Rework of the ep11 token config file parsing:
- Remove BLACKLIST parsing code (was never supported by
ep11 library anyway)
- Improve WHITELIST parsing of the adapter/domain pair.
Now the numbers can be given in decimal, octal or hex.
Signed-off-by: Harald Freudenberger <fre...@linux.vnet.ibm.com>
---
usr/lib/pkcs11/ep11_stdll/ep11_specific.c | 60 ++++++++++++-------------------
usr/lib/pkcs11/ep11_stdll/ep11tok.conf | 14 ++++++--
2 files changed, 34 insertions(+), 40 deletions(-)
diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
index 7e484b0..b264b8c 100644
--- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
+++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
@@ -3864,23 +3864,20 @@ CK_RV ep11tok_get_mechanism_info(CK_MECHANISM_TYPE type,
/* used for reading in the adapter config file,
* converts a 'token' to a number, returns 0 with success
*/
-static inline short check_n(char *nptr, int j, int *apqn_i)
+static inline short check_n(char *nptr, int *apqn_i)
{
- char *endptr;
- long int num = strtol(nptr, &endptr, 10);
+ int num;
- if (*endptr != '\0') {
- TRACE_ERROR("%s invalid number '%s' (%d)\n", __func__, nptr, j);
+ if (sscanf(nptr, "%i", &num) != 1) {
+ TRACE_ERROR("%s invalid number '%s'\n", __func__, nptr);
return -1;
}
if (num < 0 || num > 255) {
- TRACE_ERROR("%s invalid number '%s' %d(%d)\n",
- __func__, nptr, (int)num, j);
+ TRACE_ERROR("%s invalid number '%s' %d\n", __func__, nptr, num);
return -1;
} else if (*apqn_i < 0 || *apqn_i >= MAX_APQN*2) {
- TRACE_ERROR("%s invalid amount of numbers %d(%d)\n",
- __func__, (int)num, j);
+ TRACE_ERROR("%s invalid amount of numbers %d\n", __func__, num);
return -1;
} else {
/* insert number into target variable */
@@ -3895,12 +3892,10 @@ static inline short check_n(char *nptr, int j, int
*apqn_i)
static int read_adapter_config_file(const char* conf_name)
{
FILE *ap_fp = NULL; /* file pointer adapter config file */
- int ap_file_size = 0; /* size adapter config file */
+ int i, ap_file_size = 0; /* size adapter config file */
char *token, *str;
char filebuf[EP11_CFG_FILE_SIZE];
char line[1024];
- int i, j;
- int blackmode = 0;
int whitemode = 0;
int anymode = 0;
int apqn_i = 0; /* how many APQN numbers */
@@ -3908,9 +3903,8 @@ static int read_adapter_config_file(const char* conf_name)
char fname[PATH_MAX];
int rc = 0;
- if (ep11_initialized) {
+ if (ep11_initialized)
return 0;
- }
memset(fname, 0, PATH_MAX);
@@ -4001,24 +3995,19 @@ static int read_adapter_config_file(const char*
conf_name)
* please note, we still accept the LOGLEVEL entry
* for compatibility reasons but just ignore it.
*/
- for (i=0, j=0, str=filebuf; rc == 0; str=NULL) {
+ for (i=0, str=filebuf; rc == 0; str=NULL) {
/* strtok tokenizes the string,
* delimiters are newline and whitespace.
*/
token = strtok(str, "\n\t ");
if (i == 0) {
- /* expecting APQN_WHITELIST or APQN_BLACKLIST
- * or APQN_ANY or LOGLEVEL or eof.
- */
+ /* expecting APQN_WHITELIST or APQN_ANY or LOGLEVEL or
eof */
if (token == NULL)
break;
if (strncmp(token, "APQN_WHITELIST", 14) == 0) {
whitemode = 1;
i = 1;
- } else if (strncmp(token, "APQN_BLACKLIST", 14) == 0) {
- blackmode = 1;
- i = 1;
} else if (strncmp(token, "APQN_ANY", 8) == 0) {
anymode = 1;
i = 0;
@@ -4027,8 +4016,8 @@ static int read_adapter_config_file(const char* conf_name)
else {
/* syntax error */
TRACE_ERROR("%s Expected APQN_WHITELIST or"
- " APQN_BLACKLIST or APQN_ANY or
LOGLEVEL"
- " keyword, found '%s' in
configfile\n",
+ " APQN_ANY or LOGLEVEL keyword,"
+ " found '%s' in configfile\n",
__func__, token);
rc = APQN_FILE_SYNTAX_ERROR_0;
break;
@@ -4040,7 +4029,7 @@ static int read_adapter_config_file(const char* conf_name)
if (strncmp(token, "END", 3) == 0)
i = 0;
else {
- if (check_n(token, j, &apqn_i) < 0) {
+ if (check_n(token, &apqn_i) < 0) {
rc = APQN_FILE_SYNTAX_ERROR_1;
break;
}
@@ -4056,7 +4045,7 @@ static int read_adapter_config_file(const char* conf_name)
rc = APQN_FILE_SYNTAX_ERROR_2;
break;
}
- if (check_n(token, j, &apqn_i) < 0) {
+ if (check_n(token, &apqn_i) < 0) {
rc = APQN_FILE_SYNTAX_ERROR_3;
break;
}
@@ -4068,7 +4057,6 @@ static int read_adapter_config_file(const char* conf_name)
break;
}
i = 1;
- j++;
} else if (i == 3) {
/* expecting log level value
* (a number in the range 0...9)
@@ -4089,11 +4077,11 @@ static int read_adapter_config_file(const char*
conf_name)
/* do some checks: */
if (rc == 0) {
- if ( !(whitemode || blackmode || anymode)) {
+ if ( !(whitemode || anymode)) {
TRACE_ERROR("%s At least one APQN mode needs to be
present in configfile:"
- " APQN_WHITEMODE or APQN_BLACKMODE or
APQN_ANY\n", __func__);
+ " APQN_WHITEMODE or APQN_ANY\n", __func__);
rc = APQN_FILE_NO_APQN_MODE;
- } else if (whitemode || blackmode) {
+ } else if (whitemode) {
/* at least one APQN needs to be defined */
if (ep11_targets.length < 1) {
TRACE_ERROR("%s At least one APQN needs to be
defined in the configfile\n",
@@ -4103,21 +4091,17 @@ static int read_adapter_config_file(const char*
conf_name)
}
}
- /* log the white- or blacklist of APQNs */
- if (rc == 0 && (whitemode || blackmode)) {
- TRACE_INFO("%s %s with %d APQNs defined:\n",
- __func__, blackmode ? "blacklist" : "whitelist",
- ep11_targets.length);
+ /* log the whitelist of APQNs */
+ if (rc == 0 && whitemode) {
+ TRACE_INFO("%s whitelist with %d APQNs defined:\n",
+ __func__, ep11_targets.length);
for (i=0; i < ep11_targets.length; i++) {
- TRACE_INFO(" APQN %d: %d %d\n", i,
+ TRACE_INFO(" APQN entry %d: adapter=%d domain=%d\n", i,
ep11_targets.apqns[2*i],
ep11_targets.apqns[2*i+1]);
}
}
- if (blackmode == 1)
- ep11_targets.length *= -1;
-
ep11_initialized = TRUE;
return rc;
}
diff --git a/usr/lib/pkcs11/ep11_stdll/ep11tok.conf
b/usr/lib/pkcs11/ep11_stdll/ep11tok.conf
index 10b118f..5b0b7ea 100644
--- a/usr/lib/pkcs11/ep11_stdll/ep11tok.conf
+++ b/usr/lib/pkcs11/ep11_stdll/ep11tok.conf
@@ -5,13 +5,23 @@
# adapter/domain pairs installed and configured on your system.
#
# There are 2 ways to specify the crypto adapters:
-# 1) explicitly list of ap-qid/domain-id pairs
+# 1) explicitly list of adapter/domain pairs
#
# APQN_WHITELIST
-# 08 13
+# 8 13
# 10 13
# END
#
+# The adapter and domain may be given in decimal,
+# octal (with leading 0) or hexadecimal (with leading 0x):
+#
+# APQN_WHITELIST
+# 8 0x0d
+# 0x0a 13
+# END
+#
+# Valid adapter and domain values are in the range 0...255
+#
# 2) any available crypto adapters
#
# APQN_ANY
--
2.7.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opencryptoki-tech mailing list
Opencryptoki-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
