From 4935de246254df236caf8487d15028d05ad88d94 Mon Sep 17 00:00:00 2001 From: Per Nilsson Date: Fri, 27 Jan 2023 10:09:11 +0100 Subject: [PATCH] Fix type of id (#312) --- pkcs11/util_pkcs11.c | 17 ++++------------- pkcs11/util_pkcs11.h | 4 ++-- pkcs11/yubihsm_pkcs11.c | 24 ++++++++---------------- 3 files changed, 14 insertions(+), 31 deletions(-) diff --git a/pkcs11/util_pkcs11.c b/pkcs11/util_pkcs11.c index 5834a5bd..db5f83ca 100644 --- a/pkcs11/util_pkcs11.c +++ b/pkcs11/util_pkcs11.c @@ -4294,7 +4294,7 @@ CK_RV parse_hmac_template(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, } CK_RV parse_meta_id_template(pkcs11_meta_object *pkcs11meta, bool pubkey, - int *id, uint8_t *value, size_t value_len) { + uint16_t *id, uint8_t *value, size_t value_len) { if (value_len != 2) { if (pubkey) { pkcs11meta->cka_id_pubkey.len = value_len; @@ -4307,10 +4307,6 @@ CK_RV parse_meta_id_template(pkcs11_meta_object *pkcs11meta, bool pubkey, } else { if (!pubkey) { *id = parse_id_value(value, value_len); - if (*id == -1) { - DBG_ERR("CKA_ID invalid in template"); - return CKR_ATTRIBUTE_VALUE_INVALID; - } } } @@ -4343,7 +4339,6 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, uint8_t *e = NULL; CK_RV rv; - int id = 0; memset(template->label, 0, sizeof(template->label)); for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++) { @@ -4482,14 +4477,13 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, break; case CKA_ID: { - rv = parse_meta_id_template(pkcs11meta, false, &id, + rv = parse_meta_id_template(pkcs11meta, false, &template->id, pPrivateKeyTemplate[i].pValue, pPrivateKeyTemplate[i].ulValueLen); if (rv != CKR_OK) { DBG_ERR("Failed to parse CKA_ID in PrivateKeyTemplate"); return rv; } - template->id = id; } break; case CKA_DECRYPT: @@ -4572,7 +4566,7 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, return CKR_OK; } -int parse_id_value(void *value, CK_ULONG len) { +uint16_t parse_id_value(void *value, CK_ULONG len) { switch (len) { case 0: return 0; @@ -4596,7 +4590,6 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, uint8_t *ecparams = NULL; uint16_t ecparams_len = 0; CK_RV rv; - int id; memset(template->label, 0, sizeof(template->label)); for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++) { @@ -4701,15 +4694,13 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, break; case CKA_ID: { - rv = parse_meta_id_template(pkcs11meta, false, &id, + rv = parse_meta_id_template(pkcs11meta, false, &template->id, pPrivateKeyTemplate[i].pValue, pPrivateKeyTemplate[i].ulValueLen); if (rv != CKR_OK) { DBG_ERR("Failed to parse CKA_ID in PrivateKeyTemplate"); return rv; } - template->id = id; - } break; case CKA_SIGN: diff --git a/pkcs11/util_pkcs11.h b/pkcs11/util_pkcs11.h index d8026e57..5a91ee34 100644 --- a/pkcs11/util_pkcs11.h +++ b/pkcs11/util_pkcs11.h @@ -151,7 +151,7 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, yubihsm_pkcs11_object_template *template, pkcs11_meta_object *pkcs11meta); -int parse_id_value(void *value, CK_ULONG len); +uint16_t parse_id_value(void *value, CK_ULONG len); CK_RV populate_template(int type, void *object, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, yubihsm_pkcs11_session *session); @@ -176,7 +176,7 @@ bool match_meta_attributes(yubihsm_pkcs11_session *session, bool is_meta_object(yh_object_descriptor *object); CK_RV parse_meta_id_template(pkcs11_meta_object *pkcs11meta, bool public, - int *id, uint8_t *value, size_t value_len); + uint16_t *id, uint8_t *value, size_t value_len); void parse_meta_label_template(yubihsm_pkcs11_object_template *template, pkcs11_meta_object *pkcs11meta, bool public, uint8_t *value, size_t value_len); diff --git a/pkcs11/yubihsm_pkcs11.c b/pkcs11/yubihsm_pkcs11.c index 48b3bf46..6f715e01 100644 --- a/pkcs11/yubihsm_pkcs11.c +++ b/pkcs11/yubihsm_pkcs11.c @@ -1383,10 +1383,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_CreateObject) id.d = 0; } else { id.d = parse_id_value(pTemplate[i].pValue, pTemplate[i].ulValueLen); - if (id.d == (CK_ULONG) -1) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto c_co_out; - } } id.set = true; } else { @@ -2200,7 +2196,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_SetAttributeValue) } } } else { - int new_id = + uint16_t new_id = parse_id_value(pTemplate[i].pValue, pTemplate[i].ulValueLen); if (pTemplate[i].ulValueLen != 2 || new_id != object->object.id) { if (object->object.type == YH_PUBLIC_KEY) { @@ -2360,7 +2356,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit) yh_rc rc = YHR_SUCCESS; - int id = 0; uint8_t type = 0; uint16_t domains = 0; yh_capabilities capabilities = {{0}}; @@ -2527,7 +2522,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit) yh_object_descriptor tmp_objects[YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS] = {0}; size_t tmp_n_objects = YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS; - rc = yh_util_list_objects(session->slot->device_session, id, 0, domains, + rc = yh_util_list_objects(session->slot->device_session, 0, 0, domains, &capabilities, algorithm, label, tmp_objects, &tmp_n_objects); if (rc != YHR_SUCCESS) { @@ -2563,7 +2558,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit) } else { yh_object_descriptor tmp_objects[YH_MAX_ITEMS_COUNT] = {0}; size_t tmp_n_objects = sizeof(tmp_objects); - rc = yh_util_list_objects(session->slot->device_session, id, + rc = yh_util_list_objects(session->slot->device_session, 0, YH_OPAQUE, domains, &capabilities, YH_ALGO_OPAQUE_X509_CERTIFICATE, label, tmp_objects, &tmp_n_objects); @@ -2599,7 +2594,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit) yh_object_descriptor tmp_objects[YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS] = {0}; size_t tmp_n_objects = YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS; - rc = yh_util_list_objects(session->slot->device_session, id, type, + rc = yh_util_list_objects(session->slot->device_session, 0, type, domains, &capabilities, algorithm, label, tmp_objects, &tmp_n_objects); @@ -2636,12 +2631,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit) } } - id = parse_id_value(template_id, template_id_len); - if (id == -1) { - DBG_ERR("Failed to parse ID from template"); - rv = CKR_ATTRIBUTE_VALUE_INVALID; - goto c_foi_out; - } + uint16_t id = parse_id_value(template_id, template_id_len); DBG_INFO("id parsed as %x", id); if (ulCount == 0 || @@ -4948,12 +4938,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_GenerateKey) case CKA_ID: if (id.set == false) { - rv = parse_meta_id_template(&meta_object, FALSE, (int *) &id.d, + uint16_t d; + rv = parse_meta_id_template(&meta_object, FALSE, &d, pTemplate[i].pValue, pTemplate[i].ulValueLen); if (rv != CKR_OK) { goto c_gk_out; } + id.d = d; id.set = true; } else { rv = CKR_TEMPLATE_INCONSISTENT; diff --git a/pkcs11/util_pkcs11.c b/pkcs11/util_pkcs11.c index db5f83c..caa467f 100644 --- a/pkcs11/util_pkcs11.c +++ b/pkcs11/util_pkcs11.c @@ -2720,7 +2720,7 @@ static CK_RV perform_aes_update(yh_session *session, return rv; } - DBG_INFO("Returning %lu bytes (buffered %lu bytes)", size, next); + DBG_INFO("Returning %zu bytes (buffered %zu bytes)", size, next); *out_len = size; return CKR_OK;