Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve URI management #230

Merged
merged 7 commits into from
Apr 19, 2023
Merged

Improve URI management #230

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
21abcde
Correct printf formatting errors found by Coverity
simo5 Apr 19, 2023
685ad8e
Rework the URI parsing code to be more modular
simo5 Apr 17, 2023
743cbfe
Check by attribute len for validity of attribute
simo5 Apr 18, 2023
d58bade
Spit a URI when showing keys with openssl storeutl
simo5 Apr 18, 2023
06914ce
Add URI filtering by slot attributes
simo5 Apr 18, 2023
1c07f7e
Simplify helper output management
simo5 Apr 19, 2023
d4b4ad7
Add some basic tests around URIs
simo5 Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 9 additions & 18 deletions src/encoder.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ static int p11prov_rsa_encoder_encode_text(void *inctx, OSSL_CORE_BIO *cbio,
P11PROV_OBJ *key = (P11PROV_OBJ *)inkey;
CK_KEY_TYPE type;
CK_ULONG keysize;
CK_ATTRIBUTE *a;
char *uri = NULL;
BIO *out;
int ret;

Expand Down Expand Up @@ -137,14 +137,9 @@ static int p11prov_rsa_encoder_encode_text(void *inctx, OSSL_CORE_BIO *cbio,
}
}

a = p11prov_obj_get_attr(key, CKA_ID);
if (a) {
BIO_printf(out, "Key ID:\n");
ASN1_buf_print(out, a->pValue, a->ulValueLen, 4);
}
a = p11prov_obj_get_attr(key, CKA_LABEL);
if (a) {
BIO_printf(out, "Label: %*s\n", (int)a->ulValueLen, (char *)a->pValue);
uri = p11prov_key_to_uri(ctx->provctx, key);
if (uri) {
BIO_printf(out, "URI %s\n", uri);
}

BIO_free(out);
Expand Down Expand Up @@ -727,7 +722,7 @@ static int p11prov_ec_encoder_encode_text(void *inctx, OSSL_CORE_BIO *cbio,
P11PROV_OBJ *key = (P11PROV_OBJ *)inkey;
CK_KEY_TYPE type;
CK_ULONG keysize;
CK_ATTRIBUTE *a;
char *uri = NULL;
BIO *out;
int ret;

Expand Down Expand Up @@ -764,16 +759,12 @@ static int p11prov_ec_encoder_encode_text(void *inctx, OSSL_CORE_BIO *cbio,
}
}

a = p11prov_obj_get_attr(key, CKA_ID);
if (a) {
BIO_printf(out, "Key ID:\n");
ASN1_buf_print(out, a->pValue, a->ulValueLen, 4);
}
a = p11prov_obj_get_attr(key, CKA_LABEL);
if (a) {
BIO_printf(out, "Label: %*s\n", (int)a->ulValueLen, (char *)a->pValue);
uri = p11prov_key_to_uri(ctx->provctx, key);
if (uri) {
BIO_printf(out, "URI %s\n", uri);
}

OPENSSL_free(uri);
BIO_free(out);
return RET_OSSL_OK;
}
Expand Down
6 changes: 3 additions & 3 deletions src/objects.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -925,11 +925,11 @@ CK_RV p11prov_obj_find(P11PROV_CTX *provctx, P11PROV_SESSION *session,
/* nothing to find for us */
return CKR_OK;
}
if (id.type == CKA_ID) {
if (id.ulValueLen != 0) {
template[tsize] = id;
tsize++;
}
if (label.type == CKA_LABEL) {
if (label.ulValueLen != 0) {
template[tsize] = label;
tsize++;
}
Expand Down Expand Up @@ -1011,7 +1011,7 @@ static P11PROV_OBJ *find_associated_obj(P11PROV_CTX *provctx, P11PROV_OBJ *obj,
P11PROV_debug("Find associated object");

id = p11prov_obj_get_attr(obj, CKA_ID);
if (!id) {
if (!id || id->ulValueLen == 0) {
P11PROV_raise(provctx, CKR_GENERAL_ERROR, "No CKA_ID in source object");
goto done;
}
Expand Down
2 changes: 1 addition & 1 deletion src/provider.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1288,7 +1288,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in,
}

if (cfg[P11PROV_CFG_TOKEN_PIN] != NULL) {
ret = p11prov_get_pin(cfg[P11PROV_CFG_TOKEN_PIN], &ctx->pin);
ret = p11prov_get_pin(ctx, cfg[P11PROV_CFG_TOKEN_PIN], &ctx->pin);
if (ret != 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_IN_ERROR_STATE);
p11prov_ctx_free(ctx);
Expand Down
6 changes: 2 additions & 4 deletions src/provider.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,8 @@
#ifndef _PROVIDER_H
#define _PROVIDER_H

/* on macOS, snprintf and vsnprintf are in -D_XOPEN_SOURCE=600. This may be
* a bug in macOS' headers, or a deliberate choice because snprintf changed
* behavior with X/Open 6. */
#define _XOPEN_SOURCE 600
/* We need at least -D_XOPEN_SOURCE=700 for strnlen. */
#define _XOPEN_SOURCE 700
#include "config.h"

#include <stdbool.h>
Expand Down
9 changes: 4 additions & 5 deletions src/session.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -479,7 +479,7 @@ static CK_RV check_slot(P11PROV_CTX *ctx, P11PROV_SLOT *slot, P11PROV_URI *uri,
CK_MECHANISM_TYPE mechtype, bool rw)
{
CK_TOKEN_INFO *token;
CK_FLAGS slot_flags;
CK_SLOT_INFO *ck_slot;
CK_SLOT_ID slotid;
CK_RV ret;

Expand All @@ -488,8 +488,8 @@ static CK_RV check_slot(P11PROV_CTX *ctx, P11PROV_SLOT *slot, P11PROV_URI *uri,
P11PROV_debug("Checking Slot id=%lu, uri=%p, mechtype=%lx, rw=%s)", slotid,
uri, mechtype, rw ? "true" : "false");

slot_flags = p11prov_slot_get_slot_flags(slot);
if ((slot_flags & CKF_TOKEN_PRESENT) == 0) {
ck_slot = p11prov_slot_get_slot(slot);
if ((ck_slot->flags & CKF_TOKEN_PRESENT) == 0) {
return CKR_TOKEN_NOT_PRESENT;
}
token = p11prov_slot_get_token(slot);
Expand All @@ -500,8 +500,7 @@ static CK_RV check_slot(P11PROV_CTX *ctx, P11PROV_SLOT *slot, P11PROV_URI *uri,
return CKR_TOKEN_WRITE_PROTECTED;
}
if (uri) {
/* skip slots that do not match */
ret = p11prov_uri_match_token(uri, token);
ret = p11prov_uri_match_token(uri, slotid, ck_slot, token);
if (ret != CKR_OK) {
return ret;
}
Expand Down
14 changes: 12 additions & 2 deletions src/slot.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,16 @@ P11PROV_SLOT *p11prov_fetch_slot(P11PROV_SLOTS_CTX *sctx, int *idx)
return sctx->slots[i];
}

P11PROV_SLOT *p11prov_get_slot_by_id(P11PROV_SLOTS_CTX *sctx, CK_SLOT_ID id)
{
for (int s = 0; s < sctx->num; s++) {
if (sctx->slots[s]->id == id) {
return sctx->slots[s];
}
}
return NULL;
}

int p11prov_slot_get_mechanisms(P11PROV_SLOT *slot, CK_MECHANISM_TYPE **mechs)
{
if (!slot) {
Expand Down Expand Up @@ -453,9 +463,9 @@ CK_SLOT_ID p11prov_slot_get_slot_id(P11PROV_SLOT *slot)
return slot->id;
}

CK_FLAGS p11prov_slot_get_slot_flags(P11PROV_SLOT *slot)
CK_SLOT_INFO *p11prov_slot_get_slot(P11PROV_SLOT *slot)
{
return slot->slot.flags;
return &slot->slot;
}

CK_TOKEN_INFO *p11prov_slot_get_token(P11PROV_SLOT *slot)
Expand Down
3 changes: 2 additions & 1 deletion src/slot.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,14 @@ void p11prov_slot_fork_reset(P11PROV_SLOTS_CTX *sctx);
CK_RV p11prov_take_slots(P11PROV_CTX *ctx, P11PROV_SLOTS_CTX **slots);
void p11prov_return_slots(P11PROV_SLOTS_CTX *slots);
P11PROV_SLOT *p11prov_fetch_slot(P11PROV_SLOTS_CTX *sctx, int *idx);
P11PROV_SLOT *p11prov_get_slot_by_id(P11PROV_SLOTS_CTX *sctx, CK_SLOT_ID id);
int p11prov_slot_get_mechanisms(P11PROV_SLOT *slot, CK_MECHANISM_TYPE **mechs);
int p11prov_check_mechanism(P11PROV_CTX *ctx, CK_SLOT_ID id,
CK_MECHANISM_TYPE mechtype);
CK_RV p11prov_slot_get_obj_pool(P11PROV_CTX *provctx, CK_SLOT_ID id,
P11PROV_OBJ_POOL **pool);
CK_SLOT_ID p11prov_slot_get_slot_id(P11PROV_SLOT *slot);
CK_FLAGS p11prov_slot_get_slot_flags(P11PROV_SLOT *slot);
CK_SLOT_INFO *p11prov_slot_get_slot(P11PROV_SLOT *slot);
CK_TOKEN_INFO *p11prov_slot_get_token(P11PROV_SLOT *slot);
const char *p11prov_slot_get_login_info(P11PROV_SLOT *slot);
const char *p11prov_slot_get_bad_pin(P11PROV_SLOT *slot);
Expand Down
Loading