Warning fixes and assert
This commit is contained in:
parent
aac28aaeab
commit
a229c1672d
@ -69,8 +69,11 @@ void* ncrypt_new_handle(NCryptHandleType kind, size_t len, NCryptGetPropertyFn g
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
SECURITY_STATUS winpr_NCryptDefault_dtor(NCryptBaseHandle* h)
|
SECURITY_STATUS winpr_NCryptDefault_dtor(NCRYPT_HANDLE handle)
|
||||||
{
|
{
|
||||||
|
NCryptBaseHandle* h = (NCryptBaseHandle*)handle;
|
||||||
|
WINPR_ASSERT(h);
|
||||||
|
|
||||||
memset(h->magic, 0, sizeof(h->magic));
|
memset(h->magic, 0, sizeof(h->magic));
|
||||||
h->type = WINPR_NCRYPT_INVALID;
|
h->type = WINPR_NCRYPT_INVALID;
|
||||||
h->releaseFn = NULL;
|
h->releaseFn = NULL;
|
||||||
@ -136,19 +139,20 @@ SECURITY_STATUS NCryptOpenStorageProvider(NCRYPT_PROV_HANDLE* phProvider, LPCWST
|
|||||||
_wcscmp(pszProviderName, MS_SCARD_PROV) == 0)
|
_wcscmp(pszProviderName, MS_SCARD_PROV) == 0)
|
||||||
{
|
{
|
||||||
static LPCSTR openscPaths[] = {
|
static LPCSTR openscPaths[] = {
|
||||||
|
"opensc-pkcs11.so", /* In case winpr is installed in system paths */
|
||||||
#ifdef __APPLE__
|
#ifdef __APPLE__
|
||||||
"/usr/local/lib/pkcs11/opensc-pkcs11.so",
|
"/usr/local/lib/pkcs11/opensc-pkcs11.so",
|
||||||
#else
|
#else
|
||||||
/* linux and UNIXes */
|
/* linux and UNIXes */
|
||||||
#ifdef LIBS64
|
#ifdef LIBS64
|
||||||
"/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so", /* Ubuntu/debian */
|
"/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so", /* Ubuntu/debian */
|
||||||
"/lib64/pkcs11/opensc-pkcs11.so", /* Fedora */
|
"/lib64/pkcs11/opensc-pkcs11.so", /* Fedora */
|
||||||
#else
|
#else
|
||||||
"/usr/lib/i386-linux-gnu/opensc-pkcs11.so", /* debian */
|
"/usr/lib/i386-linux-gnu/opensc-pkcs11.so", /* debian */
|
||||||
"/lib32/pkcs11/opensc-pkcs11.so", /* Fedora */
|
"/lib32/pkcs11/opensc-pkcs11.so", /* Fedora */
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
return winpr_NCryptOpenStorageProviderEx(phProvider, pszProviderName, dwFlags, openscPaths);
|
return winpr_NCryptOpenStorageProviderEx(phProvider, pszProviderName, dwFlags, openscPaths);
|
||||||
|
@ -81,7 +81,7 @@ typedef struct
|
|||||||
SECURITY_STATUS checkNCryptHandle(NCRYPT_HANDLE handle, NCryptHandleType matchType);
|
SECURITY_STATUS checkNCryptHandle(NCRYPT_HANDLE handle, NCryptHandleType matchType);
|
||||||
void* ncrypt_new_handle(NCryptHandleType kind, size_t len, NCryptGetPropertyFn getProp,
|
void* ncrypt_new_handle(NCryptHandleType kind, size_t len, NCryptGetPropertyFn getProp,
|
||||||
NCryptReleaseFn dtor);
|
NCryptReleaseFn dtor);
|
||||||
SECURITY_STATUS winpr_NCryptDefault_dtor(NCryptBaseHandle* h);
|
SECURITY_STATUS winpr_NCryptDefault_dtor(NCRYPT_HANDLE handle);
|
||||||
|
|
||||||
#if defined(WITH_PKCS11)
|
#if defined(WITH_PKCS11)
|
||||||
SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
|
SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
|
||||||
|
@ -21,13 +21,17 @@
|
|||||||
#include <pkcs11-helper-1.0/pkcs11.h>
|
#include <pkcs11-helper-1.0/pkcs11.h>
|
||||||
|
|
||||||
#include <winpr/library.h>
|
#include <winpr/library.h>
|
||||||
|
#include <winpr/assert.h>
|
||||||
|
#include <winpr/spec.h>
|
||||||
|
|
||||||
#include "../log.h"
|
#include "../log.h"
|
||||||
#include "ncrypt.h"
|
#include "ncrypt.h"
|
||||||
|
|
||||||
#define TAG WINPR_TAG("ncryptp11")
|
#define TAG WINPR_TAG("ncryptp11")
|
||||||
|
|
||||||
#define ARRAY_LENGTH(a) (sizeof(a) / sizeof(a)[0])
|
#define MAX_SLOTS 64
|
||||||
|
#define MAX_PRIVATE_KEYS 64
|
||||||
|
#define MAX_KEYS_PER_SLOT 64
|
||||||
|
|
||||||
/** @brief ncrypt provider handle */
|
/** @brief ncrypt provider handle */
|
||||||
typedef struct
|
typedef struct
|
||||||
@ -38,22 +42,15 @@ typedef struct
|
|||||||
CK_FUNCTION_LIST_PTR p11;
|
CK_FUNCTION_LIST_PTR p11;
|
||||||
} NCryptP11ProviderHandle;
|
} NCryptP11ProviderHandle;
|
||||||
|
|
||||||
static SECURITY_STATUS NCryptP11StorageProvider_dtor(NCryptP11ProviderHandle* provider)
|
/** @brief a handle returned by NCryptOpenKey */
|
||||||
|
typedef struct
|
||||||
{
|
{
|
||||||
CK_RV rv = provider->p11->C_Finalize(NULL);
|
NCryptBaseHandle base;
|
||||||
if (rv != CKR_OK)
|
NCryptP11ProviderHandle* provider;
|
||||||
{
|
CK_SLOT_ID slotId;
|
||||||
}
|
CK_BYTE keyCertId[64];
|
||||||
|
CK_ULONG keyCertIdLen;
|
||||||
if (provider->library)
|
} NCryptP11KeyHandle;
|
||||||
FreeLibrary(provider->library);
|
|
||||||
|
|
||||||
return winpr_NCryptDefault_dtor(&provider->baseProvider.baseHandle);
|
|
||||||
}
|
|
||||||
|
|
||||||
#define MAX_SLOTS 64
|
|
||||||
#define MAX_PRIVATE_KEYS 64
|
|
||||||
#define MAX_KEYS_PER_SLOT 64
|
|
||||||
|
|
||||||
/** @brief */
|
/** @brief */
|
||||||
typedef struct
|
typedef struct
|
||||||
@ -86,6 +83,22 @@ static CK_ATTRIBUTE private_key_filter[] = {
|
|||||||
{ CKA_KEY_TYPE, &object_ktype_rsa, sizeof(object_ktype_rsa) }
|
{ CKA_KEY_TYPE, &object_ktype_rsa, sizeof(object_ktype_rsa) }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static SECURITY_STATUS NCryptP11StorageProvider_dtor(NCRYPT_HANDLE handle)
|
||||||
|
{
|
||||||
|
NCryptP11ProviderHandle* provider = (NCryptP11ProviderHandle*)handle;
|
||||||
|
CK_RV rv;
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider);
|
||||||
|
rv = provider->p11->C_Finalize(NULL);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
if (provider->library)
|
||||||
|
FreeLibrary(provider->library);
|
||||||
|
|
||||||
|
return winpr_NCryptDefault_dtor(&provider->baseProvider.baseHandle);
|
||||||
|
}
|
||||||
|
|
||||||
static void fix_padded_string(char *str, size_t maxlen)
|
static void fix_padded_string(char *str, size_t maxlen)
|
||||||
{
|
{
|
||||||
@ -97,7 +110,6 @@ static void fix_padded_string(char *str, size_t maxlen)
|
|||||||
*ptr = 0;
|
*ptr = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static BOOL attributes_have_unallocated_buffers(CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
|
static BOOL attributes_have_unallocated_buffers(CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
|
||||||
{
|
{
|
||||||
CK_ULONG i;
|
CK_ULONG i;
|
||||||
@ -159,10 +171,17 @@ static BOOL attributes_allocate_buffers(CK_ATTRIBUTE_PTR attributes, CK_ULONG co
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV object_load_attributes(NCryptP11ProviderHandle* provider, CK_SESSION_HANDLE session,
|
static CK_RV object_load_attributes(NCryptP11ProviderHandle* provider, CK_SESSION_HANDLE session,
|
||||||
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attributes, CK_ULONG count)
|
CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attributes,
|
||||||
|
CK_ULONG count)
|
||||||
{
|
{
|
||||||
CK_RV rv = provider->p11->C_GetAttributeValue(session, object, attributes, count);
|
CK_RV rv;
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider);
|
||||||
|
WINPR_ASSERT(provider->p11);
|
||||||
|
WINPR_ASSERT(provider->p11->C_GetAttributeValue);
|
||||||
|
|
||||||
|
rv = provider->p11->C_GetAttributeValue(session, object, attributes, count);
|
||||||
|
|
||||||
switch (rv)
|
switch (rv)
|
||||||
{
|
{
|
||||||
@ -200,15 +219,21 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
CK_SESSION_HANDLE session = (CK_SESSION_HANDLE)NULL;
|
CK_SESSION_HANDLE session = (CK_SESSION_HANDLE)NULL;
|
||||||
CK_ULONG i, j, nslotObjects;
|
CK_ULONG i, j, nslotObjects;
|
||||||
CK_OBJECT_HANDLE slotObjects[MAX_KEYS_PER_SLOT];
|
CK_OBJECT_HANDLE slotObjects[MAX_KEYS_PER_SLOT] = { 0 };
|
||||||
const char* step = NULL;
|
const char* step = NULL;
|
||||||
CK_FUNCTION_LIST_PTR p11 = provider->p11;
|
CK_FUNCTION_LIST_PTR p11;
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider);
|
||||||
|
|
||||||
|
p11 = provider->p11;
|
||||||
|
WINPR_ASSERT(p11);
|
||||||
|
|
||||||
state->nprivateKeys = 0;
|
state->nprivateKeys = 0;
|
||||||
for (i = 0; i < state->nslots; i++)
|
for (i = 0; i < state->nslots; i++)
|
||||||
{
|
{
|
||||||
CK_SLOT_INFO slotInfo;
|
CK_SLOT_INFO slotInfo;
|
||||||
|
|
||||||
|
WINPR_ASSERT(p11->C_GetSessionInfo);
|
||||||
rv = p11->C_GetSlotInfo(state->slots[i], &slotInfo);
|
rv = p11->C_GetSlotInfo(state->slots[i], &slotInfo);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -216,6 +241,7 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WINPR_ASSERT(p11->C_OpenSession);
|
||||||
rv = p11->C_OpenSession(state->slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session);
|
rv = p11->C_OpenSession(state->slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -224,7 +250,8 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = p11->C_FindObjectsInit(session, private_key_filter, ARRAY_LENGTH(private_key_filter));
|
WINPR_ASSERT(p11->C_FindObjectsInit);
|
||||||
|
rv = p11->C_FindObjectsInit(session, private_key_filter, ARRAYSIZE(private_key_filter));
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
// TODO: shall it be fatal ?
|
// TODO: shall it be fatal ?
|
||||||
@ -233,7 +260,8 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
goto cleanup_FindObjectsInit;
|
goto cleanup_FindObjectsInit;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = p11->C_FindObjects(session, &slotObjects[0], ARRAY_LENGTH(slotObjects), &nslotObjects);
|
WINPR_ASSERT(p11->C_FindObjects);
|
||||||
|
rv = p11->C_FindObjects(session, &slotObjects[0], ARRAYSIZE(slotObjects), &nslotObjects);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "unable to findObjects for slot #%d(%d)", i, state->slots[i]);
|
WLog_ERR(TAG, "unable to findObjects for slot #%d(%d)", i, state->slots[i]);
|
||||||
@ -253,7 +281,7 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
};
|
};
|
||||||
|
|
||||||
rv = object_load_attributes(provider, session, slotObjects[j], key_or_certAttrs,
|
rv = object_load_attributes(provider, session, slotObjects[j], key_or_certAttrs,
|
||||||
ARRAY_LENGTH(key_or_certAttrs));
|
ARRAYSIZE(key_or_certAttrs));
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "error getting attributes");
|
WLog_ERR(TAG, "error getting attributes");
|
||||||
@ -267,6 +295,7 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
}
|
}
|
||||||
|
|
||||||
cleanup_FindObjects:
|
cleanup_FindObjects:
|
||||||
|
WINPR_ASSERT(p11->C_FindObjectsFinal);
|
||||||
rv = p11->C_FindObjectsFinal(session);
|
rv = p11->C_FindObjectsFinal(session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -274,6 +303,7 @@ static SECURITY_STATUS collect_private_keys(NCryptP11ProviderHandle* provider,
|
|||||||
state->slots[i], step);
|
state->slots[i], step);
|
||||||
}
|
}
|
||||||
cleanup_FindObjectsInit:
|
cleanup_FindObjectsInit:
|
||||||
|
WINPR_ASSERT(p11->C_CloseSession);
|
||||||
rv = p11->C_CloseSession(session);
|
rv = p11->C_CloseSession(session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -423,16 +453,6 @@ static SECURITY_STATUS parseKeyName(LPCWSTR pszKeyName, CK_SLOT_ID* slotId, CK_B
|
|||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** @brief a handle returned by NCryptOpenKey */
|
|
||||||
typedef struct
|
|
||||||
{
|
|
||||||
NCryptBaseHandle base;
|
|
||||||
NCryptP11ProviderHandle* provider;
|
|
||||||
CK_SLOT_ID slotId;
|
|
||||||
CK_BYTE keyCertId[64];
|
|
||||||
CK_ULONG keyCertIdLen;
|
|
||||||
} NCryptP11KeyHandle;
|
|
||||||
|
|
||||||
static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR pszScope,
|
static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR pszScope,
|
||||||
NCryptKeyName** ppKeyName, PVOID* ppEnumState,
|
NCryptKeyName** ppKeyName, PVOID* ppEnumState,
|
||||||
DWORD dwFlags)
|
DWORD dwFlags)
|
||||||
@ -440,10 +460,9 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
SECURITY_STATUS ret;
|
SECURITY_STATUS ret;
|
||||||
NCryptP11ProviderHandle* provider = (NCryptP11ProviderHandle*)hProvider;
|
NCryptP11ProviderHandle* provider = (NCryptP11ProviderHandle*)hProvider;
|
||||||
P11EnumKeysState* state = (P11EnumKeysState*)*ppEnumState;
|
P11EnumKeysState* state = (P11EnumKeysState*)*ppEnumState;
|
||||||
CK_RV rv;
|
CK_RV rv = { 0 };
|
||||||
CK_SLOT_ID currentSlot;
|
CK_SLOT_ID currentSlot = { 0 };
|
||||||
CK_SESSION_HANDLE currentSession = (CK_SESSION_HANDLE)NULL;
|
CK_SESSION_HANDLE currentSession = (CK_SESSION_HANDLE)NULL;
|
||||||
NCryptKeyName* keyName = NULL;
|
|
||||||
char slotFilterBuffer[65] = { 0 };
|
char slotFilterBuffer[65] = { 0 };
|
||||||
char* slotFilter = NULL;
|
char* slotFilter = NULL;
|
||||||
size_t slotFilterLen = 0;
|
size_t slotFilterLen = 0;
|
||||||
@ -485,6 +504,7 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
if (!state)
|
if (!state)
|
||||||
return NTE_NO_MEMORY;
|
return NTE_NO_MEMORY;
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_GetSlotList);
|
||||||
rv = provider->p11->C_GetSlotList(CK_TRUE, NULL, &state->nslots);
|
rv = provider->p11->C_GetSlotList(CK_TRUE, NULL, &state->nslots);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -515,6 +535,7 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
|
|
||||||
for (; state->privateKeyIndex < state->nprivateKeys; state->privateKeyIndex++)
|
for (; state->privateKeyIndex < state->nprivateKeys; state->privateKeyIndex++)
|
||||||
{
|
{
|
||||||
|
NCryptKeyName* keyName = NULL;
|
||||||
NCryptPrivateKeyEnum* privKey = &state->privateKeys[state->privateKeyIndex];
|
NCryptPrivateKeyEnum* privKey = &state->privateKeys[state->privateKeyIndex];
|
||||||
CK_OBJECT_CLASS oclass = CKO_CERTIFICATE;
|
CK_OBJECT_CLASS oclass = CKO_CERTIFICATE;
|
||||||
CK_CERTIFICATE_TYPE ctype = CKC_X_509;
|
CK_CERTIFICATE_TYPE ctype = CKC_X_509;
|
||||||
@ -534,10 +555,12 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
*/
|
*/
|
||||||
if (currentSession)
|
if (currentSession)
|
||||||
{
|
{
|
||||||
|
WINPR_ASSERT(provider->p11->C_CloseSession);
|
||||||
rv = provider->p11->C_CloseSession(currentSession);
|
rv = provider->p11->C_CloseSession(currentSession);
|
||||||
currentSession = (CK_SESSION_HANDLE)NULL;
|
currentSession = (CK_SESSION_HANDLE)NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_OpenSession);
|
||||||
rv = provider->p11->C_OpenSession(privKey->slotId, CKF_SERIAL_SESSION, NULL, NULL,
|
rv = provider->p11->C_OpenSession(privKey->slotId, CKF_SERIAL_SESSION, NULL, NULL,
|
||||||
¤tSession);
|
¤tSession);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
@ -549,14 +572,16 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* look if we can find a certificate that matches the private key's id */
|
/* look if we can find a certificate that matches the private key's id */
|
||||||
|
WINPR_ASSERT(provider->p11->C_FindObjectsInit);
|
||||||
rv = provider->p11->C_FindObjectsInit(currentSession, certificateFilter,
|
rv = provider->p11->C_FindObjectsInit(currentSession, certificateFilter,
|
||||||
ARRAY_LENGTH(certificateFilter));
|
ARRAYSIZE(certificateFilter));
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "unable to initiate search for slot %d", privKey->slotId);
|
WLog_ERR(TAG, "unable to initiate search for slot %d", privKey->slotId);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_FindObjects);
|
||||||
rv = provider->p11->C_FindObjects(currentSession, &certObject, 1, &ncertObjects);
|
rv = provider->p11->C_FindObjects(currentSession, &certObject, 1, &ncertObjects);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -566,8 +591,8 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
|
|
||||||
if (ncertObjects)
|
if (ncertObjects)
|
||||||
{
|
{
|
||||||
/* sizeof keyName struct + "\<slotId>\<certId>" */
|
/* sizeof keyName struct + "\<slotId>\<certId>" */
|
||||||
#define KEYNAME_SZ (1 + 8 /*slotId*/ + 1 + (privKey->idLen * 2) + 1) * 2
|
const size_t KEYNAME_SZ = (1 + 8 /*slotId*/ + 1 + (privKey->idLen * 2) + 1) * 2;
|
||||||
keyName = calloc(1, sizeof(*keyName) + KEYNAME_SZ);
|
keyName = calloc(1, sizeof(*keyName) + KEYNAME_SZ);
|
||||||
if (!keyName)
|
if (!keyName)
|
||||||
{
|
{
|
||||||
@ -582,6 +607,7 @@ static SECURITY_STATUS NCryptP11EnumKeys(NCRYPT_PROV_HANDLE hProvider, LPCWSTR p
|
|||||||
}
|
}
|
||||||
|
|
||||||
cleanup_FindObjects:
|
cleanup_FindObjects:
|
||||||
|
WINPR_ASSERT(provider->p11->C_FindObjectsFinal);
|
||||||
rv = provider->p11->C_FindObjectsFinal(currentSession);
|
rv = provider->p11->C_FindObjectsFinal(currentSession);
|
||||||
|
|
||||||
if (keyName)
|
if (keyName)
|
||||||
@ -604,7 +630,7 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
CK_SESSION_HANDLE session;
|
CK_SESSION_HANDLE session;
|
||||||
CK_OBJECT_HANDLE objectHandle;
|
CK_OBJECT_HANDLE objectHandle;
|
||||||
CK_ULONG objectCount;
|
CK_ULONG objectCount;
|
||||||
NCryptP11ProviderHandle* provider = keyHandle->provider;
|
NCryptP11ProviderHandle* provider;
|
||||||
CK_OBJECT_CLASS oclass = CKO_CERTIFICATE;
|
CK_OBJECT_CLASS oclass = CKO_CERTIFICATE;
|
||||||
CK_CERTIFICATE_TYPE ctype = CKC_X_509;
|
CK_CERTIFICATE_TYPE ctype = CKC_X_509;
|
||||||
CK_ATTRIBUTE certificateFilter[] = { { CKA_CLASS, &oclass, sizeof(oclass) },
|
CK_ATTRIBUTE certificateFilter[] = { { CKA_CLASS, &oclass, sizeof(oclass) },
|
||||||
@ -612,7 +638,11 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
{ CKA_ID, keyHandle->keyCertId,
|
{ CKA_ID, keyHandle->keyCertId,
|
||||||
keyHandle->keyCertIdLen } };
|
keyHandle->keyCertIdLen } };
|
||||||
CK_ATTRIBUTE* objectFilter = certificateFilter;
|
CK_ATTRIBUTE* objectFilter = certificateFilter;
|
||||||
CK_ULONG objectFilterLen = ARRAY_LENGTH(certificateFilter);
|
CK_ULONG objectFilterLen = ARRAYSIZE(certificateFilter);
|
||||||
|
|
||||||
|
WINPR_ASSERT(keyHandle);
|
||||||
|
provider = keyHandle->provider;
|
||||||
|
WINPR_ASSERT(provider);
|
||||||
|
|
||||||
switch (property)
|
switch (property)
|
||||||
{
|
{
|
||||||
@ -621,6 +651,7 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
case NCRYPT_PROPERTY_READER: {
|
case NCRYPT_PROPERTY_READER: {
|
||||||
CK_SLOT_INFO slotInfo;
|
CK_SLOT_INFO slotInfo;
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_GetSlotInfo);
|
||||||
rv = provider->p11->C_GetSlotInfo(keyHandle->slotId, &slotInfo);
|
rv = provider->p11->C_GetSlotInfo(keyHandle->slotId, &slotInfo);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
return NTE_BAD_KEY;
|
return NTE_BAD_KEY;
|
||||||
@ -643,6 +674,7 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
return NTE_NOT_SUPPORTED;
|
return NTE_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_OpenSession);
|
||||||
rv = provider->p11->C_OpenSession(keyHandle->slotId, CKF_SERIAL_SESSION, NULL, NULL, &session);
|
rv = provider->p11->C_OpenSession(keyHandle->slotId, CKF_SERIAL_SESSION, NULL, NULL, &session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -650,6 +682,7 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
return NTE_FAIL;
|
return NTE_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_FindObjectsInit);
|
||||||
rv = provider->p11->C_FindObjectsInit(session, objectFilter, objectFilterLen);
|
rv = provider->p11->C_FindObjectsInit(session, objectFilter, objectFilterLen);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -657,6 +690,7 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_FindObjects);
|
||||||
rv = provider->p11->C_FindObjects(session, &objectHandle, 1, &objectCount);
|
rv = provider->p11->C_FindObjects(session, &objectHandle, 1, &objectCount);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -675,6 +709,7 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
{
|
{
|
||||||
CK_ATTRIBUTE certValue = { CKA_VALUE, pbOutput, cbOutput };
|
CK_ATTRIBUTE certValue = { CKA_VALUE, pbOutput, cbOutput };
|
||||||
|
|
||||||
|
WINPR_ASSERT(provider->p11->C_GetAttributeValue);
|
||||||
rv = provider->p11->C_GetAttributeValue(session, objectHandle, &certValue, 1);
|
rv = provider->p11->C_GetAttributeValue(session, objectHandle, &certValue, 1);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -691,12 +726,14 @@ static SECURITY_STATUS NCryptP11KeyGetProperties(NCryptP11KeyHandle* keyHandle,
|
|||||||
}
|
}
|
||||||
|
|
||||||
out_final:
|
out_final:
|
||||||
|
WINPR_ASSERT(provider->p11->C_FindObjectsFinal);
|
||||||
rv = provider->p11->C_FindObjectsFinal(session);
|
rv = provider->p11->C_FindObjectsFinal(session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "error in C_FindObjectsFinal() for slot %d", keyHandle->slotId);
|
WLog_ERR(TAG, "error in C_FindObjectsFinal() for slot %d", keyHandle->slotId);
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
|
WINPR_ASSERT(provider->p11->C_CloseSession);
|
||||||
rv = provider->p11->C_CloseSession(session);
|
rv = provider->p11->C_CloseSession(session);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
@ -711,6 +748,7 @@ static SECURITY_STATUS NCryptP11GetProperty(NCRYPT_HANDLE hObject, NCryptKeyGetP
|
|||||||
{
|
{
|
||||||
NCryptBaseHandle* base = (NCryptBaseHandle*)hObject;
|
NCryptBaseHandle* base = (NCryptBaseHandle*)hObject;
|
||||||
|
|
||||||
|
WINPR_ASSERT(base);
|
||||||
switch (base->type)
|
switch (base->type)
|
||||||
{
|
{
|
||||||
case WINPR_NCRYPT_PROVIDER:
|
case WINPR_NCRYPT_PROVIDER:
|
||||||
@ -729,7 +767,7 @@ static SECURITY_STATUS NCryptP11OpenKey(NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY
|
|||||||
{
|
{
|
||||||
SECURITY_STATUS ret;
|
SECURITY_STATUS ret;
|
||||||
CK_SLOT_ID slotId;
|
CK_SLOT_ID slotId;
|
||||||
CK_BYTE keyCertId[64];
|
CK_BYTE keyCertId[64] = { 0 };
|
||||||
CK_ULONG keyCertIdLen;
|
CK_ULONG keyCertIdLen;
|
||||||
NCryptP11KeyHandle* keyHandle;
|
NCryptP11KeyHandle* keyHandle;
|
||||||
|
|
||||||
@ -737,9 +775,8 @@ static SECURITY_STATUS NCryptP11OpenKey(NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY
|
|||||||
if (ret != ERROR_SUCCESS)
|
if (ret != ERROR_SUCCESS)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
keyHandle = (NCryptP11KeyHandle*)ncrypt_new_handle(WINPR_NCRYPT_KEY, sizeof(*keyHandle),
|
keyHandle = (NCryptP11KeyHandle*)ncrypt_new_handle(
|
||||||
(NCryptGetPropertyFn)NCryptP11GetProperty,
|
WINPR_NCRYPT_KEY, sizeof(*keyHandle), NCryptP11GetProperty, winpr_NCryptDefault_dtor);
|
||||||
(NCryptReleaseFn)winpr_NCryptDefault_dtor);
|
|
||||||
if (!keyHandle)
|
if (!keyHandle)
|
||||||
return NTE_NO_MEMORY;
|
return NTE_NO_MEMORY;
|
||||||
|
|
||||||
@ -760,12 +797,13 @@ SECURITY_STATUS NCryptOpenP11StorageProviderEx(NCRYPT_PROV_HANDLE* phProvider,
|
|||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
CK_RV (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR);
|
CK_RV (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR);
|
||||||
|
|
||||||
|
WINPR_ASSERT(modulePaths);
|
||||||
|
|
||||||
if (!phProvider)
|
if (!phProvider)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
ret = (NCryptP11ProviderHandle*)ncrypt_new_handle(
|
ret = (NCryptP11ProviderHandle*)ncrypt_new_handle(
|
||||||
WINPR_NCRYPT_PROVIDER, sizeof(*ret), (NCryptGetPropertyFn)NCryptP11GetProperty,
|
WINPR_NCRYPT_PROVIDER, sizeof(*ret), NCryptP11GetProperty, NCryptP11StorageProvider_dtor);
|
||||||
(NCryptReleaseFn)NCryptP11StorageProvider_dtor);
|
|
||||||
if (!ret)
|
if (!ret)
|
||||||
return NTE_NO_MEMORY;
|
return NTE_NO_MEMORY;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user