pkcs11: check PKCS#11 function parameters for obvious errors and return CKR_ARGUMENTS_BAD early without locking the module.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4647 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
9a63e03e9a
commit
4f03502b60
|
@ -277,6 +277,9 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved)
|
|||
sc_pkcs11_slot_t *slot;
|
||||
CK_RV rv;
|
||||
|
||||
if (pReserved != NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
if (context == NULL)
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
|
||||
|
@ -284,11 +287,6 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved)
|
|||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pReserved != NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Finalize()");
|
||||
|
||||
/* cancel pending calls */
|
||||
|
@ -312,7 +310,7 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved)
|
|||
sc_release_context(context);
|
||||
context = NULL;
|
||||
|
||||
out: /* Release and destroy the mutex */
|
||||
/* Release and destroy the mutex */
|
||||
sc_pkcs11_free_lock();
|
||||
|
||||
return rv;
|
||||
|
@ -322,15 +320,13 @@ CK_RV C_GetInfo(CK_INFO_PTR pInfo)
|
|||
{
|
||||
CK_RV rv = CKR_OK;
|
||||
|
||||
if (pInfo == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pInfo == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetInfo()");
|
||||
|
||||
memset(pInfo, 0, sizeof(CK_INFO));
|
||||
|
@ -345,7 +341,7 @@ CK_RV C_GetInfo(CK_INFO_PTR pInfo)
|
|||
pInfo->libraryVersion.major = 0;
|
||||
pInfo->libraryVersion.minor = 0; /* FIXME: use 0.116 for 0.11.6 from autoconf */
|
||||
|
||||
out: sc_pkcs11_unlock();
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -368,15 +364,13 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese
|
|||
sc_pkcs11_slot_t *slot;
|
||||
CK_RV rv;
|
||||
|
||||
if (pulCount == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
if ((rv = sc_pkcs11_lock()) != CKR_OK) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (pulCount == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotList(token=%d, %s)", tokenPresent,
|
||||
(pSlotList==NULL_PTR && sc_pkcs11_conf.plug_and_play)? "plug-n-play":"refresh");
|
||||
|
||||
|
@ -466,15 +460,13 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
|||
sc_timestamp_t now;
|
||||
CK_RV rv;
|
||||
|
||||
if (pInfo == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pInfo == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx)", slotID);
|
||||
|
||||
rv = slot_get_slot(slotID, &slot);
|
||||
|
@ -497,7 +489,7 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
|||
if (rv == CKR_OK)
|
||||
memcpy(pInfo, &slot->slot_info, sizeof(CK_SLOT_INFO));
|
||||
|
||||
out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx) = %s", slotID, lookup_enum ( RV_T, rv ));
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx) = %s", slotID, lookup_enum ( RV_T, rv ));
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
}
|
||||
|
@ -507,23 +499,22 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|||
struct sc_pkcs11_slot *slot;
|
||||
CK_RV rv;
|
||||
|
||||
if (pInfo == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pInfo == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetTokenInfo(%lx)", slotID);
|
||||
|
||||
rv = slot_get_token(slotID, &slot);
|
||||
|
||||
/* TODO: update token flags */
|
||||
if (rv == CKR_OK)
|
||||
memcpy(pInfo, &slot->token_info, sizeof(CK_TOKEN_INFO));
|
||||
|
||||
out: sc_pkcs11_unlock();
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -553,19 +544,18 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
|
|||
struct sc_pkcs11_slot *slot;
|
||||
CK_RV rv;
|
||||
|
||||
if (pInfo == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pInfo == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
rv = slot_get_token(slotID, &slot);
|
||||
if (rv == CKR_OK)
|
||||
rv = sc_pkcs11_get_mechanism_info(slot->card, type, pInfo);
|
||||
|
||||
out: sc_pkcs11_unlock();
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
|
|
@ -57,15 +57,15 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_card *card;
|
||||
|
||||
if (pTemplate == NULL_PTR || ulCount == 0)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
SC_FUNC_CALLED(context, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
if (pTemplate == NULL_PTR || ulCount == 0) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
dump_template(SC_LOG_DEBUG_NORMAL, "C_CreateObject()", pTemplate, ulCount);
|
||||
|
||||
session = list_seek(&sessions, &hSession);
|
||||
|
@ -157,15 +157,13 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
int res, res_type;
|
||||
unsigned int i;
|
||||
|
||||
if (pTemplate == NULL_PTR || ulCount == 0)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pTemplate == NULL_PTR || ulCount == 0) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_object_from_session(hSession, hObject, &session, &object);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
@ -216,14 +214,13 @@ CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_object *object;
|
||||
|
||||
if (pTemplate == NULL_PTR || ulCount == 0)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pTemplate == NULL_PTR || ulCount == 0) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
dump_template(SC_LOG_DEBUG_NORMAL, "C_SetAttributeValue", pTemplate, ulCount);
|
||||
|
||||
rv = get_object_from_session(hSession, hObject, &session, &object);
|
||||
|
@ -263,15 +260,13 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_find_operation *operation;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
|
||||
if (pTemplate == NULL_PTR && ulCount > 0)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pTemplate == NULL_PTR && ulCount > 0) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_session(hSession, &session);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
@ -356,15 +351,13 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_find_operation *operation;
|
||||
|
||||
if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_session(hSession, &session);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
@ -422,15 +415,13 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
CK_RV rv;
|
||||
struct sc_pkcs11_session *session;
|
||||
|
||||
if (pMechanism == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pMechanism == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DigestInit(hSession=0x%lx)", hSession);
|
||||
rv = get_session(hSession, &session);
|
||||
if (rv == CKR_OK)
|
||||
|
@ -526,15 +517,13 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_object *object;
|
||||
|
||||
if (pMechanism == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pMechanism == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_object_from_session(hSession, hKey, &session, &object);
|
||||
if (rv != CKR_OK) {
|
||||
if (rv == CKR_OBJECT_HANDLE_INVALID)
|
||||
|
@ -677,15 +666,13 @@ CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
/* FIXME #47: C_SignRecover is not implemented */
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
|
||||
if (pMechanism == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pMechanism == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_object_from_session(hSession, hKey, &session, &object);
|
||||
if (rv != CKR_OK) {
|
||||
if (rv == CKR_OBJECT_HANDLE_INVALID)
|
||||
|
@ -773,15 +760,13 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_object *object;
|
||||
|
||||
if (pMechanism == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pMechanism == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_object_from_session(hSession, hKey, &session, &object);
|
||||
if (rv != CKR_OK) {
|
||||
if (rv == CKR_OBJECT_HANDLE_INVALID)
|
||||
|
@ -909,16 +894,15 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
|
||||
if (pMechanism == NULL_PTR
|
||||
|| (pPublicKeyTemplate == NULL_PTR && ulPublicKeyAttributeCount > 0)
|
||||
|| (pPrivateKeyTemplate == NULL_PTR && ulPrivateKeyAttributeCount > 0))
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pMechanism == NULL_PTR
|
||||
|| (pPublicKeyTemplate == NULL_PTR && ulPublicKeyAttributeCount > 0)
|
||||
|| (pPrivateKeyTemplate == NULL_PTR && ulPrivateKeyAttributeCount > 0)) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
dump_template(SC_LOG_DEBUG_NORMAL, "C_GenerateKeyPair(), PrivKey attrs", pPrivateKeyTemplate, ulPrivateKeyAttributeCount);
|
||||
dump_template(SC_LOG_DEBUG_NORMAL, "C_GenerateKeyPair(), PubKey attrs", pPublicKeyTemplate, ulPublicKeyAttributeCount);
|
||||
|
||||
|
@ -1058,14 +1042,13 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_object *object;
|
||||
|
||||
if (pMechanism == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pMechanism == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = get_object_from_session(hSession, hKey, &session, &object);
|
||||
if (rv != CKR_OK) {
|
||||
|
|
|
@ -44,22 +44,18 @@ CK_RV C_OpenSession(CK_SLOT_ID slotID, /* the slot's ID */
|
|||
struct sc_pkcs11_slot *slot;
|
||||
struct sc_pkcs11_session *session;
|
||||
|
||||
if (!(flags & CKF_SERIAL_SESSION))
|
||||
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
|
||||
|
||||
if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION))
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_OpenSession(0x%lx)", slotID);
|
||||
|
||||
if (!(flags & CKF_SERIAL_SESSION)) {
|
||||
rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION)) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = slot_get_token(slotID, &slot);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
@ -177,15 +173,14 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(0x%lx)", hSession);
|
||||
if (pInfo == NULL_PTR)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pInfo == NULL_PTR) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(0x%lx)", hSession);
|
||||
|
||||
session = list_seek(&sessions, &hSession);
|
||||
if (!session) {
|
||||
|
@ -240,15 +235,13 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
|
||||
if (pPin == NULL_PTR && ulPinLen > 0)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pPin == NULL_PTR && ulPinLen > 0) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (userType != CKU_USER && userType != CKU_SO && userType != CKU_CONTEXT_SPECIFIC) {
|
||||
rv = CKR_USER_TYPE_INVALID;
|
||||
goto out;
|
||||
|
@ -330,15 +323,13 @@ CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
|
||||
if (pPin == NULL_PTR && ulPinLen > 0)
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if (pPin == NULL_PTR && ulPinLen > 0) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
session = list_seek(&sessions, &hSession);
|
||||
if (!session) {
|
||||
rv = CKR_SESSION_HANDLE_INVALID;
|
||||
|
@ -370,16 +361,14 @@ CK_RV C_SetPIN(CK_SESSION_HANDLE hSession,
|
|||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
|
||||
if ((pOldPin == NULL_PTR && ulOldLen > 0)
|
||||
|| (pNewPin == NULL_PTR && ulNewLen > 0))
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
if ((pOldPin == NULL_PTR && ulOldLen > 0)
|
||||
|| (pNewPin == NULL_PTR && ulNewLen > 0)) {
|
||||
rv = CKR_ARGUMENTS_BAD;
|
||||
goto out;
|
||||
}
|
||||
|
||||
session = list_seek(&sessions, &hSession);
|
||||
if (!session) {
|
||||
rv = CKR_SESSION_HANDLE_INVALID;
|
||||
|
|
Loading…
Reference in New Issue