giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11: check PKCS#11 function parameters for obvious errors and return CKR_ARGUMENTS_BAD early without locking the module. 

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4647 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
martin 2010-08-23 14:47:14 +00:00
parent 9a63e03e9a
commit 4f03502b60
3 changed files with 80 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/pkcs11/pkcs11-global.c
View File

@ -277,6 +277,9 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved)
sc_pkcs11_slot_t *slot;
CK_RV rv;
if (pReserved != NULL_PTR)
return CKR_ARGUMENTS_BAD;
if (context == NULL)
return CKR_CRYPTOKI_NOT_INITIALIZED;
@ -284,11 +287,6 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved)
if (rv != CKR_OK)
return rv;
if (pReserved != NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_Finalize()");
/* cancel pending calls */
@ -312,7 +310,7 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved)
sc_release_context(context);
context = NULL;
out: /* Release and destroy the mutex */
/* Release and destroy the mutex */
sc_pkcs11_free_lock();
return rv;
@ -322,15 +320,13 @@ CK_RV C_GetInfo(CK_INFO_PTR pInfo)
{
CK_RV rv = CKR_OK;
if (pInfo == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pInfo == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetInfo()");
memset(pInfo, 0, sizeof(CK_INFO));
@ -345,7 +341,7 @@ CK_RV C_GetInfo(CK_INFO_PTR pInfo)
pInfo->libraryVersion.major = 0;
pInfo->libraryVersion.minor = 0; /* FIXME: use 0.116 for 0.11.6 from autoconf */
out: sc_pkcs11_unlock();
sc_pkcs11_unlock();
return rv;
}
@ -368,15 +364,13 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese
sc_pkcs11_slot_t *slot;
CK_RV rv;
if (pulCount == NULL_PTR)
return CKR_ARGUMENTS_BAD;
if ((rv = sc_pkcs11_lock()) != CKR_OK) {
return rv;
}
if (pulCount == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotList(token=%d, %s)", tokenPresent,
(pSlotList==NULL_PTR && sc_pkcs11_conf.plug_and_play)? "plug-n-play":"refresh");
@ -466,15 +460,13 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
sc_timestamp_t now;
CK_RV rv;
if (pInfo == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pInfo == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx)", slotID);
rv = slot_get_slot(slotID, &slot);
@ -497,7 +489,7 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
if (rv == CKR_OK)
memcpy(pInfo, &slot->slot_info, sizeof(CK_SLOT_INFO));
out: sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx) = %s", slotID, lookup_enum ( RV_T, rv ));
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSlotInfo(0x%lx) = %s", slotID, lookup_enum ( RV_T, rv ));
sc_pkcs11_unlock();
return rv;
}
@ -507,23 +499,22 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
struct sc_pkcs11_slot *slot;
CK_RV rv;
if (pInfo == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pInfo == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetTokenInfo(%lx)", slotID);
rv = slot_get_token(slotID, &slot);
/* TODO: update token flags */
if (rv == CKR_OK)
memcpy(pInfo, &slot->token_info, sizeof(CK_TOKEN_INFO));
out: sc_pkcs11_unlock();
sc_pkcs11_unlock();
return rv;
}
@ -553,19 +544,18 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
struct sc_pkcs11_slot *slot;
CK_RV rv;
if (pInfo == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pInfo == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = slot_get_token(slotID, &slot);
if (rv == CKR_OK)
rv = sc_pkcs11_get_mechanism_info(slot->card, type, pInfo);
out: sc_pkcs11_unlock();
sc_pkcs11_unlock();
return rv;
}

89
src/pkcs11/pkcs11-object.c
View File

@ -57,15 +57,15 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_card *card;
if (pTemplate == NULL_PTR || ulCount == 0)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
SC_FUNC_CALLED(context, SC_LOG_DEBUG_VERBOSE);
if (pTemplate == NULL_PTR || ulCount == 0) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
dump_template(SC_LOG_DEBUG_NORMAL, "C_CreateObject()", pTemplate, ulCount);
session = list_seek(&sessions, &hSession);
@ -157,15 +157,13 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
int res, res_type;
unsigned int i;
if (pTemplate == NULL_PTR || ulCount == 0)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pTemplate == NULL_PTR || ulCount == 0) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_object_from_session(hSession, hObject, &session, &object);
if (rv != CKR_OK)
goto out;
@ -216,14 +214,13 @@ CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_object *object;
if (pTemplate == NULL_PTR || ulCount == 0)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pTemplate == NULL_PTR || ulCount == 0) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
dump_template(SC_LOG_DEBUG_NORMAL, "C_SetAttributeValue", pTemplate, ulCount);
rv = get_object_from_session(hSession, hObject, &session, &object);
@ -263,15 +260,13 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_find_operation *operation;
struct sc_pkcs11_slot *slot;
if (pTemplate == NULL_PTR && ulCount > 0)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pTemplate == NULL_PTR && ulCount > 0) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_session(hSession, &session);
if (rv != CKR_OK)
goto out;
@ -356,15 +351,13 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_find_operation *operation;
if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_session(hSession, &session);
if (rv != CKR_OK)
goto out;
@ -422,15 +415,13 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, /* the session's handle */
CK_RV rv;
struct sc_pkcs11_session *session;
if (pMechanism == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pMechanism == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_DigestInit(hSession=0x%lx)", hSession);
rv = get_session(hSession, &session);
if (rv == CKR_OK)
@ -526,15 +517,13 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_object *object;
if (pMechanism == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pMechanism == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_object_from_session(hSession, hKey, &session, &object);
if (rv != CKR_OK) {
if (rv == CKR_OBJECT_HANDLE_INVALID)
@ -677,15 +666,13 @@ CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */
/* FIXME #47: C_SignRecover is not implemented */
return CKR_FUNCTION_NOT_SUPPORTED;
if (pMechanism == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pMechanism == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_object_from_session(hSession, hKey, &session, &object);
if (rv != CKR_OK) {
if (rv == CKR_OBJECT_HANDLE_INVALID)
@ -773,15 +760,13 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_object *object;
if (pMechanism == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pMechanism == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_object_from_session(hSession, hKey, &session, &object);
if (rv != CKR_OK) {
if (rv == CKR_OBJECT_HANDLE_INVALID)
@ -909,16 +894,15 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_slot *slot;
if (pMechanism == NULL_PTR
|| (pPublicKeyTemplate == NULL_PTR && ulPublicKeyAttributeCount > 0)
|| (pPrivateKeyTemplate == NULL_PTR && ulPrivateKeyAttributeCount > 0))
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pMechanism == NULL_PTR
|| (pPublicKeyTemplate == NULL_PTR && ulPublicKeyAttributeCount > 0)
|| (pPrivateKeyTemplate == NULL_PTR && ulPrivateKeyAttributeCount > 0)) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
dump_template(SC_LOG_DEBUG_NORMAL, "C_GenerateKeyPair(), PrivKey attrs", pPrivateKeyTemplate, ulPrivateKeyAttributeCount);
dump_template(SC_LOG_DEBUG_NORMAL, "C_GenerateKeyPair(), PubKey attrs", pPublicKeyTemplate, ulPublicKeyAttributeCount);
@ -1058,14 +1042,13 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_object *object;
if (pMechanism == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pMechanism == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = get_object_from_session(hSession, hKey, &session, &object);
if (rv != CKR_OK) {

51
src/pkcs11/pkcs11-session.c
View File

@ -44,22 +44,18 @@ CK_RV C_OpenSession(CK_SLOT_ID slotID, /* the slot's ID */
struct sc_pkcs11_slot *slot;
struct sc_pkcs11_session *session;
if (!(flags & CKF_SERIAL_SESSION))
return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION))
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_OpenSession(0x%lx)", slotID);
if (!(flags & CKF_SERIAL_SESSION)) {
rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
goto out;
}
if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION)) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
rv = slot_get_token(slotID, &slot);
if (rv != CKR_OK)
goto out;
@ -177,15 +173,14 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_slot *slot;
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(0x%lx)", hSession);
if (pInfo == NULL_PTR)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pInfo == NULL_PTR) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "C_GetSessionInfo(0x%lx)", hSession);
session = list_seek(&sessions, &hSession);
if (!session) {
@ -240,15 +235,13 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_session *session;
struct sc_pkcs11_slot *slot;
if (pPin == NULL_PTR && ulPinLen > 0)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pPin == NULL_PTR && ulPinLen > 0) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
if (userType != CKU_USER && userType != CKU_SO && userType != CKU_CONTEXT_SPECIFIC) {
rv = CKR_USER_TYPE_INVALID;
goto out;
@ -330,15 +323,13 @@ CK_RV C_InitPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
struct sc_pkcs11_session *session;
struct sc_pkcs11_slot *slot;
if (pPin == NULL_PTR && ulPinLen > 0)
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if (pPin == NULL_PTR && ulPinLen > 0) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
session = list_seek(&sessions, &hSession);
if (!session) {
rv = CKR_SESSION_HANDLE_INVALID;
@ -370,16 +361,14 @@ CK_RV C_SetPIN(CK_SESSION_HANDLE hSession,
struct sc_pkcs11_session *session;
struct sc_pkcs11_slot *slot;
if ((pOldPin == NULL_PTR && ulOldLen > 0)
|| (pNewPin == NULL_PTR && ulNewLen > 0))
return CKR_ARGUMENTS_BAD;
rv = sc_pkcs11_lock();
if (rv != CKR_OK)
return rv;
if ((pOldPin == NULL_PTR && ulOldLen > 0)
|| (pNewPin == NULL_PTR && ulNewLen > 0)) {
rv = CKR_ARGUMENTS_BAD;
goto out;
}
session = list_seek(&sessions, &hSession);
if (!session) {
rv = CKR_SESSION_HANDLE_INVALID;