From 43a16dcbc5b937e8cd79cc0a5840f27a1865f223 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 21 Nov 2016 01:37:52 -0500 Subject: Start shaking bugs out of new pkcs11.c code. Still pretty broken. --- pkcs11.c | 112 +++++++++++++++++++++++---------------------------------------- 1 file changed, 41 insertions(+), 71 deletions(-) diff --git a/pkcs11.c b/pkcs11.c index 96afb4b..4a91e09 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -1077,43 +1077,6 @@ static p11_object_t *p11_object_by_handle(const CK_OBJECT_HANDLE object_handle) return object; } -#if 0 - -/* - * Iterate over object handles. Start with CK_INVALID_HANDLE, - * returns CK_INVALID_HANDLE when done. - */ - -static CK_OBJECT_HANDLE p11_object_handle_iterate(const CK_OBJECT_HANDLE object_handle) -{ - if (handle_flavor(object_handle) != handle_flavor_session_object && - handle_flavor(object_handle) != handle_flavor_token_object) - return CK_INVALID_HANDLE; - - for (unsigned index = object_handle == CK_INVALID_HANDLE ? 0 : handle_index(object_handle) + 1; - index < sizeof(p11_sessions) / sizeof(*p11_sessions); - index++) - if (handle_flavor(p11_sessions[index].handle) == handle_flavor_session_object || - handle_flavor(p11_sessions[index].handle) == handle_flavor_token_object) - return p11_sessions[index].handle; - - return CK_INVALID_HANDLE; -} - -/* - * Syntactic sugar to iterate over objects instead of object handles. - */ - -static p11_object_t *p11_object_iterate(p11_object_t *object) -{ - if (object == NULL) - return NULL; - - return p11_object_by_handle(p11_object_handle_iterate(object->handle)); -} - -#endif - /* * Translate CKA_TOKEN value to handle flavor. */ @@ -1587,12 +1550,18 @@ static p11_session_t *p11_session_find(const CK_SESSION_HANDLE session_handle) static CK_SESSION_HANDLE p11_session_handle_iterate(const CK_SESSION_HANDLE session_handle) { - if (handle_flavor(session_handle) != handle_flavor_session) + unsigned index; + + if (session_handle == CK_INVALID_HANDLE) + index = 0; + + else if (handle_flavor(session_handle) == handle_flavor_session) + index = handle_index(session_handle) + 1; + + else return CK_INVALID_HANDLE; - for (unsigned index = session_handle == CK_INVALID_HANDLE ? 0 : handle_index(session_handle) + 1; - index < sizeof(p11_sessions) / sizeof(*p11_sessions); - index++) + for (; index < sizeof(p11_sessions) / sizeof(*p11_sessions); index++) if (handle_flavor(p11_sessions[index].handle) == handle_flavor_session) return p11_sessions[index].handle; @@ -1606,10 +1575,8 @@ static CK_SESSION_HANDLE p11_session_handle_iterate(const CK_SESSION_HANDLE sess static p11_session_t *p11_session_iterate(p11_session_t *session) { - if (session == NULL) - return NULL; - - return p11_session_find(p11_session_handle_iterate(session->handle)); + const CK_SESSION_HANDLE handle = session == NULL ? CK_INVALID_HANDLE : session->handle; + return p11_session_find(p11_session_handle_iterate(handle)); } /* @@ -2962,15 +2929,13 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) lose(CKR_USER_NOT_LOGGED_IN); /* - * Delete any private objects and whack every existing session into - * the right state. + * Delete any private session objects, clear handles for all private + * objects, and whack every existing session into the right state. */ { assert(p11_session_consistent_login()); - const hal_session_handle_t session_handle_none = {HAL_HANDLE_NONE}; - const hal_rpc_pkey_attribute_t attrs[] = { {.type = CKA_PRIVATE, .value = &const_CK_TRUE, .length = sizeof(const_CK_TRUE)} }; @@ -2978,39 +2943,44 @@ CK_RV C_Logout(CK_SESSION_HANDLE hSession) hal_uuid_t uuids[64]; unsigned n; - memset(uuids, 0, sizeof(uuids)); - do { + for (p11_session_t *session = p11_session_iterate(NULL); + session != NULL; session = p11_session_iterate(session)) { - rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session), - session_handle_none, - HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, - 0, - attrs, sizeof(attrs)/sizeof(*attrs), - uuids, &n, sizeof(uuids)/sizeof(*uuids), - &uuids[sizeof(uuids)/sizeof(*uuids) - 1])); - if (rv != CKR_OK) - goto fail; + memset(uuids, 0, sizeof(uuids)); + do { - for (int i = 0; i < n; i++) { - p11_object_free(p11_object_by_uuid(&uuids[i])); - hal_pkey_handle_t pkey; - rv = p11_whine_from_hal(hal_rpc_pkey_open(p11_session_hal_client(session), - session_handle_none, &pkey, &uuids[i], 0)); + rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session), + p11_session_hal_session(session), + HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, + 0, + attrs, sizeof(attrs)/sizeof(*attrs), + uuids, &n, sizeof(uuids)/sizeof(*uuids), + &uuids[sizeof(uuids)/sizeof(*uuids) - 1])); if (rv != CKR_OK) goto fail; - if ((rv = p11_whine_from_hal(hal_rpc_pkey_delete(pkey))) != CKR_OK) { - (void) hal_rpc_pkey_close(pkey); - goto fail; + + for (int i = 0; i < n; i++) { + p11_object_free(p11_object_by_uuid(&uuids[i])); + hal_pkey_handle_t pkey; + rv = p11_whine_from_hal(hal_rpc_pkey_open(p11_session_hal_client(session), + p11_session_hal_session(session), + &pkey, &uuids[i], 0)); + if (rv != CKR_OK) + goto fail; + if ((rv = p11_whine_from_hal(hal_rpc_pkey_delete(pkey))) != CKR_OK) { + (void) hal_rpc_pkey_close(pkey); + goto fail; + } } - } - } while (n == sizeof(uuids)/sizeof(*uuids)); + } while (n == sizeof(uuids)/sizeof(*uuids)); + } memset(uuids, 0, sizeof(uuids)); do { rv = p11_whine_from_hal(hal_rpc_pkey_match(p11_session_hal_client(session), - session_handle_none, + p11_session_hal_session(session), HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, HAL_KEY_FLAG_TOKEN, attrs, sizeof(attrs)/sizeof(*attrs), -- cgit v1.2.3