[pkg-opensc-commit] [opensc] 110/295: pkcs15init: explicitly lock the card
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:21 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit de7aaa4197cd5a3d97ed145716f75d9594158d2c
Author: Frank Morgner <frankmorgner at gmail.com>
Date: Mon Oct 17 00:10:16 2016 +0200
pkcs15init: explicitly lock the card
Fixes https://github.com/OpenSC/OpenSC/issues/703
---
src/tools/pkcs15-init.c | 107 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 88 insertions(+), 19 deletions(-)
diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c
index 4e1e062..0bde324 100644
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@@ -621,7 +621,6 @@ out:
sc_pkcs15_unbind(p15card);
}
if (card) {
- sc_unlock(card);
sc_disconnect_card(card);
}
sc_release_context(ctx);
@@ -649,7 +648,7 @@ open_reader_and_card(char *reader)
sc_ctx_log_to_file(ctx, "stderr");
}
- if (util_connect_card(ctx, &card, reader, opt_wait, verbose))
+ if (util_connect_card_ex(ctx, &card, reader, opt_wait, 0, verbose))
return 0;
return 1;
@@ -664,6 +663,10 @@ do_assert_pristine(sc_card_t *in_card)
sc_path_t path;
int r, ok = 1;
+ r = sc_lock(in_card);
+ if (r < 0)
+ goto end;
+
sc_format_path("3F00", &path);
r = sc_select_file(in_card, &path, NULL);
if (r)
@@ -683,6 +686,7 @@ do_assert_pristine(sc_card_t *in_card)
ok = 0;
end:
+ sc_unlock(in_card);
if (!ok) {
fprintf(stderr,
"Card not pristine; detected (possibly incomplete) "
@@ -702,14 +706,14 @@ do_erase(sc_card_t *in_card, struct sc_profile *profile)
{
int r;
struct sc_pkcs15_card *p15card;
+ struct sc_aid aid;
+ struct sc_aid *paid = NULL;
p15card = sc_pkcs15_card_new();
p15card->card = in_card;
ignore_cmdline_pins++;
if (opt_bind_to_aid) {
- struct sc_aid aid;
-
aid.len = sizeof(aid.value);
r = sc_hex_to_bin(opt_bind_to_aid, aid.value, &aid.len);
if (r < 0) {
@@ -717,11 +721,15 @@ do_erase(sc_card_t *in_card, struct sc_profile *profile)
goto err;
}
- r = sc_pkcs15init_erase_card(p15card, profile, &aid);
- }
- else {
- r = sc_pkcs15init_erase_card(p15card, profile, NULL);
+ paid = &aid;
}
+
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ goto err;
+ r = sc_pkcs15init_erase_card(p15card, profile, paid);
+ sc_unlock(p15card->card);
+
ignore_cmdline_pins--;
err:
@@ -742,7 +750,13 @@ do_erase_application(sc_card_t *in_card, struct sc_profile *profile)
static int do_finalize_card(sc_card_t *in_card, struct sc_profile *profile)
{
- return sc_pkcs15init_finalize_card(in_card, profile);
+ int r;
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
+ r = sc_pkcs15init_finalize_card(in_card, profile);
+ sc_unlock(p15card->card);
+ return r;
}
/*
@@ -823,7 +837,12 @@ do_init_app(struct sc_profile *profile)
args.serial = (const char *) opt_serial;
args.label = opt_label;
- return sc_pkcs15init_add_app(card, profile, &args);
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
+ r = sc_pkcs15init_add_app(card, profile, &args);
+ sc_unlock(p15card->card);
+ return r;
failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
return SC_ERROR_PKCS15INIT;
@@ -891,7 +910,12 @@ do_store_pin(struct sc_profile *profile)
args.puk = (u8 *) opt_pins[1];
args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0;
- return sc_pkcs15init_store_pin(p15card, profile, &args);
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
+ r = sc_pkcs15init_store_pin(p15card, profile, &args);
+ sc_unlock(p15card->card);
+ return r;
failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
return SC_ERROR_PKCS15INIT;
@@ -963,10 +987,14 @@ do_store_private_key(struct sc_profile *profile)
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
- r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);
-
+ r = sc_lock(p15card->card);
if (r < 0)
return r;
+ r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);
+ if (r < 0) {
+ sc_unlock(p15card->card);
+ return r;
+ }
/* If there are certificate as well (e.g. when reading the
* private key from a PKCS #12 file) store them, too.
@@ -1015,6 +1043,7 @@ next_cert:
if (ncerts == 0)
r = do_store_public_key(profile, pkey);
+ sc_unlock(p15card->card);
return r;
}
@@ -1077,15 +1106,21 @@ do_store_public_key(struct sc_profile *profile, EVP_PKEY *pkey)
args.label = (opt_pubkey_label != 0 ? opt_pubkey_label : opt_label);
args.x509_usage = opt_x509_usage;
- if (pkey == NULL)
+ if (pkey == NULL) {
r = do_read_public_key(opt_infile, opt_format, &pkey);
+ }
if (r >= 0) {
r = sc_pkcs15_convert_pubkey(&args.key, pkey);
if (r >= 0)
init_gost_params(&args.params.gost, pkey);
}
- if (r >= 0)
+ if (r >= 0) {
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
r = sc_pkcs15init_store_public_key(p15card, profile, &args, &dummy);
+ sc_unlock(p15card->card);
+ }
return r;
}
@@ -1114,8 +1149,13 @@ do_store_certificate(struct sc_profile *profile)
r = do_read_certificate(opt_infile, opt_format, &cert);
if (r >= 0)
r = do_convert_cert(&args.der_encoded, cert);
- if (r >= 0)
+ if (r >= 0) {
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
r = sc_pkcs15init_store_certificate(p15card, profile, &args, NULL);
+ sc_unlock(p15card->card);
+ }
if (args.der_encoded.value)
free(args.der_encoded.value);
@@ -1216,16 +1256,20 @@ do_update_certificate(struct sc_profile *profile)
return SC_ERROR_OBJECT_NOT_FOUND;
}
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
+
certinfo = (sc_pkcs15_cert_info_t *) obj->data;
r = sc_pkcs15_read_certificate(p15card, certinfo, &oldcert);
if (r < 0)
- return r;
+ goto err;
newcert_raw.value = NULL;
r = do_read_check_certificate(oldcert, opt_infile, opt_format, &newcert_raw);
sc_pkcs15_free_certificate(oldcert);
if (r < 0)
- return r;
+ goto err;
r = sc_pkcs15init_update_certificate(p15card, profile, obj,
newcert_raw.value, newcert_raw.len);
@@ -1233,6 +1277,8 @@ do_update_certificate(struct sc_profile *profile)
if (newcert_raw.value)
free(newcert_raw.value);
+err:
+ sc_unlock(p15card->card);
return r;
}
@@ -1268,7 +1314,11 @@ do_store_data_object(struct sc_profile *profile)
/* der_encoded contains the plain data, nothing DER encoded */
args.der_encoded.value = data;
args.der_encoded.len = datalen;
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
r = sc_pkcs15init_store_data_object(p15card, profile, &args, NULL);
+ sc_unlock(p15card->card);
}
if (data)
@@ -1282,7 +1332,13 @@ do_store_data_object(struct sc_profile *profile)
static int
do_sanity_check(struct sc_profile *profile)
{
- return sc_pkcs15init_sanity_check(p15card, profile);
+ int r;
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
+ r = sc_pkcs15init_sanity_check(p15card, profile);
+ sc_unlock(p15card->card);
+ return r;
}
static int cert_is_root(sc_pkcs15_cert_t *c)
@@ -1430,6 +1486,10 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
{
int r = 0, count = 0;
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
+
if (myopt_delete_flags & SC_PKCS15INIT_TYPE_DATA) {
struct sc_object_id app_oid;
sc_pkcs15_object_t *obj = NULL;
@@ -1464,6 +1524,7 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
count += r;
}
+ sc_unlock(p15card->card);
printf("Deleted %d objects\n", count);
return r;
@@ -1516,7 +1577,11 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type)
strlcpy(obj->label, opt_label, sizeof(obj->label));
}
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
r = sc_pkcs15init_update_any_df(p15card, profile, obj->df, 0);
+ sc_unlock(p15card->card);
return r;
}
@@ -1581,7 +1646,11 @@ do_generate_key(struct sc_profile *profile, const char *spec)
}
}
}
+ r = sc_lock(p15card->card);
+ if (r < 0)
+ return r;
r = sc_pkcs15init_generate_key(p15card, profile, &keygen_args, keybits, NULL);
+ sc_unlock(p15card->card);
return r;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list