From: Nikos Mavrogiannopoulos Date: Mon, 9 Dec 2013 22:25:09 +0000 (+0100) Subject: ensure that all the exported pkcs11 functions initialize PKCS #11. X-Git-Tag: gnutls_3_3_0pre0~479 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d4a3bdf7b5e603c76e56e2ee65339fc5a09a13d2;p=thirdparty%2Fgnutls.git ensure that all the exported pkcs11 functions initialize PKCS #11. --- diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 00fa871f58..1a7471bb47 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -212,8 +212,7 @@ pkcs11_add_module(const char* name, struct ck_function_list *module) return 0; } -static int -pkcs11_check_init(void) +int _gnutls_pkcs11_check_init(void) { int ret; @@ -942,11 +941,6 @@ pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot, unsigned long nslots; ck_slot_id_t slots[MAX_SLOTS]; - /* make sure that modules are initialized */ - ret = pkcs11_check_init(); - if (ret < 0) - return gnutls_assert_val(ret); - for (x = 0; x < active_providers; x++) { if (providers[x].active == 0) continue; @@ -1009,7 +1003,7 @@ pkcs11_open_session(struct pkcs11_session_info *sinfo, struct ck_function_list *module; ck_slot_id_t slot; struct token_info tinfo; - + ret = pkcs11_find_slot(&module, &slot, info, &tinfo); if (ret < 0) { gnutls_assert(); @@ -1059,11 +1053,6 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input, unsigned long nslots; ck_slot_id_t slots[MAX_SLOTS]; - /* make sure that modules are initialized */ - ret = pkcs11_check_init(); - if (ret < 0) - return gnutls_assert_val(ret); - for (x = 0; x < active_providers; x++) { if (providers[x].active == 0) continue; @@ -1651,6 +1640,8 @@ gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, const char *url, int ret; struct url_find_data_st find_data; + PKCS11_CHECK_INIT; + /* fill in the find data structure */ find_data.crt = obj; @@ -1728,6 +1719,8 @@ gnutls_pkcs11_token_get_url(unsigned int seq, int ret; struct token_num tn; + PKCS11_CHECK_INIT; + memset(&tn, 0, sizeof(tn)); tn.seq = seq; tn.info = p11_kit_uri_new(); @@ -2582,6 +2575,8 @@ gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list, int ret; struct crt_find_data_st priv; + PKCS11_CHECK_INIT; + memset(&priv, 0, sizeof(priv)); /* fill in the find data structure */ @@ -2842,6 +2837,8 @@ int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags) struct flags_find_data_st find_data; int ret; + PKCS11_CHECK_INIT; + memset(&find_data, 0, sizeof(find_data)); ret = pkcs11_url_to_info(url, &find_data.info); if (ret < 0) { @@ -2893,6 +2890,8 @@ gnutls_pkcs11_token_get_mechanism(const char *url, unsigned int idx, struct p11_kit_uri *info = NULL; unsigned long count; ck_mechanism_type_t mlist[400]; + + PKCS11_CHECK_INIT; ret = pkcs11_url_to_info(url, &info); if (ret < 0) { @@ -3135,6 +3134,8 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, size_t id_size; struct p11_kit_uri *info = NULL; + PKCS11_CHECK_INIT; + memset(&priv, 0, sizeof(priv)); if (url == NULL || url[0] == 0) { diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 78e64c335d..d05a272722 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -34,7 +34,6 @@ #include typedef unsigned char ck_bool_t; - struct pkcs11_session_info { struct ck_function_list *module; struct ck_token_info tinfo; @@ -62,6 +61,15 @@ struct gnutls_pkcs11_obj_st { struct pin_info_st pin; }; +/* This must be called on every function that uses a PKCS #11 function + * directly */ +int _gnutls_pkcs11_check_init(void); + +#define PKCS11_CHECK_INIT \ + ret = _gnutls_pkcs11_check_init(); \ + if (ret < 0) \ + return gnutls_assert_val(ret) + /* thus function is called for every token in the traverse_tokens * function. Once everything is traversed it is called with NULL tinfo. * It should return 0 if found what it was looking for. diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index e5eeb82fb5..eaec7e1683 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -218,6 +218,8 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, struct pkcs11_session_info *sinfo; ck_object_handle_t obj; + PKCS11_CHECK_INIT; + if (key->sinfo.init != 0) { sinfo = &key->sinfo; obj = key->obj; @@ -322,6 +324,8 @@ int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key) struct pkcs11_session_info *sinfo; ck_object_handle_t obj; struct ck_session_info session_info; + + PKCS11_CHECK_INIT; if (key->sinfo.init != 0) { sinfo = &key->sinfo; @@ -371,6 +375,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, ck_key_type_t key_type; struct pkcs11_session_info sinfo; + PKCS11_CHECK_INIT; + memset(&sinfo, 0, sizeof(sinfo)); ret = pkcs11_url_to_info(url, &pkey->info); @@ -461,6 +467,8 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, struct pkcs11_session_info _sinfo; struct pkcs11_session_info *sinfo; + PKCS11_CHECK_INIT; + if (key->sinfo.init != 0) { sinfo = &key->sinfo; obj = key->obj; @@ -614,6 +622,8 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, gnutls_pubkey_t pkey = NULL; gnutls_pkcs11_obj_t obj = NULL; + PKCS11_CHECK_INIT; + memset(&sinfo, 0, sizeof(sinfo)); ret = pkcs11_url_to_info(url, &info); diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c index 3d01912420..8e75ed1d2c 100644 --- a/lib/pkcs11_secret.c +++ b/lib/pkcs11_secret.c @@ -60,6 +60,8 @@ gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key, int a_val; uint8_t id[16]; struct pkcs11_session_info sinfo; + + PKCS11_CHECK_INIT; memset(&sinfo, 0, sizeof(sinfo)); diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 9a9bd3cdfe..0172c74096 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -61,6 +61,8 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, ck_object_handle_t obj; int a_val; struct pkcs11_session_info sinfo; + + PKCS11_CHECK_INIT; memset(&sinfo, 0, sizeof(sinfo)); @@ -229,6 +231,8 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url, gnutls_datum_t m, e, d, u, exp1, exp2; struct pkcs11_session_info sinfo; + PKCS11_CHECK_INIT; + memset(&sinfo, 0, sizeof(sinfo)); memset(&p, 0, sizeof(p)); @@ -634,6 +638,8 @@ int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags) int ret; struct delete_data_st find_data; + PKCS11_CHECK_INIT; + memset(&find_data, 0, sizeof(find_data)); ret = pkcs11_url_to_info(object_url, &find_data.info); @@ -682,6 +688,8 @@ gnutls_pkcs11_token_init(const char *token_url, ck_slot_id_t slot; char flabel[32]; + PKCS11_CHECK_INIT; + ret = pkcs11_url_to_info(token_url, &info); if (ret < 0) { gnutls_assert(); @@ -738,6 +746,8 @@ gnutls_pkcs11_token_set_pin(const char *token_url, unsigned int ses_flags; struct pkcs11_session_info sinfo; + PKCS11_CHECK_INIT; + memset(&sinfo, 0, sizeof(sinfo)); ret = pkcs11_url_to_info(token_url, &info); @@ -813,6 +823,8 @@ gnutls_pkcs11_token_get_random(const char *token_url, ck_rv_t rv; struct pkcs11_session_info sinfo; + PKCS11_CHECK_INIT; + memset(&sinfo, 0, sizeof(sinfo)); ret = pkcs11_url_to_info(token_url, &info);