system/coolkey: Included several upstream patches

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
This commit is contained in:
Andy Bailey 2011-01-10 20:52:19 -06:00 committed by Robby Workman
parent 4efe7dc1f1
commit aa4f663337
11 changed files with 2280 additions and 108 deletions

View file

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# Slackware build script for coolkey
@ -24,7 +24,7 @@
PRGNAM=coolkey
VERSION=${VERSION:-1.1.0}
BUILD=${BUILD:-1}
BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
# Automatically determine the architecture we're building on:
@ -67,8 +67,20 @@ cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R u+w,go+r-w,a-s .
# Fixup some build errors on gcc43
patch -p1 < $CWD/gcc-4.3.patch
# Redhat is dallying on a post 1.1.0 coolkey release
# but the cac and pcsc-lite fixes are necessary. These
# come directly from the rawhide srpm, currently -17
PATCHES="cache-dir-move \
gcc43 \
latest
simple-bugs \
thread-fix \
cac \
cac-1 \
pcsc-lite-fix"
for i in $PATCHES; do patch -p0 < $CWD/patches/coolkey-$i.patch; done
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \

View file

@ -1,95 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01_coolkey_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Closes: #455658 FTBFS with GCC 4.3: #define redefined
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/coolkey.cpp coolkey-1.1.0/src/coolkey/coolkey.cpp
--- coolkey-1.1.0~/src/coolkey/coolkey.cpp 2007-02-14 20:54:01.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/coolkey.cpp 2008-01-06 14:12:35.000000000 +0100
@@ -34,7 +34,9 @@
#include "cky_base.h"
#include "params.h"
+#ifndef NULL
#define NULL 0
+#endif
/* static module data -------------------------------- */
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_log_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/log.cpp coolkey-1.1.0/src/coolkey/log.cpp
--- coolkey-1.1.0~/src/coolkey/log.cpp 2007-02-14 20:54:01.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/log.cpp 2008-01-06 14:18:11.000000000 +0100
@@ -17,6 +17,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* ***** END COPYRIGHT BLOCK *****/
+#include <stdlib.h>
+#include <string.h>
#include <string>
#include "mypkcs11.h"
#include <assert.h>
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_machdep_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/machdep.cpp coolkey-1.1.0/src/coolkey/machdep.cpp
--- coolkey-1.1.0~/src/coolkey/machdep.cpp 2007-02-14 01:46:28.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/machdep.cpp 2008-01-06 14:19:04.000000000 +0100
@@ -17,6 +17,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* ***** END COPYRIGHT BLOCK *****/
+#include <stdlib.h>
+#include <string.h>
#include "machdep.h"
#include "mypkcs11.h"
#include "PKCS11Exception.h"
#! /bin/sh /usr/share/dpatch/dpatch-run
## 04_object_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/object.cpp coolkey-1.1.0/src/coolkey/object.cpp
--- coolkey-1.1.0~/src/coolkey/object.cpp 2007-02-09 19:53:21.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/object.cpp 2008-01-06 14:22:42.000000000 +0100
@@ -17,6 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* ***** END COPYRIGHT BLOCK *****/
+#include <string.h>
#include "mypkcs11.h"
#include "PKCS11Exception.h"
#include "object.h"
#! /bin/sh /usr/share/dpatch/dpatch-run
## 05_slot_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0.obsolete.0.590099710113467~/src/coolkey/slot.cpp coolkey-1.1.0.obsolete.0.590099710113467/src/coolkey/slot.cpp
--- coolkey-1.1.0.obsolete.0.590099710113467~/src/coolkey/slot.cpp 2008-01-06 14:27:32.000000000 +0100
+++ coolkey-1.1.0.obsolete.0.590099710113467/src/coolkey/slot.cpp 2008-01-06 14:27:58.000000000 +0100
@@ -33,7 +33,7 @@
#define MIN(x, y) ((x) < (y) ? (x) : (y))
-using std::auto_ptr;
+//using std::auto_ptr;
#ifdef DEBUG

View file

@ -0,0 +1,28 @@
diff -up ./src/coolkey/object.cpp.cac-1 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.cac-1 2010-06-23 04:46:35.726198827 -0700
+++ ./src/coolkey/object.cpp 2010-06-23 04:47:28.073827862 -0700
@@ -505,6 +505,10 @@ dataStart(const CKYByte *buf, unsigned i
unsigned char tag;
unsigned int used_length= 0;
+ if(!buf) {
+ return NULL;
+ }
+
tag = buf[used_length++];
/* blow out when we come to the end */
diff -up ./src/coolkey/slot.cpp.cac-1 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.cac-1 2010-06-23 04:46:22.718371631 -0700
+++ ./src/coolkey/slot.cpp 2010-06-23 04:57:04.417774402 -0700
@@ -2192,6 +2192,10 @@ Slot::readCACCertificateFirst(CKYBuffer
if (throwException && (status != CKYSUCCESS)) {
handleConnectionError();
}
+
+ if(CKYBuffer_Size(cert) == 0) {
+ handleConnectionError();
+ }
return status;
}

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,177 @@
Index: src/coolkey/machdep.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/machdep.cpp,v
retrieving revision 1.4
diff -u -r1.4 machdep.cpp
--- src/coolkey/machdep.cpp 14 Feb 2007 00:46:28 -0000 1.4
+++ src/coolkey/machdep.cpp 15 Aug 2007 01:41:11 -0000
@@ -185,12 +185,20 @@
#define MAP_INHERIT 0
#endif
+#ifndef BASEPATH
+#ifdef MAC
+#define BASEPATH "/var"
+#else
+#define BASEPATH "/var/cache"
+#endif
+#endif
+
#ifdef FULL_CLEANUP
#define RESERVED_OFFSET 256
-#define MEMSEGPATH "/tmp/.pk11ipc"
+#define MEMSEGPATH BASEPATH"/coolkey-lock"
#else
#define RESERVED_OFFSET 0
-#define MEMSEGPATH "/tmp/.pk11ipc1"
+#define MEMSEGPATH BASEPATH"/coolkey"
#endif
struct SHMemData {
@@ -208,11 +216,6 @@
#ifdef FULL_CLEANUP
flock(fd,LOCK_EX);
unsigned long ref = --(*(unsigned long *)addr);
-#ifdef notdef
- if (ref == 0) {
- unlink(path);
- }
-#endif
flock(fd, LOCK_UN);
#endif
munmap(addr,size+RESERVED_OFFSET);
@@ -225,6 +228,73 @@
}
}
+/*
+ * The cache directory is shared and accessible by anyone, make
+ * sure the cache file we are opening is really a valid cache file.
+ */
+int safe_open(char *path, int flags, int mode, int size)
+{
+ struct stat buf;
+ int fd, ret;
+
+ fd = open (path, flags|O_NOFOLLOW, mode);
+
+ if (fd < 0) {
+ return fd;
+ }
+
+ ret = fstat(fd, &buf);
+ if (ret < 0) {
+ close (fd);
+ return ret;
+ }
+
+ /* our cache files are pretty specific, make sure we are looking
+ * at the correct one */
+
+ /* first, we should own the file ourselves, don't open a file
+ * that someone else wanted us to see. */
+ if (buf.st_uid != getuid()) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* next, there should only be one link in this file. Don't
+ * use this code to trash another file */
+ if (buf.st_nlink != 1) {
+ close(fd);
+ errno = EMLINK;
+ return -1;
+ }
+
+ /* next, This better be a regular file */
+ if (!S_ISREG(buf.st_mode)) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* if the permissions don't match, something is wrong */
+ if ((buf.st_mode & 03777) != mode) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* finally the file should be the correct size. This
+ * check isn't so much to protect from an attack, as it is to
+ * detect a corrupted cache file */
+ if (buf.st_size != size) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* OK, the file checked out, ok to continue */
+ return fd;
+}
+
SHMem::SHMem(): shmemData(0) {}
SHMem *
@@ -248,7 +318,7 @@
return NULL;
}
int mask = umask(0);
- int ret = mkdir (MEMSEGPATH, 0777);
+ int ret = mkdir (MEMSEGPATH, 01777);
umask(mask);
if ((ret == -1) && (errno != EEXIST)) {
delete shmemData;
@@ -264,21 +334,16 @@
shmemData->path[sizeof(MEMSEGPATH)-1] = '/';
strcpy(&shmemData->path[sizeof(MEMSEGPATH)],name);
- int mode = 0777;
- if (strcmp(name,"token_names") != 0) {
- /* each user gets his own uid array */
- sprintf(uid_str, "-%u",getuid());
- strcat(shmemData->path,uid_str);
- mode = 0700;
- }
+ sprintf(uid_str, "-%u",getuid());
+ strcat(shmemData->path,uid_str);
+ int mode = 0600;
+
shmemData->fd = open(shmemData->path,
O_CREAT|O_RDWR|O_EXCL|O_APPEND|O_EXLOCK, mode);
- if (shmemData->fd < 0) {
- needInit = false;
- shmemData->fd = open(shmemData->path,O_RDWR|O_EXLOCK, mode);
- } else {
+ if (shmemData->fd >= 0) {
char *buf;
int len = size+RESERVED_OFFSET;
+ int ret;
buf = (char *)calloc(1,len);
if (!buf) {
@@ -289,8 +354,22 @@
delete shmemData;
return NULL;
}
- write(shmemData->fd,buf,len);
+ ret = write(shmemData->fd,buf,len);
+ if (ret != len) {
+ unlink(shmemData->path);
+#ifdef FULL_CLEANUP
+ flock(shmemData->fd, LOCK_UN);
+#endif
+ delete shmemData;
+ return NULL;
+ }
+
free(buf);
+ } else if (errno == EEXIST) {
+ needInit = false;
+
+ shmemData->fd = safe_open(shmemData->path,O_RDWR|O_EXLOCK, mode,
+ size+RESERVED_OFFSET);
}
if (shmemData->fd < 0) {
delete shmemData;

View file

@ -0,0 +1,54 @@
diff -up ./src/coolkey/slot.cpp.coolkey-gcc43 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.coolkey-gcc43 2008-02-13 18:01:45.000000000 -0800
+++ ./src/coolkey/slot.cpp 2008-02-13 18:03:05.000000000 -0800
@@ -25,7 +25,6 @@
#include "PKCS11Exception.h"
#include <winscard.h>
#include "slot.h"
-#include <memory.h>
#include "zlib.h"
#include "params.h"
@@ -33,7 +32,6 @@
#define MIN(x, y) ((x) < (y) ? (x) : (y))
-using std::auto_ptr;
#ifdef DEBUG
diff -up ./src/coolkey/machdep.cpp.coolkey-gcc43 ./src/coolkey/machdep.cpp
--- ./src/coolkey/machdep.cpp.coolkey-gcc43 2008-02-13 18:02:06.000000000 -0800
+++ ./src/coolkey/machdep.cpp 2008-02-13 18:04:04.000000000 -0800
@@ -33,6 +33,8 @@
#include <sys/stat.h>
#include <sys/mman.h>
#include <pthread.h>
+#include <string.h>
+#include <stdlib.h>
#endif
#ifdef _WIN32
diff -up ./src/coolkey/log.cpp.coolkey-gcc43 ./src/coolkey/log.cpp
--- ./src/coolkey/log.cpp.coolkey-gcc43 2008-02-13 18:01:55.000000000 -0800
+++ ./src/coolkey/log.cpp 2008-02-13 18:03:37.000000000 -0800
@@ -18,6 +18,8 @@
* ***** END COPYRIGHT BLOCK *****/
#include <string>
+#include <string.h>
+#include <stdlib.h>
#include "mypkcs11.h"
#include <assert.h>
#include <stdio.h>
diff -up ./src/coolkey/object.cpp.coolkey-gcc43 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.coolkey-gcc43 2008-02-13 18:02:20.000000000 -0800
+++ ./src/coolkey/object.cpp 2008-02-13 18:04:22.000000000 -0800
@@ -21,6 +21,7 @@
#include "PKCS11Exception.h"
#include "object.h"
#include <algorithm>
+#include <string.h>
using std::find_if;

View file

@ -0,0 +1,685 @@
diff -up ./src/coolkey/slot.cpp.coolkey-latest ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.coolkey-latest 2009-09-11 13:58:24.423487305 -0700
+++ ./src/coolkey/slot.cpp 2009-09-11 14:04:30.813488220 -0700
@@ -203,6 +203,29 @@ SlotList::readerExists(const char *reade
return FALSE;
}
+bool
+SlotList::readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList)
+{
+ if( !readerName || !readerNameList) {
+ return FALSE;
+ }
+
+ int i = 0;
+ int readerNameCnt = CKYReaderNameList_GetCount(*readerNameList);
+
+ const char *curReaderName = NULL;
+ for(i=0; i < readerNameCnt; i++) {
+ curReaderName = CKYReaderNameList_GetValue(*readerNameList,i);
+
+ if(!strcmp(curReaderName,readerName)) {
+ return TRUE;
+ }
+
+ }
+
+ return FALSE;
+}
+
/*
* you need to hold the ReaderList Lock before you can update the ReaderList
*/
@@ -256,6 +279,27 @@ SlotList::updateReaderList()
* don't recognize.
*/
+ /* first though, let's check to see if any previously removed readers have
+ * come back from the dead. If the ignored bit has been set, we do not need
+ * it any more.
+ */
+
+ const char *curReaderName = NULL;
+ unsigned long knownState = 0;
+ for(int ri = 0 ; ri < numReaders; ri ++) {
+
+ knownState = CKYReader_GetKnownState(&readerStates[ri]);
+ if( !(knownState & SCARD_STATE_IGNORE)) {
+ continue;
+ }
+
+ curReaderName = CKYReader_GetReaderName(&readerStates[ri]);
+ if(readerNameExistsInList(curReaderName,&readerNames)) {
+ CKYReader_SetKnownState(&readerStates[ri], knownState & ~SCARD_STATE_IGNORE);
+
+ }
+ }
+
const char *newReadersData[MAX_READER_DELTA];
const char **newReaders = &newReadersData[0];
unsigned int newReaderCount = 0;
@@ -528,7 +572,7 @@ SlotList::getSlotList(CK_BBOOL tokenPres
void
Slot::connectToToken()
{
- CKYStatus status;
+ CKYStatus status = CKYSCARDERR;
OSTime time = OSTimeNow();
mCoolkey = 0;
@@ -537,13 +581,31 @@ Slot::connectToToken()
// try to connect to the card
if( ! CKYCardConnection_IsConnected(conn) ) {
- status = CKYCardConnection_Connect(conn, readerName);
- if( status != CKYSUCCESS ) {
- log->log("Unable to connect to token\n");
+ int i = 0;
+ //for cranky readers try again a few more times
+ while( i++ < 5 && status != CKYSUCCESS )
+ {
+ status = CKYCardConnection_Connect(conn, readerName);
+ if( status != CKYSUCCESS &&
+ CKYCardConnection_GetLastError(conn) == SCARD_E_PROTO_MISMATCH )
+ {
+ log->log("Unable to connect to token status %d ConnGetGetLastError %x .\n",status,CKYCardConnection_GetLastError(conn));
+
+ }
+ else
+ {
+ break;
+ }
+ OSSleep(100000);
+ }
+
+ if( status != CKYSUCCESS)
+ {
state = UNKNOWN;
return;
}
}
+
log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time);
if (!slotInfoFound) {
readSlotInfo();
@@ -562,15 +624,10 @@ Slot::connectToToken()
state = CARD_PRESENT;
}
- if ( CKYBuffer_DataIsEqual(&cardATR, ATR, sizeof (ATR)) ||
- CKYBuffer_DataIsEqual(&cardATR, ATR1, sizeof(ATR1)) ||
- CKYBuffer_DataIsEqual(&cardATR, ATR2, sizeof(ATR2)) ) {
-
- if (Params::hasParam("noAppletOK"))
- {
- state |= APPLET_SELECTABLE;
- mCoolkey = 1;
- }
+ if (Params::hasParam("noAppletOK"))
+ {
+ state |= APPLET_SELECTABLE;
+ mCoolkey = 1;
}
/* support CAC card. identify the card based on applets, not the ATRS */
@@ -631,7 +688,7 @@ Slot::connectToToken()
* unfriendly */
isVersion1Key = 0;
needLogin = 1;
-
+ mCoolkey = 0;
return;
}
mCoolkey = 1;
@@ -1077,6 +1134,7 @@ SlotList::waitForSlotEvent(CK_FLAGS flag
}
throw;
}
+
if (myNumReaders != numReaders) {
if (myReaderStates) {
delete [] myReaderStates;
@@ -1103,6 +1161,7 @@ SlotList::waitForSlotEvent(CK_FLAGS flag
}
}
}
+
if (found || (flag == CKF_DONT_BLOCK) || shuttingDown) {
break;
}
@@ -1272,6 +1331,19 @@ class ObjectHandleMatch {
}
};
+class KeyNumMatch {
+ private:
+ CKYByte keyNum;
+ const Slot &slot;
+ public:
+ KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { }
+ bool operator() (const PKCS11Object& obj) {
+ unsigned long objID = obj.getMuscleObjID();
+ return (slot.getObjectClass(objID) == 'k')
+ && (slot.getObjectIndex(objID) == keyNum);
+ }
+};
+
class ObjectCertCKAIDMatch {
private:
CKYByte cka_id;
@@ -3007,8 +3079,9 @@ Slot::sign(SessionHandleSuffix suffix, C
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
+ RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE);
cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,
- RSASignatureParams(CryptParams::FIXED_KEY_SIZE));
+ params);
}
void
@@ -3016,14 +3089,15 @@ Slot::decrypt(SessionHandleSuffix suffix
CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,
CK_ULONG_PTR pulDecryptedDataLen)
{
+ RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE);
cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,
- RSADecryptParams(CryptParams::FIXED_KEY_SIZE));
+ params);
}
void
Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
- CK_ULONG_PTR pulOutputLen, const CryptParams& params)
+ CK_ULONG_PTR pulOutputLen, CryptParams& params)
{
refreshTokenState();
SessionIter session = findSession(suffix);
@@ -3041,6 +3115,11 @@ Slot::cryptRSA(SessionHandleSuffix suffi
CKYBuffer *result = &opState.result;
CKYByte keyNum = opState.keyNum;
+ unsigned int keySize = getKeySize(keyNum);
+
+ if(keySize != CryptParams::DEFAULT_KEY_SIZE)
+ params.setKeySize(keySize);
+
if( CKYBuffer_Size(result) == 0 ) {
// we haven't already peformed the decryption, so do it now.
if( pInput == NULL || ulInputLen == 0) {
@@ -3243,3 +3322,36 @@ Slot::generateRandom(SessionHandleSuffix
throw PKCS11Exception(CKR_DEVICE_ERROR);
}
}
+
+#define MAX_NUM_KEYS 8
+unsigned int
+Slot::getKeySize(CKYByte keyNum)
+{
+ unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE;
+ int modSize = 0;
+
+ if(keyNum >= MAX_NUM_KEYS) {
+ return keySize;
+ }
+
+ ObjectConstIter iter;
+ iter = find_if(tokenObjects.begin(), tokenObjects.end(),
+ KeyNumMatch(keyNum,*this));
+
+ if( iter == tokenObjects.end() ) {
+ return keySize;
+ }
+
+ CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS);
+
+ if(modulus) {
+ modSize = CKYBuffer_Size(modulus);
+ if(CKYBuffer_GetChar(modulus,0) == 0x0) {
+ modSize--;
+ }
+ if(modSize > 0)
+ keySize = modSize * 8;
+ }
+
+ return keySize;
+}
diff -up ./src/coolkey/slot.h.coolkey-latest ./src/coolkey/slot.h
--- ./src/coolkey/slot.h.coolkey-latest 2006-06-09 11:39:11.000000000 -0700
+++ ./src/coolkey/slot.h 2009-09-11 13:58:24.462488099 -0700
@@ -270,10 +270,9 @@ class CryptParams {
protected:
unsigned int getKeySize() const { return keySize; }
public:
- // !!!XXX hack. The right way to get the key size is to get all the
- // key information from the token with MSCListKeys, the same way
- // we get all the object information with MSCListObjects.
- enum { FIXED_KEY_SIZE = 1024 };
+ // set the actual key size obtained from the card
+ void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
+ enum { DEFAULT_KEY_SIZE = 1024 };
CryptParams(unsigned int keySize_) : keySize(keySize_) { }
@@ -422,7 +421,7 @@ class Slot {
void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
- CK_ULONG_PTR pulOutputLen, const CryptParams& params);
+ CK_ULONG_PTR pulOutputLen, CryptParams& params);
void performRSAOp(CKYBuffer *out, const CKYBuffer *input, CKYByte keyNum,
CKYByte direction);
@@ -460,6 +459,8 @@ class Slot {
return (char )((objectID >> 16) & 0xff) - '0';
}
+ // actually get the size of a key in bits from the card
+ unsigned int getKeySize(CKYByte keyNum);
SessionHandleSuffix openSession(Session::Type type);
void closeSession(SessionHandleSuffix handleSuffix);
@@ -527,6 +528,8 @@ class SlotList {
* has called 'C_GetSlotList' with a NULL parameter */
void updateReaderList();
+ /* see if a reader name exists in a caller provided reader name list. */
+ bool readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList );
bool readerExists(const char *readerName, unsigned int *hint = 0);
public:
SlotList(Log *log);
diff -up ./src/libckyapplet/cky_applet.c.coolkey-latest ./src/libckyapplet/cky_applet.c
--- ./src/libckyapplet/cky_applet.c.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_applet.c 2009-09-11 13:58:24.464487796 -0700
@@ -134,6 +134,13 @@ CKYAppletFactory_Logout(CKYAPDU *apdu, c
/* Future add WriteObject */
CKYStatus
+CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param)
+{
+ const CKYAppletArgWriteObject *wos = (const CKYAppletArgWriteObject *)param;
+ return CKYAPDUFactory_WriteObject(apdu,wos->objectID,wos->offset,wos->size,wos->data);
+}
+
+CKYStatus
CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param)
{
const CKYAppletArgCreateObject *cos=(const CKYAppletArgCreateObject *)param;
@@ -192,7 +199,6 @@ CKYAppletFactory_GetLifeCycleV2(CKYAPDU
{
return CKYAPDUFactory_GetLifeCycleV2(apdu);
}
-
CKYStatus
CKYAppletFactory_GetRandom(CKYAPDU *apdu, const void *param)
{
@@ -725,24 +731,48 @@ CKYApplet_ComputeCrypt(CKYCardConnection
CKYAppletArgComputeCrypt ccd;
CKYBuffer empty;
CKYISOStatus status;
+ short dataSize = 0;
int use2APDUs = 0;
+ int use_dl_object = CKYBuffer_Size(data) > 200 ;
CKYBuffer_InitEmpty(&empty);
ccd.keyNumber = keyNumber;
ccd.mode = mode;
ccd.direction = direction;
- ccd.location = CKY_DL_APDU;
+ ccd.location = use_dl_object ? CKY_DL_OBJECT : CKY_DL_APDU;
if (!apduRC)
apduRC = &status;
+ if (use_dl_object) {
+ CKYBuffer sizeBuf;
+
+ CKYBuffer_InitEmpty(&sizeBuf);
+ CKYBuffer_AppendShort(&sizeBuf, CKYBuffer_Size(data));
+
+ ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
+ 0, CKYBuffer_Size(&sizeBuf), nonce,
+ &sizeBuf, apduRC);
+
+ CKYBuffer_FreeData(&sizeBuf);
+ if( ret != CKYSUCCESS)
+ goto fail;
+
+ ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
+ 2, CKYBuffer_Size(data), nonce,
+ data, apduRC);
+
+ if(ret != CKYSUCCESS)
+ goto fail;
+ }
+
if (mode == CKY_RSA_NO_PAD) {
- ccd.data = data;
+ ccd.data = use_dl_object ? &empty : data;
ccd.sig = sig;
ret = CKYApplet_HandleAPDU(conn,
CKYAppletFactory_ComputeCryptOneStep, &ccd, nonce,
CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,
- result, apduRC);
+ use_dl_object ? NULL : result, apduRC);
if (ret == CKYAPDUFAIL && *apduRC == CKYISO_INCORRECT_P2) {
use2APDUs = 1; /* maybe it's an old applet */
}
@@ -759,13 +789,38 @@ CKYApplet_ComputeCrypt(CKYCardConnection
CKYAppletFactory_ComputeCryptInit, &ccd, nonce,
0, CKYAppletFill_Null, NULL, apduRC);
if (ret == CKYSUCCESS) {
- ccd.data = data;
+ ccd.data = use_dl_object ? &empty : data;
ret = CKYApplet_HandleAPDU(conn,
CKYAppletFactory_ComputeCryptFinal, &ccd, nonce,
CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,
- result, apduRC);
+ use_dl_object ? NULL : result, apduRC);
}
}
+
+ if (use_dl_object && ret == CKYSUCCESS) {
+ CKYBuffer sizeOutBuf;
+ CKYBuffer_InitEmpty(&sizeOutBuf);
+
+ ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
+ 0, 2,
+ nonce,&sizeOutBuf,apduRC);
+
+ if(ret != CKYSUCCESS) {
+ CKYBuffer_FreeData(&sizeOutBuf);
+ goto fail;
+ }
+
+ dataSize = CKYBuffer_GetShort(&sizeOutBuf, 0);
+
+ CKYBuffer_FreeData(&sizeOutBuf);
+
+ ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
+ 2, dataSize,
+ nonce,result,apduRC);
+ }
+
+fail:
+
return ret;
}
@@ -1036,6 +1091,44 @@ CKYApplet_ReadObjectFull(CKYCardConnecti
}
/*
+ * Write Object
+ * This makes multiple APDU calls to write the entire object.
+ *
+ */
+
+CKYStatus
+CKYApplet_WriteObjectFull(CKYCardConnection *conn, unsigned long objectID,
+ CKYOffset offset, CKYSize size, const CKYBuffer *nonce,
+ const CKYBuffer *data, CKYISOStatus *apduRC)
+{
+
+ CKYBuffer chunk;
+ CKYOffset srcOffset = 0;
+ CKYAppletArgWriteObject wod;
+ CKYStatus ret = CKYSUCCESS;
+
+ wod.objectID = objectID;
+ wod.offset = offset;
+ do {
+ wod.size = (CKYByte) MIN(size, 220);
+ ret = CKYBuffer_InitFromBuffer(&chunk, data,
+ srcOffset, wod.size);
+ if(ret == CKYSUCCESS) {
+ wod.data = &chunk;
+ ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_WriteObject, &wod,
+ nonce, 0, CKYAppletFill_Null, NULL, apduRC);
+ size -= wod.size;
+ wod.offset += wod.size;
+ srcOffset += wod.size;
+ CKYBuffer_FreeData(&chunk);
+ }
+
+ } while ((size > 0) && (ret == CKYSUCCESS));
+
+ return ret;
+}
+
+/*
* List Object cluster
*/
static CKYStatus
diff -up ./src/libckyapplet/cky_applet.h.coolkey-latest ./src/libckyapplet/cky_applet.h
--- ./src/libckyapplet/cky_applet.h.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_applet.h 2009-09-11 13:58:24.466487772 -0700
@@ -192,6 +192,14 @@ typedef struct _CKYAppletArgReadObject {
CKYByte size;
} CKYAppletArgReadObject;
+typedef struct _CKYAppletArgWriteObject {
+ unsigned long objectID;
+ CKYOffset offset;
+ CKYByte size;
+ CKYBuffer *data;
+
+} CKYAppletArgWriteObject;
+
typedef struct _CKYAppletArgComputeCrypt {
CKYByte keyNumber;
CKYByte mode;
@@ -250,6 +258,8 @@ CKYStatus CKYAppletFactory_ListPINs(CKYA
/* param == CKYByte * (pointer to pinNumber) */
CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param);
/* Future add WriteObject */
+/* parm == CKYAppletArgWriteObject */
+CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param);
/* param == CKYAppletArgCreateObject */
CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param);
/* param == CKYAppletArgDeleteObject */
@@ -482,6 +492,17 @@ CKYStatus CKYApplet_ReadObjectAppend(CKY
CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn,
unsigned long objectID, CKYOffset offset, CKYSize size,
const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC);
+/*
+ * There is 1 write command:
+ * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple
+ * apdu calls in order to write the full amount into the buffer. The buffer is
+ * overwritten.
+*/
+
+CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn,
+ unsigned long objectID, CKYOffset offset, CKYSize size,
+ const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC);
+
CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,
CKYAppletRespListObjects *lop, CKYISOStatus *apduRC);
CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn,
diff -up ./src/libckyapplet/cky_card.c.coolkey-latest ./src/libckyapplet/cky_card.c
--- ./src/libckyapplet/cky_card.c.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_card.c 2009-09-11 13:58:24.468487469 -0700
@@ -129,6 +129,7 @@ typedef struct _SCard {
SCardGetStatusChangeFn SCardGetStatusChange;
SCardCancelFn SCardCancel;
SCARD_IO_REQUEST *SCARD_PCI_T0_;
+ SCARD_IO_REQUEST *SCARD_PCI_T1_;
} SCard;
#define GET_ADDRESS(library, scard, name) \
@@ -195,6 +196,12 @@ ckySCard_Init(void)
if( status != CKYSUCCESS ) {
goto fail;
}
+
+ status = ckyShLibrary_getAddress( library,
+ (void**) &scard->SCARD_PCI_T1_, MAKE_DLL_SYMBOL(g_rgSCardT1Pci));
+ if( status != CKYSUCCESS ) {
+ goto fail;
+ }
return scard;
fail:
@@ -884,6 +891,7 @@ struct _CKYCardConnection {
SCARDHANDLE cardHandle;
unsigned long lastError;
CKYBool inTransaction;
+ unsigned long protocol;
};
static void
@@ -894,6 +902,7 @@ ckyCardConnection_init(CKYCardConnection
conn->cardHandle = 0;
conn->lastError = 0;
conn->inTransaction = 0;
+ conn->protocol = SCARD_PROTOCOL_T0;
}
CKYCardConnection *
@@ -934,14 +943,13 @@ CKYCardConnection_Connect(CKYCardConnect
{
CKYStatus ret;
unsigned long rv;
- unsigned long protocol;
ret = CKYCardConnection_Disconnect(conn);
if (ret != CKYSUCCESS) {
return ret;
}
rv = conn->scard->SCardConnect( conn->ctx->context, readerName,
- SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, &conn->cardHandle, &protocol);
+ SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &conn->cardHandle, &conn->protocol);
if (rv != SCARD_S_SUCCESS) {
conn->lastError = rv;
return CKYSCARDERR;
@@ -978,7 +986,7 @@ ckyCardConnection_reconnectRaw(CKYCardCo
unsigned long protocol;
rv = conn->scard->SCardReconnect(conn->cardHandle,
- SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, init, &protocol);
+ SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1 , init, &protocol);
if (rv != SCARD_S_SUCCESS) {
conn->lastError = rv;
return CKYSCARDERR;
@@ -1039,10 +1047,17 @@ CKYCardConnection_TransmitAPDU(CKYCardCo
return ret;
}
- rv = conn->scard->SCardTransmit(conn->cardHandle,
- conn->scard->SCARD_PCI_T0_,
- CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
- NULL, response->data, &response->len);
+ if( conn->protocol == SCARD_PROTOCOL_T0 ) {
+ rv = conn->scard->SCardTransmit(conn->cardHandle,
+ conn->scard->SCARD_PCI_T0_,
+ CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
+ NULL, response->data, &response->len);
+ } else {
+ rv = conn->scard->SCardTransmit(conn->cardHandle,
+ conn->scard->SCARD_PCI_T1_,
+ CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
+ NULL, response->data, &response->len);
+ }
if (rv != SCARD_S_SUCCESS) {
conn->lastError =rv;
diff -up ./src/libckyapplet/cky_factory.c.coolkey-latest ./src/libckyapplet/cky_factory.c
--- ./src/libckyapplet/cky_factory.c.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_factory.c 2009-09-11 13:58:24.470495267 -0700
@@ -190,8 +190,11 @@ CKYAPDUFactory_ComputeCryptOneStep(CKYAP
CKYSize len;
CKYBuffer buf;
- if (!idata || !(len = CKYBuffer_Size(idata)) || location != CKY_DL_APDU)
- return ret;
+ if (!idata)
+ return ret;
+
+ if (!(len = CKYBuffer_Size(idata)) && location != CKY_DL_OBJECT)
+ return ret;
CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
CKYAPDU_SetINS(apdu, CKY_INS_COMPUTE_CRYPT);
@@ -314,8 +317,6 @@ CKYAPDUFactory_Logout(CKYAPDU *apdu, CKY
return CKYSUCCESS;
}
-/* Future add WriteObject */
-
CKYStatus
CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size,
unsigned short readACL, unsigned short writeACL, unsigned short deleteACL)
@@ -419,6 +420,58 @@ fail:
}
CKYStatus
+CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
+ CKYOffset offset,CKYSize size,CKYBuffer *data)
+{
+ CKYBuffer buf;
+ CKYStatus ret = CKYSUCCESS;
+ unsigned short dataSize = 0;
+
+ CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
+ CKYAPDU_SetINS(apdu, CKY_INS_WRITE_OBJ);
+ CKYAPDU_SetP1(apdu, 0x00);
+ CKYAPDU_SetP2(apdu, 0x00);
+ CKYBuffer_InitEmpty(&buf);
+
+ dataSize = (unsigned short) CKYBuffer_Size(data);
+
+ if(!dataSize) {
+ ret = CKYINVALIDARGS;
+ goto fail;
+ }
+
+ ret = CKYBuffer_AppendLong(&buf,objectID);
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+ ret = CKYBuffer_AppendLong(&buf,offset);
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+ ret = CKYBuffer_AppendChar(&buf, size);
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+
+ ret = CKYAPDU_SetSendDataBuffer(apdu,&buf);
+
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+
+ ret = CKYAPDU_AppendSendDataBuffer(apdu, data);
+
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+
+fail:
+ CKYBuffer_FreeData(&buf);
+ return ret;
+
+}
+
+CKYStatus
CKYAPDUFactory_ListObjects(CKYAPDU *apdu, CKYByte sequence)
{
CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
diff -up ./src/libckyapplet/cky_factory.h.coolkey-latest ./src/libckyapplet/cky_factory.h
--- ./src/libckyapplet/cky_factory.h.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_factory.h 2009-09-11 13:58:24.472487421 -0700
@@ -190,7 +190,8 @@ CKYStatus CKYAPDUFactory_ChangePIN(CKYAP
const char *oldPin, const char *newPin);
CKYStatus CKYAPDUFactory_ListPINs(CKYAPDU *apdu);
CKYStatus CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber);
-
+CKYStatus CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
+ CKYOffset offset,CKYSize size,CKYBuffer *data);
/* Future add WriteObject */
CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID,
CKYSize size, unsigned short readACL, unsigned short writeACL,

View file

@ -0,0 +1,69 @@
diff -up ./src/coolkey/slot.cpp.reader-state-fix ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.reader-state-fix 2010-09-08 13:25:14.479109000 -0700
+++ ./src/coolkey/slot.cpp 2010-09-08 13:25:14.506109000 -0700
@@ -2185,6 +2185,7 @@ Slot::readCACCertificateFirst(CKYBuffer
{
CKYStatus status;
CKYISOStatus apduRC;
+ *nextSize = 0;
if (mOldCAC) {
/* get the first 100 bytes of the cert */
diff -up ./src/libckyapplet/cky_card.c.reader-state-fix ./src/libckyapplet/cky_card.c
--- ./src/libckyapplet/cky_card.c.reader-state-fix 2010-09-08 14:05:10.859321000 -0700
+++ ./src/libckyapplet/cky_card.c 2010-09-08 14:05:42.792257000 -0700
@@ -27,7 +27,6 @@
#ifndef WINAPI
#define WINAPI
-typedef SCARD_READERSTATE *LPSCARD_READERSTATE;
#endif
#ifndef SCARD_E_NO_READERS_AVAILABLE
diff -up ./src/libckyapplet/cky_card.h.reader-state-fix ./src/libckyapplet/cky_card.h
--- ./src/libckyapplet/cky_card.h.reader-state-fix 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_card.h 2010-09-08 13:25:14.518109000 -0700
@@ -41,23 +41,23 @@ CKYLIST_DECLARE(CKYReaderName, char *)
CKYLIST_DECLARE(CKYCardConnection, CKYCardConnection *)
CKY_BEGIN_PROTOS
-void CKYReader_Init(SCARD_READERSTATE_A *reader);
-void CKYReader_FreeData(SCARD_READERSTATE_A *reader);
+void CKYReader_Init(SCARD_READERSTATE *reader);
+void CKYReader_FreeData(SCARD_READERSTATE *reader);
/*
- * "Accessors": for SCARD_READERSTATE_A structure as a class.
- * These functions take an SCARD_READERSTATE_A which can also be referenced
+ * "Accessors": for SCARD_READERSTATE structure as a class.
+ * These functions take an SCARD_READERSTATE which can also be referenced
* directly.
*/
-CKYStatus CKYReader_SetReaderName(SCARD_READERSTATE_A *reader, const char *name);
-const char *CKYReader_GetReaderName(const SCARD_READERSTATE_A *reader);
-CKYStatus CKYReader_SetKnownState(SCARD_READERSTATE_A *reader,
+CKYStatus CKYReader_SetReaderName(SCARD_READERSTATE *reader, const char *name);
+const char *CKYReader_GetReaderName(const SCARD_READERSTATE *reader);
+CKYStatus CKYReader_SetKnownState(SCARD_READERSTATE *reader,
unsigned long state);
-unsigned long CKYReader_GetKnownState(const SCARD_READERSTATE_A *reader);
-unsigned long CKYReader_GetEventState(const SCARD_READERSTATE_A *reader);
-CKYStatus CKYReader_GetATR(const SCARD_READERSTATE_A *reader, CKYBuffer *buf);
+unsigned long CKYReader_GetKnownState(const SCARD_READERSTATE *reader);
+unsigned long CKYReader_GetEventState(const SCARD_READERSTATE *reader);
+CKYStatus CKYReader_GetATR(const SCARD_READERSTATE *reader, CKYBuffer *buf);
/* create an array of READERSTATEs from a LIST of Readers */
-SCARD_READERSTATE_A *CKYReader_CreateArray(const CKYReaderNameList readerNames,
+SCARD_READERSTATE *CKYReader_CreateArray(const CKYReaderNameList readerNames,
unsigned long *readerCount);
/* frees the reader, then the full array */
void CKYReader_DestroyArray(SCARD_READERSTATE *reader, unsigned long count);
@@ -88,7 +88,7 @@ CKYStatus CKYCardContext_FindReadersByAT
const CKYBuffer *targetATR);
/* return if any of the readers in our array has changed in status */
CKYStatus CKYCardContext_WaitForStatusChange(CKYCardContext *context,
- SCARD_READERSTATE_A *readers,
+ SCARD_READERSTATE *readers,
unsigned long readerCount,
unsigned long timeout);
/* cancel any current operation (such as wait for status change) on this

View file

@ -0,0 +1,71 @@
diff -up ./configure.in.coolkey-simple-bugs ./configure.in
--- ./configure.in.coolkey-simple-bugs 2009-09-16 11:21:55.621493844 -0700
+++ ./configure.in 2009-09-16 11:22:23.354492383 -0700
@@ -124,9 +124,9 @@ then
if test $WINDOWS -ne 1; then
PKG_CHECK_MODULES(NSS, nss, true, [ AC_MSG_ERROR(could not find NSS Crypto libraries) ])
fi
- enable_pk11install = "yes"
+ enable_pk11install="yes"
else
- enable_pk11install = "no"
+ enable_pk11install="no"
AC_MSG_WARN([skipping pk11install])
fi
diff -up ./Makefile.am.coolkey-simple-bugs ./Makefile.am
--- ./Makefile.am.coolkey-simple-bugs 2009-09-16 11:23:18.715515063 -0700
+++ ./Makefile.am 2009-09-16 13:15:29.570492412 -0700
@@ -25,7 +25,6 @@ if BUILD_PK11INSTALL
SUBDIRS += src/install
endif
-ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = cookey.spec LICENSE
diff -up ./src/coolkey/object.cpp.coolkey-simple-bugs ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.coolkey-simple-bugs 2009-09-16 10:36:29.300516245 -0700
+++ ./src/coolkey/object.cpp 2009-09-16 10:37:17.747492199 -0700
@@ -397,7 +397,7 @@ PKCS11Object::getLabel()
{
// clean up old one
if (label) {
- delete label;
+ delete [] label;
label = NULL;
}
// find matching attribute
diff -up ./src/coolkey/object.h.coolkey-simple-bugs ./src/coolkey/object.h
--- ./src/coolkey/object.h.coolkey-simple-bugs 2009-09-16 16:05:27.233488140 -0700
+++ ./src/coolkey/object.h 2009-09-16 16:05:54.161492421 -0700
@@ -82,7 +82,7 @@ class PKCS11Object {
PKCS11Object(unsigned long muscleObjID, CK_OBJECT_HANDLE handle);
PKCS11Object(unsigned long muscleObjID, const CKYBuffer *data,
CK_OBJECT_HANDLE handle);
- ~PKCS11Object() { delete label; delete name; CKYBuffer_FreeData(&pubKey); }
+ ~PKCS11Object() { delete [] label; delete [] name; CKYBuffer_FreeData(&pubKey); }
PKCS11Object(const PKCS11Object& cpy) :
attributes(cpy.attributes), muscleObjID(cpy.muscleObjID),
diff -up ./src/coolkey/slot.cpp.coolkey-simple-bugs ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.coolkey-simple-bugs 2009-09-16 10:28:15.412492201 -0700
+++ ./src/coolkey/slot.cpp 2009-09-16 10:57:27.692492487 -0700
@@ -979,7 +979,7 @@ Slot::makeLabelString(char *label, int m
//
#define COOLKEY "CoolKey"
#define POSSESSION " for "
- if (!personName || personName == "") {
+ if (!personName || personName[0] == '\0' ) {
const int coolKeySize = sizeof(COOLKEY) ;
memcpy(label, COOLKEY, coolKeySize-1);
makeSerialString(&label[coolKeySize], maxSize-coolKeySize, cuid);
@@ -1528,7 +1528,7 @@ SlotMemSegment::SlotMemSegment(const cha
}
sprintf(segName,SEGMENT_PREFIX"%s",readerName);
segment = SHMem::initSegment(segName, MAX_OBJECT_STORE_SIZE, needInit);
- delete segName;
+ delete [] segName;
if (!segment) {
// just run without shared memory
return;

View file

@ -0,0 +1,158 @@
Index: src/coolkey/coolkey.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/coolkey.cpp,v
retrieving revision 1.2
diff -u -r1.2 coolkey.cpp
--- src/coolkey/coolkey.cpp 14 Feb 2007 19:54:01 -0000 1.2
+++ src/coolkey/coolkey.cpp 18 Dec 2009 23:22:58 -0000
@@ -42,7 +42,9 @@
static SlotList *slotList = NULL;
-static OSLock finalizeLock(false);
+static OSLock *finalizeLock = NULL;
+#define FINALIZE_GETLOCK() if (finalizeLock) finalizeLock->getLock();
+#define FINALIZE_RELEASELOCK() if (finalizeLock) finalizeLock->releaseLock();
static CK_BBOOL initialized = FALSE;
static CK_BBOOL finalizing = FALSE;
@@ -208,11 +210,13 @@
if( initialized ) {
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
}
- if (!finalizeLock.isValid()) {
+ if (finalizeLock && !finalizeLock->isValid()) {
return CKR_CANT_LOCK;
}
CK_C_INITIALIZE_ARGS* initArgs = (CK_C_INITIALIZE_ARGS*) pInitArgs;
+ OSLock::setThreadSafe(0);
if( initArgs != NULL ) {
+ bool needThreads;
/* work around a bug in NSS where the library parameters are only
* send if locking is requested */
if (initArgs->LibraryParameters) {
@@ -220,7 +224,17 @@
} else {
Params::ClearParams();
}
- if( (initArgs->flags & CKF_OS_LOCKING_OK) || initArgs->LockMutex ){
+ needThreads = ((initArgs->flags & CKF_OS_LOCKING_OK) != 0);
+ OSLock::setThreadSafe(needThreads);
+ /* don't get a finalize lock unless someone initializes us asking
+ * us to use threads */
+ if (needThreads && !finalizeLock) {
+ finalizeLock = new OSLock(true);
+ if (finalizeLock == NULL) return CKR_HOST_MEMORY;
+ }
+ /* only support OS LOCKING threads */
+ if( ((initArgs->flags & CKF_OS_LOCKING_OK) == 0)
+ && initArgs->LockMutex ){
throw PKCS11Exception(CKR_CANT_LOCK);
}
}
@@ -259,9 +273,9 @@
// the finalizing call first, we know it will set waitEvent before
// we can get the lock, so we only need to protect setting finalizing
// to true.
- finalizeLock.getLock();
+ FINALIZE_GETLOCK();
finalizing = TRUE;
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
if (waitEvent) {
/* we're waiting on a slot event, shutdown first to allow
* the wait function to complete before we pull the rug out.
@@ -273,10 +287,10 @@
}
delete slotList;
delete log;
- finalizeLock.getLock();
+ FINALIZE_GETLOCK();
finalizing = FALSE;
initialized = FALSE;
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
return CKR_OK;
}
@@ -595,17 +609,17 @@
CK_RV
C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
{
- finalizeLock.getLock();
+ FINALIZE_GETLOCK();
if( ! initialized ) {
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
return CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (finalizing) {
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
return CKR_CRYPTOKI_NOT_INITIALIZED;
}
waitEvent = TRUE;
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
try {
log->log("C_WaitForSlotEvent called\n");
slotList->waitForSlotEvent(flags, pSlot, pReserved);
Index: src/coolkey/machdep.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/machdep.cpp,v
retrieving revision 1.7
diff -u -r1.7 machdep.cpp
--- src/coolkey/machdep.cpp 14 Feb 2008 23:48:19 -0000 1.7
+++ src/coolkey/machdep.cpp 18 Dec 2009 23:22:58 -0000
@@ -37,6 +37,8 @@
#include <stdlib.h>
#endif
+bool OSLock::needThread = 0;
+
#ifdef _WIN32
//
// Windows functions to grab a named shared memory segment of a specific size,
@@ -123,6 +125,10 @@
OSLock::OSLock(bool exceptionAllowed)
{
+ if (!needThread) {
+ lockData = NULL;
+ return;
+ }
lockData = new OSLockData;
if (lockData) {
InitializeCriticalSection(&lockData->mutex);
@@ -360,6 +366,9 @@
int rc;
lockData = NULL;
+ if (!needThread) {
+ return;
+ }
#ifdef MAC
if (!OSLock_attr_init) {
rc = pthread_mutexattr_init(&OSLock_attr);
Index: src/coolkey/machdep.h
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/machdep.h,v
retrieving revision 1.1
diff -u -r1.1 machdep.h
--- src/coolkey/machdep.h 9 Jun 2006 18:39:11 -0000 1.1
+++ src/coolkey/machdep.h 18 Dec 2009 23:22:58 -0000
@@ -40,12 +40,14 @@
class OSLock {
private:
OSLockData *lockData;
+ static bool needThread;
public:
OSLock(bool exceptionAllowed = true);
~OSLock();
bool isValid();
void getLock();
void releaseLock();
+ static void setThreadSafe(bool thread) { needThread = thread; }
};
typedef unsigned long OSTime;

View file

@ -6,14 +6,14 @@
# customary to leave one space after the ':'.
|-----handy-ruler---------------------------------------------------|
coolkey: coolkey
coolkey:
coolkey: Linux Driver support for the CoolKey and CAC products.
coolkey: coolkey (pkcs#11 smartcard library)
coolkey:
coolkey: coolkey is a pkcs#11 smartcard library that can be used with a US
coolkey: Government CAC (Common Access Card) in conjunction with pcsc-lite.
coolkey: It is most commonly used by pkcs#11 aware web browsers or email
coolkey: clients, to use a CAC's client certificate for authentication or
coolkey: signing. coolkey is commonly used with the DoD Configuration
coolkey: plugin for Firefox and Thunderbird, which is located at
coolkey: https://addons.mozilla.org/en-US/thunderbird/addon/3182.
coolkey:
coolkey:
coolkey:
coolkey:
coolkey:
coolkey:
coolkey:
coolkey: