[opensc-devel] [PATCH 2/3] libp11: API change: change id_len from int to size_t

Stanislav Brabec Tue, 19 Aug 2008 08:37:27 -0700

Currently id_len is declared as integer, but in come contexts it is used
as size_t. On some 64-bit platforms, these sizes and simple cast may
work incorrectly. Actually, these two places of code



Casts while calling pkcs11_getattr_var() will make it most probably
crashing: Compiler will either try to store 8 byte value into 4 bytes
leading to crash or refer to temporary cast variable losing result after
returning from the function call.

As a simple work-around, you can create temporary size_t variable, use
it when calling pkcs11_getattr_var() and then copy this value to the
(shorter) target id_len.

But maybe you would prefer following larger and more aggressive patch,
which prevents all similar issues in both library code and possible
application code by redefining id_len from int to size_t.

Note that it breaks ABI on 64-bit platforms.

--- src/libp11.h
+++ src/libp11.h
@@ -53,7 +53,7 @@
 typedef struct PKCS11_key_st {
        char *label;
        unsigned char *id;
-       int id_len;
+       size_t id_len;
        unsigned char isPrivate;        /**< private key present? */
        unsigned char needLogin;        /**< login to read private key? */
        EVP_PKEY *evp_key;              /**< initially NULL, need to call 
PKCS11_load_key */
@@ -64,7 +64,7 @@
 typedef struct PKCS11_cert_st {
        char *label;
        unsigned char *id;
-       int id_len;
+       size_t id_len;
        X509 *x509;
        void *_private;
 } PKCS11_CERT;
@@ -291,7 +291,7 @@
  * @retval -1 error
  */
 
-extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned 
int bits, char *label, unsigned char* id, unsigned int id_len);
+extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned 
int bits, char *label, unsigned char* id, size_t id_len);
 
 /**
  * Store private key on a token
@@ -304,7 +304,7 @@
  * @retval 0 success
  * @retval -1 error
  */
-extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char 
*label, unsigned char *id, unsigned int id_len);
+extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char 
*label, unsigned char *id, size_t id_len);
 
 /**
  * Store public key on a token
@@ -317,7 +317,7 @@
  * @retval 0 success
  * @retval -1 error
  */
-extern int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char 
*label, unsigned char *id, unsigned int id_len);
+extern int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char 
*label, unsigned char *id, size_t id_len);
 
 /**
  * Store certificate on a token
@@ -332,7 +332,7 @@
  * @retval -1 error
  */
 extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
-               char *label, unsigned char *id, unsigned int id_len,
+               char *label, unsigned char *id, size_t id_len,
                PKCS11_CERT **ret_cert);
 
 /* rsa private key operations */
--- src/p11_cert.c
+++ src/p11_cert.c
@@ -174,7 +174,7 @@
                cert->x509 = d2i_X509(NULL, &p, size);
        }
        cert->id_len = sizeof(id);
-       if (!pkcs11_getattr_var(token, obj, CKA_ID, id, (size_t *) & 
cert->id_len)) {
+       if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &cert->id_len)) {
                cert->id = (unsigned char *) malloc(cert->id_len);
                memcpy(cert->id, id, cert->id_len);
        }
@@ -219,7 +219,7 @@
  */
 int
 PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
-                        unsigned char *id, unsigned int id_len,
+                        unsigned char *id, size_t id_len,
                         PKCS11_CERT ** ret_cert)
 {
        PKCS11_SLOT *slot = TOKEN2SLOT(token);
--- src/p11_key.c
+++ src/p11_key.c
@@ -31,9 +31,9 @@
                           CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
                           CK_OBJECT_CLASS type, PKCS11_KEY **);
 static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
-                                   unsigned char *, unsigned int, PKCS11_KEY 
**);
+                                   unsigned char *, size_t, PKCS11_KEY **);
 static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
-                                  unsigned char *, unsigned int, PKCS11_KEY 
**);
+                                  unsigned char *, size_t, PKCS11_KEY **);
 
 static CK_OBJECT_CLASS key_search_class;
 static CK_ATTRIBUTE key_search_attrs[] = {
@@ -93,14 +93,14 @@
 /*
  * Store a private key on the token
  */
-int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, 
unsigned char *id, unsigned int id_len)
+int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, 
unsigned char *id, size_t id_len)
 {
        if (pkcs11_store_private_key(token, pk, label, id, id_len, NULL))
                return -1;
        return 0;
 }
 
-int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, 
unsigned char *id, unsigned int id_len)
+int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, 
unsigned char *id, size_t id_len)
 {
        if (pkcs11_store_public_key(token, pk, label, id, id_len, NULL))
                return -1;
@@ -114,7 +114,7 @@
  */
 int
 PKCS11_generate_key(PKCS11_TOKEN * token,
-                   int algorithm, unsigned int bits, char *label, unsigned 
char* id, unsigned int id_len)
+                   int algorithm, unsigned int bits, char *label, unsigned 
char* id, size_t id_len)
 {
        PKCS11_KEY *key_obj;
        EVP_PKEY *pk;
@@ -283,7 +283,7 @@
        if (!pkcs11_getattr_s(token, obj, CKA_LABEL, label, sizeof(label)))
                key->label = BUF_strdup(label);
        key->id_len = sizeof(id);
-       if (!pkcs11_getattr_var(token, obj, CKA_ID, id, (size_t *) & 
key->id_len)) {
+       if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &key->id_len)) {
                key->id = (unsigned char *) malloc(key->id_len);
                memcpy(key->id, id, key->id_len);
        }
@@ -329,7 +329,7 @@
  * Store private key
  */
 static int pkcs11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
-               char *label, unsigned char *id, unsigned int id_len,
+               char *label, unsigned char *id, size_t id_len,
                PKCS11_KEY ** ret_key)
 {
        PKCS11_SLOT *slot = TOKEN2SLOT(token);
@@ -392,7 +392,7 @@
  * Store public key
  */
 static int pkcs11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
-               char *label, unsigned char *id, unsigned int id_len,
+               char *label, unsigned char *id, size_t id_len,
                PKCS11_KEY ** ret_key)
 {
        PKCS11_SLOT *slot = TOKEN2SLOT(token);
--- src/pkcs11.h
+++ src/pkcs11.h
@@ -460,7 +460,7 @@
 {
   ck_attribute_type_t type;
   void *value;
-  unsigned long value_len;
+  size_t value_len;
 };
 
 

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                          e-mail: [EMAIL PROTECTED]
Lihovarská 1060/12           tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9                                  fax: +420 284 028 951
Czech Republic                                    http://www.suse.cz/

_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] [PATCH 2/3] libp11: API change: change id_len from int to size_t

Reply via email to