_pkcs15_object *data_obj = NULL; struct sc_pkcs15_auth_info *pin = NULL; CK_BBOOL bValue; - int rc, rv; + int rc; + CK_RV rv; char label[SC_PKCS15_MAX_LABEL_SIZE]; memset(&args, 0, sizeof(args)); @@ -2624,7 +2632,8 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK struct sc_profile *profile = NULL; CK_OBJECT_CLASS _class; CK_BBOOL _token = FALSE; - int rv, rc; + CK_RV rv; + int rc; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) @@ -2875,7 +2884,8 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism, CK_ULONG keybits = 0; char pub_label[SC_PKCS15_MAX_LABEL_SIZE]; char priv_label[SC_PKCS15_MAX_LABEL_SIZE]; - int rc, rv = CKR_OK; + int rc; + CK_RV rv = CKR_OK; sc_log(context, "Keypair generation, mech = 0x%0lx", pMechanism->mechanism); @@ -2996,7 +3006,7 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism, sc_pkcs15init_set_p15card(profile, fw_data->p15_card); sc_log(context, "Try on-card key pair generation"); - rc = sc_pkcs15init_generate_key(fw_data->p15_card, profile, &keygen_args, keybits, &priv_key_obj); + rc = sc_pkcs15init_generate_key(fw_data->p15_card, profile, &keygen_args, (unsigned int) keybits, &priv_key_obj); if (rc >= 0) { id = ((struct sc_pkcs15_prkey_info *) priv_key_obj->data)->id; rc = sc_pkcs15_find_pubkey_by_id(fw_data->p15_card, &id, &pub_key_obj); @@ -3245,7 +3255,7 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1 switch(attr->type) { case CKA_LABEL: rv = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object, - P15_ATTR_TYPE_LABEL, attr->pValue, attr->ulValueLen); + P15_ATTR_TYPE_LABEL, attr->pValue, (unsigned int) attr->ulValueLen); break; case CKA_ID: if (attr->ulValueLen > SC_PKCS15_MAX_ID_SIZE) { @@ -3266,7 +3276,7 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1 goto set_attr_done; } rv = sc_pkcs15init_change_attrib(fw_data->p15_card, profile, p15_object, - P15_ATTR_TYPE_VALUE, attr->pValue, attr->ulValueLen); + P15_ATTR_TYPE_VALUE, attr->pValue, (unsigned int) attr->ulValueLen); break; default: ck_rv = CKR_ATTRIBUTE_READ_ONLY; @@ -3407,7 +3417,7 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT #define ASN1_SET_TAG (SC_ASN1_SET | SC_ASN1_TAG_CONSTRUCTED) #define ASN1_SEQ_TAG (SC_ASN1_SEQUENCE | SC_ASN1_TAG_CONSTRUCTED) -static int +static CK_RV pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session, void *object, CK_ATTRIBUTE_PTR attr) { @@ -3751,7 +3761,8 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj, struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj; struct sc_pkcs11_card *p11card = session->slot->p11card; struct pkcs15_fw_data *fw_data = NULL; - int rv, flags = 0, prkey_has_path = 0; + CK_RV rv; + int flags = 0, prkey_has_path = 0, rc; unsigned sign_flags = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; @@ -3876,16 +3887,16 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj, return CKR_MECHANISM_INVALID; } - rv = sc_lock(p11card->card); - if (rv < 0) - return sc_to_cryptoki_error(rv, "C_Sign"); + rc = sc_lock(p11card->card); + if (rc < 0) + return sc_to_cryptoki_error(rc, "C_Sign"); sc_log(context, "Selected flags %X. Now computing signature for %lu bytes. %lu bytes reserved.", flags, ulDataLen, *pulDataLen); - rv = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags, + rc = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags, pData, ulDataLen, pSignature, *pulDataLen); - if (rv < 0 && !sc_pkcs11_conf.lock_login && !prkey_has_path) { + if (rc < 0 && !sc_pkcs11_conf.lock_login && !prkey_has_path) { /* If private key PKCS#15 object do not have 'path' attribute, * and if PKCS#11 login session is not locked, * the compute signature could fail because of concurrent access to the card @@ -3893,20 +3904,20 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj, * In this particular case try to 'reselect' application DF. */ if (reselect_app_df(fw_data->p15_card) == SC_SUCCESS) - rv = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags, + rc = sc_pkcs15_compute_signature(fw_data->p15_card, prkey->prv_p15obj, flags, pData, ulDataLen, pSignature, *pulDataLen); } sc_unlock(p11card->card); - sc_log(context, "Sign complete. Result %d.", rv); + sc_log(context, "Sign complete. Result %d.", rc); - if (rv > 0) { - *pulDataLen = rv; + if (rc > 0) { + *pulDataLen = rc; return CKR_OK; } - return sc_to_cryptoki_error(rv, "C_Sign"); + return sc_to_cryptoki_error(rc, "C_Sign"); } @@ -4447,7 +4458,7 @@ pkcs15_dobj_set_attribute(struct sc_pkcs11_session *session, } -static int +static CK_RV pkcs15_dobj_get_value(struct sc_pkcs11_session *session, struct pkcs15_data_object *dobj, struct sc_pkcs15_data **out_data) @@ -4930,12 +4941,12 @@ get_usage_bit(unsigned int usage, CK_ATTRIBUTE_PTR attr) } -static int +static CK_RV register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags) { CK_MECHANISM_INFO mech_info; sc_pkcs11_mechanism_type_t *mt; - int rc; + CK_RV rc; mech_info.flags = CKF_HW | CKF_SIGN | CKF_DECRYPT; #ifdef ENABLE_OPENSSL @@ -4978,13 +4989,13 @@ register_gost_mechanisms(struct sc_pkcs11_card *p11card, int flags) } -static int register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags, +static CK_RV register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags, unsigned long ext_flags, CK_ULONG min_key_size, CK_ULONG max_key_size) { CK_MECHANISM_INFO mech_info; sc_pkcs11_mechanism_type_t *mt; CK_FLAGS ec_flags = 0; - int rc; + CK_RV rc; if (ext_flags & SC_ALGORITHM_EXT_EC_F_P) ec_flags |= CKF_EC_F_P; @@ -5074,7 +5085,8 @@ register_mechanisms(struct sc_pkcs11_card *p11card) unsigned long ec_ext_flags; sc_pkcs11_mechanism_type_t *mt; unsigned int num; - int rc, rsa_flags = 0, ec_flags = 0, gostr_flags = 0; + int rsa_flags = 0, ec_flags = 0, gostr_flags = 0; + CK_RV rc; /* Register generic mechanisms */ sc_pkcs11_register_generic_mechanisms(p11card); diff --git a/src/pkcs11/framework-pkcs15init.c b/src/pkcs11/framework-pkcs15init.c index e3038cff..2f352c25 100644 --- a/src/pkcs11/framework-pkcs15init.c +++ b/src/pkcs11/framework-pkcs15init.c @@ -57,7 +57,7 @@ pkcs15init_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app { struct sc_profile *profile; struct sc_pkcs11_slot *slot; - int rc; + CK_RV rc; profile = (struct sc_profile *) p11card->fws_data[0]; @@ -130,7 +130,8 @@ pkcs15init_initialize(struct sc_pkcs11_slot *pslot, void *ptr, struct sc_profile *profile = (struct sc_profile *) p11card->fws_data[0]; struct sc_pkcs15init_initargs args; struct sc_pkcs11_slot *slot; - int rc, rv, id; + CK_RV rv; + int rc, id; memset(&args, 0, sizeof(args)); args.so_pin = pPin; diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c index d4ce7fef..cf81826d 100644 --- a/src/pkcs11/mechanism.c +++ b/src/pkcs11/mechanism.c @@ -40,7 +40,7 @@ struct signature_data { struct hash_signature_info *info; sc_pkcs11_operation_t * md; CK_BYTE buffer[4096/8]; - unsigned int buffer_len; + unsigned int buffer_len; }; /* @@ -95,7 +95,7 @@ sc_pkcs11_get_mechanism_list(struct sc_pkcs11_card *p11card, { sc_pkcs11_mechanism_type_t *mt; unsigned int n, count = 0; - int rv; + CK_RV rv; if (!p11card) return CKR_TOKEN_NOT_PRESENT; @@ -166,7 +166,7 @@ sc_pkcs11_md_init(struct sc_pkcs11_session *session, struct sc_pkcs11_card *p11card; sc_pkcs11_operation_t *operation; sc_pkcs11_mechanism_type_t *mt; - int rv; + CK_RV rv; LOG_FUNC_CALLED(context); if (!session || !session->slot || !(p11card = session->slot->p11card)) @@ -179,7 +179,7 @@ sc_pkcs11_md_init(struct sc_pkcs11_session *session, rv = session_start_operation(session, SC_PKCS11_OPERATION_DIGEST, mt, &operation); if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM)); @@ -188,7 +188,7 @@ sc_pkcs11_md_init(struct sc_pkcs11_session *session, if (rv != CKR_OK) session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } CK_RV @@ -196,7 +196,7 @@ sc_pkcs11_md_update(struct sc_pkcs11_session *session, CK_BYTE_PTR pData, CK_ULONG ulDataLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op); if (rv != CKR_OK) @@ -208,7 +208,7 @@ done: if (rv != CKR_OK) session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } CK_RV @@ -220,7 +220,7 @@ sc_pkcs11_md_final(struct sc_pkcs11_session *session, rv = session_get_operation(session, SC_PKCS11_OPERATION_DIGEST, &op); if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); /* This is a request for the digest length */ if (pData == NULL) @@ -231,7 +231,7 @@ sc_pkcs11_md_final(struct sc_pkcs11_session *session, LOG_FUNC_RETURN(context, pData == NULL ? CKR_OK : CKR_BUFFER_TOO_SMALL); session_stop_operation(session, SC_PKCS11_OPERATION_DIGEST); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } /* @@ -245,7 +245,7 @@ sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechani struct sc_pkcs11_card *p11card; sc_pkcs11_operation_t *operation; sc_pkcs11_mechanism_type_t *mt; - int rv; + CK_RV rv; LOG_FUNC_CALLED(context); if (!session || !session->slot || !(p11card = session->slot->p11card)) @@ -268,7 +268,7 @@ sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechani rv = session_start_operation(session, SC_PKCS11_OPERATION_SIGN, mt, &operation); if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM)); if (pMechanism->pParameter) { @@ -280,7 +280,7 @@ sc_pkcs11_sign_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechani if (rv != CKR_OK) session_stop_operation(session, SC_PKCS11_OPERATION_SIGN); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } CK_RV @@ -288,12 +288,12 @@ sc_pkcs11_sign_update(struct sc_pkcs11_session *session, CK_BYTE_PTR pData, CK_ULONG ulDataLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; LOG_FUNC_CALLED(context); rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op); if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); if (op->type->sign_update == NULL) { rv = CKR_KEY_TYPE_INCONSISTENT; @@ -306,7 +306,7 @@ done: if (rv != CKR_OK) session_stop_operation(session, SC_PKCS11_OPERATION_SIGN); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } CK_RV @@ -314,12 +314,12 @@ sc_pkcs11_sign_final(struct sc_pkcs11_session *session, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; LOG_FUNC_CALLED(context); rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op); if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); /* Bail out for signature mechanisms that don't do hashing */ if (op->type->sign_final == NULL) { @@ -333,18 +333,18 @@ done: if (rv != CKR_BUFFER_TOO_SMALL && pSignature != NULL) session_stop_operation(session, SC_PKCS11_OPERATION_SIGN); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } CK_RV sc_pkcs11_sign_size(struct sc_pkcs11_session *session, CK_ULONG_PTR pLength) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; rv = session_get_operation(session, SC_PKCS11_OPERATION_SIGN, &op); if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); /* Bail out for signature mechanisms that don't do hashing */ if (op->type->sign_size == NULL) { @@ -358,7 +358,7 @@ done: if (rv != CKR_OK) session_stop_operation(session, SC_PKCS11_OPERATION_SIGN); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } /* @@ -392,7 +392,7 @@ sc_pkcs11_signature_init(sc_pkcs11_operation_t *operation, else { /* Mechanism recognised but cannot be performed by pkcs#15 card, or some general error. */ free(data); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } } @@ -402,7 +402,7 @@ sc_pkcs11_signature_init(sc_pkcs11_operation_t *operation, if (rv != CKR_OK) { /* Probably bad arguments */ free(data); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } } @@ -421,7 +421,7 @@ sc_pkcs11_signature_init(sc_pkcs11_operation_t *operation, if (rv != CKR_OK) { sc_pkcs11_release_operation(&data->md); free(data); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } data->info = info; } @@ -441,7 +441,7 @@ sc_pkcs11_signature_update(sc_pkcs11_operation_t *operation, data = (struct signature_data *) operation->priv_data; if (data->md) { CK_RV rv = data->md->type->md_update(data->md, pPart, ulPartLen); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } /* This signature mechanism operates on the raw data */ @@ -449,7 +449,6 @@ sc_pkcs11_signature_update(sc_pkcs11_operation_t *operation, LOG_FUNC_RETURN(context, CKR_DATA_LEN_RANGE); memcpy(data->buffer + data->buffer_len, pPart, ulPartLen); data->buffer_len += ulPartLen; - sc_log(context, "data length %u", data->buffer_len); LOG_FUNC_RETURN(context, CKR_OK); } @@ -462,7 +461,6 @@ sc_pkcs11_signature_final(sc_pkcs11_operation_t *operation, LOG_FUNC_CALLED(context); data = (struct signature_data *) operation->priv_data; - sc_log(context, "data length %u", data->buffer_len); if (data->md) { sc_pkcs11_operation_t *md = data->md; CK_ULONG len = sizeof(data->buffer); @@ -471,14 +469,13 @@ sc_pkcs11_signature_final(sc_pkcs11_operation_t *operation, if (rv == CKR_BUFFER_TOO_SMALL) rv = CKR_FUNCTION_FAILED; if (rv != CKR_OK) - LOG_FUNC_RETURN(context, rv); - data->buffer_len = len; + LOG_FUNC_RETURN(context, (int) rv); + data->buffer_len = (unsigned int) len; } - sc_log(context, "%u bytes to sign", data->buffer_len); rv = data->key->ops->sign(operation->session, data->key, &operation->mechanism, data->buffer, data->buffer_len, pSignature, pulSignatureLen); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } static CK_RV @@ -521,7 +518,7 @@ sc_pkcs11_signature_size(sc_pkcs11_operation_t *operation, CK_ULONG_PTR pLength) } } - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } static void @@ -549,7 +546,7 @@ sc_pkcs11_verif_init(struct sc_pkcs11_session *session, CK_MECHANISM_PTR pMechan struct sc_pkcs11_card *p11card; sc_pkcs11_operation_t *operation; sc_pkcs11_mechanism_type_t *mt; - int rv; + CK_RV rv; if (!session || !session->slot || !(p11card = session->slot->p11card)) @@ -583,7 +580,7 @@ sc_pkcs11_verif_update(struct sc_pkcs11_session *session, CK_BYTE_PTR pData, CK_ULONG ulDataLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op); if (rv != CKR_OK) @@ -608,7 +605,7 @@ sc_pkcs11_verif_final(struct sc_pkcs11_session *session, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; rv = session_get_operation(session, SC_PKCS11_OPERATION_VERIFY, &op); if (rv != CKR_OK) @@ -635,7 +632,7 @@ sc_pkcs11_verify_init(sc_pkcs11_operation_t *operation, { struct hash_signature_info *info; struct signature_data *data; - int rv; + CK_RV rv; if (!(data = calloc(1, sizeof(*data)))) return CKR_HOST_MEMORY; @@ -651,7 +648,7 @@ sc_pkcs11_verify_init(sc_pkcs11_operation_t *operation, else { /* Mechanism cannot be performed by pkcs#15 card, or some general error. */ free(data); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } } @@ -661,7 +658,7 @@ sc_pkcs11_verify_init(sc_pkcs11_operation_t *operation, if (rv != CKR_OK) { /* Probably bad arguments */ free(data); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } } @@ -721,7 +718,7 @@ sc_pkcs11_verify_final(sc_pkcs11_operation_t *operation, CK_ATTRIBUTE attr = {CKA_VALUE, NULL, 0}; CK_ATTRIBUTE attr_key_type = {CKA_KEY_TYPE, &key_type, sizeof(key_type)}; CK_ATTRIBUTE attr_key_params = {CKA_GOSTR3410_PARAMS, ¶ms, sizeof(params)}; - int rv; + CK_RV rv; data = (struct signature_data *) operation->priv_data; @@ -756,10 +753,10 @@ sc_pkcs11_verify_final(sc_pkcs11_operation_t *operation, goto done; } - rv = sc_pkcs11_verify_data(pubkey_value, attr.ulValueLen, + rv = sc_pkcs11_verify_data(pubkey_value, (unsigned int) attr.ulValueLen, params, sizeof(params), &operation->mechanism, data->md, - data->buffer, data->buffer_len, pSignature, ulSignatureLen); + data->buffer, data->buffer_len, pSignature, (unsigned int) ulSignatureLen); done: free(pubkey_value); @@ -815,7 +812,7 @@ sc_pkcs11_decr(struct sc_pkcs11_session *session, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) { sc_pkcs11_operation_t *op; - int rv; + CK_RV rv; rv = session_get_operation(session, SC_PKCS11_OPERATION_DECRYPT, &op); if (rv != CKR_OK) @@ -951,7 +948,7 @@ sc_pkcs11_decrypt_init(sc_pkcs11_operation_t *operation, else { /* Mechanism cannot be performed by pkcs#15 card, or some general error. */ free(data); - LOG_FUNC_RETURN(context, rv); + LOG_FUNC_RETURN(context, (int) rv); } } diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c index e4798319..b9bef60d 100644 --- a/src/pkcs11/misc.c +++ b/src/pkcs11/misc.c @@ -305,7 +305,7 @@ CK_RV session_stop_operation(struct sc_pkcs11_session * session, int type) CK_RV attr_extract(CK_ATTRIBUTE_PTR pAttr, void *ptr, size_t * sizep) { - unsigned int size; + size_t size; if (sizep) { size = *sizep; diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c index fb9f8fea..a24f2a3a 100644 --- a/src/pkcs11/openssl.c +++ b/src/pkcs11/openssl.c @@ -336,10 +336,10 @@ static void reverse(unsigned char *buf, size_t len) } } -static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len, - const unsigned char *params, int params_len, - unsigned char *data, int data_len, - unsigned char *signat, int signat_len) +static CK_RV gostr3410_verify_data(const unsigned char *pubkey, unsigned int pubkey_len, + const unsigned char *params, unsigned int params_len, + unsigned char *data, unsigned int data_len, + unsigned char *signat, unsigned int signat_len) { EVP_PKEY *pkey; EVP_PKEY_CTX *pkey_ctx = NULL; @@ -413,11 +413,11 @@ static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len, * If a hash function was used, we can make a big shortcut by * finishing with EVP_VerifyFinal(). */ -CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len, - const unsigned char *pubkey_params, int pubkey_params_len, +CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len, + const unsigned char *pubkey_params, unsigned int pubkey_params_len, CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md, - unsigned char *data, int data_len, - unsigned char *signat, int signat_len) + unsigned char *data, unsigned int data_len, + unsigned char *signat, unsigned int signat_len) { int res; CK_RV rv = CKR_GENERAL_ERROR; @@ -598,9 +598,9 @@ CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len, data_len = tmp_len; } rv = CKR_SIGNATURE_INVALID; - if (data_len == EVP_MD_size(pss_md) && - RSA_verify_PKCS1_PSS_mgf1(rsa, data, pss_md, mgf_md, - rsa_out, EVP_MD_size(pss_md)/*sLen*/) == 1) + if (data_len == (unsigned int) EVP_MD_size(pss_md) + && RSA_verify_PKCS1_PSS_mgf1(rsa, data, pss_md, mgf_md, + rsa_out, EVP_MD_size(pss_md)/*sLen*/) == 1) rv = CKR_OK; RSA_free(rsa); free(rsa_out); @@ -609,7 +609,7 @@ CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len, } RSA_free(rsa); - if (rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0) + if ((unsigned int) rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0) rv = CKR_OK; else rv = CKR_SIGNATURE_INVALID; diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c index 0cc77d60..a6b84224 100644 --- a/src/pkcs11/pkcs11-object.c +++ b/src/pkcs11/pkcs11-object.c @@ -128,7 +128,8 @@ CK_RV sc_create_object_int(CK_SESSION_HANDLE hSession, /* the session's handle * out: if (use_lock) sc_pkcs11_unlock(); - LOG_FUNC_RETURN(context, rv); + + return rv; } @@ -210,7 +211,7 @@ C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_ATTRIBUTE_PTR pTemplate, /* specifies attributes, gets values */ CK_ULONG ulCount) /* attributes in template */ { - static int precedence[] = { + static CK_RV precedence[] = { CKR_OK, CKR_BUFFER_TOO_SMALL, CKR_ATTRIBUTE_TYPE_INVALID, @@ -218,11 +219,12 @@ C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ -1 }; char object_name[64]; - int j; + CK_RV j; CK_RV rv; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; - int res, res_type; + CK_RV res; + CK_RV res_type; unsigned int i; if (pTemplate == NULL_PTR || ulCount == 0) @@ -256,7 +258,7 @@ C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */ * should be handled - we give them highest * precedence */ - for (j = 0; precedence[j] != -1; j++) { + for (j = 0; precedence[j] != (CK_RV) -1; j++) { if (precedence[j] == res) break; } @@ -1325,14 +1327,13 @@ CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, /* the session's handle */ /* * Helper function to compare attributes on any sort of object */ -int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK_ATTRIBUTE_PTR attr) +CK_RV sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK_ATTRIBUTE_PTR attr) { - int rv; + CK_RV rv; struct sc_pkcs11_object *object; u8 temp1[1024]; u8 *temp2 = NULL; /* dynamic allocation for large attributes */ CK_ATTRIBUTE temp_attr; - int res; object = (struct sc_pkcs11_object *)ptr; temp_attr.type = attr->type; @@ -1356,7 +1357,7 @@ int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK /* Get the attribute */ rv = object->ops->get_attribute(session, object, &temp_attr); if (rv != CKR_OK) { - res = 0; + rv = 0; goto done; } #ifdef DEBUG @@ -1367,12 +1368,12 @@ int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK dump_template(SC_LOG_DEBUG_NORMAL, foo, &temp_attr, 1); } #endif - res = temp_attr.ulValueLen == attr->ulValueLen + rv = temp_attr.ulValueLen == attr->ulValueLen && !memcmp(temp_attr.pValue, attr->pValue, attr->ulValueLen); done: if (temp2 != NULL) free(temp2); - return res; + return rv; } diff --git a/src/pkcs11/pkcs11-session.c b/src/pkcs11/pkcs11-session.c index 9351e58d..e4247446 100644 --- a/src/pkcs11/pkcs11-session.c +++ b/src/pkcs11/pkcs11-session.c @@ -313,7 +313,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */ if (rv == CKR_OK) rv = push_login_state(slot, userType, pPin, ulPinLen); if (rv == CKR_OK) { - slot->login_user = userType; + slot->login_user = (int) userType; } rv = reset_login_state(slot, rv); } diff --git a/src/pkcs11/pkcs11-spy.c b/src/pkcs11/pkcs11-spy.c index a3fa1d8f..92e635cc 100644 --- a/src/pkcs11/pkcs11-spy.c +++ b/src/pkcs11/pkcs11-spy.c @@ -55,7 +55,7 @@ static CK_RV init_spy(void) { const char *output, *module; - int rv = CKR_OK; + CK_RV rv = CKR_OK; #ifdef _WIN32 char temp_path[PATH_MAX], expanded_path[PATH_MAX]; DWORD temp_len, expanded_len; diff --git a/src/pkcs11/sc-pkcs11.h b/src/pkcs11/sc-pkcs11.h index f0115ed0..6ed20d8a 100644 --- a/src/pkcs11/sc-pkcs11.h +++ b/src/pkcs11/sc-pkcs11.h @@ -91,7 +91,7 @@ struct sc_pkcs11_object_ops { /* Management methods */ CK_RV (*set_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR); CK_RV (*get_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR); - int (*cmp_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR); + CK_RV (*cmp_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR); CK_RV (*destroy_object)(struct sc_pkcs11_session *, void *); CK_RV (*get_size)(struct sc_pkcs11_session *, void *); @@ -382,7 +382,7 @@ CK_RV sc_pkcs11_create_secret_key(struct sc_pkcs11_session *, CK_ATTRIBUTE_PTR, CK_ULONG, struct sc_pkcs11_object **); /* Generic object handling */ -int sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *, +CK_RV sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR); /* Get attributes from template (misc.c) */ @@ -439,11 +439,11 @@ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *, sc_pkcs11_mechanism_type_t *); #ifdef ENABLE_OPENSSL -CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, int pubkey_len, - const unsigned char *pubkey_params, int pubkey_params_len, +CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len, + const unsigned char *pubkey_params, unsigned int pubkey_params_len, CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md, - unsigned char *inp, int inp_len, - unsigned char *signat, int signat_len); + unsigned char *inp, unsigned int inp_len, + unsigned char *signat, unsigned int signat_len); #endif /* Load configuration defaults */ diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c index 3102bf98..c374666f 100644 --- a/src/pkcs11/slot.c +++ b/src/pkcs11/slot.c @@ -447,7 +447,7 @@ CK_RV slot_get_slot(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot) CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot) { - int rv; + CK_RV rv; sc_log(context, "Slot(id=0x%lX): get token", id); rv = slot_get_slot(id, slot); @@ -473,7 +473,8 @@ CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot) CK_RV slot_token_removed(CK_SLOT_ID id) { - int rv, token_was_present; + CK_RV rv; + int token_was_present; struct sc_pkcs11_slot *slot; struct sc_pkcs11_object *object; From c70888f9ab674c468c99f72ece4a7556c1e63a30 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Wed, 31 Oct 2018 23:34:14 +0100 Subject: [PATCH 3/4] allow compilation with --disable-shared --- src/libopensc/card-npa.c | 1 + src/libopensc/card-npa.h | 4 ++-- src/tools/npa-tool.c | 25 +++++++++++++------------ 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/libopensc/card-npa.c b/src/libopensc/card-npa.c index 99784b17..c8e981f5 100644 --- a/src/libopensc/card-npa.c +++ b/src/libopensc/card-npa.c @@ -31,6 +31,7 @@ #include "sm/sm-eac.h" #include +static int fread_to_eof(const char *file, unsigned char **buf, size_t *buflen); #include "../tools/fread_to_eof.c" struct npa_drv_data { diff --git a/src/libopensc/card-npa.h b/src/libopensc/card-npa.h index 5cac5b0a..9cce7a06 100644 --- a/src/libopensc/card-npa.h +++ b/src/libopensc/card-npa.h @@ -27,13 +27,13 @@ extern "C" { #include "sm/sm-eac.h" -const unsigned char esign_chat[] = { +static const unsigned char esign_chat[] = { 0x7F, 0x4C, 0x0E, 0x06, 0x09, 0x04, 0x00, 0x7F, 0x00, 0x07, 0x03, 0x01, 0x02, 0x03, 0x53, 0x01, 0x03, }; -const unsigned char df_esign_aid[] = { 0xa0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4e}; +static const unsigned char df_esign_aid[] = { 0xa0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4e}; /** * @brief Sends a reset retry counter APDU diff --git a/src/tools/npa-tool.c b/src/tools/npa-tool.c index 1371c696..a4e14a4c 100644 --- a/src/tools/npa-tool.c +++ b/src/tools/npa-tool.c @@ -88,14 +88,15 @@ static int getline(char **lineptr, size_t *n, FILE *stream) #define ASN1_APP_IMP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type) #define ASN1_APP_IMP(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION, tag, stname, field, type) +typedef ASN1_AUXILIARY_DATA ASN1_AUXILIARY_DATA_NPA_TOOL; /* 0x67 * Auxiliary authenticated data */ -ASN1_ITEM_TEMPLATE(ASN1_AUXILIARY_DATA) = +ASN1_ITEM_TEMPLATE(ASN1_AUXILIARY_DATA_NPA_TOOL) = ASN1_EX_TEMPLATE_TYPE( ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION, 7, AuxiliaryAuthenticatedData, CVC_DISCRETIONARY_DATA_TEMPLATE) -ASN1_ITEM_TEMPLATE_END(ASN1_AUXILIARY_DATA) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_AUXILIARY_DATA) +ASN1_ITEM_TEMPLATE_END(ASN1_AUXILIARY_DATA_NPA_TOOL) +IMPLEMENT_ASN1_FUNCTIONS(ASN1_AUXILIARY_DATA_NPA_TOOL) /** * @brief Print binary data to a file stream @@ -285,8 +286,8 @@ int npa_translate_apdus(sc_card_t *card, FILE *input) return r; } -static int add_to_ASN1_AUXILIARY_DATA( - ASN1_AUXILIARY_DATA **auxiliary_data, +static int add_to_ASN1_AUXILIARY_DATA_NPA_TOOL( + ASN1_AUXILIARY_DATA_NPA_TOOL **auxiliary_data, int nid, const unsigned char *data, size_t data_len) { int r; @@ -298,7 +299,7 @@ static int add_to_ASN1_AUXILIARY_DATA( } if (!*auxiliary_data) { - *auxiliary_data = ASN1_AUXILIARY_DATA_new(); + *auxiliary_data = ASN1_AUXILIARY_DATA_NPA_TOOL_new(); if (!*auxiliary_data) { r = SC_ERROR_INTERNAL; goto err; @@ -372,7 +373,7 @@ main (int argc, char **argv) unsigned char *certs_chat = NULL; unsigned char *dg = NULL; size_t dg_len = 0; - ASN1_AUXILIARY_DATA *templates = NULL; + ASN1_AUXILIARY_DATA_NPA_TOOL *templates = NULL; unsigned char *ef_cardsecurity = NULL; size_t ef_cardsecurity_len = 0; @@ -671,7 +672,7 @@ main (int argc, char **argv) } } else { if (cmdline.older_than_given) { - r = add_to_ASN1_AUXILIARY_DATA(&templates, + r = add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(&templates, NID_id_DateOfBirth, (unsigned char *) cmdline.older_than_arg, strlen(cmdline.older_than_arg)); @@ -679,7 +680,7 @@ main (int argc, char **argv) goto err; } if (cmdline.verify_validity_given) { - r = add_to_ASN1_AUXILIARY_DATA(&templates, + r = add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(&templates, NID_id_DateOfExpiry, (unsigned char *) cmdline.verify_validity_arg, strlen(cmdline.verify_validity_arg)); @@ -693,7 +694,7 @@ main (int argc, char **argv) fprintf(stderr, "Could not parse community ID.\n"); exit(2); } - r = add_to_ASN1_AUXILIARY_DATA(&templates, + r = add_to_ASN1_AUXILIARY_DATA_NPA_TOOL(&templates, NID_id_CommunityID, community_id, community_id_len); if (r < 0) @@ -701,7 +702,7 @@ main (int argc, char **argv) } if (templates) { unsigned char *p = NULL; - auxiliary_data_len = i2d_ASN1_AUXILIARY_DATA( + auxiliary_data_len = i2d_ASN1_AUXILIARY_DATA_NPA_TOOL( templates, &p); if (0 > (int) auxiliary_data_len || auxiliary_data_len > sizeof auxiliary_data) { @@ -892,7 +893,7 @@ err: free(privkey); free(dg); if (templates) - ASN1_AUXILIARY_DATA_free(templates); + ASN1_AUXILIARY_DATA_NPA_TOOL_free(templates); sc_sm_stop(card); sc_reset(card, 1); From 26025b2f5d816e514310429b2cd6aae7e9e30700 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Thu, 1 Nov 2018 08:46:02 +0100 Subject: [PATCH 4/4] pkcs15-tool: list & dump cleanups * when listing public keys, do not cut object labels in compact mode * when listing private keys in compact mode, left align labels * make hex codes at least 2 chars wide by changing "0x%X" to "0x%02X" --- src/tools/pkcs15-tool.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c index 019ab8c0..289a95e9 100644 --- a/src/tools/pkcs15-tool.c +++ b/src/tools/pkcs15-tool.c @@ -253,7 +253,7 @@ static void print_common_flags(const struct sc_pkcs15_object *obj) { const char *common_flags[] = {"private", "modifiable"}; unsigned int i; - printf("\tObject Flags : [0x%X]", obj->flags); + printf("\tObject Flags : [0x%02X]", obj->flags); for (i = 0; i < NELEMENTS(common_flags); i++) { if (obj->flags & (1 << i)) { printf(", %s", common_flags[i]); @@ -620,7 +620,7 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj) printf(" Ref:0x%02X", prkey->key_reference); if (obj->auth_id.len != 0) printf(" AuthID:%s", sc_pkcs15_print_id(&obj->auth_id)); - printf("\n\t %-16.*s [0x%X", 16, obj->label, prkey->usage); + printf("\n\t %-18.*s [0x%02X", (int) sizeof obj->label, obj->label, prkey->usage); print_key_usages(prkey->usage); printf("]"); return; @@ -628,10 +628,10 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj) printf("Private %s Key [%.*s]\n", key_types[7 & obj->type], (int) sizeof obj->label, obj->label); print_common_flags(obj); - printf("\tUsage : [0x%X]", prkey->usage); + printf("\tUsage : [0x%02X]", prkey->usage); print_key_usages(prkey->usage); printf("\n"); - printf("\tAccess Flags : [0x%X]", prkey->access_flags); + printf("\tAccess Flags : [0x%02X]", prkey->access_flags); print_key_access_flags(prkey->access_flags); printf("\n"); @@ -641,7 +641,7 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj) printf("\tModLength : %lu\n", (unsigned long)prkey->modulus_length); else printf("\tFieldLength : %lu\n", (unsigned long)prkey->field_length); - printf("\tKey ref : %d (0x%X)\n", prkey->key_reference, prkey->key_reference); + printf("\tKey ref : %d (0x%02X)\n", prkey->key_reference, prkey->key_reference); printf("\tNative : %s\n", prkey->native ? "yes" : "no"); if (prkey->path.len || prkey->path.aid.len) printf("\tPath : %s\n", sc_print_path(&prkey->path)); @@ -701,7 +701,7 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj) printf(" Ref:0x%02X", pubkey->key_reference); if (obj->auth_id.len != 0) printf(" AuthID:%s", sc_pkcs15_print_id(&obj->auth_id)); - printf(" %15.*s [0x%X", (int) sizeof obj->label, obj->label, pubkey->usage); + printf(" %-18.*s [0x%02X", (int) sizeof obj->label, obj->label, pubkey->usage); print_key_usages(pubkey->usage); printf("]"); return; @@ -709,11 +709,11 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj) printf("Public %s Key [%.*s]\n", key_types[7 & obj->type], (int) sizeof obj->label, obj->label); print_common_flags(obj); - printf("\tUsage : [0x%X]", pubkey->usage); + printf("\tUsage : [0x%02X]", pubkey->usage); print_key_usages(pubkey->usage); printf("\n"); - printf("\tAccess Flags : [0x%X]", pubkey->access_flags); + printf("\tAccess Flags : [0x%02X]", pubkey->access_flags); print_key_access_flags(pubkey->access_flags); printf("\n"); @@ -733,7 +733,7 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj) } } - printf("\tKey ref : %d (0x%X)\n", pubkey->key_reference, pubkey->key_reference); + printf("\tKey ref : %d (0x%02X)\n", pubkey->key_reference, pubkey->key_reference); printf("\tNative : %s\n", pubkey->native ? "yes" : "no"); if (have_path) printf("\tPath : %s\n", sc_print_path(&pubkey->path)); @@ -840,11 +840,11 @@ static void print_skey_info(const struct sc_pkcs15_object *obj) printf("Secret %s Key [%.*s]\n", skey_types[7 & obj->type], (int) sizeof obj->label, obj->label); print_common_flags(obj); - printf("\tUsage : [0x%X]", skey->usage); + printf("\tUsage : [0x%02X]", skey->usage); print_key_usages(skey->usage); printf("\n"); - printf("\tAccess Flags : [0x%X]", skey->access_flags); + printf("\tAccess Flags : [0x%02X]", skey->access_flags); print_key_access_flags(skey->access_flags); printf("\n"); @@ -853,7 +853,7 @@ static void print_skey_info(const struct sc_pkcs15_object *obj) printf("\tSize : %lu bits\n", (unsigned long)skey->value_len); printf("\tID : %s\n", sc_pkcs15_print_id(&skey->id)); printf("\tNative : %s\n", skey->native ? "yes" : "no"); - printf("\tKey ref : %d (0x%X)\n", skey->key_reference, skey->key_reference); + printf("\tKey ref : %d (0x%02X)\n", skey->key_reference, skey->key_reference); if (skey->path.len || skey->path.aid.len) printf("\tPath : %s\n", sc_print_path(&skey->path));