aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2017-04-11 00:24:34 -0400
committerRob Austein <sra@hactrn.net>2017-04-11 00:24:34 -0400
commit81ae5e07be01c0aacc332eb82db2f0ff452ced3d (patch)
tree9401412f70caa0846567d1fdb28368c7d526492f
parentaf9cedc2515a6851716bd2ccc1857937d7f5c495 (diff)
Track API changes on sw/libhal pkcs8 branch.
-rw-r--r--pkcs11.c29
-rw-r--r--pkcs11.h6
-rw-r--r--pkcs11f.h16
-rw-r--r--pkcs11t.h2
-rwxr-xr-xscripts/build-py11-attributes2
5 files changed, 31 insertions, 24 deletions
diff --git a/pkcs11.c b/pkcs11.c
index 2350012..538654f 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -160,6 +160,7 @@ typedef struct p11_session {
unsigned find_query_session : 1; /* Find query for session objects in progress */
unsigned find_query_n : 30; /* Number of entries in find_query */
hal_uuid_t find_query_previous_uuid; /* Previous UUID for find queries */
+ unsigned find_query_state; /* hal_rpc_pkey_match() internal state */
hal_digest_algorithm_t
digest_algorithm, /* Hash algorithm for C_Digest*() */
sign_digest_algorithm, /* Hash algorithm for C_Sign*() */
@@ -1105,8 +1106,7 @@ static int p11_object_pkey_open(const p11_session_t *session,
return (session != NULL && pkey != NULL && object != NULL &&
hal_check(hal_rpc_pkey_open(p11_session_hal_client(session),
p11_session_hal_session(session),
- pkey, &object->uuid,
- p11_object_hal_flags(object_handle))));
+ pkey, &object->uuid)));
}
/*
@@ -2935,19 +2935,20 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
};
hal_uuid_t uuids[64];
- unsigned n;
+ unsigned n, state;
for (p11_session_t *session = p11_session_iterate(NULL);
session != NULL; session = p11_session_iterate(session)) {
memset(uuids, 0, sizeof(uuids));
+ state = 0;
do {
rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session),
p11_session_hal_session(session),
HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
- 0,
- attrs, sizeof(attrs)/sizeof(*attrs),
+ HAL_KEY_FLAG_TOKEN, 0,
+ attrs, sizeof(attrs)/sizeof(*attrs), &state,
uuids, &n, sizeof(uuids)/sizeof(*uuids),
&uuids[sizeof(uuids)/sizeof(*uuids) - 1]));
if (rv != CKR_OK)
@@ -2957,8 +2958,8 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
p11_object_free(p11_object_by_uuid(&uuids[i]));
hal_pkey_handle_t pkey;
rv = p11_whine_from_hal(hal_rpc_pkey_open(p11_session_hal_client(session),
- p11_session_hal_session(session),
- &pkey, &uuids[i], 0));
+ p11_session_hal_session(session),
+ &pkey, &uuids[i]));
if (rv != CKR_OK)
goto fail;
if ((rv = p11_whine_from_hal(hal_rpc_pkey_delete(pkey))) != CKR_OK) {
@@ -2971,13 +2972,14 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession)
}
memset(uuids, 0, sizeof(uuids));
+ state = 0;
do {
rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session),
p11_session_hal_session(session),
HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
- HAL_KEY_FLAG_TOKEN,
- attrs, sizeof(attrs)/sizeof(*attrs),
+ HAL_KEY_FLAG_TOKEN, HAL_KEY_FLAG_TOKEN,
+ attrs, sizeof(attrs)/sizeof(*attrs), &state,
uuids, &n, sizeof(uuids)/sizeof(*uuids),
&uuids[sizeof(uuids)/sizeof(*uuids) - 1]));
if (rv != CKR_OK)
@@ -3327,7 +3329,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
if (session->find_query != NULL)
lose(CKR_OPERATION_ACTIVE);
- assert(!session->find_query_token && !session->find_query_session);
+ assert(!session->find_query_token && !session->find_query_session && !session->find_query_state);
for (int i = 0; i < ulCount; i++) {
if (pTemplate[i].pValue == NULL || pTemplate[i].ulValueLen == 0)
@@ -3356,6 +3358,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
session->find_query_n = ulCount;
session->find_query_token = cka_token == NULL || *cka_token;
session->find_query_session = cka_token == NULL || !*cka_token;
+ session->find_query_state = 0;
memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid));
/*
@@ -3423,8 +3426,10 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession,
rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session),
p11_session_hal_session(session),
- HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, flags,
+ HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
+ HAL_KEY_FLAG_TOKEN, flags,
session->find_query, session->find_query_n,
+ &session->find_query_state,
uuids, &n, sizeof(uuids)/sizeof(*uuids),
&previous_uuid));
if (rv != CKR_OK)
@@ -3444,6 +3449,7 @@ CK_RV C_FindObjects(CK_SESSION_HANDLE hSession,
else {
memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid));
+ session->find_query_state = 0;
if (session->find_query_token)
session->find_query_token = 0;
@@ -3477,6 +3483,7 @@ CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
session->find_query_n = 0;
session->find_query_token = 0;
session->find_query_session = 0;
+ session->find_query_state = 0;
memset(&session->find_query_previous_uuid, 0, sizeof(session->find_query_previous_uuid));
fail:
diff --git a/pkcs11.h b/pkcs11.h
index 996b4db..c85110a 100644
--- a/pkcs11.h
+++ b/pkcs11.h
@@ -9,10 +9,10 @@
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
- * RSA Security Inc. makes no representations concerning either the
+ * RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
@@ -277,7 +277,7 @@ extern "C" {
#define CK_PKCS11_FUNCTION_INFO(name) \
__PASTE(CK_,name) name;
-
+
struct CK_FUNCTION_LIST {
CK_VERSION version; /* Cryptoki version */
diff --git a/pkcs11f.h b/pkcs11f.h
index a479384..bbd957b 100644
--- a/pkcs11f.h
+++ b/pkcs11f.h
@@ -7,10 +7,10 @@
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
- * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
- * RSA Security Inc. makes no representations concerning either the
+ * RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
@@ -564,7 +564,7 @@ CK_PKCS11_FUNCTION_INFO(C_Sign)
/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
+ * where the signature is (will be) an appendix to the data,
* and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
#ifdef CK_NEED_ARG_LIST
@@ -576,7 +576,7 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
#endif
-/* C_SignFinal finishes a multiple-part signature operation,
+/* C_SignFinal finishes a multiple-part signature operation,
* returning the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignFinal)
#ifdef CK_NEED_ARG_LIST
@@ -625,12 +625,12 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
- CK_OBJECT_HANDLE hKey /* verification key */
+ CK_OBJECT_HANDLE hKey /* verification key */
);
#endif
-/* C_Verify verifies a signature in a single-part operation,
+/* C_Verify verifies a signature in a single-part operation,
* where the signature is an appendix to the data, and plaintext
* cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_Verify)
@@ -646,7 +646,7 @@ CK_PKCS11_FUNCTION_INFO(C_Verify)
/* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data,
+ * operation, where the signature is an appendix to the data,
* and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
#ifdef CK_NEED_ARG_LIST
@@ -772,7 +772,7 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
#endif
-/* C_GenerateKeyPair generates a public-key/private-key pair,
+/* C_GenerateKeyPair generates a public-key/private-key pair,
* creating new key objects. */
CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
#ifdef CK_NEED_ARG_LIST
diff --git a/pkcs11t.h b/pkcs11t.h
index 386bb04..537a60a 100644
--- a/pkcs11t.h
+++ b/pkcs11t.h
@@ -891,7 +891,7 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
#define CKM_AES_KEY_WRAP 0x00001090
#define CKM_AES_KEY_WRAP_PAD 0x00001091
-#define CKM_BLOWFISH_CBC_PAD 0x00001094
+#define CKM_BLOWFISH_CBC_PAD 0x00001094
#define CKM_TWOFISH_CBC_PAD 0x00001095
#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
diff --git a/scripts/build-py11-attributes b/scripts/build-py11-attributes
index 3904d3b..cacb63a 100755
--- a/scripts/build-py11-attributes
+++ b/scripts/build-py11-attributes
@@ -57,7 +57,7 @@ attribute_map = dict(
(k, v["type"])
for y in yaml.safe_load(args.yaml_file)
for k, v in y.iteritems()
- if k.startswith("CKA_") and "type" in v)
+ if k.startswith("CKA_") and "type" in v)
args.output_file.write('''\
# This file was generated automatically from %(input)s by %(script)s. Do not edit this file directly.