[pkg-opensc-commit] [pkcs11-helper] 53/253: Major workout of conventions
Eric Dorland
eric at moszumanska.debian.org
Fri Jan 6 23:39:03 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pkcs11-helper.
commit b034eaad7691e4333784a180a386da1643255075
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date: Sat Dec 23 18:49:42 2006 +0000
Major workout of conventions
---
lib/_pkcs11h-certificate.h | 2 +-
lib/_pkcs11h-core.h | 80 +-
lib/_pkcs11h-crypto.h | 2 +-
lib/_pkcs11h-session.h | 24 +-
lib/_pkcs11h-sys.h | 2 +-
lib/_pkcs11h-threading.h | 42 +-
lib/common.h | 2 +-
lib/pkcs11h-certificate.c | 1923 +++++++++++++++++++++++--------------------
lib/pkcs11h-core.c | 629 +++++++-------
lib/pkcs11h-crypto.c | 246 +++---
lib/pkcs11h-data.c | 446 +++++-----
lib/pkcs11h-mem.c | 37 +-
lib/pkcs11h-openssl.c | 497 ++++++-----
lib/pkcs11h-serialization.c | 283 ++++---
lib/pkcs11h-session.c | 705 ++++++++--------
lib/pkcs11h-slotevent.c | 296 +++----
lib/pkcs11h-sys.c | 6 +-
lib/pkcs11h-threading.c | 237 +++---
lib/pkcs11h-token.c | 411 ++++-----
lib/pkcs11h-util.c | 46 +-
20 files changed, 3028 insertions(+), 2888 deletions(-)
diff --git a/lib/_pkcs11h-certificate.h b/lib/_pkcs11h-certificate.h
index 53f8266..c472217 100644
--- a/lib/_pkcs11h-certificate.h
+++ b/lib/_pkcs11h-certificate.h
@@ -86,7 +86,7 @@ _pkcs11h_certificate_resetSession (
CK_RV
_pkcs11h_certificate_enumSessionCertificates (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN void * const user_data,
IN const unsigned mask_prompt
);
diff --git a/lib/_pkcs11h-core.h b/lib/_pkcs11h-core.h
index 2db9410..051614a 100644
--- a/lib/_pkcs11h-core.h
+++ b/lib/_pkcs11h-core.h
@@ -62,52 +62,52 @@
#include <unistd.h>
#endif
-#define PKCS11H_INVALID_SLOT_ID ((CK_SLOT_ID)-1)
-#define PKCS11H_INVALID_SESSION_HANDLE ((CK_SESSION_HANDLE)-1)
-#define PKCS11H_INVALID_OBJECT_HANDLE ((CK_OBJECT_HANDLE)-1)
+#define _PKCS11H_INVALID_SLOT_ID ((CK_SLOT_ID)-1)
+#define _PKCS11H_INVALID_SESSION_HANDLE ((CK_SESSION_HANDLE)-1)
+#define _PKCS11H_INVALID_OBJECT_HANDLE ((CK_OBJECT_HANDLE)-1)
-#define PKCS11H_DEFAULT_SLOTEVENT_POLL 5000
-#define PKCS11H_DEFAULT_MAX_LOGIN_RETRY 3
-#define PKCS11H_DEFAULT_PIN_CACHE_PERIOD PKCS11H_PIN_CACHE_INFINITE
+#define _PKCS11H_DEFAULT_SLOTEVENT_POLL 5000
+#define _PKCS11H_DEFAULT_MAX_LOGIN_RETRY 3
+#define _PKCS11H_DEFAULT_PIN_CACHE_PERIOD PKCS11H_PIN_CACHE_INFINITE
/*===========================================
* Macros
*/
-#define PKCS11H_MSG_LEVEL_TEST(flags) (((unsigned int)flags) <= g_pkcs11h_loglevel)
+#define __PKCS11H_MSG_LEVEL_TEST(flags) (((unsigned int)flags) <= _g_pkcs11h_loglevel)
#if defined(HAVE_CPP_VARARG_MACRO_ISO) && !defined(__LCLINT__)
-# define PKCS11H_LOG(flags, ...) do { if (PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE)
+# define _PKCS11H_LOG(flags, ...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE)
# ifdef ENABLE_PKCS11H_DEBUG
-# define PKCS11H_DEBUG(flags, ...) do { if (PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE)
+# define _PKCS11H_DEBUG(flags, ...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE)
# else
-# define PKCS11H_DEBUG(flags, ...)
+# define _PKCS11H_DEBUG(flags, ...)
# endif
#elif defined(HAVE_CPP_VARARG_MACRO_GCC) && !defined(__LCLINT__)
-# define PKCS11H_LOG(flags, args...) do { if (PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE)
+# define _PKCS11H_LOG(flags, args...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE)
# ifdef ENABLE_PKCS11H_DEBUG
-# define PKCS11H_DEBUG(flags, args...) do { if (PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE)
+# define _PKCS11H_DEBUG(flags, args...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE)
# else
-# define PKCS11H_DEBUG(flags, args...)
+# define _PKCS11H_DEBUG(flags, args...)
# endif
#else
-# define PKCS11H_LOG _pkcs11h_log
-# define PKCS11H_DEBUG _pkcs11h_log
+# define _PKCS11H_LOG _pkcs11h_log
+# define _PKCS11H_DEBUG _pkcs11h_log
#endif
/*===========================================
* Types
*/
-struct pkcs11h_provider_s;
-struct pkcs11h_session_s;
-struct pkcs11h_data_s;
-typedef struct pkcs11h_provider_s *pkcs11h_provider_t;
-typedef struct pkcs11h_session_s *pkcs11h_session_t;
-typedef struct pkcs11h_data_s *pkcs11h_data_t;
+struct _pkcs11h_provider_s;
+struct _pkcs11h_session_s;
+struct _pkcs11h_data_s;
+typedef struct _pkcs11h_provider_s *_pkcs11h_provider_t;
+typedef struct _pkcs11h_session_s *_pkcs11h_session_t;
+typedef struct _pkcs11h_data_s *_pkcs11h_data_t;
-struct pkcs11h_provider_s {
- pkcs11h_provider_t next;
+struct _pkcs11h_provider_s {
+ _pkcs11h_provider_t next;
PKCS11H_BOOL enabled;
char reference[1024];
@@ -129,17 +129,17 @@ struct pkcs11h_provider_s {
unsigned slot_poll_interval;
#if defined(ENABLE_PKCS11H_SLOTEVENT)
- pkcs11h_thread_t slotevent_thread;
+ _pkcs11h_thread_t slotevent_thread;
#endif
};
-struct pkcs11h_session_s {
- pkcs11h_session_t next;
+struct _pkcs11h_session_s {
+ _pkcs11h_session_t next;
int reference_count;
PKCS11H_BOOL valid;
- pkcs11h_provider_t provider;
+ _pkcs11h_provider_t provider;
pkcs11h_token_id_t token_id;
@@ -155,7 +155,7 @@ struct pkcs11h_session_s {
#endif
#if defined(ENABLE_PKCS11H_THREADING)
- pkcs11h_mutex_t mutex;
+ _pkcs11h_mutex_t mutex;
#endif
};
@@ -169,13 +169,13 @@ struct pkcs11h_certificate_s {
unsigned mask_private_mode;
- pkcs11h_session_t session;
+ _pkcs11h_session_t session;
CK_OBJECT_HANDLE key_handle;
PKCS11H_BOOL operation_active;
#if defined(ENABLE_PKCS11H_THREADING)
- pkcs11h_mutex_t mutex;
+ _pkcs11h_mutex_t mutex;
#endif
unsigned mask_prompt;
@@ -184,12 +184,12 @@ struct pkcs11h_certificate_s {
#endif /* ENABLE_PKCS11H_CERTIFICATE */
-struct pkcs11h_data_s {
+struct _pkcs11h_data_s {
PKCS11H_BOOL initialized;
int pin_cache_period;
- pkcs11h_provider_t providers;
- pkcs11h_session_t sessions;
+ _pkcs11h_provider_t providers;
+ _pkcs11h_session_t sessions;
struct {
void * log_data;
@@ -207,9 +207,9 @@ struct pkcs11h_data_s {
#if defined(ENABLE_PKCS11H_THREADING)
struct {
- pkcs11h_mutex_t global;
- pkcs11h_mutex_t session;
- pkcs11h_mutex_t cache;
+ _pkcs11h_mutex_t global;
+ _pkcs11h_mutex_t session;
+ _pkcs11h_mutex_t cache;
} mutexes;
#if !defined(_WIN32)
PKCS11H_BOOL safefork;
@@ -221,8 +221,8 @@ struct pkcs11h_data_s {
PKCS11H_BOOL initialized;
PKCS11H_BOOL should_terminate;
PKCS11H_BOOL skip_event;
- pkcs11h_cond_t cond_event;
- pkcs11h_thread_t thread;
+ _pkcs11h_cond_t cond_event;
+ _pkcs11h_thread_t thread;
} slotevent;
#endif
};
@@ -238,7 +238,7 @@ _pkcs11h_log (
#endif
;
-extern pkcs11h_data_t g_pkcs11h_data;
-extern unsigned int g_pkcs11h_loglevel;
+extern _pkcs11h_data_t _g_pkcs11h_data;
+extern unsigned int _g_pkcs11h_loglevel;
#endif
diff --git a/lib/_pkcs11h-crypto.h b/lib/_pkcs11h-crypto.h
index ccbb046..db3f3f3 100644
--- a/lib/_pkcs11h-crypto.h
+++ b/lib/_pkcs11h-crypto.h
@@ -56,7 +56,7 @@
#include <pkcs11-helper-1.0/pkcs11h-engines.h>
-extern pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine;
+extern pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine;
#endif
diff --git a/lib/_pkcs11h-session.h b/lib/_pkcs11h-session.h
index 5fe8808..2cbee9d 100644
--- a/lib/_pkcs11h-session.h
+++ b/lib/_pkcs11h-session.h
@@ -57,7 +57,7 @@
CK_RV
_pkcs11h_session_getSlotList (
- IN const pkcs11h_provider_t provider,
+ IN const _pkcs11h_provider_t provider,
IN const CK_BBOOL token_present,
OUT CK_SLOT_ID_PTR * const pSlotList,
OUT CK_ULONG_PTR pulCount
@@ -65,7 +65,7 @@ _pkcs11h_session_getSlotList (
CK_RV
_pkcs11h_session_getObjectAttributes (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const CK_OBJECT_HANDLE object,
IN OUT const CK_ATTRIBUTE_PTR attrs,
IN const unsigned count
@@ -79,7 +79,7 @@ _pkcs11h_session_freeObjectAttributes (
CK_RV
_pkcs11h_session_findObjects (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const CK_ATTRIBUTE * const filter,
IN const CK_ULONG filter_attrs,
OUT CK_OBJECT_HANDLE **const p_objects,
@@ -89,17 +89,17 @@ _pkcs11h_session_findObjects (
CK_RV
_pkcs11h_session_getSessionByTokenId (
IN const pkcs11h_token_id_t token_id,
- OUT pkcs11h_session_t * const p_session
+ OUT _pkcs11h_session_t * const p_session
);
CK_RV
_pkcs11h_session_release (
- IN const pkcs11h_session_t session
+ IN const _pkcs11h_session_t session
);
CK_RV
_pkcs11h_session_reset (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN void * const user_data,
IN const unsigned mask_prompt,
OUT CK_SLOT_ID * const p_slot
@@ -107,7 +107,7 @@ _pkcs11h_session_reset (
CK_RV
_pkcs11h_session_getObjectById (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const CK_OBJECT_CLASS class,
IN const CK_BYTE_PTR id,
IN const size_t id_size,
@@ -116,17 +116,17 @@ _pkcs11h_session_getObjectById (
CK_RV
_pkcs11h_session_validate (
- IN const pkcs11h_session_t session
+ IN const _pkcs11h_session_t session
);
CK_RV
-_pkcs11h_session_touch (
- IN const pkcs11h_session_t session
+__pkcs11h_session_touch (
+ IN const _pkcs11h_session_t session
);
CK_RV
_pkcs11h_session_login (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const PKCS11H_BOOL public_only,
IN const PKCS11H_BOOL readonly,
IN void * const user_data,
@@ -135,7 +135,7 @@ _pkcs11h_session_login (
CK_RV
_pkcs11h_session_logout (
- IN const pkcs11h_session_t session
+ IN const _pkcs11h_session_t session
);
#endif
diff --git a/lib/_pkcs11h-sys.h b/lib/_pkcs11h-sys.h
index 251114b..dad3ffe 100644
--- a/lib/_pkcs11h-sys.h
+++ b/lib/_pkcs11h-sys.h
@@ -56,7 +56,7 @@
#include <pkcs11-helper-1.0/pkcs11h-engines.h>
-extern pkcs11h_engine_system_t g_pkcs11h_sys_engine;
+extern pkcs11h_engine_system_t _g_pkcs11h_sys_engine;
#endif
diff --git a/lib/_pkcs11h-threading.h b/lib/_pkcs11h-threading.h
index 1d3ffc9..131c75f 100644
--- a/lib/_pkcs11h-threading.h
+++ b/lib/_pkcs11h-threading.h
@@ -66,27 +66,21 @@
#if defined(_WIN32)
#define PKCS11H_THREAD_NULL NULL
-typedef HANDLE pkcs11h_cond_t;
-typedef HANDLE pkcs11h_mutex_t;
-typedef HANDLE pkcs11h_thread_t;
+typedef HANDLE _pkcs11h_cond_t;
+typedef HANDLE _pkcs11h_mutex_t;
+typedef HANDLE _pkcs11h_thread_t;
#else
#define PKCS11H_THREAD_NULL 0l
-typedef pthread_mutex_t pkcs11h_mutex_t;
-typedef pthread_t pkcs11h_thread_t;
+typedef pthread_mutex_t _pkcs11h_mutex_t;
+typedef pthread_t _pkcs11h_thread_t;
typedef struct {
pthread_cond_t cond;
pthread_mutex_t mut;
-} pkcs11h_cond_t;
-
-typedef struct __pkcs11h_threading_mutex_entry_s {
- struct __pkcs11h_threading_mutex_entry_s *next;
- pkcs11h_mutex_t *p_mutex;
- PKCS11H_BOOL locked;
-} *__pkcs11h_threading_mutex_entry_t;
+} _pkcs11h_cond_t;
#endif
-typedef void * (*pkcs11h_thread_start_t)(void *);
+typedef void * (*_pkcs11h_thread_start_t)(void *);
void
_pkcs11h_threading_sleep (
@@ -95,55 +89,55 @@ _pkcs11h_threading_sleep (
CK_RV
_pkcs11h_threading_mutexInit (
- OUT pkcs11h_mutex_t * const mutex
+ OUT _pkcs11h_mutex_t * const mutex
);
CK_RV
_pkcs11h_threading_mutexLock (
- IN OUT pkcs11h_mutex_t *const mutex
+ IN OUT _pkcs11h_mutex_t *const mutex
);
CK_RV
_pkcs11h_threading_mutexRelease (
- IN OUT pkcs11h_mutex_t *const mutex
+ IN OUT _pkcs11h_mutex_t *const mutex
);
CK_RV
_pkcs11h_threading_mutexFree (
- IN OUT pkcs11h_mutex_t *const mutex
+ IN OUT _pkcs11h_mutex_t *const mutex
);
CK_RV
_pkcs11h_threading_condSignal (
- IN OUT pkcs11h_cond_t *const cond
+ IN OUT _pkcs11h_cond_t *const cond
);
CK_RV
_pkcs11h_threading_condInit (
- OUT pkcs11h_cond_t * const cond
+ OUT _pkcs11h_cond_t * const cond
);
CK_RV
_pkcs11h_threading_condWait (
- IN OUT pkcs11h_cond_t *const cond,
+ IN OUT _pkcs11h_cond_t *const cond,
IN const unsigned milli
);
CK_RV
_pkcs11h_threading_condFree (
- IN OUT pkcs11h_cond_t *const cond
+ IN OUT _pkcs11h_cond_t *const cond
);
CK_RV
_pkcs11h_threading_threadStart (
- OUT pkcs11h_thread_t * const thread,
- IN pkcs11h_thread_start_t const start,
+ OUT _pkcs11h_thread_t * const thread,
+ IN _pkcs11h_thread_start_t const start,
IN void * data
);
CK_RV
_pkcs11h_threading_threadJoin (
- IN pkcs11h_thread_t * const thread
+ IN _pkcs11h_thread_t * const thread
);
#if !defined(_WIN32)
diff --git a/lib/common.h b/lib/common.h
index 41f61f9..76c1e8d 100644
--- a/lib/common.h
+++ b/lib/common.h
@@ -69,7 +69,7 @@
#include <windows.h>
#endif
-#define PKCS11H_ASSERT assert
+#define _PKCS11H_ASSERT assert
#endif
diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
index 13f7749..57b7baf 100644
--- a/lib/pkcs11h-certificate.c
+++ b/lib/pkcs11h-certificate.c
@@ -62,18 +62,18 @@
#include "_pkcs11h-token.h"
#include "_pkcs11h-certificate.h"
-enum _pkcs11h_private_op_e {
- _pkcs11h_private_op_sign=0,
- _pkcs11h_private_op_sign_recover,
- _pkcs11h_private_op_decrypt,
- _pkcs11h_private_op_unwrap
+enum __pkcs11h_private_op_e {
+ __pkcs11h_private_op_sign=0,
+ __pkcs11h_private_op_sign_recover,
+ __pkcs11h_private_op_decrypt,
+ __pkcs11h_private_op_unwrap
};
static
CK_RV
__pkcs11h_certificate_doPrivateOperation (
IN const pkcs11h_certificate_t certificate,
- IN const enum _pkcs11h_private_op_e op,
+ IN const enum __pkcs11h_private_op_e op,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
@@ -116,10 +116,10 @@ _pkcs11h_certificate_isBetterCertificate (
) {
PKCS11H_BOOL is_better = FALSE;
- /*PKCS11H_ASSERT (current!=NULL); NOT NEEDED */
- PKCS11H_ASSERT (newone!=NULL);
+ /*_PKCS11H_ASSERT (current!=NULL); NOT NEEDED */
+ _PKCS11H_ASSERT (newone!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_isBetterCertificate entry current=%p, current_size=%u, newone=%p, newone_size=%u",
current,
@@ -139,8 +139,8 @@ _pkcs11h_certificate_isBetterCertificate (
time_t notAfterCurrent, notAfterNew;
if (
- !g_pkcs11h_crypto_engine.certificate_get_expiration (
- g_pkcs11h_crypto_engine.global_data,
+ !_g_pkcs11h_crypto_engine.certificate_get_expiration (
+ _g_pkcs11h_crypto_engine.global_data,
current,
current_size,
¬AfterCurrent
@@ -150,8 +150,8 @@ _pkcs11h_certificate_isBetterCertificate (
}
if (
- !g_pkcs11h_crypto_engine.certificate_get_expiration (
- g_pkcs11h_crypto_engine.global_data,
+ !_g_pkcs11h_crypto_engine.certificate_get_expiration (
+ _g_pkcs11h_crypto_engine.global_data,
newone,
newone_size,
¬AfterNew
@@ -160,7 +160,7 @@ _pkcs11h_certificate_isBetterCertificate (
notAfterCurrent = (time_t)0;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_isBetterCertificate notAfterCurrent='%s', notAfterNew='%s'",
asctime (localtime (¬AfterCurrent)),
@@ -170,7 +170,7 @@ _pkcs11h_certificate_isBetterCertificate (
is_better = notAfterNew > notAfterCurrent;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_isBetterCertificate return is_better=%d",
is_better ? 1 : 0
@@ -183,11 +183,11 @@ CK_RV
_pkcs11h_certificate_newCertificateId (
OUT pkcs11h_certificate_id_t * const p_certificate_id
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (p_certificate_id!=NULL);
+ _PKCS11H_ASSERT (p_certificate_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_newCertificateId entry p_certificate_id=%p",
(void *)p_certificate_id
@@ -195,11 +195,20 @@ _pkcs11h_certificate_newCertificateId (
*p_certificate_id = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc ((void *)p_certificate_id, sizeof (struct pkcs11h_certificate_id_s));
+ if (
+ (rv = _pkcs11h_mem_malloc (
+ (void *)p_certificate_id,
+ sizeof (struct pkcs11h_certificate_id_s)
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_newCertificateId return rv=%lu-'%s', *p_certificate_id=%p",
rv,
@@ -230,60 +239,69 @@ __pkcs11h_certificate_loadCertificate (
CK_OBJECT_HANDLE *objects = NULL;
CK_ULONG objects_found = 0;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
CK_ULONG i;
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (certificate->id!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate->id!=NULL);
/* Must be after assert */
cert_filter[1].pValue = certificate->id->attrCKA_ID;
cert_filter[1].ulValueLen = certificate->id->attrCKA_ID_size;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_loadCertificate entry certificate=%p",
(void *)certificate
);
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (certificate->session);
+ if ((rv = _pkcs11h_session_validate (certificate->session)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
+ if (
+ (rv = _pkcs11h_session_findObjects (
certificate->session,
cert_filter,
sizeof (cert_filter) / sizeof (CK_ATTRIBUTE),
&objects,
&objects_found
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- for (i=0;rv == CKR_OK && i < objects_found;i++) {
+ for (i=0;i < objects_found;i++) {
CK_ATTRIBUTE attrs[] = {
{CKA_VALUE, NULL, 0}
};
if (
- rv == CKR_OK &&
(rv = _pkcs11h_session_getObjectAttributes (
certificate->session,
objects[i],
attrs,
sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- )) == CKR_OK
+ )) != CKR_OK
) {
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%lu-'%s'",
+ certificate->session->provider->manufacturerID,
+ objects[i],
+ rv,
+ pkcs11h_getMessage (rv)
+ );
+ }
+ else {
if (
_pkcs11h_certificate_isBetterCertificate (
certificate->id->certificate_blob,
@@ -305,27 +323,20 @@ __pkcs11h_certificate_loadCertificate (
}
}
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%lu-'%s'",
- certificate->session->provider->manufacturerID,
- objects[i],
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
-
_pkcs11h_session_freeObjectAttributes (
attrs,
sizeof (attrs) / sizeof (CK_ATTRIBUTE)
);
}
+
+ if (certificate->id->certificate_blob == NULL) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+ }
+
+ rv = CKR_OK;
+
+cleanup:
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
@@ -334,13 +345,6 @@ __pkcs11h_certificate_loadCertificate (
}
#endif
- if (
- rv == CKR_OK &&
- certificate->id->certificate_blob == NULL
- ) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- }
-
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
}
@@ -351,7 +355,7 @@ __pkcs11h_certificate_loadCertificate (
* should be free by caller.
*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_loadCertificate return rv=%lu-'%s'",
rv,
@@ -369,9 +373,9 @@ __pkcs11h_certificate_updateCertificateIdDescription (
static const char * separator = " on ";
static const char * unknown = "UNKNOWN";
- PKCS11H_ASSERT (certificate_id!=NULL);
+ _PKCS11H_ASSERT (certificate_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_updateCertificateIdDescription entry certificate_id=%p",
(void *)certificate_id
@@ -379,8 +383,8 @@ __pkcs11h_certificate_updateCertificateIdDescription (
if (
certificate_id->certificate_blob_size != 0 &&
- !g_pkcs11h_crypto_engine.certificate_get_dn (
- g_pkcs11h_crypto_engine.global_data,
+ !_g_pkcs11h_crypto_engine.certificate_get_dn (
+ _g_pkcs11h_crypto_engine.global_data,
certificate_id->certificate_blob,
certificate_id->certificate_blob_size,
certificate_id->displayName,
@@ -414,7 +418,7 @@ __pkcs11h_certificate_updateCertificateIdDescription (
);
certificate_id->displayName[sizeof (certificate_id->displayName) - 1] = '\0';
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_updateCertificateIdDescription return displayName='%s'",
certificate_id->displayName
@@ -431,31 +435,28 @@ __pkcs11h_certificate_getKeyAttributes (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_getKeyAttributes entry certificate=%p",
(void *)certificate
);
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
certificate->mask_private_mode = 0;
-
- while (rv == CKR_OK && !op_succeed) {
+ while (!op_succeed) {
CK_ATTRIBUTE key_attrs[] = {
{CKA_SIGN, NULL, 0},
{CKA_SIGN_RECOVER, NULL, 0},
@@ -466,39 +467,42 @@ __pkcs11h_certificate_getKeyAttributes (
/*
* Don't try invalid object
*/
- if (
- rv == CKR_OK &&
- certificate->key_handle == PKCS11H_INVALID_OBJECT_HANDLE
- ) {
+ if (certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) {
rv = CKR_OBJECT_HANDLE_INVALID;
+ goto retry;
}
- if (rv == CKR_OK) {
- if (certificate->session->provider->mask_private_mode != 0) {
- certificate->mask_private_mode = certificate->session->provider->mask_private_mode;
- op_succeed = TRUE;
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Key attributes enforced by provider (%08x)",
- certificate->mask_private_mode
- );
- }
- }
-
- if (rv == CKR_OK && !op_succeed) {
- rv = _pkcs11h_session_getObjectAttributes (
- certificate->session,
- certificate->key_handle,
- key_attrs,
- sizeof (key_attrs) / sizeof (CK_ATTRIBUTE)
+ if (certificate->session->provider->mask_private_mode != 0) {
+ certificate->mask_private_mode = certificate->session->provider->mask_private_mode;
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Key attributes enforced by provider (%08x)",
+ certificate->mask_private_mode
);
+
+ op_succeed = TRUE;
}
+ else {
+ CK_BBOOL *key_attrs_sign;
+ CK_BBOOL *key_attrs_sign_recover;
+ CK_BBOOL *key_attrs_decrypt;
+ CK_BBOOL *key_attrs_unwrap;
+
+ if (
+ (rv = _pkcs11h_session_getObjectAttributes (
+ certificate->session,
+ certificate->key_handle,
+ key_attrs,
+ sizeof (key_attrs) / sizeof (CK_ATTRIBUTE)
+ )) != CKR_OK
+ ) {
+ goto retry;
+ }
- if (rv == CKR_OK && !op_succeed) {
- CK_BBOOL *key_attrs_sign = (CK_BBOOL *)key_attrs[0].pValue;
- CK_BBOOL *key_attrs_sign_recover = (CK_BBOOL *)key_attrs[1].pValue;
- CK_BBOOL *key_attrs_decrypt = (CK_BBOOL *)key_attrs[2].pValue;
- CK_BBOOL *key_attrs_unwrap = (CK_BBOOL *)key_attrs[3].pValue;
+ key_attrs_sign = (CK_BBOOL *)key_attrs[0].pValue;
+ key_attrs_sign_recover = (CK_BBOOL *)key_attrs[1].pValue;
+ key_attrs_decrypt = (CK_BBOOL *)key_attrs[2].pValue;
+ key_attrs_unwrap = (CK_BBOOL *)key_attrs[3].pValue;
if (key_attrs_sign != NULL && *key_attrs_sign != CK_FALSE) {
certificate->mask_private_mode |= PKCS11H_PRIVATEMODE_MASK_SIGN;
@@ -514,25 +518,30 @@ __pkcs11h_certificate_getKeyAttributes (
}
if (certificate->mask_private_mode == 0) {
rv = CKR_KEY_TYPE_INCONSISTENT;
+ goto retry;
}
- PKCS11H_DEBUG (
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Key attributes loaded (%08x)",
certificate->mask_private_mode
);
+
+ op_succeed = TRUE;
}
+ rv = CKR_OK;
+
+ retry:
+
_pkcs11h_session_freeObjectAttributes (
key_attrs,
sizeof (key_attrs) / sizeof (CK_ATTRIBUTE)
);
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ if (!op_succeed) {
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Get private key attributes failed: %ld:'%s'",
rv,
@@ -547,9 +556,17 @@ __pkcs11h_certificate_getKeyAttributes (
login_retry = TRUE;
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&certificate->mutex);
@@ -557,7 +574,7 @@ __pkcs11h_certificate_getKeyAttributes (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_getKeyAttributes return rv=%lu-'%s'",
rv,
@@ -576,11 +593,11 @@ _pkcs11h_certificate_validateSession (
* certificate->mutex must be locked
* certificate->session->mutex must be locked
*/
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_validateSession entry certificate=%p",
(void *)certificate
@@ -588,19 +605,23 @@ _pkcs11h_certificate_validateSession (
if (certificate->session == NULL) {
rv = CKR_SESSION_HANDLE_INVALID;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (certificate->session);
+ if ((rv = _pkcs11h_session_validate (certificate->session)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- if (certificate->key_handle == PKCS11H_INVALID_OBJECT_HANDLE) {
- rv = CKR_OBJECT_HANDLE_INVALID;
- }
+ if (certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) {
+ rv = CKR_OBJECT_HANDLE_INVALID;
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_validateSession return rv=%lu-'%s'",
rv,
@@ -624,11 +645,11 @@ _pkcs11h_certificate_resetSession (
PKCS11H_BOOL mutex_locked = FALSE;
#endif
PKCS11H_BOOL is_key_valid = FALSE;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_resetSession entry certificate=%p, public_only=%d, session_mutex_locked=%d",
(void *)certificate,
@@ -636,24 +657,27 @@ _pkcs11h_certificate_resetSession (
session_mutex_locked ? 1 : 0
);
- if (rv == CKR_OK && certificate->session == NULL) {
- rv = _pkcs11h_session_getSessionByTokenId (certificate->id->token_id, &certificate->session);
+ if (certificate->session == NULL) {
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
+ certificate->id->token_id,
+ &certificate->session
+ )) != CKR_OK
+ ) {
+ goto cleanup;
+ }
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- !session_mutex_locked &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) == CKR_OK
- ) {
+ if (!session_mutex_locked) {
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
+ goto cleanup;
+ }
mutex_locked = TRUE;
}
#endif
- if (
- rv == CKR_OK &&
- !certificate->pin_cache_populated_to_session
- ) {
+ if (!certificate->pin_cache_populated_to_session) {
certificate->pin_cache_populated_to_session = TRUE;
if (certificate->pin_cache_period != PKCS11H_PIN_CACHE_INFINITE) {
@@ -669,7 +693,7 @@ _pkcs11h_certificate_resetSession (
}
else {
certificate->session->pin_expire_time = (
- g_pkcs11h_sys_engine.time () +
+ _g_pkcs11h_sys_engine.time () +
(time_t)certificate->pin_cache_period
);
certificate->session->pin_cache_period = certificate->pin_cache_period;
@@ -683,71 +707,75 @@ _pkcs11h_certificate_resetSession (
* try to fetch key handle,
* maybe the token is already logged in
*/
- if (rv == CKR_OK) {
- if (
- certificate->session->session_handle != PKCS11H_INVALID_SESSION_HANDLE &&
- certificate->key_handle == PKCS11H_INVALID_OBJECT_HANDLE
- ) {
- if (!public_only || certificate->session->provider->cert_is_private) {
- if (
- (rv = _pkcs11h_session_getObjectById (
- certificate->session,
- CKO_PRIVATE_KEY,
- certificate->id->attrCKA_ID,
- certificate->id->attrCKA_ID_size,
- &certificate->key_handle
- )) == CKR_OK
- ) {
- is_key_valid = TRUE;
- }
- else {
- /*
- * Ignore error
- */
- rv = CKR_OK;
- certificate->key_handle = PKCS11H_INVALID_OBJECT_HANDLE;
- }
+ if (
+ certificate->session->session_handle != _PKCS11H_INVALID_SESSION_HANDLE &&
+ certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE
+ ) {
+ if (!public_only || certificate->session->provider->cert_is_private) {
+ if (
+ (rv = _pkcs11h_session_getObjectById (
+ certificate->session,
+ CKO_PRIVATE_KEY,
+ certificate->id->attrCKA_ID,
+ certificate->id->attrCKA_ID_size,
+ &certificate->key_handle
+ )) == CKR_OK
+ ) {
+ is_key_valid = TRUE;
+ }
+ else {
+ certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
}
}
}
- if (
- !is_key_valid &&
- rv == CKR_OK &&
- (rv = _pkcs11h_session_login (
- certificate->session,
- public_only,
- TRUE,
- certificate->user_data,
- certificate->mask_prompt
- )) == CKR_OK
- ) {
- rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id);
+ if (!is_key_valid) {
+ if (
+ (rv = _pkcs11h_session_login (
+ certificate->session,
+ public_only,
+ TRUE,
+ certificate->user_data,
+ certificate->mask_prompt
+ )) != CKR_OK
+ ) {
+ goto cleanup;
+ }
+
+ if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id)) != CKR_OK) {
+ goto cleanup;
+ }
}
if (
!is_key_valid &&
- rv == CKR_OK &&
- !public_only &&
- (rv = _pkcs11h_session_getObjectById (
- certificate->session,
- CKO_PRIVATE_KEY,
- certificate->id->attrCKA_ID,
- certificate->id->attrCKA_ID_size,
- &certificate->key_handle
- )) == CKR_OK
+ !public_only
) {
- is_key_valid = TRUE;
+ if (
+ (rv = _pkcs11h_session_getObjectById (
+ certificate->session,
+ CKO_PRIVATE_KEY,
+ certificate->id->attrCKA_ID,
+ certificate->id->attrCKA_ID_size,
+ &certificate->key_handle
+ )) == CKR_OK
+ ) {
+ is_key_valid = TRUE;
+ }
}
if (
- rv == CKR_OK &&
!public_only &&
!is_key_valid
) {
rv = CKR_FUNCTION_REJECTED;
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&certificate->session->mutex);
@@ -755,7 +783,7 @@ _pkcs11h_certificate_resetSession (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_resetSession return rv=%lu-'%s'",
rv,
@@ -769,7 +797,7 @@ static
CK_RV
__pkcs11h_certificate_doPrivateOperation (
IN const pkcs11h_certificate_t certificate,
- IN const enum _pkcs11h_private_op_e op,
+ IN const enum __pkcs11h_private_op_e op,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
@@ -796,20 +824,20 @@ __pkcs11h_certificate_doPrivateOperation (
CK_ATTRIBUTE wrap_value[] = {
{CKA_VALUE, target, 0}
};
- CK_OBJECT_HANDLE wrap_key = PKCS11H_INVALID_OBJECT_HANDLE;
+ CK_OBJECT_HANDLE wrap_key = _PKCS11H_INVALID_OBJECT_HANDLE;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
PKCS11H_BOOL login_retry = FALSE;
PKCS11H_BOOL op_succeed = FALSE;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_doPrivateOperation entry certificate=%p, op=%d, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -826,43 +854,43 @@ __pkcs11h_certificate_doPrivateOperation (
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- while (rv == CKR_OK && !op_succeed) {
- if (rv == CKR_OK && !certificate->operation_active) {
- rv = _pkcs11h_certificate_validateSession (certificate);
- }
+ while (!op_succeed) {
+ CK_ULONG size;
+
+ if (!certificate->operation_active) {
+ if ((rv = _pkcs11h_certificate_validateSession (certificate)) != CKR_OK) {
+ goto retry;
+ }
- if (rv == CKR_OK && !certificate->operation_active) {
switch (op) {
- case _pkcs11h_private_op_sign:
+ case __pkcs11h_private_op_sign:
rv = certificate->session->provider->f->C_SignInit (
certificate->session->session_handle,
&mech,
certificate->key_handle
);
break;
- case _pkcs11h_private_op_sign_recover:
+ case __pkcs11h_private_op_sign_recover:
rv = certificate->session->provider->f->C_SignRecoverInit (
certificate->session->session_handle,
&mech,
certificate->key_handle
);
break;
- case _pkcs11h_private_op_decrypt:
+ case __pkcs11h_private_op_decrypt:
rv = certificate->session->provider->f->C_DecryptInit (
certificate->session->session_handle,
&mech,
certificate->key_handle
);
break;
- case _pkcs11h_private_op_unwrap:
+ case __pkcs11h_private_op_unwrap:
rv = certificate->session->provider->f->C_UnwrapKey (
certificate->session->session_handle,
&mech,
@@ -879,11 +907,15 @@ __pkcs11h_certificate_doPrivateOperation (
break;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_doPrivateOperation init rv=%ld",
rv
);
+
+ if (rv != CKR_OK) {
+ goto retry;
+ }
}
/*
@@ -891,88 +923,97 @@ __pkcs11h_certificate_doPrivateOperation (
*/
certificate->operation_active = FALSE;
- if (rv == CKR_OK) {
- CK_ULONG size = *p_target_size;
+ size = *p_target_size;
- switch (op) {
- case _pkcs11h_private_op_sign:
- rv = certificate->session->provider->f->C_Sign (
- certificate->session->session_handle,
- (CK_BYTE_PTR)source,
- source_size,
- (CK_BYTE_PTR)target,
- &size
- );
- break;
- case _pkcs11h_private_op_sign_recover:
- rv = certificate->session->provider->f->C_SignRecover (
- certificate->session->session_handle,
- (CK_BYTE_PTR)source,
- source_size,
- (CK_BYTE_PTR)target,
- &size
- );
- break;
- case _pkcs11h_private_op_decrypt:
- rv = certificate->session->provider->f->C_Decrypt (
- certificate->session->session_handle,
- (CK_BYTE_PTR)source,
- source_size,
- (CK_BYTE_PTR)target,
- &size
- );
- break;
- case _pkcs11h_private_op_unwrap:
- wrap_value[0].ulValueLen = size;
+ switch (op) {
+ case __pkcs11h_private_op_sign:
+ rv = certificate->session->provider->f->C_Sign (
+ certificate->session->session_handle,
+ (CK_BYTE_PTR)source,
+ source_size,
+ (CK_BYTE_PTR)target,
+ &size
+ );
+ break;
+ case __pkcs11h_private_op_sign_recover:
+ rv = certificate->session->provider->f->C_SignRecover (
+ certificate->session->session_handle,
+ (CK_BYTE_PTR)source,
+ source_size,
+ (CK_BYTE_PTR)target,
+ &size
+ );
+ break;
+ case __pkcs11h_private_op_decrypt:
+ rv = certificate->session->provider->f->C_Decrypt (
+ certificate->session->session_handle,
+ (CK_BYTE_PTR)source,
+ source_size,
+ (CK_BYTE_PTR)target,
+ &size
+ );
+ break;
+ case __pkcs11h_private_op_unwrap:
+ wrap_value[0].ulValueLen = size;
+
+ rv = certificate->session->provider->f->C_GetAttributeValue (
+ certificate->session->session_handle,
+ wrap_key,
+ wrap_value,
+ sizeof (wrap_value) / sizeof (CK_ATTRIBUTE)
+ );
- rv = certificate->session->provider->f->C_GetAttributeValue (
- certificate->session->session_handle,
- wrap_key,
- wrap_value,
- sizeof (wrap_value) / sizeof (CK_ATTRIBUTE)
- );
+ size = wrap_value[0].ulValueLen;
+ break;
+ default:
+ rv = CKR_ARGUMENTS_BAD;
+ break;
+ }
- size = wrap_value[0].ulValueLen;
- break;
- default:
- rv = CKR_ARGUMENTS_BAD;
- break;
- }
+ /*
+ * Must be before checking for rv.
+ */
+ *p_target_size = size;
- *p_target_size = size;
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: __pkcs11h_certificate_doPrivateOperation op rv=%ld",
+ rv
+ );
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG2,
- "PKCS#11: __pkcs11h_certificate_doPrivateOperation op rv=%ld",
- rv
- );
+ if (target != NULL) {
+ if (rv != CKR_OK) {
+ goto retry;
+ }
}
-
- if (wrap_key != PKCS11H_INVALID_OBJECT_HANDLE) {
+ else {
+ if (
+ rv == CKR_OK ||
+ rv == CKR_BUFFER_TOO_SMALL
+ ) {
+ if (op != __pkcs11h_private_op_unwrap) {
+ certificate->operation_active = TRUE;
+ }
+ }
+ else {
+ goto retry;
+ }
+ }
+
+ op_succeed = TRUE;
+ rv = CKR_OK;
+
+ retry:
+
+ if (wrap_key != _PKCS11H_INVALID_OBJECT_HANDLE) {
certificate->session->provider->f->C_DestroyObject (
certificate->session->session_handle,
wrap_key
);
- wrap_key = PKCS11H_INVALID_OBJECT_HANDLE;
- }
-
- if (
- target == NULL &&
- (
- rv == CKR_BUFFER_TOO_SMALL ||
- rv == CKR_OK
- )
- ) {
- if (op != _pkcs11h_private_op_unwrap) {
- certificate->operation_active = TRUE;
- }
- rv = CKR_OK;
+ wrap_key = _PKCS11H_INVALID_OBJECT_HANDLE;
}
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ if (!op_succeed) {
/*
* OpenSC workaround
* It still allows C_FindObjectsInit when
@@ -985,9 +1026,10 @@ __pkcs11h_certificate_doPrivateOperation (
login_retry = FALSE;
_pkcs11h_session_logout (certificate->session);
}
+ /* End OpenSC workaround */
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Private key operation failed rv=%lu-'%s'",
rv,
@@ -1000,10 +1042,15 @@ __pkcs11h_certificate_doPrivateOperation (
TRUE
);
}
- }
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+ }
}
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&certificate->mutex);
@@ -1011,7 +1058,7 @@ __pkcs11h_certificate_doPrivateOperation (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_doPrivateOperation return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1026,11 +1073,11 @@ CK_RV
pkcs11h_certificate_freeCertificateId (
IN pkcs11h_certificate_id_t certificate_id
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate_id!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_freeCertificateId entry certificate_id=%p",
(void *)certificate_id
@@ -1048,7 +1095,7 @@ pkcs11h_certificate_freeCertificateId (
}
_pkcs11h_mem_free ((void *)&certificate_id);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_freeCertificateId return"
);
@@ -1061,14 +1108,14 @@ pkcs11h_certificate_duplicateCertificateId (
OUT pkcs11h_certificate_id_t * const to,
IN const pkcs11h_certificate_id_t from
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (to!=NULL);
- PKCS11H_ASSERT (from!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (to!=NULL);
+ _PKCS11H_ASSERT (from!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_duplicateCertificateId entry to=%p form=%p",
(void *)to,
@@ -1077,43 +1124,40 @@ pkcs11h_certificate_duplicateCertificateId (
*to = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ if (
+ (rv = _pkcs11h_mem_duplicate (
(void*)to,
NULL,
from,
sizeof (struct pkcs11h_certificate_id_s)
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_mem_duplicate (
(void*)&(*to)->token_id,
NULL,
from->token_id,
sizeof (struct pkcs11h_token_id_s)
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_mem_duplicate (
(void*)&(*to)->attrCKA_ID,
&(*to)->attrCKA_ID_size,
from->attrCKA_ID,
from->attrCKA_ID_size
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ )) ||
+ (rv = _pkcs11h_mem_duplicate (
(void*)&(*to)->certificate_blob,
&(*to)->certificate_blob_size,
from->certificate_blob,
from->certificate_blob_size
- );
+ ))
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_duplicateCertificateId return rv=%lu-'%s', *to=%p",
rv,
@@ -1130,33 +1174,41 @@ pkcs11h_certificate_setCertificateIdCertificateBlob (
IN const unsigned char * const blob,
IN const size_t blob_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate_id!=NULL);
- PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate_id!=NULL);
+ _PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_setCertificateIdCertificateBlob entry certificate_id=%p",
(void *)certificate_id
);
- if (rv == CKR_OK && certificate_id->certificate_blob != NULL) {
- rv = _pkcs11h_mem_free ((void *)&certificate_id->certificate_blob);
+ if (certificate_id->certificate_blob != NULL) {
+ if ((rv = _pkcs11h_mem_free ((void *)&certificate_id->certificate_blob)) != CKR_OK) {
+ goto cleanup;
+ }
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ if (
+ (rv = _pkcs11h_mem_duplicate (
(void *)&certificate_id->certificate_blob,
&certificate_id->certificate_blob_size,
blob,
blob_size
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_setCertificateIdCertificateBlob return rv=%lu-'%s'",
rv,
@@ -1170,10 +1222,10 @@ CK_RV
pkcs11h_certificate_freeCertificate (
IN pkcs11h_certificate_t certificate
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_freeCertificate entry certificate=%p",
(void *)certificate
@@ -1193,7 +1245,7 @@ pkcs11h_certificate_freeCertificate (
_pkcs11h_mem_free ((void *)&certificate);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_freeCertificate return"
);
@@ -1206,20 +1258,31 @@ pkcs11h_certificate_lockSession (
IN const pkcs11h_certificate_t certificate
) {
#if defined(ENABLE_PKCS11H_THREADING)
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
- if (rv == CKR_OK && certificate->session == NULL) {
- rv = _pkcs11h_session_getSessionByTokenId (certificate->id->token_id, &certificate->session);
+ if (certificate->session == NULL) {
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
+ certificate->id->token_id,
+ &certificate->session
+ )) != CKR_OK
+ ) {
+ goto cleanup;
+ }
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex);
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
return rv;
#else
return CKR_OK;
@@ -1231,16 +1294,22 @@ pkcs11h_certificate_releaseSession (
IN const pkcs11h_certificate_t certificate
) {
#if defined(ENABLE_PKCS11H_THREADING)
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
if (certificate->session != NULL) {
- rv = _pkcs11h_threading_mutexRelease (&certificate->session->mutex);
+ if ((rv = _pkcs11h_threading_mutexRelease (&certificate->session->mutex)) != CKR_OK) {
+ goto cleanup;
+ }
}
+ rv = CKR_OK;
+
+cleanup:
+
return rv;
#else
return CKR_OK;
@@ -1256,16 +1325,16 @@ pkcs11h_certificate_sign (
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_sign entry certificate=%p, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -1280,19 +1349,25 @@ pkcs11h_certificate_sign (
*p_target_size = 0;
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_doPrivateOperation (
+ if (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
certificate,
- _pkcs11h_private_op_sign,
+ __pkcs11h_private_op_sign,
mech_type,
source,
source_size,
target,
p_target_size
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_sign return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1312,16 +1387,16 @@ pkcs11h_certificate_signRecover (
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_signRecover entry certificate=%p, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -1336,19 +1411,25 @@ pkcs11h_certificate_signRecover (
*p_target_size = 0;
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_doPrivateOperation (
+ if (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
certificate,
- _pkcs11h_private_op_sign_recover,
+ __pkcs11h_private_op_sign_recover,
mech_type,
source,
source_size,
target,
p_target_size
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_signRecover return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1368,16 +1449,16 @@ pkcs11h_certificate_decrypt (
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_decrypt entry certificate=%p, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -1392,19 +1473,25 @@ pkcs11h_certificate_decrypt (
*p_target_size = 0;
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_doPrivateOperation (
+ if (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
certificate,
- _pkcs11h_private_op_decrypt,
+ __pkcs11h_private_op_decrypt,
mech_type,
source,
source_size,
target,
p_target_size
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_decrypt return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1424,16 +1511,16 @@ pkcs11h_certificate_unwrap (
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_unwrap entry certificate=%p, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -1448,19 +1535,25 @@ pkcs11h_certificate_unwrap (
*p_target_size = 0;
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_doPrivateOperation (
+ if (
+ (rv = __pkcs11h_certificate_doPrivateOperation (
certificate,
- _pkcs11h_private_op_unwrap,
+ __pkcs11h_private_op_unwrap,
mech_type,
source,
source_size,
target,
p_target_size
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_unwrap return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1480,17 +1573,17 @@ pkcs11h_certificate_signAny (
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
PKCS11H_BOOL acked = FALSE;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_signAny entry certificate=%p, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -1501,76 +1594,81 @@ pkcs11h_certificate_signAny (
target != NULL ? *p_target_size : 0
);
- if (
- rv == CKR_OK &&
- certificate->mask_private_mode == 0
- ) {
- PKCS11H_DEBUG (
+ if (certificate->mask_private_mode == 0) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Getting key attributes"
);
- rv = __pkcs11h_certificate_getKeyAttributes (certificate);
- }
+
+ if ((rv = __pkcs11h_certificate_getKeyAttributes (certificate)) != CKR_OK) {
+ goto cleanup;
+ }
+ }
if (
- rv == CKR_OK &&
!acked &&
(certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_SIGN) != 0
) {
- rv = pkcs11h_certificate_sign (
- certificate,
- mech_type,
- source,
- source_size,
- target,
- p_target_size
- );
-
- if (rv == CKR_OK) {
- acked = TRUE;
- }
- else if (
- rv == CKR_FUNCTION_NOT_SUPPORTED ||
- rv == CKR_KEY_FUNCTION_NOT_PERMITTED ||
- rv == CKR_KEY_TYPE_INCONSISTENT
+ switch (
+ pkcs11h_certificate_sign (
+ certificate,
+ mech_type,
+ source,
+ source_size,
+ target,
+ p_target_size
+ )
) {
- certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_SIGN;
- rv = CKR_OK;
+ case CKR_OK:
+ acked = TRUE;
+ break;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_SIGN;
+ break;
+ default:
+ goto cleanup;
}
}
if (
- rv == CKR_OK &&
!acked &&
(certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_RECOVER) != 0
) {
- rv = pkcs11h_certificate_signRecover (
- certificate,
- mech_type,
- source,
- source_size,
- target,
- p_target_size
- );
-
- if (rv == CKR_OK) {
- acked = TRUE;
- }
- else if (
- rv == CKR_FUNCTION_NOT_SUPPORTED ||
- rv == CKR_KEY_FUNCTION_NOT_PERMITTED ||
- rv == CKR_KEY_TYPE_INCONSISTENT
+ switch (
+ pkcs11h_certificate_signRecover (
+ certificate,
+ mech_type,
+ source,
+ source_size,
+ target,
+ p_target_size
+ )
) {
- certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_RECOVER;
- rv = CKR_OK;
+ case CKR_OK:
+ acked = TRUE;
+ break;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_RECOVER;
+ break;
+ default:
+ goto cleanup;
}
}
- if (rv == CKR_OK && !acked) {
+ if (!acked) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
+
+ rv = CKR_OK;
+
+cleanup:
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_signAny return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1590,17 +1688,17 @@ pkcs11h_certificate_decryptAny (
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
PKCS11H_BOOL acked = FALSE;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (source!=NULL);
- /*PKCS11H_ASSERT (target); NOT NEEDED*/
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ /*_PKCS11H_ASSERT (target); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_target_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_decryptAny entry certificate=%p, mech_type=%ld, source=%p, source_size=%u, target=%p, *p_target_size=%u",
(void *)certificate,
@@ -1611,76 +1709,80 @@ pkcs11h_certificate_decryptAny (
target != NULL ? *p_target_size : 0
);
- if (
- rv == CKR_OK &&
- certificate->mask_private_mode == 0
- ) {
- PKCS11H_DEBUG (
+ if (certificate->mask_private_mode == 0) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Getting key attributes"
);
- rv = __pkcs11h_certificate_getKeyAttributes (certificate);
+ if ((rv = __pkcs11h_certificate_getKeyAttributes (certificate)) != CKR_OK) {
+ goto cleanup;
+ }
}
if (
- rv == CKR_OK &&
!acked &&
(certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_DECRYPT) != 0
) {
- rv = pkcs11h_certificate_decrypt (
- certificate,
- mech_type,
- source,
- source_size,
- target,
- p_target_size
- );
-
- if (rv == CKR_OK) {
- acked = TRUE;
- }
- else if (
- rv == CKR_FUNCTION_NOT_SUPPORTED ||
- rv == CKR_KEY_FUNCTION_NOT_PERMITTED ||
- rv == CKR_KEY_TYPE_INCONSISTENT
+ switch (
+ pkcs11h_certificate_decrypt (
+ certificate,
+ mech_type,
+ source,
+ source_size,
+ target,
+ p_target_size
+ )
) {
- certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_DECRYPT;
- rv = CKR_OK;
+ case CKR_OK:
+ acked = TRUE;
+ break;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_DECRYPT;
+ break;
+ default:
+ goto cleanup;
}
}
if (
- rv == CKR_OK &&
!acked &&
(certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_UNWRAP) != 0
) {
- rv = pkcs11h_certificate_unwrap (
- certificate,
- mech_type,
- source,
- source_size,
- target,
- p_target_size
- );
-
- if (rv == CKR_OK) {
- acked = TRUE;
- }
- else if (
- rv == CKR_FUNCTION_NOT_SUPPORTED ||
- rv == CKR_KEY_FUNCTION_NOT_PERMITTED ||
- rv == CKR_KEY_TYPE_INCONSISTENT
+ switch (
+ pkcs11h_certificate_unwrap (
+ certificate,
+ mech_type,
+ source,
+ source_size,
+ target,
+ p_target_size
+ )
) {
- certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_UNWRAP;
- rv = CKR_OK;
+ case CKR_OK:
+ acked = TRUE;
+ break;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_UNWRAP;
+ break;
+ default:
+ goto cleanup;
}
}
- if (rv == CKR_OK && !acked) {
+ if (!acked) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
+
+ rv = CKR_OK;
+
+cleanup:
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_decryptAny return rv=%lu-'%s', *p_target_size=%u",
rv,
@@ -1700,14 +1802,14 @@ pkcs11h_certificate_create (
OUT pkcs11h_certificate_t * const p_certificate
) {
pkcs11h_certificate_t certificate = NULL;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- /*PKCS11H_ASSERT (user_data!=NULL); NOT NEEDED */
- PKCS11H_ASSERT (p_certificate!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ /*_PKCS11H_ASSERT (user_data!=NULL); NOT NEEDED */
+ _PKCS11H_ASSERT (p_certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_create entry certificate_id=%p, user_data=%p, mask_prompt=%08x, pin_cache_period=%d, p_certificate=%p",
(void *)certificate_id,
@@ -1719,30 +1821,30 @@ pkcs11h_certificate_create (
*p_certificate = NULL;
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_mem_malloc ((void*)&certificate, sizeof (struct pkcs11h_certificate_s))) == CKR_OK
- ) {
- certificate->user_data = user_data;
- certificate->mask_prompt = mask_prompt;
- certificate->key_handle = PKCS11H_INVALID_OBJECT_HANDLE;
- certificate->pin_cache_period = pin_cache_period;
+ if ((rv = _pkcs11h_mem_malloc ((void*)&certificate, sizeof (struct pkcs11h_certificate_s))) != CKR_OK) {
+ goto cleanup;
}
+ certificate->user_data = user_data;
+ certificate->mask_prompt = mask_prompt;
+ certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
+ certificate->pin_cache_period = pin_cache_period;
+
#if defined(ENABLE_PKCS11H_THREADING)
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_mutexInit (&certificate->mutex);
+ if ((rv = _pkcs11h_threading_mutexInit (&certificate->mutex)) != CKR_OK) {
+ goto cleanup;
}
#endif
- if (rv == CKR_OK) {
- rv = pkcs11h_certificate_duplicateCertificateId (&certificate->id, certificate_id);
+ if ((rv = pkcs11h_certificate_duplicateCertificateId (&certificate->id, certificate_id)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p_certificate = certificate;
- certificate = NULL;
- }
+ *p_certificate = certificate;
+ certificate = NULL;
+ rv = CKR_OK;
+
+cleanup:
if (certificate != NULL) {
#if defined(ENABLE_PKCS11H_THREADING)
@@ -1751,7 +1853,7 @@ pkcs11h_certificate_create (
_pkcs11h_mem_free ((void *)&certificate);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_create return rv=%lu-'%s' *p_certificate=%p",
rv,
@@ -1766,7 +1868,7 @@ unsigned
pkcs11h_certificate_getPromptMask (
IN const pkcs11h_certificate_t certificate
) {
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
return certificate->mask_prompt;
}
@@ -1776,7 +1878,7 @@ pkcs11h_certificate_setPromptMask (
IN const pkcs11h_certificate_t certificate,
IN const unsigned mask_prompt
) {
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
certificate->mask_prompt = mask_prompt;
}
@@ -1785,7 +1887,7 @@ void *
pkcs11h_certificate_getUserData (
IN const pkcs11h_certificate_t certificate
) {
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
return certificate->user_data;
}
@@ -1795,7 +1897,7 @@ pkcs11h_certificate_setUserData (
IN const pkcs11h_certificate_t certificate,
IN void * const user_data
) {
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
certificate->user_data = user_data;
}
@@ -1805,28 +1907,34 @@ pkcs11h_certificate_getCertificateId (
IN const pkcs11h_certificate_t certificate,
OUT pkcs11h_certificate_id_t * const p_certificate_id
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_ASSERT (p_certificate_id!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (p_certificate_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_getCertificateId entry certificate=%p, certificate_id=%p",
(void *)certificate,
(void *)p_certificate_id
);
- if (rv == CKR_OK) {
- rv = pkcs11h_certificate_duplicateCertificateId (
+ if (
+ (rv = pkcs11h_certificate_duplicateCertificateId (
p_certificate_id,
certificate->id
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_getCertificateId return rv=%lu-'%s'",
rv,
@@ -1845,16 +1953,16 @@ pkcs11h_certificate_getCertificateBlob (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
size_t certifiate_blob_size_max = 0;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
- /*PKCS11H_ASSERT (certificate_blob!=NULL); NOT NEEDED */
- PKCS11H_ASSERT (p_certificate_blob_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
+ /*_PKCS11H_ASSERT (certificate_blob!=NULL); NOT NEEDED */
+ _PKCS11H_ASSERT (p_certificate_blob_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_getCertificateBlob entry certificate=%p, certificate_blob=%p, *p_certificate_blob_size=%u",
(void *)certificate,
@@ -1868,30 +1976,31 @@ pkcs11h_certificate_getCertificateBlob (
*p_certificate_blob_size = 0;
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- if (rv == CKR_OK && certificate->id->certificate_blob == NULL) {
+ if (certificate->id->certificate_blob == NULL) {
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
- while (rv == CKR_OK && !op_succeed) {
+
+ while (!op_succeed) {
if (certificate->session == NULL) {
rv = CKR_SESSION_HANDLE_INVALID;
+ goto retry;
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_loadCertificate (certificate);
+ if ((rv = __pkcs11h_certificate_loadCertificate (certificate)) != CKR_OK) {
+ goto retry;
}
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ op_succeed = TRUE;
+ rv = CKR_OK;
+
+ retry:
+ if (!op_succeed) {
if (!login_retry) {
login_retry = TRUE;
rv = _pkcs11h_certificate_resetSession (
@@ -1900,42 +2009,42 @@ pkcs11h_certificate_getCertificateBlob (
FALSE
);
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
}
-
- if (
- rv == CKR_OK &&
- certificate->id->certificate_blob == NULL
- ) {
+
+ if (certificate->id->certificate_blob == NULL) {
rv = CKR_FUNCTION_REJECTED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- __pkcs11h_certificate_updateCertificateIdDescription (certificate->id);
+ if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p_certificate_blob_size = certificate->id->certificate_blob_size;
- }
+ *p_certificate_blob_size = certificate->id->certificate_blob_size;
if (certificate_blob != NULL) {
- if (
- rv == CKR_OK &&
- certificate->id->certificate_blob_size > certifiate_blob_size_max
- ) {
+ if (certificate->id->certificate_blob_size > certifiate_blob_size_max) {
rv = CKR_BUFFER_TOO_SMALL;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- memmove (
- certificate_blob,
- certificate->id->certificate_blob,
- *p_certificate_blob_size
- );
- }
+ memmove (
+ certificate_blob,
+ certificate->id->certificate_blob,
+ *p_certificate_blob_size
+ );
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&certificate->mutex);
@@ -1943,7 +2052,7 @@ pkcs11h_certificate_getCertificateBlob (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_getCertificateBlob return rv=%lu-'%s'",
rv,
@@ -1962,41 +2071,38 @@ pkcs11h_certificate_ensureCertificateAccess (
PKCS11H_BOOL mutex_locked_sess = FALSE;
#endif
PKCS11H_BOOL validCert = FALSE;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_ensureCertificateAccess entry certificate=%p",
(void *)certificate
);
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) == CKR_OK
- ) {
- mutex_locked_cert = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked_cert = TRUE;
#endif
- if (!validCert && rv == CKR_OK) {
- CK_OBJECT_HANDLE h = PKCS11H_INVALID_OBJECT_HANDLE;
+ if (!validCert) {
+ CK_OBJECT_HANDLE h = _PKCS11H_INVALID_OBJECT_HANDLE;
if (certificate->session == NULL) {
rv = CKR_SESSION_HANDLE_INVALID;
+ goto retry1;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) == CKR_OK
- ) {
- mutex_locked_sess = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
+ goto retry1;
}
+ mutex_locked_sess = TRUE;
#endif
if (
@@ -2006,11 +2112,15 @@ pkcs11h_certificate_ensureCertificateAccess (
certificate->id->attrCKA_ID,
certificate->id->attrCKA_ID_size,
&h
- )) == CKR_OK
+ )) != CKR_OK
) {
- validCert = TRUE;
+ goto retry1;
}
+ validCert = TRUE;
+
+ retry1:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked_sess) {
_pkcs11h_threading_mutexRelease (&certificate->session->mutex);
@@ -2018,33 +2128,36 @@ pkcs11h_certificate_ensureCertificateAccess (
}
#endif
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
+ if (!validCert) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Cannot access existing object rv=%lu-'%s'",
rv,
pkcs11h_getMessage (rv)
);
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
}
}
- if (!validCert && rv == CKR_OK) {
+ if (!validCert) {
if (
(rv = _pkcs11h_certificate_resetSession (
certificate,
TRUE,
FALSE
- )) == CKR_OK
+ )) != CKR_OK
) {
- validCert = TRUE;
+ goto cleanup;
}
+
+ validCert = TRUE;
}
+ if (validCert) {
+ rv = CKR_OK;
+ }
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked_cert) {
_pkcs11h_threading_mutexRelease (&certificate->mutex);
@@ -2052,7 +2165,7 @@ pkcs11h_certificate_ensureCertificateAccess (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_ensureCertificateAccess return rv=%lu-'%s'",
rv,
@@ -2070,41 +2183,38 @@ pkcs11h_certificate_ensureKeyAccess (
PKCS11H_BOOL mutex_locked_cert = FALSE;
PKCS11H_BOOL mutex_locked_sess = FALSE;
#endif
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
PKCS11H_BOOL valid_key = FALSE;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_ensureKeyAccess entry certificate=%p",
(void *)certificate
);
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) == CKR_OK
- ) {
- mutex_locked_cert = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked_cert = TRUE;
#endif
- if (!valid_key && rv == CKR_OK) {
+ if (!valid_key) {
if (certificate->session == NULL) {
rv = CKR_SESSION_HANDLE_INVALID;
+ goto retry1;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) == CKR_OK
- ) {
- mutex_locked_sess = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
+ goto retry1;
}
+ mutex_locked_sess = TRUE;
#endif
if (
@@ -2114,11 +2224,15 @@ pkcs11h_certificate_ensureKeyAccess (
certificate->id->attrCKA_ID,
certificate->id->attrCKA_ID_size,
&certificate->key_handle
- )) == CKR_OK
+ )) != CKR_OK
) {
- valid_key = TRUE;
+ goto retry1;
}
+ valid_key = TRUE;
+
+ retry1:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked_sess) {
_pkcs11h_threading_mutexRelease (&certificate->session->mutex);
@@ -2126,34 +2240,37 @@ pkcs11h_certificate_ensureKeyAccess (
}
#endif
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
+ if (!valid_key) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Cannot access existing object rv=%lu-'%s'",
rv,
pkcs11h_getMessage (rv)
);
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- certificate->key_handle = PKCS11H_INVALID_OBJECT_HANDLE;
+ certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
}
}
- if (!valid_key && rv == CKR_OK) {
+ if (!valid_key) {
if (
(rv = _pkcs11h_certificate_resetSession (
certificate,
FALSE,
FALSE
- )) == CKR_OK
+ )) != CKR_OK
) {
- valid_key = TRUE;
+ goto cleanup;
}
+
+ valid_key = TRUE;
+ }
+
+ if (valid_key) {
+ rv = CKR_OK;
}
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked_cert) {
_pkcs11h_threading_mutexRelease (&certificate->mutex);
@@ -2161,7 +2278,7 @@ pkcs11h_certificate_ensureKeyAccess (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_ensureKeyAccess return rv=%lu-'%s'",
rv,
@@ -2173,7 +2290,7 @@ pkcs11h_certificate_ensureKeyAccess (
CK_RV
_pkcs11h_certificate_enumSessionCertificates (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN void * const user_data,
IN const unsigned mask_prompt
) {
@@ -2183,12 +2300,12 @@ _pkcs11h_certificate_enumSessionCertificates (
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (session!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (session!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_enumSessionCertificates entry session=%p, user_data=%p, mask_prompt=%08x",
(void *)session,
@@ -2198,15 +2315,13 @@ _pkcs11h_certificate_enumSessionCertificates (
/* THREADS: NO NEED TO LOCK, GLOBAL CACHE IS LOCKED */
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- while (rv == CKR_OK && !op_succeed) {
+ while (!op_succeed) {
CK_OBJECT_CLASS cert_filter_class = CKO_CERTIFICATE;
CK_ATTRIBUTE cert_filter[] = {
{CKA_CLASS, &cert_filter_class, sizeof (cert_filter_class)}
@@ -2217,21 +2332,23 @@ _pkcs11h_certificate_enumSessionCertificates (
CK_ULONG i;
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
+ if ((rv = _pkcs11h_session_validate (session)) != CKR_OK) {
+ goto retry;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
+ if (
+ (rv = _pkcs11h_session_findObjects (
session,
cert_filter,
sizeof (cert_filter) / sizeof (CK_ATTRIBUTE),
&objects,
&objects_found
- );
+ )) != CKR_OK
+ ) {
+ goto retry;
}
- for (i=0;rv == CKR_OK && i < objects_found;i++) {
+ for (i=0;i < objects_found;i++) {
pkcs11h_certificate_id_t certificate_id = NULL;
pkcs11h_certificate_id_list_t new_element = NULL;
@@ -2240,62 +2357,51 @@ _pkcs11h_certificate_enumSessionCertificates (
{CKA_VALUE, NULL, 0}
};
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getObjectAttributes (
+ if (
+ (rv = _pkcs11h_session_getObjectAttributes (
session,
objects[i],
attrs,
sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- );
- }
-
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) == CKR_OK
- ) {
- rv = pkcs11h_token_duplicateTokenId (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK ||
+ (rv = pkcs11h_token_duplicateTokenId (
&certificate_id->token_id,
session->token_id
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_mem_duplicate (
(void*)&certificate_id->attrCKA_ID,
&certificate_id->attrCKA_ID_size,
attrs[0].pValue,
attrs[0].ulValueLen
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_mem_duplicate (
(void*)&certificate_id->certificate_blob,
&certificate_id->certificate_blob_size,
attrs[1].pValue,
attrs[1].ulValueLen
- );
- }
-
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate_id);
- }
-
- if (
- rv == CKR_OK &&
+ )) != CKR_OK ||
+ (rv = __pkcs11h_certificate_updateCertificateIdDescription (
+ certificate_id
+ )) != CKR_OK ||
(rv = _pkcs11h_mem_malloc (
(void *)&new_element,
sizeof (struct pkcs11h_certificate_id_list_s)
- )) == CKR_OK
+ )) != CKR_OK
) {
- new_element->next = session->cached_certs;
- new_element->certificate_id = certificate_id;
- certificate_id = NULL;
-
- session->cached_certs = new_element;
- new_element = NULL;
+ goto retry1;
}
+ new_element->next = session->cached_certs;
+ new_element->certificate_id = certificate_id;
+ certificate_id = NULL;
+
+ session->cached_certs = new_element;
+ new_element = NULL;
+ rv = CKR_OK;
+
+ retry1:
+
if (certificate_id != NULL) {
pkcs11h_certificate_freeCertificateId (certificate_id);
certificate_id = NULL;
@@ -2312,7 +2418,7 @@ _pkcs11h_certificate_enumSessionCertificates (
);
if (rv != CKR_OK) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%lu-'%s'",
session->provider->manufacturerID,
@@ -2320,24 +2426,21 @@ _pkcs11h_certificate_enumSessionCertificates (
rv,
pkcs11h_getMessage (rv)
);
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
}
}
+ op_succeed = TRUE;
+ rv = CKR_OK;
+
+ retry:
+
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
}
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ if (!op_succeed) {
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Get certificate attributes failed: %ld:'%s'",
rv,
@@ -2354,9 +2457,15 @@ _pkcs11h_certificate_enumSessionCertificates (
login_retry = TRUE;
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -2364,7 +2473,7 @@ _pkcs11h_certificate_enumSessionCertificates (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_certificate_enumSessionCertificates return rv=%lu-'%s'",
rv,
@@ -2389,17 +2498,18 @@ __pkcs11h_certificate_splitCertificateIdList (
pkcs11h_certificate_id_list_t cert_id_issuers_list = NULL;
pkcs11h_certificate_id_list_t cert_id_end_list = NULL;
+ pkcs11h_certificate_id_list_t entry = NULL;
info_t head = NULL;
info_t info = NULL;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- /*PKCS11H_ASSERT (cert_id_all!=NULL); NOT NEEDED */
- /*PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (p_cert_id_end_list!=NULL);
+ /*_PKCS11H_ASSERT (cert_id_all!=NULL); NOT NEEDED */
+ /*_PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_cert_id_end_list!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_splitCertificateIdList entry cert_id_all=%p, p_cert_id_issuers_list=%p, p_cert_id_end_list=%p",
(void *)cert_id_all,
@@ -2412,124 +2522,110 @@ __pkcs11h_certificate_splitCertificateIdList (
}
*p_cert_id_end_list = NULL;
- if (rv == CKR_OK) {
- pkcs11h_certificate_id_list_t entry = NULL;
-
- for (
- entry = cert_id_all;
- entry != NULL && rv == CKR_OK;
- entry = entry->next
- ) {
- info_t new_info = NULL;
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc ((void *)&new_info, sizeof (struct info_s));
- }
+ for (
+ entry = cert_id_all;
+ entry != NULL;
+ entry = entry->next
+ ) {
+ info_t new_info = NULL;
- if (rv == CKR_OK) {
- new_info->next = head;
- new_info->e = entry->certificate_id;
- head = new_info;
- new_info = NULL;
- }
+ if ((rv = _pkcs11h_mem_malloc ((void *)&new_info, sizeof (struct info_s))) != CKR_OK) {
+ goto cleanup;
}
+ new_info->next = head;
+ new_info->e = entry->certificate_id;
+ head = new_info;
+ new_info = NULL;
}
- if (rv == CKR_OK) {
- for (
- info = head;
- info != NULL;
- info = info->next
- ) {
- info_t info2 = NULL;
-
- for (
- info2 = head;
- info2 != NULL && !info->is_issuer;
- info2 = info2->next
- ) {
- if (info != info2) {
- info->is_issuer = g_pkcs11h_crypto_engine.certificate_is_issuer (
- g_pkcs11h_crypto_engine.global_data,
- info->e->certificate_blob,
- info->e->certificate_blob_size,
- info2->e->certificate_blob,
- info2->e->certificate_blob_size
- );
- }
-
- }
- }
- }
+ for (
+ info = head;
+ info != NULL;
+ info = info->next
+ ) {
+ info_t info2 = NULL;
- if (rv == CKR_OK) {
for (
- info = head;
- info != NULL && rv == CKR_OK;
- info = info->next
+ info2 = head;
+ info2 != NULL && !info->is_issuer;
+ info2 = info2->next
) {
- pkcs11h_certificate_id_list_t new_entry = NULL;
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc (
- (void *)&new_entry,
- sizeof (struct pkcs11h_certificate_id_list_s)
+ if (info != info2) {
+ info->is_issuer = _g_pkcs11h_crypto_engine.certificate_is_issuer (
+ _g_pkcs11h_crypto_engine.global_data,
+ info->e->certificate_blob,
+ info->e->certificate_blob_size,
+ info2->e->certificate_blob,
+ info2->e->certificate_blob_size
);
}
- if (
- rv == CKR_OK &&
- (rv = pkcs11h_certificate_duplicateCertificateId (
- &new_entry->certificate_id,
- info->e
- )) == CKR_OK
- ) {
- /*
- * Should not free base list
- */
- info->e = NULL;
- }
+ }
+ }
- if (rv == CKR_OK) {
- if (info->is_issuer) {
- new_entry->next = cert_id_issuers_list;
- cert_id_issuers_list = new_entry;
- new_entry = NULL;
- }
- else {
- new_entry->next = cert_id_end_list;
- cert_id_end_list = new_entry;
- new_entry = NULL;
- }
- }
+ rv = CKR_OK;
+ for (
+ info = head;
+ info != NULL;
+ info = info->next
+ ) {
+ pkcs11h_certificate_id_list_t new_entry = NULL;
+ if (
+ (rv = _pkcs11h_mem_malloc (
+ (void *)&new_entry,
+ sizeof (struct pkcs11h_certificate_id_list_s)
+ )) != CKR_OK ||
+ (rv = pkcs11h_certificate_duplicateCertificateId (
+ &new_entry->certificate_id,
+ info->e
+ )) != CKR_OK
+ ) {
if (new_entry != NULL) {
if (new_entry->certificate_id != NULL) {
pkcs11h_certificate_freeCertificateId (new_entry->certificate_id);
}
_pkcs11h_mem_free ((void *)&new_entry);
}
+ goto cleanup;
}
- }
- if (rv == CKR_OK) {
- while (head != NULL) {
- info_t entry = head;
- head = head->next;
+ /*
+ * Should not free base list
+ */
+ info->e = NULL;
- _pkcs11h_mem_free ((void *)&entry);
+ if (info->is_issuer) {
+ new_entry->next = cert_id_issuers_list;
+ cert_id_issuers_list = new_entry;
+ new_entry = NULL;
+ }
+ else {
+ new_entry->next = cert_id_end_list;
+ cert_id_end_list = new_entry;
+ new_entry = NULL;
}
}
- if (rv == CKR_OK && p_cert_id_issuers_list != NULL ) {
+
+ if (p_cert_id_issuers_list != NULL ) {
*p_cert_id_issuers_list = cert_id_issuers_list;
cert_id_issuers_list = NULL;
}
- if (rv == CKR_OK) {
- *p_cert_id_end_list = cert_id_end_list;
- cert_id_end_list = NULL;
+ *p_cert_id_end_list = cert_id_end_list;
+ cert_id_end_list = NULL;
+
+ rv = CKR_OK;
+
+cleanup:
+
+ while (head != NULL) {
+ info_t entry = head;
+ head = head->next;
+
+ _pkcs11h_mem_free ((void *)&entry);
}
if (cert_id_issuers_list != NULL) {
@@ -2540,7 +2636,7 @@ __pkcs11h_certificate_splitCertificateIdList (
pkcs11h_certificate_freeCertificateIdList (cert_id_end_list);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_certificate_splitCertificateIdList return rv=%lu-'%s'",
rv,
@@ -2556,11 +2652,11 @@ pkcs11h_certificate_freeCertificateIdList (
) {
pkcs11h_certificate_id_list_t _id = cert_id_list;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- /*PKCS11H_ASSERT (cert_id_list!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ /*_PKCS11H_ASSERT (cert_id_list!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_freeCertificateIdList entry cert_id_list=%p",
(void *)cert_id_list
@@ -2576,7 +2672,7 @@ pkcs11h_certificate_freeCertificateIdList (
_pkcs11h_mem_free ((void *)&x);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_freeCertificateIdList return"
);
@@ -2596,17 +2692,17 @@ pkcs11h_certificate_enumTokenCertificateIds (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- pkcs11h_session_t session = NULL;
- CK_RV rv = CKR_OK;
+ _pkcs11h_session_t session = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (token_id!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- /*PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (p_cert_id_end_list!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (token_id!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
+ /*_PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_cert_id_end_list!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_enumTokenCertificateIds entry token_id=%p, method=%u, user_data=%p, mask_prompt=%08x, p_cert_id_issuers_list=%p, p_cert_id_end_list=%p",
(void *)token_id,
@@ -2623,51 +2719,56 @@ pkcs11h_certificate_enumTokenCertificateIds (
*p_cert_id_end_list = NULL;
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.cache)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
if (
- rv == CKR_OK &&
(rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- )) == CKR_OK
+ )) != CKR_OK
) {
- if (method == PKCS11H_ENUM_METHOD_RELOAD) {
- pkcs11h_certificate_freeCertificateIdList (session->cached_certs);
- session->cached_certs = NULL;
- }
+ goto cleanup;
+ }
- if (session->cached_certs == NULL) {
- rv = _pkcs11h_certificate_enumSessionCertificates (session, user_data, mask_prompt);
- }
+ if (method == PKCS11H_ENUM_METHOD_RELOAD) {
+ pkcs11h_certificate_freeCertificateIdList (session->cached_certs);
+ session->cached_certs = NULL;
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_splitCertificateIdList (
+ if (session->cached_certs == NULL) {
+ rv = _pkcs11h_certificate_enumSessionCertificates (session, user_data, mask_prompt);
+ }
+
+ if (
+ (rv = __pkcs11h_certificate_splitCertificateIdList (
session->cached_certs,
p_cert_id_issuers_list,
p_cert_id_end_list
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
if (session != NULL) {
_pkcs11h_session_release (session);
}
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.cache);
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache);
mutex_locked = FALSE;
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_enumTokenCertificateIds return rv=%lu-'%s'",
rv,
@@ -2689,17 +2790,17 @@ pkcs11h_certificate_enumCertificateIds (
PKCS11H_BOOL mutex_locked = FALSE;
#endif
pkcs11h_certificate_id_list_t cert_id_list = NULL;
- pkcs11h_provider_t current_provider;
- pkcs11h_session_t current_session;
- CK_RV rv = CKR_OK;
+ _pkcs11h_provider_t current_provider;
+ _pkcs11h_session_t current_session;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- /*PKCS11H_ASSERT (user_data!=NULL); NOT NEEDED*/
- /*PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (p_cert_id_end_list!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ /*_PKCS11H_ASSERT (user_data!=NULL); NOT NEEDED*/
+ /*_PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_cert_id_end_list!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_enumCertificateIds entry method=%u, mask_prompt=%08x, p_cert_id_issuers_list=%p, p_cert_id_end_list=%p",
method,
@@ -2714,16 +2815,14 @@ pkcs11h_certificate_enumCertificateIds (
*p_cert_id_end_list = NULL;
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.cache)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
for (
- current_session = g_pkcs11h_data->sessions;
+ current_session = _g_pkcs11h_data->sessions;
current_session != NULL;
current_session = current_session->next
) {
@@ -2735,11 +2834,8 @@ pkcs11h_certificate_enumCertificateIds (
}
for (
- current_provider = g_pkcs11h_data->providers;
- (
- current_provider != NULL &&
- rv == CKR_OK
- );
+ current_provider = _g_pkcs11h_data->providers;
+ current_provider != NULL;
current_provider = current_provider->next
) {
CK_SLOT_ID_PTR slots = NULL;
@@ -2747,57 +2843,66 @@ pkcs11h_certificate_enumCertificateIds (
CK_SLOT_ID slot_index;
if (!current_provider->enabled) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ continue;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSlotList (
+ if (
+ (rv = _pkcs11h_session_getSlotList (
current_provider,
CK_TRUE,
&slots,
&slotnum
- );
+ )) != CKR_OK
+ ) {
+ goto retry1;
}
for (
slot_index=0;
- (
- slot_index < slotnum &&
- rv == CKR_OK
- );
+ slot_index < slotnum;
slot_index++
) {
- pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t session = NULL;
pkcs11h_token_id_t token_id = NULL;
CK_TOKEN_INFO info;
- if (rv == CKR_OK) {
- rv = current_provider->f->C_GetTokenInfo (
+ if (
+ (rv = current_provider->f->C_GetTokenInfo (
slots[slot_index],
&info
- );
- }
-
- if (
- rv == CKR_OK &&
+ )) != CKR_OK ||
(rv = _pkcs11h_token_getTokenId (
&info,
&token_id
- )) == CKR_OK &&
+ )) != CKR_OK ||
(rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- )) == CKR_OK
+ )) != CKR_OK
) {
- session->touch = TRUE;
+ goto retry11;
+ }
+
+ session->touch = TRUE;
- if (session->cached_certs == NULL) {
- rv = _pkcs11h_certificate_enumSessionCertificates (session, user_data, mask_prompt);
+ if (session->cached_certs == NULL) {
+ if (
+ (rv = _pkcs11h_certificate_enumSessionCertificates (
+ session,
+ user_data,
+ mask_prompt
+ )) != CKR_OK
+ ) {
+ goto retry11;
}
}
+ rv = CKR_OK;
+
+ retry11:
+
if (rv != CKR_OK) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Cannot get token information for provider '%s' slot %ld rv=%lu-'%s'",
current_provider->manufacturerID,
@@ -2805,11 +2910,6 @@ pkcs11h_certificate_enumCertificateIds (
rv,
pkcs11h_getMessage (rv)
);
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
}
if (session != NULL) {
@@ -2823,19 +2923,18 @@ pkcs11h_certificate_enumCertificateIds (
}
}
+ rv = CKR_OK;
+
+ retry1:
+
if (rv != CKR_OK) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'",
current_provider->manufacturerID,
rv,
pkcs11h_getMessage (rv)
);
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
}
if (slots != NULL) {
@@ -2845,11 +2944,8 @@ pkcs11h_certificate_enumCertificateIds (
}
for (
- current_session = g_pkcs11h_data->sessions;
- (
- current_session != NULL &&
- rv == CKR_OK
- );
+ current_session = _g_pkcs11h_data->sessions;
+ current_session != NULL;
current_session = current_session->next
) {
if (
@@ -2866,47 +2962,50 @@ pkcs11h_certificate_enumCertificateIds (
for (
entry = current_session->cached_certs;
- (
- entry != NULL &&
- rv == CKR_OK
- );
+ entry != NULL;
entry = entry->next
) {
pkcs11h_certificate_id_list_t new_entry = NULL;
if (
- rv == CKR_OK &&
(rv = _pkcs11h_mem_malloc (
(void *)&new_entry,
sizeof (struct pkcs11h_certificate_id_list_s)
- )) == CKR_OK &&
+ )) != CKR_OK ||
(rv = pkcs11h_certificate_duplicateCertificateId (
&new_entry->certificate_id,
entry->certificate_id
- )) == CKR_OK
+ )) != CKR_OK
) {
- new_entry->next = cert_id_list;
- cert_id_list = new_entry;
- new_entry = NULL;
+ if (new_entry != NULL) {
+ new_entry->next = NULL;
+ pkcs11h_certificate_freeCertificateIdList (new_entry);
+ new_entry = NULL;
+ }
+ goto cleanup;
}
- if (new_entry != NULL) {
- new_entry->next = NULL;
- pkcs11h_certificate_freeCertificateIdList (new_entry);
- new_entry = NULL;
- }
+ new_entry->next = cert_id_list;
+ cert_id_list = new_entry;
+ new_entry = NULL;
}
}
}
- if (rv == CKR_OK) {
- rv = __pkcs11h_certificate_splitCertificateIdList (
+ if (
+ (rv = __pkcs11h_certificate_splitCertificateIdList (
cert_id_list,
p_cert_id_issuers_list,
p_cert_id_end_list
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
if (cert_id_list != NULL) {
pkcs11h_certificate_freeCertificateIdList (cert_id_list);
cert_id_list = NULL;
@@ -2915,12 +3014,12 @@ pkcs11h_certificate_enumCertificateIds (
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.cache);
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache);
mutex_locked = FALSE;
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_enumCertificateIds return rv=%lu-'%s'",
rv,
diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c
index 36b1e3a..9c6e8c9 100644
--- a/lib/pkcs11h-core.c
+++ b/lib/pkcs11h-core.c
@@ -123,8 +123,8 @@ __pkcs11h_forkFixup (
* Data
*/
-pkcs11h_data_t g_pkcs11h_data = NULL;
-unsigned int g_pkcs11h_loglevel = PKCS11H_LOG_INFO;
+_pkcs11h_data_t _g_pkcs11h_data = NULL;
+unsigned int _g_pkcs11h_loglevel = PKCS11H_LOG_INFO;
/*======================================================================*
* PUBLIC INTERFACE
@@ -267,52 +267,56 @@ pkcs11h_getFeatures (void) {
CK_RV
pkcs11h_initialize (void) {
-
#if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
+ PKCS11H_BOOL has_mutex_global = FALSE;
+ PKCS11H_BOOL has_mutex_cache = FALSE;
+ PKCS11H_BOOL has_mutex_session = FALSE;
#endif
- CK_RV rv = CKR_OK;
- PKCS11H_DEBUG (
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ _pkcs11h_data_t data = NULL;
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_initialize entry"
);
pkcs11h_terminate ();
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc ((void*)&g_pkcs11h_data, sizeof (struct pkcs11h_data_s));
+ if ((rv = _pkcs11h_mem_malloc ((void*)&data, sizeof (struct _pkcs11h_data_s))) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK && g_pkcs11h_crypto_engine.initialize == NULL) {
+ if (_g_pkcs11h_crypto_engine.initialize == NULL) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- !g_pkcs11h_crypto_engine.initialize (g_pkcs11h_crypto_engine.global_data)
- ) {
- PKCS11H_DEBUG (
+ if (!_g_pkcs11h_crypto_engine.initialize (_g_pkcs11h_crypto_engine.global_data)) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_ERROR,
"PKCS#11: Cannot initialize crypto engine"
);
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_mutexInit (&g_pkcs11h_data->mutexes.global);
+ if ((rv = _pkcs11h_threading_mutexInit (&data->mutexes.global)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_mutexInit (&g_pkcs11h_data->mutexes.session);
+ has_mutex_global = TRUE;
+ if ((rv = _pkcs11h_threading_mutexInit (&data->mutexes.cache)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_mutexInit (&g_pkcs11h_data->mutexes.cache);
+ has_mutex_cache = TRUE;
+ if ((rv = _pkcs11h_threading_mutexInit (&data->mutexes.session)) != CKR_OK) {
+ goto cleanup;
}
+ has_mutex_session = TRUE;
#if !defined(_WIN32)
if (
- rv == CKR_OK &&
pthread_atfork (
__pkcs11h_threading_atfork_prepare,
__pkcs11h_threading_atfork_parent,
@@ -320,37 +324,47 @@ pkcs11h_initialize (void) {
)
) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#endif
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global)) == CKR_OK
- ) {
- mutex_locked = TRUE;
- }
#endif
- if (rv == CKR_OK) {
- g_pkcs11h_data->max_retries = PKCS11H_DEFAULT_MAX_LOGIN_RETRY;
- g_pkcs11h_data->allow_protected_auth = TRUE;
- g_pkcs11h_data->pin_cache_period = PKCS11H_DEFAULT_PIN_CACHE_PERIOD;
- g_pkcs11h_data->initialized = TRUE;
- }
+ data->max_retries = _PKCS11H_DEFAULT_MAX_LOGIN_RETRY;
+ data->allow_protected_auth = TRUE;
+ data->pin_cache_period = _PKCS11H_DEFAULT_PIN_CACHE_PERIOD;
+ data->initialized = TRUE;
- if (rv == CKR_OK) {
- pkcs11h_setLogHook (__pkcs11h_hooks_default_log, NULL);
- pkcs11h_setTokenPromptHook (__pkcs11h_hooks_default_token_prompt, NULL);
- pkcs11h_setPINPromptHook (__pkcs11h_hooks_default_pin_prompt, NULL);
- }
-
+ _g_pkcs11h_data = data;
+ data = NULL;
+
+ pkcs11h_setLogHook (__pkcs11h_hooks_default_log, NULL);
+ pkcs11h_setTokenPromptHook (__pkcs11h_hooks_default_token_prompt, NULL);
+ pkcs11h_setPINPromptHook (__pkcs11h_hooks_default_pin_prompt, NULL);
+
+ rv = CKR_OK;
+
+cleanup:
+
+ if (data != NULL) {
#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
- mutex_locked = FALSE;
- }
+ if (has_mutex_global) {
+ _pkcs11h_threading_mutexFree (&data->mutexes.global);
+ has_mutex_global = FALSE;
+ }
+ if (has_mutex_cache) {
+ _pkcs11h_threading_mutexFree (&data->mutexes.cache);
+ has_mutex_cache = FALSE;
+ }
+ if (has_mutex_session) {
+ _pkcs11h_threading_mutexFree (&data->mutexes.session);
+ has_mutex_session = FALSE;
+ }
#endif
+ _pkcs11h_mem_free ((void *)&data);
+ data = NULL;
+ }
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_initialize return rv=%lu-'%s'",
rv,
@@ -363,21 +377,21 @@ pkcs11h_initialize (void) {
CK_RV
pkcs11h_terminate (void) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_terminate entry"
);
- if (g_pkcs11h_data != NULL) {
- pkcs11h_provider_t current_provider = NULL;
+ if (_g_pkcs11h_data != NULL) {
+ _pkcs11h_provider_t current_provider = NULL;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Removing providers"
);
for (
- current_provider = g_pkcs11h_data->providers;
+ current_provider = _g_pkcs11h_data->providers;
current_provider != NULL;
current_provider = current_provider->next
) {
@@ -385,19 +399,19 @@ pkcs11h_terminate (void) {
}
#if defined(ENABLE_PKCS11H_THREADING)
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.cache);
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.session);
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global);
+ _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache);
+ _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session);
+ _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global);
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Releasing sessions"
);
- while (g_pkcs11h_data->sessions != NULL) {
- pkcs11h_session_t current = g_pkcs11h_data->sessions;
- g_pkcs11h_data->sessions = g_pkcs11h_data->sessions->next;
+ while (_g_pkcs11h_data->sessions != NULL) {
+ _pkcs11h_session_t current = _g_pkcs11h_data->sessions;
+ _g_pkcs11h_data->sessions = _g_pkcs11h_data->sessions->next;
#if defined(ENABLE_PKCS11H_THREADING)
_pkcs11h_threading_mutexLock (¤t->mutex);
@@ -406,7 +420,7 @@ pkcs11h_terminate (void) {
current->valid = FALSE;
if (current->reference_count != 0) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Warning: Found session with references"
);
@@ -431,39 +445,39 @@ pkcs11h_terminate (void) {
}
#if defined(ENABLE_PKCS11H_SLOTEVENT)
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Terminating slotevent"
);
_pkcs11h_slotevent_terminate ();
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Marking as uninitialized"
);
- g_pkcs11h_data->initialized = FALSE;
+ _g_pkcs11h_data->initialized = FALSE;
- while (g_pkcs11h_data->providers != NULL) {
- pkcs11h_provider_t current = g_pkcs11h_data->providers;
- g_pkcs11h_data->providers = g_pkcs11h_data->providers->next;
+ while (_g_pkcs11h_data->providers != NULL) {
+ _pkcs11h_provider_t current = _g_pkcs11h_data->providers;
+ _g_pkcs11h_data->providers = _g_pkcs11h_data->providers->next;
_pkcs11h_mem_free ((void *)¤t);
}
#if defined(ENABLE_PKCS11H_THREADING)
- _pkcs11h_threading_mutexFree (&g_pkcs11h_data->mutexes.cache);
- _pkcs11h_threading_mutexFree (&g_pkcs11h_data->mutexes.global);
- _pkcs11h_threading_mutexFree (&g_pkcs11h_data->mutexes.session);
+ _pkcs11h_threading_mutexFree (&_g_pkcs11h_data->mutexes.global);
+ _pkcs11h_threading_mutexFree (&_g_pkcs11h_data->mutexes.cache);
+ _pkcs11h_threading_mutexFree (&_g_pkcs11h_data->mutexes.session);
#endif
- g_pkcs11h_crypto_engine.uninitialize (g_pkcs11h_crypto_engine.global_data);
+ _g_pkcs11h_crypto_engine.uninitialize (_g_pkcs11h_crypto_engine.global_data);
- _pkcs11h_mem_free ((void *)&g_pkcs11h_data);
+ _pkcs11h_mem_free ((void *)&_g_pkcs11h_data);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_terminate return"
);
@@ -475,7 +489,7 @@ void
pkcs11h_setLogLevel (
IN const unsigned flags
) {
- g_pkcs11h_loglevel = flags;
+ _g_pkcs11h_loglevel = flags;
}
CK_RV
@@ -483,20 +497,20 @@ pkcs11h_setForkMode (
IN const PKCS11H_BOOL safe
) {
#if defined(ENABLE_PKCS11H_THREADING) && !defined(_WIN32)
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- g_pkcs11h_data->safefork = safe;
+ _g_pkcs11h_data->safefork = safe;
#endif
return CKR_OK;
}
unsigned
pkcs11h_getLogLevel (void) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- return g_pkcs11h_loglevel;
+ return _g_pkcs11h_loglevel;
}
CK_RV
@@ -504,12 +518,12 @@ pkcs11h_setLogHook (
IN const pkcs11h_hook_log_t hook,
IN void * const global_data
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (hook!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (hook!=NULL);
- g_pkcs11h_data->hooks.log = hook;
- g_pkcs11h_data->hooks.log_data = global_data;
+ _g_pkcs11h_data->hooks.log = hook;
+ _g_pkcs11h_data->hooks.log_data = global_data;
return CKR_OK;
}
@@ -519,13 +533,13 @@ pkcs11h_setSlotEventHook (
IN const pkcs11h_hook_slotevent_t hook,
IN void * const global_data
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (hook!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (hook!=NULL);
#if defined(ENABLE_PKCS11H_SLOTEVENT)
- g_pkcs11h_data->hooks.slotevent = hook;
- g_pkcs11h_data->hooks.slotevent_data = global_data;
+ _g_pkcs11h_data->hooks.slotevent = hook;
+ _g_pkcs11h_data->hooks.slotevent_data = global_data;
return _pkcs11h_slotevent_init ();
#else
@@ -540,12 +554,12 @@ pkcs11h_setPINPromptHook (
IN const pkcs11h_hook_pin_prompt_t hook,
IN void * const global_data
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (hook!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (hook!=NULL);
- g_pkcs11h_data->hooks.pin_prompt = hook;
- g_pkcs11h_data->hooks.pin_prompt_data = global_data;
+ _g_pkcs11h_data->hooks.pin_prompt = hook;
+ _g_pkcs11h_data->hooks.pin_prompt_data = global_data;
return CKR_OK;
}
@@ -555,12 +569,12 @@ pkcs11h_setTokenPromptHook (
IN const pkcs11h_hook_token_prompt_t hook,
IN void * const global_data
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (hook!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (hook!=NULL);
- g_pkcs11h_data->hooks.token_prompt = hook;
- g_pkcs11h_data->hooks.token_prompt_data = global_data;
+ _g_pkcs11h_data->hooks.token_prompt = hook;
+ _g_pkcs11h_data->hooks.token_prompt_data = global_data;
return CKR_OK;
}
@@ -569,10 +583,10 @@ CK_RV
pkcs11h_setPINCachePeriod (
IN const int pin_cache_period
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- g_pkcs11h_data->pin_cache_period = pin_cache_period;
+ _g_pkcs11h_data->pin_cache_period = pin_cache_period;
return CKR_OK;
}
@@ -581,10 +595,10 @@ CK_RV
pkcs11h_setMaxLoginRetries (
IN const unsigned max_retries
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- g_pkcs11h_data->max_retries = max_retries;
+ _g_pkcs11h_data->max_retries = max_retries;
return CKR_OK;
}
@@ -593,10 +607,10 @@ CK_RV
pkcs11h_setProtectedAuthentication (
IN const PKCS11H_BOOL allow_protected_auth
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
- g_pkcs11h_data->allow_protected_auth = allow_protected_auth;
+ _g_pkcs11h_data->allow_protected_auth = allow_protected_auth;
return CKR_OK;
}
@@ -618,18 +632,19 @@ pkcs11h_addProvider (
int mypid = 0;
#else
pid_t mypid = getpid ();
+ void *p;
#endif
- pkcs11h_provider_t provider = NULL;
+ _pkcs11h_provider_t provider = NULL;
CK_C_GetFunctionList gfl = NULL;
CK_INFO info;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (provider_location!=NULL);
- /*PKCS11H_ASSERT (szSignMode!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (provider_location!=NULL);
+ /*_PKCS11H_ASSERT (szSignMode!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_addProvider entry pid=%d, reference='%s', provider_location='%s', allow_protected_auth=%d, mask_private_mode=%08x, cert_is_private=%d",
mypid,
@@ -640,7 +655,7 @@ pkcs11h_addProvider (
cert_is_private ? 1 : 0
);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Adding provider '%s'-'%s'",
reference,
@@ -648,126 +663,136 @@ pkcs11h_addProvider (
);
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct pkcs11h_provider_s))) == CKR_OK
- ) {
- strncpy (
- provider->reference,
- reference,
- sizeof (provider->reference)-1
- );
- provider->reference[sizeof (provider->reference)-1] = '\x0';
- strncpy (
- provider->manufacturerID,
- (
- strlen (provider_location) < sizeof (provider->manufacturerID) ?
- provider_location :
- provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1
- ),
- sizeof (provider->manufacturerID)-1
- );
- provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0';
- provider->allow_protected_auth = allow_protected_auth;
- provider->mask_private_mode = mask_private_mode;
- provider->slot_event_method = slot_event_method;
- provider->slot_poll_interval = slot_poll_interval;
- provider->cert_is_private = cert_is_private;
+ if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) {
+ goto cleanup;
}
+
+ strncpy (
+ provider->reference,
+ reference,
+ sizeof (provider->reference)-1
+ );
+ provider->reference[sizeof (provider->reference)-1] = '\x0';
+ strncpy (
+ provider->manufacturerID,
+ (
+ strlen (provider_location) < sizeof (provider->manufacturerID) ?
+ provider_location :
+ provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1
+ ),
+ sizeof (provider->manufacturerID)-1
+ );
+ provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0';
+ provider->allow_protected_auth = allow_protected_auth;
+ provider->mask_private_mode = mask_private_mode;
+ provider->slot_event_method = slot_event_method;
+ provider->slot_poll_interval = slot_poll_interval;
+ provider->cert_is_private = cert_is_private;
- if (rv == CKR_OK) {
#if defined(_WIN32)
- provider->handle = LoadLibraryA (provider_location);
+ provider->handle = LoadLibraryA (provider_location);
#else
- provider->handle = dlopen (provider_location, RTLD_NOW);
+ provider->handle = dlopen (provider_location, RTLD_NOW);
#endif
- if (provider->handle == NULL) {
- rv = CKR_FUNCTION_FAILED;
- }
+
+ if (provider->handle == NULL) {
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
#if defined(_WIN32)
- gfl = (CK_C_GetFunctionList)GetProcAddress (
- provider->handle,
- "C_GetFunctionList"
- );
+ gfl = (CK_C_GetFunctionList)GetProcAddress (
+ provider->handle,
+ "C_GetFunctionList"
+ );
#else
- /*
- * Make compiler happy!
- */
- void *p = dlsym (
- provider->handle,
- "C_GetFunctionList"
- );
- memmove (
- &gfl,
- &p,
- sizeof (void *)
- );
+ /*
+ * Make compiler happy!
+ */
+ p = dlsym (
+ provider->handle,
+ "C_GetFunctionList"
+ );
+ memmove (
+ &gfl,
+ &p,
+ sizeof (void *)
+ );
#endif
- if (gfl == NULL) {
- rv = CKR_FUNCTION_FAILED;
- }
+ if (gfl == NULL) {
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = gfl (&provider->f);
+ if ((rv = gfl (&provider->f)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- if ((rv = provider->f->C_Initialize (NULL)) != CKR_OK) {
- if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) {
- rv = CKR_OK;
- }
+ if ((rv = provider->f->C_Initialize (NULL)) != CKR_OK) {
+ if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) {
+ rv = CKR_OK;
}
else {
- provider->should_finalize = TRUE;
+ goto cleanup;
}
}
+ else {
+ provider->should_finalize = TRUE;
+ }
- if (
- rv == CKR_OK &&
- (rv = provider->f->C_GetInfo (&info)) == CKR_OK
- ) {
- _pkcs11h_util_fixupFixedString (
- provider->manufacturerID,
- (char *)info.manufacturerID,
- sizeof (info.manufacturerID)
- );
+ if ((rv = provider->f->C_GetInfo (&info)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- provider->enabled = TRUE;
+ _pkcs11h_util_fixupFixedString (
+ provider->manufacturerID,
+ (char *)info.manufacturerID,
+ sizeof (info.manufacturerID)
+ );
+ provider->enabled = TRUE;
+
+ if (_g_pkcs11h_data->providers == NULL) {
+ _g_pkcs11h_data->providers = provider;
}
+ else {
+ _pkcs11h_provider_t last = NULL;
+
+ for (
+ last = _g_pkcs11h_data->providers;
+ last->next != NULL;
+ last = last->next
+ );
+ last->next = provider;
+ }
+
+ provider = NULL;
+ rv = CKR_OK;
+
+cleanup:
if (provider != NULL) {
- if (g_pkcs11h_data->providers == NULL) {
- g_pkcs11h_data->providers = provider;
- }
- else {
- pkcs11h_provider_t last = NULL;
-
- for (
- last = g_pkcs11h_data->providers;
- last->next != NULL;
- last = last->next
- );
- last->next = provider;
+ if (provider->handle != NULL) {
+#if defined(_WIN32)
+ FreeLibrary (provider->handle);
+#else
+ dlclose (provider->handle);
+#endif
+ provider->handle = NULL;
}
+
+ _pkcs11h_mem_free ((void *)&provider);
+ provider = NULL;
}
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
mutex_locked = FALSE;
}
#endif
@@ -776,7 +801,7 @@ pkcs11h_addProvider (
_pkcs11h_slotevent_notify ();
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Provider '%s' added rv=%lu-'%s'",
reference,
@@ -784,7 +809,7 @@ pkcs11h_addProvider (
pkcs11h_getMessage (rv)
);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_addProvider return rv=%lu-'%s'",
rv,
@@ -799,32 +824,44 @@ pkcs11h_removeProvider (
IN const char * const reference
) {
#if defined(ENABLE_PKCS11H_THREADING)
- pkcs11h_session_t current_session = NULL;
+ _pkcs11h_session_t current_session = NULL;
+ PKCS11H_BOOL has_mutex_global = FALSE;
+ PKCS11H_BOOL has_mutex_cache = FALSE;
+ PKCS11H_BOOL has_mutex_session = FALSE;
#endif
- pkcs11h_provider_t provider = NULL;
- CK_RV rv = CKR_OK;
+ _pkcs11h_provider_t provider = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (reference!=NULL);
+ _PKCS11H_ASSERT (reference!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_removeProvider entry reference='%s'",
reference
);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Removing provider '%s'",
reference
);
#if defined(ENABLE_PKCS11H_THREADING)
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.cache);
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.session);
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global);
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) {
+ goto cleanup;
+ }
+ has_mutex_cache = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session)) != CKR_OK) {
+ goto cleanup;
+ }
+ has_mutex_session = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
+ goto cleanup;
+ }
+ has_mutex_global = TRUE;
for (
- current_session = g_pkcs11h_data->sessions;
+ current_session = _g_pkcs11h_data->sessions;
current_session != NULL;
current_session = current_session->next
) {
@@ -832,69 +869,80 @@ pkcs11h_removeProvider (
}
#endif
- provider = g_pkcs11h_data->providers;
+ provider = _g_pkcs11h_data->providers;
while (
- rv == CKR_OK &&
provider != NULL &&
strcmp (reference, provider->reference)
) {
provider = provider->next;
}
- if (rv == CKR_OK && provider == NULL) {
+ if (provider == NULL) {
rv = CKR_OBJECT_HANDLE_INVALID;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- provider->enabled = FALSE;
- provider->reference[0] = '\0';
+ provider->enabled = FALSE;
+ provider->reference[0] = '\0';
- if (provider->should_finalize) {
- provider->f->C_Finalize (NULL);
- provider->should_finalize = FALSE;
- }
+ if (provider->should_finalize) {
+ provider->f->C_Finalize (NULL);
+ provider->should_finalize = FALSE;
+ }
#if defined(ENABLE_PKCS11H_SLOTEVENT)
- _pkcs11h_slotevent_notify ();
-
- /*
- * Wait until manager join this thread
- * this happens saldom so I can poll
- */
- while (provider->slotevent_thread != PKCS11H_THREAD_NULL) {
- _pkcs11h_threading_sleep (500);
- }
+ _pkcs11h_slotevent_notify ();
+
+ /*
+ * Wait until manager join this thread
+ * this happens saldom so I can poll
+ */
+ while (provider->slotevent_thread != PKCS11H_THREAD_NULL) {
+ _pkcs11h_threading_sleep (500);
+ }
#endif
- if (provider->f != NULL) {
- provider->f = NULL;
- }
+ if (provider->f != NULL) {
+ provider->f = NULL;
+ }
- if (provider->handle != NULL) {
+ if (provider->handle != NULL) {
#if defined(_WIN32)
- FreeLibrary (provider->handle);
+ FreeLibrary (provider->handle);
#else
- dlclose (provider->handle);
+ dlclose (provider->handle);
#endif
- provider->handle = NULL;
- }
+ provider->handle = NULL;
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
for (
- current_session = g_pkcs11h_data->sessions;
+ current_session = _g_pkcs11h_data->sessions;
current_session != NULL;
current_session = current_session->next
) {
_pkcs11h_threading_mutexRelease (¤t_session->mutex);
}
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.cache);
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.session);
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
+ if (has_mutex_cache) {
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache);
+ has_mutex_cache = FALSE;
+ }
+ if (has_mutex_session) {
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.session);
+ has_mutex_session = FALSE;
+ }
+ if (has_mutex_global) {
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
+ has_mutex_global = FALSE;
+ }
#endif
-
- PKCS11H_DEBUG (
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_removeProvider return rv=%lu-'%s'",
rv,
@@ -925,23 +973,23 @@ pkcs11h_plugAndPlay (void) {
pid_t mypid = getpid ();
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_forkFixup entry pid=%d",
mypid
);
- if (g_pkcs11h_data != NULL && g_pkcs11h_data->initialized) {
- pkcs11h_provider_t current;
+ if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) {
+ _pkcs11h_provider_t current;
#if defined(ENABLE_PKCS11H_SLOTEVENT)
PKCS11H_BOOL slot_event_active = FALSE;
#endif
#if defined(ENABLE_PKCS11H_THREADING)
- _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global);
+ _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global);
#endif
for (
- current = g_pkcs11h_data->providers;
+ current = _g_pkcs11h_data->providers;
current != NULL;
current = current->next
) {
@@ -951,14 +999,14 @@ pkcs11h_plugAndPlay (void) {
}
#if defined(ENABLE_PKCS11H_SLOTEVENT)
- if (g_pkcs11h_data->slotevent.initialized) {
+ if (_g_pkcs11h_data->slotevent.initialized) {
slot_event_active = TRUE;
_pkcs11h_slotevent_terminate ();
}
#endif
for (
- current = g_pkcs11h_data->providers;
+ current = _g_pkcs11h_data->providers;
current != NULL;
current = current->next
) {
@@ -974,11 +1022,11 @@ pkcs11h_plugAndPlay (void) {
#endif
#if defined(ENABLE_PKCS11H_THREADING)
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
#endif
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_forkFixup return"
);
@@ -998,16 +1046,16 @@ _pkcs11h_log (
) {
va_list args;
- PKCS11H_ASSERT (format!=NULL);
+ _PKCS11H_ASSERT (format!=NULL);
va_start (args, format);
if (
- g_pkcs11h_data != NULL &&
- g_pkcs11h_data->initialized
+ _g_pkcs11h_data != NULL &&
+ _g_pkcs11h_data->initialized
) {
- if (PKCS11H_MSG_LEVEL_TEST (flags)) {
- if (g_pkcs11h_data->hooks.log == NULL) {
+ if (__PKCS11H_MSG_LEVEL_TEST (flags)) {
+ if (_g_pkcs11h_data->hooks.log == NULL) {
__pkcs11h_hooks_default_log (
NULL,
flags,
@@ -1016,8 +1064,8 @@ _pkcs11h_log (
);
}
else {
- g_pkcs11h_data->hooks.log (
- g_pkcs11h_data->hooks.log_data,
+ _g_pkcs11h_data->hooks.log (
+ _g_pkcs11h_data->hooks.log_data,
flags,
format,
args
@@ -1051,15 +1099,15 @@ __pkcs11h_hooks_default_token_prompt (
IN const pkcs11h_token_id_t token,
IN const unsigned retry
) {
- /*PKCS11H_ASSERT (global_data) NOT NEEDED */
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_ASSERT (token!=NULL);
+ /*_PKCS11H_ASSERT (global_data) NOT NEEDED */
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (token!=NULL);
(void)global_data;
(void)user_data;
(void)retry;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_hooks_default_token_prompt global_data=%p, user_data=%p, display='%s'",
global_data,
@@ -1080,9 +1128,9 @@ __pkcs11h_hooks_default_pin_prompt (
OUT char * const pin,
IN const size_t pin_max
) {
- /*PKCS11H_ASSERT (global_data) NOT NEEDED */
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_ASSERT (token!=NULL);
+ /*_PKCS11H_ASSERT (global_data) NOT NEEDED */
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (token!=NULL);
(void)global_data;
(void)user_data;
@@ -1090,7 +1138,7 @@ __pkcs11h_hooks_default_pin_prompt (
(void)pin;
(void)pin_max;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_hooks_default_pin_prompt global_data=%p, user_data=%p, display='%s'",
global_data,
@@ -1107,8 +1155,8 @@ __pkcs11h_hooks_default_pin_prompt (
static
void
__pkcs11h_threading_atfork_prepare (void) {
- if (g_pkcs11h_data != NULL && g_pkcs11h_data->initialized) {
- if (g_pkcs11h_data->safefork) {
+ if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) {
+ if (_g_pkcs11h_data->safefork) {
_pkcs1h_threading_mutexLockAll ();
}
}
@@ -1116,8 +1164,8 @@ __pkcs11h_threading_atfork_prepare (void) {
static
void
__pkcs11h_threading_atfork_parent (void) {
- if (g_pkcs11h_data != NULL && g_pkcs11h_data->initialized) {
- if (g_pkcs11h_data->safefork) {
+ if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) {
+ if (_g_pkcs11h_data->safefork) {
_pkcs1h_threading_mutexReleaseAll ();
}
}
@@ -1125,9 +1173,9 @@ __pkcs11h_threading_atfork_parent (void) {
static
void
__pkcs11h_threading_atfork_child (void) {
- if (g_pkcs11h_data != NULL && g_pkcs11h_data->initialized) {
+ if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) {
_pkcs1h_threading_mutexReleaseAll ();
- if (g_pkcs11h_data->safefork) {
+ if (_g_pkcs11h_data->safefork) {
__pkcs11h_forkFixup (TRUE);
}
else {
@@ -1149,7 +1197,7 @@ __pkcs11h_forkFixup (
#endif
pid_t mypid = getpid ();
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_forkFixup entry pid=%d",
mypid
@@ -1159,17 +1207,18 @@ __pkcs11h_forkFixup (
(void)activate_slotevent;
#endif
- if (g_pkcs11h_data != NULL && g_pkcs11h_data->initialized) {
- pkcs11h_provider_t current;
+ if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) {
+ _pkcs11h_provider_t current;
#if defined(ENABLE_PKCS11H_THREADING)
- if (_pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global) == CKR_OK) {
- mutex_locked = TRUE;
+ if (_pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
for (
- current = g_pkcs11h_data->providers;
+ current = _g_pkcs11h_data->providers;
current != NULL;
current = current->next
) {
@@ -1182,7 +1231,7 @@ __pkcs11h_forkFixup (
* After fork we have no threads...
* So just initialized.
*/
- if (g_pkcs11h_data->slotevent.initialized) {
+ if (_g_pkcs11h_data->slotevent.initialized) {
_pkcs11h_slotevent_terminate_force ();
if (activate_slotevent) {
@@ -1191,16 +1240,18 @@ __pkcs11h_forkFixup (
}
#endif
}
- }
#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
- mutex_locked = FALSE;
- }
+ cleanup:
+
+ if (mutex_locked) {
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
+ mutex_locked = FALSE;
+ }
#endif
+ }
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_forkFixup return"
);
diff --git a/lib/pkcs11h-crypto.c b/lib/pkcs11h-crypto.c
index 8699c83..97730f7 100644
--- a/lib/pkcs11h-crypto.c
+++ b/lib/pkcs11h-crypto.c
@@ -103,9 +103,9 @@
#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
#if OPENSSL_VERSION_NUMBER < 0x00908000L
-typedef unsigned char *pkcs11_openssl_d2i_t;
+typedef unsigned char *__pkcs11_openssl_d2i_t;
#else
-typedef const unsigned char *pkcs11_openssl_d2i_t;
+typedef const unsigned char *__pkcs11_openssl_d2i_t;
#endif
#endif
@@ -202,12 +202,12 @@ __pkcs11h_crypto_gnutls_certificate_is_issuer (
#if defined(ENABLE_PKCS11H_ENGINE_WIN32)
-typedef PCCERT_CONTEXT (WINAPI *CertCreateCertificateContext_t) (
+typedef PCCERT_CONTEXT (WINAPI *__CertCreateCertificateContext_t) (
DWORD dwCertEncodingType,
const BYTE *pbCertEncoded,
DWORD cbCertEncoded
);
-typedef BOOL (WINAPI *CertFreeCertificateContext_t) (
+typedef BOOL (WINAPI *__CertFreeCertificateContext_t) (
PCCERT_CONTEXT pCertContext
);
typedef DWORD (WINAPI *CertNameToStrW_t) (
@@ -217,7 +217,7 @@ typedef DWORD (WINAPI *CertNameToStrW_t) (
LPWSTR psz,
DWORD csz
);
-typedef BOOL (WINAPI *CryptVerifyCertificateSignatureEx_t) (
+typedef BOOL (WINAPI *__CryptVerifyCertificateSignatureEx_t) (
void *hCryptProv,
DWORD dwCertEncodingType,
DWORD dwSubjectType,
@@ -230,10 +230,10 @@ typedef BOOL (WINAPI *CryptVerifyCertificateSignatureEx_t) (
typedef struct __crypto_win32_data_s {
HMODULE handle;
- CertCreateCertificateContext_t p_CertCreateCertificateContext;
- CertFreeCertificateContext_t p_CertFreeCertificateContext;
+ __CertCreateCertificateContext_t p_CertCreateCertificateContext;
+ __CertFreeCertificateContext_t p_CertFreeCertificateContext;
CertNameToStrW_t p_CertNameToStrW;
- CryptVerifyCertificateSignatureEx_t p_CryptVerifyCertificateSignatureEx;
+ __CryptVerifyCertificateSignatureEx_t p_CryptVerifyCertificateSignatureEx;
} *__crypto_win32_data_t;
static
@@ -280,7 +280,7 @@ __pkcs11h_crypto_win32_certificate_is_issuer (
#endif
#if defined(ENABLE_PKCS11H_ENGINE_OPENSSL)
-pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
+pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
NULL,
__pkcs11h_crypto_openssl_initialize,
__pkcs11h_crypto_openssl_uninitialize,
@@ -289,7 +289,7 @@ pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
__pkcs11h_crypto_openssl_certificate_is_issuer
};
#elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS)
-pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
+pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
NULL,
__pkcs11h_crypto_gnutls_initialize,
__pkcs11h_crypto_gnutls_uninitialize,
@@ -299,7 +299,7 @@ pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
};
#elif defined(ENABLE_PKCS11H_ENGINE_WIN32)
static struct __crypto_win32_data_s s_win32_data = { NULL };
-pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
+pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
&s_win32_data,
__pkcs11h_crypto_win32_initialize,
__pkcs11h_crypto_win32_uninitialize,
@@ -308,7 +308,7 @@ pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
__pkcs11h_crypto_win32_certificate_is_issuer
};
#else
-pkcs11h_engine_crypto_t g_pkcs11h_crypto_engine = {
+pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = {
NULL,
NULL,
NULL,
@@ -323,9 +323,9 @@ CK_RV
pkcs11h_engine_setCrypto (
IN const pkcs11h_engine_crypto_t * const engine
) {
- PKCS11H_ASSERT (engine!=NULL);
+ _PKCS11H_ASSERT (engine!=NULL);
- memmove (&g_pkcs11h_crypto_engine, engine, sizeof (pkcs11h_engine_crypto_t));
+ memmove (&_g_pkcs11h_crypto_engine, engine, sizeof (pkcs11h_engine_crypto_t));
return CKR_OK;
}
@@ -366,16 +366,16 @@ __pkcs11h_crypto_openssl_certificate_get_expiration (
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_ASSERT (expiration!=NULL);
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (expiration!=NULL);
*expiration = (time_t)0;
x509 = X509_new ();
if (x509 != NULL) {
- pkcs11_openssl_d2i_t d2i = (pkcs11_openssl_d2i_t)blob;
+ __pkcs11_openssl_d2i_t d2i = (__pkcs11_openssl_d2i_t)blob;
if (
d2i_X509 (&x509, &d2i, blob_size)
@@ -424,20 +424,20 @@ __pkcs11h_crypto_openssl_certificate_get_dn (
IN const size_t dn_max
) {
X509 *x509 = NULL;
- pkcs11_openssl_d2i_t d2i1;
+ __pkcs11_openssl_d2i_t d2i1;
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_ASSERT (dn!=NULL);
- PKCS11H_ASSERT (dn_max>0);
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (dn!=NULL);
+ _PKCS11H_ASSERT (dn_max>0);
dn[0] = '\x0';
if (blob_size > 0) {
if ((x509 = X509_new ()) != NULL) {
- d2i1 = (pkcs11_openssl_d2i_t)blob;
+ d2i1 = (__pkcs11_openssl_d2i_t)blob;
if (d2i_X509 (&x509, &d2i1, blob_size)) {
X509_NAME_oneline (
X509_get_subject_name (x509),
@@ -466,67 +466,51 @@ __pkcs11h_crypto_openssl_certificate_is_issuer (
X509 *x509_issuer = NULL;
X509 *x509_cert = NULL;
EVP_PKEY *pub_issuer = NULL;
- pkcs11_openssl_d2i_t d2i;
+ __pkcs11_openssl_d2i_t d2i;
PKCS11H_BOOL is_issuer = FALSE;
- PKCS11H_BOOL ok = TRUE;
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (issuer_blob!=NULL);
- PKCS11H_ASSERT (cert_blob!=NULL);
-
- if (
- ok &&
- (x509_issuer = X509_new ()) == NULL
- ) {
- ok = FALSE;
- }
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (issuer_blob!=NULL);
+ _PKCS11H_ASSERT (cert_blob!=NULL);
if (
- ok &&
+ (x509_issuer = X509_new ()) == NULL ||
(x509_cert = X509_new ()) == NULL
) {
- ok = FALSE;
+ goto cleanup;
}
- if (ok && (x509_issuer == NULL || x509_cert == NULL)) {
- ok = FALSE;
- }
-
- d2i = (pkcs11_openssl_d2i_t)issuer_blob;
+ d2i = (__pkcs11_openssl_d2i_t)issuer_blob;
if (
- ok &&
!d2i_X509 (
&x509_issuer,
&d2i,
issuer_blob_size
)
) {
- ok = FALSE;
+ goto cleanup;
}
- d2i = (pkcs11_openssl_d2i_t)cert_blob;
+ d2i = (__pkcs11_openssl_d2i_t)cert_blob;
if (
- ok &&
!d2i_X509 (
&x509_cert,
&d2i,
cert_blob_size
)
) {
- ok = FALSE;
+ goto cleanup;
}
if (
- ok &&
(pub_issuer = X509_get_pubkey (x509_issuer)) == NULL
) {
- ok = FALSE;
+ goto cleanup;
}
if (
- ok &&
!X509_NAME_cmp (
X509_get_subject_name (x509_issuer),
X509_get_issuer_name (x509_cert)
@@ -536,6 +520,8 @@ __pkcs11h_crypto_openssl_certificate_is_issuer (
is_issuer = TRUE;
}
+cleanup:
+
if (pub_issuer != NULL) {
EVP_PKEY_free (pub_issuer);
pub_issuer = NULL;
@@ -577,7 +563,7 @@ __pkcs11h_crypto_gnutls_initialize (
) {
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
if (gnutls_global_init () != GNUTLS_E_SUCCESS) {
return FALSE;
}
@@ -593,7 +579,7 @@ __pkcs11h_crypto_gnutls_uninitialize (
) {
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
gnutls_global_deinit ();
return TRUE;
@@ -611,9 +597,9 @@ __pkcs11h_crypto_gnutls_certificate_get_expiration (
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_ASSERT (expiration!=NULL);
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (expiration!=NULL);
*expiration = (time_t)0;
@@ -652,10 +638,10 @@ __pkcs11h_crypto_gnutls_certificate_get_dn (
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_ASSERT (dn!=NULL);
- PKCS11H_ASSERT (dn_max>0);
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (dn!=NULL);
+ _PKCS11H_ASSERT (dn_max>0);
dn[0] = '\x0';
@@ -694,56 +680,52 @@ __pkcs11h_crypto_gnutls_certificate_is_issuer (
gnutls_x509_crt_t cert_cert = NULL;
gnutls_datum_t datum;
PKCS11H_BOOL is_issuer = FALSE;
- PKCS11H_BOOL ok = TRUE;
unsigned int result = 0;
(void)global_data;
- /*PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (issuer_blob!=NULL);
- PKCS11H_ASSERT (cert_blob!=NULL);
+ /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (issuer_blob!=NULL);
+ _PKCS11H_ASSERT (cert_blob!=NULL);
if (ok && gnutls_x509_crt_init (&cert_issuer) != GNUTLS_E_SUCCESS) {
/* gnutls sets output */
cert_issuer = NULL;
- ok = FALSE;
+ goto cleanup;
}
if (ok && gnutls_x509_crt_init (&cert_cert) != GNUTLS_E_SUCCESS) {
/* gnutls sets output */
cert_cert = NULL;
- ok = FALSE;
+ goto cleanup;
}
datum.data = (unsigned char *)issuer_blob;
datum.size = issuer_blob_size;
if (
- ok &&
gnutls_x509_crt_import (
cert_issuer,
&datum,
GNUTLS_X509_FMT_DER
) != GNUTLS_E_SUCCESS
) {
- ok = FALSE;
+ goto cleanup;
}
datum.data = (unsigned char *)cert_blob;
datum.size = cert_blob_size;
if (
- ok &&
gnutls_x509_crt_import (
cert_cert,
&datum,
GNUTLS_X509_FMT_DER
) != GNUTLS_E_SUCCESS
) {
- ok = FALSE;
+ goto cleanup;
}
if (
- ok &&
gnutls_x509_crt_verify (
cert_cert,
&cert_issuer,
@@ -756,6 +738,8 @@ __pkcs11h_crypto_gnutls_certificate_is_issuer (
is_issuer = TRUE;
}
+cleanup:
+
if (cert_cert != NULL) {
gnutls_x509_crt_deinit (cert_cert);
cert_cert = NULL;
@@ -780,7 +764,7 @@ __pkcs11h_crypto_win32_initialize (
) {
__crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
- PKCS11H_ASSERT (global_data!=NULL);
+ _PKCS11H_ASSERT (global_data!=NULL);
__pkcs11h_crypto_win32_uninitialize (data);
@@ -789,11 +773,11 @@ __pkcs11h_crypto_win32_initialize (
return 0;
}
- data->p_CertCreateCertificateContext = (CertCreateCertificateContext_t)GetProcAddress (
+ data->p_CertCreateCertificateContext = (__CertCreateCertificateContext_t)GetProcAddress (
data->handle,
"CertCreateCertificateContext"
);
- data->p_CertFreeCertificateContext = (CertFreeCertificateContext_t)GetProcAddress (
+ data->p_CertFreeCertificateContext = (__CertFreeCertificateContext_t)GetProcAddress (
data->handle,
"CertFreeCertificateContext"
);
@@ -801,7 +785,7 @@ __pkcs11h_crypto_win32_initialize (
data->handle,
"CertNameToStrW"
);
- data->p_CryptVerifyCertificateSignatureEx = (CryptVerifyCertificateSignatureEx_t)GetProcAddress (
+ data->p_CryptVerifyCertificateSignatureEx = (__CryptVerifyCertificateSignatureEx_t)GetProcAddress (
data->handle,
"CryptVerifyCertificateSignatureEx"
);
@@ -826,7 +810,7 @@ __pkcs11h_crypto_win32_uninitialize (
) {
__crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
- PKCS11H_ASSERT (global_data!=NULL);
+ _PKCS11H_ASSERT (global_data!=NULL);
if (data->handle != NULL) {
FreeLibrary (data->handle);
@@ -848,52 +832,46 @@ __pkcs11h_crypto_win32_certificate_get_expiration (
) {
__crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
PCCERT_CONTEXT cert = NULL;
- PKCS11H_BOOL ok = TRUE;
+ PKCS11H_BOOL ok = FALSE;
+ time_t now = time (NULL);
SYSTEMTIME st;
+ struct tm tm1;
- PKCS11H_ASSERT (global_data!=NULL);
- PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_ASSERT (expiration!=NULL);
+ _PKCS11H_ASSERT (global_data!=NULL);
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (expiration!=NULL);
*expiration = (time_t)0;
if (
- ok &&
(cert = data->p_CertCreateCertificateContext (
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
blob,
blob_size
- )) == NULL
- ) {
- ok = FALSE;
- }
-
- if (
- ok &&
+ )) == NULL ||
!FileTimeToSystemTime (
&cert->pCertInfo->NotAfter,
&st
)
) {
- ok = FALSE;
+ goto cleanup;
}
- if (ok) {
- struct tm tm1;
- time_t now = time (NULL);
+ memset (&tm1, 0, sizeof (tm1));
+ tm1.tm_year = st.wYear - 1900;
+ tm1.tm_mon = st.wMonth - 1;
+ tm1.tm_mday = st.wDay;
+ tm1.tm_hour = st.wHour;
+ tm1.tm_min = st.wMinute;
+ tm1.tm_sec = st.wSecond;
- memset (&tm1, 0, sizeof (tm1));
- tm1.tm_year = st.wYear - 1900;
- tm1.tm_mon = st.wMonth - 1;
- tm1.tm_mday = st.wDay;
- tm1.tm_hour = st.wHour;
- tm1.tm_min = st.wMinute;
- tm1.tm_sec = st.wSecond;
+ tm1.tm_sec += (int)(mktime (localtime (&now)) - mktime (gmtime (&now)));
- tm1.tm_sec += (int)(mktime (localtime (&now)) - mktime (gmtime (&now)));
+ *expiration = mktime (&tm1);
- *expiration = mktime (&tm1);
- }
+ ok = TRUE;
+
+cleanup:
if (cert != NULL) {
data->p_CertFreeCertificateContext (cert);
@@ -918,26 +896,19 @@ __pkcs11h_crypto_win32_certificate_get_dn (
DWORD wsize;
WCHAR *wstr = NULL;
- PKCS11H_ASSERT (global_data!=NULL);
- PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_ASSERT (dn!=NULL);
- PKCS11H_ASSERT (dn_max>0);
+ _PKCS11H_ASSERT (global_data!=NULL);
+ _PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (dn!=NULL);
+ _PKCS11H_ASSERT (dn_max>0);
dn[0] = '\x0';
if (
- ok &&
(cert = data->p_CertCreateCertificateContext (
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
blob,
blob_size
- )) == NULL
- ) {
- ok = FALSE;
- }
-
- if (
- ok &&
+ )) == NULL ||
(wsize = data->p_CertNameToStrW (
X509_ASN_ENCODING,
&cert->pCertInfo->Subject,
@@ -946,31 +917,21 @@ __pkcs11h_crypto_win32_certificate_get_dn (
0
)) == 0
) {
- ok = FALSE;
+ goto cleanup;
}
- if (
- ok &&
- (wstr = (WCHAR *)g_pkcs11h_sys_engine.malloc (wsize * sizeof (WCHAR))) == NULL
- ) {
- ok = FALSE;
+ if ((wstr = (WCHAR *)_g_pkcs11h_sys_engine.malloc (wsize * sizeof (WCHAR))) == NULL) {
+ goto cleanup;
}
if (
- ok &&
(wsize = data->p_CertNameToStrW (
X509_ASN_ENCODING,
&cert->pCertInfo->Subject,
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
wstr,
wsize
- )) == 0
- ) {
- ok = FALSE;
- }
-
- if (
- ok &&
+ )) == 0 ||
WideCharToMultiByte (
CP_UTF8,
0,
@@ -982,11 +943,15 @@ __pkcs11h_crypto_win32_certificate_get_dn (
NULL
) == 0
) {
- ok = FALSE;
+ goto cleanup;
}
+ ok = TRUE;
+
+cleanup:
+
if (wstr != NULL) {
- g_pkcs11h_sys_engine.free (wstr);
+ _g_pkcs11h_sys_engine.free (wstr);
wstr = NULL;
}
@@ -1010,37 +975,28 @@ __pkcs11h_crypto_win32_certificate_is_issuer (
__crypto_win32_data_t data = (__crypto_win32_data_t)global_data;
PCCERT_CONTEXT cert_issuer = NULL;
PCCERT_CONTEXT cert_cert = NULL;
- PKCS11H_BOOL ok = TRUE;
PKCS11H_BOOL issuer = FALSE;
- PKCS11H_ASSERT (global_data!=NULL);
- PKCS11H_ASSERT (issuer_blob!=NULL);
- PKCS11H_ASSERT (cert_blob!=NULL);
+ _PKCS11H_ASSERT (global_data!=NULL);
+ _PKCS11H_ASSERT (issuer_blob!=NULL);
+ _PKCS11H_ASSERT (cert_blob!=NULL);
if (
- ok &&
(cert_issuer = data->p_CertCreateCertificateContext (
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
issuer_blob,
issuer_blob_size
- )) == NULL
- ) {
- ok = FALSE;
- }
-
- if (
- ok &&
+ )) == NULL ||
(cert_cert = data->p_CertCreateCertificateContext (
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
cert_blob,
cert_blob_size
)) == NULL
) {
- ok = FALSE;
+ goto cleanup;
}
if (
- ok &&
data->p_CryptVerifyCertificateSignatureEx (
NULL,
X509_ASN_ENCODING,
@@ -1055,6 +1011,8 @@ __pkcs11h_crypto_win32_certificate_is_issuer (
issuer = TRUE;
}
+cleanup:
+
if (cert_issuer != NULL) {
data->p_CertFreeCertificateContext (cert_issuer);
cert_issuer = NULL;
diff --git a/lib/pkcs11h-data.c b/lib/pkcs11h-data.c
index e81c9c7..cae5513 100644
--- a/lib/pkcs11h-data.c
+++ b/lib/pkcs11h-data.c
@@ -60,7 +60,7 @@
static
CK_RV
_pkcs11h_data_getObject (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const char * const application,
IN const char * const label,
OUT CK_OBJECT_HANDLE * const p_handle
@@ -73,13 +73,13 @@ _pkcs11h_data_getObject (
};
CK_OBJECT_HANDLE *objects = NULL;
CK_ULONG objects_found = 0;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (application!=NULL);
- PKCS11H_ASSERT (label!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (application!=NULL);
+ _PKCS11H_ASSERT (label!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_data_getObject entry session=%p, application='%s', label='%s', p_handle=%p",
(void *)session,
@@ -88,38 +88,39 @@ _pkcs11h_data_getObject (
(void *)p_handle
);
- *p_handle = PKCS11H_INVALID_OBJECT_HANDLE;
+ *p_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
+ if ((rv = _pkcs11h_session_validate (session)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
+ if (
+ (rv = _pkcs11h_session_findObjects (
session,
filter,
sizeof (filter) / sizeof (CK_ATTRIBUTE),
&objects,
&objects_found
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- objects_found == 0
- ) {
+ if (objects_found == 0) {
rv = CKR_FUNCTION_REJECTED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p_handle = objects[0];
- }
+ *p_handle = objects[0];
+ rv = CKR_OK;
+
+cleanup:
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_data_getObject return rv=%lu-'%s', *p_handle=%08lx",
rv,
@@ -144,27 +145,27 @@ pkcs11h_data_get (
CK_ATTRIBUTE attrs[] = {
{CKA_VALUE, NULL, 0}
};
- CK_OBJECT_HANDLE handle = PKCS11H_INVALID_OBJECT_HANDLE;
- CK_RV rv = CKR_OK;
+ CK_OBJECT_HANDLE handle = _PKCS11H_INVALID_OBJECT_HANDLE;
+ CK_RV rv = CKR_FUNCTION_FAILED;
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t session = NULL;
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
size_t blob_size_max = 0;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (token_id!=NULL);
- PKCS11H_ASSERT (application!=NULL);
- PKCS11H_ASSERT (label!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- /*PKCS11H_ASSERT (blob!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (p_blob_size!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (application!=NULL);
+ _PKCS11H_ASSERT (label!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
+ /*_PKCS11H_ASSERT (blob!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (p_blob_size!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_get entry token_id=%p, application='%s', label='%s', user_data=%p, mask_prompt=%08x, blob=%p, *p_blob_size=%u",
(void *)token_id,
@@ -181,52 +182,49 @@ pkcs11h_data_get (
}
*p_blob_size = 0;
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- while (rv == CKR_OK && !op_succeed) {
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_data_getObject (
+ while (!op_succeed) {
+ if (
+ (rv = _pkcs11h_session_validate (session)) != CKR_OK ||
+ (rv = _pkcs11h_data_getObject (
session,
application,
label,
&handle
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getObjectAttributes (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_session_getObjectAttributes (
session,
handle,
attrs,
sizeof (attrs)/sizeof (CK_ATTRIBUTE)
- );
+ )) != CKR_OK
+ ) {
+ goto retry;
}
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ op_succeed = TRUE;
+ rv = CKR_OK;
+
+ retry:
+
+ if (!op_succeed) {
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Read data object failed rv=%lu-'%s'",
rv,
@@ -241,9 +239,28 @@ pkcs11h_data_get (
mask_prompt
);
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+ }
+ }
+
+ *p_blob_size = attrs[0].ulValueLen;
+
+ if (blob != NULL) {
+ if (*p_blob_size > blob_size_max) {
+ rv = CKR_BUFFER_TOO_SMALL;
+ }
+ else {
+ memmove (blob, attrs[0].pValue, *p_blob_size);
}
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -251,21 +268,6 @@ pkcs11h_data_get (
}
#endif
- if (rv == CKR_OK) {
- *p_blob_size = attrs[0].ulValueLen;
- }
-
- if (rv == CKR_OK) {
- if (blob != NULL) {
- if (*p_blob_size > blob_size_max) {
- rv = CKR_BUFFER_TOO_SMALL;
- }
- else {
- memmove (blob, attrs[0].pValue, *p_blob_size);
- }
- }
- }
-
_pkcs11h_session_freeObjectAttributes (
attrs,
sizeof (attrs)/sizeof (CK_ATTRIBUTE)
@@ -276,7 +278,7 @@ pkcs11h_data_get (
session = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_get return rv=%lu-'%s', *p_blob_size=%u",
rv,
@@ -311,25 +313,25 @@ pkcs11h_data_put (
{CKA_VALUE, blob, blob_size}
};
- CK_OBJECT_HANDLE handle = PKCS11H_INVALID_OBJECT_HANDLE;
- CK_RV rv = CKR_OK;
+ CK_OBJECT_HANDLE handle = _PKCS11H_INVALID_OBJECT_HANDLE;
+ CK_RV rv = CKR_FUNCTION_FAILED;
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t session = NULL;
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (token_id!=NULL);
- PKCS11H_ASSERT (application!=NULL);
- PKCS11H_ASSERT (label!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_ASSERT (blob!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (application!=NULL);
+ _PKCS11H_ASSERT (label!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (blob!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_put entry token_id=%p, application='%s', label='%s', user_data=%p, mask_prompt=%08x, blob=%p, blob_size=%u",
(void *)token_id,
@@ -341,43 +343,44 @@ pkcs11h_data_put (
blob != NULL ? blob_size : 0
);
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- while (rv == CKR_OK && !op_succeed) {
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
- }
+ while (!op_succeed) {
- if (rv == CKR_OK) {
- rv = session->provider->f->C_CreateObject (
+ if (
+ (rv = _pkcs11h_session_validate (session)) != CKR_OK ||
+ (rv = session->provider->f->C_CreateObject (
session->session_handle,
attrs,
sizeof (attrs)/sizeof (CK_ATTRIBUTE),
&handle
- );
+ )) != CKR_OK
+ ) {
+ goto retry;
}
+
+ op_succeed = TRUE;
+ rv = CKR_OK;
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ retry:
+
+ if (!op_succeed) {
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Write data object failed rv=%lu-'%s'",
rv,
@@ -392,9 +395,17 @@ pkcs11h_data_put (
mask_prompt
);
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -407,7 +418,7 @@ pkcs11h_data_put (
session = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_put return rv=%lu-'%s'",
rv,
@@ -429,20 +440,20 @@ pkcs11h_data_del (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t session = NULL;
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
- CK_OBJECT_HANDLE handle = PKCS11H_INVALID_OBJECT_HANDLE;
- CK_RV rv = CKR_OK;
+ CK_OBJECT_HANDLE handle = _PKCS11H_INVALID_OBJECT_HANDLE;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (token_id!=NULL);
- PKCS11H_ASSERT (application!=NULL);
- PKCS11H_ASSERT (label!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (application!=NULL);
+ _PKCS11H_ASSERT (label!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_del entry token_id=%p, application='%s', label='%s', user_data=%p, mask_prompt=%08x",
(void *)token_id,
@@ -452,50 +463,48 @@ pkcs11h_data_del (
mask_prompt
);
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- while (rv == CKR_OK && !op_succeed) {
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
- }
+ while (!op_succeed) {
- if (rv == CKR_OK) {
- rv = _pkcs11h_data_getObject (
+ if (
+ (rv = _pkcs11h_session_validate (session)) != CKR_OK ||
+ (rv = _pkcs11h_data_getObject (
session,
application,
label,
&handle
- );
- }
-
- if (rv == CKR_OK) {
- rv = session->provider->f->C_DestroyObject (
+ )) != CKR_OK ||
+ (rv = session->provider->f->C_DestroyObject (
session->session_handle,
handle
- );
+ )) != CKR_OK
+ ) {
+ goto retry;
}
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ op_succeed = TRUE;
+ rv = CKR_OK;
+
+ retry:
+
+ if (!op_succeed) {
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Remove data object failed rv=%lu-'%s'",
rv,
@@ -510,14 +519,20 @@ pkcs11h_data_del (
mask_prompt
);
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
- if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&session->mutex);
- mutex_locked = FALSE;
- }
+ if (mutex_locked) {
+ _pkcs11h_threading_mutexRelease (&session->mutex);
+ mutex_locked = FALSE;
+ }
#endif
if (session != NULL) {
@@ -525,7 +540,7 @@ pkcs11h_data_del (
session = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_del return rv=%lu-'%s'",
rv,
@@ -541,11 +556,11 @@ pkcs11h_data_freeDataIdList (
) {
pkcs11h_data_id_list_t _id = data_id_list;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- /*PKCS11H_ASSERT (data_id_list!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ /*_PKCS11H_ASSERT (data_id_list!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_freeDataIdList entry token_id_list=%p",
(void *)data_id_list
@@ -564,7 +579,7 @@ pkcs11h_data_freeDataIdList (
_pkcs11h_mem_free ((void *)&x);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeDataIdList return"
);
@@ -583,18 +598,18 @@ pkcs11h_data_enumDataObjects (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t session = NULL;
pkcs11h_data_id_list_t data_id_list = NULL;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
PKCS11H_BOOL op_succeed = FALSE;
PKCS11H_BOOL login_retry = FALSE;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (p_data_id_list!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (p_data_id_list!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_enumDataObjects entry token_id=%p, is_public=%d, user_data=%p, mask_prompt=%08x, p_data_id_list=%p",
(void *)token_id,
@@ -606,23 +621,23 @@ pkcs11h_data_enumDataObjects (
*p_data_id_list = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- while (rv == CKR_OK && !op_succeed) {
+ while (!op_succeed) {
CK_OBJECT_CLASS class = CKO_DATA;
CK_ATTRIBUTE filter[] = {
@@ -633,21 +648,20 @@ pkcs11h_data_enumDataObjects (
CK_ULONG i;
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
+ if (
+ (rv = _pkcs11h_session_validate (session)) != CKR_OK ||
+ (rv = _pkcs11h_session_findObjects (
session,
filter,
sizeof (filter) / sizeof (CK_ATTRIBUTE),
&objects,
&objects_found
- );
+ )) != CKR_OK
+ ) {
+ goto retry1;
}
- for (i = 0;rv == CKR_OK && i < objects_found;i++) {
+ for (i = 0;i < objects_found;i++) {
pkcs11h_data_id_list_t entry = NULL;
CK_ATTRIBUTE attrs[] = {
@@ -655,49 +669,42 @@ pkcs11h_data_enumDataObjects (
{CKA_LABEL, NULL, 0}
};
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getObjectAttributes (
+ if (
+ (rv = _pkcs11h_session_getObjectAttributes (
session,
objects[i],
attrs,
sizeof (attrs) / sizeof (CK_ATTRIBUTE)
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_mem_malloc (
(void *)&entry,
sizeof (struct pkcs11h_data_id_list_s)
- );
- }
-
- if (
- rv == CKR_OK &&
+ )) != CKR_OK ||
(rv = _pkcs11h_mem_malloc (
(void *)&entry->application,
attrs[0].ulValueLen+1
- )) == CKR_OK
- ) {
- memmove (entry->application, attrs[0].pValue, attrs[0].ulValueLen);
- entry->application[attrs[0].ulValueLen] = '\0';
- }
-
- if (
- rv == CKR_OK &&
+ )) != CKR_OK ||
(rv = _pkcs11h_mem_malloc (
(void *)&entry->label,
attrs[1].ulValueLen+1
- )) == CKR_OK
+ )) != CKR_OK
) {
- memmove (entry->label, attrs[1].pValue, attrs[1].ulValueLen);
- entry->label[attrs[1].ulValueLen] = '\0';
+ goto retry11;
}
- if (rv == CKR_OK) {
- entry->next = data_id_list;
- data_id_list = entry;
- entry = NULL;
- }
+ memmove (entry->application, attrs[0].pValue, attrs[0].ulValueLen);
+ entry->application[attrs[0].ulValueLen] = '\0';
+
+ memmove (entry->label, attrs[1].pValue, attrs[1].ulValueLen);
+ entry->label[attrs[1].ulValueLen] = '\0';
+
+ entry->next = data_id_list;
+ data_id_list = entry;
+ entry = NULL;
+
+ rv = CKR_OK;
+
+ retry11:
_pkcs11h_session_freeObjectAttributes (
attrs,
@@ -715,16 +722,18 @@ pkcs11h_data_enumDataObjects (
}
}
+ op_succeed = TRUE;
+ rv = CKR_OK;
+
+ retry1:
+
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
}
- if (rv == CKR_OK) {
- op_succeed = TRUE;
- }
- else {
+ if (!op_succeed) {
if (!login_retry) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Enumerate data objects failed rv=%lu-'%s'",
rv,
@@ -739,9 +748,19 @@ pkcs11h_data_enumDataObjects (
mask_prompt
);
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
+ *p_data_id_list = data_id_list;
+ data_id_list = NULL;
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -749,11 +768,6 @@ pkcs11h_data_enumDataObjects (
}
#endif
- if (rv == CKR_OK) {
- *p_data_id_list = data_id_list;
- data_id_list = NULL;
- }
-
if (session != NULL) {
_pkcs11h_session_release (session);
session = NULL;
@@ -764,7 +778,7 @@ pkcs11h_data_enumDataObjects (
data_id_list = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_data_enumDataObjects return rv=%lu-'%s', *p_data_id_list=%p",
rv,
diff --git a/lib/pkcs11h-mem.c b/lib/pkcs11h-mem.c
index e3f1719..f404fec 100644
--- a/lib/pkcs11h-mem.c
+++ b/lib/pkcs11h-mem.c
@@ -61,14 +61,14 @@ _pkcs11h_mem_malloc (
) {
CK_RV rv = CKR_OK;
- PKCS11H_ASSERT (p!=NULL);
- PKCS11H_ASSERT (s!=0);
+ _PKCS11H_ASSERT (p!=NULL);
+ _PKCS11H_ASSERT (s!=0);
*p = NULL;
if (s > 0) {
if (
- (*p = (void *)g_pkcs11h_sys_engine.malloc (s)) == NULL
+ (*p = (void *)_g_pkcs11h_sys_engine.malloc (s)) == NULL
) {
rv = CKR_HOST_MEMORY;
}
@@ -84,9 +84,9 @@ CK_RV
_pkcs11h_mem_free (
IN const void * * const p
) {
- PKCS11H_ASSERT (p!=NULL);
+ _PKCS11H_ASSERT (p!=NULL);
- g_pkcs11h_sys_engine.free ((void *)*p);
+ _g_pkcs11h_sys_engine.free ((void *)*p);
*p = NULL;
return CKR_OK;
@@ -112,11 +112,11 @@ _pkcs11h_mem_duplicate (
IN const void * const src,
IN const size_t mem_size
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (dest!=NULL);
- /*PKCS11H_ASSERT (dest_size!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (!(mem_size!=0&&src==NULL));
+ _PKCS11H_ASSERT (dest!=NULL);
+ /*_PKCS11H_ASSERT (dest_size!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (!(mem_size!=0&&src==NULL));
*dest = NULL;
if (p_dest_size != NULL) {
@@ -124,17 +124,20 @@ _pkcs11h_mem_duplicate (
}
if (src != NULL) {
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_mem_malloc (dest, mem_size)) == CKR_OK
- ) {
- if (p_dest_size != NULL) {
- *p_dest_size = mem_size;
- }
- memmove ((void*)*dest, src, mem_size);
+ if ((rv = _pkcs11h_mem_malloc (dest, mem_size)) != CKR_OK) {
+ goto cleanup;
}
+
+ if (p_dest_size != NULL) {
+ *p_dest_size = mem_size;
+ }
+ memmove ((void*)*dest, src, mem_size);
}
+ rv = CKR_OK;
+
+cleanup:
+
return rv;
}
diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c
index d0ea5b3..8071fac 100644
--- a/lib/pkcs11h-openssl.c
+++ b/lib/pkcs11h-openssl.c
@@ -64,9 +64,9 @@
#endif
#if OPENSSL_VERSION_NUMBER < 0x00908000L
-typedef unsigned char *pkcs11_openssl_d2i_t;
+typedef unsigned char *__pkcs11_openssl_d2i_t;
#else
-typedef const unsigned char *pkcs11_openssl_d2i_t;
+typedef const unsigned char *__pkcs11_openssl_d2i_t;
#endif
struct pkcs11h_openssl_session_s {
@@ -81,13 +81,13 @@ struct pkcs11h_openssl_session_s {
static
int
-_pkcs11h_openssl_finish (
+__pkcs11h_openssl_finish (
IN OUT RSA *rsa
);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
static
int
-_pkcs11h_openssl_dec (
+__pkcs11h_openssl_dec (
IN int flen,
IN unsigned char *from,
OUT unsigned char *to,
@@ -96,7 +96,7 @@ _pkcs11h_openssl_dec (
);
static
int
-_pkcs11h_openssl_sign (
+__pkcs11h_openssl_sign (
IN int type,
IN unsigned char *m,
IN unsigned int m_len,
@@ -107,7 +107,7 @@ _pkcs11h_openssl_sign (
#else
static
int
-_pkcs11h_openssl_dec (
+__pkcs11h_openssl_dec (
IN int flen,
IN const unsigned char *from,
OUT unsigned char *to,
@@ -116,7 +116,7 @@ _pkcs11h_openssl_dec (
);
static
int
-_pkcs11h_openssl_sign (
+__pkcs11h_openssl_sign (
IN int type,
IN const unsigned char *m,
IN unsigned int m_len,
@@ -127,43 +127,43 @@ _pkcs11h_openssl_sign (
#endif
static
pkcs11h_openssl_session_t
-_pkcs11h_openssl_get_openssl_session (
+__pkcs11h_openssl_get_openssl_session (
IN OUT const RSA *rsa
);
static
pkcs11h_certificate_t
-_pkcs11h_openssl_get_pkcs11h_certificate (
+__pkcs11h_openssl_get_pkcs11h_certificate (
IN OUT const RSA *rsa
);
static
pkcs11h_openssl_session_t
-_pkcs11h_openssl_get_openssl_session (
+__pkcs11h_openssl_get_openssl_session (
IN OUT const RSA *rsa
) {
pkcs11h_openssl_session_t session;
- PKCS11H_ASSERT (rsa!=NULL);
+ _PKCS11H_ASSERT (rsa!=NULL);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
session = (pkcs11h_openssl_session_t)RSA_get_app_data ((RSA *)rsa);
#else
session = (pkcs11h_openssl_session_t)RSA_get_app_data (rsa);
#endif
- PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
return session;
}
static
pkcs11h_certificate_t
-_pkcs11h_openssl_get_pkcs11h_certificate (
+__pkcs11h_openssl_get_pkcs11h_certificate (
IN OUT const RSA *rsa
) {
- pkcs11h_openssl_session_t session = _pkcs11h_openssl_get_openssl_session (rsa);
+ pkcs11h_openssl_session_t session = __pkcs11h_openssl_get_openssl_session (rsa);
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (session->certificate!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (session->certificate!=NULL);
return session->certificate;
}
@@ -171,7 +171,7 @@ _pkcs11h_openssl_get_pkcs11h_certificate (
#if OPENSSL_VERSION_NUMBER < 0x00907000L
static
int
-_pkcs11h_openssl_dec (
+__pkcs11h_openssl_dec (
IN int flen,
IN unsigned char *from,
OUT unsigned char *to,
@@ -181,7 +181,7 @@ _pkcs11h_openssl_dec (
#else
static
int
-_pkcs11h_openssl_dec (
+__pkcs11h_openssl_dec (
IN int flen,
IN const unsigned char *from,
OUT unsigned char *to,
@@ -189,18 +189,19 @@ _pkcs11h_openssl_dec (
IN int padding
) {
#endif
- pkcs11h_certificate_t certificate = _pkcs11h_openssl_get_pkcs11h_certificate (rsa);
+ pkcs11h_certificate_t certificate = __pkcs11h_openssl_get_pkcs11h_certificate (rsa);
PKCS11H_BOOL session_locked = FALSE;
CK_MECHANISM_TYPE mech = CKM_RSA_PKCS;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ size_t tlen = (size_t)flen;
- PKCS11H_ASSERT (from!=NULL);
- PKCS11H_ASSERT (to!=NULL);
- PKCS11H_ASSERT (rsa!=NULL);
+ _PKCS11H_ASSERT (from!=NULL);
+ _PKCS11H_ASSERT (to!=NULL);
+ _PKCS11H_ASSERT (rsa!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_openssl_dec entered - flen=%d, from=%p, to=%p, rsa=%p, padding=%d",
+ "PKCS#11: __pkcs11h_openssl_dec entered - flen=%d, from=%p, to=%p, rsa=%p, padding=%d",
flen,
from,
to,
@@ -223,43 +224,42 @@ _pkcs11h_openssl_dec (
break;
}
+ if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) {
+ goto cleanup;
+ }
+ session_locked = TRUE;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Performing decryption"
+ );
+
if (
- rv == CKR_OK &&
- (rv = pkcs11h_certificate_lockSession (certificate)) == CKR_OK
+ (rv = pkcs11h_certificate_decryptAny (
+ certificate,
+ mech,
+ from,
+ flen,
+ to,
+ &tlen
+ )) != CKR_OK
) {
- session_locked = TRUE;
- }
-
- if (rv == CKR_OK) {
- size_t tlen = (size_t)flen;
-
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Performing decryption"
- );
-
- if (
- (rv = pkcs11h_certificate_decryptAny (
- certificate,
- mech,
- from,
- flen,
- to,
- &tlen
- )) != CKR_OK
- ) {
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform decryption %ld:'%s'", rv, pkcs11h_getMessage (rv));
- }
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform decryption %ld:'%s'", rv, pkcs11h_getMessage (rv));
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
if (session_locked) {
pkcs11h_certificate_releaseSession (certificate);
session_locked = FALSE;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_openssl_dec - return rv=%lu-'%s'",
+ "PKCS#11: __pkcs11h_openssl_dec - return rv=%lu-'%s'",
rv,
pkcs11h_getMessage (rv)
);
@@ -270,7 +270,7 @@ _pkcs11h_openssl_dec (
#if OPENSSL_VERSION_NUMBER < 0x00907000L
static
int
-_pkcs11h_openssl_sign (
+__pkcs11h_openssl_sign (
IN int type,
IN unsigned char *m,
IN unsigned int m_len,
@@ -281,7 +281,7 @@ _pkcs11h_openssl_sign (
#else
static
int
-_pkcs11h_openssl_sign (
+__pkcs11h_openssl_sign (
IN int type,
IN const unsigned char *m,
IN unsigned int m_len,
@@ -290,9 +290,9 @@ _pkcs11h_openssl_sign (
IN OUT const RSA *rsa
) {
#endif
- pkcs11h_certificate_t certificate = _pkcs11h_openssl_get_pkcs11h_certificate (rsa);
+ pkcs11h_certificate_t certificate = __pkcs11h_openssl_get_pkcs11h_certificate (rsa);
PKCS11H_BOOL session_locked = FALSE;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
int myrsa_size = 0;
@@ -300,13 +300,13 @@ _pkcs11h_openssl_sign (
unsigned char *enc = NULL;
int enc_len = 0;
- PKCS11H_ASSERT (m!=NULL);
- PKCS11H_ASSERT (sigret!=NULL);
- PKCS11H_ASSERT (siglen!=NULL);
+ _PKCS11H_ASSERT (m!=NULL);
+ _PKCS11H_ASSERT (sigret!=NULL);
+ _PKCS11H_ASSERT (siglen!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_openssl_sign entered - type=%d, m=%p, m_len=%u, signret=%p, *signlen=%u, rsa=%p",
+ "PKCS#11: __pkcs11h_openssl_sign entered - type=%d, m=%p, m_len=%u, signret=%p, *signlen=%u, rsa=%p",
type,
m,
m_len,
@@ -315,15 +315,11 @@ _pkcs11h_openssl_sign (
(void *)rsa
);
- if (rv == CKR_OK) {
- myrsa_size=RSA_size (rsa);
- }
+ myrsa_size=RSA_size (rsa);
if (type == NID_md5_sha1) {
- if (rv == CKR_OK) {
- enc = (unsigned char *)m;
- enc_len = m_len;
- }
+ enc = (unsigned char *)m;
+ enc_len = m_len;
}
else {
X509_SIG sig;
@@ -332,98 +328,82 @@ _pkcs11h_openssl_sign (
ASN1_OCTET_STRING digest;
unsigned char *p = NULL;
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_mem_malloc ((void*)&enc, myrsa_size+1)) == CKR_OK
- ) {
- enc_alloc = enc;
- }
-
- if (rv == CKR_OK) {
- sig.algor = &algor;
+ if ((rv = _pkcs11h_mem_malloc ((void*)&enc, myrsa_size+1)) != CKR_OK) {
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- (sig.algor->algorithm = OBJ_nid2obj (type)) == NULL
- ) {
+ enc_alloc = enc;
+ sig.algor = &algor;
+
+ if ((sig.algor->algorithm = OBJ_nid2obj (type)) == NULL) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- sig.algor->algorithm->length == 0
- ) {
+ if (sig.algor->algorithm->length == 0) {
rv = CKR_KEY_SIZE_RANGE;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
-
- sig.algor->parameter = ¶meter;
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
- sig.digest = &digest;
- sig.digest->data = (unsigned char *)m;
- sig.digest->length = m_len;
- }
+ sig.algor->parameter = ¶meter;
+
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m;
+ sig.digest->length = m_len;
- if (
- rv == CKR_OK &&
- (enc_len=i2d_X509_SIG (&sig, NULL)) < 0
- ) {
+ if ((enc_len=i2d_X509_SIG (&sig, NULL)) < 0) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
/*
* d_X509_SIG increments pointer!
*/
p = enc;
-
- if (
- rv == CKR_OK &&
- (enc_len=i2d_X509_SIG (&sig, &p)) < 0
- ) {
+ if ((enc_len=i2d_X509_SIG (&sig, &p)) < 0) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
}
- if (
- rv == CKR_OK &&
- enc_len > (myrsa_size-RSA_PKCS1_PADDING_SIZE)
- ) {
+ if (enc_len > (myrsa_size-RSA_PKCS1_PADDING_SIZE)) {
rv = CKR_KEY_SIZE_RANGE;
+ goto cleanup;
+ }
+
+ if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) {
+ goto cleanup;
}
+ session_locked = TRUE;
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Performing signature"
+ );
+
+ *siglen = myrsa_size;
if (
- rv == CKR_OK &&
- (rv = pkcs11h_certificate_lockSession (certificate)) == CKR_OK
+ (rv = pkcs11h_certificate_signAny (
+ certificate,
+ CKM_RSA_PKCS,
+ enc,
+ enc_len,
+ sigret,
+ siglen
+ )) != CKR_OK
) {
- session_locked = TRUE;
- }
-
- if (rv == CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Performing signature"
- );
-
- *siglen = myrsa_size;
-
- if (
- (rv = pkcs11h_certificate_signAny (
- certificate,
- CKM_RSA_PKCS,
- enc,
- enc_len,
- sigret,
- siglen
- )) != CKR_OK
- ) {
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv));
- }
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv));
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
if (session_locked) {
pkcs11h_certificate_releaseSession (certificate);
session_locked = FALSE;
@@ -433,9 +413,9 @@ _pkcs11h_openssl_sign (
_pkcs11h_mem_free ((void *)&enc_alloc);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_openssl_sign - return rv=%lu-'%s'",
+ "PKCS#11: __pkcs11h_openssl_sign - return rv=%lu-'%s'",
rv,
pkcs11h_getMessage (rv)
);
@@ -445,14 +425,14 @@ _pkcs11h_openssl_sign (
static
int
-_pkcs11h_openssl_finish (
+__pkcs11h_openssl_finish (
IN OUT RSA *rsa
) {
- pkcs11h_openssl_session_t openssl_session = _pkcs11h_openssl_get_openssl_session (rsa);
+ pkcs11h_openssl_session_t openssl_session = __pkcs11h_openssl_get_openssl_session (rsa);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_openssl_finish - entered rsa=%p",
+ "PKCS#11: __pkcs11h_openssl_finish - entered rsa=%p",
(void *)rsa
);
@@ -480,9 +460,9 @@ _pkcs11h_openssl_finish (
pkcs11h_openssl_freeSession (openssl_session);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_openssl_finish - return"
+ "PKCS#11: __pkcs11h_openssl_finish - return"
);
return 1;
@@ -495,76 +475,70 @@ pkcs11h_openssl_getX509 (
unsigned char *certificate_blob = NULL;
size_t certificate_blob_size = 0;
X509 *x509 = NULL;
- CK_RV rv = CKR_OK;
-
- pkcs11_openssl_d2i_t d2i1 = NULL;
- PKCS11H_BOOL ok = TRUE;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ __pkcs11_openssl_d2i_t d2i1 = NULL;
- PKCS11H_ASSERT (certificate!=NULL);
+ _PKCS11H_ASSERT (certificate!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_getX509 - entry certificate=%p",
(void *)certificate
);
- if (
- ok &&
- (x509 = X509_new ()) == NULL
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to allocate certificate object");
+ if ((x509 = X509_new ()) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to allocate certificate object");
+ rv = CKR_HOST_MEMORY;
+ goto cleanup;
}
if (
- ok &&
- pkcs11h_certificate_getCertificateBlob (
+ (rv = pkcs11h_certificate_getCertificateBlob (
certificate,
NULL,
&certificate_blob_size
- ) != CKR_OK
+ )) != CKR_OK
) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot read X.509 certificate from token %ld-'%s'", rv, pkcs11h_getMessage (rv));
+ goto cleanup;
}
- if (
- ok &&
- (rv = _pkcs11h_mem_malloc ((void *)&certificate_blob, certificate_blob_size)) != CKR_OK
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate X.509 memory %ld-'%s'", rv, pkcs11h_getMessage (rv));
+ if ((rv = _pkcs11h_mem_malloc ((void *)&certificate_blob, certificate_blob_size)) != CKR_OK) {
+ goto cleanup;
}
if (
- ok &&
- pkcs11h_certificate_getCertificateBlob (
+ (rv = pkcs11h_certificate_getCertificateBlob (
certificate,
certificate_blob,
&certificate_blob_size
- ) != CKR_OK
+ )) != CKR_OK
) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot read X.509 certificate from token %ld-'%s'", rv, pkcs11h_getMessage (rv));
+ goto cleanup;
}
- d2i1 = (pkcs11_openssl_d2i_t)certificate_blob;
- if (
- ok &&
- !d2i_X509 (&x509, &d2i1, certificate_blob_size)
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to parse X.509 certificate");
+ d2i1 = (__pkcs11_openssl_d2i_t)certificate_blob;
+ if (!d2i_X509 (&x509, &d2i1, certificate_blob_size)) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to parse X.509 certificate");
+ rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (!ok) {
- X509_free (x509);
- x509 = NULL;
+ rv = CKR_OK;
+
+cleanup:
+
+ if (rv != CKR_OK) {
+ if (x509 != NULL) {
+ X509_free (x509);
+ x509 = NULL;
+ }
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: pkcs11h_openssl_getX509 - return x509=%p",
+ "PKCS#11: pkcs11h_openssl_getX509 - return rv=%ld-'%s', x509=%p",
+ rv,
+ pkcs11h_getMessage (rv),
(void *)x509
);
@@ -575,49 +549,50 @@ pkcs11h_openssl_session_t
pkcs11h_openssl_createSession (
IN const pkcs11h_certificate_t certificate
) {
+ const RSA_METHOD *def;
pkcs11h_openssl_session_t openssl_session = NULL;
- PKCS11H_BOOL ok = TRUE;
+ PKCS11H_BOOL ok = FALSE;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_createSession - entry"
);
- if (ok) {
- OpenSSL_add_all_digests ();
- }
+ OpenSSL_add_all_digests ();
if (
- ok &&
_pkcs11h_mem_malloc (
(void*)&openssl_session,
sizeof (struct pkcs11h_openssl_session_s)) != CKR_OK
) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate memory");
ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate memory");
+ goto cleanup;
}
- if (ok) {
- const RSA_METHOD *def = RSA_get_default_method ();
+ def = RSA_get_default_method ();
- memmove (&openssl_session->smart_rsa, def, sizeof(RSA_METHOD));
+ memmove (&openssl_session->smart_rsa, def, sizeof(RSA_METHOD));
- openssl_session->orig_finish = def->finish;
+ openssl_session->orig_finish = def->finish;
- openssl_session->smart_rsa.name = "pkcs11";
- openssl_session->smart_rsa.rsa_priv_dec = _pkcs11h_openssl_dec;
- openssl_session->smart_rsa.rsa_sign = _pkcs11h_openssl_sign;
- openssl_session->smart_rsa.finish = _pkcs11h_openssl_finish;
- openssl_session->smart_rsa.flags = RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY;
- openssl_session->certificate = certificate;
- openssl_session->reference_count = 1;
- }
+ openssl_session->smart_rsa.name = "pkcs11";
+ openssl_session->smart_rsa.rsa_priv_dec = __pkcs11h_openssl_dec;
+ openssl_session->smart_rsa.rsa_sign = __pkcs11h_openssl_sign;
+ openssl_session->smart_rsa.finish = __pkcs11h_openssl_finish;
+ openssl_session->smart_rsa.flags = RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY;
+ openssl_session->certificate = certificate;
+ openssl_session->reference_count = 1;
+
+ ok = TRUE;
+
+cleanup:
if (!ok) {
_pkcs11h_mem_free ((void *)&openssl_session);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_createSession - return openssl_session=%p",
(void *)openssl_session
@@ -630,7 +605,7 @@ pkcs11h_hook_openssl_cleanup_t
pkcs11h_openssl_getCleanupHook (
IN const pkcs11h_openssl_session_t openssl_session
) {
- PKCS11H_ASSERT (openssl_session!=NULL);
+ _PKCS11H_ASSERT (openssl_session!=NULL);
return openssl_session->cleanup_hook;
}
@@ -640,7 +615,7 @@ pkcs11h_openssl_setCleanupHook (
IN const pkcs11h_openssl_session_t openssl_session,
IN const pkcs11h_hook_openssl_cleanup_t cleanup
) {
- PKCS11H_ASSERT (openssl_session!=NULL);
+ _PKCS11H_ASSERT (openssl_session!=NULL);
openssl_session->cleanup_hook = cleanup;
}
@@ -649,10 +624,10 @@ void
pkcs11h_openssl_freeSession (
IN const pkcs11h_openssl_session_t openssl_session
) {
- PKCS11H_ASSERT (openssl_session!=NULL);
- PKCS11H_ASSERT (openssl_session->reference_count>0);
+ _PKCS11H_ASSERT (openssl_session!=NULL);
+ _PKCS11H_ASSERT (openssl_session->reference_count>0);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_freeSession - entry openssl_session=%p, count=%d",
(void *)openssl_session,
@@ -678,7 +653,7 @@ pkcs11h_openssl_freeSession (
_pkcs11h_mem_free ((void *)&openssl_session);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_freeSession - return"
);
@@ -691,13 +666,13 @@ pkcs11h_openssl_session_getRSA (
X509 *x509 = NULL;
RSA *rsa = NULL;
EVP_PKEY *pubkey = NULL;
- PKCS11H_BOOL ok = TRUE;
+ PKCS11H_BOOL ok = FALSE;
- PKCS11H_ASSERT (openssl_session!=NULL);
- PKCS11H_ASSERT (!openssl_session->initialized);
- PKCS11H_ASSERT (openssl_session!=NULL);
+ _PKCS11H_ASSERT (openssl_session!=NULL);
+ _PKCS11H_ASSERT (!openssl_session->initialized);
+ _PKCS11H_ASSERT (openssl_session!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_session_getRSA - entry openssl_session=%p",
(void *)openssl_session
@@ -706,60 +681,49 @@ pkcs11h_openssl_session_getRSA (
/*
* Dup x509 so RSA will not hold session x509
*/
- if (
- ok &&
- (x509 = pkcs11h_openssl_session_getX509 (openssl_session)) == NULL
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object");
+ if ((x509 = pkcs11h_openssl_session_getX509 (openssl_session)) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object");
+ goto cleanup;
}
- if (
- ok &&
- (pubkey = X509_get_pubkey (x509)) == NULL
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get public key");
+ if ((pubkey = X509_get_pubkey (x509)) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get public key");
+ goto cleanup;
}
- if (
- ok &&
- pubkey->type != EVP_PKEY_RSA
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Invalid public key algorithm");
+ if (pubkey->type != EVP_PKEY_RSA) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Invalid public key algorithm");
+ goto cleanup;
}
if (
- ok &&
(rsa = EVP_PKEY_get1_RSA (pubkey)) == NULL
) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get RSA key");
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get RSA key");
+ goto cleanup;
}
- if (ok) {
- RSA_set_method (rsa, &openssl_session->smart_rsa);
- RSA_set_app_data (rsa, openssl_session);
- openssl_session->reference_count++;
- }
+ RSA_set_method (rsa, &openssl_session->smart_rsa);
+ RSA_set_app_data (rsa, openssl_session);
+ openssl_session->reference_count++;
#ifdef BROKEN_OPENSSL_ENGINE
- if (ok) {
- if (!rsa->engine) {
- rsa->engine = ENGINE_get_default_RSA ();
- }
-
- ENGINE_set_RSA(ENGINE_get_default_RSA (), &openssl_session->smart_rsa);
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: OpenSSL engine support is broken! Workaround enabled");
+ if (!rsa->engine) {
+ rsa->engine = ENGINE_get_default_RSA ();
}
+
+ ENGINE_set_RSA(ENGINE_get_default_RSA (), &openssl_session->smart_rsa);
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: OpenSSL engine support is broken! Workaround enabled");
#endif
- if (ok) {
- rsa->flags |= RSA_FLAG_SIGN_VER;
- openssl_session->initialized = TRUE;
- }
- else {
+ rsa->flags |= RSA_FLAG_SIGN_VER;
+ openssl_session->initialized = TRUE;
+
+ ok = TRUE;
+
+cleanup:
+
+ if (!ok) {
if (rsa != NULL) {
RSA_free (rsa);
rsa = NULL;
@@ -780,7 +744,7 @@ pkcs11h_openssl_session_getRSA (
x509 = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_session_getRSA - return rsa=%p",
(void *)rsa
@@ -794,34 +758,41 @@ pkcs11h_openssl_session_getX509 (
IN const pkcs11h_openssl_session_t openssl_session
) {
X509 *x509 = NULL;
- PKCS11H_BOOL ok = TRUE;
+ PKCS11H_BOOL ok = FALSE;
- PKCS11H_ASSERT (openssl_session!=NULL);
+ _PKCS11H_ASSERT (openssl_session!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_session_getX509 - entry openssl_session=%p",
(void *)openssl_session
);
if (
- ok &&
openssl_session->x509 == NULL &&
(openssl_session->x509 = pkcs11h_openssl_getX509 (openssl_session->certificate)) == NULL
) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object");
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object");
+ goto cleanup;
}
- if (
- ok &&
- (x509 = X509_dup (openssl_session->x509)) == NULL
- ) {
- ok = FALSE;
- PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot duplicate certificate object");
+ if ((x509 = X509_dup (openssl_session->x509)) == NULL) {
+ _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot duplicate certificate object");
+ goto cleanup;
+ }
+
+ ok = TRUE;
+
+cleanup:
+
+ if (!ok) {
+ if (x509 != NULL) {
+ X509_free (x509);
+ x509 = NULL;
+ }
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_openssl_session_getX509 - return x509=%p",
(void *)x509
diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
index ae7123c..1490ab3 100644
--- a/lib/pkcs11h-serialization.c
+++ b/lib/pkcs11h-serialization.c
@@ -57,7 +57,7 @@
#include "_pkcs11h-token.h"
#include "_pkcs11h-certificate.h"
-#define PKCS11H_SERIALIZE_INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|"
+#define __PKCS11H_SERIALIZE_INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|"
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
@@ -68,13 +68,13 @@ pkcs11h_token_serializeTokenId (
IN const pkcs11h_token_id_t token_id
) {
const char *sources[5];
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
size_t n;
int e;
- /*PKCS11H_ASSERT (sz!=NULL); Not required*/
- PKCS11H_ASSERT (max!=NULL);
- PKCS11H_ASSERT (token_id!=NULL);
+ /*_PKCS11H_ASSERT (sz!=NULL); Not required*/
+ _PKCS11H_ASSERT (max!=NULL);
+ _PKCS11H_ASSERT (token_id!=NULL);
{ /* Must be after assert */
sources[0] = token_id->manufacturerID;
@@ -84,7 +84,7 @@ pkcs11h_token_serializeTokenId (
sources[4] = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max=%u, token_id=%p",
sz,
@@ -93,31 +93,52 @@ pkcs11h_token_serializeTokenId (
);
n = 0;
- for (e=0;rv == CKR_OK && sources[e] != NULL;e++) {
+ for (e=0;sources[e] != NULL;e++) {
size_t t;
- rv = _pkcs11h_util_escapeString (NULL, sources[e], &t, PKCS11H_SERIALIZE_INVALID_CHARS);
+ if (
+ (rv = _pkcs11h_util_escapeString (
+ NULL,
+ sources[e],
+ &t,
+ __PKCS11H_SERIALIZE_INVALID_CHARS
+ )) != CKR_OK
+ ) {
+ goto cleanup;
+ }
n+=t;
}
if (sz != NULL) {
if (*max < n) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
- else {
- n = 0;
- for (e=0;sources[e] != NULL;e++) {
- size_t t = *max-n;
- _pkcs11h_util_escapeString (sz+n, sources[e], &t, PKCS11H_SERIALIZE_INVALID_CHARS);
- n+=t;
- sz[n-1] = '/';
+
+ n = 0;
+ for (e=0;sources[e] != NULL;e++) {
+ size_t t = *max-n;
+ if (
+ (rv = _pkcs11h_util_escapeString (
+ sz+n,
+ sources[e],
+ &t,
+ __PKCS11H_SERIALIZE_INVALID_CHARS
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- sz[n-1] = '\x0';
+ n+=t;
+ sz[n-1] = '/';
}
+ sz[n-1] = '\x0';
}
*max = n;
+ rv = CKR_OK;
- PKCS11H_DEBUG (
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max=%u, sz='%s'",
rv,
@@ -144,12 +165,12 @@ pkcs11h_token_deserializeTokenId (
char *p1 = NULL;
char *_sz = NULL;
int e;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (p_token_id!=NULL);
- PKCS11H_ASSERT (sz!=NULL);
+ _PKCS11H_ASSERT (p_token_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
(void *)p_token_id,
@@ -158,32 +179,31 @@ pkcs11h_token_deserializeTokenId (
*p_token_id = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_strdup (
+ if (
+ (rv = _pkcs11h_mem_strdup (
(void *)&_sz,
sz
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- p1 = _sz;
- }
+ p1 = _sz;
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_token_newTokenId (&token_id)) == CKR_OK
- ) {
- targets[0].p = token_id->manufacturerID;
- targets[0].s = sizeof (token_id->manufacturerID);
- targets[1].p = token_id->model;
- targets[1].s = sizeof (token_id->model);
- targets[2].p = token_id->serialNumber;
- targets[2].s = sizeof (token_id->serialNumber);
- targets[3].p = token_id->label;
- targets[3].s = sizeof (token_id->label);
+ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
+ goto cleanup;
}
- for (e=0;rv == CKR_OK && e < __PKCS11H_TARGETS_NUMBER;e++) {
+ targets[0].p = token_id->manufacturerID;
+ targets[0].s = sizeof (token_id->manufacturerID);
+ targets[1].p = token_id->model;
+ targets[1].s = sizeof (token_id->model);
+ targets[2].p = token_id->serialNumber;
+ targets[2].s = sizeof (token_id->serialNumber);
+ targets[3].p = token_id->label;
+ targets[3].s = sizeof (token_id->label);
+
+ for (e=0;e < __PKCS11H_TARGETS_NUMBER;e++) {
size_t l;
char *p2 = NULL;
@@ -191,58 +211,59 @@ pkcs11h_token_deserializeTokenId (
* Don't search for last
* separator
*/
- if (rv == CKR_OK) {
- if (e != __PKCS11H_TARGETS_NUMBER-1) {
- p2 = strchr (p1, '/');
- if (p2 == NULL) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- }
- else {
- *p2 = '\x0';
- }
+ if (e != __PKCS11H_TARGETS_NUMBER-1) {
+ p2 = strchr (p1, '/');
+ if (p2 == NULL) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+ }
+ else {
+ *p2 = '\x0';
}
}
- if (rv == CKR_OK) {
- _pkcs11h_util_unescapeString (
+ if (
+ (rv = _pkcs11h_util_unescapeString (
NULL,
p1,
&l
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- if (l > targets[e].s) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- }
+ if (l > targets[e].s) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- l = targets[e].s;
- _pkcs11h_util_unescapeString (
+ l = targets[e].s;
+
+ if (
+ (rv = _pkcs11h_util_unescapeString (
targets[e].p,
p1,
&l
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- p1 = p2+1;
- }
+ p1 = p2+1;
}
- if (rv == CKR_OK) {
- strncpy (
- token_id->display,
- token_id->label,
- sizeof (token_id->display)
- );
- }
+ strncpy (
+ token_id->display,
+ token_id->label,
+ sizeof (token_id->display)
+ );
- if (rv == CKR_OK) {
- *p_token_id = token_id;
- token_id = NULL;
- }
+ *p_token_id = token_id;
+ token_id = NULL;
+
+ rv = CKR_OK;
+
+cleanup:
if (_sz != NULL) {
_pkcs11h_mem_free ((void *)&_sz);
@@ -266,16 +287,16 @@ pkcs11h_certificate_serializeCertificateId (
IN OUT size_t *max,
IN const pkcs11h_certificate_id_t certificate_id
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
size_t saved_max = 0;
size_t n = 0;
size_t _max = 0;
- /*PKCS11H_ASSERT (sz!=NULL); Not required */
- PKCS11H_ASSERT (max!=NULL);
- PKCS11H_ASSERT (certificate_id!=NULL);
+ /*_PKCS11H_ASSERT (sz!=NULL); Not required */
+ _PKCS11H_ASSERT (max!=NULL);
+ _PKCS11H_ASSERT (certificate_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_serializeCertificateId entry sz=%p, *max=%u, certificate_id=%p",
sz,
@@ -288,38 +309,39 @@ pkcs11h_certificate_serializeCertificateId (
}
*max = 0;
- if (rv == CKR_OK) {
- rv = pkcs11h_token_serializeTokenId (
+ if (
+ (rv = pkcs11h_token_serializeTokenId (
sz,
&n,
certificate_id->token_id
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- _max = n + certificate_id->attrCKA_ID_size*2 + 1;
- }
+ _max = n + certificate_id->attrCKA_ID_size*2 + 1;
if (sz != NULL) {
if (saved_max < _max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- sz[n-1] = '/';
- rv = _pkcs11h_util_binaryToHex (
- sz+n,
- saved_max-n,
- certificate_id->attrCKA_ID,
- certificate_id->attrCKA_ID_size
- );
-
- }
+ sz[n-1] = '/';
+ rv = _pkcs11h_util_binaryToHex (
+ sz+n,
+ saved_max-n,
+ certificate_id->attrCKA_ID,
+ certificate_id->attrCKA_ID_size
+ );
}
*max = _max;
+ rv = CKR_OK;
+
+cleanup:
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_serializeCertificateId return rv=%lu-'%s', *max=%u, sz='%s'",
rv,
@@ -337,78 +359,75 @@ pkcs11h_certificate_deserializeCertificateId (
IN const char * const sz
) {
pkcs11h_certificate_id_t certificate_id = NULL;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
char *p = NULL;
char *_sz = NULL;
- PKCS11H_ASSERT (p_certificate_id!=NULL);
- PKCS11H_ASSERT (sz!=NULL);
+ _PKCS11H_ASSERT (p_certificate_id!=NULL);
+ _PKCS11H_ASSERT (sz!=NULL);
*p_certificate_id = NULL;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
(void *)p_certificate_id,
sz
);
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_strdup (
+ if (
+ (rv = _pkcs11h_mem_strdup (
(void *)&_sz,
sz
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- p = _sz;
- }
+ p = _sz;
- if (rv == CKR_OK) {
- rv = _pkcs11h_certificate_newCertificateId (&certificate_id);
+ if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- (p = strrchr (_sz, '/')) == NULL
- ) {
+ if ((p = strrchr (_sz, '/')) == NULL) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p = '\x0';
- p++;
- }
+ *p = '\x0';
+ p++;
- if (rv == CKR_OK) {
- rv = pkcs11h_token_deserializeTokenId (
+ if (
+ (rv = pkcs11h_token_deserializeTokenId (
&certificate_id->token_id,
_sz
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- certificate_id->attrCKA_ID_size = strlen (p)/2;
- }
+ certificate_id->attrCKA_ID_size = strlen (p)/2;
if (
- rv == CKR_OK &&
(rv = _pkcs11h_mem_malloc (
(void *)&certificate_id->attrCKA_ID,
certificate_id->attrCKA_ID_size)
- ) == CKR_OK
- ) {
- rv = _pkcs11h_util_hexToBinary (
+ ) != CKR_OK ||
+ (rv = _pkcs11h_util_hexToBinary (
certificate_id->attrCKA_ID,
p,
&certificate_id->attrCKA_ID_size
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p_certificate_id = certificate_id;
- certificate_id = NULL;
- }
+ *p_certificate_id = certificate_id;
+ certificate_id = NULL;
+ rv = CKR_OK;
+
+cleanup:
if (certificate_id != NULL) {
pkcs11h_certificate_freeCertificateId (certificate_id);
@@ -419,7 +438,7 @@ pkcs11h_certificate_deserializeCertificateId (
_pkcs11h_mem_free ((void *)&_sz);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'",
rv,
diff --git a/lib/pkcs11h-session.c b/lib/pkcs11h-session.c
index c7cd555..cb5c934 100644
--- a/lib/pkcs11h-session.c
+++ b/lib/pkcs11h-session.c
@@ -60,20 +60,20 @@
CK_RV
_pkcs11h_session_getSlotList (
- IN const pkcs11h_provider_t provider,
+ IN const _pkcs11h_provider_t provider,
IN const CK_BBOOL token_present,
OUT CK_SLOT_ID_PTR * const pSlotList,
OUT CK_ULONG_PTR pulCount
) {
CK_SLOT_ID_PTR _slots = NULL;
CK_ULONG _slotnum = 0;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (provider!=NULL);
- PKCS11H_ASSERT (pSlotList!=NULL);
- PKCS11H_ASSERT (pulCount!=NULL);
+ _PKCS11H_ASSERT (provider!=NULL);
+ _PKCS11H_ASSERT (pSlotList!=NULL);
+ _PKCS11H_ASSERT (pulCount!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getSlotList entry provider=%p, token_present=%d, pSlotList=%p, pulCount=%p",
(void *)provider,
@@ -85,44 +85,51 @@ _pkcs11h_session_getSlotList (
*pSlotList = NULL;
*pulCount = 0;
- if (
- rv == CKR_OK &&
- !provider->enabled
- ) {
+ if (!provider->enabled) {
rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = provider->f->C_GetSlotList (
+ if (
+ (rv = provider->f->C_GetSlotList (
token_present,
NULL_PTR,
&_slotnum
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK && _slotnum > 0) {
- rv = _pkcs11h_mem_malloc ((void *)&_slots, _slotnum * sizeof (CK_SLOT_ID));
+ if (_slotnum > 0) {
+ if ((rv = _pkcs11h_mem_malloc ((void *)&_slots, _slotnum * sizeof (CK_SLOT_ID))) != CKR_OK) {
+ goto cleanup;
+ }
}
- if (rv == CKR_OK && _slotnum > 0) {
- rv = provider->f->C_GetSlotList (
- token_present,
- _slots,
- &_slotnum
- );
+ if (_slotnum > 0) {
+ if (
+ (rv = provider->f->C_GetSlotList (
+ token_present,
+ _slots,
+ &_slotnum
+ )) != CKR_OK
+ ) {
+ goto cleanup;
+ }
}
- if (rv == CKR_OK) {
- *pSlotList = _slots;
- _slots = NULL;
- *pulCount = _slotnum;
- }
+ *pSlotList = _slots;
+ _slots = NULL;
+ *pulCount = _slotnum;
+ rv = CKR_OK;
+
+cleanup:
if (_slots != NULL) {
_pkcs11h_mem_free ((void *)&_slots);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getSlotList return rv=%lu-'%s' *pulCount=%ld",
rv,
@@ -135,7 +142,7 @@ _pkcs11h_session_getSlotList (
CK_RV
_pkcs11h_session_getObjectAttributes (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const CK_OBJECT_HANDLE object,
IN OUT const CK_ATTRIBUTE_PTR attrs,
IN const unsigned count
@@ -144,12 +151,13 @@ _pkcs11h_session_getObjectAttributes (
* THREADING:
* session->mutex must be locked
*/
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ unsigned i;
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (attrs!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (attrs!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getObjectAttributes entry session=%p, object=%ld, attrs=%p, count=%u",
(void *)session,
@@ -159,41 +167,50 @@ _pkcs11h_session_getObjectAttributes (
);
if (
- rv == CKR_OK &&
(rv = session->provider->f->C_GetAttributeValue (
session->session_handle,
object,
attrs,
count
- )) == CKR_OK
+ )) != CKR_OK
) {
- unsigned i;
- for (i=0;rv == CKR_OK && i<count;i++) {
- if (attrs[i].ulValueLen == (CK_ULONG)-1) {
- rv = CKR_ATTRIBUTE_VALUE_INVALID;
- }
- else if (attrs[i].ulValueLen == 0) {
- attrs[i].pValue = NULL;
- }
- else {
- rv = _pkcs11h_mem_malloc (
+ goto cleanup;
+ }
+
+ for (i=0;i<count;i++) {
+ if (attrs[i].ulValueLen == (CK_ULONG)-1) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+ }
+ else if (attrs[i].ulValueLen == 0) {
+ attrs[i].pValue = NULL;
+ }
+ else {
+ if (
+ (rv = _pkcs11h_mem_malloc (
(void *)&attrs[i].pValue,
attrs[i].ulValueLen
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
}
}
- if (rv == CKR_OK) {
- rv = session->provider->f->C_GetAttributeValue (
+ if (
+ (rv = session->provider->f->C_GetAttributeValue (
session->session_handle,
object,
attrs,
count
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getObjectAttributes return rv=%lu-'%s'",
rv,
@@ -210,11 +227,9 @@ _pkcs11h_session_freeObjectAttributes (
) {
unsigned i;
- CK_RV rv = CKR_OK;
+ _PKCS11H_ASSERT (attrs!=NULL);
- PKCS11H_ASSERT (attrs!=NULL);
-
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_freeObjectAttributes entry attrs=%p, count=%u",
(void *)attrs,
@@ -228,19 +243,17 @@ _pkcs11h_session_freeObjectAttributes (
}
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
- "PKCS#11: _pkcs11h_session_freeObjectAttributes return rv=%lu-'%s'",
- rv,
- pkcs11h_getMessage (rv)
+ "PKCS#11: _pkcs11h_session_freeObjectAttributes return"
);
- return rv;
+ return CKR_OK;
}
CK_RV
_pkcs11h_session_findObjects (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const CK_ATTRIBUTE * const filter,
IN const CK_ULONG filter_attrs,
OUT CK_OBJECT_HANDLE **const p_objects,
@@ -256,15 +269,15 @@ _pkcs11h_session_findObjects (
CK_ULONG objects_size = 0;
CK_OBJECT_HANDLE objects_buffer[100];
CK_ULONG objects_found;
- CK_OBJECT_HANDLE oLast = PKCS11H_INVALID_OBJECT_HANDLE;
- CK_RV rv = CKR_OK;
+ CK_OBJECT_HANDLE oLast = _PKCS11H_INVALID_OBJECT_HANDLE;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (!(filter==NULL && filter_attrs!=0) || filter!=NULL);
- PKCS11H_ASSERT (p_objects!=NULL);
- PKCS11H_ASSERT (p_objects_found!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (!(filter==NULL && filter_attrs!=0) || filter!=NULL);
+ _PKCS11H_ASSERT (p_objects!=NULL);
+ _PKCS11H_ASSERT (p_objects_found!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_findObjects entry session=%p, filter=%p, filter_attrs=%ld, p_objects=%p, p_objects_found=%p",
(void *)session,
@@ -278,18 +291,17 @@ _pkcs11h_session_findObjects (
*p_objects_found = 0;
if (
- rv == CKR_OK &&
(rv = session->provider->f->C_FindObjectsInit (
session->session_handle,
(CK_ATTRIBUTE *)filter,
filter_attrs
- )) == CKR_OK
+ )) != CKR_OK
) {
- should_FindObjectsFinal = TRUE;
+ goto cleanup;
}
+ should_FindObjectsFinal = TRUE;
while (
- rv == CKR_OK &&
(rv = session->provider->f->C_FindObjects (
session->session_handle,
objects_buffer,
@@ -307,7 +319,7 @@ _pkcs11h_session_findObjects (
* It returns the same objects over and over
*/
if (oLast == objects_buffer[0]) {
- PKCS11H_LOG (
+ _PKCS11H_LOG (
PKCS11H_LOG_WARN,
"PKCS#11: Bad PKCS#11 C_FindObjects implementation detected, workaround applied"
);
@@ -320,37 +332,32 @@ _pkcs11h_session_findObjects (
(rv = _pkcs11h_mem_malloc (
(void *)&temp,
(objects_size+objects_found) * sizeof (CK_OBJECT_HANDLE)
- )) == CKR_OK
+ )) != CKR_OK
) {
- if (objects != NULL) {
- memmove (
- temp,
- objects,
- objects_size * sizeof (CK_OBJECT_HANDLE)
- );
- }
+ goto cleanup;
+ }
+
+ if (objects != NULL) {
memmove (
- temp + objects_size,
- objects_buffer,
- objects_found * sizeof (CK_OBJECT_HANDLE)
+ temp,
+ objects,
+ objects_size * sizeof (CK_OBJECT_HANDLE)
);
}
+ memmove (
+ temp + objects_size,
+ objects_buffer,
+ objects_found * sizeof (CK_OBJECT_HANDLE)
+ );
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
objects = NULL;
}
- if (rv == CKR_OK) {
- objects = temp;
- objects_size += objects_found;
- temp = NULL;
- }
-
- if (temp != NULL) {
- _pkcs11h_mem_free ((void *)&temp);
- temp = NULL;
- }
+ objects = temp;
+ objects_size += objects_found;
+ temp = NULL;
}
if (should_FindObjectsFinal) {
@@ -360,12 +367,13 @@ _pkcs11h_session_findObjects (
should_FindObjectsFinal = FALSE;
}
- if (rv == CKR_OK) {
- *p_objects = objects;
- *p_objects_found = objects_size;
- objects = NULL;
- objects_size = 0;
- }
+ *p_objects = objects;
+ *p_objects_found = objects_size;
+ objects = NULL;
+ objects_size = 0;
+ rv = CKR_OK;
+
+cleanup:
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
@@ -373,7 +381,7 @@ _pkcs11h_session_findObjects (
objects_size = 0;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_findObjects return rv=%lu-'%s', *p_objects_found=%ld",
rv,
@@ -387,19 +395,21 @@ _pkcs11h_session_findObjects (
CK_RV
_pkcs11h_session_getSessionByTokenId (
IN const pkcs11h_token_id_t token_id,
- OUT pkcs11h_session_t * const p_session
+ OUT _pkcs11h_session_t * const p_session
) {
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
+ PKCS11H_BOOL have_session_mutex = FALSE;
#endif
- pkcs11h_session_t session = NULL;
- PKCS11H_BOOL is_new_session = FALSE;
- CK_RV rv = CKR_OK;
+ _pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t current_session;
- PKCS11H_ASSERT (token_id!=NULL);
- PKCS11H_ASSERT (p_session!=NULL);
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_DEBUG (
+ _PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (p_session!=NULL);
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getSessionByTokenId entry token_id=%p, p_session=%p",
(void *)token_id,
@@ -409,101 +419,95 @@ _pkcs11h_session_getSessionByTokenId (
*p_session = NULL;
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.session)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- if (rv == CKR_OK) {
- pkcs11h_session_t current_session;
-
- for (
- current_session = g_pkcs11h_data->sessions;
- current_session != NULL && session == NULL;
- current_session = current_session->next
+ for (
+ current_session = _g_pkcs11h_data->sessions;
+ current_session != NULL && session == NULL;
+ current_session = current_session->next
+ ) {
+ if (
+ pkcs11h_token_sameTokenId (
+ current_session->token_id,
+ token_id
+ )
) {
- if (
- pkcs11h_token_sameTokenId (
- current_session->token_id,
- token_id
- )
- ) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Using cached session"
- );
- session = current_session;
- session->reference_count++;
- }
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Using cached session"
+ );
+ session = current_session;
+ session->reference_count++;
}
}
- if (
- rv == CKR_OK &&
- session == NULL
- ) {
- is_new_session = TRUE;
- }
-
- if (is_new_session) {
- PKCS11H_DEBUG (
+ if (session == NULL) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Creating a new session"
);
if (
- rv == CKR_OK &&
- (rv = _pkcs11h_mem_malloc ((void *)&session, sizeof (struct pkcs11h_session_s))) == CKR_OK
+ (rv = _pkcs11h_mem_malloc (
+ (void *)&session,
+ sizeof (struct _pkcs11h_session_s))
+ ) != CKR_OK
) {
- session->reference_count = 1;
- session->session_handle = PKCS11H_INVALID_SESSION_HANDLE;
-
- session->pin_cache_period = g_pkcs11h_data->pin_cache_period;
-
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = pkcs11h_token_duplicateTokenId (
+ session->reference_count = 1;
+ session->session_handle = _PKCS11H_INVALID_SESSION_HANDLE;
+
+ session->pin_cache_period = _g_pkcs11h_data->pin_cache_period;
+
+ if (
+ (rv = pkcs11h_token_duplicateTokenId (
&session->token_id,
token_id
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_mutexInit (&session->mutex);
+ if ((rv = _pkcs11h_threading_mutexInit (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ have_session_mutex = TRUE;
#endif
- if (rv == CKR_OK) {
- session->valid = TRUE;
- session->next = g_pkcs11h_data->sessions;
- g_pkcs11h_data->sessions = session;
- }
- else {
+ session->valid = TRUE;
+ session->next = _g_pkcs11h_data->sessions;
+ _g_pkcs11h_data->sessions = session;
+ }
+
+ *p_session = session;
+ session = NULL;
+ rv = CKR_OK;
+
+cleanup:
+ if (session != NULL) {
#if defined(ENABLE_PKCS11H_THREADING)
+ if (have_session_mutex) {
_pkcs11h_threading_mutexFree (&session->mutex);
-#endif
- _pkcs11h_mem_free ((void *)&session);
}
- }
-
- if (rv == CKR_OK) {
- *p_session = session;
- session = NULL;
+#endif
+ _pkcs11h_mem_free ((void *)&session);
}
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
- _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.session);
+ _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.session);
mutex_locked = FALSE;
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getSessionByTokenId return rv=%lu-'%s', *p_session=%p",
rv,
@@ -516,40 +520,40 @@ _pkcs11h_session_getSessionByTokenId (
CK_RV
_pkcs11h_session_release (
- IN const pkcs11h_session_t session
+ IN const _pkcs11h_session_t session
) {
#if defined(ENABLE_PKCS11H_THREADING)
- PKCS11H_BOOL mutex_locked = FALSE;
+ PKCS11H_BOOL mutex_locked = TRUE;
#endif
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (session!=NULL);
- PKCS11H_ASSERT (session->reference_count>=0);
+ _PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (session->reference_count>=0);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_release entry session=%p",
(void *)session
);
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
/*
* Never logout for now
*/
- if (rv == CKR_OK) {
- if (session->reference_count > 0) {
- session->reference_count--;
- }
+ if (session->reference_count > 0) {
+ session->reference_count--;
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -557,7 +561,7 @@ _pkcs11h_session_release (
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_release return rv=%lu-'%s'",
rv,
@@ -569,22 +573,22 @@ _pkcs11h_session_release (
CK_RV
_pkcs11h_session_reset (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN void * const user_data,
IN const unsigned mask_prompt,
OUT CK_SLOT_ID * const p_slot
) {
PKCS11H_BOOL found = FALSE;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
unsigned nRetry = 0;
- PKCS11H_ASSERT (session!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_ASSERT (p_slot!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (p_slot!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_reset entry session=%p, user_data=%p, mask_prompt=%08x, p_slot=%p",
(void *)session,
@@ -593,18 +597,14 @@ _pkcs11h_session_reset (
(void *)p_slot
);
- *p_slot = PKCS11H_INVALID_SLOT_ID;
+ *p_slot = _PKCS11H_INVALID_SLOT_ID;
- while (
- rv == CKR_OK &&
- !found
- ) {
- pkcs11h_provider_t current_provider = NULL;
+ while (!found) {
+ _pkcs11h_provider_t current_provider = NULL;
for (
- current_provider = g_pkcs11h_data->providers;
+ current_provider = _g_pkcs11h_data->providers;
(
- rv == CKR_OK &&
current_provider != NULL &&
!found
);
@@ -622,23 +622,31 @@ _pkcs11h_session_reset (
session->provider != NULL &&
session->provider != current_provider
) {
- rv = CKR_CANCEL;
+ continue;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSlotList (
+ if (
+ (rv = _pkcs11h_session_getSlotList (
current_provider,
CK_TRUE,
&slots,
&slotnum
+ )) != CKR_OK
+ ) {
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'",
+ current_provider->manufacturerID,
+ rv,
+ pkcs11h_getMessage (rv)
);
+ goto retry1;
}
for (
slot_index=0;
(
slot_index < slotnum &&
- rv == CKR_OK &&
!found
);
slot_index++
@@ -646,19 +654,20 @@ _pkcs11h_session_reset (
pkcs11h_token_id_t token_id = NULL;
CK_TOKEN_INFO info;
- if (rv == CKR_OK) {
- rv = current_provider->f->C_GetTokenInfo (
+ if (
+ (rv = current_provider->f->C_GetTokenInfo (
slots[slot_index],
&info
- );
- }
-
- if (
- rv == CKR_OK &&
+ )) != CKR_OK ||
(rv = _pkcs11h_token_getTokenId (
&info,
&token_id
- )) == CKR_OK &&
+ )) != CKR_OK
+ ) {
+ goto retry11;
+ }
+
+ if (
pkcs11h_token_sameTokenId (
session->token_id,
token_id
@@ -672,8 +681,12 @@ _pkcs11h_session_reset (
}
}
+ rv = CKR_OK;
+
+ retry11:
+
if (rv != CKR_OK) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Cannot get token information for provider '%s' slot %ld rv=%lu-'%s'",
current_provider->manufacturerID,
@@ -681,11 +694,6 @@ _pkcs11h_session_reset (
rv,
pkcs11h_getMessage (rv)
);
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
}
if (token_id != NULL) {
@@ -693,61 +701,52 @@ _pkcs11h_session_reset (
}
}
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'",
- current_provider->manufacturerID,
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
-
+ retry1:
if (slots != NULL) {
_pkcs11h_mem_free ((void *)&slots);
slots = NULL;
}
}
- if (rv == CKR_OK && !found && (mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_TOKEN_PROMPT) == 0) {
+ if (!found && (mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_TOKEN_PROMPT) == 0) {
rv = CKR_TOKEN_NOT_PRESENT;
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- !found
- ) {
- PKCS11H_DEBUG (
+ if (!found) {
+ PKCS11H_BOOL canceled;
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Calling token_prompt hook for '%s'",
session->token_id->display
);
- if (
- !g_pkcs11h_data->hooks.token_prompt (
- g_pkcs11h_data->hooks.token_prompt_data,
- user_data,
- session->token_id,
- nRetry++
- )
- ) {
- rv = CKR_CANCEL;
- }
+ canceled = !_g_pkcs11h_data->hooks.token_prompt (
+ _g_pkcs11h_data->hooks.token_prompt_data,
+ user_data,
+ session->token_id,
+ nRetry++
+ );
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
- "PKCS#11: token_prompt returned %ld",
- rv
+ "PKCS#11: token_prompt returned %d",
+ canceled ? 0 : 1
);
+
+ if (canceled) {
+ rv = CKR_CANCEL;
+ goto cleanup;
+ }
}
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_reset return rv=%lu-'%s', *p_slot=%ld",
rv,
@@ -760,7 +759,7 @@ _pkcs11h_session_reset (
CK_RV
_pkcs11h_session_getObjectById (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const CK_OBJECT_CLASS class,
IN const CK_BYTE_PTR id,
IN const size_t id_size,
@@ -776,13 +775,13 @@ _pkcs11h_session_getObjectById (
};
CK_OBJECT_HANDLE *objects = NULL;
CK_ULONG objects_found = 0;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- /*PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/
- PKCS11H_ASSERT (id!=NULL);
- PKCS11H_ASSERT (p_handle!=NULL);
+ /*_PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (id!=NULL);
+ _PKCS11H_ASSERT (p_handle!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getObjectById entry session=%p, class=%ld, id=%p, id_size=%u, p_handle=%p",
(void *)session,
@@ -792,38 +791,39 @@ _pkcs11h_session_getObjectById (
(void *)p_handle
);
- *p_handle = PKCS11H_INVALID_OBJECT_HANDLE;
+ *p_handle = _PKCS11H_INVALID_OBJECT_HANDLE;
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_validate (session);
+ if ((rv = _pkcs11h_session_validate (session)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_findObjects (
+ if (
+ (rv = _pkcs11h_session_findObjects (
session,
filter,
sizeof (filter) / sizeof (CK_ATTRIBUTE),
&objects,
&objects_found
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- objects_found == 0
- ) {
+ if (objects_found == 0) {
rv = CKR_FUNCTION_REJECTED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p_handle = objects[0];
- }
+ *p_handle = objects[0];
+ rv = CKR_OK;
+
+cleanup:
if (objects != NULL) {
_pkcs11h_mem_free ((void *)&objects);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_getObjectById return rv=%lu-'%s', *p_handle=%08lx",
rv,
@@ -836,50 +836,50 @@ _pkcs11h_session_getObjectById (
CK_RV
_pkcs11h_session_validate (
- IN const pkcs11h_session_t session
+ IN const _pkcs11h_session_t session
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- /*PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/
+ /*_PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_validate entry session=%p",
(void *)session
);
- if (
- rv == CKR_OK &&
- session == NULL
- ) {
+ if (session == NULL) {
rv = CKR_SESSION_HANDLE_INVALID;
+ goto cleanup;
}
if (
- rv == CKR_OK &&
- (
- session->provider == NULL ||
- !session->provider->enabled ||
- session->session_handle == PKCS11H_INVALID_SESSION_HANDLE
- )
+ session->provider == NULL ||
+ !session->provider->enabled ||
+ session->session_handle == _PKCS11H_INVALID_SESSION_HANDLE
) {
rv = CKR_SESSION_HANDLE_INVALID;
+ goto cleanup;
}
if (
- rv == CKR_OK &&
session->pin_expire_time != (time_t)0 &&
- session->pin_expire_time < g_pkcs11h_sys_engine.time ()
+ session->pin_expire_time < _g_pkcs11h_sys_engine.time ()
) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Forcing logout due to pin timeout"
);
_pkcs11h_session_logout (session);
rv = CKR_SESSION_HANDLE_INVALID;
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_validate return rv=%lu-'%s'",
rv,
@@ -890,21 +890,21 @@ _pkcs11h_session_validate (
}
CK_RV
-_pkcs11h_session_touch (
- IN const pkcs11h_session_t session
+__pkcs11h_session_touch (
+ IN const _pkcs11h_session_t session
) {
/*
* THREADING:
* session->mutex must be locked
*/
- PKCS11H_ASSERT (session!=NULL);
+ _PKCS11H_ASSERT (session!=NULL);
if (session->pin_cache_period == PKCS11H_PIN_CACHE_INFINITE) {
session->pin_expire_time = 0;
}
else {
session->pin_expire_time = (
- g_pkcs11h_sys_engine.time () +
+ _g_pkcs11h_sys_engine.time () +
(time_t)session->pin_cache_period
);
}
@@ -914,7 +914,7 @@ _pkcs11h_session_touch (
CK_RV
_pkcs11h_session_login (
- IN const pkcs11h_session_t session,
+ IN const _pkcs11h_session_t session,
IN const PKCS11H_BOOL is_publicOnly,
IN const PKCS11H_BOOL readonly,
IN void * const user_data,
@@ -924,13 +924,13 @@ _pkcs11h_session_login (
* THREADING:
* session->mutex must be locked
*/
- CK_SLOT_ID slot = PKCS11H_INVALID_SLOT_ID;
- CK_RV rv = CKR_OK;
+ CK_SLOT_ID slot = _PKCS11H_INVALID_SLOT_ID;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (session!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (session!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_login entry session=%p, is_publicOnly=%d, readonly=%d, user_data=%p, mask_prompt=%08x",
(void *)session,
@@ -940,16 +940,10 @@ _pkcs11h_session_login (
mask_prompt
);
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_logout (session);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_reset (session, user_data, mask_prompt, &slot);
- }
-
- if (rv == CKR_OK) {
- rv = session->provider->f->C_OpenSession (
+ if (
+ (rv = _pkcs11h_session_logout (session)) != CKR_OK ||
+ (rv = _pkcs11h_session_reset (session, user_data, mask_prompt, &slot)) != CKR_OK ||
+ (rv = session->provider->f->C_OpenSession (
slot,
(
CKF_SERIAL_SESSION |
@@ -958,81 +952,78 @@ _pkcs11h_session_login (
NULL_PTR,
NULL_PTR,
&session->session_handle
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
if (
- rv == CKR_OK &&
- (
- !is_publicOnly ||
- session->provider->cert_is_private
- )
+ !is_publicOnly ||
+ session->provider->cert_is_private
) {
PKCS11H_BOOL login_succeeded = FALSE;
- unsigned nRetryCount = 0;
+ unsigned retry_count = 0;
if ((mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT) == 0) {
rv = CKR_USER_NOT_LOGGED_IN;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Calling pin_prompt hook denied because of prompt mask"
);
}
while (
- rv == CKR_OK &&
!login_succeeded &&
- nRetryCount < g_pkcs11h_data->max_retries
+ retry_count < _g_pkcs11h_data->max_retries
) {
CK_UTF8CHAR_PTR utfPIN = NULL;
CK_ULONG lPINLength = 0;
char pin[1024];
if (
- rv == CKR_OK &&
!(
- g_pkcs11h_data->allow_protected_auth &&
+ _g_pkcs11h_data->allow_protected_auth &&
session->provider->allow_protected_auth &&
session->allow_protected_auth_supported
)
) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Calling pin_prompt hook for '%s'",
session->token_id->display
);
if (
- !g_pkcs11h_data->hooks.pin_prompt (
- g_pkcs11h_data->hooks.pin_prompt_data,
+ !_g_pkcs11h_data->hooks.pin_prompt (
+ _g_pkcs11h_data->hooks.pin_prompt_data,
user_data,
session->token_id,
- nRetryCount,
+ retry_count,
pin,
sizeof (pin)
)
) {
rv = CKR_CANCEL;
+ goto retry;
}
else {
utfPIN = (CK_UTF8CHAR_PTR)pin;
lPINLength = strlen (pin);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: pin_prompt hook return rv=%ld",
rv
);
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_touch (session);
+ if ((rv = __pkcs11h_session_touch (session)) != CKR_OK) {
+ goto cleanup;
}
if (
- rv == CKR_OK &&
(rv = session->provider->f->C_Login (
session->session_handle,
CKU_USER,
@@ -1040,42 +1031,46 @@ _pkcs11h_session_login (
lPINLength
)) != CKR_OK
) {
- if (rv == CKR_USER_ALREADY_LOGGED_IN) {
- rv = CKR_OK;
+ if (rv != CKR_USER_ALREADY_LOGGED_IN) {
+ goto retry;
}
}
+ login_succeeded = TRUE;
+ rv = CKR_OK;
+
+ retry:
+
/*
* Clean PIN buffer
*/
memset (pin, 0, sizeof (pin));
- if (rv == CKR_OK) {
- login_succeeded = TRUE;
- }
- else if (
- rv == CKR_PIN_INCORRECT ||
- rv == CKR_PIN_INVALID
+ if (
+ rv != CKR_OK &&
+ rv != CKR_PIN_INCORRECT &&
+ rv != CKR_PIN_INVALID
) {
- /*
- * Ignore these errors
- * so retry can be performed
- */
- rv = CKR_OK;
+ goto cleanup;
}
- nRetryCount++;
+ retry_count++;
}
/*
* Retry limit
*/
- if (!login_succeeded && rv == CKR_OK) {
+ if (!login_succeeded) {
rv = CKR_PIN_INCORRECT;
+ goto cleanup;
}
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_login return rv=%lu-'%s'",
rv,
@@ -1087,15 +1082,15 @@ _pkcs11h_session_login (
CK_RV
_pkcs11h_session_logout (
- IN const pkcs11h_session_t session
+ IN const _pkcs11h_session_t session
) {
/*
* THREADING:
* session->mutex must be locked
*/
- /*PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/
+ /*_PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_logout entry session=%p",
(void *)session
@@ -1103,20 +1098,16 @@ _pkcs11h_session_logout (
if (
session != NULL &&
- session->session_handle != PKCS11H_INVALID_SESSION_HANDLE
+ session->session_handle != _PKCS11H_INVALID_SESSION_HANDLE
) {
- CK_RV rv = CKR_OK;
-
- if (rv == CKR_OK) {
- if (session->provider != NULL) {
- session->provider->f->C_Logout (session->session_handle);
- session->provider->f->C_CloseSession (session->session_handle);
- }
- session->session_handle = PKCS11H_INVALID_SESSION_HANDLE;
+ if (session->provider != NULL) {
+ session->provider->f->C_Logout (session->session_handle);
+ session->provider->f->C_CloseSession (session->session_handle);
}
+ session->session_handle = _PKCS11H_INVALID_SESSION_HANDLE;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_session_logout return"
);
diff --git a/lib/pkcs11h-slotevent.c b/lib/pkcs11h-slotevent.c
index 30948da..bb43cf5 100644
--- a/lib/pkcs11h-slotevent.c
+++ b/lib/pkcs11h-slotevent.c
@@ -95,88 +95,89 @@ void *
__pkcs11h_slotevent_provider (
IN void *p
) {
- pkcs11h_provider_t provider = (pkcs11h_provider_t)p;
+ _pkcs11h_provider_t provider = (_pkcs11h_provider_t)p;
CK_SLOT_ID slot;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_provider provider='%s' entry",
provider->manufacturerID
);
- if (rv == CKR_OK && !provider->enabled) {
+ if (!provider->enabled) {
rv = CKR_OPERATION_NOT_INITIALIZED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
+ if (provider->slot_poll_interval == 0) {
+ provider->slot_poll_interval = _PKCS11H_DEFAULT_SLOTEVENT_POLL;
+ }
- if (provider->slot_poll_interval == 0) {
- provider->slot_poll_interval = PKCS11H_DEFAULT_SLOTEVENT_POLL;
- }
+ /*
+ * If we cannot finalize, we cannot cause
+ * WaitForSlotEvent to terminate
+ */
+ if (!provider->should_finalize) {
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Setup slotevent provider='%s' mode hardset to poll",
+ provider->manufacturerID
+ );
+ provider->slot_event_method = PKCS11H_SLOTEVENT_METHOD_POLL;
+ }
- /*
- * If we cannot finalize, we cannot cause
- * WaitForSlotEvent to terminate
- */
- if (!provider->should_finalize) {
- PKCS11H_DEBUG (
+ if (
+ provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_AUTO ||
+ provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_TRIGGER
+ ) {
+ if (
+ provider->f->C_WaitForSlotEvent (
+ CKF_DONT_BLOCK,
+ &slot,
+ NULL_PTR
+ ) == CKR_FUNCTION_NOT_SUPPORTED
+ ) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
- "PKCS#11: Setup slotevent provider='%s' mode hardset to poll",
+ "PKCS#11: Setup slotevent provider='%s' mode is poll",
provider->manufacturerID
);
+
provider->slot_event_method = PKCS11H_SLOTEVENT_METHOD_POLL;
}
+ else {
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Setup slotevent provider='%s' mode is trigger",
+ provider->manufacturerID
+ );
- if (
- provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_AUTO ||
- provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_TRIGGER
- ) {
- if (
- provider->f->C_WaitForSlotEvent (
- CKF_DONT_BLOCK,
- &slot,
- NULL_PTR
- ) == CKR_FUNCTION_NOT_SUPPORTED
- ) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Setup slotevent provider='%s' mode is poll",
- provider->manufacturerID
- );
-
- provider->slot_event_method = PKCS11H_SLOTEVENT_METHOD_POLL;
- }
- else {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Setup slotevent provider='%s' mode is trigger",
- provider->manufacturerID
- );
-
- provider->slot_event_method = PKCS11H_SLOTEVENT_METHOD_TRIGGER;
- }
+ provider->slot_event_method = PKCS11H_SLOTEVENT_METHOD_TRIGGER;
}
}
if (provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_TRIGGER) {
while (
- !g_pkcs11h_data->slotevent.should_terminate &&
+ !_g_pkcs11h_data->slotevent.should_terminate &&
provider->enabled &&
- rv == CKR_OK &&
(rv = provider->f->C_WaitForSlotEvent (
0,
&slot,
NULL_PTR
)) == CKR_OK
) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Slotevent provider='%s' event",
provider->manufacturerID
);
- _pkcs11h_threading_condSignal (&g_pkcs11h_data->slotevent.cond_event);
+ _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event);
+ }
+
+ if (rv != CKR_OK) {
+ goto cleanup;
}
}
else {
@@ -184,87 +185,94 @@ __pkcs11h_slotevent_provider (
PKCS11H_BOOL is_first_time = TRUE;
while (
- !g_pkcs11h_data->slotevent.should_terminate &&
- provider->enabled &&
- rv == CKR_OK
+ !_g_pkcs11h_data->slotevent.should_terminate &&
+ provider->enabled
) {
unsigned long current_checksum = 0;
+ CK_ULONG i;
CK_SLOT_ID_PTR slots = NULL;
CK_ULONG slotnum;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Slotevent provider='%s' poll",
provider->manufacturerID
);
if (
- rv == CKR_OK &&
(rv = _pkcs11h_session_getSlotList (
provider,
TRUE,
&slots,
&slotnum
- )) == CKR_OK
+ )) != CKR_OK
) {
- CK_ULONG i;
-
- for (i=0;i<slotnum;i++) {
- CK_TOKEN_INFO info;
-
- if (provider->f->C_GetTokenInfo (slots[i], &info) == CKR_OK) {
- current_checksum += (
- __pkcs11h_slotevent_checksum (
- info.label,
- sizeof (info.label)
- ) +
- __pkcs11h_slotevent_checksum (
- info.manufacturerID,
- sizeof (info.manufacturerID)
- ) +
- __pkcs11h_slotevent_checksum (
- info.model,
- sizeof (info.model)
- ) +
- __pkcs11h_slotevent_checksum (
- info.serialNumber,
- sizeof (info.serialNumber)
- )
- );
- }
+ goto cleanup1;
+ }
+
+ for (i=0;i<slotnum;i++) {
+ CK_TOKEN_INFO info;
+
+ if (provider->f->C_GetTokenInfo (slots[i], &info) == CKR_OK) {
+ current_checksum += (
+ __pkcs11h_slotevent_checksum (
+ info.label,
+ sizeof (info.label)
+ ) +
+ __pkcs11h_slotevent_checksum (
+ info.manufacturerID,
+ sizeof (info.manufacturerID)
+ ) +
+ __pkcs11h_slotevent_checksum (
+ info.model,
+ sizeof (info.model)
+ ) +
+ __pkcs11h_slotevent_checksum (
+ info.serialNumber,
+ sizeof (info.serialNumber)
+ )
+ );
}
}
- if (rv == CKR_OK) {
- if (is_first_time) {
- is_first_time = FALSE;
- }
- else {
- if (last_checksum != current_checksum) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Slotevent provider='%s' event",
- provider->manufacturerID
- );
-
- _pkcs11h_threading_condSignal (&g_pkcs11h_data->slotevent.cond_event);
- }
+ if (is_first_time) {
+ is_first_time = FALSE;
+ }
+ else {
+ if (last_checksum != current_checksum) {
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Slotevent provider='%s' event",
+ provider->manufacturerID
+ );
+
+ _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event);
}
- last_checksum = current_checksum;
}
+ last_checksum = current_checksum;
+
+ rv = CKR_OK;
+
+ cleanup1:
if (slots != NULL) {
_pkcs11h_mem_free ((void *)&slots);
}
- if (!g_pkcs11h_data->slotevent.should_terminate) {
+ if (!_g_pkcs11h_data->slotevent.should_terminate) {
_pkcs11h_threading_sleep (provider->slot_poll_interval);
}
+
+ if (rv != CKR_OK) {
+ goto cleanup;
+ }
}
}
- PKCS11H_DEBUG (
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_provider provider='%s' return",
provider->manufacturerID
@@ -282,7 +290,7 @@ __pkcs11h_slotevent_manager (
(void)p;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager entry"
);
@@ -291,17 +299,17 @@ __pkcs11h_slotevent_manager (
* Trigger hook, so application may
* depend on initial slot change
*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Calling slotevent hook"
);
- g_pkcs11h_data->hooks.slotevent (g_pkcs11h_data->hooks.slotevent_data);
+ _g_pkcs11h_data->hooks.slotevent (_g_pkcs11h_data->hooks.slotevent_data);
while (
first_time || /* Must enter wait or mutex will never be free */
- !g_pkcs11h_data->slotevent.should_terminate
+ !_g_pkcs11h_data->slotevent.should_terminate
) {
- pkcs11h_provider_t current_provider;
+ _pkcs11h_provider_t current_provider;
first_time = FALSE;
@@ -311,18 +319,18 @@ __pkcs11h_slotevent_manager (
* This is required in order to allow
* adding new providers.
*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager examine provider list"
);
for (
- current_provider = g_pkcs11h_data->providers;
+ current_provider = _g_pkcs11h_data->providers;
current_provider != NULL;
current_provider = current_provider->next
) {
if (current_provider->enabled) {
if (current_provider->slotevent_thread == PKCS11H_THREAD_NULL) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager found enabled provider without thread"
);
@@ -335,7 +343,7 @@ __pkcs11h_slotevent_manager (
}
else {
if (current_provider->slotevent_thread != PKCS11H_THREAD_NULL) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager found disabled provider with thread"
);
@@ -344,39 +352,39 @@ __pkcs11h_slotevent_manager (
}
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager waiting for slotevent"
);
- _pkcs11h_threading_condWait (&g_pkcs11h_data->slotevent.cond_event, PKCS11H_COND_INFINITE);
+ _pkcs11h_threading_condWait (&_g_pkcs11h_data->slotevent.cond_event, PKCS11H_COND_INFINITE);
- if (g_pkcs11h_data->slotevent.skip_event) {
- PKCS11H_DEBUG (
+ if (_g_pkcs11h_data->slotevent.skip_event) {
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Slotevent skipping event"
);
- g_pkcs11h_data->slotevent.skip_event = FALSE;
+ _g_pkcs11h_data->slotevent.skip_event = FALSE;
}
else {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG1,
"PKCS#11: Calling slotevent hook"
);
- g_pkcs11h_data->hooks.slotevent (g_pkcs11h_data->hooks.slotevent_data);
+ _g_pkcs11h_data->hooks.slotevent (_g_pkcs11h_data->hooks.slotevent_data);
}
}
{
- pkcs11h_provider_t current_provider;
+ _pkcs11h_provider_t current_provider;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager joining threads"
);
for (
- current_provider = g_pkcs11h_data->providers;
+ current_provider = _g_pkcs11h_data->providers;
current_provider != NULL;
current_provider = current_provider->next
) {
@@ -386,7 +394,7 @@ __pkcs11h_slotevent_manager (
}
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_slotevent_manager return"
);
@@ -396,32 +404,36 @@ __pkcs11h_slotevent_manager (
CK_RV
_pkcs11h_slotevent_init (void) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_slotevent_init entry"
);
- if (!g_pkcs11h_data->slotevent.initialized) {
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_condInit (&g_pkcs11h_data->slotevent.cond_event);
+ if (!_g_pkcs11h_data->slotevent.initialized) {
+ if ((rv = _pkcs11h_threading_condInit (&_g_pkcs11h_data->slotevent.cond_event)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_threading_threadStart (
- &g_pkcs11h_data->slotevent.thread,
+ if (
+ (rv = _pkcs11h_threading_threadStart (
+ &_g_pkcs11h_data->slotevent.thread,
__pkcs11h_slotevent_manager,
NULL
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- g_pkcs11h_data->slotevent.initialized = TRUE;
- }
+ _g_pkcs11h_data->slotevent.initialized = TRUE;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_slotevent_init return rv=%lu-'%s'",
rv,
@@ -434,17 +446,17 @@ _pkcs11h_slotevent_init (void) {
CK_RV
_pkcs11h_slotevent_notify (void) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_slotevent_notify entry"
);
- if (g_pkcs11h_data->slotevent.initialized) {
- g_pkcs11h_data->slotevent.skip_event = TRUE;
- _pkcs11h_threading_condSignal (&g_pkcs11h_data->slotevent.cond_event);
+ if (_g_pkcs11h_data->slotevent.initialized) {
+ _g_pkcs11h_data->slotevent.skip_event = TRUE;
+ _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_slotevent_notify return"
);
@@ -454,9 +466,9 @@ _pkcs11h_slotevent_notify (void) {
CK_RV
_pkcs11h_slotevent_terminate_force (void) {
- if (g_pkcs11h_data->slotevent.initialized) {
- _pkcs11h_threading_condFree (&g_pkcs11h_data->slotevent.cond_event);
- g_pkcs11h_data->slotevent.initialized = FALSE;
+ if (_g_pkcs11h_data->slotevent.initialized) {
+ _pkcs11h_threading_condFree (&_g_pkcs11h_data->slotevent.cond_event);
+ _g_pkcs11h_data->slotevent.initialized = FALSE;
}
return CKR_OK;
@@ -465,24 +477,24 @@ _pkcs11h_slotevent_terminate_force (void) {
CK_RV
_pkcs11h_slotevent_terminate (void) {
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_slotevent_terminate entry"
);
- if (g_pkcs11h_data->slotevent.initialized) {
- g_pkcs11h_data->slotevent.should_terminate = TRUE;
+ if (_g_pkcs11h_data->slotevent.initialized) {
+ _g_pkcs11h_data->slotevent.should_terminate = TRUE;
_pkcs11h_slotevent_notify ();
- if (g_pkcs11h_data->slotevent.thread != PKCS11H_THREAD_NULL) {
- _pkcs11h_threading_threadJoin (&g_pkcs11h_data->slotevent.thread);
+ if (_g_pkcs11h_data->slotevent.thread != PKCS11H_THREAD_NULL) {
+ _pkcs11h_threading_threadJoin (&_g_pkcs11h_data->slotevent.thread);
}
_pkcs11h_slotevent_terminate_force ();
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_slotevent_terminate return"
);
diff --git a/lib/pkcs11h-sys.c b/lib/pkcs11h-sys.c
index 1140536..9dfb42a 100644
--- a/lib/pkcs11h-sys.c
+++ b/lib/pkcs11h-sys.c
@@ -83,7 +83,7 @@ __mygettimeofday (struct timeval *tv) {
}
#endif
-pkcs11h_engine_system_t g_pkcs11h_sys_engine = {
+pkcs11h_engine_system_t _g_pkcs11h_sys_engine = {
malloc,
free,
__mytime,
@@ -99,9 +99,9 @@ CK_RV
pkcs11h_engine_setSystem (
IN const pkcs11h_engine_system_t * const engine
) {
- PKCS11H_ASSERT (engine!=NULL);
+ _PKCS11H_ASSERT (engine!=NULL);
- memmove (&g_pkcs11h_sys_engine, engine, sizeof (pkcs11h_engine_system_t));
+ memmove (&_g_pkcs11h_sys_engine, engine, sizeof (pkcs11h_engine_system_t));
return CKR_OK;
}
diff --git a/lib/pkcs11h-threading.c b/lib/pkcs11h-threading.c
index 112ae0b..32b2ecc 100644
--- a/lib/pkcs11h-threading.c
+++ b/lib/pkcs11h-threading.c
@@ -64,17 +64,23 @@
#include "_pkcs11h-threading.h"
typedef struct {
- pkcs11h_thread_start_t start;
+ _pkcs11h_thread_start_t start;
void *data;
-} __pkcs11h_thread_data_t;
+} ___pkcs11h_thread_data_t;
/*==========================================
* Static data
*/
#if !defined(_WIN32)
+typedef struct __pkcs11h_threading_mutex_entry_s {
+ struct __pkcs11h_threading_mutex_entry_s *next;
+ _pkcs11h_mutex_t *p_mutex;
+ PKCS11H_BOOL locked;
+} *__pkcs11h_threading_mutex_entry_t;
+
static struct {
- pkcs11h_mutex_t mutex;
+ _pkcs11h_mutex_t mutex;
__pkcs11h_threading_mutex_entry_t head;
} __s_pkcs11h_threading_mutex_list = {
PTHREAD_MUTEX_INITIALIZER,
@@ -86,54 +92,56 @@ void
_pkcs11h_threading_sleep (
IN const unsigned milli
) {
- g_pkcs11h_sys_engine.usleep (milli*1000);
+ _g_pkcs11h_sys_engine.usleep (milli*1000);
}
CK_RV
_pkcs11h_threading_mutexInit (
- OUT pkcs11h_mutex_t * const mutex
+ OUT _pkcs11h_mutex_t * const mutex
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
#if defined(_WIN32)
- if (
- rv == CKR_OK &&
- (*mutex = CreateMutex (NULL, FALSE, NULL)) == NULL
- ) {
+ if ((*mutex = CreateMutex (NULL, FALSE, NULL)) == NULL) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
+
+ rv = CKR_OK;
+
+cleanup:
+
#else
{
__pkcs11h_threading_mutex_entry_t entry = NULL;
PKCS11H_BOOL mutex_locked = FALSE;
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc (
+ if (
+ (rv = _pkcs11h_mem_malloc (
(void *)&entry,
sizeof (struct __pkcs11h_threading_mutex_entry_s)
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (
- rv == CKR_OK &&
- pthread_mutex_init (mutex, NULL)
- ) {
+ if (pthread_mutex_init (mutex, NULL)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- entry->p_mutex = mutex;
- entry->next = __s_pkcs11h_threading_mutex_list.head;
- __s_pkcs11h_threading_mutex_list.head = entry;
- entry = NULL;
- }
+ entry->p_mutex = mutex;
+ entry->next = __s_pkcs11h_threading_mutex_list.head;
+ __s_pkcs11h_threading_mutex_list.head = entry;
+ entry = NULL;
+ rv = CKR_OK;
+ cleanup:
if (entry != NULL) {
_pkcs11h_mem_free ((void *)&entry);
}
@@ -149,53 +157,48 @@ _pkcs11h_threading_mutexInit (
CK_RV
_pkcs11h_threading_mutexLock (
- IN OUT pkcs11h_mutex_t *const mutex
+ IN OUT _pkcs11h_mutex_t *const mutex
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
#if defined(_WIN32)
- if (
- rv == CKR_OK &&
- WaitForSingleObject (*mutex, INFINITE) == WAIT_FAILED
- ) {
+ if (WaitForSingleObject (*mutex, INFINITE) == WAIT_FAILED) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#else
- if (
- rv == CKR_OK &&
- pthread_mutex_lock (mutex)
- ) {
- rv = CKR_FUNCTION_FAILED;
+ if (pthread_mutex_lock (mutex)) {
+ goto cleanup;
}
#endif
+ rv = CKR_OK;
+cleanup:
return rv;
}
CK_RV
_pkcs11h_threading_mutexRelease (
- IN OUT pkcs11h_mutex_t *const mutex
+ IN OUT _pkcs11h_mutex_t *const mutex
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
#if defined(_WIN32)
- if (
- rv == CKR_OK &&
- !ReleaseMutex (*mutex)
- ) {
+ if (!ReleaseMutex (*mutex)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#else
- if (
- rv == CKR_OK &&
- pthread_mutex_unlock (mutex)
- ) {
+ if (pthread_mutex_unlock (mutex)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#endif
+ rv = CKR_OK;
+cleanup:
return rv;
}
CK_RV
_pkcs11h_threading_mutexFree (
- IN OUT pkcs11h_mutex_t *const mutex
+ IN OUT _pkcs11h_mutex_t *const mutex
) {
#if defined(_WIN32)
if (*mutex != NULL) {
@@ -208,9 +211,10 @@ _pkcs11h_threading_mutexFree (
__pkcs11h_threading_mutex_entry_t entry = NULL;
PKCS11H_BOOL mutex_locked = FALSE;
- if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) == CKR_OK) {
- mutex_locked = TRUE;
+ if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
entry = __s_pkcs11h_threading_mutex_list.head;
while (
@@ -233,6 +237,7 @@ _pkcs11h_threading_mutexFree (
pthread_mutex_destroy (mutex);
+cleanup:
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex);
mutex_locked = FALSE;
@@ -256,9 +261,10 @@ _pkcs1h_threading_mutexLockAll (void) {
PKCS11H_BOOL mutex_locked = FALSE;
PKCS11H_BOOL all_mutexes_locked = FALSE;
- if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) == CKR_OK) {
- mutex_locked = TRUE;
+ if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
for (
entry = __s_pkcs11h_threading_mutex_list.head;
@@ -305,6 +311,8 @@ _pkcs1h_threading_mutexLockAll (void) {
}
}
+cleanup:
+
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex);
mutex_locked = FALSE;
@@ -316,9 +324,10 @@ _pkcs1h_threading_mutexReleaseAll (void) {
__pkcs11h_threading_mutex_entry_t entry = NULL;
PKCS11H_BOOL mutex_locked = FALSE;
- if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) == CKR_OK) {
- mutex_locked = TRUE;
+ if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
for (
entry = __s_pkcs11h_threading_mutex_list.head;
@@ -329,6 +338,8 @@ _pkcs1h_threading_mutexReleaseAll (void) {
entry->locked = FALSE;
}
+cleanup:
+
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex);
mutex_locked = FALSE;
@@ -338,19 +349,17 @@ _pkcs1h_threading_mutexReleaseAll (void) {
CK_RV
_pkcs11h_threading_condSignal (
- IN OUT pkcs11h_cond_t *const cond
+ IN OUT _pkcs11h_cond_t *const cond
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
#if defined(_WIN32)
- if (
- rv == CKR_OK &&
- !SetEvent (*cond)
- ) {
+ if (!SetEvent (*cond)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#else
if (
- rv == CKR_OK &&
(
pthread_mutex_lock (&cond->mut) ||
pthread_cond_signal (&cond->cond) ||
@@ -358,27 +367,26 @@ _pkcs11h_threading_condSignal (
)
) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#endif
-
+ rv = CKR_OK;
+cleanup:
return rv;
}
CK_RV
_pkcs11h_threading_condInit (
- OUT pkcs11h_cond_t * const cond
+ OUT _pkcs11h_cond_t * const cond
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
#if defined(_WIN32)
- if (
- rv == CKR_OK &&
- (*cond = CreateEvent (NULL, FALSE, FALSE, NULL)) == NULL
- ) {
+ if ((*cond = CreateEvent (NULL, FALSE, FALSE, NULL)) == NULL) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#else
if (
- rv == CKR_OK &&
(
pthread_mutex_init (&cond->mut, NULL) ||
pthread_cond_init (&cond->cond, NULL) ||
@@ -386,17 +394,20 @@ _pkcs11h_threading_condInit (
)
) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#endif
+ rv = CKR_OK;
+cleanup:
return rv;
}
CK_RV
_pkcs11h_threading_condWait (
- IN OUT pkcs11h_cond_t *const cond,
+ IN OUT _pkcs11h_cond_t *const cond,
IN const unsigned milli
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
#if defined(_WIN32)
DWORD dwMilli;
@@ -408,51 +419,43 @@ _pkcs11h_threading_condWait (
dwMilli = milli;
}
- if (
- rv == CKR_OK &&
- WaitForSingleObject (*cond, dwMilli) == WAIT_FAILED
- ) {
+ if (WaitForSingleObject (*cond, dwMilli) == WAIT_FAILED) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#else
if (milli == PKCS11H_COND_INFINITE) {
- if (
- rv == CKR_OK &&
- pthread_cond_wait (&cond->cond, &cond->mut)
- ) {
+ if (pthread_cond_wait (&cond->cond, &cond->mut) ) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
}
else {
struct timeval now;
struct timespec timeout;
- if (
- rv == CKR_OK &&
- g_pkcs11h_sys_engine.gettimeofday (&now)
- ) {
+ if (_g_pkcs11h_sys_engine.gettimeofday (&now)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
- if (rv == CKR_OK) {
- timeout.tv_sec = now.tv_sec + milli/1000;
- timeout.tv_nsec = now.tv_usec*1000 + milli%1000;
- }
+ timeout.tv_sec = now.tv_sec + milli/1000;
+ timeout.tv_nsec = now.tv_usec*1000 + milli%1000;
- if (
- rv == CKR_OK &&
- pthread_cond_timedwait (&cond->cond, &cond->mut, &timeout)
- ) {
+ if (pthread_cond_timedwait (&cond->cond, &cond->mut, &timeout)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
}
#endif
+ rv = CKR_OK;
+cleanup:
return rv;
}
CK_RV
_pkcs11h_threading_condFree (
- IN OUT pkcs11h_cond_t *const cond
+ IN OUT _pkcs11h_cond_t *const cond
) {
#if defined(_WIN32)
CloseHandle (*cond);
@@ -467,8 +470,8 @@ _pkcs11h_threading_condFree (
static
unsigned
__stdcall
-__pkcs11h_thread_start (void *p) {
- __pkcs11h_thread_data_t *_data = (__pkcs11h_thread_data_t *)p;
+___pkcs11h_thread_start (void *p) {
+ ___pkcs11h_thread_data_t *_data = (___pkcs11h_thread_data_t *)p;
unsigned ret;
ret = (unsigned)_data->start (_data->data);
@@ -480,8 +483,8 @@ __pkcs11h_thread_start (void *p) {
#else
static
void *
-__pkcs11h_thread_start (void *p) {
- __pkcs11h_thread_data_t *_data = (__pkcs11h_thread_data_t *)p;
+___pkcs11h_thread_start (void *p) {
+ ___pkcs11h_thread_data_t *_data = (___pkcs11h_thread_data_t *)p;
void *ret;
int i;
@@ -503,57 +506,57 @@ __pkcs11h_thread_start (void *p) {
CK_RV
_pkcs11h_threading_threadStart (
- OUT pkcs11h_thread_t * const thread,
- IN pkcs11h_thread_start_t const start,
+ OUT _pkcs11h_thread_t * const thread,
+ IN _pkcs11h_thread_start_t const start,
IN void * data
) {
- __pkcs11h_thread_data_t *_data = NULL;
- CK_RV rv = CKR_OK;
+ ___pkcs11h_thread_data_t *_data = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc (
+ if (
+ (rv = _pkcs11h_mem_malloc (
(void *)&_data,
- sizeof (__pkcs11h_thread_data_t)
- );
+ sizeof (___pkcs11h_thread_data_t)
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- _data->start = start;
- _data->data = data;
- }
+ _data->start = start;
+ _data->data = data;
#if defined(_WIN32)
{
unsigned tmp;
if (
- rv == CKR_OK &&
(*thread = (HANDLE)_beginthreadex (
NULL,
0,
- __pkcs11h_thread_start,
+ ___pkcs11h_thread_start,
_data,
0,
&tmp
)) == NULL
) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
}
#else
- if (
- rv == CKR_OK &&
- pthread_create (thread, NULL, __pkcs11h_thread_start, _data)
- ) {
+ if (pthread_create (thread, NULL, ___pkcs11h_thread_start, _data)) {
rv = CKR_FUNCTION_FAILED;
+ goto cleanup;
}
#endif
+ rv = CKR_OK;
+cleanup:
return rv;
}
CK_RV
_pkcs11h_threading_threadJoin (
- IN pkcs11h_thread_t * const thread
+ IN _pkcs11h_thread_t * const thread
) {
#if defined(_WIN32)
WaitForSingleObject (*thread, INFINITE);
diff --git a/lib/pkcs11h-token.c b/lib/pkcs11h-token.c
index 4520713..b2bda5e 100644
--- a/lib/pkcs11h-token.c
+++ b/lib/pkcs11h-token.c
@@ -61,11 +61,11 @@ CK_RV
pkcs11h_token_freeTokenId (
IN pkcs11h_token_id_t token_id
) {
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (token_id!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (token_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=%p",
(void *)token_id
@@ -73,7 +73,7 @@ pkcs11h_token_freeTokenId (
_pkcs11h_mem_free ((void *)&token_id);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeTokenId return"
);
@@ -86,14 +86,14 @@ pkcs11h_token_duplicateTokenId (
OUT pkcs11h_token_id_t * const to,
IN const pkcs11h_token_id_t from
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (to!=NULL);
- PKCS11H_ASSERT (from!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (to!=NULL);
+ _PKCS11H_ASSERT (from!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_duplicateTokenId entry to=%p form=%p",
(void *)to,
@@ -102,16 +102,22 @@ pkcs11h_token_duplicateTokenId (
*to = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_duplicate (
+ if (
+ (rv = _pkcs11h_mem_duplicate (
(void*)to,
NULL,
from,
sizeof (struct pkcs11h_token_id_s)
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
- PKCS11H_DEBUG (
+ rv = CKR_OK;
+
+cleanup:
+
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_duplicateTokenId return rv=%lu-'%s', *to=%p",
rv,
@@ -127,8 +133,8 @@ pkcs11h_token_sameTokenId (
IN const pkcs11h_token_id_t a,
IN const pkcs11h_token_id_t b
) {
- PKCS11H_ASSERT (a!=NULL);
- PKCS11H_ASSERT (b!=NULL);
+ _PKCS11H_ASSERT (a!=NULL);
+ _PKCS11H_ASSERT (b!=NULL);
return (
!strcmp (a->manufacturerID, b->manufacturerID) &&
@@ -144,12 +150,12 @@ _pkcs11h_token_getTokenId (
OUT pkcs11h_token_id_t * const p_token_id
) {
pkcs11h_token_id_t token_id;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (info!=NULL);
- PKCS11H_ASSERT (p_token_id!=NULL);
+ _PKCS11H_ASSERT (info!=NULL);
+ _PKCS11H_ASSERT (p_token_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=%p",
(void *)p_token_id
@@ -157,47 +163,47 @@ _pkcs11h_token_getTokenId (
*p_token_id = NULL;
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_token_newTokenId (&token_id)) == CKR_OK
- ) {
- _pkcs11h_util_fixupFixedString (
- token_id->label,
- (char *)info->label,
- sizeof (info->label)
- );
- _pkcs11h_util_fixupFixedString (
- token_id->manufacturerID,
- (char *)info->manufacturerID,
- sizeof (info->manufacturerID)
- );
- _pkcs11h_util_fixupFixedString (
- token_id->model,
- (char *)info->model,
- sizeof (info->model)
- );
- _pkcs11h_util_fixupFixedString (
- token_id->serialNumber,
- (char *)info->serialNumber,
- sizeof (info->serialNumber)
- );
- strncpy (
- token_id->display,
- token_id->label,
- sizeof (token_id->display)
- );
+ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
+ goto cleanup;
}
- if (rv == CKR_OK) {
- *p_token_id = token_id;
- token_id = NULL;
- }
+ _pkcs11h_util_fixupFixedString (
+ token_id->label,
+ (char *)info->label,
+ sizeof (info->label)
+ );
+ _pkcs11h_util_fixupFixedString (
+ token_id->manufacturerID,
+ (char *)info->manufacturerID,
+ sizeof (info->manufacturerID)
+ );
+ _pkcs11h_util_fixupFixedString (
+ token_id->model,
+ (char *)info->model,
+ sizeof (info->model)
+ );
+ _pkcs11h_util_fixupFixedString (
+ token_id->serialNumber,
+ (char *)info->serialNumber,
+ sizeof (info->serialNumber)
+ );
+ strncpy (
+ token_id->display,
+ token_id->label,
+ sizeof (token_id->display)
+ );
+
+ *p_token_id = token_id;
+ token_id = NULL;
+ rv = CKR_OK;
+
+cleanup:
if (token_id != NULL) {
_pkcs11h_mem_free ((void *)&token_id);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_token_getTokenId return rv=%lu-'%s', *p_token_id=%p",
rv,
@@ -212,13 +218,15 @@ CK_RV
_pkcs11h_token_newTokenId (
OUT pkcs11h_token_id_t * const p_token_id
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+ pkcs11h_token_id_t token_id = NULL;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (p_token_id!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (p_token_id!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=%p",
(void *)p_token_id
@@ -226,11 +234,23 @@ _pkcs11h_token_newTokenId (
*p_token_id = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc ((void *)p_token_id, sizeof (struct pkcs11h_token_id_s));
+ if ((rv = _pkcs11h_mem_malloc ((void *)&token_id, sizeof (struct pkcs11h_token_id_s))) != CKR_OK) {
+ goto cleanup;
+ }
+
+ *p_token_id = token_id;
+ token_id = NULL;
+
+ rv = CKR_OK;
+
+cleanup:
+
+ if (token_id != NULL) {
+ _pkcs11h_mem_free ((void *)&token_id);
+ token_id = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_token_newTokenId return rv=%lu-'%s', *p_token_id=%p",
rv,
@@ -250,16 +270,16 @@ pkcs11h_token_login (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- CK_SLOT_ID slot = PKCS11H_INVALID_SLOT_ID;
+ CK_SLOT_ID slot = _PKCS11H_INVALID_SLOT_ID;
CK_ULONG pin_size = 0;
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- pkcs11h_session_t session = NULL;
+ _pkcs11h_session_t session = NULL;
- PKCS11H_ASSERT (token_id!=NULL);
- /*PKCS11H_ASSERT (pin!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (token_id!=NULL);
+ /*_PKCS11H_ASSERT (pin!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_login entry token_id=%p, readonly=%d\n",
(void *)token_id,
@@ -270,36 +290,27 @@ pkcs11h_token_login (
pin_size = strlen (pin);
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_logout (session);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_reset (session, NULL, 0, &slot);
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_touch (session);
- }
-
- if (rv == CKR_OK) {
- rv = session->provider->f->C_OpenSession (
+ if (
+ (rv = _pkcs11h_session_logout (session)) != CKR_OK ||
+ (rv = _pkcs11h_session_reset (session, NULL, 0, &slot)) != CKR_OK ||
+ (rv = __pkcs11h_session_touch (session)) != CKR_OK ||
+ (rv = session->provider->f->C_OpenSession (
slot,
(
CKF_SERIAL_SESSION |
@@ -308,11 +319,11 @@ pkcs11h_token_login (
NULL_PTR,
NULL_PTR,
&session->session_handle
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
-
if (
- rv == CKR_OK &&
(rv = session->provider->f->C_Login (
session->session_handle,
CKU_USER,
@@ -320,11 +331,15 @@ pkcs11h_token_login (
pin_size
)) != CKR_OK
) {
- if (rv == CKR_USER_ALREADY_LOGGED_IN) {
- rv = CKR_OK;
+ if (rv != CKR_USER_ALREADY_LOGGED_IN) {
+ goto cleanup;
}
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -337,7 +352,7 @@ pkcs11h_token_login (
session = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_login return rv=%lu-'%s'",
rv,
@@ -358,15 +373,17 @@ pkcs11h_token_ensureAccess (
#if defined(ENABLE_PKCS11H_THREADING)
PKCS11H_BOOL mutex_locked = FALSE;
#endif
- pkcs11h_session_t session = NULL;
- CK_RV rv = CKR_OK;
+ _pkcs11h_session_t session = NULL;
+
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ CK_SLOT_ID slot;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (token_id!=NULL);
- /*PKCS11H_ASSERT (user_data) NOT NEEDED */
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (token_id!=NULL);
+ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_ensureAccess entry token_id=%p, user_data=%p, mask_prompt=%08x",
(void *)token_id,
@@ -374,33 +391,38 @@ pkcs11h_token_ensureAccess (
mask_prompt
);
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSessionByTokenId (
+ if (
+ (rv = _pkcs11h_session_getSessionByTokenId (
token_id,
&session
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&session->mutex)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
- if (rv == CKR_OK) {
- CK_SLOT_ID slot;
- rv = _pkcs11h_session_reset (
+ if (
+ (rv = _pkcs11h_session_reset (
session,
user_data,
mask_prompt,
&slot
- );
+ )) != CKR_OK
+ ) {
+ goto cleanup;
}
+ rv = CKR_OK;
+
+cleanup:
+
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
_pkcs11h_threading_mutexRelease (&session->mutex);
@@ -413,7 +435,7 @@ pkcs11h_token_ensureAccess (
session = NULL;
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_ensureAccess return rv=%lu-'%s'",
rv,
@@ -429,11 +451,11 @@ pkcs11h_token_freeTokenIdList (
) {
pkcs11h_token_id_list_t _id = token_id_list;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- /*PKCS11H_ASSERT (token_id_list!=NULL); NOT NEEDED*/
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ /*_PKCS11H_ASSERT (token_id_list!=NULL); NOT NEEDED*/
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeTokenIdList entry token_id_list=%p",
(void *)token_id_list
@@ -449,7 +471,7 @@ pkcs11h_token_freeTokenIdList (
_pkcs11h_mem_free ((void *)&x);
}
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_freeTokenIdList return"
);
@@ -467,14 +489,14 @@ pkcs11h_token_enumTokenIds (
#endif
pkcs11h_token_id_list_t token_id_list = NULL;
- pkcs11h_provider_t current_provider;
- CK_RV rv = CKR_OK;
+ _pkcs11h_provider_t current_provider;
+ CK_RV rv = CKR_FUNCTION_FAILED;
- PKCS11H_ASSERT (g_pkcs11h_data!=NULL);
- PKCS11H_ASSERT (g_pkcs11h_data->initialized);
- PKCS11H_ASSERT (p_token_id_list!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL);
+ _PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
+ _PKCS11H_ASSERT (p_token_id_list!=NULL);
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_enumTokenIds entry method=%u, p_token_id_list=%p",
method,
@@ -484,73 +506,77 @@ pkcs11h_token_enumTokenIds (
*p_token_id_list = NULL;
#if defined(ENABLE_PKCS11H_THREADING)
- if (
- rv == CKR_OK &&
- (rv = _pkcs11h_threading_mutexLock (&g_pkcs11h_data->mutexes.global)) == CKR_OK
- ) {
- mutex_locked = TRUE;
+ if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) {
+ goto cleanup;
}
+ mutex_locked = TRUE;
#endif
for (
- current_provider = g_pkcs11h_data->providers;
- (
- current_provider != NULL &&
- rv == CKR_OK
- );
+ current_provider = _g_pkcs11h_data->providers;
+ current_provider != NULL;
current_provider = current_provider->next
) {
CK_SLOT_ID_PTR slots = NULL;
CK_ULONG slotnum;
CK_SLOT_ID slot_index;
+ /*
+ * Skip disabled providers
+ */
if (!current_provider->enabled) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ continue;
}
- if (rv == CKR_OK) {
- rv = _pkcs11h_session_getSlotList (
+ if (
+ (rv = _pkcs11h_session_getSlotList (
current_provider,
CK_TRUE,
&slots,
&slotnum
+ )) != CKR_OK
+ ) {
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG1,
+ "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'",
+ current_provider->manufacturerID,
+ rv,
+ pkcs11h_getMessage (rv)
);
+ goto retry1;
}
for (
slot_index=0;
- (
- slot_index < slotnum &&
- rv == CKR_OK
- );
+ slot_index < slotnum;
slot_index++
) {
pkcs11h_token_id_list_t entry = NULL;
CK_TOKEN_INFO info;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc ((void *)&entry, sizeof (struct pkcs11h_token_id_list_s));
- }
-
- if (rv == CKR_OK) {
- rv = current_provider->f->C_GetTokenInfo (
+ if (
+ (rv = _pkcs11h_mem_malloc (
+ (void *)&entry,
+ sizeof (struct pkcs11h_token_id_list_s)
+ )) != CKR_OK ||
+ (rv = current_provider->f->C_GetTokenInfo (
slots[slot_index],
&info
- );
- }
-
- if (rv == CKR_OK) {
- rv = _pkcs11h_token_getTokenId (
+ )) != CKR_OK ||
+ (rv = _pkcs11h_token_getTokenId (
&info,
&entry->token_id
- );
+ ))
+ ) {
+ goto retry11;
}
- if (rv == CKR_OK) {
- entry->next = token_id_list;
- token_id_list = entry;
- entry = NULL;
- }
+ entry->next = token_id_list;
+ token_id_list = entry;
+ entry = NULL;
+ rv = CKR_OK;
+
+ retry11:
if (entry != NULL) {
pkcs11h_token_freeTokenIdList (entry);
@@ -558,20 +584,7 @@ pkcs11h_token_enumTokenIds (
}
}
- if (rv != CKR_OK) {
- PKCS11H_DEBUG (
- PKCS11H_LOG_DEBUG1,
- "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'",
- current_provider->manufacturerID,
- rv,
- pkcs11h_getMessage (rv)
- );
-
- /*
- * Ignore error
- */
- rv = CKR_OK;
- }
+ retry1:
if (slots != NULL) {
_pkcs11h_mem_free ((void *)&slots);
@@ -579,12 +592,12 @@ pkcs11h_token_enumTokenIds (
}
}
- if (rv == CKR_OK && method == PKCS11H_ENUM_METHOD_CACHE) {
- pkcs11h_session_t session = NULL;
+ if (method == PKCS11H_ENUM_METHOD_CACHE) {
+ _pkcs11h_session_t session = NULL;
for (
- session = g_pkcs11h_data->sessions;
- session != NULL && rv == CKR_OK;
+ session = _g_pkcs11h_data->sessions;
+ session != NULL;
session = session->next
) {
pkcs11h_token_id_list_t entry = NULL;
@@ -608,25 +621,24 @@ pkcs11h_token_enumTokenIds (
if (!found) {
entry = NULL;
- if (rv == CKR_OK) {
- rv = _pkcs11h_mem_malloc (
+ if (
+ (rv = _pkcs11h_mem_malloc (
(void *)&entry,
sizeof (struct pkcs11h_token_id_list_s)
- );
- }
-
- if (rv == CKR_OK) {
- rv = pkcs11h_token_duplicateTokenId (
+ )) != CKR_OK ||
+ (rv = pkcs11h_token_duplicateTokenId (
&entry->token_id,
session->token_id
- );
+ )) != CKR_OK
+ ) {
+ goto retry12;
}
- if (rv == CKR_OK) {
- entry->next = token_id_list;
- token_id_list = entry;
- entry = NULL;
- }
+ entry->next = token_id_list;
+ token_id_list = entry;
+ entry = NULL;
+
+ retry12:
if (entry != NULL) {
if (entry->token_id != NULL) {
@@ -638,10 +650,11 @@ pkcs11h_token_enumTokenIds (
}
}
- if (rv == CKR_OK) {
- *p_token_id_list = token_id_list;
- token_id_list = NULL;
- }
+ *p_token_id_list = token_id_list;
+ token_id_list = NULL;
+ rv = CKR_OK;
+
+cleanup:
if (token_id_list != NULL) {
pkcs11h_token_freeTokenIdList (token_id_list);
@@ -650,12 +663,12 @@ pkcs11h_token_enumTokenIds (
#if defined(ENABLE_PKCS11H_THREADING)
if (mutex_locked) {
- rv = _pkcs11h_threading_mutexRelease (&g_pkcs11h_data->mutexes.global);
+ rv = _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global);
mutex_locked = FALSE;
}
#endif
- PKCS11H_DEBUG (
+ _PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: pkcs11h_token_enumTokenIds return rv=%lu-'%s', *p_token_id_list=%p",
rv,
diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c
index ebdefe3..35b55ea 100644
--- a/lib/pkcs11h-util.c
+++ b/lib/pkcs11h-util.c
@@ -60,8 +60,8 @@ _pkcs11h_util_fixupFixedString (
) {
char *p;
- PKCS11H_ASSERT (source!=NULL);
- PKCS11H_ASSERT (target!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ _PKCS11H_ASSERT (target!=NULL);
p = target+length;
memmove (target, source, length);
@@ -84,9 +84,9 @@ _pkcs11h_util_hexToBinary (
char buf[3] = {'\0', '\0', '\0'};
int i = 0;
- PKCS11H_ASSERT (source!=NULL);
- PKCS11H_ASSERT (target!=NULL);
- PKCS11H_ASSERT (p_target_size!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
+ _PKCS11H_ASSERT (target!=NULL);
+ _PKCS11H_ASSERT (p_target_size!=NULL);
target_max_size = *p_target_size;
p = source;
@@ -128,8 +128,8 @@ _pkcs11h_util_binaryToHex (
static const char *x = "0123456789ABCDEF";
size_t i;
- PKCS11H_ASSERT (target!=NULL);
- PKCS11H_ASSERT (source!=NULL);
+ _PKCS11H_ASSERT (target!=NULL);
+ _PKCS11H_ASSERT (source!=NULL);
if (target_size < source_size * 2 + 1) {
return CKR_ATTRIBUTE_VALUE_INVALID;
@@ -152,21 +152,22 @@ _pkcs11h_util_escapeString (
IN const char * const invalid_chars
) {
static const char *x = "0123456789ABCDEF";
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
const char *s = source;
char *t = target;
size_t n = 0;
- /*PKCS11H_ASSERT (target!=NULL); Not required*/
- PKCS11H_ASSERT (source!=NULL);
- PKCS11H_ASSERT (max!=NULL);
+ /*_PKCS11H_ASSERT (target!=NULL); Not required*/
+ _PKCS11H_ASSERT (source!=NULL);
+ _PKCS11H_ASSERT (max!=NULL);
- while (rv == CKR_OK && *s != '\x0') {
+ while (*s != '\x0') {
if (*s == '\\' || strchr (invalid_chars, *s) || !isgraph (*s)) {
if (t != NULL) {
if (n+4 > *max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
else {
t[0] = '\\';
@@ -182,6 +183,7 @@ _pkcs11h_util_escapeString (
if (t != NULL) {
if (n+1 > *max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
else {
*t = *s;
@@ -197,6 +199,7 @@ _pkcs11h_util_escapeString (
if (t != NULL) {
if (n+1 > *max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
else {
*t = '\x0';
@@ -206,6 +209,9 @@ _pkcs11h_util_escapeString (
n++;
*max = n;
+ rv = CKR_OK;
+
+cleanup:
return rv;
}
@@ -216,20 +222,21 @@ _pkcs11h_util_unescapeString (
IN const char * const source,
IN size_t * const max
) {
- CK_RV rv = CKR_OK;
+ CK_RV rv = CKR_FUNCTION_FAILED;
const char *s = source;
char *t = target;
size_t n = 0;
- /*PKCS11H_ASSERT (target!=NULL); Not required*/
- PKCS11H_ASSERT (source!=NULL);
- PKCS11H_ASSERT (max!=NULL);
+ /*_PKCS11H_ASSERT (target!=NULL); Not required*/
+ _PKCS11H_ASSERT (source!=NULL);
+ _PKCS11H_ASSERT (max!=NULL);
- while (rv == CKR_OK && *s != '\x0') {
+ while (*s != '\x0') {
if (*s == '\\') {
if (t != NULL) {
if (n+1 > *max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
else {
char b[3];
@@ -248,6 +255,7 @@ _pkcs11h_util_unescapeString (
if (t != NULL) {
if (n+1 > *max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
else {
*t = *s;
@@ -263,6 +271,7 @@ _pkcs11h_util_unescapeString (
if (t != NULL) {
if (n+1 > *max) {
rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
}
else {
*t = '\x0';
@@ -272,6 +281,9 @@ _pkcs11h_util_unescapeString (
n++;
*max = n;
+ rv = CKR_OK;
+
+cleanup:
return rv;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git
More information about the pkg-opensc-commit
mailing list