Skip to content

Commit 277cced

Browse files
dengertdengert
committed
pkcs11-tool.c - various minor changes as suggested in github comment
 On branch X25519-improvements-2 Changes to be committed: modified: pkcs11-tool.c
1 parent b19412c commit 277cced

File tree

1 file changed

+16
-15
lines changed

1 file changed

+16
-15
lines changed

src/tools/pkcs11-tool.c

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,8 @@ static struct ec_curve_info {
111111
const char *name; /* common name of curve */
112112
const char *oid; /* formatted printable OID */
113113
unsigned char *ec_params; /* der of OID or printable string */
114-
size_t ec_params_size;
115-
size_t size; /* field_size in bits */
114+
CK_ULONG ec_params_size;
115+
CK_ULONG size; /* field_size in bits */
116116
CK_KEY_TYPE mechanism;
117117
} ec_curve_infos[] = {
118118
{"secp192r1", "1.2.840.10045.3.1.1", (unsigned char*)"\x06\x08\x2A\x86\x48\xCE\x3D\x03\x01\x01", 10, 192, 0},
@@ -2638,7 +2638,6 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
26382638
unsigned char rs_buffer[512];
26392639
bytes = getEC_POINT(session, key, &len);
26402640
free(bytes);
2641-
/* TODO DEE EDDSA and EC_POINT returned in BIT STRING needs some work */
26422641
/*
26432642
* (We only support uncompressed for now)
26442643
* Uncompressed EC_POINT is DER OCTET STRING of "04||x||y"
@@ -4268,7 +4267,7 @@ parse_ec_pkey(EVP_PKEY *pkey, int private, struct gostkey_info *gost)
42684267

42694268
#ifdef ENABLE_OPENSSL
42704269
/* Return PKCS11 key type based on OpenSSL EVP_PKEY type
4271-
* which are support by PKCS11 and OpenSSL used when compiling.
4270+
* which are supported by PKCS11 and OpenSSL used when compiling.
42724271
* PKCS11 defines CKK_EC_EDWARDS for both Ed25529 and Ed448
42734272
* and CKK_EC_MONTGOMERY for X25519 and X448.
42744273
* If requested, return pointer to struct ec_curve_info containing OID and size
@@ -4720,9 +4719,6 @@ static CK_RV write_object(CK_SESSION_HANDLE session)
47204719
clazz = CKO_PUBLIC_KEY;
47214720

47224721
#ifdef ENABLE_OPENSSL
4723-
if (evp_pkey2ck_key_type(evp_key, &type, &pk_type, &ec_curve_info) != CKR_OK)
4724-
util_fatal("Key type not supported by OpenSSL and/or PKCS11");
4725-
47264722
n_pubkey_attr = 0;
47274723
FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_CLASS, &clazz, sizeof(clazz));
47284724
n_pubkey_attr++;
@@ -5400,7 +5396,10 @@ derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE
54005396
util_fatal("Failed to parse peer EC key \n");
54015397
#else
54025398
EC_GROUP_free(ecgroup);
5403-
EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0, &buf_size);
5399+
if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0, &buf_size) != 1)
5400+
util_fatal("Failed to get size of public key\n");
5401+
if (buf_size == 0)
5402+
util_fatal("Failed to get size of public key\n");
54045403
if ((buf = (unsigned char *)malloc(buf_size)) == NULL)
54055404
util_fatal("malloc() failure\n");
54065405

@@ -5418,13 +5417,15 @@ derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE
54185417
#if defined(EVP_PKEY_X448)
54195418
case EVP_PKEY_X448:
54205419
#endif
5421-
EVP_PKEY_get_raw_public_key(pkey, NULL, &buf_size);
5420+
if (EVP_PKEY_get_raw_public_key(pkey, NULL, &buf_size) != 1)
5421+
util_fatal("Unable to get public key of peer\n");
54225422
if (buf_size == 0)
54235423
util_fatal("Unable to get public key of peer\n");
54245424
buf = (unsigned char *)malloc(buf_size);
54255425
if (buf == NULL)
54265426
util_fatal("malloc() failure\n");
5427-
EVP_PKEY_get_raw_public_key(pkey, buf, &buf_size);
5427+
if (EVP_PKEY_get_raw_public_key(pkey, buf, &buf_size) != 1)
5428+
util_fatal("Unable to get public key of peer\n");
54285429

54295430
if (mech_mech != CKM_ECDH1_DERIVE)
54305431
util_fatal("Peer key %s not usable with %s", "CKK_EC_MONTGOMERY", p11_mechanism_to_name(mech_mech));
@@ -5763,9 +5764,9 @@ show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
57635764
}
57645765
if (pub) {
57655766
unsigned char *point_bytes = NULL;
5766-
size_t point_size = 0;
5767+
CK_ULONG point_size = 0;
57675768
unsigned char *params_bytes = NULL;
5768-
size_t params_size = 0;
5769+
CK_ULONG params_size = 0;
57695770
const struct ec_curve_info *curve_info = NULL;
57705771

57715772
unsigned int n;
@@ -5803,7 +5804,7 @@ show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
58035804
else /* if unknown curve, type and print something */
58045805
if (params_bytes[0] == SC_ASN1_OBJECT) {
58055806
sc_init_oid(&oid);
5806-
if (sc_asn1_decode_object_id(params_bytes + 2, size - 2, &oid) == SC_SUCCESS) {
5807+
if (sc_asn1_decode_object_id(params_bytes + 2, params_size - 2, &oid) == SC_SUCCESS) {
58075808
printf(" (OID %i", oid.value[0]);
58085809
if (oid.value[0] >= 0)
58095810
for (n = 1; (n < SC_MAX_OBJECT_ID_OCTETS)
@@ -6450,12 +6451,12 @@ static int read_object(CK_SESSION_HANDLE session)
64506451

64516452
value = getEC_POINT(session, obj, &len);
64526453
/* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
6453-
/* No, should return encoded in BIT STRING, Need to accept both */
6454+
/* will accept BIT STRING, accept both */
64546455
a = value;
64556456
os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)len);
64566457
if (!os) {
64576458
os = d2i_ASN1_BIT_STRING(NULL, &a, (long)len);
6458-
len = (len + 7) / 8;
6459+
len = (len + 7) / 8;
64596460
}
64606461

64616462
#if OPENSSL_VERSION_NUMBER < 0x30000000L

0 commit comments

Comments
 (0)